Static Analysis Introduction
Email this Mix
Tags: Software Engineering
Slide 1 - Static Analysis Introduction
- Emerson Murphy-Hill
Slide 2 - Static Analysis
- Static analysis is the process of evaluating a system or component based on its form, structure, content, or documentation [IEEE]
- Does not involve the execution of the program
- Software inspections are a form of static analysis
- “even well tested code written by experts contains a surprising number of obvious bugs” [Hovermeyer/Pugh]
- “Java has many language features and APIs which are prone to misuse.” [Hovermeyer/Pugh]
- Static analysis tools “can serve an important role in raising the awareness of developers about subtle correctness issues. . . . prevent future bugs” [Hovermeyer/Pugh]
Slide 3 - Static Analysis Tools
- Search through code to detect bug patterns (error prone coding practices that arise from the use of erroneous design patterns, misunderstanding of language semantics, or simple and common mistakes).
- Increasingly being used to identify security vulnerabilities
- “can peer into more of a program’s dark corners with less fuss than dynamic analysis”
- [Hovemeyer/Pugh, Chess/McGraw]
Slide 4 - Problems with static analysis tools
- False positive: the tool reports bugs the program doesn’t contain
- A static analysis tool will brag about having only 50% false positives.
- Need to manually review and decide whether to fix or ignore. Some tools allow you to create filters of the types of bugs you don’t want to see.
- False negative: the code contains bugs the tool doesn’t report
- May increase as static analysis tool developers works to reduce false positives
- May also detect “harmless bugs” which need human judgment to sort out
Slide 5 - References
- Chess, Brian and McGraw, G. Static Analysis for Security, IEEE Security & Privacy, Nov/Dec 2004.
- Hovermeyer, David and Pugh, William, Finding Bugs is Easy, OOPSLA 2004
- Rutar, N., Almazan, C., and Foster, J., A Comparison of Bug Finding Tools for Java, ISSRE 2004.