Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > T&M

Eliminate bugs with static analysis

Posted: 01 May 2008 ?? ?Print Version ?Bookmark and Share

Keywords:Insight? CodeSonar Enterprise? static code analysis? dynamic analysis?

Static source code analysis tools have evolved from simple syntax checkers to powerful tools for identifying flaws in the complex interactions of large code bases. Until recently, however, they were mainly used by quality assurance teams to evaluate code during integration builds near project completion.

The latest product introductions are now moving these tools back into the hands of developers to help detect software errors much earlier and before they propagate. Klocwork Inc.'s Insight and GrammaTech Inc.'s CodeSonar Enterprise address developer needs by providing utility even when many code segments are still missing.

Static vs. dynamic
Software development teams have two types of tools available for automating the detection of errors in their code. One type uses dynamic analysis, which watches code as it is being executed. The other type uses static analysis, which algorithmically examines code for errors. Both types of analyses have advantages and limitations.

Representative errors are found using static source code analysis.

Dynamic analysis is good at finding runtime errors such as dynamic memory corruption. Developers can also be certain that any error a dynamic analysis tool reports is real.

Static analysis uses an algorithmic approach to examine source code for errors, identifying problem areas for programmers to examine more closely. This algorithmic approach eliminates the need for test cases; the algorithms alone determine how effectively the analysis discovers errors. But the approach also raises the possibility of false identification: code flagged as being in error that will, in fact, execute correctly. If they generate too many false positivesexhibit low "precision"static tools can overwhelm users with follow-up tasks, obscuring real errors.

The two tool types are complementary in that each excels at finding errors that cause the other difficulty, but dynamic analysis has seen more use among developers. This is partly because early static analysis tools were little more than syntax checkers that developers used to find relatively simple coding and style errors.

More productive
In the last decade, however, static analysis tools have become more productive as research has yielded more effective algorithms. Static analysis tools have gained an ability to identify subtle errors (Figure 1), many of which only manifest as execution problems during task interleaving in a preemptive multitasking environment.

One of the benefits of the new static analysis capabilities is the enhanced ability to find weaknesses in code that malicious users could exploit to circumvent security safeguards. It is easy for developers to underestimate software security vulnerability because they expect code to be operated normally. The algorithmic approach of static analysis tools, however, has no expectations, only procedure, and so will identify potential problems without bias.

Development cycle
Until recently, static source code analysis tools were useful only late in the development process, at the integration build stage, when they had full access to all code segments. However, a number of recent releasesincluding Insight and CodeSonar Enterprisehave added features to put static analysis tools into the hands of developers for use as code is still being generated.

This new generation of static source code analysis tools uses the enterprise-wide software development environment to combine the efforts of development teams working on different parts of the same project (Figure 2). By allowing peer-to-peer exchange of information regarding analysis scans of code segments, the tools gather the wider context needed for precision in error detection.

This wider context, coupled with automatic modeling of missing code, quickly builds a sound basis for developers to check their code against, even while the project remains incomplete. Errors caught at this stage are much easier and cheaper to correct than those caught later in development. Catching errors early also prevents them from propagating through the system to affect the behavior of code developed later.

New static source code analysis tools collect data about individual code segments in a central database.

This early use of static analysis, however, must be handled with an understanding of the limitations stemming from its partial view of the code. "It is important to remember that in the early stages of software development, tools are imprecise and can miss interprocedural effects," said Paul Anderson, VP of engineering at GrammaTech.

Anderson added, however, that the results improve as the body of analyzed code grows. Frequent early use of static analysis can also help train developers to recognize weaknesses in their individual coding styles and adapt their approach to prevent repeating similar errors.

Because tools in this new generation are put to use by the entire project development team, they can build a history of analysis results to help identify new problems as they arise. Insight, for instance, saves data from each analysis run, allowing developers to track flagged errors throughout the development cycle, said Gwyn Fisher, Klocwork's chief technology officer.

The tool also allows authorized senior developers to tag errors as false positives or as irrelevant, Fisher added, so that future analysis runs do not report them. This helps the development team concentrate on real errors and makes more visible any newly introduced errors or ones that arise when interacting code sections are analyzed together.

When to go static
How early in the development process and how often to use static code analysis is a question best answered on a project-by-project basis. "Different teams are prepared to accept different levels of false positives," remarked Anderson.

- Richard A. Quinnell
EE Times

Article Comments - Eliminate bugs with static analysis
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top