SlideShare une entreprise Scribd logo

A Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness

Parasoft
Parasoft

In this presentation, delivered at Embedded World 2015, we will discuss and compare the ability of unit testing, flow analysis, and static analysis to address software quality, safety, and security issues for embedded systems. In addition to a deep and methodical exploration of how each technology addresses these concerns, we will discuss real-world feedback from organizations that have experience using the technologies in the context of a complete development cycle. The presentation will include the application of unit testing, flow analysis, and static analysis to sample software embedded on an IAR board.

Logiciels
1  sur  11
Télécharger pour lire hors ligne
Paraso&  Proprietary  and  Confiden1al   1   2/26/15   A  Comparison  of  Three  Bug-­‐finding   Techniques  and  Their  Rela:ve   Effec:veness   Mark  Lambert  -­‐  Paraso&  Corp  
Paraso&  Proprietary  and  Confiden1al   2  Paraso&  Proprietary  and  Confiden1al   2   Agenda   §  Overview  and  Comparison   1.  PaDern-­‐based  Analysis   2.  Flow  Analysis   3.  Unit  Tes1ng   §  Applica1on  and  Demonstra1on   §  Desktop  analysis/tes1ng  vs.  on  target   §  Using  Applica1on  Monitoring  to  uncover  run1me   problems   §  Combining  Coverage  
Paraso&  Proprietary  and  Confiden1al   3  Paraso&  Proprietary  and  Confiden1al   3   Sta1c  Code  Analysis   Pa?ern-­‐Based   Sta:c  Analysis   Preven1on   technique   Analyzes  code   structure  (parse   tree)  to  apply  best   prac1ces   Flow-­‐Based   Analysis   Detec1on   technique   Analyzes  code   flow  to  determine   “dangerous   paths”   Metric   Threshold   Analysis   Advisory   technique   Finds  complex/ hard-­‐to-­‐test  code   prone  to  errors  
Paraso&  Proprietary  and  Confiden1al   4  Paraso&  Proprietary  and  Confiden1al   4   Code  Analysis   §  Well  understood  o&en  under  valued   §  Define  the  goal  of  the  analysis  and  the  Policy  for  compliance   §  Policy  defines  reduc1on  of  business  risk  not  pursuit  of   perfec1on   §  E.g.  Security  (CWE,  CERT,  …)  ,  Safety  Cri1cal  (ISO26262,  DO178B,  …)   §  Start  small  to  promote  adop1on  and  monitor  for  areas  of   improvement   §  Apply  con1nuously  through  the  SDLC   §  Balance  desktop  interac1ve  feedback  (pre-­‐check-­‐in)  with   server-­‐side  depth  of  analysis  (post-­‐check-­‐in)  
Paraso&  Proprietary  and  Confiden1al   5  Paraso&  Proprietary  and  Confiden1al   5   Peer  Code  Reviews   §  Highly  valuable  in  finding  REAL   bugs;  Algorithms/Design   §  Use  carefully   §  Only  apply  a&er  Sta1c  Code  Analysis   §  Only  apply  where  there  is  RISK   Image: http://www.jasonawesome.com/2010/06/01/executing-a-php-code-review/
Paraso&  Proprietary  and  Confiden1al   6  Paraso&  Proprietary  and  Confiden1al   6   Unit  Tes1ng   §  Unit  Tes1ng   §  Code  focused  valida1on   §  Test  components  of  the  system  in  isola1on  (stubs)   §  Code  needs  to  be  built  to  be  testable   §  Host-­‐based  and  on-­‐target   §  Test  before  hardware  available   §  Where  is  the  ROI?   §  Did  we  design  it  properly   §  Does  it  func1on  correctly?   §  Have  we  mi1gated  the  business  risk?   §  How  much  is  enough?   §  Code  Coverage  +  Peer  Review  
Paraso&  Proprietary  and  Confiden1al   7  Paraso&  Proprietary  and  Confiden1al   7   Explora1ve  Tes1ng   §  Ad-­‐hock/Unstructured   Tes1ng  of  func1onal  areas   §  Important  part  of  Agile  QA/ feedback  process   §  Requires  traceability  to   user-­‐stories  and  code   §  Should  be  ‘reinforced’  with   automated  tests  
Paraso&  Proprietary  and  Confiden1al   8  Paraso&  Proprietary  and  Confiden1al   8   Applica1on  and  Demonstra1on   §  Code  Analysis  from  within  IDE   §  PaDern-­‐Based  Analysis   §  Use  Flow  Analysis  to  find  poten1al  memory  issues   §  Dynamic  Analysis   §  Using  Applica1on  Monitoring  to  uncover  run1me   problems   §  Using  Coverage  to  determine  what  was  tested   §  Using  Unit  Tests  to  increase  coverage   §  Combining  Coverage  from  Manual  and  Unit  Tes1ng  
Paraso&  Proprietary  and  Confiden1al   9  Paraso&  Proprietary  and  Confiden1al   9   Host-­‐based  and  On-­‐Target  Unit  Tes1ng   Host  Development  Environment   Simulator  or  Target  Device   Host  Based  Flow   Create/Extend   Tests   Execute  Tests   (Op1onal)   Review  results  and  coverage   Cross   compile  test   executable   Execute  Tests  
Paraso&  Proprietary  and  Confiden1al   10  Paraso&  Proprietary  and  Confiden1al   10   Conclusions   1.  Capture  Business  Expecta1ons  in  a  Policy   2.  Apply  early  and  con1nuously   3.  Use  a  workflow  for  remedia1on   4.  Leverage  both  desktop  +  server  based  analysis   5.  Translate  to  Business  Impact  and  Monitor  for   improvements  
Paraso&  Proprietary  and  Confiden1al   11   2/26/15   Thank  you   Mark  Lambert,  Rich  Newman,  Miroslaw  Zielinski,  Adam  Trujillo     Mark.lambert@paraso&.com    

