1

Static analysis

Symbolic execution

Unit testing and debugging

Formal verification: enhancing maintainability during development

Managerial aspects of software maintenance

Source code matrics

Other maintenance tools and techniques

static analysis (static code analysis)

Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining

the code without executing the program. The process provides an understanding of the code structure and can help ensure that

the code adheres to industry standards. Static analysis is used in software engineering by software development and quality

assurance teams. Automated tools can assist programmers and developers in carrying out static analysis. The software will

scan all code in a project to check for vulnerabilities while validating the code.

Static analysis (also known as static code analysis) is a software testing methodology that analyzes code without executing it

and reports any issue related to security, performance, design, coding style or best practices. Software engineering teams use

static analysis to detect issues as early as possible in the development process, so they can proactively identify critical issues

and prevent them from being pushed into production. For example, a static analysis tool may compare your code’s formatting to

defined standards and suggest the use of inclusive language, fixes to infrastructure-as-code configurations, or revisions of

outdated practices. Static analysis tools may also be able to quickly highlight possible security vulnerabilities in code.

Static analysis is generally good at finding coding issues such as:

 Programming errors

 Coding standard violations

 Undefined values

 syntax violations

 Security vulnerabilities

The static analysis process is also useful for addressing weaknesses in source code that could lead to buffer overflows -- a

common software vulnerability.

 2

How is static analysis done?

The static analysis process is relatively simple, as long as it's automated. Generally, static analysis occurs before software

testing in early development. Once the code is written, a static code analyzer should be run to look over the code. It will check

against defined coding rules from standards or custom predefined rules. Once the code is run through the static code analyzer,

the analyzer will have identified whether or not the code complies with the set rules. It is sometimes possible for the software to

flag false positives, so it is important for someone to go through and dismiss any. Once false positives are waived, developers

can begin to fix any apparent mistakes, generally starting from the most critical ones. Once the code issues are resolved, the

code can move on to testing through execution.

Without having code testing tools, static analysis will take a lot of work, since humans will have to review the code and figure

out how it will behave in runtime environments. Therefore, it's a good idea to find a tool that automates the process. Getting rid

of any lengthy processes will make for a more efficient work environment.

Types of static analysis

There are several static analysis methods an organization could use, which include:

 Control analysis -- focuses on the control flow in a calling structure. For example, a control flow could be a process,

function, method or in a subroutine.

 Data analysis -- makes sure defined data is properly used while also making sure data objects are properly operating.

 Fault/failure analysis -- analyzes faults and failures in model components.

 Interface analysis -- verifies simulations to check the code and makes sure the interface fits into the model and simulation.

What is Symbolic Execution?

Symbolic execution is a software testing technique that is useful to aid the generation of test data and in proving the program quality.

Steps to use Symbolic Execution:

 The execution requires a selection of paths that are exercised by a set of data values. A program, which is executed using actual
data, results in the output of a series of values.

 In symbolic execution, the data is replaced by symbolic values with set of expressions, one expression per output variable.

 The common approach for symbolic execution is to perform an analysis of the program, resulting in the creation of a flow
graph.

 The flowgraph identifies the decision points and the assignments associated with each flow. By traversing the flow graph from
an entry point, a list of assignment statements and branch predicates is produced.

Issues with Symbolic Execution:

 Symbolic execution cannot proceed if the number of iterations in the loop is known.

 The second issue is the invocation of any out-of-line code or module calls.
 3

 Symbolic execution cannot be used with arrays.

 The symbolic execution cannot identify of infeasible paths.

Symbolic Execution Application:

 Path domain checking

 Test Data generation

 Partition analysis

 Symbolic debugging

Detailed Explanation of Source Code Metrics in Software Engineering

Source Code Metrics in software engineering are quantitative measures used to evaluate the quality, complexity, performance, and
maintainability of the source code. These metrics help developers, testers, project managers, and stakeholders make informed decisions
about code design, architecture, and overall software quality.

Source code metrics in software engineering are quantifiable measurements used to assess various aspects of code, such as its size,
complexity, maintainability, and testability. These metrics help developers and project managers identify potential issues, track progress,
and make informed decisions to improve code quality and development efficiency.

📌 Why Are Source Code Metrics Important?

Source code metrics are vital because they:

 Help detect code smells and potential bugs early.

 Improve code maintainability and readability.

 Support refactoring efforts by identifying complex or bloated parts of the code.

 Aid in effort estimation, risk analysis, and quality assurance.

 Enhance software documentation with measurable data.

Here's a breakdown of common source code metrics:

Size and Complexity:

 Lines of Code (LOC):

A basic metric that counts the number of lines in the source code. While simple, it can be a useful indicator of code volume and can be
used to estimate development effort.

