SlideShare a Scribd company logo

Quantifying the Value of Static Analysis

Download as PPTX, PDF
T
TechWell

During the past ten years, static analysis tools have become a vital part of software development for many organizations. However, the question arises, “Can we quantify the benefits of static analysis?” William Oliver presents the results of a Lawrence Livermore National Laboratory study that first measured the cost of finding software defects using formal testing on a system without static analysis; then, they integrated a static analysis tool into the process and, over a period of time, recalculated the cost of finding software defects. Join William as he shares the results of their study and discusses the value and benefits of static testing. Learn how commercial and open source analysis tools can perform sophisticated source code analysis over large code bases. Take back proof that employing static analysis can not only reduce the time and cost of finding defects and their subsequent debugging but ultimately can reduce the number of defects making their way into your releases.

Technology
1 of 31
Lawrence Livermore National Laboratory Quantifying the Value of Static Analysis Date 5/19/2011 William B. Oliver Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344 LLNL-PRES-490136
What is Static Analysis  The use of tools during pre-testing to remove structural defects Software Developer Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 2
What is Static Analysis  Static analysis tools provide an in-depth analysis of source code to find defects. Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 3
What is Static Analysis  Finds Defects that compilers and traditional testing miss Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 4
What is Static Analysis  Defect types include but not limited to • Use of uninitialized variables Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 5
What is Static Analysis  Defect types include but not limited to • Use of uninitialized variables • Memory leaks Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 6
What is Static Analysis  Defect types include but not limited to • Use of uninitialized variables • Memory leaks • Null Pointer dereferences Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 7
What is Static Analysis  Defect types include but not limited to • Use of uninitialized variables • Memory leaks • Null Pointer dereferences • Array Bounds Overflows (and many others) Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 8
Why Incorporate Static Analysis  Static Analysis finds additional defects  Better Code Coverage  Reduced Developer Debug Time  Advanced Tools find Defects Inter-Procedurally  Uncovers structural defects that can cause Functional Defects  Finds defects missed during code reviews/walk thrus Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 9
Inter-Procedural Analysis File A foo(x) File B bar(y) File C foobar(z) Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 10
Why Incorporate Static Analysis Enhances Dynamic Testing • Dynamic testing does not generally uncover memory leaks and other structural defects • Static Analysis provides 100 % code coverage • Structural defects such as Array Bounds Overflows can cause Functional Defects “They are best used in combination with traditional dynamic testing techniques, and can even reduce the cost to create and manage test cases for stringent run-time coverage..” Dr. Paul Anderson PhD Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 11
Structural Defects vs Functional Defects Relate to conformance to the Programming Language rules and syntax SD FD Uninitialized Data Memory/Resource Leaks Array Bounds Overflows Null Pointer Dereferences Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 12
Structural Defects vs Functional Defects Associated with Features, Performance, Availability etc. SD FD Found During Dynamic Testing Some Causes Include: Solving the wrong problem Code Logic Errors System Integration Issues Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 13
Uninitialized Data Correct Set of Values Set of Right Answers y z x Random Set of Values Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 14
Memory/Resource Leaks Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 15
Array Bounds Overflow Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 16
NULL Pointer Dereference This memory location contains the address of this memory location Pointer Value of the contents of address pointed to by the pointer Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 17
NULL Pointer Dereference Pointer = NULL Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 18
Typical Static Analysis Work Flow Perform Static Analysis Add Features Test Fixes Analyze Defects Fix Defects Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 19
Advantages for Testers o Less Wasted Time o Allows more time for test case development o Better Test Cases Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 20
Assumptions About Time to Find Defects One Million Lines of Code Static Analysis 1000 Defects 20 Percent False Positives 800 Valid Defects Time to Run Code Thru Tool Negligable Ten Minutes Per Defect to Triage Dynamic Testing Automated Testing: 1 hour per defect Includes Test Case Development Test Evaluation Test Report Generation Manual Testing: 2 hours per Defect 1000 Defects Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 21
Automated Testing TD = Total Defects = SD + FD Time = Time to Find SD + Time to find FD TD = 800 + 1000 = 1800 SD Time = (1000 Defects * 10 min/defect)/60min/hour = 166.67 hours Time = 166.67 + 1000 = 1166.67 hours Time/TD = 1166.67/1800 = .65 hours/defect = 39 minutes per defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 22
Test Case: Automated Testing Code Type: Programming Language: Number of Developers: Source Lines of Code Analyzed: Scientific Simulation C++ 4 161,880 Total Number SD found: 528 Total Number SD Analyzed: 190 Number of False Positives: 55 Average Analysis Time/Defect: 8.9 minutes Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 23
Test Case: Automated Testing TD = Total Defects = SD + FD FD = 297 for dynamic testing and 1 hour per defect TD = 135 + 297 = 432 SD Time = (190 Defects * 8.9 min/defect)/60min/hour = 28 hours Time = 28 + 297 = 325 hours Time/TD = 325/432 = .75 hours/defect = 45 minutes per defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 24
Just For Fun What If All 528 defects were triaged Assuming 28 % False Positive Rate Total Number SD found: 528 Total Number SD Analyzed: 528 Number of False Positives: 148 Average Analysis Time/Defect: 8.9 minutes Estimated number of real defects = 380 Estimated Time = (528 * 8.9) / 60 = 78 hours TD = 380 + 297 = 677 Time = 78 + 297 = 375 hours Time/TD = 375/677 = .55 hours/defect = 33 minutes per defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 25
Manual Testing Code Type: Programming Language: Security Access C# Number of Developers: Total Number SD found: 76 Total Number SD Analyzed: 35 Number of False Positives: 0 Average Analysis Time/Defect: 3.4 minutes Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 26
Manual Testing FD = 339 for dynamic testing and 5 hours per defect TD = 35 + 339 = 374 SD Time = (35 Defects * 3.4 min/defect)/60min/hour = 2 hours Time = 2 + 1695 = 1697 hours Time/TD = 1697/374 = 4.5 hours/defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 27
Bottom Line Combined with dynamic testing Static Analysis results in finding more Defects And the organization spends less time per defect in the process Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 28
Summary For Static Analysis the time to Find a defect is less than or equal to 10 minutes Dynamic Testing: Automated: 1 hour per Defect Manual: 4 – 5 hours per Defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 29
New Breed of Tester Perform Static Analysis Analyze Defects Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 30
Questions??? Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 31

Recommended

Software Testing:
 A Research Travelogue 
(2000–2014)
Software Testing:
 A Research Travelogue 
(2000–2014)Software Testing:
 A Research Travelogue 
(2000–2014)
Software Testing:
 A Research Travelogue 
(2000–2014)Alex Orso
 
Evaluating the Usefulness of IR-Based Fault LocalizationTechniques
Evaluating the Usefulness of IR-Based Fault LocalizationTechniquesEvaluating the Usefulness of IR-Based Fault LocalizationTechniques
Evaluating the Usefulness of IR-Based Fault LocalizationTechniquesAlex Orso
 
ISSTA 2017 Impact Paper Award Presentation
ISSTA 2017 Impact Paper Award PresentationISSTA 2017 Impact Paper Award Presentation
ISSTA 2017 Impact Paper Award PresentationAlex Orso
 
Inaugural Addresses
Inaugural AddressesInaugural Addresses
Inaugural AddressesBooz Allen Hamilton
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakShelly Sanchez Terrell
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 
Optimal+ GSA 2014
Optimal+ GSA 2014Optimal+ GSA 2014
Optimal+ GSA 2014OptimalPlus
 

Recommended

Software Testing:
 A Research Travelogue 
(2000–2014)
Software Testing:
 A Research Travelogue 
(2000–2014)Software Testing:
 A Research Travelogue 
(2000–2014)
Software Testing:
 A Research Travelogue 
(2000–2014)Alex Orso
 
Evaluating the Usefulness of IR-Based Fault LocalizationTechniques
Evaluating the Usefulness of IR-Based Fault LocalizationTechniquesEvaluating the Usefulness of IR-Based Fault LocalizationTechniques
Evaluating the Usefulness of IR-Based Fault LocalizationTechniquesAlex Orso
 
ISSTA 2017 Impact Paper Award Presentation
ISSTA 2017 Impact Paper Award PresentationISSTA 2017 Impact Paper Award Presentation
ISSTA 2017 Impact Paper Award PresentationAlex Orso
 
Inaugural Addresses
Inaugural AddressesInaugural Addresses
Inaugural AddressesBooz Allen Hamilton
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakShelly Sanchez Terrell
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 
Optimal+ GSA 2014
Optimal+ GSA 2014Optimal+ GSA 2014
Optimal+ GSA 2014OptimalPlus
 
Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...
Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...
Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...Vienna Data Science Group
 
David Parnas - Documentation Based Software Testing - SoftTest Ireland
David Parnas - Documentation Based Software Testing - SoftTest IrelandDavid Parnas - Documentation Based Software Testing - SoftTest Ireland
David Parnas - Documentation Based Software Testing - SoftTest IrelandDavid O'Dowd
 
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTION
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTIONPASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTION
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTIONbutest
 
李育杰/The Growth of a Data Scientist
李育杰/The Growth of a Data Scientist李育杰/The Growth of a Data Scientist
李育杰/The Growth of a Data Scientist台灣資料科學年會
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
 
Automatic Features Generation And Model Training On Spark: A Bayesian Approach
Automatic Features Generation And Model Training On Spark: A Bayesian ApproachAutomatic Features Generation And Model Training On Spark: A Bayesian Approach
Automatic Features Generation And Model Training On Spark: A Bayesian ApproachSpark Summit
 
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
 
[TestWarez 2017] Okiem testera – tam gdzie hardware łączy się z softwarem
[TestWarez 2017] Okiem testera – tam gdzie hardware łączy się z softwarem[TestWarez 2017] Okiem testera – tam gdzie hardware łączy się z softwarem
[TestWarez 2017] Okiem testera – tam gdzie hardware łączy się z softwaremStowarzyszenie Jakości Systemów Informatycznych (SJSI)
 
Vlsi testing
Vlsi testingVlsi testing
Vlsi testingDilip Mathuria
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringAshwini Almad
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringEndgameInc
 
Software testing foundation
Software testing foundationSoftware testing foundation
Software testing foundationAnirudh503501
 
Introduction to Software Testing
Introduction to Software TestingIntroduction to Software Testing
Introduction to Software TestingHenry Muccini
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Big Data Makes The Flake Go Away
Big Data Makes The Flake Go AwayBig Data Makes The Flake Go Away
Big Data Makes The Flake Go AwayDave Cadwallader
 
Orthogonal array approach a case study
Orthogonal array approach a case studyOrthogonal array approach a case study
Orthogonal array approach a case studyKarthikeyan Rajendran
 
L1_Introduction.ppt
L1_Introduction.pptL1_Introduction.ppt
L1_Introduction.pptVarsha506533
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterPuneet Khanduri
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterPuneet Khanduri
 
Storage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler TrainingStorage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler TrainingSolarWinds
 
Failing and Recovering
Failing and RecoveringFailing and Recovering
Failing and RecoveringTechWell
 
Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization TechWell
 

More Related Content

Similar to Quantifying the Value of Static Analysis

Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...
Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...
Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...Vienna Data Science Group
 
David Parnas - Documentation Based Software Testing - SoftTest Ireland
David Parnas - Documentation Based Software Testing - SoftTest IrelandDavid Parnas - Documentation Based Software Testing - SoftTest Ireland
David Parnas - Documentation Based Software Testing - SoftTest IrelandDavid O'Dowd
 
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTION
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTIONPASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTION
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTIONbutest
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
 
Automatic Features Generation And Model Training On Spark: A Bayesian Approach
Automatic Features Generation And Model Training On Spark: A Bayesian ApproachAutomatic Features Generation And Model Training On Spark: A Bayesian Approach
Automatic Features Generation And Model Training On Spark: A Bayesian ApproachSpark Summit
 
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringAshwini Almad
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringEndgameInc
 
Software testing foundation
Software testing foundationSoftware testing foundation
Software testing foundationAnirudh503501
 
Introduction to Software Testing
Introduction to Software TestingIntroduction to Software Testing
Introduction to Software TestingHenry Muccini
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Big Data Makes The Flake Go Away
Big Data Makes The Flake Go AwayBig Data Makes The Flake Go Away
Big Data Makes The Flake Go AwayDave Cadwallader
 
Orthogonal array approach a case study
Orthogonal array approach a case studyOrthogonal array approach a case study
Orthogonal array approach a case studyKarthikeyan Rajendran
 
L1_Introduction.ppt
L1_Introduction.pptL1_Introduction.ppt
L1_Introduction.pptVarsha506533
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterPuneet Khanduri
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterPuneet Khanduri
 
Storage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler TrainingStorage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler TrainingSolarWinds
 

Similar to Quantifying the Value of Static Analysis (20)

Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...
Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...
Wastian, Brunmeir - Data Analyses in Industrial Applications: From Predictive...
 
David Parnas - Documentation Based Software Testing - SoftTest Ireland
David Parnas - Documentation Based Software Testing - SoftTest IrelandDavid Parnas - Documentation Based Software Testing - SoftTest Ireland
David Parnas - Documentation Based Software Testing - SoftTest Ireland
 
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTION
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTIONPASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTION
PASCAL PASCAL CHALLENGE ON INFORMATION EXTRACTION
 
李育杰/The Growth of a Data Scientist
李育杰/The Growth of a Data Scientist李育杰/The Growth of a Data Scientist
李育杰/The Growth of a Data Scientist
 
2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems2011-05-02 - VU Amsterdam - Testing safety critical systems
2011-05-02 - VU Amsterdam - Testing safety critical systems
 
Automatic Features Generation And Model Training On Spark: A Bayesian Approach
Automatic Features Generation And Model Training On Spark: A Bayesian ApproachAutomatic Features Generation And Model Training On Spark: A Bayesian Approach
Automatic Features Generation And Model Training On Spark: A Bayesian Approach
 
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
 
[TestWarez 2017] Okiem testera – tam gdzie hardware łączy się z softwarem
[TestWarez 2017] Okiem testera – tam gdzie hardware łączy się z softwarem[TestWarez 2017] Okiem testera – tam gdzie hardware łączy się z softwarem
[TestWarez 2017] Okiem testera – tam gdzie hardware łączy się z softwarem
 
Vlsi testing
Vlsi testingVlsi testing
Vlsi testing
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
 
Software testing foundation
Software testing foundationSoftware testing foundation
Software testing foundation
 
Introduction to Software Testing
Introduction to Software TestingIntroduction to Software Testing
Introduction to Software Testing
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and you
 
Big Data Makes The Flake Go Away
Big Data Makes The Flake Go AwayBig Data Makes The Flake Go Away
Big Data Makes The Flake Go Away
 
Orthogonal array approach a case study
Orthogonal array approach a case studyOrthogonal array approach a case study
Orthogonal array approach a case study
 
L1_Introduction.ppt
L1_Introduction.pptL1_Introduction.ppt
L1_Introduction.ppt
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ Twitter
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ Twitter
 
Storage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler TrainingStorage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler Training
 

More from TechWell

Failing and Recovering
Failing and RecoveringFailing and Recovering
Failing and RecoveringTechWell
 
Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization TechWell
 
Test Design for Fully Automated Build Architecture
Test Design for Fully Automated Build ArchitectureTest Design for Fully Automated Build Architecture
Test Design for Fully Automated Build ArchitectureTechWell
 
System-Level Test Automation: Ensuring a Good Start
System-Level Test Automation: Ensuring a Good StartSystem-Level Test Automation: Ensuring a Good Start
System-Level Test Automation: Ensuring a Good StartTechWell
 
Build Your Mobile App Quality and Test Strategy
Build Your Mobile App Quality and Test StrategyBuild Your Mobile App Quality and Test Strategy
Build Your Mobile App Quality and Test StrategyTechWell
 
Testing Transformation: The Art and Science for Success
Testing Transformation: The Art and Science for SuccessTesting Transformation: The Art and Science for Success
Testing Transformation: The Art and Science for SuccessTechWell
 
Implement BDD with Cucumber and SpecFlow
Implement BDD with Cucumber and SpecFlowImplement BDD with Cucumber and SpecFlow
Implement BDD with Cucumber and SpecFlowTechWell
 
Develop WebDriver Automated Tests—and Keep Your Sanity
Develop WebDriver Automated Tests—and Keep Your SanityDevelop WebDriver Automated Tests—and Keep Your Sanity
Develop WebDriver Automated Tests—and Keep Your SanityTechWell
 
Eliminate Cloud Waste with a Holistic DevOps Strategy
Eliminate Cloud Waste with a Holistic DevOps StrategyEliminate Cloud Waste with a Holistic DevOps Strategy
Eliminate Cloud Waste with a Holistic DevOps StrategyTechWell
 
Transform Test Organizations for the New World of DevOps
Transform Test Organizations for the New World of DevOpsTransform Test Organizations for the New World of DevOps
Transform Test Organizations for the New World of DevOpsTechWell
 
The Fourth Constraint in Project Delivery—Leadership
The Fourth Constraint in Project Delivery—LeadershipThe Fourth Constraint in Project Delivery—Leadership
The Fourth Constraint in Project Delivery—LeadershipTechWell
 
Resolve the Contradiction of Specialists within Agile Teams
Resolve the Contradiction of Specialists within Agile TeamsResolve the Contradiction of Specialists within Agile Teams
Resolve the Contradiction of Specialists within Agile TeamsTechWell
 
Pin the Tail on the Metric: A Field-Tested Agile Game
Pin the Tail on the Metric: A Field-Tested Agile GamePin the Tail on the Metric: A Field-Tested Agile Game
Pin the Tail on the Metric: A Field-Tested Agile GameTechWell
 
Agile Performance Holarchy (APH)—A Model for Scaling Agile Teams
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsAgile Performance Holarchy (APH)—A Model for Scaling Agile Teams
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsTechWell
 
A Business-First Approach to DevOps Implementation
A Business-First Approach to DevOps ImplementationA Business-First Approach to DevOps Implementation
A Business-First Approach to DevOps ImplementationTechWell
 
Databases in a Continuous Integration/Delivery Process
Databases in a Continuous Integration/Delivery ProcessDatabases in a Continuous Integration/Delivery Process
Databases in a Continuous Integration/Delivery ProcessTechWell
 
Mobile Testing: What—and What Not—to Automate
Mobile Testing: What—and What Not—to AutomateMobile Testing: What—and What Not—to Automate
Mobile Testing: What—and What Not—to AutomateTechWell
 
Cultural Intelligence: A Key Skill for Success
Cultural Intelligence: A Key Skill for SuccessCultural Intelligence: A Key Skill for Success
Cultural Intelligence: A Key Skill for SuccessTechWell
 
Turn the Lights On: A Power Utility Company's Agile Transformation
Turn the Lights On: A Power Utility Company's Agile TransformationTurn the Lights On: A Power Utility Company's Agile Transformation
Turn the Lights On: A Power Utility Company's Agile TransformationTechWell
 

More from TechWell (20)

Failing and Recovering
Failing and RecoveringFailing and Recovering
Failing and Recovering
 
Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization
 
Test Design for Fully Automated Build Architecture
Test Design for Fully Automated Build ArchitectureTest Design for Fully Automated Build Architecture
Test Design for Fully Automated Build Architecture
 
System-Level Test Automation: Ensuring a Good Start
System-Level Test Automation: Ensuring a Good StartSystem-Level Test Automation: Ensuring a Good Start
System-Level Test Automation: Ensuring a Good Start
 
Build Your Mobile App Quality and Test Strategy
Build Your Mobile App Quality and Test StrategyBuild Your Mobile App Quality and Test Strategy
Build Your Mobile App Quality and Test Strategy
 
Testing Transformation: The Art and Science for Success
Testing Transformation: The Art and Science for SuccessTesting Transformation: The Art and Science for Success
Testing Transformation: The Art and Science for Success
 
Implement BDD with Cucumber and SpecFlow
Implement BDD with Cucumber and SpecFlowImplement BDD with Cucumber and SpecFlow
Implement BDD with Cucumber and SpecFlow
 
Develop WebDriver Automated Tests—and Keep Your Sanity
Develop WebDriver Automated Tests—and Keep Your SanityDevelop WebDriver Automated Tests—and Keep Your Sanity
Develop WebDriver Automated Tests—and Keep Your Sanity
 
Ma 15
Ma 15Ma 15
Ma 15
 
Eliminate Cloud Waste with a Holistic DevOps Strategy
Eliminate Cloud Waste with a Holistic DevOps StrategyEliminate Cloud Waste with a Holistic DevOps Strategy
Eliminate Cloud Waste with a Holistic DevOps Strategy
 
Transform Test Organizations for the New World of DevOps
Transform Test Organizations for the New World of DevOpsTransform Test Organizations for the New World of DevOps
Transform Test Organizations for the New World of DevOps
 
The Fourth Constraint in Project Delivery—Leadership
The Fourth Constraint in Project Delivery—LeadershipThe Fourth Constraint in Project Delivery—Leadership
The Fourth Constraint in Project Delivery—Leadership
 
Resolve the Contradiction of Specialists within Agile Teams
Resolve the Contradiction of Specialists within Agile TeamsResolve the Contradiction of Specialists within Agile Teams
Resolve the Contradiction of Specialists within Agile Teams
 
Pin the Tail on the Metric: A Field-Tested Agile Game
Pin the Tail on the Metric: A Field-Tested Agile GamePin the Tail on the Metric: A Field-Tested Agile Game
Pin the Tail on the Metric: A Field-Tested Agile Game
 
Agile Performance Holarchy (APH)—A Model for Scaling Agile Teams
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsAgile Performance Holarchy (APH)—A Model for Scaling Agile Teams
Agile Performance Holarchy (APH)—A Model for Scaling Agile Teams
 
A Business-First Approach to DevOps Implementation
A Business-First Approach to DevOps ImplementationA Business-First Approach to DevOps Implementation
A Business-First Approach to DevOps Implementation
 
Databases in a Continuous Integration/Delivery Process
Databases in a Continuous Integration/Delivery ProcessDatabases in a Continuous Integration/Delivery Process
Databases in a Continuous Integration/Delivery Process
 
Mobile Testing: What—and What Not—to Automate
Mobile Testing: What—and What Not—to AutomateMobile Testing: What—and What Not—to Automate
Mobile Testing: What—and What Not—to Automate
 
Cultural Intelligence: A Key Skill for Success
Cultural Intelligence: A Key Skill for SuccessCultural Intelligence: A Key Skill for Success
Cultural Intelligence: A Key Skill for Success
 
Turn the Lights On: A Power Utility Company's Agile Transformation
Turn the Lights On: A Power Utility Company's Agile TransformationTurn the Lights On: A Power Utility Company's Agile Transformation
Turn the Lights On: A Power Utility Company's Agile Transformation
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Quantifying the Value of Static Analysis

  • 1. Lawrence Livermore National Laboratory Quantifying the Value of Static Analysis Date 5/19/2011 William B. Oliver Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344 LLNL-PRES-490136
  • 2. What is Static Analysis  The use of tools during pre-testing to remove structural defects Software Developer Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 2
  • 3. What is Static Analysis  Static analysis tools provide an in-depth analysis of source code to find defects. Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 3
  • 4. What is Static Analysis  Finds Defects that compilers and traditional testing miss Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 4
  • 5. What is Static Analysis  Defect types include but not limited to • Use of uninitialized variables Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 5
  • 6. What is Static Analysis  Defect types include but not limited to • Use of uninitialized variables • Memory leaks Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 6
  • 7. What is Static Analysis  Defect types include but not limited to • Use of uninitialized variables • Memory leaks • Null Pointer dereferences Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 7
  • 8. What is Static Analysis  Defect types include but not limited to • Use of uninitialized variables • Memory leaks • Null Pointer dereferences • Array Bounds Overflows (and many others) Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 8
  • 9. Why Incorporate Static Analysis  Static Analysis finds additional defects  Better Code Coverage  Reduced Developer Debug Time  Advanced Tools find Defects Inter-Procedurally  Uncovers structural defects that can cause Functional Defects  Finds defects missed during code reviews/walk thrus Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 9
  • 10. Inter-Procedural Analysis File A foo(x) File B bar(y) File C foobar(z) Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 10
  • 11. Why Incorporate Static Analysis Enhances Dynamic Testing • Dynamic testing does not generally uncover memory leaks and other structural defects • Static Analysis provides 100 % code coverage • Structural defects such as Array Bounds Overflows can cause Functional Defects “They are best used in combination with traditional dynamic testing techniques, and can even reduce the cost to create and manage test cases for stringent run-time coverage..” Dr. Paul Anderson PhD Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 11
  • 12. Structural Defects vs Functional Defects Relate to conformance to the Programming Language rules and syntax SD FD Uninitialized Data Memory/Resource Leaks Array Bounds Overflows Null Pointer Dereferences Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 12
  • 13. Structural Defects vs Functional Defects Associated with Features, Performance, Availability etc. SD FD Found During Dynamic Testing Some Causes Include: Solving the wrong problem Code Logic Errors System Integration Issues Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 13
  • 14. Uninitialized Data Correct Set of Values Set of Right Answers y z x Random Set of Values Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 14
  • 15. Memory/Resource Leaks Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 15
  • 16. Array Bounds Overflow Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 16
  • 17. NULL Pointer Dereference This memory location contains the address of this memory location Pointer Value of the contents of address pointed to by the pointer Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 17
  • 18. NULL Pointer Dereference Pointer = NULL Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 18
  • 19. Typical Static Analysis Work Flow Perform Static Analysis Add Features Test Fixes Analyze Defects Fix Defects Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 19
  • 20. Advantages for Testers o Less Wasted Time o Allows more time for test case development o Better Test Cases Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 20
  • 21. Assumptions About Time to Find Defects One Million Lines of Code Static Analysis 1000 Defects 20 Percent False Positives 800 Valid Defects Time to Run Code Thru Tool Negligable Ten Minutes Per Defect to Triage Dynamic Testing Automated Testing: 1 hour per defect Includes Test Case Development Test Evaluation Test Report Generation Manual Testing: 2 hours per Defect 1000 Defects Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 21
  • 22. Automated Testing TD = Total Defects = SD + FD Time = Time to Find SD + Time to find FD TD = 800 + 1000 = 1800 SD Time = (1000 Defects * 10 min/defect)/60min/hour = 166.67 hours Time = 166.67 + 1000 = 1166.67 hours Time/TD = 1166.67/1800 = .65 hours/defect = 39 minutes per defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 22
  • 23. Test Case: Automated Testing Code Type: Programming Language: Number of Developers: Source Lines of Code Analyzed: Scientific Simulation C++ 4 161,880 Total Number SD found: 528 Total Number SD Analyzed: 190 Number of False Positives: 55 Average Analysis Time/Defect: 8.9 minutes Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 23
  • 24. Test Case: Automated Testing TD = Total Defects = SD + FD FD = 297 for dynamic testing and 1 hour per defect TD = 135 + 297 = 432 SD Time = (190 Defects * 8.9 min/defect)/60min/hour = 28 hours Time = 28 + 297 = 325 hours Time/TD = 325/432 = .75 hours/defect = 45 minutes per defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 24
  • 25. Just For Fun What If All 528 defects were triaged Assuming 28 % False Positive Rate Total Number SD found: 528 Total Number SD Analyzed: 528 Number of False Positives: 148 Average Analysis Time/Defect: 8.9 minutes Estimated number of real defects = 380 Estimated Time = (528 * 8.9) / 60 = 78 hours TD = 380 + 297 = 677 Time = 78 + 297 = 375 hours Time/TD = 375/677 = .55 hours/defect = 33 minutes per defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 25
  • 26. Manual Testing Code Type: Programming Language: Security Access C# Number of Developers: Total Number SD found: 76 Total Number SD Analyzed: 35 Number of False Positives: 0 Average Analysis Time/Defect: 3.4 minutes Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 26
  • 27. Manual Testing FD = 339 for dynamic testing and 5 hours per defect TD = 35 + 339 = 374 SD Time = (35 Defects * 3.4 min/defect)/60min/hour = 2 hours Time = 2 + 1695 = 1697 hours Time/TD = 1697/374 = 4.5 hours/defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 27
  • 28. Bottom Line Combined with dynamic testing Static Analysis results in finding more Defects And the organization spends less time per defect in the process Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 28
  • 29. Summary For Static Analysis the time to Find a defect is less than or equal to 10 minutes Dynamic Testing: Automated: 1 hour per Defect Manual: 4 – 5 hours per Defect Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 29
  • 30. New Breed of Tester Perform Static Analysis Analyze Defects Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 30
  • 31. Questions??? Lawrence Livermore National Laboratory Option:UCRL# Option:Additional Information 31

Editor's Notes

  1. Perform Static Analysis: Check out code and build with static analysis tool (Usually automated via nightly run after all code has been checked into the repository) Supports continuous integrationAnalyze Defects: Developers review results and mark defects as either False Positives or Defects Needed to be Fixed and sets prioritiesFix Defects: Developers fix defects from the analysis phaseTest Fixes: Developers perform necessary unit tests to verify that the code provides the required functionality. Add Functionality: Developers continue the development process. Code check-in occurs here.
  2. Less Wasted Time: By applying static analysis the code is more testable the first time it is delivered to the test team. Allowing the test team to test more functionality early on in the test cycle. Also by fixing structural defects during software development some functional defects get fixed.Allows more time for test case development: Testers can now focus on what they do best, develop test cases.Better Test cases: Testers have more time to add test cases that improve code coverage.
  3. Time Per Defect varied considerable among developers from a little over 52 minutes per defect to as low as 3.58 minutes per defect. Attributable to the learning curve.Above number reflect the top three severity levels (Critical, Severe, Error) only