Static Analysis

1

• Static Analysis
• Software Engineering 4
• 12.2HX3
• Julian Richardson
• julianr_at_cee.hw.ac.uk

2
Learning Outcomes

• In this lecture you will learn
• static analysis concerns the detection of bugs in
  a program without executing it,
• bugs can be divided into a number of classes,
  including data faults, control faults,
  input/output faults, interface faults, storage
  management faults, exception management faults.
• faults from each of these classes can be detected
  by program inspection.
• You should be able to identify bugs from each of
  these classes in Java programs .

3
What is Static Analysis

• Static analysis concerns the detection of errors
  in a program without executing it.
• Some advantages
• no overhead is introduced into program execution,
• some static analysis can be performed
  automatically - this saves time testing,
• 60 of program errors can be detected using
  informal program inspections (Fagan, 1986),
• 90 of program errors can be detected using
  formal program verification (Mills, 1987)!

4
Classes of Program Faults

• A number of classes of program faults (i.e. bugs)
  can be identified. The following six classes of
  faults are reproduced from (Sommerville, 1996)
• Data faults
• Are all program variables initialised before
  their values are used?
• Have all constants been named?
• Should the lower bound of arrays be 0, 1 or
  something else?
• Should the upper bound of arrays be equal to the
  size of the array, or one less than the size of
  the array?

5
Example Find The Data Faults

• public class DataFaults
• public static void main(String Args)
• int x
• double sintable new double90
• System.out.println(x)
• for (int angle1 angle lt 90 angle)
• sintableangle
  Math.sin(3.14150(double)angle/180.0)

6
(No Transcript)
7
Variable not initialised before use!

• public class DataFaults
• public static void main(String Args)
• int x
• double sintable new double90
• System.out.println(x)
• for (int angle1 angle lt 90 angle)
• sintableangle
  Math.sin(3.14150
• 
  (double)angle/180.0)

Array indices start at at 0, not 1!
Array indices go up to (size of array) - 1!
Unnamed constant!
8
Classes of Program Faults (2)

• Interface faults
• Do all function and procedure calls have the
  correct number of parameters?
• Do formal and actual parameter types match?
• Are the parameters in the right order?
• If two components access shared memory, do they
  have the same model of shared memory structure?
• For example, find the interface faults in the
  following program

9
Find The Interface Faults

• public class InterfaceFaults
• private static final int SIZE 1000
• private int graphicsdata
• private int n
• public InterfaceFaults()
• graphicsdata new intSIZE
• n 0
• public void draw(double angle, int distance)
• graphicsdatan 1
• graphicsdatan (int)(distance
  Math.cos(angle))
• graphicsdatan (int)(distance
  Math.sin(angle))

10
public void printpoint(int pointnumber)
System.out.println("Point is "
graphicsdatapointnumber2
"," graphicsdata1pointnumber2
"\n") public static void
main(String args) InterfaceFaults
a new InterfaceFaults()
a.draw(100) a.draw(10, "SS Uganda")
a.draw(100, 1.0) a.draw(1.0,
100) a.printpoint(0)
11
public void printpoint(int pointnumber)
System.out.println("Point is "
graphicsdatapointnumber2
"," graphicsdata1pointnumber2
"\n") public static void
main(String args) InterfaceFaults
a new InterfaceFaults()
a.draw(100) a.draw(10, "SS Uganda")
a.draw(100, 1.0) a.draw(1.0,
100) a.printpoint(0)
printpoint() and draw() have a different model
of how points are stored!
Wrong number of parameters!
Parameter has wrong type!
Parameters are in the wrong order!
12
Classes of Program Faults (4)

• Control faults
• For each conditional statement is the condition
  correct?
• Is each loop certain to terminate?
• Are bracketed compound statements correctly
  bracketed?
• Is case statements, are all possible cases
  accounted for?
• For example, find the control faults in the
  following program

