Learning Objectives

  • Formulate test cases from requirements
  • Calculate cyclomatic complexity and create test cases for each basis path
  • Use static analysis tools to identify faults in programs
  • Decide if an issue reported by a static analysis tool is a false positive

How to Complete this Lesson

Complete the following learning activities: (2–2.25 hours total)

  1. Watch A beginners guide to testing (32 minutes)
  2. Watch Test-Driven Development (12 minutes)
  3. Watch Most Effective Software Quality Practices (2 minutes)
  4. Complete the static analysis activity (15 minutes)
  5. Watch the following videos about formal methods:
  6. Participate in the synchronous session during the class meeting time (optional)
  7. Complete the quiz (5–8 minutes)
  8. Start the security assessment (30 minutes)
    • Meet with your project team to discuss the assignment
    • Write the section(s) assigned to you
  9. Complete the course evaluation if you have not done so already (5–10 minutes)

Due

As a reminder, the following is due this lesson:

Resources

Further Reading

Hovemeyer and Pugh, “Finding Bugs is Easy,” Proceedings of the 19th ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA '04), pp. 132–136, October 2004 (slides)

Bessey, Block, Chelf, Chou, Fulton, Hallem, Henri-Gros, Kamsky, McPeak, and Engler, “A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World,” Communications of the ACM, Vol. 53, No. 2, pp. 66–75, February 2010 (online)

Sadowski, Aftandilian, Eagle, Miller-Cushon, and Jaspan, “Lessons from Building Static Analysis Tools at Google,” Communications of the ACM, Vol. 61, No. 4, pp. 58–66, April 2018 (online)

Distefano, Fähndrich, Logozzo, and O’Hearn, “Scaling Static Analyses at Facebook,” Communications of the ACM, Vol. 62, No. 8, pp. 62–70, August 2019 (online)

Static Analysis

SpotBugs (Java)

Infer (Java or C / C++ / Objective-C)

Flake8 (Python)