Archive for the ‘Static Analysis’ category

Non linear paths from Application Code

October 4, 2007
The applications become complex as their code base increases. This has challenges for the testers to determine the nonlinear paths in the application.

Most of the Static Analysis tools over the application code helps us to  identify the  cyclomatic complexity (nonlinear paths) at a method level. These might be helpful to validate those methods and to achieve good code coverage over the same.

But the Code coverage at a Unit Level may not be a big help since most of the end user scenarios won’t run after unit level paths. These paths is an integration of the above unit level paths.

Since the Testers focus on simulating the end user scenarios, it will be good to identify all the possible nonlinear paths around the application code base and capture the code coverage based on these paths.

You might want to go through some discussion around this on Linkedin Answers

In case you have similar experiences over white box testing drop me a mail at

Happy Testing…

Powered by ScribeFire.

Use Cyclomatic Complexity to determine the Risk and Test Scenarios

July 19, 2007

Cyclomatic Complexity (CC) is a software metric (mostly code based metric) used to the number of independent path executions in the application. Introduced by Thomas McCabe in 1976, it measures the number of linearly-independent paths through a program module.

It helps the developers to determine the independent path executions and base line unit tests that they need to validate. Using this, the developers can assure that all the paths have been tested atleast once. It’s a great comfort for the developer and their respective managers.

It’s better to write JUnit Tests for all these linearly-independent paths and integrate it with any code coverage tool. These reports help to focus more on the un covered paths and improve the code coverage.

It also helps to evaluate the risk associated with the application. The following are the results published by SEI and they are being followed widely to determine the health of the code base.

Cyclomatic Complexity      Risk Evaluation
1-10                                              A simple program, without much risk
11-20                                            More complex, moderate risk
21-50                                            Complex, high risk program
Greater than 50                          Un testable program (very high risk)

Explore more at Cyclomatic Complexity in Software Technology Roadmap from SEI.

Further Reading on the topic

Use metrics to evaluate the risk early in the cycle & improve your test coverage.

Happy Testting …

Open Source Tools to test your Java Code

April 16, 2007

Open Source tools are being used aggressively and there are many tools that can help Java Applications to validate their code.

The following issues can be uncovered

  • Unhandled exceptions
  • Infinite Loops
  • Dead code
  • Validations against Java coding guidelines from Sun

The following Metrics can be captured

  • Source Code Metrics
  • Coverage Metrics
  • Dependencies with the Design

Couple of resources listed below helps in implementing the same.

JavaNCSS – A source metric suite for Java

March 15, 2007

I have been looking after LOC counters to capture some metrics of the source code and found that JavaNCSS is a good match.

What is JavaNCSS ?

JavaNCSS is a command line utility which measures some standard source code metrics for the Java programming language. The metrics are collected globally, for each class and/or for each function.

What are the advantages ?

The following are some of the advantages that i have seen

  1. Support for Ant Tasks, so easy to integrate with build process
  2. Reports can be in Text, XML, HTML etc
  3. Support for Stylsheets and easy to get nice HTML reports
  4. Metrics at each level Package / Class / Method
  5. Cyclomatic Complexity Number
  6. List the number of packages / classes / functions / LOC counter at each level

Further Reading:

  1. JavaNCSS Home
  2. LOC Counters for C++ / Java on Joel Software Discussion group
  3. SLOC on Wikipedia

Applying Static Analysis for Software Testing

December 7, 2006

In this post, I will be sharing my views on Static Analysis and how the same is useful for Software Testing. Using Static Analysis in Testing will also be called as Static Testing.

The generic definition for Static Testing is that

Testing of an Application at the specification or implementation level without execution of that Application.

Static Analysis helps a lot for better Code Quality and we can perform the following set activities against the source code.

  1. Capture Metrics
  2. Complexity of the System (eg. Cyclomatic Complexity)
  3. Compliance against Standards (eg. check for the Java Coding Guidelines)
  4. Exception Handling (Captures the code that contains Unhandled exceptions)
  5. Infinite Loops
  6. Copy Paste Dectors (Most of the developers used to reuse the code via a copy paste and introduce some issues in the process)
  7. Duplicate Code
  8. Dead Code

We should be able to restrict most of the above said issues at very early stage of SDLC by applying Static Testing techniques and make these part of the build process.

Finding Bugs in Java Programs with just one mouse click

November 24, 2006

Come across this cool video about Using Static Analysis For Software Defect Detection on Google Tech Talks. William Pugh talk about how can we use Static Analysis for defect detection and his tool FindBugs which is Static Analysis tool for Java Applications.

The tool is amazing and with just with one mouse click, we can uncover so many issues that we didn’t even think of.

Get more info on FindBugs here

Link to the Video : Using Static Analysis For Software Defect Detection

Abstract of the Video:

Paugh talks about some of my experience in using and expanding static analysis tools for defect detection. The FindBugs tool developed at the University of Maryland is now being widely used, including inside Google.

he will give an overview of FindBugs, show some of the kinds of errors we routinely find in production code, discuss the methodology we use for enhancing and expanding FindBugs and some of the recent additions to it, discuss ways of incorporating FindBugs into your development process (such as being able to get a report of all the warnings introduced since the last release of your software), and talk about the future of static analysis, including things such as a new Java JSR to provide standard annotations for things such as @NonNull and @Tainted.

Static Analysis for Code Quality

November 24, 2006

Static Analysis is the technique used to analyze the software without executing the same. It helps to look at issues that are there with in the Source Code even before it gets executed. Find some reading on Static Code Analysis here from Wikipedia.

Static Analysis also used to publish some of the Software Metrics. For example, KLOC, Cyclomatic Complexity will be captured through Static Analysis.

The following are some the links to Static Analysis Tools

  1. List of Tools from wikipedia
  2. List of Tools from Testing FAQs

%d bloggers like this: