 Welcome you to the new session of embedded software testing, this is the unit 3, static analysis and code reviews, so there are few sessions in unit 3, study about static analysis and code reviews, instructions and metrics, so these three things we will study in this unit 3. So there are few sessions when the unit and we know that testing can be done with the help of dynamic testing, the other context is static testing, so dynamic testing we know that we can test when the program is executing. So let us do a recap of what we have studied in unit 2, unit 1 we will not recap because we will not gone through while doing the unit 2, so unit 1 was about introduction, basic templates, testing aspects etc., in unit 2 so we have studied about dynamic testing, PM method, static versus dynamic testing its differences, then as part of the dynamic testing we studied about the black box testing, white box testing, differences, advantages, advantages and disadvantages, also we had gone through the core aspects. Then we discussed about the black box testing techniques and testing techniques are equivalence partitioning, boundary value analysis, then state transition or event transition testing and point categories, then we also have an example and go through state event table, then model based design and testing is called MBT, model based testing, then white box testing and the techniques we went through, so we have gone through different techniques under white box testing, they are statement coverage, branch addition coverage, then data flow testing, branch condition testing, branch condition combination testing which is the thing about that MCDT separately we studied on the D1 and D2 perspective, then we have modified combination code scheme, the linear LCSJ testing core sequence jump, then grey box testing which is a mix of both white box as well as black box, then we understood about test driver and test steps which are very important in terms of integration or unit testing, then we go through some of the coverage tools and discussed about different tools that are used for the dynamic testing and analyzers, performance, logic, memory, etc. Then testing tools, life cycle how it is, there is a life cycle chart from the standard book what we refer, then test automation and techniques, automation batch processing and all that we have studied there, then the last one is the risk based testing on the importance of risk based testing on the different strategies how it could be done, so those are some of the sessions in unit 2 in brief, okay, so in the next unit that is static analysis in core coverage, we will try to understand what is static testing, static testing, a process of evaluating a system or component based on its behavior without executing the program, so we know that dynamic testing has to be done when the program is executing, we do lot of black box and white box testing techniques followed in the dynamic testing, whereas static testing is a process of evaluating a system or the units or the components depending on its behavior and the behavior will be checked or verified or analyzed or evaluated without the need of execution of the program because already we have executed the program in process using the black box for one aspect of the testing, these are different aspects these are equally important to do the static testing, here we do not execute the program but the different things are there without executing the different aspects of the inputs from the test artifacts that will be used for static testing, so let us study about that in the next slides, context into context with dynamic testing, a process of evaluating a system or components of behavior during execution that means in contrast to dynamic testing during the execution, we will do the test, that is what the basic difference of dynamic testing and the static testing, okay, the next one is static versus dynamic testing, so basically to do a testing as an embedded system completely both have to be done, some of the things may not be possible with dynamic testing, some of the things possible with the help of static testing, some of the things may not be possible with dynamic testing, some features are definitely not possible with static testing, so likewise we have a complement of each other, so that the testing is complete in all aspects, so that is how these two techniques are mutually done and while doing that we may take credit of each other, so that coverage aspects are taken care, so static, static analysis were explicitly used in the previous embedded software testing, where tools are available and affordability were answered, see just imagine that there are no tools to test when the program is executing, how we can test it, so it is very difficult, so what is to be done for the earlier basis, they used to run, stop, run, stop, verify on the field and when the program is halted, they will extract some of the outputs of the memory statically, so there was a track of tools, embedded tools in terms of testing and the debuggers and the organisers, these were very less in earlier days, that is why we used to have sort of a code review, more of a code review analysis, it could be inspection, we will study about this how they are done, but I am not sure, these are the major contributors for overall testing, embedded software testing, but that has changed nowadays, so more automation with the help of tools and scripts I would say, there are lot of languages like Python and Shell, Shell could be from Command Prom or ID, so they are all evolved, so due to that what is happening is, the unit of software of the program that can be run independently and these tools can be applied on those run and can get the result, so what will happen is, the more emphasis is on dynamic testing, but to gain the confidence, we will augment the dynamic testing with static testing, static approach or testing, etc., so that is how static testing is complementing to dynamic testing, because some of the methods are impossible or very tedious or it is like very difficult or there is no point in doing sort of a test are there, some of the requirements it