Static Analysis for Finding Bugs

What is static analysis?

A static analysis is a technique in which the tester views the internal design and code structure, analysing the framework underneath an application. The term ‘static’ conveys that the software under test need not be implemented to find flaws in them, rather test engineers resort to review of code to discover flaws, if any.

Static is often referred to as ‘white box testing’ in which the tester is more concerned about the output generated by the application than how it is being generated. The primary motive behind applying different techniques for code analysis is to improve code and overall software quality as much as possible. Another question that may bother us sometimes is ‘manual analysis vs static analysis tool’.

Static analysis is also a way of examining code in the absence of input data to detect security issues that may probably violate a system, such security threats could be SQL injections, runtime errors and logical error in code (conditional statements evaluating incorrectly).

One may argue that performing a manual static analysis is better than using any static analysis tool.

Automated Analysis vs Static Analysis:

Automation is always faster than manual and definitely has a better code coverage. An automation tool discovers common security bugs than a manual which helps in discovering bugs of even more complex nature such as authentication issues. Manual reviews are time consuming but a more exhaustive way to get hold of logical errors, on the contrary automation technique saves a lot of time and effort.

Static Analysis Tools:

We are exposed to so many analysis tools that offers us a framework for attending niceties of the architecture of an application under test. Some of the best static analysis tools are:

  1. Veracode::Veracode is a pocket friendly tool for organisations that enable them to assess security vulnerabilities of a software. Veracode is basically a company that provides cloud-based, mobile security testing applications. It offers an integrated platform static, dynamic and an overall behavioural analysis of a software solution.
  2. Coverity: A project initiated by U.S Department of Homeland Security with an aim to provide an open source software security solution. It is now available as a free service for open source communities to build and manage a company’s software. Works with almost all major languages like Java, C, C++, C#.
  3. Parasoft: Being one of the best platforms for static analysis of bugs, the tool comes with customisable dashboards, instant access to statistics. Parasoft offers analysis techniques such as Pattern based, flow based, multivariate analysis. With this tool testers can keep a track of defects with the help of built-in or customisable templates like Defects by Severity, defects by category and so on.
  4. Codesonar: With CodeSonar we can create an abstract model of an existing program. The tool allows creating checkpoints with which one can arrive at a reasoning behind the existence of the variables and the interactions among them.
  5. CppCheck: The tool is meant for static analysis of C/C++ code, is integrated with other tools like Eclipse, Jenkins, CLion etc. The tool performs some of these functions – memory leak checking, out of bounds checking, null pointer dereferencing, invalid usage of Standard Template library and so on.
  6. Goanna: An excellent tool for error reporting that is integrated with Microsoft Visual Studio, Eclipse and various other IDE’s. It has a great built in feature for error reporting and allows fetching details at a very granular level such as a file.
  7. Polyspace: Polyspace is complaint with coding rule standards such as MISRA C, MISRA C++, JSF++, generates bug reports like list of bugs found, code-rule violations, cyclomatic complexity etc.

    Polyspace is a bug finder tool that helps to catch run time errors, concurrency issues, security vulnerabilities and other defects alike.

  8. ConQAT: An analysis tool that offers a wide range of benefits such as – aggregating quality metrics, support for programming languages - C++, C#, ADA, integrated third party analysis tools like FindBugs, PMD etc., architecture analysis, detecting code duplicity etc.
  9. Jarchitect: The tool offers Java specific code analysis, assess LINQ queries, code comparison between various builds and so on. JArchitect has the power to detect dead code, API break changes, incorrect OOP’s usage and LINQ queries can be customised so that accurate estimations can be made about the code.
  10. OCLint: OCLint offers a range of features for static code analysis such as-
  • An abstract syntax tree that enhances code assessment accuracy and efficiency.
  • Dynamic loading of rules at runtime.
  • Customisable behavioural testing with flexible configuration pattern.
  • Command line interface facilitates simultaneous integration and verification of code, by invoking method calls.

Static Bug Analysis – At a Glance:

  1. Code Inspection: The idea of inspecting code other than implementing it ensures removal of almost 70-80 percent of defects. Code inspections generally involves walkthroughs by designers and programmers to facilitate cost reduction of project thereby enhancing the overall quality of the project.

    Code inspections are based on empirical data that facilitates defect removal up to quite an impressive level.

  2. Identify Bugs: The process of static code analysis enables rectifying various defect prone areas such as –
    • Coding bad practices.
    • Code Accuracy.
    • Performance inaccuracies.
    • Non adherence to coding rules and standards.
    • Security issues.

Static Analysis Tool – a summary:

  • Static code analysis is one among various other techniques to unravel hidden defects or bugs.
  • A tool must be chosen considering the need of the project in terms of framework or language on which the application is based.
  • Static analysis requires one to compile the complete codebase else an automation tool might not be able to reflect the true picture.

Before resorting to a certain technique or procedure it is important to carry out an analysis of the project under consideration. Therefore visualising the cause and effect graph in mind is necessary to gain results in the desired and most efficient manner.