NEAMS Static Analysis Page: 4 of 17
This report is part of the collection entitled: Office of Scientific & Technical Information Technical Reports and was provided to UNT Digital Library by the UNT Libraries Government Documents Department.
Extracted Text
The following text was automatically extracted from the image on this page using optical character recognition software:
LLNL-TR-587361 / 2
Introduction to static analysis
Why use Static Analysis Tools
Advanced Static Analysis tools can find defects in source code without actually running the code. These
tools are capable of finding a large set of defects depending on which checkers are enabled. The tool
used on the NEAMS project is developed by a company named "Klocwork." For C and C++ codes it has
more than 150 checkers. These checkers can find issues in source code inter-procedurally including such
defects as memory/resource leaks, buffer overflows, use of uninitialized variables, null pointer
dereferences and many others. Some of these defects can also be found with dynamic tools such as
Valgrind. However the Klocwork static analysis tool has several advantages over dynamic analysis tools
like Valgrind. First, Klocwork can find more types of defects and it looks in more places to find defects.
Valgrind, for example, requires that the code be executed to find defects. That means valgrind can find
defects only in the code paths that are actually executed. In addition, running a code with Valgrind can
cause the code to run significantly slower. On the other hand, the time it takes to analyze a code with
Klocwork is only on the same order as the time it takes to compile the code. Changes to fix defects are
confirmed by a short re-compile instead of a potentially very long re-execution. In addition static
analysis provides 100 percent code coverage whereas dynamic analysis provides only as much coverage
as the portion of code actually executed. We are not suggesting static analysis should replace dynamic
analysis. Neither approach can find all defects. We recommend the use of a static analysis tool in
conjunction with a dynamic tool. This facilitates the discovery of the largest possible set of defects.
Klocwork has over 1000 customers which include Motorola, Intel, Qualcomm, and John Hopkins to name
just a few. In a case study by John Hopkins titled "Enhancing software reliability and developer
productivity while building the next generation of human prosthetics", a DARPA project, Klocwork was
shown to increase the reliability of the code by finding critical defects that went undetected by
conventional testing techniques. In summarizing the benefits of using Klocwork that study states the
following: "Since the software is an embedded real-time system, defects such as array bounds
violations, use of uninitialized data, null pointer references, and thread synchronization errors are all
examples of potentially critical issues that were found by the tool."
In another case study, Motorola asserts "large scale deployment of static analysis leads to measurable
productivity and quality improvements." In that study, Motorola found that in the first year of using
Klocwork they experienced a two-fold reduction in the number of defects found during system test.
The University of Colorado's Laboratory for Atmosphere and Space Physics (LASP) conducts research in
Atmospheric science, space physics, solar influences, and planetary science. Due to reliability
requirements, LASP began routine analysis of the GOES-R software with the Klocwork tool set. Don
Woodraska, Professional Research Assistant in the Data Systems group, has indicated that Klocwork
found Array Bounds Overflow type defects that were critical to the software for that project. Their case
study indicated that by using Klocwork they were able to improve the reliability of the code and the
productivity and development skills of their developers.
Upcoming Pages
Here’s what’s next.
Search Inside
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
Oliver, B.; Dahlgren, T. & Miller, M. C. NEAMS Static Analysis, report, October 2, 2012; Livermore, California. (https://digital.library.unt.edu/ark:/67531/metadc841307/m1/4/: accessed April 19, 2024), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.