Introduction to Static Analysis
m (fixed title and knowledge unit) |
|||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
− | {| | + | |
− | + | {{Learning Activity Overview | |
− | + | |title= | |
Introduction to Static Analysis | Introduction to Static Analysis | ||
− | | | + | |overview= |
− | + | Participants write a unit test (in [[:Category:Google Test|Google Test]]) and corresponding C++ code to pass the test to verify the test passes. | |
− | Participants write a unit test (in | + | |prerequisites= |
− | | | + | Google Test needed to have been installed (as instructed in [[Unit Test With GoogleTest Activity]]) and intermediate C++ expertise. |
− | + | |objectives= | |
− | + | * Follow "Red light, green light" Test-Driven Development process and reflect over the approach. | |
− | | | + | |process skills= |
− | + | }} | |
− | + | ||
− | |} | + | |
− | === Directions | + | === Directions === |
− | ==== Students | + | ==== Students ==== |
− | *In this exercise, we will set up and start exploring a static analysis tool packaged with the Clang compiler. | + | * In this exercise, we will set up and start exploring a static analysis tool packaged with the Clang compiler. |
===== Downloading Clang and dependencies ===== | ===== Downloading Clang and dependencies ===== | ||
Line 34: | Line 32: | ||
*Once you are done, follow the instructions to [http://clang-analyzer.llvm.org/installation#OtherPlatforms build the analyzer from source]. | *Once you are done, follow the instructions to [http://clang-analyzer.llvm.org/installation#OtherPlatforms build the analyzer from source]. | ||
− | =====Running scan-build===== | + | ===== Running scan-build ===== |
− | *Navigate to where you stored (or freshly clone) your [https://github.com/kbuffardi/ConnectX ConnectX] code | + | * Navigate to where you stored (or freshly clone) your [https://github.com/kbuffardi/ConnectX ConnectX] code |
− | *To start with a fresh build, first <code>make clean</code> | + | * To start with a fresh build, first <code>make clean</code> |
− | *Run: <code>scan-build make</code> | + | * Run: <code>scan-build make</code> |
− | *If you get a command not found error, your <code>PATH</code> is not correctly set (see instructions above). | + | * If you get a command not found error, your <code>PATH</code> is not correctly set (see instructions above). |
− | *Once run, it should take a moment to analyze the code. Does it identify any bugs? What does the scan-build output results means? | + | * Once run, it should take a moment to analyze the code. Does it identify any bugs? What does the scan-build output results means? |
− | =====Exploring bug types===== | + | ===== Exploring bug types ===== |
− | *Navigate to your [https://github.com/ChicoState/Minefield Minefield project] or make a new clone of the github repo so you have it locally | + | * Navigate to your [https://github.com/ChicoState/Minefield Minefield project] or make a new clone of the github repo so you have it locally |
− | *Run <code>scan-build</code> on the Minefield project and confirm that it has no bugs found | + | * Run <code>scan-build</code> on the Minefield project and confirm that it has no bugs found |
− | *Read over the different checks that the scan-build static analyzer available checks. | + | * Read over the different checks that the scan-build static analyzer available checks. |
− | *Within the <code>Field</code> class, try to create a bug as described by one of the available checks. However, don't just use the example code the documentation provides. Instead, try to incorporate one of those types of errors into the <code>Field.cpp</code> file so that if someone else looked at the code they might not immediately recognize the bug. Try to make a bug but "hide" it in a clever way. | + | * Within the <code>Field</code> class, try to create a bug as described by one of the available checks. However, don't just use the example code the documentation provides. Instead, try to incorporate one of those types of errors into the <code>Field.cpp</code> file so that if someone else looked at the code they might not immediately recognize the bug. Try to make a bug but "hide" it in a clever way. |
− | *Once you've created a "hidden bug," run <code>scan-build</code> on the project and make sure it identifies the bug that you think it should. | + | * Once you've created a "hidden bug," run <code>scan-build</code> on the project and make sure it identifies the bug that you think it should. |
− | === Deliverables | + | === Deliverables === |
A revised C++ class with a bug injected into it | A revised C++ class with a bug injected into it | ||
− | === Assessment | + | === Assessment === |
The bug the student created should force a static analysis message if run again | The bug the student created should force a static analysis message if run again | ||
=== Additional Information: === | === Additional Information: === | ||
− | {| | + | |
− | + | {{Learning Activity Info | |
− | + | |acm unit= | |
