Static analysis, development complexity and code quality; How the C# analyzer is designed and operates; Diagnostic; Functional check on actual projects (SelfTester).
This tutorial is intended for verification engineers that must validate algorithmic designs. It presents the detailed steps for implementing a SystemVerilog verification environment that interfaces with a GNU Octave mathematical model. It describes the SystemVerilog – C++ communication layer with its challenges, like proper creation and activation or piped algorithm synchronization handling. The implementation is illustrated for Ncsim, VCS and Questa.
How to create a high quality static code analyzerAndrey Karpov
The PVS-Studio static code analyzer
What is inside of the C# analyzer
Making and debugging diagnostics
Internal tests, synthetics
SelfTester: a check on real code
Software Testing (in Scala): A Practitioner's Survey (Quickly)Roberto Casadei
This presentation is a quick survey on many different concepts and techniques related to software testing. It briefly reviews the basics and provides different references to more advanced material. Among other things, it presents the "schools" of testing, the levels of testing, ScalaTest, mocking vs. stub, property-based testing etc.
Introduction to SOC Verification Fundamentals and System Verilog language coding. Explains concepts on Functional Verification methodologies used in industry like OVM, UVM
This tutorial is intended for verification engineers that must validate algorithmic designs. It presents the detailed steps for implementing a SystemVerilog verification environment that interfaces with a GNU Octave mathematical model. It describes the SystemVerilog – C++ communication layer with its challenges, like proper creation and activation or piped algorithm synchronization handling. The implementation is illustrated for Ncsim, VCS and Questa.
How to create a high quality static code analyzerAndrey Karpov
The PVS-Studio static code analyzer
What is inside of the C# analyzer
Making and debugging diagnostics
Internal tests, synthetics
SelfTester: a check on real code
Software Testing (in Scala): A Practitioner's Survey (Quickly)Roberto Casadei
This presentation is a quick survey on many different concepts and techniques related to software testing. It briefly reviews the basics and provides different references to more advanced material. Among other things, it presents the "schools" of testing, the levels of testing, ScalaTest, mocking vs. stub, property-based testing etc.
Introduction to SOC Verification Fundamentals and System Verilog language coding. Explains concepts on Functional Verification methodologies used in industry like OVM, UVM
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...Iosif Itkin
TMPA-2017: Tools and Methods of Program Analysis
3-4 March, 2017, Hotel Holiday Inn Moscow Vinogradovo, Moscow
Regression Testing with Semiautomatic Test Selection for Auditing of IMS Database
Alexey Ruchay, Ivan Kliavin, Tatiana Kotova, Julia Ivanova, Applied Technologies
Would like to know more?
Visit our website:
www.tmpaconf.org
www.exactprosystems.com/events/tmpa
Follow us:
https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym
https://twitter.com/exactpro
Advances in Verification - Workshop at BMS College of EngineeringRamdas Mozhikunnath
Day 1 of workshop at BMS college of Engineering
Covers SystemVerilog language fundamentals - Language constructs, building blocks, Arrays, Process, Classes
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 TutorialAmiq Consulting
SVAUnit is an UVM compliant package that addresses verification of SystemVerilog Assertions (SVAs) with several advantages:
- decouple assertion validation code from assertion definition code
- simplify the generation of a wide range of stimuli, from 1 bit signal toggling to transactions
- provide the ability to reuse scenarios
- provide self-checking mechanisms
- report test status automatically
- integrate with major simulators
This tutorial discusses SVA planning, coding guidelines, SVAUnit (SVAUnit framework, self-checking tests, debug), and test patterns. Planning includes parametrization, temporal sequence composition, sequence reuse and also consider how the SVA package will be integrated with other verification methods. Coding guidelines ensure efficiency as well as avoid common implementation pitfalls.
Wodel-Test: A Model-Based Framework for Language-Independent Mutation TestingPablo Gómez Abajo
Mutation testing (MT) targets the assessment of test cases by measuring their efficiency to detect faults. This technique involves modifying the program under test to emulate programming faults, and assessing whether the existing test cases detect such mutations. MT has been extensively studied since the 70's, and many tools have been proposed for widely used languages like C, Java, Fortran, Ada and SQL; and for notations like Petri-nets. However, building MT tools is costly and error-prone, which may prevent their development for new programming and domain-specific (modelling) languages.
In this paper, we propose a framework called Wodel-Test to reduce the effort to create MT tools. For this purpose, it follows a model-driven approach by which MT tools are synthesized from a high-level description. This description makes use of the domain-specific language Wodel to define and execute model mutations. Wodel is language-independent, as it allows the creation of mutation operators for any language defined by a meta-model. Starting from the definition of the mutation operators, Wodel-Test generates a MT environment which parses the program under test into a model, applies the mutation operators, and evaluates the test-suite against the generated mutants, offering a rich collection of MT metrics. We report on an evaluation of the approach based on the creation of MT tools for Java and the Atlas transformation language.
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...Iosif Itkin
TMPA-2017: Tools and Methods of Program Analysis
3-4 March, 2017, Hotel Holiday Inn Moscow Vinogradovo, Moscow
Regression Testing with Semiautomatic Test Selection for Auditing of IMS Database
Alexey Ruchay, Ivan Kliavin, Tatiana Kotova, Julia Ivanova, Applied Technologies
Would like to know more?
Visit our website:
www.tmpaconf.org
www.exactprosystems.com/events/tmpa
Follow us:
https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym
https://twitter.com/exactpro
Advances in Verification - Workshop at BMS College of EngineeringRamdas Mozhikunnath
Day 1 of workshop at BMS college of Engineering
Covers SystemVerilog language fundamentals - Language constructs, building blocks, Arrays, Process, Classes
SystemVerilog Assertions verification with SVAUnit - DVCon US 2016 TutorialAmiq Consulting
SVAUnit is an UVM compliant package that addresses verification of SystemVerilog Assertions (SVAs) with several advantages:
- decouple assertion validation code from assertion definition code
- simplify the generation of a wide range of stimuli, from 1 bit signal toggling to transactions
- provide the ability to reuse scenarios
- provide self-checking mechanisms
- report test status automatically
- integrate with major simulators
This tutorial discusses SVA planning, coding guidelines, SVAUnit (SVAUnit framework, self-checking tests, debug), and test patterns. Planning includes parametrization, temporal sequence composition, sequence reuse and also consider how the SVA package will be integrated with other verification methods. Coding guidelines ensure efficiency as well as avoid common implementation pitfalls.
Wodel-Test: A Model-Based Framework for Language-Independent Mutation TestingPablo Gómez Abajo
Mutation testing (MT) targets the assessment of test cases by measuring their efficiency to detect faults. This technique involves modifying the program under test to emulate programming faults, and assessing whether the existing test cases detect such mutations. MT has been extensively studied since the 70's, and many tools have been proposed for widely used languages like C, Java, Fortran, Ada and SQL; and for notations like Petri-nets. However, building MT tools is costly and error-prone, which may prevent their development for new programming and domain-specific (modelling) languages.
In this paper, we propose a framework called Wodel-Test to reduce the effort to create MT tools. For this purpose, it follows a model-driven approach by which MT tools are synthesized from a high-level description. This description makes use of the domain-specific language Wodel to define and execute model mutations. Wodel is language-independent, as it allows the creation of mutation operators for any language defined by a meta-model. Starting from the definition of the mutation operators, Wodel-Test generates a MT environment which parses the program under test into a model, applies the mutation operators, and evaluates the test-suite against the generated mutants, offering a rich collection of MT metrics. We report on an evaluation of the approach based on the creation of MT tools for Java and the Atlas transformation language.
Practical RISC-V Random Test Generation using Constraint Programminged271828
A proof-of-concept random test generator for RISC-V ISA is presented. The test generator uses constraint programming for specification of relationships between instructions and operands. Example scenarios to cover basic instruction randomization, data hazards, and non-sharing are presented. The tool integrates the RISC-V instruction set simulator to enable the generation of self-checking tests. The tool is implemented in Python using a freely-available constraint solver library. A summary of problems encountered is provided and next steps are discussed.
Inria Tech Talk : Comment améliorer la qualité de vos logiciels avec STAMPStéphanie Roger
Que vous soyez développeur ou entrepreneur, découvrez le projet STAMP piloté par Inria, l'institut national de recherche dédié aux sciences du numérique.
The Spring Framework has always embraced testing as a first class citizen. Spring-based components should be modular, easy to wire together via dependency injection, and therefore easy to test. In fact, when well designed following a POJO programming model, a component in a Spring application can be unit tested without using Spring at all. And when you take the step toward developing integration tests, Spring's testing support is there to make your job easy.
Join Spring Test component lead Sam Brannen in this talk to learn about the basics for Spring's unit and integration testing support. This talk will provide attendees an overview of the following topics: unit testing without Spring, integration testing with Spring, loading application contexts (with and without context hierarchies), injecting dependencies into tests, transaction management for tests, SQL script execution, testing Spring MVC and REST web applications, and more.
