SlideShare a Scribd company logo

Complement Software Testing with Static Analysis

Download as PPTX, PDF
John Ruberto
John Ruberto

Tells the story how we introduced static analysis to complement unit testing & code review, with a mature codebase. Previous attempts at using static analysis failed because the tools would find many "errors" that were not really interesting (coding style, etc.). Also, the tools would find many errors that existed for a long time, and were not problems for customers. This time, we concentrated on 2 things: - new code only (nightly scans - fix code that was checked in yesterday) - errors that result in run-time error Results: - Adoption by our developers - Better code quality - Developers wrote more resilient code the first time.

Technology
1 of 23
Introducing Static Analysis in a Mature Codebase John Ruberto
Born out of failure  Telcom EMS/NMS system: 6M LOC C++     Very successful in the market 400K issues found through static analysis Many false positives, each issue became a debate Financial Web App: 1M LOC Java and javascript     Very successful in the market 20K issues found through static analysis Each one to be reviewed, owner identified, communicated Effort to manage the pile became overwhelming
How we did it        The case for change What can static analysis do for you? Process Design Tool Selection Deployment Change Management Backlog Reduction
Why use Static Analysis?  Root Cause Analysis: defects found in system test Coding: Browser Differences Design: 4% Functional 4% Requirements: Wrong 3% Coding: Missing 6% Design: Usability 6% Content Localization 1% Coding errors 39% Requirements: Missing 9% Missing Code 9% Coding:Exception Handling 19%
How to improve our coding practices  Brain storm with developers:    Improve our unit test & code review practices Introduce Static Analysis According to Jones*, 97% of defects can be removed by using these practices:  Code Review, Static Analysis, Unit Test * Jones, Capers, 2011, Software Quality in 2011, A survey of the State of the Art.
What can Static Analysis do for you?   Example of a defect caught by Static Analysis Potential Null Pointer Exception: boolean foo = bar.status(); if (bar != null) { … // do something here, but too late
Process Design  Minimize feedback loop    Focus on new issues Alert developers privately    Creation -> Detection Focus on developer productivity Track issue status Efficient management of issues
Process Design
Process Design, iteration 2
Tool Selection  Tool Requirements      Effectiveness with our development language False positive rate with our code base Compatibility with our development environment Ability to uniquely identify defects Either a built-in defect management system, or the ability to integrate with our system through an API
Tool Evaluation Criteria  Efficacy of the checkers    False positive rate   How powerful the tool is for finding interesting defects Interesting = defects that would result in runtime error Tool indicates a defect, where there is no defect False negative rate  Tool doesn’t find a defect, which indeed exists
Tool Evaluation - Results  Two tools with complimentary results: Coverity & Findbugs
Deployment  Integrated into our build system Initial scans: establish baseline Scripting for issue assignment & notification Training Follow up, fixing glitches, etc.  4 weeks of effort    
Automated Issue Management   Each nightly scan results in new issues & issues that no longer appear For each new issue:     Look up the developer that checked in that file Assign the issue to the developer Notify via email, with link to issue in the tool For issues no longer appearing in the scans  Mark them fixed in the defect system
Weekly Reports   Regular communication is important for people to see the value, and keep the change alive Focus on action
Monthly Reports   Focus on Return on Investment Reinforce the “new code” focus 1000 900 800 700 600 500 Found Fixed 400 300 200 100 0 1/3/08 2/3/08 3/3/08 4/3/08 5/3/08 6/3/08
Backlog Reduction First, build confidence in tool & issues Then, let the games begin    During the Olympics:      10 pts each major 5 pts each moderate 1 pt each minor & each close/no fix Awards: Gold, Silver, Bronze  Lottery:    1 “ticket” for each fix Regular drawings Regular posting of winners & leaderboard Image: Creative Commons: http://www.flickr.com/photos/garryknight/
Results: 0 backlog Focus on new issues first, lead to confidence in the tools and effort to eliminate the backlog Static Analysis Issue Status 4500 4000 3500 3000 Isues  2500 Total 2000 Fixed 1500 1000 500 0 Jan Feb Mar Apr May Jun Jul Aug Sep
Results: better code  Developers learn the anti-patterns: learn to write more resilient code Defects Detected by Static Analysis 250 200 150 100 50 0 Month 1 Month 2 Month 3 Month 4 Month 5 Month 6
Results: better quality  Better experience for customers   Improved Code Quality   Fewer failures occurring in production > 97% - 100% of issues fixed before customer release Reduced Technical Debt  Eliminated over 3000 issues
Five Tips      Engage Developers through the entire process (after all, we are doing this for developers) Choose the right tool for your codebase Focus on new code, let “legacy” follow Focus on developer productivity, not finding fault Automate issue management  Triage, Assignment, Verification, Closure
Summary of benfits      100% code coverage, every night Common errors found cheaply, supplements code review and unit test Feedback loop results in better coding skills Identifies the exact line of code with the error Objective closure criteria, its fixed or not fixed.
Q&A  Contact me:    JohnRuberto@gmail.com Blog.ruberto.com @JohnRuberto

