Software Engineering 4, Julian Richardson, 30 April Static Analysis Software Engineering HX3 Julian Richardson

Software Engineering 4, Julian Richardson, 30 April Learning Outcomes In this lecture you will learn: –static analysis concerns the detection of bugs in a program without executing it, –bugs can be divided into a number of classes, including: data faults, control faults, input/output faults, interface faults, storage management faults, exception management faults. –faults from each of these classes can be detected by program inspection. You should be able to identify bugs from each of these classes in Java programs.

Software Engineering 4, Julian Richardson, 30 April What is Static Analysis Static analysis concerns the detection of errors in a program without executing it. Some advantages: –no overhead is introduced into program execution, –some static analysis can be performed automatically - this saves time testing, –60% of program errors can be detected using informal program inspections (Fagan, 1986), –90% of program errors can be detected using formal program verification (Mills, 1987)!

Software Engineering 4, Julian Richardson, 30 April Classes of Program Faults A number of classes of program faults (i.e. bugs) can be identified. The following six classes of faults are reproduced from (Sommerville, 1996): Data faults: –Are all program variables initialised before their values are used? –Have all constants been named? –Should the lower bound of arrays be 0, 1 or something else? –Should the upper bound of arrays be equal to the size of the array, or one less than the size of the array?

Software Engineering 4, Julian Richardson, 30 April public class DataFaults { public static void main(String[] Args) { int x; double sintable[] = new double[90]; System.out.println(x); for (int angle=1; angle <= 90; angle++) { sintable[angle] = Math.sin( *(double)angle/180.0); } } } Example: Find The Data Faults

Software Engineering 4, Julian Richardson, 30 April

7 public class DataFaults { public static void main(String[] Args) { int x; double sintable[] = new double[90]; System.out.println(x); for (int angle=1; angle <= 90; angle++) { sintable[angle] = Math.sin( * (double)angle/180.0); } } } Variable not initialised before use! Array indices start at at 0, not 1! Array indices go up to (size of array) - 1! Unnamed constant!

Software Engineering 4, Julian Richardson, 30 April Classes of Program Faults (2) Interface faults: –Do all function and procedure calls have the correct number of parameters? –Do formal and actual parameter types match? –Are the parameters in the right order? –If two components access shared memory, do they have the same model of shared memory structure? For example, find the interface faults in the following program:

Software Engineering 4, Julian Richardson, 30 April public class InterfaceFaults { private static final int SIZE = 1000; private int[] graphicsdata; private int n; public InterfaceFaults() { graphicsdata = new int[SIZE]; n = 0; } public void draw(double angle, int distance) { graphicsdata[n++] = 1; graphicsdata[n++] = (int)(distance * Math.cos(angle)); graphicsdata[n++] = (int)(distance * Math.sin(angle)); } Find The Interface Faults

Software Engineering 4, Julian Richardson, 30 April public void printpoint(int pointnumber) { System.out.println("Point is " + graphicsdata[pointnumber*2] + "," + graphicsdata[1+pointnumber*2] + "\n"); } public static void main(String[] args) { InterfaceFaults a = new InterfaceFaults(); a.draw(100); a.draw(10, "SS Uganda"); a.draw(100, 1.0); a.draw(1.0, 100); a.printpoint(0); }}

Software Engineering 4, Julian Richardson, 30 April public void printpoint(int pointnumber) { System.out.println("Point is " + graphicsdata[pointnumber*2] + "," + graphicsdata[1+pointnumber*2] + "\n"); } public static void main(String[] args) { InterfaceFaults a = new InterfaceFaults(); a.draw(100); a.draw(10, "SS Uganda"); a.draw(100, 1.0); a.draw(1.0, 100); a.printpoint(0); }} printpoint(…) and draw(…) have a different model of how points are stored! Wrong number of parameters! Parameter has wrong type! Parameters are in the wrong order!