Recommandé

The science of debugging
The science of debuggingThe science of debugging
The science of debuggingSusanth Kurunthil
 
Random testing
Random testingRandom testing
Random testingCan KAYA
 
Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...
Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...
Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...RootedCON
 
RandomTest - Random Software Integration Tests That Just Work for C/C++, Java...
RandomTest - Random Software Integration Tests That Just Work for C/C++, Java...RandomTest - Random Software Integration Tests That Just Work for C/C++, Java...
RandomTest - Random Software Integration Tests That Just Work for C/C++, Java...dcieslak
 
Introduction to Parasoft C++TEST
Introduction to Parasoft C++TEST Introduction to Parasoft C++TEST
Introduction to Parasoft C++TEST Engineering Software Lab
 
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverThe Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverQA or the Highway
 
Verifcation &validation
Verifcation &validationVerifcation &validation
Verifcation &validationssusere50573
 
Performance Regression Analysis: Accomplishments and Challenges
Performance Regression Analysis: Accomplishments and ChallengesPerformance Regression Analysis: Accomplishments and Challenges
Performance Regression Analysis: Accomplishments and Challengescorpaulbezemer
 

Recommandé

The science of debugging
The science of debuggingThe science of debugging
The science of debuggingSusanth Kurunthil
 
Random testing
Random testingRandom testing
Random testingCan KAYA
 
Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...
Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...
Joxean Koret - Interactive Static Analysis Tools for Vulnerability Discovery ...RootedCON
 
RandomTest - Random Software Integration Tests That Just Work for C/C++, Java...
RandomTest - Random Software Integration Tests That Just Work for C/C++, Java...RandomTest - Random Software Integration Tests That Just Work for C/C++, Java...
RandomTest - Random Software Integration Tests That Just Work for C/C++, Java...dcieslak
 
Introduction to Parasoft C++TEST
Introduction to Parasoft C++TEST Introduction to Parasoft C++TEST
Introduction to Parasoft C++TEST Engineering Software Lab
 
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverThe Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverQA or the Highway
 
Verifcation &validation
Verifcation &validationVerifcation &validation
Verifcation &validationssusere50573
 
Performance Regression Analysis: Accomplishments and Challenges
Performance Regression Analysis: Accomplishments and ChallengesPerformance Regression Analysis: Accomplishments and Challenges
Performance Regression Analysis: Accomplishments and Challengescorpaulbezemer
 
AdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutions
AdaCore Paris Tech Day 2016: Eric Perlade - Verification SolutionsAdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutions
AdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutionsjamieayre
 
Random testing & prototyping
Random testing & prototypingRandom testing & prototyping
Random testing & prototypingVipul Rastogi
 
What is Test Matrix?
What is Test Matrix?What is Test Matrix?
What is Test Matrix?QA InfoTech
 
Formal method
Formal methodFormal method
Formal methodSara Malik
 
Pa chapter08-testing integrating-the_programs-cs_390
Pa chapter08-testing integrating-the_programs-cs_390Pa chapter08-testing integrating-the_programs-cs_390
Pa chapter08-testing integrating-the_programs-cs_390Rana Tallal
 
unit testing and debugging
unit testing and debuggingunit testing and debugging
unit testing and debuggingKarthigaGunasekaran1
 
System testing
System testingSystem testing
System testingSifat Hossain
 
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...QAFest
 
ISTQB Certified Mobile Application Tester - intro
ISTQB Certified Mobile Application Tester - introISTQB Certified Mobile Application Tester - intro
ISTQB Certified Mobile Application Tester - introHassan Muhammad
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysisalice yang
 
The Use of Formal Methods on the iFACTS Air Traffic Control Project
The Use of Formal Methods on the iFACTS Air Traffic Control ProjectThe Use of Formal Methods on the iFACTS Air Traffic Control Project
The Use of Formal Methods on the iFACTS Air Traffic Control ProjectAdaCore
 
TESTING LIFE CYCLE PPT
TESTING LIFE CYCLE PPTTESTING LIFE CYCLE PPT
TESTING LIFE CYCLE PPTsuhasreddy1
 
How to Optimise Continuous Testing
How to Optimise Continuous TestingHow to Optimise Continuous Testing
How to Optimise Continuous TestingSauce Labs
 
ISTQB Foundation Level Certification - Intruduction
ISTQB Foundation Level Certification - IntruductionISTQB Foundation Level Certification - Intruduction
ISTQB Foundation Level Certification - IntruductionQA Guards
 
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case Study
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case StudyModel-based Testing using Microsoft’s Spec Explorer Tool: A Case Study
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case StudyDharmalingam Ganesan
 
SoftwareTesting
SoftwareTestingSoftwareTesting
SoftwareTestingDharaa_gateway
 
How to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated TestingHow to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated TestingTechWell
 
ISTQB / ISEB Foundation Exam Practice - 4
ISTQB / ISEB Foundation Exam Practice - 4ISTQB / ISEB Foundation Exam Practice - 4
ISTQB / ISEB Foundation Exam Practice - 4Yogindernath Gupta
 
Testing a GPS application | Testbytes
Testing a GPS application | TestbytesTesting a GPS application | Testbytes
Testing a GPS application | TestbytesTestbytes
 
Training program BaffleSol academy of learning
Training program BaffleSol academy of learningTraining program BaffleSol academy of learning
Training program BaffleSol academy of learningShuchi Singla AKT,SPC4,PMI-ACP,ITIL(F),CP-AAT
 
Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Erika Barron
 
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16AppDynamics
 

Contenu connexe

Tendances

AdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutions
AdaCore Paris Tech Day 2016: Eric Perlade - Verification SolutionsAdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutions
AdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutionsjamieayre
 
Random testing & prototyping
Random testing & prototypingRandom testing & prototyping
Random testing & prototypingVipul Rastogi
 
What is Test Matrix?
What is Test Matrix?What is Test Matrix?
What is Test Matrix?QA InfoTech
 
Pa chapter08-testing integrating-the_programs-cs_390
Pa chapter08-testing integrating-the_programs-cs_390Pa chapter08-testing integrating-the_programs-cs_390
Pa chapter08-testing integrating-the_programs-cs_390Rana Tallal
 
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...QAFest
 
ISTQB Certified Mobile Application Tester - intro
ISTQB Certified Mobile Application Tester - introISTQB Certified Mobile Application Tester - intro
ISTQB Certified Mobile Application Tester - introHassan Muhammad
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysisalice yang
 