could be, some of the unit level verification or validation, all this will be done as part of the static testing, so in software development static analysis and dynamic testing are two different ways of detecting defects, unfortunately they are too often thought of as complementation, competition for one another, but it is not a competition actually, and developers are sometimes encouraged to favor one to the exclusion of the other, because they are biased, because they have implemented the code, they do not want to have different approaches and all that, so they used to be always for one of the approach, so this inaccurate and potentially harmful integration maybe, consequence of confusion of the role and the power of the next generation analysis tools basically, static analysis tools, so that is why to clean up all these misunderstandings in the development and testing team, this approach of static analysis, separately it has evolved and come up, so definitely any embedded system that they are going to have, will have static analysis and coverage, which is done without the program, so this is an important aspect in the embedded software testing, the next one, static testing, so what are the different types are there in static testing, which are used for doing the static testing, so there are three things that are done in the static testing, static embedded software testing, static analysis and the next one is reviews, inspection and test process, then the testing metrics, all these together are used under static testing, to make sure that the reports and the completion and the possible criteria are arrived, so these are the three different types, so we know that we can do a review of the requirements and the design code against what is implemented and what is working, so that can be reviewed, it could be informal, walkthrough, peer review, inspection etc under reviews, so we will study about different types of reviews and review process, is very important because every review has its own provinces, what are the types of reviews, what it will bring basically to go through the existing artifacts and understand manually, manually go through documents, basically what is document and what is been working, that should be consistent and matching, that is how they use the reviews and inspection and the test process adopted there, so these are specific to, in terms of validating and verifying the intended behavior of the system statically and static analysis we do with the help of tools and checklists and different categories of static analysis are there, we will study in the next slide and the last one is testing metrics, so we need definitely a metrics tool, manage, control, report, revisit of the artifacts of embedded software testing, so it is very important because without metrics nothing is complete, you are asked how much of the progress you have made on the testing, you should be definitely telling in terms of either numbers or percentage or progress in terms of charts, trends etc, so all this will be part of the metrics, so with the help of metrics the program is well managed and controlled, similarly the metrics are used in terms of analyzing various artifacts as part of the software testing, you could say that it is a overview but as part of static testing this is also important so that the completion is taken as a credit in terms of overall embedded software testing, so three types of static testing are done, static analysis, next one is reviews, inspection and the last one is testing metrics, so static analysis are basically done with the help of support by different tools, so the tools are applied on the code basically or the implemented part, so basically we do an analysis of the code, so that is what we do in static analysis, okay, so let us see each one, what are the details about that, what does it do, static analysis, okay, definition of static analysis, analysis of a program, we know that is a standard definition from the standard BS79251, the various aspects of analysis we do on the program without that is being executed or as per below, unreachable code, the code of what we do is analyze the code, by analyzing what we will discover is there are certain pieces of code, certain software units of the code which are not reachable in the entire execution of the program or which are that sort of a thing, then parameter type mismatches, that means the parameters that is intended to be used in different functions or categories are not being followed, there is a mismatch between what parameters is supposed to be used and how parameters that are implemented, the next one is possible array bound variations, so what is the meaning of array bound variations, we know that we are trying to access an element or index, element index within the array, but the value that is being given is outside it, that is outside the boundary value of the array, we are going to access it, the index of the supplied parameters or whatever it could be, will be they are used actually, so that is a error, that is a issue with that particular function, next one is the faults found by compilers, that means the compilers basically used for building the program, we know that, build the source code, suppose let us say the C code, so what it does, it generates the obj files or the object files, then what we do, we link it, next up is link these objects to generate the executable, in a nutshell I am just briefing this, so while doing this there could be errors, there could be warnings, there could be info, all this have to be cleared, because somebody may argue or a developer may argue, I will clear up the errors, I do not care about warnings, warnings are sometimes very critical, such that some of the above things like parameter incorrectness is there, some of the objects are properly not used and improperly assigned, then there is a index mismatch or wrong use of the index and that is leading to a warning and ignore the warning, you could lead into a runtime issue, so all this will lead into a runtime issue, what is a runtime issue, once we build the executable, what we do is, we will execute that on the target