Software Engineering 4, Julian Richardson, 30 April Classes of Program Faults (4) Control faults: –For each conditional statement is the condition correct? –Is each loop certain to terminate? –Are bracketed compound statements correctly bracketed? –Is case statements, are all possible cases accounted for? For example, find the control faults in the following program:

Software Engineering 4, Julian Richardson, 30 April public class ControlFaults { public int x; public int sign; public ControlFaults(int _x) { x = _x; if (x == 0) sign = 0; else sign = x/Math.abs(x); } Find The Control Faults

Software Engineering 4, Julian Richardson, 30 April public static void main(String[] args) { int i; ControlFaults a = new ControlFaults(Integer.parseInt(args[0])); if (a.x < 1) System.out.println("Negative"); for (i=0; i>a.x; i++) System.out.println(i); System.out.println(i+1); switch (a.sign) { case -1: System.out.println("Negative."); break; case 1: System.out.println("Positive."); break; } }}

Software Engineering 4, Julian Richardson, 30 April public static void main(String[] args) { int i; ControlFaults a = new ControlFaults(Integer.parseInt(args[0])); if (a.x < 1) System.out.println("Negative"); for (i=0; i>a.x; i++) System.out.println(i); System.out.println(i+1); switch (a.sign) { case -1: System.out.println("Negative."); break; case 1: System.out.println("Positive."); break; } }} Condition is incorrect! Loop will not terminate if a.x < 0! These two lines are wrongly bracketed! Case when sign=0 not accounted for!

Software Engineering 4, Julian Richardson, 30 April Classes of Program Faults (5) Input/output faults: –are all input variables used? –Are all output variables assigned a value before they are output? Storage management faults: –If a linked structure is modified, are the links correctly reassigned? –If dynamic storage is used, has space been allocated properly? –Is space properly deallocated when it is no longer required?

Software Engineering 4, Julian Richardson, 30 April Classes of Program Faults (6) Exception management faults: –have all possible error conditions been taken into account?

Software Engineering 4, Julian Richardson, 30 April Reducing Faults Some classes of faults can be eliminated or reduced by good programming language design. For example Java deallocates space automatically (cf. C++ which does not). Others can be emilinated by code inspection. This is: –effective, but –can be time-consuming.

Software Engineering 4, Julian Richardson, 30 April Using Static Checking (2) Static checking can be implemented as part of the language compiler. The standard javac compiler performs some static checking. Compilers normally only perform limited static checking. There are tools which do static checking: –lint (for C) –ESC Java (for Java)

Software Engineering 4, Julian Richardson, 30 April ESC Java ESC (“Extended Static Checking”) Java. ESC Java is particularly good at spotting possible null pointer errors. In order to help the analysis, programs can be annotated with special comments to state logical properties. In next lecture we will start looking at ESC Java. We will consider how it can help you, and what its strengths and shortcomings are.

Software Engineering 4, Julian Richardson, 30 April Conclusions Static analysis concerns the detection of bugs in a program without executing it, Bugs can be divided into a number of classes, including: data faults, control faults, input/output faults, interface faults, storage management faults, exception management faults. Faults from each of these classes can be detected by program inspection. Compilers can perform some static analysis. Tools such as ESC Java perform more.

Software Engineering 4, Julian Richardson, 30 April References (Sommerville, 1996): Software Engineering, 5th Edition, Ian Sommerville, Addison-Wesley, –An authoritative and readable book on everything about software engineering. Static analysis is covered in chapter 24. (ESC, 2000): ESC Java manual, notes/SRC html (Fagan, 1986): Advances in Software Inspections, IEEE Trans. on Software Engineering, SE-12 (7), (Mills, 1987): Cleanroom Software Engineering, Mills, H. D., Dyer, M., Linger, R.,IEEE Software, 4 (5),

Software Engineering 4, Julian Richardson, 30 April »2.0.0 ESC/Java pragmas must occur within pragma-containing comments. ESC/Java looks for pragmas within certain specially formatted comments. Specifically:  When the is the first character after the initial // or /* of a Java comment, ESC/Java expects the rest of the comment's body to consist entirely of a sequence of (zero or more) ESC/Java pragmas.  Inside a documentation comment [JLS, 18], a sequence ESC/Java pragmas can be bracketed by and.