1. Static Analysis Methods CSSE 376 Software Quality Assurance Rose-Hulman Institute of Technology March 20, 2007

2. Outline • Cyclomatic complexity • Formal verification • Symbolic execution

3. Cyclomatic Complexity • Measure of the complexity of a function • Defines a minimum number of tests to run • Vg = # regions of planar flow graph • Vg = E - N + 2 (edges - nodes + 2) • Vg = P + 1 (predicates + 1)

4. Example of Cyclomatic Complexity (Corrected 3/29/07)

5. Using Cyclomatic Complexity • Vg is the number of independent paths through the function • Each path should be tested at least once • Vg is also a measure of complexity: a large value is a warning that the code may need extra testing or should be rewritten

6. Cartoon of the Day

7. Formal Verification • Compare implementation to a formal specification • Use rules like Assignment Axiom: /* P(E) */ V = E; /* P(V) */

8. Automated Support for Formal Verification • Simple rules like Assignment Axiom can be automated. • Some formulas will need to be simplified for tools to recognize similarity. • Some theorems may need to be proved to complete the verification

9. Symbolic Execution • Execution of code using symbolic values instead of real data • Compare symbolic values with expected values (results) • Path Condition: Condition on input variables under which this path is executed

10. Example Program Path Condition 1: read c; True 2: r = 0; True 3: while (c > 0) { True 4: r = r + a; c0 > 0 5: c = c - 1; } c0 > 0 6: print r; c <= 0