Arunkumar Khannur's Software Testing Knowledge Center

6.7 Static versus Dynamic Anomaly Detection

Static Analysis involves the analysis of a program without executing it. Dynamic Analysis is for testing the code which is in execution by supplying appropriate inputs.
Static Analysis is not adequate or exhaustive because of following reasons:

6.7.1 Bugs with Pointers and Memory

The following are various possible bugs in dealing with pointers and memory.
  • Memory leaks: A memory leak is a situation, where the memory is allocated to the program which is not freed subsequently. Such a situation can cause ever increasing usage of memory and resulting in an exceptional halt of program because of the lack of free memory.
  • Temporary values returned: Dynamic allocation of data is very crucial in order to store data in heap else it will be stored in the stack. In order to share data it is good to declare variable as public and use that access common data.
  • Freeing the already freed resource: Memory is first allocated and de-allocated. The programmer tries to free the already freed resource. This is a common form of error.
  • NULL dereferencing: Improper initialization, missing the initialization in different paths, or aliases leads to the NULL reference error.
  • Exposure of private data to un-trusted components: In many situations there is a need to preserve the integrity and security of data and access to external sources shall not be given. This can be achieved with usage of private or protected options to restrict access to data. However programmers with lesser experience are not good at using private or protected options.

6.7.2 Aliases

When there is an unexpected aliasing between parameters, return values, and global variables, errors may be inevitable. Aliasing problems sometimes lead to deallocation errors. Static analysis of all feasible paths in the program can detect possible aliases.

  • Need of Unique addresses: Aliasing may result in violation of unique addresses when we expect different addresses.
  • Synchronization Errors: Synchronization errors are hard to find errors with major impact and may occur where multiple threads are accessing some common resources. Synchronization errors are of three types: Deadlocks, Race conditions, and Live lock.
    • Deadlock: Deadlock is a situation in which one or more threads mutually lock each other, more frequently because of inconsistent locking sequence. In order to detect deadlock situation, we can construct a lock graph, analyze if it has a loop and if loop exists then it represents the presence of a deadlock.
    • Race Condition: This is an error which results when two threads try to access the same resource and the result depends on the order of the execution of the threads.
    • Inconsistent synchronization: Error related to inconsistent synchronization may happen because of mix of locked and unlocked accesses in shared variable where some are locked accesses and some other accesses are unlocked.
  • Incorrect initialization of static field: During synchronization, connection and release semantics are established by initializing a volatile static field. If a non-volatile field that is shared by different threads are improperly initialized then there can be a synchronization problem.
  • Method spins on field: When a method reads a field, it enters into an infinite loop causing improper synchronization.
Khannur's Book
Arunkumar Khannur, Software Testing - Techniques and Applications, Published by Pearson Publications, 2011 (ISBN:978-81-317-5836-6; Pages:341 + xxii)
Follow Khannur
Khannur's Company
ISQT Process & Consulting Services Pvt. Ltd., Bangalore, INDIA
Khannur's Software Testing Forum
 Contact Khannur
ISQT Process & Consulting Services Pvt. Ltd.
#732, 1st Floor, 12th Main,
3rd Block, Rajajinagar,
Bangalore - 560010, INDIA
Phone: +91 80 23012511
Skype: arun.isqt