Beyond Static Analysis: Integrating Java Static Analysis with Unit Testing and More


Published on

Learn the strengths and weaknesses of Java static analysis—and how a comprehensive development testing strategy that also includes unit testing, code review, and runtime error detection can pick up where development testing leaves off.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Beyond Static Analysis: Integrating Java Static Analysis with Unit Testing and More

  1. 1. Prevent All Java Software Defects with a Single Tool 2010 Parasoft Proprietary and Confidential
  2. 2. Automated Analysis Techniques <ul><li>Application Tracing for Unit Tests </li></ul><ul><li>Pattern-Based Static Code Analysis </li></ul><ul><li>Runtime Error Detection </li></ul><ul><li>Automated Unit Test Generation </li></ul><ul><li>Data Flow Analysis </li></ul><ul><li>Regression Testing </li></ul>
  3. 3. Introducing the Java Web App JPetStore Java EE Tutorial <ul><li>Spring-Based </li></ul><ul><li>HSQL Database </li></ul><ul><li>JSP Web Interface </li></ul><ul><li>Apache Tomcat </li></ul>
  4. 4. The Problem Report Similar Items not Aggregating in Shopping Cart <ul><li>Add one item to the cart </li></ul><ul><li>Add the same item again </li></ul><ul><li>Expected: a single line item with quantity 2 </li></ul><ul><li>Found: 2 line items each with quantity 1 </li></ul>
  5. 5. Application Tracing for Unit Tests <ul><li>Record internal method calls inside the running application when the problem occurs </li></ul><ul><li>Replicate the problem in a JUnit test </li></ul><ul><li>Alter the JUnit test to assert the correct behavior </li></ul><ul><li>Now possible solutions can be tested quickly without redeploying the web application </li></ul>
  6. 6. Pattern-Based Static Analysis <ul><li>Quick scan to list possible problems </li></ul><ul><li>Fixing violations prevents certain classes of errors </li></ul><ul><li>Each source file is analyzed separately </li></ul><ul><li>Static analysis categories include: </li></ul><ul><ul><li>Logical Errors </li></ul></ul><ul><ul><li>API Misuse </li></ul></ul><ul><ul><li>Typographical Errors </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Threads and Synchronization </li></ul></ul><ul><ul><li>Performance and Optimization </li></ul></ul>
  7. 7. Runtime Error Detection <ul><li>Check for anti-patterns at runtime in the application </li></ul><ul><li>Violations are presented in the context of real-world data values to stress their importance </li></ul><ul><li>Runtime error categories include: </li></ul><ul><ul><li>Threads and Synchronization </li></ul></ul><ul><ul><li>Performance and Optimization </li></ul></ul><ul><ul><li>Application Crashes </li></ul></ul><ul><ul><li>Functional Errors </li></ul></ul><ul><ul><li>Security </li></ul></ul>
  8. 8. Automated Unit Test Generation <ul><li>Test code branches not covered by the application-level test </li></ul><ul><li>Combine these unit tests with runtime error detection to check the new execution paths </li></ul><ul><li>Build a baseline regression test suite </li></ul>
  9. 9. Data Flow Analysis <ul><li>Simulate hypothetical execution paths </li></ul><ul><li>Detect possible errors along those paths </li></ul><ul><li>Data flow analysis error categories include: </li></ul><ul><ul><li>Exceptions </li></ul></ul><ul><ul><li>Optimization </li></ul></ul><ul><ul><li>Resource Leaks </li></ul></ul><ul><ul><li>API misuse </li></ul></ul><ul><ul><li>Security </li></ul></ul>
  10. 10. Regression Testing <ul><li>Capture current behavior of covered code paths </li></ul><ul><ul><li>Whether the current behavior is right or wrong </li></ul></ul><ul><li>Alert when code modifications cause a change in behavior </li></ul><ul><li>Developers can then mark JUnit assertions as correct behavior to increase the severity if those assertions fail in the future </li></ul>
  11. 11. Java Software Problems <ul><li>Functional </li></ul><ul><li>Thread concurrency </li></ul><ul><li>Performance </li></ul><ul><li>Regression </li></ul><ul><li>Requirement Testing </li></ul><ul><li>Code Review </li></ul>
  12. 12. Comparable Tools <ul><li>Static Analysis </li></ul><ul><li>Data Flow Analysis </li></ul><ul><li>Unit Test Framework (with Test Engineer) </li></ul><ul><li>Profiler </li></ul><ul><li>QA Functional Tester </li></ul><ul><li>Code Review </li></ul><ul><li>Code Metrics Measurement </li></ul><ul><li>Code Duplication Detection </li></ul><ul><li>Task Management </li></ul>