The Use of Formal Methods on the iFACTS Air Traffic Control Project
The Use of Formal Methods on the iFACTS Air Traffic Control ProjectThe Use of Formal Methods on the iFACTS Air Traffic Control Project
The Use of Formal Methods on the iFACTS Air Traffic Control ProjectAdaCore
 
TESTING LIFE CYCLE PPT
TESTING LIFE CYCLE PPTTESTING LIFE CYCLE PPT
TESTING LIFE CYCLE PPTsuhasreddy1
 
How to Optimise Continuous Testing
How to Optimise Continuous TestingHow to Optimise Continuous Testing
How to Optimise Continuous TestingSauce Labs
 
ISTQB Foundation Level Certification - Intruduction
ISTQB Foundation Level Certification - IntruductionISTQB Foundation Level Certification - Intruduction
ISTQB Foundation Level Certification - IntruductionQA Guards
 
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case Study
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case StudyModel-based Testing using Microsoft’s Spec Explorer Tool: A Case Study
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case StudyDharmalingam Ganesan
 
How to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated TestingHow to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated TestingTechWell
 
ISTQB / ISEB Foundation Exam Practice - 4
ISTQB / ISEB Foundation Exam Practice - 4ISTQB / ISEB Foundation Exam Practice - 4
ISTQB / ISEB Foundation Exam Practice - 4Yogindernath Gupta
 
Testing a GPS application | Testbytes
Testing a GPS application | TestbytesTesting a GPS application | Testbytes
Testing a GPS application | TestbytesTestbytes
 

Tendances (20)

AdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutions
AdaCore Paris Tech Day 2016: Eric Perlade - Verification SolutionsAdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutions
AdaCore Paris Tech Day 2016: Eric Perlade - Verification Solutions
 
Random testing & prototyping
Random testing & prototypingRandom testing & prototyping
Random testing & prototyping
 
What is Test Matrix?
What is Test Matrix?What is Test Matrix?
What is Test Matrix?
 
Formal method
Formal methodFormal method
Formal method
 
Pa chapter08-testing integrating-the_programs-cs_390
Pa chapter08-testing integrating-the_programs-cs_390Pa chapter08-testing integrating-the_programs-cs_390
Pa chapter08-testing integrating-the_programs-cs_390
 
unit testing and debugging
unit testing and debuggingunit testing and debugging
unit testing and debugging
 
System testing
System testingSystem testing
System testing
 
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
QA Fest 2017. Владимир Примаков. QA метрики. Взгляд на качество с разных стор...
 
ISTQB Certified Mobile Application Tester - intro
ISTQB Certified Mobile Application Tester - introISTQB Certified Mobile Application Tester - intro
ISTQB Certified Mobile Application Tester - intro
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysis
 
The Use of Formal Methods on the iFACTS Air Traffic Control Project
The Use of Formal Methods on the iFACTS Air Traffic Control ProjectThe Use of Formal Methods on the iFACTS Air Traffic Control Project
The Use of Formal Methods on the iFACTS Air Traffic Control Project
 
TESTING LIFE CYCLE PPT
TESTING LIFE CYCLE PPTTESTING LIFE CYCLE PPT
TESTING LIFE CYCLE PPT
 
How to Optimise Continuous Testing
How to Optimise Continuous TestingHow to Optimise Continuous Testing
How to Optimise Continuous Testing
 
ISTQB Foundation Level Certification - Intruduction
ISTQB Foundation Level Certification - IntruductionISTQB Foundation Level Certification - Intruduction
ISTQB Foundation Level Certification - Intruduction
 
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case Study
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case StudyModel-based Testing using Microsoft’s Spec Explorer Tool: A Case Study
Model-based Testing using Microsoft’s Spec Explorer Tool: A Case Study
 
SoftwareTesting
SoftwareTestingSoftwareTesting
SoftwareTesting
 
How to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated TestingHow to Actually DO High-volume Automated Testing
How to Actually DO High-volume Automated Testing
 