Recommended

Test Army - testing agency who cares about software quality
Test Army - testing agency who cares about software qualityTest Army - testing agency who cares about software quality
Test Army - testing agency who cares about software qualityTomasz Jamka
 
An update to software testing trends
An update to software testing trendsAn update to software testing trends
An update to software testing trendsBugRaptors
 
Testing Tools with AI
Testing Tools with AITesting Tools with AI
Testing Tools with AIVodqaBLR
 
2014 State of Code Review Survey Results
2014 State of Code Review Survey Results2014 State of Code Review Survey Results
2014 State of Code Review Survey ResultsSmartBear
 
Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management matthewabq
 
Predictive Analytics in Software Testing
Predictive Analytics in Software TestingPredictive Analytics in Software Testing
Predictive Analytics in Software TestingPavan Kumar Kodedela
 
How not to run code reviews
How not to run code reviewsHow not to run code reviews
How not to run code reviewsVictor Maliy
 
Automated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedAutomated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedMilind Kelkar
 

Recommended

Test Army - testing agency who cares about software quality
Test Army - testing agency who cares about software qualityTest Army - testing agency who cares about software quality
Test Army - testing agency who cares about software qualityTomasz Jamka
 
An update to software testing trends
An update to software testing trendsAn update to software testing trends
An update to software testing trendsBugRaptors
 
Testing Tools with AI
Testing Tools with AITesting Tools with AI
Testing Tools with AIVodqaBLR
 
2014 State of Code Review Survey Results
2014 State of Code Review Survey Results2014 State of Code Review Survey Results
2014 State of Code Review Survey ResultsSmartBear
 
Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management matthewabq
 
Predictive Analytics in Software Testing
Predictive Analytics in Software TestingPredictive Analytics in Software Testing
Predictive Analytics in Software TestingPavan Kumar Kodedela
 
How not to run code reviews
How not to run code reviewsHow not to run code reviews
How not to run code reviewsVictor Maliy
 
Automated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedAutomated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedMilind Kelkar
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlmatthewabq
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development TestingPerforce
 
The complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachThe complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachDavid Tzemach
 
Functional to Visual: AI-powered UI Testing from Testim and Applitools
Functional to Visual: AI-powered UI Testing from Testim and ApplitoolsFunctional to Visual: AI-powered UI Testing from Testim and Applitools
Functional to Visual: AI-powered UI Testing from Testim and ApplitoolsApplitools
 
Measuring your way_to_successful_automation_webinar
Measuring your way_to_successful_automation_webinarMeasuring your way_to_successful_automation_webinar
Measuring your way_to_successful_automation_webinarSauce Labs
 
