Development Testing with Static Analysis

I’ve recently come across an EE Times article written by Coverity stressing the benefits of static analysis and how it can help finding potential issues in the code early.

They mentioned 3 static analysis techniques:

  • Dataflow analysis
    This technique can find the defect in the listing below during compile time.

    If value of x passed into the function is not zero, p is assigned a null pointer with p=0. Then, the next conditional check (x!=0) takes a true branch and in the next line p is dereferenced, leading to a null pointer dereference. This type of issue can be detected at compiled time with dataflow analysis.
  • Interprocedural analysis
    This technique can find defects across function and method boundaries. See listing below:

    There are 3 functions: example_leak, create_S and zero_alloc. Interprocedural analysis  can go through the code and identify the memory leak.  The analysis engine has to trace the execution to understand that memory is allocated in zero_alloc, initialized in create_S and leaked when variable tmp goes out of scope when we return from function example_leak.
  • False-path pruning
    This technique tries to ensure that the reported defects are real and to do so it analyzes only the executable paths.  Basic static analysis may find defects on paths that can never be executed because of data dependencies as shown in the listing below.

    This code is slightly modified from the listing used for dataflow analysis. In this case, dataflow analysis would report a null pointer dereference defect (if x != 0). But that would be a false positive because the execution logic will never traverse this path. False-path analysis technique would prune a path that can never be executed (a false path) and good analysis can report up to 50% fewer false positive.

Those static analysis techniques allows code error discovery earlier and can avoid unnecessary late night debugging. Beside dererenced pointers and memory leak, static analysis can also detect other defects such as memory corruptions caused by incorrect integration operations, misused pointers, other resource leaks besides memory, invalid memory accesses, undefined behavior due to uninitialized value usage and many more.

The rest of the EEtime articles deals with Static Analysis with Agile development and how static analysis can be used on different code branches and shared code, but I’m not going to cover those here.

There are different tools available such as Coverity Static Analysis. See video below for a demo.

There was also a session at Android Open 2011 called Static Analysis For Improved Application Performance And Quality presented by Eric Cloninger (Motorola Mobility). This session showed the types of problems that compilers, debuggers, and test suites can’t solve. Items that often only show up in real-world situations for consumers and end-users and introduces the MOTODEV App Validator tool as a solution for developers. I understand that this tool is free but can only be used for Android applications.

There are also many other tools. Some open source C/C++ static analytic tools include:

Check Wikipedia for a more exhaustive list of commercial and free static analysis tools for different languages.


Leave a Reply

1 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
1 Comment authors
Andrey Recent comment authors
newest oldest most voted
Notify of

I would invite all who are interested in static code analysis, try our tool PVS-Studio.
PVS-Studio is a static analyzer that detects errors in source code of C/C++/C++11 applications (Visual Studio 2005/2008/2010).
About PVS-Studio: