Static analysis is a method that one can use in order to analyze, understand, and assess the quality of a program. The main strength of static analysis is the pinpointing of coding errors without the execution of a program. In this blog post, we discuss how static analysis can contribute to the evaluation of the existing exceptions of a program and how static analysis can help in the prediction of possibly thrown exceptions by a program.
There are many tools and frameworks that use static analysis to analyze Java byte code or source code. For instance, Checkstyle is a popular tool for the identification of violations in the source code according to specific coding standards. FindBugs and PMD are static analyzers that identify bugs in a program. In addition, Soot is a framework that uses static analysis to optimize Java programs. Finally, IDEs such as Eclipse and IntelliJ use static analysis to identify programming errors on the fly.
Even though the already referred tools and frameworks require a learning cost for developers, they are necessary for applications’ stability and maintenance. In fact, Java provides developers with exceptions that can handle errors and exceptional cases, but exception handling can be sometimes complicated and erroneous for applications. Therefore, there is also a need for developers to examine possible bugs in the exception constructs of a program. For instance, FindBugs, provides checks for bad practices in exception constructs.
A control flow graph (CFG) is a representation of the execution of a program, using graph nodes and edges. Data flow analysis is a technique that calculates the values of various states of a program, according to the program’s CFG. This technique can be used for the identification of risky values that can lead a program to a crash. Then, using data flow analysis, static analyzers can predict possible crashes when passing specific values to the methods of a program. For instance, Soot can find might-thrown exceptions from the static analysis of a program and inform developers for possible crashes.
Finally, to make the analysis more precise, there is a kind of powerful static analysis that can simulate the dynamic execution of a program and predict possible runtime crashes (e.g. ArithmeticException in divion by zero). Such a platform is the Java Path Finder (JPF) model checker. However, such tools and platforms require much more learning cost than simple static analyzers and they are mainly applicable to small programs.