and the error that is getting because of these errors, warning, info, the fault that is going to come from the program are nothing but the runtime issues, so with the help of static analysis, all this pitfalls will be brought out and of course it is depending on the type of language also, the kind of warnings, the errors are getting used, for example missing files could be there and data mismatch, data type mismatch, so typecasting is wrongly used, possibly divide by 0 is there, misses of variables, so these are some of the typical issues that are there, so divide by 0 because compiler won't throw any error but warnings could be there or if you set the errors to such a level that this are reported then it will throw a error, so that possibility is that the faults are found by the compilers of such a nature, it could be data type mismatches, there could be missing files, simply it has ignored and somehow it compiled, it is not a correct point, so all this will be part of the compilers, of course MISRA errors, if you have enabled the MISRA check while doing the compilation also it will throw, you can do severity and normal sort of errors, so better to clear up all this type of errors like severity errors also, definitely you have to clear it up and normal errors also sometimes leading into an issue while running the program, so all this have to be clearly analyzed and reported, so that is what the objective of static analysis with the help of the compiler reported faults. The next one being program complexity, so there are tools basically which can measure the complexity of a program, so what is the complexity of a program? Again it is a measure of the percentage of or the measurement of the loops, if statements, cases, switches and all that, how complex the program is written, how complex the program is going to have it, all this will be part of that, so that is measured with the help of tools basically because manually it is difficult, I will explain the complexity measurement which has been made away, it is one of the most popular complexity measurement tool or analysis that they do, so higher the complex or higher the complexity, chances of erroneous, so lesser the complexity, chances are less, it means we have a high complexity program having lot of conditions, lot of wave statements, wide loops, cases and etc., so there is a possibility that the program has become a complex and number of lines of course that also will be into things, we may have a one single function having two long lines and I would consider that as a two huge code to maintain or test it, better to split into tough functions and try to use it as much as much as possible in terms of splitting the overall function, so all this matters in terms of the program complexity, it is very important to avoid such things, so with the help of static analysis we will discover the program complexity and we will report the number, this is a definite reported number for the complexity of the program, we will study about the program complexity using a make a way complexity measurement formula for that, we will study that, so we see these are the some of the static analysis methods that are used, unreachable code, parameter type mismatches, data type mismatches divided by 0, possible array bound violations, faults that are found by compilers in terms of errors, warnings, info type of report, all these are considered as faults under static analysis, those have to be analyzed and fixed, then the last one is the program complexity that also will be analyzed with the help of static analysis, so continuation of the static analysis, static analysis can be used as soon as the code can be compiled, that means code has to be compiled and it should be ready, it is in a good compiled state for the static analysis to be done, static analysis tools may not work properly, so they can find bugs early in the development cycle and bugs found earlier are less expensive to fix, we know that as we progress in the embedded software development towards the end it is very difficult to fix and retest and deliver the product and it will be more expensive to do that than if the bugs are found in the earlier stages of the development cycle. And static analysis, they do not require program inputs, so bugs can be found and any motor without incurring the expense of developing test cases. So sometimes what will happen is we may not need a test case, ideally it is better to have a test case overall like in terms of identifying different aspects of the analysis, but more or less how it is done is, manually it is done with the process that is being laid out, but there may not be a need of test case development separately, but the program itself, so we do not need to worry about the inputs to the program and all, so we can eliminate the bugs without incurring the expense of developing test cases, so that is what the meaning of this. So static analysis they can make it easier and the section will develop dynamic test cases, the consequences they can eliminate more bugs or less expense. So in embedded systems in the industry basically what I have seen is dynamic analysis is dynamic analysis or dynamic testing is done first and then static testing is done. I think this may not be a right approach to attack a embedded systems especially those systems having complex nature, why because some of the issues or the problems can be found during the static testing and where we do the analysis and issues found in the earlier stages, so that before doing the dynamic testing, this solve can be found out because the expense of static analysis is always less than dynamic one, so that is why it is very important to do the static analysis, of course it may not be 100% because it is just compiled some of the issues would not have been fixed in the functionality, still the functionality is not matured, so the code is bound to change, static analysis may get impacted, but where we first cut off what the program is to understand what is going on, better to do a static analysis as a first-hand information that can be used to fix some of the easier bugs before the dynamic testing can