What is System-Level Software Analysis?

0

And, how it kills critical defects to keep your enterprise applications purring like a sports car.

The Exponential Cost of Defects in the SDLC

1

1x

10x

100x

?

Development Systems &

Integration

Testing

Cost of Fixing Cost to

Business

Post-Production

Exponential Cost Increase Fixing Defects in the SDLC

We’ve all seen charts like this.

Many of us have experienced it.

We all know that the later you catch the problem in the software development process, the more it costs to fix.

So, how can it be prevented?

The Devil is in the System-Level Defects

2

Many have tried to prevent the high costs of post-production defects with unit-level code analyzers.

While, in reality, the worst kind of system failures (the kind that keeps

developers up at night) are caused by…

“system-level” defects…

…and, they’re very… hard… to find…

Missed release windows!

Offline applications!

Post-production madness

So, what does ‘system-level’ mean?

3

Analyzing software at

the ‘system-level’

means, examining how

its components interact

with each other

through multiple layers,

and across multiple

technologies.

THE APPLICATION SYSTEM

Application Components

Code Units

Technology Layers

Component Interaction

Detecting System-Level Defects Early and Often can…

4 Icons made by Freepik from www.flaticon.com

Increase software

availability

Enhance software

performance

Raise user

productivity

Speed up

time-to-market

Improve user

satisfaction

Maximize revenue

generation

More than Code Analysis, Much More

Different levels of analysis have varying scopes, and focus on very different types of problems…

5

import java.applet.*;

import java.awt.*;

public class SecondApplet extends Applet {

static final String message = "Hello

World";

private Font font;

// One-time initialization for the

applet

public void init() {

font = new Font("Helvetica",

Font.BOLD, 48);

}

// Draw the applet whenever necessary.

Do some fancy graphics.

public void paint(Graphics g) {

// The pink oval

g.setColor(Color.pink);

g.fillOval(10, 10, 330, 100);

// The red outline. java doesn't

support wide lines, so we

Unit Analysis Component

Analysis System Analysis

Scope • Code quality at developer level

• Entire technology layer • Inter-application

invocation • Single technology

• Entire application • Interaction between

application components • Architectural cohesion

Focus

• Code syntax • Code style & layout • Code hygiene • Code documentation • Common standards

• Component quality and structure

• Security vulnerabilities • Best coding practices

• End-to-end transaction integrity

• Risk propagation simulation • Entire application security • Inter-layer resiliency • Data access control

6

RELIABILITY

• No error handling along the call chain

• Typecast mismatching along the call chain

• Mis-configured frameworks (e.g., update trigger in Hibernate)

EFFICIENCY

• Expensive loops, with indirect calls involved

• Incorrect use of indices

• Multiple performance violations along the call chain

SECURITY

• Input validation, SQL injection, Cross-site scripting

• Failure to use vetted libraries or frameworks

• Secure architecture design compliance

MAINTAINABILITY

• Excessive horizontal layers

• Code duplication – business logic vs. exact code comparison

• Strict hierarchy of calling between architectural layers

Like a finely tuned sports car…

…all the parts of an application must work together in harmony.

Software issues that pose serious threats to stability, performance and security are only detectable once the components are fully integrated.

System-Level Software Analysis Makes a Difference

Because of its holistic approach, system-level software analysis can save your applications from more catastrophic failures than any other type of software quality analysis. And, it requires a unique type of technology.

7

Unit Analysis Component

Analysis System Analysis

Impact Issues Detected

Critical Failures Prevented

Issues Detected

Critical Failures Prevented

Issues Detected

Critical Failures Prevented

Supplier Landscape

Many, both commercial and

open source

Very few, both commercial & open source, often specialized in a single

language

Only CAST can provide system analysis for complex systems

import java.applet.*;

import java.awt.*;

public class SecondApplet extends Applet {

static final String message = "Hello

World";

private Font font;

// One-time initialization for the

applet

public void init() {

font = new Font("Helvetica",

Font.BOLD, 48);

}

// Draw the applet whenever necessary.

Do some fancy graphics.

public void paint(Graphics g) {

// The pink oval

g.setColor(Color.pink);

g.fillOval(10, 10, 330, 100);

// The red outline. java doesn't

support wide lines, so we

90% of Critical Failures are Caused by System-Level Defects

8

Functional Structural

Unit-Level

System-Level

• Inter-layer communication

• Transactions • Data Access • Data manipulation

• Coding basic based on best practices

• Within one program unit

70% 30%

92%

8%

APPLICATION DEVELOPMENT & MAINTENANCE DEFECTS

STRUCTURAL FLAWS

PRODUCTION OUTAGE ATTRIBUTED

90% System-Level

10% Unit-Level

System-Level Quality Analysis

According to the experts

9

“[CAST’s] holistic system approach, looking at the architecture, transactions, control, and data flow across multiple technologies, may

be very beneficial, with numerous engineering studies showing that

bad software engineering practices in the ways components are interrelated and interact…account for only 10% of total defects, but can lead to 90% of production issues.”

http://www.castsoftware.com/system-level-software-analysis 10

Keep cruising