Upload
techwellpresentations
View
118
Download
1
Embed Size (px)
DESCRIPTION
During the past ten years, static analysis tools have become a vital part of software development for many organizations. However, the question arises, “Can we quantify the benefits of static analysis?” William Oliver presents the results of a Lawrence Livermore National Laboratory study that first measured the cost of finding software defects using formal testing on a system without static analysis; then, they integrated a static analysis tool into the process and, over a period of time, recalculated the cost of finding software defects. Join William as he shares the results of their study and discusses the value and benefits of static testing. Learn how commercial and open source analysis tools can perform sophisticated source code analysis over large code bases. Take back proof that employing static analysis can not only reduce the time and cost of finding defects and their subsequent debugging but ultimately can reduce the number of defects making their way into your releases.
Citation preview
Lawrence Livermore National Laboratory
William B. Oliver
LLNL-PRES-490136
Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551
This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344
Quantifying the Value of Static Analysis
Date 5/19/2011
2Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
What is Static Analysis
The use of tools during pre-testing to remove structural defects
Software Developer
3Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
What is Static Analysis
Static analysis tools provide an in-depth analysis of source code to find defects.
4Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
What is Static Analysis
Finds Defects that compilers and traditional testing miss
5Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
What is Static Analysis
Defect types include but not limited to • Use of uninitialized variables
6Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
What is Static Analysis
Defect types include but not limited to • Use of uninitialized variables• Memory leaks
7Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
What is Static Analysis
Defect types include but not limited to • Use of uninitialized variables• Memory leaks• Null Pointer dereferences
8Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
What is Static Analysis
Defect types include but not limited to • Use of uninitialized variables• Memory leaks• Null Pointer dereferences• Array Bounds Overflows (and many others)
9Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Why Incorporate Static Analysis
Static Analysis finds additional defects
Better Code Coverage
Reduced Developer Debug Time
Advanced Tools find Defects Inter-Procedurally
Uncovers structural defects that can cause Functional Defects
Finds defects missed during code reviews/walk thrus
10Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Inter-Procedural Analysis
File A File B
File C
foo(x) bar(y)
foobar(z)
11Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Enhances Dynamic Testing
• Dynamic testing does not generally uncover memory leaks and other structural defects
Dr. Paul Anderson PhD
“They are best used in combination
with traditional dynamic testing
techniques, and can even reduce the
cost to create and manage test cases
for stringent run-time coverage..”
“They are best used in combination
with traditional dynamic testing
techniques, and can even reduce the
cost to create and manage test cases
for stringent run-time coverage..”
Why Incorporate Static Analysis
• Static Analysis provides 100 % code coverage
• Structural defects such as Array Bounds Overflows can cause Functional Defects
12Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
SD FD
Structural Defects vs Functional Defects
Relate to conformance to the Programming Language rules and syntax
Uninitialized Data
Memory/Resource Leaks
Array Bounds Overflows
Null Pointer Dereferences
13Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
SD FD
Structural Defects vs Functional Defects
Associated with Features, Performance, Availability etc.
Found During Dynamic TestingSome Causes Include:
Solving the wrong problem
Code Logic ErrorsSystem Integration Issues
14Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Uninitialized Data
x
ySet of Right Answers
z
Correct Set of Values
Random Set of Values
15Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Memory/Resource Leaks
16Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Array Bounds Overflow
17Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
NULL Pointer Dereference
Pointer
This memory location contains the address of this memory location
Value of the contents of address pointed to by the pointer
18Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
NULL Pointer Dereference
Pointer = NULL
19Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Typical Static Analysis Work Flow
Perform Static
Analysis
Analyze Defects
Fix DefectsTest Fixes
Add Features
20Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Advantages for Testers
o Less Wasted Time
o Allows more time for test case development
o Better Test Cases
21Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Assumptions About Time to Find Defects
One Million Lines of Code
Static Analysis
1000 Defects
20 Percent False Positives
800 Valid Defects
Time to Run Code Thru Tool Negligable
Ten Minutes Per Defect to Triage
Dynamic Testing
Automated Testing: 1 hour per defect
Includes Test Case Development
Test Evaluation
Test Report Generation
Manual Testing: 2 hours per Defect1000 Defects
22Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Automated Testing
TD = Total Defects = SD + FD
Time = Time to Find SD + Time to find FD
Time/TD = 1166.67/1800 = .65 hours/defect = 39 minutes per defect
TD = 800 + 1000 = 1800
SD Time = (1000 Defects * 10 min/defect)/60min/hour = 166.67 hours
Time = 166.67 + 1000 = 1166.67 hours
23Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Test Case: Automated Testing
Code Type:
Programming Language:
Number of Developers:
Source Lines of Code Analyzed:
Scientific Simulation
C++
4
161,880
Total Number SD found:
Total Number SD Analyzed:
Number of False Positives:
Average Analysis Time/Defect:
528
190
55
8.9 minutes
24Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Test Case: Automated Testing
TD = Total Defects = SD + FD
FD = 297 for dynamic testing and 1 hour per defectTD = 135 + 297 = 432
SD Time = (190 Defects * 8.9 min/defect)/60min/hour = 28 hours
Time = 28 + 297 = 325 hours
Time/TD = 325/432 = .75 hours/defect = 45 minutes per defect
25Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Just For Fun What If All 528 defects were triaged
Assuming 28 % False Positive Rate
Total Number SD found:
Total Number SD Analyzed:
Number of False Positives:
Average Analysis Time/Defect:
528
528
148
8.9 minutes
Estimated number of real defects = 380
Estimated Time = (528 * 8.9) / 60 = 78 hours
TD = 380 + 297 = 677
Time = 78 + 297 = 375 hoursTime/TD = 375/677 = .55 hours/defect = 33 minutes per defect
26Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Manual Testing
Code Type:
Programming Language:
Number of Developers:
Security Access
C#
Total Number SD found:
Total Number SD Analyzed:
Number of False Positives:
Average Analysis Time/Defect:
76
35
0
3.4 minutes
27Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Manual Testing
FD = 339 for dynamic testing and 5 hours per defectTD = 35 + 339 = 374
SD Time = (35 Defects * 3.4 min/defect)/60min/hour = 2 hoursTime = 2 + 1695 = 1697 hours
Time/TD = 1697/374 = 4.5 hours/defect
28Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Bottom Line
Combined with dynamic testing Static Analysis results in finding more DefectsAnd the organization spends less time per defect in the process
29Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Summary
For Static Analysis the time to Find a defect is less than or equal to 10 minutesDynamic Testing:
Automated: 1 hour per Defect
Manual: 4 – 5 hours per Defect
30Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
New Breed of Tester
Perform Static
Analysis
Analyze Defects
31Option:UCRL# Option:Additional Information
Lawrence Livermore National Laboratory
Questions???