ISTQB / ISEB Foundation Exam Practice - 4
ISTQB / ISEB Foundation Exam Practice - 4ISTQB / ISEB Foundation Exam Practice - 4
ISTQB / ISEB Foundation Exam Practice - 4
 
Testing a GPS application | Testbytes
Testing a GPS application | TestbytesTesting a GPS application | Testbytes
Testing a GPS application | Testbytes
 
Training program BaffleSol academy of learning
Training program BaffleSol academy of learningTraining program BaffleSol academy of learning
Training program BaffleSol academy of learning
 

Similaire à A Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness

Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Erika Barron
 
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16AppDynamics
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareParasoft
 
How the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to DevelopmentHow the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to DevelopmentErika Barron
 
Building functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortalBuilding functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortalDmitriy Gumeniuk
 
" Performance testing for Automation QA - why and how " by Andrey Kovalenko f...
" Performance testing for Automation QA - why and how " by Andrey Kovalenko f..." Performance testing for Automation QA - why and how " by Andrey Kovalenko f...
" Performance testing for Automation QA - why and how " by Andrey Kovalenko f...Lohika_Odessa_TechTalks
 
Evolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsEvolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsParasoft
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft
 
Accelerating Spark Genome Sequencing in Cloud—A Data Driven Approach, Case St...
Accelerating Spark Genome Sequencing in Cloud—A Data Driven Approach, Case St...Accelerating Spark Genome Sequencing in Cloud—A Data Driven Approach, Case St...
Accelerating Spark Genome Sequencing in Cloud—A Data Driven Approach, Case St...Spark Summit
 
A new Test Tool in SAP Circuit Diagram for Code: SAP ABAP Test Seams Moose2Model
A new Test Tool in SAP Circuit Diagram for Code: SAP ABAP Test Seams Moose2ModelA new Test Tool in SAP Circuit Diagram for Code: SAP ABAP Test Seams Moose2Model
A new Test Tool in SAP Circuit Diagram for Code: SAP ABAP Test Seams Moose2ModelESUG
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3Ian McDonald
 
200850 oracle primavera p6 eppm performance tuning, testing, and monitoring
200850 oracle primavera p6 eppm performance tuning, testing, and monitoring200850 oracle primavera p6 eppm performance tuning, testing, and monitoring
200850 oracle primavera p6 eppm performance tuning, testing, and monitoringp6academy
 
Basic software-testing-concepts
Basic software-testing-conceptsBasic software-testing-concepts
Basic software-testing-conceptsmedsherb
 
It’s Time to Automate Your Exploratory Testing
It’s Time to Automate Your Exploratory TestingIt’s Time to Automate Your Exploratory Testing
It’s Time to Automate Your Exploratory TestingTechWell
 
Lessons Learned in Software Development: QA Infrastructure – Maintaining Rob...
Lessons Learned in Software Development: QA Infrastructure – Maintaining Rob...Lessons Learned in Software Development: QA Infrastructure – Maintaining Rob...
Lessons Learned in Software Development: QA Infrastructure – Maintaining Rob...Cωνσtantίnoς Giannoulis
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningAmazon Web Services
 
Operations: Production Readiness
Operations: Production ReadinessOperations: Production Readiness
Operations: Production ReadinessAmazon Web Services
 

Similaire à A Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness (20)

Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?
 
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16
How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty Software
 
How the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to DevelopmentHow the Cloud Shifts the Burden of Security to Development
How the Cloud Shifts the Burden of Security to Development
 
Building functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortalBuilding functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortal
 
" Performance testing for Automation QA - why and how " by Andrey Kovalenko f...
" Performance testing for Automation QA - why and how " by Andrey Kovalenko f..." Performance testing for Automation QA - why and how " by Andrey Kovalenko f...
" Performance testing for Automation QA - why and how " by Andrey Kovalenko f...
 
Evolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOpsEvolving from Automated to Continous Testing for Agile and DevOps
Evolving from Automated to Continous Testing for Agile and DevOps
 
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsDeploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test Environments
 
Kumarswamy_new_perl
Kumarswamy_new_perlKumarswamy_new_perl
Kumarswamy_new_perl
 
Vikash Kadamata
Vikash KadamataVikash Kadamata
Vikash Kadamata
 
Accelerating Spark Genome Sequencing in Cloud—A Data Driven Approach, Case St...
Accelerating Spark Genome Sequencing in Cloud—A Data Driven Approach, Case St...Accelerating Spark Genome Sequencing in Cloud—A Data Driven Approach, Case St...
Accelerating Spark Genome Sequencing in Cloud—A Data Driven Approach, Case St...
 
A new Test Tool in SAP Circuit Diagram for Code: SAP ABAP Test Seams Moose2Model
A new Test Tool in SAP Circuit Diagram for Code: SAP ABAP Test Seams Moose2ModelA new Test Tool in SAP Circuit Diagram for Code: SAP ABAP Test Seams Moose2Model
A new Test Tool in SAP Circuit Diagram for Code: SAP ABAP Test Seams Moose2Model
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3
 
200850 oracle primavera p6 eppm performance tuning, testing, and monitoring
200850 oracle primavera p6 eppm performance tuning, testing, and monitoring200850 oracle primavera p6 eppm performance tuning, testing, and monitoring
200850 oracle primavera p6 eppm performance tuning, testing, and monitoring
 
Basic software-testing-concepts
Basic software-testing-conceptsBasic software-testing-concepts
Basic software-testing-concepts
 
It’s Time to Automate Your Exploratory Testing
It’s Time to Automate Your Exploratory TestingIt’s Time to Automate Your Exploratory Testing
It’s Time to Automate Your Exploratory Testing
 
Parasoft fda software compliance part2
Parasoft fda software compliance part2Parasoft fda software compliance part2
Parasoft fda software compliance part2
 
Lessons Learned in Software Development: QA Infrastructure – Maintaining Rob...
Lessons Learned in Software Development: QA Infrastructure – Maintaining Rob...Lessons Learned in Software Development: QA Infrastructure – Maintaining Rob...
Lessons Learned in Software Development: QA Infrastructure – Maintaining Rob...
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
 
Operations: Production Readiness
Operations: Production ReadinessOperations: Production Readiness
Operations: Production Readiness
 

Plus de Parasoft

Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Testing a Microservices Architecture
Testing a Microservices ArchitectureTesting a Microservices Architecture
Testing a Microservices ArchitectureParasoft
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service VirtualizationParasoft
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...Parasoft
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareParasoft
 
Rx for FDA Software Compliance
Rx for FDA Software ComplianceRx for FDA Software Compliance
Rx for FDA Software ComplianceParasoft
 
Software Safety and Security Through Standards
Software Safety and Security Through Standards Software Safety and Security Through Standards
Software Safety and Security Through Standards Parasoft
 
No Devops Without Continuous Testing
No Devops Without Continuous TestingNo Devops Without Continuous Testing
No Devops Without Continuous TestingParasoft
 
Accelerate Agile Development with Service Virtualization - Czech Test
Accelerate Agile Development with Service Virtualization - Czech TestAccelerate Agile Development with Service Virtualization - Czech Test
Accelerate Agile Development with Service Virtualization - Czech TestParasoft
 
MedicAlert API Testing Case Study
MedicAlert API Testing Case StudyMedicAlert API Testing Case Study
MedicAlert API Testing Case StudyParasoft
 
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityEnd-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityParasoft
 
Leveraging Static Analysis to Secure Software
Leveraging Static Analysis to Secure SoftwareLeveraging Static Analysis to Secure Software
Leveraging Static Analysis to Secure SoftwareParasoft
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!Parasoft
 
Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Parasoft
 
Software Development Metrics You Can Count On
Software Development Metrics You Can Count On Software Development Metrics You Can Count On
Software Development Metrics You Can Count On Parasoft
 
Accelerating Mobile Testing
Accelerating Mobile TestingAccelerating Mobile Testing
Accelerating Mobile TestingParasoft
 
C/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceC/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceParasoft
 
Extreme Automation Enables DirecTV to ”Shift Left” API Testing
Extreme Automation Enables DirecTV to ”Shift Left” API TestingExtreme Automation Enables DirecTV to ”Shift Left” API Testing
Extreme Automation Enables DirecTV to ”Shift Left” API TestingParasoft
 