 Cyclomatic Complexity:

Measures the structural complexity of the code by counting the number of independent paths through the code. Higher complexity
indicates more intricate code, potentially making it harder to understand, test, and maintain.

 Halstead Metrics:
 4

A set of metrics based on the operators and operands used in the code. These metrics can assess the size, volume, and complexity of the
code, helping to understand its structure and potential maintainability.

Maintainability:

 Code Churn:

Measures the frequency of changes made to a specific source code file over time, indicating potential instability or areas of high
modification activity.

 Code Coverage:

Indicates the percentage of code that is executed by automated tests. High code coverage suggests a more robust test suite and a higher
degree of confidence in the code's correctness.

 Maintainability Index (MI):

A composite metric that combines several code metrics (like LOC, cyclomatic complexity, and Halstead volume) to provide an overall
assessment of code maintainability.

Other Important Metrics:

 Code Duplication:

Identifies duplicated code segments, which can lead to maintenance problems and increase the risk of introducing bugs.

 Defect Density:

Measures the number of defects found per unit of code (e.g., per thousand lines of code), indicating the code's reliability.

 Comment Density:

Indicates the ratio of comments to code lines, which can be a factor in code readability and maintainability.

Tools and Techniques:

 Many tools, like SonarQube, CodeClimate, and Codacy, are available to automatically calculate these metrics and provide
insights into code quality.

 These metrics are often used in conjunction with other software engineering practices, such as code reviews and static analysis,
to improve overall code quality.

What is unit testing?

Unit testing is the process where you test the smallest functional unit of code. Software testing helps ensure code quality, and it's an integral
part of software development. It's a software development best practice to write software as small, functional units then write a unit test for
each code unit. You can first write unit tests as code. Then, run that test code automatically every time you make changes in the software
code. This way, if a test fails, you can quickly isolate the area of the code that has the bug or error. Unit testing enforces modular thinking
paradigms and improves test coverage and quality. Automated unit testing helps ensure you or your developers have more time to
concentrate on coding.
 5

A unit test is a block of code that verifies the accuracy of a smaller, isolated block of application code, typically a function or method.
The unit test is designed to check that the block of code runs as expected, according to the developer’s theoretical logic behind it. The
unit test is only capable of interacting with the block of code via inputs and captured asserted (true or false) output.

A single block of code may also have a set of unit tests, known as test cases. A complete set of test cases cover the full expected
behavior of the code block, but it’s not always necessary to define the full set of test cases.

When a block of code requires other parts of the system to run, you can’t use a unit test with that external data. The unit test needs to
run in isolation. Other system data, such as databases, objects, or network communication, might be required for the code’s
functionality. If that's the case, you should use data stubs instead. It’s easiest to write unit tests for small and logically simple blocks of
code.

Unit testing strategies

To create unit tests, you can follow some basic techniques to ensure coverage of all test cases.

Logic checks

Does the system perform the right calculations and follow the right path through the code given a correct, expected input? Are all paths
through the code covered by the given inputs?

Boundary checks

For the given inputs, how does the system respond? How does it respond to typical inputs, edge cases, or invalid inputs?

Let’s say you expect an integer input between 3 and 7. How does the system respond when you use a 5 (typical input), a 3 (edge case),
or a 9 (invalid input)?

Error handling

When there are errors in inputs, how does the system respond? Is the user prompted for another input? Does the software crash?

Object-oriented checks

If the state of any persistent objects is changed by running the code, is the object updated correctly?

What are the benefits of unit testing?

Unit testing benefits software development projects in many ways.

Efficient bug discovery

If there are any input, output, or logic-based errors within a code block, your unit tests help you catch them before the bugs reach
production. When code changes, you run the same set of unit tests—alongside other tests such as integration tests—and expect the
same results. If tests fail (also called broken tests) it indicates regression-based bugs.

Unit testing also helps finds bugs faster in code. Your developers don’t spend a large amount of time on debugging activities. They can
quickly pinpoint the exact part of the code that has an error.

Documentation

It's important to document code to know exactly what that code is supposed to be doing. That said, unit tests also act as a form of
documentation.

Other developers read the tests to see what behaviors the code is expected to exhibit when it runs. They use the information to modify
or refactor the code. Refactoring code makes it more performant and well-composed. You can run the unit testing again to check that
code works as expected after changes.

How do developers use unit tests?

Developers use unit tests at various stages of the software development lifecycle.

Test-driven development
 6

Test-driven development (TDD) is when developers build tests to check the functional requirements of a piece of software before they
build the full code itself. By writing the tests first, the code is instantly verifiable against the requirements once the coding is done and
the tests are run.

