Download Static analysis

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
Document related concepts
no text concepts found
Transcript 
Static Analysis
Software Engineering 4
12.2HX3
Julian Richardson
[email protected]
Software Engineering 4, Julian
Richardson, 30 April 2002
1
Learning Outcomes
• In this lecture you will learn:
– static analysis concerns the detection of bugs in a
program without executing it,
– bugs can be divided into a number of classes,
including: data faults, control faults, input/output
faults, interface faults, storage management faults,
exception management faults.
– faults from each of these classes can be detected
by program inspection.
• You should be able to identify bugs from each
of these classes in Java programs .
Software Engineering 4, Julian
Richardson, 30 April 2002
2
What is Static Analysis
• Static analysis concerns the detection of
errors in a program without executing it.
• Some advantages:
– no overhead is introduced into program execution,
– some static analysis can be performed
automatically - this saves time testing,
– 60% of program errors can be detected using
informal program inspections (Fagan, 1986),
– 90% of program errors can be detected using
formal program verification (Mills, 1987)!
Software Engineering 4, Julian
Richardson, 30 April 2002
3
Classes of Program Faults
• A number of classes of program faults (i.e.
bugs) can be identified. The following six
classes of faults are reproduced from
(Sommerville, 1996):
• Data faults:
– Are all program variables initialised before their values are
used?
– Have all constants been named?
– Should the lower bound of arrays be 0, 1 or something else?
– Should the upper bound of arrays be equal to the size of the
array, or one less than the size of the array?
Software Engineering 4, Julian
Richardson, 30 April 2002
4
Example: Find The Data Faults
public class DataFaults
{
public static void main(String[] Args) {
int x;
double sintable[] = new double[90];
System.out.println(x);
for (int angle=1; angle <= 90; angle++)
{
sintable[angle] = Math.sin(3.14150*(double)angle/180.0);
}
}}
Software Engineering 4, Julian
Richardson, 30 April 2002
5
Software Engineering 4, Julian
Richardson, 30 April 2002
6
public class DataFaults
{
public static void main(String[] Args) {
int x;
double sintable[] = new double[90];
Variable not
initialised
before use!
System.out.println(x);
Array indices
start at at 0,
not 1!
Array indices
go up to (size
of array) - 1!
for (int angle=1; angle <= 90; angle++)
{
sintable[angle] = Math.sin(3.14150*
(double)angle/180.0);
}}}
Unnamed
constant!
Software Engineering 4, Julian
Richardson, 30 April 2002
7
Classes of Program Faults (2)
• Interface faults:
– Do all function and procedure calls have the correct number
of parameters?
– Do formal and actual parameter types match?
– Are the parameters in the right order?
– If two components access shared memory, do they have the
same model of shared memory structure?
• For example, find the interface faults in the
following program:
Software Engineering 4, Julian
Richardson, 30 April 2002
8
Find
The
Interface
Faults
public class InterfaceFaults
{
private static final int SIZE = 1000;
private int[] graphicsdata;
private int n;
public InterfaceFaults()
{
graphicsdata = new int[SIZE];
n = 0;
}
public void draw(double angle, int distance)
{
graphicsdata[n++] = 1;
graphicsdata[n++] = (int)(distance * Math.cos(angle));
graphicsdata[n++] = (int)(distance * Math.sin(angle));
}
Software Engineering 4, Julian
Richardson, 30 April 2002
9
public void printpoint(int pointnumber)
{
System.out.println("Point is " + graphicsdata[pointnumber*2] +
"," + graphicsdata[1+pointnumber*2] + "\n");
}
public static void main(String[] args)
{
InterfaceFaults a = new InterfaceFaults();
a.draw(100);
a.draw(10, "SS Uganda");
a.draw(100, 1.0);
a.draw(1.0, 100);
a.printpoint(0);
}}
Software Engineering 4, Julian
Richardson, 30 April 2002
10
public void printpoint(int pointnumber)
{
System.out.println("Point is " + graphicsdata[pointnumber*2] +
"," + graphicsdata[1+pointnumber*2] + "\n");
}
printpoint(…) and
draw(…) have a
different model of
how points are stored!
public static void main(String[] args)
{
InterfaceFaults a = new InterfaceFaults();
a.draw(100);
a.draw(10, "SS Uganda");
a.draw(100, 1.0);
a.draw(1.0, 100);
a.printpoint(0);
}}
Wrong number of
parameters!
Parameter has wrong
type!
Parameters are in the
wrong order!
Software Engineering 4, Julian
Richardson, 30 April 2002
11
Classes of Program Faults (4)
• Control faults:
–
–
–
–
For each conditional statement is the condition correct?
Is each loop certain to terminate?
Are bracketed compound statements correctly bracketed?
Is case statements, are all possible cases accounted for?
• For example, find the control faults in the
following program:
Software Engineering 4, Julian
Richardson, 30 April 2002
12
Find The Control Faults
public class ControlFaults
{
public int x;
public int sign;
public ControlFaults(int _x)
{
x = _x;
if (x == 0) sign = 0;
else sign = x/Math.abs(x);
}
Software Engineering 4, Julian
Richardson, 30 April 2002
13
public static void main(String[] args)
{
int i;
ControlFaults a = new ControlFaults(Integer.parseInt(args[0]));
if (a.x < 1) System.out.println("Negative");
for (i=0; i>a.x; i++)
System.out.println(i);
System.out.println(i+1);
switch (a.sign)
{
case -1: System.out.println("Negative."); break;
case 1: System.out.println("Positive."); break;
}
}}
Software Engineering 4, Julian
Richardson, 30 April 2002
14
public static void main(String[] args)
{
int i;
ControlFaults a = new ControlFaults(Integer.parseInt(args[0]));
if (a.x < 1) System.out.println("Negative");
Condition is incorrect!
for (i=0; i>a.x; i++)
System.out.println(i);
System.out.println(i+1);
Loop will not
terminate if a.x < 0!
These two lines are
switch (a.sign)
wrongly bracketed!
{
case -1: System.out.println("Negative."); break;
case 1: System.out.println("Positive."); break;
}
}}
Case when sign=0 not
accounted for!
Software Engineering 4, Julian
Richardson, 30 April 2002
15
Classes of Program Faults (5)
• Input/output faults:
– are all input variables used?
– Are all output variables assigned a value before
they are output?
• Storage management faults:
– If a linked structure is modified, are the links
correctly reassigned?
– If dynamic storage is used, has space been
allocated properly?
– Is space properly deallocated when it is no longer
required?
Software Engineering 4, Julian
Richardson, 30 April 2002
16
Classes of Program Faults (6)
• Exception management faults:
– have all possible error conditions been taken into
account?
Software Engineering 4, Julian
Richardson, 30 April 2002
17
Reducing Faults
• Some classes of faults can be eliminated or
reduced by good programming language
design.
• For example Java deallocates space
automatically (cf. C++ which does not).
• Others can be emilinated by code inspection.
This is:
– effective, but
– can be time-consuming.
Software Engineering 4, Julian
Richardson, 30 April 2002
18
Using Static Checking (2)
• Static checking can be implemented as part
of the language compiler.
• The standard javac compiler performs some
static checking.
• Compilers normally only perform limited static
checking.
• There are tools which do static checking:
– lint (for C)
– ESC Java (for Java)
Software Engineering 4, Julian
Richardson, 30 April 2002
19
ESC Java
• ESC (“Extended Static Checking”) Java.
• ESC Java is particularly good at spotting
possible null pointer errors.
• In order to help the analysis, programs can be
annotated with special comments to state
logical properties.
• In next lecture we will start looking at ESC Java.
• We will consider how it can help you, and what
its strengths and shortcomings are.
Software Engineering 4, Julian
Richardson, 30 April 2002
20
Conclusions
• Static analysis concerns the detection of bugs in
a program without executing it,
• Bugs can be divided into a number of classes,
including: data faults, control faults, input/output
faults, interface faults, storage management
faults, exception management faults.
• Faults from each of these classes can be
detected by program inspection.
• Compilers can perform some static analysis.
• Tools such as ESC Java perform more.
Software Engineering 4, Julian
Richardson, 30 April 2002
21
References
(Sommerville, 1996): Software Engineering, 5th Edition,
Ian Sommerville, Addison-Wesley, 1996.
– An authoritative and readable book on everything about
software engineering. Static analysis is covered in chapter 24.
(ESC, 2000): ESC Java manual,
http://gatekeeper.dec.com/pub/DEC/SRC/technicalnotes/SRC-2000-002.html
(Fagan, 1986): Advances in Software Inspections, IEEE
Trans. on Software Engineering, SE-12 (7), 744-51.
(Mills, 1987): Cleanroom Software Engineering, Mills, H.
D., Dyer, M., Linger, R.,IEEE Software, 4 (5), 19-25.
Software Engineering 4, Julian
Richardson, 30 April 2002
22
» 2.0.0 ESC/Java pragmas must occur within
pragma-containing comments.
• ESC/Java looks for pragmas within certain
specially formatted comments. Specifically:
 When the character @ is the first
character after the initial // or
/* of a Java comment, ESC/Java
expects the rest of the comment's
body to consist entirely of a
sequence of (zero or more)
ESC/Java pragmas.
Software Engineering 4, Julian
23
Richardson, 30 April 2002
Related documents