What is System-Level Software Analysis?
0
And, how it kills critical defects to keep your enterprise applications purring like a sports car.
The Exponential Cost of Defects in the SDLC
1
1x
10x
100x
?
Development Systems &
Integration
Testing
Cost of Fixing Cost to
Business
Post-Production
Exponential Cost Increase Fixing Defects in the SDLC
We’ve all seen charts like this.
Many of us have experienced it.
We all know that the later you catch the problem in the software development process, the more it costs to fix.
So, how can it be prevented?
The Devil is in the System-Level Defects
2
Many have tried to prevent the high costs of post-production defects with unit-level code analyzers.
While, in reality, the worst kind of system failures (the kind that keeps
developers up at night) are caused by…
“system-level” defects…
…and, they’re very… hard… to find…
Missed release windows!
Offline applications!
Post-production madness
So, what does ‘system-level’ mean?
3
Analyzing software at
the ‘system-level’
means, examining how
its components interact
with each other
through multiple layers,
and across multiple
technologies.
THE APPLICATION SYSTEM
Application Components
Code Units
Technology Layers
Component Interaction
Detecting System-Level Defects Early and Often can…
4 Icons made by Freepik from www.flaticon.com
Increase software
availability
Enhance software
performance
Raise user
productivity
Speed up
time-to-market
Improve user
satisfaction
Maximize revenue
generation
More than Code Analysis, Much More
Different levels of analysis have varying scopes, and focus on very different types of problems…
5
import java.applet.*;
import java.awt.*;
public class SecondApplet extends Applet {
static final String message = "Hello
World";
private Font font;
// One-time initialization for the
applet
public void init() {
font = new Font("Helvetica",
Font.BOLD, 48);
}
// Draw the applet whenever necessary.
Do some fancy graphics.
public void paint(Graphics g) {
// The pink oval
g.setColor(Color.pink);
g.fillOval(10, 10, 330, 100);
// The red outline. java doesn't
support wide lines, so we
Unit Analysis Component
Analysis System Analysis
Scope • Code quality at developer level
• Entire technology layer • Inter-application
invocation • Single technology
• Entire application • Interaction between
application components • Architectural cohesion
Focus
• Code syntax • Code style & layout • Code hygiene • Code documentation • Common standards
• Component quality and structure
• Security vulnerabilities • Best coding practices
• End-to-end transaction integrity
• Risk propagation simulation • Entire application security • Inter-layer resiliency • Data access control
6
RELIABILITY
• No error handling along the call chain
• Typecast mismatching along the call chain
• Mis-configured frameworks (e.g., update trigger in Hibernate)
EFFICIENCY
• Expensive loops, with indirect calls involved
• Incorrect use of indices
• Multiple performance violations along the call chain
SECURITY
• Input validation, SQL injection, Cross-site scripting
• Failure to use vetted libraries or frameworks
• Secure architecture design compliance
MAINTAINABILITY
• Excessive horizontal layers
• Code duplication – business logic vs. exact code comparison
• Strict hierarchy of calling between architectural layers
Like a finely tuned sports car…
…all the parts of an application must work together in harmony.
Software issues that pose serious threats to stability, performance and security are only detectable once the components are fully integrated.
System-Level Software Analysis Makes a Difference
Because of its holistic approach, system-level software analysis can save your applications from more catastrophic failures than any other type of software quality analysis. And, it requires a unique type of technology.
7
Unit Analysis Component
Analysis System Analysis
Impact Issues Detected
Critical Failures Prevented
Issues Detected
Critical Failures Prevented
Issues Detected
Critical Failures Prevented
Supplier Landscape
Many, both commercial and
open source
Very few, both commercial & open source, often specialized in a single
language
Only CAST can provide system analysis for complex systems
import java.applet.*;
import java.awt.*;
public class SecondApplet extends Applet {
static final String message = "Hello
World";
private Font font;
// One-time initialization for the
applet
public void init() {
font = new Font("Helvetica",
Font.BOLD, 48);
}
// Draw the applet whenever necessary.
Do some fancy graphics.
public void paint(Graphics g) {
// The pink oval
g.setColor(Color.pink);
g.fillOval(10, 10, 330, 100);
// The red outline. java doesn't
support wide lines, so we
90% of Critical Failures are Caused by System-Level Defects
8
Functional Structural
Unit-Level
System-Level
• Inter-layer communication
• Transactions • Data Access • Data manipulation
• Coding basic based on best practices
• Within one program unit
70% 30%
92%
8%
APPLICATION DEVELOPMENT & MAINTENANCE DEFECTS
STRUCTURAL FLAWS
PRODUCTION OUTAGE ATTRIBUTED
90% System-Level
10% Unit-Level
System-Level Quality Analysis
According to the experts
9
“[CAST’s] holistic system approach, looking at the architecture, transactions, control, and data flow across multiple technologies, may
be very beneficial, with numerous engineering studies showing that
bad software engineering practices in the ways components are interrelated and interact…account for only 10% of total defects, but can lead to 90% of production issues.”
http://www.castsoftware.com/system-level-software-analysis 10
Keep cruising