After completing a block of code

Once a block of code is considered complete, unit tests should be developed if they have not been already thanks to TDD. Then, you
can immediately run unit tests to verify the results. Unit tests are also run as part of the full suite of other software tests during system
testing. They're typically the first set of tests that run during full system software testing.

DevOps efficiency

One of the core activities in the application of DevOps to software development practices is continuous integration and continuous
delivery (CI/CD). Any changes to the code are automatically integrated into the wider codebase, run through automated testing, and
then deployed if the tests pass.

Unit tests make up part of the test suite alongside integration testing. They run automatically in the CI/CD pipeline to ensure code
quality as it is upgraded and changed over time.

What are unit testing best practices?

We give some unit testing best practices to get the most out of your process.

Use a unit test framework

It wastes time to write explicit, fully customized unit tests for every single block of code. There are automated testing frameworks for
every popular programming language.

For instance, Python has pytest and unittest as two different frameworks for unit testing. Testing frameworks are used extensively
throughout software development projects of all sizes.

Automate unit testing

Unit testing should be triggered on different events within software development. For example, you can use them before you push
changes to a branch using version control software or before you deploy a software update.

Unit testing may also run on a complete project, set on a timed schedule. Automated unit testing ensures tests run in all appropriate
events and cases throughout the development lifecycle.

Assert once

For each unit test, there should only be one true or false outcome. Make sure that there is only one assert statement within your test. A
failed assert statement in a block of multiple ones can cause confusion on which one produced the issue.

Implement unit testing

Unit testing is an important part of building software, but many projects don’t dedicate resources to it. When projects start as prototypes,
are small community-based efforts, or are simply coded quickly, unit testing can be left out due to time constraints.

However, when you build projects with unit testing as a standard practice from the beginning, the process becomes far easier to follow
and repeat.
 7

What is Debugging in Software Engineering?

Debugging in Software Engineering is the process of identifying and resolving errors or bugs in a
software system. It's a critical aspect of software development, ensuring quality, performance,
and user satisfaction. Despite being time-consuming, effective debugging is essential for reliable
and competitive software products.
Here are we discussing the points related to Debugging in detail:

What is Debugging?
In the context of software engineering, debugging is the process of fixing a bug in the software. When
there's a problem with software, programmers analyze the code to figure out why things aren't
working correctly. They use different debugging tools to carefully go through the code, step by step,
find the issue, and make the necessary corrections.

Process of Debugging
Debugging is a crucial skill in programming. Here’s a simple, step-by-step explanation to help you
understand and execute the debugging process effectively:\

Step 1: Reproduce the Bug

 To start, you need to recreate the conditions that caused the bug. This means making the error
happen again so you can see it firsthand.
 Seeing the bug in action helps you understand the problem better and gather important details for
fixing it.
Step 2: Locate the Bug
 Next, find where the bug is in your code. This involves looking closely at your code and
checking any error messages or logs.
 Developers often use debugging tools to help with this step.
Step 3: Identify the Root Cause
 Now, figure out why the bug happened. Examine the logic and flow of your code and see how
different parts interact under the conditions that caused the bug.
 This helps you understand what went wrong.
Step 4: Fix the Bug
 Once you know the cause, fix the code. This involves making changes and then testing the
program to ensure the bug is gone.
 Sometimes, you might need to try several times, as initial fixes might not work or could create
new issues.
 Using a version control system helps track changes and undo any that don't solve the problem.
 8

Step 5: Test the Fix

After fixing the bug, run tests to ensure everything works correctly. These tests include:
 Unit Tests: Check the specific part of the code that was changed.
 Integration Tests: Verify the entire module where the bug was found.
 System Tests: Test the whole system to ensure overall functionality.
 Regression Tests: Make sure the fix didn’t cause any new problems elsewhere in the
application.
Step 6: Document the Process
 Finally, record what you did. Write down what caused the bug, how you fixed it, and any other
important details.
 This documentation is helpful if similar issues occur in the future.

Why is debugging important?

Fixing mistakes in computer programming, known as bugs or errors, is necessary because
programming deals with abstract ideas and concepts. Computers understand machine language, but
we use programming languages to make it easier for people to talk to computers. Software has many
layers of abstraction, meaning different parts must work together for an application to function
properly. When errors happen, finding and fixing them can be tricky. That's where debugging tools
and strategies come in handy. They help solve problems faster, making developers more efficient.
This not only improves the quality of the software but also makes the experience better for the people
using it. In simple terms, debugging is important because it makes sure the software works well and
people have a good time using it.

Debugging Approaches/Strategies
1. Brute Force: Study the system for a longer duration to understand the system. It helps the
debugger to construct different representations of systems to be debugged depending on the
need. A study of the system is also done actively to find recent changes made to the software.
2. Backtracking: Backward analysis of the problem which involves tracing the program backward
from the location of the failure message to identify the region of faulty code. A detailed study of
the region is conducted to find the cause of defects.
3. Forward analysis of the program involves tracing the program forwards using breakpoints or
print statements at different points in the program and studying the results. The region where the
wrong outputs are obtained is the region that needs to be focused on to find the defect.
4. Using A debugging experience with the software debug the software with similar problems in
nature. The success of this approach depends on the expertise of the debugger.
5. Cause elimination: it introduces the concept of binary partitioning. Data related to the error
occurrence are organized to isolate potential causes.
6. Static analysis: Analyzing the code without executing it to identify potential bugs or errors. This
approach involves analyzing code syntax, data flow, and control flow.
7. Dynamic analysis: Executing the code and analyzing its behavior at runtime to identify errors or
bugs. This approach involves techniques like runtime debugging and profiling.
8. Collaborative debugging: Involves multiple developers working together to debug a system.
This approach is helpful in situations where multiple modules or components are involved, and
the root cause of the error is not clear.
9. Logging and Tracing: Using logging and tracing tools to identify the sequence of events leading
up to the error. This approach involves collecting and analyzing logs and traces generated by the
system during its execution.
10. Automated Debugging: The use of automated tools and techniques to assist in the debugging
process. These tools can include static and dynamic analysis tools, as well as tools that use
machine learning and artificial intelligence to identify errors and suggest fixes.

Examples of error during debugging

Some common example of error during debugging are:
 Syntax error
 Logical error
 Runtime error
 Stack overflow
 Index Out of Bound Errors
 Infinite loops
 9

 Concurrency Issues
 I/O errors
 Environment Dependencies
 Integration Errors
 Reference error
 Type error

Debugging Tools

Debugging tools are essential for software development, helping developers locate and fix coding
errors efficiently. With the rapid growth of software applications, the demand for advanced debugging
tools has increased significantly. Companies are investing heavily in these tools, and researchers are
developing innovative solutions to enhance debugging capabilities, including AI-driven debuggers and
autonomous debugging for specialized applications.

Debugging tools vary in their functionalities, but they generally provide command-line interfaces to
help developers identify and resolve issues. Many also offer remote debugging features and tutorials,
making them accessible to beginners. Here are some of the most commonly used debugging tools:
1. Integrated Development Environments (IDEs)
IDEs like Visual Studio, Eclipse, and PyCharm offer features for software development, including
built-in debugging tools. These tools allow developers to:
 Execute code line-by-line (step debugging)
 Stop program execution at specific points (breakpoints)
 Examine the state of variables and memory
IDEs support many programming languages and scripting languages, often through open-source
plugins.
2. Standalone Debuggers
Standalone debuggers like GDB (GNU Debugger) provide advanced debugging features:
 Conditional breakpoints and watchpoints
 Reverse debugging (running a program backwards)
These tools are powerful but have a steeper learning curve compared to IDE debuggers.
3. Logging Utilities
Logging utilities log a program’s state at various points in the code, which can then be analyzed to
find problems. Logging is particularly useful for debugging issues that only occur in production
environments.
4. Static Code Analyzers
Static code analysis tools examine code without executing it to find potential errors and deviations
from coding standards. They focus on the semantics of the source code, helping developers catch
common mistakes and maintain consistent coding styles.
5. Dynamic Analysis Tools
Dynamic analysis tools monitor software as it runs to detect issues like resource leaks or
concurrency problems. These tools help catch bugs that static analysis might miss, such as memory
leaks or buffer overflows.
6. Performance Profilers
Performance profilers help developers identify performance bottlenecks in their code. They
measure:
 10

 CPU usage
 Memory usage
 I/O operations

Difference Between Debugging and Testing

Aspects Testing Debugging

Testing is the process to find Debugging is the process of correcting the

Definition bugs and errors. bugs found during testing.

The purpose of testing is to

The purpose of debugging is to fix those
identify defects or errors in
defects or errors.
Purpose the software system

It is the process to identify

It is the process to give absolution to code
the failure of implemented
failure.
Focus code.

Testing is done before DebuggingDifferences between Testing

Timing debugging and Debugging is done after testing

Testing involves executing Debugging involves analyzing the

the software system with test symptoms of a problem and identifying the
Approach cases root cause of the problem

Testing can involve using Debugging typically involves using tools

Tools and automated or manual testing and techniques such as logging, tracing,
Technique tools and code inspection.