Prioritizing the Devices to Test Your App On: A Case Study of Android Game Apps
Prioritizing the Devices to Test Your App On: A Case Study of Android Game AppsPrioritizing the Devices to Test Your App On: A Case Study of Android Game Apps
Prioritizing the Devices to Test Your App On: A Case Study of Android Game AppsSAIL_QU
 
Making the Transition from Manual to Automated Testing
Making the Transition from Manual to Automated TestingMaking the Transition from Manual to Automated Testing
Making the Transition from Manual to Automated TestingSauce Labs
 
Amalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automationAmalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automationAgile Testing Alliance
 
"Software Quality in the Service of Innovation in the Insurance Industry"
"Software Quality in the Service of Innovation in the Insurance Industry""Software Quality in the Service of Innovation in the Insurance Industry"
"Software Quality in the Service of Innovation in the Insurance Industry"Applitools
 
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...Applitools
 
Ady beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdeliveryAdy beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdeliveryRomania Testing
 
What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?QAI Global
 
ESLint Plugin for UI Tests
ESLint Plugin for UI TestsESLint Plugin for UI Tests
ESLint Plugin for UI TestsApplitools
 
Bringing Quality Design Systems to Life with Storybook & Applitools
Bringing Quality Design Systems to Life with Storybook & ApplitoolsBringing Quality Design Systems to Life with Storybook & Applitools
Bringing Quality Design Systems to Life with Storybook & ApplitoolsApplitools
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qaTaras Lytvyn
 
Continuous Testing: The Path Forward
Continuous Testing: The Path ForwardContinuous Testing: The Path Forward
Continuous Testing: The Path ForwardPerfecto by Perforce
 
Why is mobile testing important?
Why is mobile testing important?Why is mobile testing important?
Why is mobile testing important?TobieDk
 
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...Applitools
 
Automation in the Bug Flow - Machine Learning for Triaging and Tracing
Automation in the Bug Flow - Machine Learning for Triaging and TracingAutomation in the Bug Flow - Machine Learning for Triaging and Tracing
Automation in the Bug Flow - Machine Learning for Triaging and TracingMarkus Borg
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
 
What test coverage mean to us
What test coverage mean to usWhat test coverage mean to us
What test coverage mean to usJoseph Yao
 
Effective test coverage Techniques
Effective test coverage TechniquesEffective test coverage Techniques
Effective test coverage TechniquesPhanindra Kishore
 

More Related Content

What's hot

Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlmatthewabq
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development TestingPerforce
 
The complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachThe complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachDavid Tzemach
 
Functional to Visual: AI-powered UI Testing from Testim and Applitools
Functional to Visual: AI-powered UI Testing from Testim and ApplitoolsFunctional to Visual: AI-powered UI Testing from Testim and Applitools
Functional to Visual: AI-powered UI Testing from Testim and ApplitoolsApplitools
 
Measuring your way_to_successful_automation_webinar
Measuring your way_to_successful_automation_webinarMeasuring your way_to_successful_automation_webinar
Measuring your way_to_successful_automation_webinarSauce Labs
 
Prioritizing the Devices to Test Your App On: A Case Study of Android Game Apps
Prioritizing the Devices to Test Your App On: A Case Study of Android Game AppsPrioritizing the Devices to Test Your App On: A Case Study of Android Game Apps
Prioritizing the Devices to Test Your App On: A Case Study of Android Game AppsSAIL_QU
 
Making the Transition from Manual to Automated Testing
Making the Transition from Manual to Automated TestingMaking the Transition from Manual to Automated Testing
Making the Transition from Manual to Automated TestingSauce Labs
 
Amalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automationAmalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automationAgile Testing Alliance
 
"Software Quality in the Service of Innovation in the Insurance Industry"
"Software Quality in the Service of Innovation in the Insurance Industry""Software Quality in the Service of Innovation in the Insurance Industry"
"Software Quality in the Service of Innovation in the Insurance Industry"Applitools
 