13
Find The Control Faults

• public class ControlFaults
• public int x
• public int sign
• public ControlFaults(int _x)
• x _x
• if (x 0) sign 0
• else sign x/Math.abs(x)

14

• public static void main(String args)
• int i
• ControlFaults a new ControlFaults(Intege
  r.parseInt(args0))
• if (a.x lt 1) System.out.println("Negative"
  )
• for (i0 igta.x i)
• System.out.println(i)
• System.out.println(i1)
• switch (a.sign)
• case -1 System.out.println("Negat
  ive.") break
• case 1 System.out.println("Positi
  ve.") break

15

• public static void main(String args)
• int i
• ControlFaults a new ControlFaults(Intege
  r.parseInt(args0))
• if (a.x lt 1) System.out.println("Negative"
  )
• for (i0 igta.x i)
• System.out.println(i)
• System.out.println(i1)
• switch (a.sign)
• case -1 System.out.println("Negat
  ive.") break
• case 1 System.out.println("Positi
  ve.") break

Condition is incorrect!
Loop will not terminate if a.x lt 0!
These two lines are wrongly bracketed!
Case when sign0 not accounted for!
16
Classes of Program Faults (5)

• Input/output faults
• are all input variables used?
• Are all output variables assigned a value before
  they are output?
• Storage management faults
• If a linked structure is modified, are the links
  correctly reassigned?
• If dynamic storage is used, has space been
  allocated properly?
• Is space properly deallocated when it is no
  longer required?

17
Classes of Program Faults (6)

• Exception management faults
• have all possible error conditions been taken
  into account?

18
Reducing Faults

• Some classes of faults can be eliminated or
  reduced by good programming language design.
• For example Java deallocates space automatically
  (cf. C which does not).
• Others can be emilinated by code inspection. This
  is
• effective, but
• can be time-consuming.

19
Using Static Checking (2)

• Static checking can be implemented as part of the
  language compiler.
• The standard javac compiler performs some static
  checking.
• Compilers normally only perform limited static
  checking.
• There are tools which do static checking
• lint (for C)
• ESC Java (for Java)

20
ESC Java

• ESC (Extended Static Checking) Java.
• ESC Java is particularly good at spotting
  possible null pointer errors.
• In order to help the analysis, programs can be
  annotated with special comments to state logical
  properties.
• In next lecture we will start looking at ESC
  Java.
• We will consider how it can help you, and what
  its strengths and shortcomings are.

21
Conclusions

• Static analysis concerns the detection of bugs in
  a program without executing it,
• Bugs can be divided into a number of classes,
  including data faults, control faults,
  input/output faults, interface faults, storage
  management faults, exception management faults.
• Faults from each of these classes can be detected
  by program inspection.
• Compilers can perform some static analysis.
• Tools such as ESC Java perform more.

22
References

• (Sommerville, 1996) Software Engineering, 5th
  Edition, Ian Sommerville, Addison-Wesley, 1996.
• An authoritative and readable book on everything
  about software engineering. Static analysis is
  covered in chapter 24.
• (ESC, 2000) ESC Java manual, http//gatekeeper.de
  c.com/pub/DEC/SRC/technical-notes/SRC-2000-002.htm
  l
• (Fagan, 1986) Advances in Software Inspections,
  IEEE Trans. on Software Engineering, SE-12 (7),
  744-51.
• (Mills, 1987) Cleanroom Software Engineering,
  Mills, H. D., Dyer, M., Linger, R.,IEEE Software,
  4 (5), 19-25.

23

• 2.0.0 ESC/Java pragmas must occur within
  pragma-containing comments.
• ESC/Java looks for pragmas within certain
  specially formatted comments. Specifically
• When the character _at_ is the first character after
  the initial // or / of a Java comment, ESC/Java
  expects the rest of the comment's body to consist
  entirely of a sequence of (zero or more) ESC/Java
  pragmas.
• Inside a documentation comment JLS, 18, a
  sequence ESC/Java pragmas can be bracketed by
  ltescgt and lt/escgt.