T32: Revolutionizing Software Quality through Static Analysis Tools

Monday, Oct 23, from 13:30 to 17:00, D133

Software analysis tools are revolutionizing the quality of the software delivered by today's industry leaders. Prominent software vendors use static analysis to find bugs, eliminate security holes, and deliver high-quality patches to deployed software in a timely fashion. These analysis tools excel at finding exactly the classes of errors that are most difficult to find through testing, inspections and other mainstream quality assurance practices. This tutorial begins by discussing the reasons why traditional quality assurance practices such as testing and inspections are no longer adequate to deliver the dependability that is required to compete in today's software marketplace. It describes the fundamental advantages of static analysis technology and how the weaknesses of previous QA practices are addressed. Participants will learn the core concepts used in static analysis, including abstraction, soundness, false positives, and issues of scalability and adoptability. The ideas will be reinforced through discussion, in-class exercises, and hands-on experiments with commercially relevant analysis software (bring your laptop or pair with a friend). Finally, the tutorial will provide guidance on how companies can integrate analysis tools into a comprehensive quality assurance strategy.

Intermediate:  This tutorial is targeted to managers, developers, testers, and educators with basic programming ability and knowledge of QA techniques.

Goals: After completing this tutorial, attendees will be able to: - Understand the benefits of analysis and how it complements other quality assurance techniques such as testing. - Grasp the basics of analysis technology. - Know what analysis tools are currently available, as well as what analysis technologies are likely to be commercialized in the 2-5 year horizon. - Evaluate current and future commercial analysis tools for integration into their development process. - Develop an analysis-based quality assurance plan customized to the needs of their organization.

Format: The tutorial will alternate between material presented in lecture format and exercises done individually or in small groups. Lectures will be used to present core material, but will be interspersed with opportunities for participants to answer pedagogical questions, to share experiences with QA practices, and to raise their own questions. Overall, lecture material will make up about half of the tutorial time, and the lecture periods will be no longer than 30 minutes each. The other half of the time will be divided into short paper exercises, done in a small group, and analysis tool exercises done on a laptop, which may be done individually or in "pair-programming" style. While the core lecture material is crucial to an appropriate technical understanding of analysis techniques and an understanding of the analysis tool marketplace, I believe attendees will best remember the discussions raised in lecture and the hands-on experience with analysis tools. All of the techniques described here have been used successfully by the instructor in teaching analysis and software engineering courses at CMU.