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...Applitools
 
Ady beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdeliveryAdy beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdeliveryRomania Testing
 
What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?QAI Global
 
ESLint Plugin for UI Tests
ESLint Plugin for UI TestsESLint Plugin for UI Tests
ESLint Plugin for UI TestsApplitools
 
Bringing Quality Design Systems to Life with Storybook & Applitools
Bringing Quality Design Systems to Life with Storybook & ApplitoolsBringing Quality Design Systems to Life with Storybook & Applitools
Bringing Quality Design Systems to Life with Storybook & ApplitoolsApplitools
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qaTaras Lytvyn
 
Continuous Testing: The Path Forward
Continuous Testing: The Path ForwardContinuous Testing: The Path Forward
Continuous Testing: The Path ForwardPerfecto by Perforce
 
Why is mobile testing important?
Why is mobile testing important?Why is mobile testing important?
Why is mobile testing important?TobieDk
 
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...Applitools
 
Automation in the Bug Flow - Machine Learning for Triaging and Tracing
Automation in the Bug Flow - Machine Learning for Triaging and TracingAutomation in the Bug Flow - Machine Learning for Triaging and Tracing
Automation in the Bug Flow - Machine Learning for Triaging and TracingMarkus Borg
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Applitools
 

What's hot (20)

Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing control
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing
 
The complete guide for negative testing | David Tzemach
The complete guide for negative testing | David TzemachThe complete guide for negative testing | David Tzemach
The complete guide for negative testing | David Tzemach
 
Functional to Visual: AI-powered UI Testing from Testim and Applitools
Functional to Visual: AI-powered UI Testing from Testim and ApplitoolsFunctional to Visual: AI-powered UI Testing from Testim and Applitools
Functional to Visual: AI-powered UI Testing from Testim and Applitools
 
Measuring your way_to_successful_automation_webinar
Measuring your way_to_successful_automation_webinarMeasuring your way_to_successful_automation_webinar
Measuring your way_to_successful_automation_webinar
 
Prioritizing the Devices to Test Your App On: A Case Study of Android Game Apps
Prioritizing the Devices to Test Your App On: A Case Study of Android Game AppsPrioritizing the Devices to Test Your App On: A Case Study of Android Game Apps
Prioritizing the Devices to Test Your App On: A Case Study of Android Game Apps
 
Making the Transition from Manual to Automated Testing
Making the Transition from Manual to Automated TestingMaking the Transition from Manual to Automated Testing
Making the Transition from Manual to Automated Testing
 
Amalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automationAmalgamation of BDD, parallel execution and mobile automation
Amalgamation of BDD, parallel execution and mobile automation
 
"Software Quality in the Service of Innovation in the Insurance Industry"
"Software Quality in the Service of Innovation in the Insurance Industry""Software Quality in the Service of Innovation in the Insurance Industry"
"Software Quality in the Service of Innovation in the Insurance Industry"
 
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...
[TAQfull Meetup] Angie Jones + Expert Panel: Best Practices in Quality Manage...
 
Ady beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdeliveryAdy beleanu automate-theprocessdelivery
Ady beleanu automate-theprocessdelivery
 
What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?
 
ESLint Plugin for UI Tests
ESLint Plugin for UI TestsESLint Plugin for UI Tests
ESLint Plugin for UI Tests
 
Bringing Quality Design Systems to Life with Storybook & Applitools
Bringing Quality Design Systems to Life with Storybook & ApplitoolsBringing Quality Design Systems to Life with Storybook & Applitools
Bringing Quality Design Systems to Life with Storybook & Applitools
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qa
 
Continuous Testing: The Path Forward
Continuous Testing: The Path ForwardContinuous Testing: The Path Forward
Continuous Testing: The Path Forward
 
Why is mobile testing important?
Why is mobile testing important?Why is mobile testing important?
Why is mobile testing important?
 
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...
Top 5 Features To Look for in a Codeless Automation Solution -- Presentation ...
 