May: Automated Developer Testing: Achievements and ChallengesTriTAUG
Developer testing, a common step in software development, involves generating sufficient test inputs and checking the behavior of the program under test during the execution of the test inputs. Complicated logics inside a method make generating appropriate arguments difficult. In testing object-oriented programs, generating method sequences to put the receiver object or argument objects into appropriate states further complicates test-input generation. After the generated test inputs are executed, program crashes or uncaught exceptions can be used to indicate program problems, especially robustness problems. However, some program problems such as producing wrong program outputs do not crash the program.
In this talk, the speaker will present an overview of achievements and challenges in improving automation in developer testing, especially on test-input generation (i.e., generating sufficient test inputs) and test oracles (i.e., checking the behavior of the program under test).
About the speaker:
Tao Xie is an Associate Professor in the Department of Computer Science of the College of Engineering at North Carolina State University. He received his Ph.D. in Computer Science from the University of Washington in 2005. Before that, he received an M.S. in Computer Science from the University of Washington in 2002, an M.S. in Computer Science from Peking University in 2000, and a B.S. in Computer Science from Fudan University in 1997. He worked as a visiting researcher at Microsoft Research Redmond and Microsoft Research Asia.
His research interests are in software engineering, focusing on automated software testing and mining software engineering data. He has published more than 100 research papers in refereed journals and conference proceedings in the area of software engineering. Besides doing research, he has contributed to understanding the software engineering research community.
He has served as the ACM SIGSOFT History Liaison in the SIGSOFT Executive Committee as well as serving in the ACM History Committee. He received a National Science Foundation Faculty Early Career Development (CAREER) Award in 2009. He received 2008, 2009, and 2010 IBM Faculty Awards and a 2008 IBM Jazz Innovation Award. He received 2010 North Carolina State University Sigma Xi Faculty Research Award. He received the ASE 2009 Best Paper Award and an ACM SIGSOFT Distinguished Paper Award. He was Program Co-Chair of 2009 IEEE International Conference on Software Maintenance (ICSM) and is Program Co-Chair of 2011 and 2012 International Working Conference on Mining Software Repositories (MSR).
Reproducibility of computational workflows is automated using continuous anal...Kento Aoyama
journal seminar in Akiyama-Lab@Tokyo Tech (http://www.bi.cs.titech.ac.jp/)
(2017-04-20)
> B. K. Beaulieu-Jones and C. S. Greene, “Reproducibility of computational workflows is automated using continuous analysis,” Nature. Biotechnology., vol. 35, no. 4, pp. 342–346, 2017.
> http://www.nature.com/nbt/journal/v35/n4/full/nbt.3780.html
Equivalence checking is a portion of a larger discipline called formal verification. This technology uses mathematical modeling techniques to prove that two representations of design exhibit the same behavior. This approach should not be confused with functional verification, which uses exhaustive simulation to verify the correctness of a design.
Once a verified version of a design has been identified, equivalence checking can be used to determine if an alternate representation of the design behaves the same as the verified version. This technique does not use input vectors so it is more efficient.
Equivalence checking is useful to verify that a design’s function has not changed after an operation like synthesis, or after a functional ECO has been applied.
APEX Application Lifecycle and Deployment 20220714.pdfRichard Martens
APEX application deployment is mostly done by exporting the application and importing it into the target environment.
But what if your team continuously develops (as they should), where do you stop developing to start preparing your release-deployment? You should be able to deploy based on features; without your developers having to halt their development.
Using the deployment-method explained in this presentation you will be able to do just that.
The method includes things like Code versioning (GIT), Feature-tickets (Jira), Code Review (Quality), Automated Deployment using Jenkins and Flyway. When implemented you will be able to successfully and predictively deploy your APEX applications (including underlying database objects) to the different deployment-environments.
With a few modifications you can even upgrade the methodology to be a "continuous delivery" methodology.
The slides or my talk at SoftShake (soft-shake 2013) about unit test maintenance.
The code can be found here : https://github.com/tsimbalar/UnitTestsMaintenanceHell
Abstract (in French, sorry ...) :
“Oui, les tests unitaires, c’est cool, mais à chaque fois que je fais une petite modification dans le code, je dois réparer tous mes tests, c’est pénible et ça me prend un temps fou! Alors j’hésite à laisser tomber ma suite de tests, ou alors je fais l’impasse sur ce refactoring …”
Vous avez déjà entendu ça, non ? Quand on se met à écrire des tests unitaires (que ce soit avant ou après le code à tester), au début, c’est la galère, puis, peu à peu, avec l’habitude et l’expérience, on les écrit mieux et plus rapidement … mais quand il s’agit de modifier du code existant, on a quand même l’impression de se prendre les pieds dans les tests.
Dans cette session, je vous présenterai quelques techniques, trucs et outils pour écrire des tests plus maintenables et vous sentir moins gênés lors des refactorings du code. Cette présentation se basera sur des exemples de code et des démos (en C# et avec Visual Studio)
Les tests apportent une forte valeur ajoutée à nos projets, ce qu’il faut, c’est essayer d’en réduire le coût…
Choosing architecture in your system is one of the most important things to do and there are many things to consider, like performance, maintenance, configuration and extension of the system. This presentation is about choosing the strategy for your architecture of how to build a measurement system.
This talk demonstrates advanced testing practices coming from the STAMP research project and applied to the XWiki open source project:
- Testing for coverage with Jacoco and defining a viable strategy for slowly improving the situation
- Testing the quality of your tests with Descartes Mutation testing
- Automatically enriching your test suite with DSpot
- Testing various configurations with Docker containers and Jenkins
- Generating tests automatically from production stack traces
Tool Development 09 - Localization & TestingNick Pruehs
Chapter 09 of the lecture Tool Development taught at SAE Institute Hamburg.
Introduction to globalization and localization of WPF applications, as well as unit testing with NUnit.
Здесь вы найдёте 60 вредных советов для программистов и пояснение, почему они вредные. Всё будет одновременно в шутку и серьёзно. Как бы глупо ни смотрелся вредный совет, он не выдуман, а подсмотрен в реальном мире программирования.
In this article, you're going to find 60 terrible coding tips — and explanations of why they are terrible. It's a fun and serious piece at the same time. No matter how terrible these tips look, they aren't fiction, they are real: we saw them all in the real programming world.
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Andrey Karpov
Есть ошибки, которые легко прячутся от программистов на обзорах кода. Чаще всего они связаны с опечатками или недостаточным знанием тонких нюансах языка/библиотеки. Давайте посмотрим интересные примеры таких ошибок и как их можно выявить с помощью статического анализа. При этом анализаторы не конкурируют с обзорами кода или, например, юнит-тестами. Они отлично дополняют другие методологии борьбы с ошибками.
When should you start using PVS-Studio? What can PVS-Studio detect? Supported standards: MISRA, CWE, CERT, OWASP, AUTOSAR. What about analysis options? What about legacy code?
Двойное освобождение ресурсов. Недостижимый код. Некорректные операции сдвига. Неправильная работа с типами. Опечатки и copy-paste. Проблемы безопасности. Путаница с приоритетом операций.
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Andrey Karpov
What is static analysis and what is it for? How does static analysis work? (Unreal Engine 4). How to introduce static analysis in your project: best practices.
Does static analysis need machine learning?Andrey Karpov
Introduction to static analysis. Existing solutions and approaches they implement. Problems and pitfalls when creating an analyzer. When learning «manually». When learning on a real large code base. Most promising approaches.
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
Objectives of this webinar
How we detected error patterns
Patterns themselves and how to avoid them:
3.1 Copy-paste and last line effect
3.2 if (A) {...} else if (A)
3.3 Errors in checks
3.4 Array index out of bounds
3.5 Operator precedence
3.6 Typos that are hard to spot
How to use static analysis properly
Conclusion
Q&A
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)Andrey Karpov
How to fight bugs in legacy code?
Should you do it at all?
What to do if there are hundreds or even thousands of errors?(that’s usually the case)
How to avoid spending a plethora of man-hours on this?
And still, how did you work with Unreal Engine?
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
We all do code reviews. Who doesn't admit this – does it twice as often. C++ code reviewers look like a sapper. .. except that they can make a mistake more than once. But sometimes the consequences are painful . Brave code review world.
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
Why Do You Need Static Analysis? Detect errors early in the program development process. Get recommendations on code formatting. Check your spelling. Calculate various software metrics.
Are С and C++ Alive? Even More, IBM RPG Is! C and C++ Are Not Just for Old Systems. Are С and C++ Alive? Summary for C, C++. Embedded: C and С++ Are on the Rise.
