1University of TorontoDepartment of Computer Science© 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 1Lecture 21:Static Analysis ToolsWhere static analysis tools fitExample toolsLimitations of static analysisUniversity of TorontoDepartment of Computer Science© 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 2Static AnalysisAnalyzes the program without running itDoesn’t need any test casesDoesn’t know what the program is supposed to doLooks for violations of good programming practiceLooks for particular types of programming errorWhere it fits as a verification technique:1) Avoid dumb mistakesPair ProgrammingCode InspectionDeveloper unit testing (test case first)2) Find the dumb mistakes you failed to avoidStyle CheckersStatic Analysis3) Make sure the software does what it is supposed toBlack box and system testingIndependent testing(Note: Also need validation techniques!)2University of TorontoDepartment of Computer Science© 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 3How Static Analysis Worksvoid print_to_file(string filename){ if (path_exists(filename)) { // FILENAME exists; ask user to confirm overwrite bool confirmed = confirm_loss(filename); if (!confirmed) return; } // Proceed printing to FILENAME...}Correctness PropertyPManual Inspection?(impractical or impossible)Automaticallyconstructmodels foranalysisClass structureand inheritanceState MachineModelDataflowgraphAutomatic checkof derived modelModel PropertyP’ImpliesUniversity of TorontoDepartment of Computer Science© 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 4Example toolsFindBugsOriginally a research project at U MarylandHas large number of bug patternshttp://findbugs.sourceforge.net/JLintDeveloped by Konstantin Knizhnik, updated by Cyrille Arthohttp://jlint.sourceforge.net/PMD (“Programming Mistake Detector”??)written by Tom Copelandfocusses on inefficient code, e.g. over-complex expressionshttp://pmd.sourceforge.net/ESC/Java (Extended Static Checker for Java)Originally developed at Compaq ResearchESC/Java2 is open source, managed at U College Dublinhttp://kind.ucd.ie/products/opensource/ESCJava2/3University of TorontoDepartment of Computer Science© 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 5Which bug is worse?int x = 2, y = 3;if (x == y) if (y == 3) x = 3;else x = 4;String s = new (“hello”);s = null;System.out.println(s.length());Detected by:PMD (if using certain rulesets)Not detected in testingDetected by:JLint,FindBugs, ESC/JavaAlso detected in testingUniversity of TorontoDepartment of Computer Science© 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 6Different tools find different bugsimport java.io.*;public class foo{ private byte[] b; private int length; Foo(){ length = 40; b = new byte[length]; } public void bar(){ int y; try { FileInputStream x = new FileInputStream("Z"); x.read(b,0,length); c.close();} catch(Exception e){ System.out.println("Oopsie");} for(int i = 1; i <= length; i++){ if (Integer.toString(50) == Byte.toString(b[i])) System.out.print(b[i] + " "); } }}variable never used(detect by PMD)Method result is ignored(detected by FindBugs)Don’t use ‘==’to compare strings(detected by FindBugs andJLint)May fail to closestream on exception(detected by FindBugs)Array index possiblytoo large(detected by ESC/Java)Possible nulldereference(detected by ESC/Java)4University of TorontoDepartment of Computer Science© 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 7Different tools find different bugsUnnecessary return statementUnnecessarystatementShould be a static inner classDesignUnused local variableUnused or duplicatestatementStream not closed on all pathsI/O streamEqual objects must have equalhashcodesObject overridingChecking equality with == or!=StringUnreachable code due toconstant guardConditional, loopDivision by zeroMathematicsLength may be less than zeroArrayPossible unexpectedexceptionExceptionsPossible deadlockConcurrencyNull dereferenceGeneralPMDJLintFindBugsESC/JavaExampleBug CategoryUniversity of TorontoDepartment of Computer Science© 2008 Steve Easterbrook. This presentation is available free for non-commercial use with attribution under a creative commons license. 8Limitations of Static AnalysisLarge numbers of false positivesTool reports large number of things that aren’t bugsProgrammer must manually review the list and decideSometime too many warnings to sort - E.g. in Rutar et. al. (approx 2500 classes)False negativesTypes of bugs the tool won’t report(increased risk if we filter results to remove false positives?)Harmless bugsMany of the bugs will be low priority problemsCost/benefit analysis: Is it worth fixing these?026401810Index out of bounds594000Null assignment0449189120Null dereferencing08883122126Concurrency
View Full Document