Automation in the Bug Flow - Machine Learning for Triaging and Tracing
Automation in the Bug Flow - Machine Learning for Triaging and TracingAutomation in the Bug Flow - Machine Learning for Triaging and Tracing
Automation in the Bug Flow - Machine Learning for Triaging and Tracing
 
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
Testing Hourglass at Jira Frontend - by Alexey Shpakov, Sr. Developer @ Atlas...
 

Viewers also liked

What test coverage mean to us
What test coverage mean to usWhat test coverage mean to us
What test coverage mean to usJoseph Yao
 
Effective test coverage Techniques
Effective test coverage TechniquesEffective test coverage Techniques
Effective test coverage TechniquesPhanindra Kishore
 
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestStatic Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestDenim Group
 
Software Test Metrics and Measurements
Software Test Metrics and MeasurementsSoftware Test Metrics and Measurements
Software Test Metrics and MeasurementsDavis Thomas
 
Metrics formulas
Metrics formulasMetrics formulas
Metrics formulasmd_taufeeq
 

Viewers also liked (6)

What test coverage mean to us
What test coverage mean to usWhat test coverage mean to us
What test coverage mean to us
 
Effective test coverage Techniques
Effective test coverage TechniquesEffective test coverage Techniques
Effective test coverage Techniques
 
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech FestStatic Analysis Techniques For Testing Application Security - Houston Tech Fest
Static Analysis Techniques For Testing Application Security - Houston Tech Fest
 
Software Test Metrics and Measurements
Software Test Metrics and MeasurementsSoftware Test Metrics and Measurements
Software Test Metrics and Measurements
 
Metrics formulas
Metrics formulasMetrics formulas
Metrics formulas
 
Testing Metrics
Testing MetricsTesting Metrics
Testing Metrics
 

Similar to Complement Software Testing with Static Analysis

Scope master introduction presentation feb 2020 w vid
Scope master introduction presentation feb 2020 w vidScope master introduction presentation feb 2020 w vid
Scope master introduction presentation feb 2020 w vidColin Hammond
 
Static analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EngineStatic analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EnginePVS-Studio
 
Metrics that every startup should know
Metrics that every startup should knowMetrics that every startup should know
Metrics that every startup should knowAlexey Orap
 
Traps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit WindowsTraps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit WindowsPVS-Studio
 
Problems of testing 64-bit applications
Problems of testing 64-bit applicationsProblems of testing 64-bit applications
Problems of testing 64-bit applicationsPVS-Studio
 
Three Interviews About Static Code Analyzers
Three Interviews About Static Code AnalyzersThree Interviews About Static Code Analyzers
Three Interviews About Static Code AnalyzersAndrey Karpov
 
Industrial Training in Software Testing
Industrial Training in Software TestingIndustrial Training in Software Testing
Industrial Training in Software TestingArcadian Learning
 
When do software issues get reported in large open source software - Rakesh Rana
When do software issues get reported in large open source software - Rakesh RanaWhen do software issues get reported in large open source software - Rakesh Rana
When do software issues get reported in large open source software - Rakesh RanaIWSM Mensura
 
When do software issues get reported in large open source software
When do software issues get reported in large open source softwareWhen do software issues get reported in large open source software
When do software issues get reported in large open source softwareRAKESH RANA
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team developmentPVS-Studio
 
Peer Code Review An Agile Process
Peer Code Review An Agile ProcessPeer Code Review An Agile Process
Peer Code Review An Agile Processgsporar
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team developmentPVS-Studio
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team developmentAndrey Karpov
 
Waste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupWaste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupLemi Orhan Ergin
 
Office Add-ins developer community call-July 2019
Office Add-ins developer community call-July 2019Office Add-ins developer community call-July 2019
Office Add-ins developer community call-July 2019Microsoft 365 Developer
 
Explainable Artificial Intelligence (XAI) 
to Predict and Explain Future Soft...
Explainable Artificial Intelligence (XAI) 
to Predict and Explain Future Soft...Explainable Artificial Intelligence (XAI) 
to Predict and Explain Future Soft...
Explainable Artificial Intelligence (XAI) 
to Predict and Explain Future Soft...Chakkrit (Kla) Tantithamthavorn
 
Model-Based Testing for ALM Octane: Better tests, built faster
Model-Based Testing for ALM Octane: Better tests, built faster Model-Based Testing for ALM Octane: Better tests, built faster
Model-Based Testing for ALM Octane: Better tests, built faster Curiosity Software Ireland
 

Similar to Complement Software Testing with Static Analysis (20)

Scope master introduction presentation feb 2020 w vid
Scope master introduction presentation feb 2020 w vidScope master introduction presentation feb 2020 w vid
Scope master introduction presentation feb 2020 w vid
 
Static analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EngineStatic analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal Engine
 
Metrics that every startup should know
Metrics that every startup should knowMetrics that every startup should know
Metrics that every startup should know
 
Traps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit WindowsTraps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit Windows
 
Problems of testing 64-bit applications
Problems of testing 64-bit applicationsProblems of testing 64-bit applications
Problems of testing 64-bit applications
 
Three Interviews About Static Code Analyzers
Three Interviews About Static Code AnalyzersThree Interviews About Static Code Analyzers
Three Interviews About Static Code Analyzers
 
Industrial Training in Software Testing
Industrial Training in Software TestingIndustrial Training in Software Testing
Industrial Training in Software Testing
 
When do software issues get reported in large open source software - Rakesh Rana
When do software issues get reported in large open source software - Rakesh RanaWhen do software issues get reported in large open source software - Rakesh Rana
When do software issues get reported in large open source software - Rakesh Rana
 
Future of QA
Future of QAFuture of QA
Future of QA
 
Futureofqa
FutureofqaFutureofqa
Futureofqa
 
When do software issues get reported in large open source software
When do software issues get reported in large open source softwareWhen do software issues get reported in large open source software
When do software issues get reported in large open source software
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Peer Code Review An Agile Process
Peer Code Review An Agile ProcessPeer Code Review An Agile Process
Peer Code Review An Agile Process
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Waste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupWaste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia Meetup
 
Office Add-ins developer community call-July 2019
Office Add-ins developer community call-July 2019Office Add-ins developer community call-July 2019
Office Add-ins developer community call-July 2019
 
How to improve the quality of your application
How to improve the quality of your applicationHow to improve the quality of your application
How to improve the quality of your application
 
Explainable Artificial Intelligence (XAI) 
to Predict and Explain Future Soft...
Explainable Artificial Intelligence (XAI) 
to Predict and Explain Future Soft...Explainable Artificial Intelligence (XAI) 
to Predict and Explain Future Soft...
Explainable Artificial Intelligence (XAI) 
to Predict and Explain Future Soft...
 
Model-Based Testing for ALM Octane: Better tests, built faster
Model-Based Testing for ALM Octane: Better tests, built faster Model-Based Testing for ALM Octane: Better tests, built faster
Model-Based Testing for ALM Octane: Better tests, built faster
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Complement Software Testing with Static Analysis

  • 1. Introducing Static Analysis in a Mature Codebase John Ruberto
  • 2. Born out of failure  Telcom EMS/NMS system: 6M LOC C++     Very successful in the market 400K issues found through static analysis Many false positives, each issue became a debate Financial Web App: 1M LOC Java and javascript     Very successful in the market 20K issues found through static analysis Each one to be reviewed, owner identified, communicated Effort to manage the pile became overwhelming
  • 3. How we did it        The case for change What can static analysis do for you? Process Design Tool Selection Deployment Change Management Backlog Reduction
  • 4. Why use Static Analysis?  Root Cause Analysis: defects found in system test Coding: Browser Differences Design: 4% Functional 4% Requirements: Wrong 3% Coding: Missing 6% Design: Usability 6% Content Localization 1% Coding errors 39% Requirements: Missing 9% Missing Code 9% Coding:Exception Handling 19%
  • 5. How to improve our coding practices  Brain storm with developers:    Improve our unit test & code review practices Introduce Static Analysis According to Jones*, 97% of defects can be removed by using these practices:  Code Review, Static Analysis, Unit Test * Jones, Capers, 2011, Software Quality in 2011, A survey of the State of the Art.
  • 6. What can Static Analysis do for you?   Example of a defect caught by Static Analysis Potential Null Pointer Exception: boolean foo = bar.status(); if (bar != null) { … // do something here, but too late
  • 7. Process Design  Minimize feedback loop    Focus on new issues Alert developers privately    Creation -> Detection Focus on developer productivity Track issue status Efficient management of issues
  • 10. Tool Selection  Tool Requirements      Effectiveness with our development language False positive rate with our code base Compatibility with our development environment Ability to uniquely identify defects Either a built-in defect management system, or the ability to integrate with our system through an API
  • 11. Tool Evaluation Criteria  Efficacy of the checkers    False positive rate   How powerful the tool is for finding interesting defects Interesting = defects that would result in runtime error Tool indicates a defect, where there is no defect False negative rate  Tool doesn’t find a defect, which indeed exists
  • 12. Tool Evaluation - Results  Two tools with complimentary results: Coverity & Findbugs
  • 13. Deployment  Integrated into our build system Initial scans: establish baseline Scripting for issue assignment & notification Training Follow up, fixing glitches, etc.  4 weeks of effort    
  • 14. Automated Issue Management   Each nightly scan results in new issues & issues that no longer appear For each new issue:     Look up the developer that checked in that file Assign the issue to the developer Notify via email, with link to issue in the tool For issues no longer appearing in the scans  Mark them fixed in the defect system
  • 15. Weekly Reports   Regular communication is important for people to see the value, and keep the change alive Focus on action
  • 16. Monthly Reports   Focus on Return on Investment Reinforce the “new code” focus 1000 900 800 700 600 500 Found Fixed 400 300 200 100 0 1/3/08 2/3/08 3/3/08 4/3/08 5/3/08 6/3/08
  • 17. Backlog Reduction First, build confidence in tool & issues Then, let the games begin    During the Olympics:      10 pts each major 5 pts each moderate 1 pt each minor & each close/no fix Awards: Gold, Silver, Bronze  Lottery:    1 “ticket” for each fix Regular drawings Regular posting of winners & leaderboard Image: Creative Commons: http://www.flickr.com/photos/garryknight/
  • 18. Results: 0 backlog Focus on new issues first, lead to confidence in the tools and effort to eliminate the backlog Static Analysis Issue Status 4500 4000 3500 3000 Isues  2500 Total 2000 Fixed 1500 1000 500 0 Jan Feb Mar Apr May Jun Jul Aug Sep
  • 19. Results: better code  Developers learn the anti-patterns: learn to write more resilient code Defects Detected by Static Analysis 250 200 150 100 50 0 Month 1 Month 2 Month 3 Month 4 Month 5 Month 6
  • 20. Results: better quality  Better experience for customers   Improved Code Quality   Fewer failures occurring in production > 97% - 100% of issues fixed before customer release Reduced Technical Debt  Eliminated over 3000 issues
  • 21. Five Tips      Engage Developers through the entire process (after all, we are doing this for developers) Choose the right tool for your codebase Focus on new code, let “legacy” follow Focus on developer productivity, not finding fault Automate issue management  Triage, Assignment, Verification, Closure
  • 22. Summary of benfits      100% code coverage, every night Common errors found cheaply, supplements code review and unit test Feedback loop results in better coding skills Identifies the exact line of code with the error Objective closure criteria, its fixed or not fixed.