Plus de Parasoft (19)

Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
 
Testing a Microservices Architecture
Testing a Microservices ArchitectureTesting a Microservices Architecture
Testing a Microservices Architecture
 
ABC's of Service Virtualization
ABC's of Service VirtualizationABC's of Service Virtualization
ABC's of Service Virtualization
 
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
The Legend of Software Hollow: Defeating the Headless Horseman of Faulty Appl...
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 
Rx for FDA Software Compliance
Rx for FDA Software ComplianceRx for FDA Software Compliance
Rx for FDA Software Compliance
 
Software Safety and Security Through Standards
Software Safety and Security Through Standards Software Safety and Security Through Standards
Software Safety and Security Through Standards
 
No Devops Without Continuous Testing
No Devops Without Continuous TestingNo Devops Without Continuous Testing
No Devops Without Continuous Testing
 
Accelerate Agile Development with Service Virtualization - Czech Test
Accelerate Agile Development with Service Virtualization - Czech TestAccelerate Agile Development with Service Virtualization - Czech Test
Accelerate Agile Development with Service Virtualization - Czech Test
 
MedicAlert API Testing Case Study
MedicAlert API Testing Case StudyMedicAlert API Testing Case Study
MedicAlert API Testing Case Study
 
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityEnd-to-end Testing for IoT Integrity
End-to-end Testing for IoT Integrity
 
Leveraging Static Analysis to Secure Software
Leveraging Static Analysis to Secure SoftwareLeveraging Static Analysis to Secure Software
Leveraging Static Analysis to Secure Software
 
BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!BUSTED! How to Find Security Bugs Fast!
BUSTED! How to Find Security Bugs Fast!
 
Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?Are Your Continuous Tests Too Fragile for Agile?
Are Your Continuous Tests Too Fragile for Agile?
 
Software Development Metrics You Can Count On
Software Development Metrics You Can Count On Software Development Metrics You Can Count On
Software Development Metrics You Can Count On
 
Accelerating Mobile Testing
Accelerating Mobile TestingAccelerating Mobile Testing
Accelerating Mobile Testing
 
C/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C ComplianceC/C++test Qualification Kit for DO-178B/C Compliance
C/C++test Qualification Kit for DO-178B/C Compliance
 
Extreme Automation Enables DirecTV to ”Shift Left” API Testing
Extreme Automation Enables DirecTV to ”Shift Left” API TestingExtreme Automation Enables DirecTV to ”Shift Left” API Testing
Extreme Automation Enables DirecTV to ”Shift Left” API Testing
 

Dernier

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 

Dernier (20)

Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 

A Comparison of Three Bug-Finding Techniques and Their Relative Effectiveness

  • 1. Paraso&  Proprietary  and  Confiden1al   1   2/26/15   A  Comparison  of  Three  Bug-­‐finding   Techniques  and  Their  Rela:ve   Effec:veness   Mark  Lambert  -­‐  Paraso&  Corp  
  • 2. Paraso&  Proprietary  and  Confiden1al   2  Paraso&  Proprietary  and  Confiden1al   2   Agenda   §  Overview  and  Comparison   1.  PaDern-­‐based  Analysis   2.  Flow  Analysis   3.  Unit  Tes1ng   §  Applica1on  and  Demonstra1on   §  Desktop  analysis/tes1ng  vs.  on  target   §  Using  Applica1on  Monitoring  to  uncover  run1me   problems   §  Combining  Coverage  
  • 3. Paraso&  Proprietary  and  Confiden1al   3  Paraso&  Proprietary  and  Confiden1al   3   Sta1c  Code  Analysis   Pa?ern-­‐Based   Sta:c  Analysis   Preven1on   technique   Analyzes  code   structure  (parse   tree)  to  apply  best   prac1ces   Flow-­‐Based   Analysis   Detec1on   technique   Analyzes  code   flow  to  determine   “dangerous   paths”   Metric   Threshold   Analysis   Advisory   technique   Finds  complex/ hard-­‐to-­‐test  code   prone  to  errors  
  • 4. Paraso&  Proprietary  and  Confiden1al   4  Paraso&  Proprietary  and  Confiden1al   4   Code  Analysis   §  Well  understood  o&en  under  valued   §  Define  the  goal  of  the  analysis  and  the  Policy  for  compliance   §  Policy  defines  reduc1on  of  business  risk  not  pursuit  of   perfec1on   §  E.g.  Security  (CWE,  CERT,  …)  ,  Safety  Cri1cal  (ISO26262,  DO178B,  …)   §  Start  small  to  promote  adop1on  and  monitor  for  areas  of   improvement   §  Apply  con1nuously  through  the  SDLC   §  Balance  desktop  interac1ve  feedback  (pre-­‐check-­‐in)  with   server-­‐side  depth  of  analysis  (post-­‐check-­‐in)  
  • 5. Paraso&  Proprietary  and  Confiden1al   5  Paraso&  Proprietary  and  Confiden1al   5   Peer  Code  Reviews   §  Highly  valuable  in  finding  REAL   bugs;  Algorithms/Design   §  Use  carefully   §  Only  apply  a&er  Sta1c  Code  Analysis   §  Only  apply  where  there  is  RISK   Image: http://www.jasonawesome.com/2010/06/01/executing-a-php-code-review/
  • 6. Paraso&  Proprietary  and  Confiden1al   6  Paraso&  Proprietary  and  Confiden1al   6   Unit  Tes1ng   §  Unit  Tes1ng   §  Code  focused  valida1on   §  Test  components  of  the  system  in  isola1on  (stubs)   §  Code  needs  to  be  built  to  be  testable   §  Host-­‐based  and  on-­‐target   §  Test  before  hardware  available   §  Where  is  the  ROI?   §  Did  we  design  it  properly   §  Does  it  func1on  correctly?   §  Have  we  mi1gated  the  business  risk?   §  How  much  is  enough?   §  Code  Coverage  +  Peer  Review  
  • 7. Paraso&  Proprietary  and  Confiden1al   7  Paraso&  Proprietary  and  Confiden1al   7   Explora1ve  Tes1ng   §  Ad-­‐hock/Unstructured   Tes1ng  of  func1onal  areas   §  Important  part  of  Agile  QA/ feedback  process   §  Requires  traceability  to   user-­‐stories  and  code   §  Should  be  ‘reinforced’  with   automated  tests  
  • 8. Paraso&  Proprietary  and  Confiden1al   8  Paraso&  Proprietary  and  Confiden1al   8   Applica1on  and  Demonstra1on   §  Code  Analysis  from  within  IDE   §  PaDern-­‐Based  Analysis   §  Use  Flow  Analysis  to  find  poten1al  memory  issues   §  Dynamic  Analysis   §  Using  Applica1on  Monitoring  to  uncover  run1me   problems   §  Using  Coverage  to  determine  what  was  tested   §  Using  Unit  Tests  to  increase  coverage   §  Combining  Coverage  from  Manual  and  Unit  Tes1ng  
  • 9. Paraso&  Proprietary  and  Confiden1al   9  Paraso&  Proprietary  and  Confiden1al   9   Host-­‐based  and  On-­‐Target  Unit  Tes1ng   Host  Development  Environment   Simulator  or  Target  Device   Host  Based  Flow   Create/Extend   Tests   Execute  Tests   (Op1onal)   Review  results  and  coverage   Cross   compile  test   executable   Execute  Tests  
  • 10. Paraso&  Proprietary  and  Confiden1al   10  Paraso&  Proprietary  and  Confiden1al   10   Conclusions   1.  Capture  Business  Expecta1ons  in  a  Policy   2.  Apply  early  and  con1nuously   3.  Use  a  workflow  for  remedia1on   4.  Leverage  both  desktop  +  server  based  analysis   5.  Translate  to  Business  Impact  and  Monitor  for   improvements  
  • 11. Paraso&  Proprietary  and  Confiden1al   11   2/26/15   Thank  you   Mark  Lambert,  Rich  Newman,  Miroslaw  Zielinski,  Adam  Trujillo     Mark.lambert@paraso&.com