be done, so that is what static analysis is going to be useful, so it may not also have been integrated completely with the rest of the program to find the bugs or techniques, but still we can do a static analysis, we can also go through a single file of a database also how it is getting the structure of the program or anything in between this, so all this can be considered for static analysis, so the results are better when the entire program is analyzed, but an analysis of small parts can also be used, just developers can get very quick feedback on their code and the quality of the code, so that is the idea of static analysis and during static analysis so all things that we can do, to present that the code how much have been analyzed, what is the change that is going to happen and the various analysis aspects of the source code where the potential issues are there, all this can be analyzed with the help of tools, the tools can tell basically the percentage of source code where and all the issues, so before we start developing the test cases etc with the help of the tools, so then the graphical representation of the code properties we can use it, basically the representation could have the following four types of reports such as control flow graph, so we will study this later, control flow graph is something like how the control of the program is going to be done and executed, the next one is the call tree that means what are the total number of functionalities, how are the procedures, how they are getting invoked and overall invoking, so both are important here, we will probably go through a tree call tree with an example tool called understanding for cc++ from sky tools, so call tree is very important invoker as well as invoker functions or procedures, so by this we will know how the flow of the program, the control flow is going to be executed when the program is run, then we have a different events and the sequences that are part of the embedded execution, so sequence diagrams will be there that is useful for public analysis, so all these part of the code properties are different architectural inputs such as class diagrams also used, so probably I will try to put few inputs on the class diagrams, sequence diagrams which are useful in terms of representing the code and their properties, so these are all will be analyzed statically, either it could be at the help of tool or it could be done manually, so that is how static analysis is done with different aspects of the code, basically it is done on the code, the next important thing is control coupling and data coupling, so very important item they use especially they use in aerospace industry, so what is control coupling and data coupling, definition from cast paper, cast is certification authorities software team, so this is a dedicated team basically, certification authorities that is what is cast, so that is a group basically they will define how the static analysis should be done manually, so as per that paper this is done by the organization that is called which is nothing but US autonomous organization federal aviation authority, for every airlines to fly or certify FAA will help or FAA will have to mandate that this product is good to fly, so like it is not for the, not only for the entire airlines or the entire aircraft but also for the different components within the aircraft, the complete avionics buses, software, communication whatever we are going to use, so there is a standard, so as per the standards they will verify and certify, without the certification the airlines will not deliver the aircrafts, for certifying that they use certain analysis documents, so they are nothing but cast papers that is called. Okay, so what is the definition of control coupling and data coupling, conduce paper data coupling, data coupling is the dependence of the software component on data not exclusively under the control of that software component, that means the data that is going to be used in the entire software component but it is not entirely getting controlled with that component but it is having a dependence on various other components, that is what the definition of data coupling. The other one other aspect is control coupling, the manner or degree by which one software component influences the execution of another software. We know that there are functionalities, those functionalities are going to various sub functionalities or sub procedures or things, so each one will have a dependency, so how they are binded, so what is the binding between them is what is getting defined in control coupling, so these two are very important, these two have to be analyzed in the static analysis aspect with the help of the various analysis tools or references or standards that are tested from the FAA team, so with the help of that the data coupling analysis and control coupling analysis are done. So this will bring the dependency of the data that are exclusively used outside and inside the software component, also the various components influencing different components will have some sort of a controlling mechanism that flow and the binding of the various components also will be analyzed, so with this analysis control coupling will be reported, so this will help in terms of analysis, static analysis that is being reported. The next one is continuation of static data coupling example, an example of data coupling is a software component that utilizes parameters with a value that is calculated with different software components perhaps being executed at a different calculation rate, very interesting so we have a software functionality that utilizes the parameters that are coming as an input with a value, but the values are computed or calculated by a different software component, so there is a coupling between that component as well as the utilized component, so and of course we can continue in the next component also and it can be updated at a different rate, how are we going to validate that, so that is what this data coupling will bring out. The other one is example of control coupling is a real time software activity that initiates execution of a software component depending upon external parameters or influence, that means in a real time embedded systems we know that external parameters could be a signal, time, information or any events etc, all this will influence in terms of the program flow, so how this program flow is getting identified or executed all is what we are talking about control coupling, so control coupling example is a real time software executive so basically it is a scheduler, so that initiates execution of different components depending on the time it could be depending on the signals or depending on the conditions or some events or some external flags or triggers are done, so that will have the dependency, so all this will be exercised under the control coupling, so that is what about static analysis of control coupling and data coupling, so I think we will study little more on control coupling control flow analysis, it is also called as control flow analysis, it considers the use of program and its flow, visual inspection of control flow is also really important, so that we know where the flow is going, who is calling or who is getting called, examples called tree unreachable completely or reachable partially, parametric issues, the parameters are prepared but with the help of parameters the call tree is not reached completely or the call tree is partially reached and the program is not executing properly, so all this will be brought out in control coupling and control flow analysis, so it is very important to understand control coupling and data coupling aspects and listener get confused with data flow testing especially in the data flow coupling and any other testing aspects like we did on white box, black box and all these are different aspects is part of the static analysis, the next one is the static metrics that are used for software complexity, so we will go through static analysis with the help of the tools, also the testing metrics with the help of make up a complexity etc., followed by that we will study the reviews instruction in the further sessions, so static metrics are used for static analysis with the help of tools, as I said software complexity is one of the aspects of software static analysis, makes a base complex, cyclomatic complexity is called, measure is one, range of code is one, pan out and fan in, nesting levels, so these are some of the metrics that are used, we will try to understand at least the make up a complexity, what is the make up a complexity, how it has come, so we know that a piece of program or the software has number of diamonds, diamonds are the process or the decision boxes, so more decisions are there in the code, the more complexity it is that we know that, so statement coverage, decision coverage and make up a coverage all three have to be taken here in terms of coverage aspects, you know we have studied for white box testing statement coverage, decision coverage and all that, so make up a coverage is also very important in terms of whether we have covered completely, all this will be followed and dependencies taken care while doing the testing, so there are tools that can measure the complexity of the program, it also presents percentage of loops, if statements etc, high complexity will have more problems in terms of maintenance, it is a error prone, chances are high, error prone software, but extremely complex programs we move from home, in terms of closed loop control systems with the help of skilled people that is getting developed and make up a complexity, so there are number of decisions in a program or the control program, so here you can see that it is just that program has and the nodes that the program has plus 2 will give you the complexity measure that is how the calculation is done and we know that lines of code is also required, so basically lines of code is measurement of size of the program basically, so lines of code is nothing but the executable lines of code, it is not the lines that the program has, it is the lines of executable also called executable lines of code, so we will not use the lines of code just, but we will use the lines of executable code such as statement followed by semicolon, I am talking about C language, above that we have a command, the command is also a line, but it is not considered as an executable, similarly we have in a loop or for loop semicolon itself as a one executable line that is also controlled under the LOC, then we have the fan out and fan in, fan out is the amount of models that is total number of model calls, models with high fan out are often found in the upper part of the call tree that means the higher part of the call tree we will study about the call tree, so fan out will be more, fan in is the amount of models that call a specific model, so we have to understand the difference, fan out is the amount of models a given model calls, how many calls it will make, fan in is the other way where the amount of models that call a specific model that means the current model is called by other models, so this number of fan out and fan in also one of the static analysis matrix that is used in software testing. So next one is the next testing level, we know that testing for example many statements nested into each other getting into a deep nesting level, so if we will have another if else again if like this, so to go deep, so this could lead into a nesting level, so we have to understand what is the deep level, so this also will be coming under as a edge in terms of a complexity this also will be measured, so code will be very difficult to understand, so it is more difficult when the complexity or the cyclometric complexity of the program is high, so simple nesting level is if X is greater than 0 do something, so this is one nesting level, suppose we have more ifs within that then it will become multiple nesting levels, if X is greater than 0 it will be appropriately aligned, if Y is greater than 0, greater than 0 then do something else or nothing, now we have come one deep we have done, next is done when X is greater than 0 else do nothing, so this has complexity level as 1, this nesting level is more