Software Engineering / SE Static Analysis | Software Engineering / SE Static Analysis | ||
− | | | + | |acm topic= |
− | + | ||
Static Analysis | Static Analysis | ||
− | | | + | |difficulty= |
− | + | ||
Understanding types of static analysis messages and creating a new bug requires intermediate programming expertise | Understanding types of static analysis messages and creating a new bug requires intermediate programming expertise | ||
− | | | + | |time= |
− | + | ||
Installation may take up to 30 minutes for computers running *nix operating systems and is suggested to assign for homework before class. The rest of the activity should take 15-30 minutes, not counting discussion. | Installation may take up to 30 minutes for computers running *nix operating systems and is suggested to assign for homework before class. The rest of the activity should take 15-30 minutes, not counting discussion. | ||
− | | | + | |environment= |
− | + | ||
Need to have a working C++ development environment | Need to have a working C++ development environment | ||
− | | | + | |author= |
− | + | ||
Kevin Buffardi | Kevin Buffardi | ||
− | | | + | |source= |
− | + | ||
Kevin Buffardi | Kevin Buffardi | ||
− | | | + | |license= |
− | + | {{License CC BY SA}} | |
− | + | }} | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | [[Category: | + | [[Category:Learning Activity]] |
− | [[Category: | + | [[Category:Quality and Testing]] |
− | [[Category: CS2]] | + | [[Category:Google Test]] |
+ | [[Category:CS2]] | ||
+ | [[Category:Good Draft]] |
Latest revision as of 13:34, 8 September 2018
Title |
Introduction to Static Analysis |
---|---|
Overview |
Participants write a unit test (in Google Test) and corresponding C++ code to pass the test to verify the test passes. |
Prerequisites |
Google Test needed to have been installed (as instructed in Unit Test With GoogleTest Activity) and intermediate C++ expertise. |
Learning Objectives |
After successfully completing this activity, the learner should be able to:
|
Process Skills Practiced |
Directions
Students
- In this exercise, we will set up and start exploring a static analysis tool packaged with the Clang compiler.
Downloading Clang and dependencies
For OSX
- You already have Clang and all the other dependencies installed. However, you need to install the Static Analyzer by downloading the packaged build of checker here.
- After fully downloaded, I recommend then extracting the files from the tarball (checker-278.tar.bz2) as a new directory in your
/usr/local folder
, such as/usr/local/checker
- If you are using sh, ksh, or bash shell, type the command:
export PATH=$PATH:/usr/local/checker-278/bin
but replace/usr/local/checker-278/bin
with the location of where the static analyzer was installed, followed by/bin
since that is where the binary (executable) files are
For *nix
- You will have to first download and build Clang and LLVM by following these directions.
- Once you are done, follow the instructions to build the analyzer from source.
Running scan-build
- Navigate to where you stored (or freshly clone) your ConnectX code
- To start with a fresh build, first
make clean
- Run:
scan-build make
- If you get a command not found error, your
PATH
is not correctly set (see instructions above). - Once run, it should take a moment to analyze the code. Does it identify any bugs? What does the scan-build output results means?
Exploring bug types
- Navigate to your Minefield project or make a new clone of the github repo so you have it locally
- Run
scan-build
on the Minefield project and confirm that it has no bugs found - Read over the different checks that the scan-build static analyzer available checks.
- Within the
Field
class, try to create a bug as described by one of the available checks. However, don't just use the example code the documentation provides. Instead, try to incorporate one of those types of errors into theField.cpp
file so that if someone else looked at the code they might not immediately recognize the bug. Try to make a bug but "hide" it in a clever way. - Once you've created a "hidden bug," run
scan-build
on the project and make sure it identifies the bug that you think it should.
Deliverables
A revised C++ class with a bug injected into it
Assessment
The bug the student created should force a static analysis message if run again
Additional Information:
ACM BoK Area & Unit(s) |
Software Engineering / SE Static Analysis |
---|---|
ACM BoK Topic(s) |
Static Analysis |
Difficulty |
Understanding types of static analysis messages and creating a new bug requires intermediate programming expertise |
Estimated Time to Complete |
Installation may take up to 30 minutes for computers running *nix operating systems and is suggested to assign for homework before class. The rest of the activity should take 15-30 minutes, not counting discussion. |
Environment / Materials |
Need to have a working C++ development environment |
Author(s) |
Kevin Buffardi |
Source |
Kevin Buffardi |
License |
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License |