A course on static analysis

29.06.2009 Andrey Karpov

Some time ago we communicated with TEKAMA Company about developing a course on static analysis for one of their corporate clients. Unfortunately, the project has not been implemented but we are still ready to develop theoretical and practical courses in this sphere. If you are interested in courses in the saphere of increasing software quality and code verification, write to us, we are likely to find mutual interests.

To make clear what exactly these courses include let's study the contents of the two courses we have been planning to develop for TEKAMA Company. The first course is theoretical, the second is practical.

Static analysis. Theoretical section.

The first section of the course is of theoretical character and is intended for familiarizing the attendees with the methodology of static analysis and the principles it is based on. The course is meant for developers using C/C++ programming languages within the framework of Visual Studio 2008 environment. But it concerns many theoretical issues such as estimating the cost of a program project, metrics' types, etc, what can be interesting for developers using any development environments.

Contents:

  • The history of static analysis methodology
    • Methods of increasing programs' quality
    • Code review methodology as a basis of static analysis
    • Development of static analysis methodology
    • Advantages and disadvantages of static analysis in comparison with other code verification (testing) methodologies
  • Technical principles underlying static code analyzers
    • Brief description of the interior organization of static analyzers
    • Collection of information on the basis of parsing AST or parse tree
    • Tools for creating solutions in the sphere of code analysis
  • Metrics
    • Estimate of the cost of a program project on the basis of metrics
      • Where do estimate errors arise from and in what way is metrics calculation helpful
      • Types of cost estimate metrics, their advantages and disadvantages
        • The role of lines of code (LOC) in size estimate
        • Functional points
        • Conversion of functional points into LOC
        • Simplified methods of calculating functional points
        • Dutch method
        • GUI items
      • Using estimates when negotiating and making decisions
      • Steve McConnel's works in the sphere of cost estimate
      • An example of a tool in the sphere of estimating the cost of creating a project
    • Increase of quality and safety of a project with the help of complexity estimate metrics
      • Holstead's metrics
      • Jilb's metrics
      • McCabe's metrics (cyclomatic complexity)
      • Meyers' metrics
      • Other metrics and literature on them
      • Practical use of complexity metrics
      • Examples of tools for estimating cyclomatic complexity (SourceMonitor, C and C++ Code Counter)
  • Static analysis
    • Difference between static analysis and dynamic analysis
    • Advantages and disadvantages of static analysis in comparison with dynamic analysis
    • How static and dynamic analysis can efficiently complement each other
    • Using sets of rules for diagnosing
      • Scott Meyers "Effective C++"
      • MISRA
      • OOP
      • Qt Best Practices
      • Other sets of rules
    • Using static analysis for style unification
      • Examples
      • Discussion of the examples
    • Using static analysis for searching errors
      • Inattention errors, diagnosing, examples
      • Initialization errors, diagnosing, examples
      • Safety errors, diagnosing, examples
      • Compatibility errors when developing cross-platform solutions, diagnosing, examples
      • Performance errors, diagnosing, examples
      • Errors in multi-thread programs, diagnosing, examples
      • Other types of errors, diagnosing, examples
    • Using static analysis in practice
      • Why are there so many warnings and what to do with them?
      • Integration of static analysis into the development process
    • Examples of the most popular static analysis systems
  • Additional information and a story about resources devoted to the topic of static analysis
  • Answering the questions

Static analysis. Practical section.

The second section is of practical character and is intended for familiarizing the attendees with some static analysis tools and methods of using them. The course is meant for developers using C/C++ programming languages within the framework of Visual Studio 2008 development environment. In the second section of the course we can touch upon the ways of applying practical studies on getting acquainted with the tools. As the authors of the course we can provide Viva64 and VivaMP tools free for the attendees to get acquainted with the working principles of static analyzers. If it is interesting to arrange practical studies on the basis of other tools, we should discuss this possibility and the budget for purchasing them separately.

Contents:

  • Review of code static analysis tools
    • Lint
    • PC-Lint
    • FxCop
    • JLint
    • Cccc
    • Estimate
    • Analyzer included into Visual Studio Team System
    • Viva64
    • VivaMP
    • Parasoft C++Test
    • Other tools
  • Learning to apply the tools for calculating metrics
    • Simple tools: SourceMonitor, C and C++ Code Counter (Cccc)
      • SourceMonitor. Examples of use.
      • C and C++ Code Counter. Examples of use.
    • Estimate program by Steve McConnel
      • Methodologies of using Estimate program
      • Examples of use
  • Learning to apply C/C++ code static analysis tools
    • PC-Lint
      • Installation and setting of PC-Lint
      • Integration of PC-Lint into Visual Studio 2005/2008 and use of Visual Lint productt
      • Adaptation of PC-Lint tool's settings to a project's peculiarities
      • Examples of use
    • Viva64
      • Installation and setting of Viva64
      • Adaptation of Viva64 tool's settings to a project's peculiarities
      • Examples of use
      • We can discuss the variants of practical training on search of errors in 64-bit programs with the help of Viva64 tool. As the authors of Viva64 analyzer we are ready to provide the attendees with it free to get acquainted with it within the framework of the course.
    • VivaMP
      • VivaMP as a new direction in testing parallel applications
      • Installation and setting of VivaMP
      • Adaptation of VivaMP tool's settings to a project's peculiarities
      • Examples of use
      • We can discuss the variants of practical training on search of errors in parallel programs with the help of VivaMP tool. As the authors of VivaMP analyzer we are ready to provide the attendees with it free to get acquainted with it within the framework of the course.
    • C++Test
      • Installation and setting of C++Test
      • Adaptation of C++Test tool's settings to a project's peculiarities
      • Examples of use
  • Practical approaches to integration of static analysis tools in the development process
  • Answering the questions