Introduction to Static Analysis

(Difference between revisions)

Jump to: navigation, search

Revision as of 04:57, 16 October 2016

Title	Introduction to Static Analysis
Overview	Participants write a unit test (in GoogleTest) and corresponding C++ code to pass the test to verify the test passes
Prerequisite Knowledge	GoogleTest needed to have been installed (as instructed in Unit Test With GoogleTest Activity) and intermediate C++ expertise.
Learning Objectives	Participant should be able to learn how to follow "Red light, green light" Test-Driven Development process and reflect over the approach.

In this exercise, we will set up and start exploring a static analysis tool packaged with the Clang compiler.

For OSX

You already have Clang and all the other dependencies installed. However, you need to install the Static Analyzer by downloading the packaged build of checker here.
After fully downloaded, I recommend then extracting the files from the tarball (checker-278.tar.bz2) as a new directory in your /usr/local folder, such as /usr/local/checker
If you are using sh, ksh, or bash shell, type the command: export PATH=$PATH:/usr/local/checker-278/bin but replace /usr/local/checker-278/bin with the location of where the static analyzer was installed, followed by /bin since that is where the binary (executable) files are

For *nix

You will have to first download and build Clang and LLVM by following these directions.
Once you are done, follow the instructions to build the analyzer from source.

Navigate to where you stored (or freshly clone) your ConnectX code
To start with a fresh build, first make clean
Run: scan-build make
If you get a command not found error, your PATH is not correctly set (see instructions above).
Once run, it should take a moment to analyze the code. Does it identify any bugs? What does the scan-build output results means?

Navigate to your Minefield project or make a new clone of the github repo so you have it locally
Run scan-build on the Minefield project and confirm that it has no bugs found
Read over the different checks that the scan-build static analyzer available checks.
Within the Field class, try to create a bug as described by one of the available checks. However, don't just use the example code the documentation provides. Instead, try to incorporate one of those types of errors into the Field.cpp file so that if someone else looked at the code they might not immediately recognize the bug. Try to make a bug but "hide" it in a clever way.
Once you've created a "hidden bug," run scan-build on the project and make sure it identifies the bug that you think it should.

A revised C++ class with a bug injected into it

The bug the student created should force a static analysis message if run again

Knowledge Area/Knowledge Unit	Software Engineering / SE Static Analysis
Topic	Static Analysis
Level of Difficulty	Understanding types of static analysis messages and creating a new bug requires intermediate programming expertise
Estimated Time to Completion	Installation may take up to 30 minutes for computers running *nix operating systems and is suggested to assign for homework before class. The rest of the activity should take 15-30 minutes, not counting discussion.
Materials/Environment	Need to have a working C++ development environment
Author	Kevin Buffardi
Source	Kevin Buffardi
License	Licensed CC BY-SA 4.0

@@ Line 3: / Line 3: @@
 |-
 |'''Title''' ||
-Introduction to Test-Driven Development (TDD)
+Introduction to Static Analysis
 |-
 |'''Overview''' ||
@@ Line 62: / Line 62: @@
 |-
 |'''Knowledge Area/Knowledge Unit''' ||
-Software Engineering
+Software Engineering / SE Static Analysis
 |-
 |'''Topic''' ||