than 1, here in this case it is 2 because we have edges more edges that is very small than 1, we will have to understand that more in the next slide, okay, so make way complexity is also called as a cyclometric complexity, how it is calculated is E minus n plus 2, so E is nothing but edges, n is nothing but nodes, I will try to depict this way, we have a program going this way and we have a flow functionality, flow 1 then we have a flow 2 then we will be into flow 3, here we have 3 nodes, this can be also called as node 1 and we also called as node 2 and node 3, so the else part if it is a diamond then it can become a node 4, so here we have 1 2 3 4 nodes and edges we can see 1 2 3 4 minus 3 plus 2 that is 1 plus 2 3, so this is a complexity of this program is 3, so likewise it will getting calculated, so it is very important to understand cyclometric complexity or the make a base cyclometric complexity, so in other words it is also can be considered as edges or the links in the flow graph and minus n, n number of nodes in the flow graph plus number of disconnected parts of the flow graph or 3 plus 2 is the default number that is being added, okay. Let us try to understand a simple example of cyclometric complexity, this is from the reference from web, I can just explain you, in the first one we have 2 nodes and one edge, you can see edge is 1, node 2 and the p is 1, that is the disconnected part, there is no disconnected part, so only one connection we have, so we use something like make a base 1 minus 2 plus 2 equal to 1 that is edges 1 edge 2 nodes, 1 edge sorry 1 node sorry 1 edge minus 2 nodes plus 2 will become 1 that is in other way it is also the in terms of parts it can be adjust minus nodes plus 2p or simply adjust minus nodes plus 2 because mostly the disconnection is going to be very less in many of the flow, it will be usually connected but considering that also we can use this formula where 1, 2p is used, p is the connections, so 1 connection is there, so it will become 1, complexity is 1, in this case the flow between different nodes we can see it will go this way, it will reach here, there is some condition it will come back here, it will go again, go again, so like this the flow is there, so what is the complexity of this program, we can understand this, see something like a far loop or condition whatever it could be, but the flow is something like this, so what is the complexity here, we can see one is here, other one is like this, so 2 that means we have how many edges, 1, 2, 3, 4 edges, we have how many nodes, 4 nodes 1, 2, 3, 4, I will write it for your understanding 1, 2, 3, there are 4 nodes and edge number 1, edge number 2, this is edge number 3, 4 edges are there, so what will be our make up a complexity for this, n e minus n plus 2 here, 4 minus 4 because 4 and this 4 nodes plus 2, it will become 2, so complexity of this program is 2. Similarly, here another program you can consider this as a multi-threaded parallel task sort of a thing where we have 2 parts, so in this case the complexity is 2, I will leave it to you how you are going to perfect because we know the formula. The last one is the state forward, we know that there are 5 nodes and 4 edges, 4 minus 5 it will become minus 1 plus 2, 1, so single one level of complexity is there in this type of program, so that is what is the definition and understanding of the complexity, so as the complexity increases the program is having more complicated or the flow is more, the control is more deeper. So generally if the complexity is greater than 10 meaning that the complexity is too high and it calls for river, that means generally in embedded industry automotive or aerospace it takes the complexity has to be around 10 or less than 10 considering the whole program. If it is more than 10 means the complexity is high, so usually they will ask to rework on that or reworking there are different methods and all that, that is all developers work, they will either split the functionality or the conditions that are underneath this complexity to make sure that the make a base of the complexities within the limit of 10. So the complexity specifies the number of independent paths the program has, so we know that here the path is 2, first path is direct, other path is from third node come back to second, third, fourth, so 2 paths it can execute, so it specifies the number of independent paths the program has. In the case of here first and the path is only 1, so it is as simple as that, so the star what is mentioned here is P in case of disconnected nodes basically nodes it will become 2P, so that is what the meaning of back away complexity and its analysis, this has to be analyzed and reported basically. The next one is few more examples I try to put it based on a book how to apply static and dynamic analysis more practice by auto winter it is a good book we can study to see that and here some examples I have taken from one of the sample, so this report make a by complexity is been reported with the help of a tool called LDRU, LDRU another tool they use it for finding the make a by complexity. So here you can see make a by is 10 that means it is just complex, the complexity is just in normal range you can see number of independent paths, so one is the one here you can see 2, 3, 4, 5, 6, 7 here and 8, 9, 10 like this the complexity is being arrived, the tool itself will produce it you will have to calculate manually it is basically with the help of the formula which I have spoken in the previous slide, edge minus nodes plus 2. Similarly we have more complex you can see here the flow of the different edges within the nodes and the complexity here it is very much, the program is display program, so displays are basically different complexity, so the complexity is 20 in this case, the more complexity you can see here it is very complex where the complexity is 46 definitely it calls for a rework, so that is what is about the complexity control flow, control flow analysis make a by complex, so in the next session we will study about the data flow, data flow analysis and the matrix part, so that is the end of the session today.