Zero, one, two, Freddy's coming for youAndrey Karpov
This post continues the series of articles, which can well be called "horrors for developers". This time it will also touch upon a typical pattern of typos related to the usage of numbers 0, 1, 2. The language you're writing in doesn't really matter: it can be C, C++, C#, or Java. If you're using constants 0, 1, 2 or variables' names contain these numbers, most likely, Freddy will come to visit you at night. Go on, read and don't say we didn't warn you.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Understanding Nidhi Software Pricing: A Quick Guide 🌟
Choosing the right software is vital for Nidhi companies to streamline operations. Our latest presentation covers Nidhi software pricing, key factors, costs, and negotiation tips.
📊 What You’ll Learn:
Key factors influencing Nidhi software price
Understanding the true cost beyond the initial price
Tips for negotiating the best deal
Affordable and customizable pricing options with Vector Nidhi Software
🔗 Learn more at: www.vectornidhisoftware.com/software-for-nidhi-company/
#NidhiSoftwarePrice #NidhiSoftware #VectorNidhi
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Specifics of static analyzer development and testing
1. 1/41St. Petersburg. May 31–June 1 2019
Software quality assurance days
The 25th international conference
concerning SW
sqadays.com
Sergey Khrenov
PVS-Studio, Tula, Russia
Specifics of static analyzer development and
testing
2. 2/41
Название темы. Может быть длинное, даже не одна строка, а две или три
Static analysis, development complexity
and code quality
3. 3/41
• Does not replace, but
supplements code review
• Finding errors in code without
executing it
• Allows to control the code quality
in large projects
Static analysis …
6. 6/41
V3012 The '?:' operator, regardless of its conditional expression, always
returns one and the same value: Color.FromArgb (150, 179, 225).
ProfessionalColorTable.cs 258
Typical error (project Mono)
7. 7/41
Issues
• Scientific content
• Different programming languages
• Cross-platform
• Standards support (CWE, MISRA, SEI CERT…)
• Classical testing methods are not enough
8. 8/41
How to achieve quality?
• Joint code reviews (it works!)
• Unit-tests
• UI-tests
• Functional tests
• Load testing
• Static analysis
• Check of actual projects pool (SelfTester)
13. 13/41
Semantic model
Getting information about the object
Getting information about the object type
Getting constant values
x = 1;
x
Semantic Model
System.Int32 x = 1;
22. 22/41
Diagnostic V3006: missing throw
public void DoSomething(int index)
{
if (index < 0)
new ArgumentOutOfRangeException(); // <= V3006
else
....
}
// The correct version of the code:
throw new ArgumentOutOfRangeException();
23. 23/41
1. Follow traversing nodes of the type ObjectCreationExpressionSyntax
(creating an object using the operator new);
2. Check that the type of the created object is System.Exception or a
derived one (use a semantic model);
3. Check that the created object is not used in any way;
4. Issue a warning.
Diagnostics V3006: missing throw
24. 24/41
public class V3006CSharpRule : IVisitObjectCreationExpressionRule
{
....
public void VisitObjectCreationExpression(
SemanticModelAdapter model,
VisitInfo visitInfo,
ObjectCreationExpressionSyntax node,
AnalysisResults results)
{
....
}
}
Diagnostic V3006: missing throw
25. 25/41
Diagnostics development
1. Creating positive and negative tests
2. Development of a prototype that meets the test
requirements
3. Improvement of diagnostics and tests based on the
results after checking a pool of actual projects
(SelfTester)
4. Exception handling, minimization of false positives
5. Re-run on actual projects, saving changes
31. 31/41
• The tool for batch verification of actual
projects
• SelfTester for С/С++ and C# uses local project
pool
• SelfTester for Java downloads projects of the
certain version from the repository on GitHub
PVS-Studio SelfTester
32. 32/41
Requirements to SelfTester
• Сross-platform
• Parallelism
• Available GUI
• Flexible settings
• Presentation of the result in a convenient
form
• Comparison with the result of the previous
run
• Ability to quickly fixate or ignore differences
33. 33/41
SelfTester tasks
• Any change of the analyzer’s core requires tests’ restart
• The core is a set of common internal mechanisms of the
analyzer
• Creating a new diagnostic requires tests’ restart
• Including a new project in the test pool requires a
restart of the tests
• The main task is to detect defects in the analyzer’s
behavior
• Often defects represent expected behavior
38. 38/41
Going into production
• Improvements based on users
feedback (including internal
feedback)
• Improvements related to changes
in the core behavior (refinement
of mechanisms, support of new
language standards, etc.)
39. 39/41
Five features of a good static analyzer
according to PVS-Studio
• Fast code processing
• Minimum false positives
• Developed means of integration
• Simplicity of introduction into large projects
• Support