Title: Software Quality Week
1Software Quality Week 97
- How to Apply Static and Dynamic Analysis in
Practice - -
- Otto Vinter
- Manager Software Technology and Process
Improvement - Brüel Kjaer Sound Vibration Measurement
- email ovinter_at_bk.dk
2Company Profile
- Brüel Kjaer
- Skodsborgvej 307, DK-2850 Naerum, Denmark
- Tel 45 4580 0500, Fax 45 4580 1405
- High-Precision Electronic Instrumentation for
- Sound
- Vibration
- Condition Monitoring
- Gas Measurements
3The PET Process Improvement Experiment
- The Prevention of Defects through
- Experience-Driven Test Efforts
- (PET)
- PET Objectives
- Extract knowledge on frequently occurring
problems in the development process for embedded
software - Change the development process by defining the
optimum set of methods and tools available to
prevent these problems reappearing - Measure the impact of the changes in a real-life
development project - Funded by the CEC ESSI Programme (Project no.
10438)
4Defect Analysis from Error Logs
- Results of the Analysis of Error Reports
- no special bug class dominates embedded software
development - requirements problems, and requirements related
problems, are the prime bug cause (36) - problems due to lack of systematic unit testing
is the second largest bug cause (22)
5The PET Experiment
- Actions to Improve Unit Testing
- introduction of static and dynamic analysis
- host/target tools
- basic set of metrics
- Comparative Analysis
- assess a trial-release of a product
- remove all static analysis anomalies
- increase test coverage to industry best practice
- (branch coverage gt 85)
- measure the effect after production release
6Results of the PET Experiment
- Applying Static and Dynamic Analysis
- 75 reduction in production-release bugs
- compared to trial-release
- 70 requirements bugs in production-release
- because bugs in other categories dropped
- 46 increase in testing efficiency
- bugs found per hour of testing
- app. 75 payback on tools and training
- reduced maintenance effort
7 Where to Apply Static and Dynamic Analysis
- Test Activities
- Requirements Verification
- Design Verification
- Unit Test
- Integration Test
- Acceptance Test
- Beta Test
Static and Dynamic Analysis
8Static Analysis in Unit Testing
- Static analysis is performed
- before unit testing starts
- and after any modification to unit
- Complexity Metrics
- use McCabe complexity metric as an indication
- take loop nesting into account
- use visual inspection of data flow graphs
- for perceived complexity
- focused code inspection
- Analysis reports are reviewed / inspected
- determine special actions
- determine test coverage profile
- test coverage levels
9Static Flowgraph (McCabe 10)
10Static Flowgraph (McCabe 20)
11McCabe 46
12McCabe 55
13Visualisation Theme
- If it looks right, it could be wrong,
- but if it looks wrong, it cant be right.
- Uffa Fox, yacht designer
14Static Analysis in Unit Testing
- Data Flow Analysis
- Undefined but referenced variables
- must be removed from the code
- Variables defined but not used in scope
- should be documented in the code
- Variables redefined with no use in between
- should be documented, if not close to
- Suspicious casting (loss of information,
mismatches) - if unavoidable, use explicit casts
- should be documented
- Global variable anomalies (local overrides
global) - should be removed
15Static Analysis in Unit Testing
- Establish project standards for code
- no gotos, breaks in all cases, procedure size,
etc. - Remove unused items
- unreachable code (incl. procedures)
- declared variables that are not used
- Address design architecture problems
- use visual inspection of control flow graphs
- procedure parameter anomalies
- (referenced only, defined only, not used)
16Static Analysis Results
- Data Flow Anomalies
- Type of Bug Distribution
- Use of uninitialised variable 15
- Variable defined but not used in scope 24
- Variable redefined with no use in between 36
- Parameter mismatch 6
- Unreferenced procedure 18
- Declared but not used variable 0
- Other types of static bugs 0
17Dynamic Analysis in Unit Testing
- Test coverage strategy
- based on information from static analysis
- determined on a unit by unit basis
- Unit test coverage must take into consideration
- perceived complexity
- based on a visual inspection
- degree and type of reuse
- criticality
- product and project issues
- developer experience
- domain, product, and unit
- bug and change request history
18Dynamic Analysis in Unit Testing
- Dynamic analysis reports are reviewed / inspected
- after unit testing (and a static analysis)
- and after any modification to unit
- Test coverage achieved
- test coverage level (e.g. 85 of branches)
- visual inspection of dynamic flow graphs
- determine special actions
- Static and dynamic analysis reports are saved in
the configuration system along with the code
19Problems when Introducing Static and Dynamic
Analysis
- Static analysis
- an extreme amount of anomalies to evaluate
- more than 1 per 60 lines of code
- Dynamic analysis
- best suited for automatic testing
- documented test cases
- no automatic test case generation
- only structure based
- test cases are selected by normal unit testing
techniques - equivalence partitioning, boundary value analysis
...
20Problems when Introducing Static and Dynamic
Analysis
- Tools break
- code expands when instrumented (40)
- large amount of tracing data is generated
(Mbytes) - So
- instrument only parts of system
- handle frequently used parts separately
- run the regression test suite several times
- with different parts instrumented
21Conclusions on Static/Dynamic Analysis
- Performance Improvement
- an efficient way to remove bugs
- marginal delay on trial release date
- marginal increase in the testing resources
required - immediate payback on tools, training
implementation - increased quality and reduced maintenance costs
- increased motivation
- applicable to the whole software development
industry, incl. embedded software