Static Testing

1
 Overview

 Static Testing
 Comparison with Dynamic Testing
 Requirement of Manual Testing
 Review Techniques
 Code Reviews
 Walkthroughs
 Inspection
 Static Analysis

2
 What is Static Testing?

A software testing technique to detect defects in the

software
 The software is tested without executing the code
 Evaluates code and documentation
3
Static testing Dynamic testing
Without executing the program By executing the program

Verification process: Are we Validation process: Are we

building the product right? building the right product?
Prevention of defects Finding and fixing the defects
Evaluates code/documentation Finds bugs/bottlenecks in the
system
Cost of defect is less Cost of defect is high

Return on investment will be Return on investment will be low

high (early stage) (after development phase)

• Most approaches use both

4
Applying in Phases of SDLC

5
 Static Testing

 Two parts:

Review - Conducted manually to find and eliminate

errors or ambiguities in documents such as
requirements, design, test cases, etc.

Static analysis - The code written by developers are

analyzed (usually by tools) for structural defects

6
 Why do we need manual review?
 Early defect detection
 Comparison with requirements specification
 Easier to fix defects
 Less amount of mistakes
 Finding errors like using two names for a single
variable
 Ensuring path coverage
 Less time to understand the code: adequate comments in
code, Conformance to coding standards
 Well-documented software
 Easier to get started for newcomers
 Fast adoption of frequently changing requirements
 Review Techniques

 Code Review
 Walkthrough
 Inspection
(In increasing order of formalism)

 Can be used for all deliverables: code and documents

 May be combined

8
 Code Reviews
Types:
 Self
 Peer
 Superior

Features:
 Unstructured
 Informal
 Done by developer community only
 No log or checklist
 If error found rectified on the spot
9
 Code Reviews

Advantages:
 Reviewer is well equipped to understand the code
 Few logistic and scheduling overheads
 Minimum delay in error correction

Disadvantages:
 Author is not the best person to review
 Method is person-dependent and may not work consistently
among developers
 Not an impartial process: may be affected by relationships
10
 Walkthroughs
 More formal than Code Reviews
 Involves more people
 People raise questions
 Author answers, explains the logic and justifies
 Finds answers to questions he is not able to answer

 Members (Constitution may differ)  Outcome:

peer developers list of items
client not understood
next phase developers list of items

Software Quality Assurance group leader thought to be

incorrect
11
 Walkthroughs

Advantages:
Larger groups can attend (education)
Brings in multiple perspectives
More material per meeting
Less preparation time

Disadvantages:
May turn into assessment of author and not the product
Scope is limited to the questions asked
 Inspection
 Team and clients meet to discuss
 May review selected product aspects only
 Focus on important issues
 Involve people examining the source representation to discover
anomalies and defects
 Anomalies in the code might be non-compliance with standards
 May be applied to any representation of the system
(requirements, design, test data, etc.)
 Very effective technique
 Formalised approach to document reviews
13
 Inspection: Features
Formal
Scheduled event
 More preparation time: supplied documents in advance
Defined procedure
Reported result
Technical : Not schedule, Not budget
Give an assessment decision
 Accept
 Minor revision required
 Major revision required
 Reject
 Unanimous approval required 14
 Inspection pre-conditions

 A precise specification must be available

 Team members must be familiar with the
organisation standards
 Syntactically correct code must be available
 An error checklist should be prepared
 Management must accept that inspection will
increase costs early in the software process
 Management must not use inspections for staff
appraisal
 Inspection procedure

 System overview presented to inspection team

 Code and associated documents are distributed to
inspection team in advance
 Inspection takes place and discovered errors are noted
 Modifications are made to repair discovered errors
 Re-inspection may or may not be conducted
 Inspection Team

Made up of at least 4 members playing the following roles

 Author of the code/document being inspected
 Inspector who finds errors, omissions and
inconsistencies
 Moderator who facilitates the session, ensures the
agenda is followed, and encourages all the reviewers to
participate
 Scribe who records the issues identified and any other
technical comments, suggestions, and unresolved
questions which form the basis for the report.
 Team Size

Smaller for Larger for

 Focus  Expertise
 Scheduling  Making review public
 Reasonable  Non-participating
output
volume per person-hour observers
18
 Reviewer’s Tasks

 Prepare before
 Thorough review of the product
 Participate
 Act professionally: no Personal agendas, egos and
shyness
 Give both Positive and negative comments

19
 Inspection Checklist
 Checklist of common errors should
be used to drive the inspection

 Error checklist is programming

language dependent

 The 'weaker' the type checking, the

larger the checklist

 Examples: Initialization, Constant

naming, loop termination, array
bounds, etc.
 Inspection: Advantages
 Saves time and money as defects are found and rectified
very early in the lifecycle.

 This provides value-added comments from reviewers

with different technical backgrounds and experience.

 It notifies the project management team about the

progress of the development process.

 It creates awareness about different development or

maintenance methodologies which can provide a
professional growth to participants 21
 Inspection: Problems
 Time Consuming

 Logistics and
scheduling can
become a issue as
many people are
involved

 Not possible to go
through every line of
code
22
 Inspection: Solution
During planning:

 Identify parts of code requiring inspection

 Classify them according to priority

 Highly critical code for inspection

 Medium and low for walkthrough and code review

23
 Review Report

Purpose
 Tell managers the outcome
 Early warning system for major problems
 Provides historical record
 Process improvement
 Tracking people involved with projects

Contents
 Product issues
 Other related issues
 Summary 24
 Benefits of Reviews

 Development productivity improvement

 Reduced development time
 Review plus test is much cheaper than just Test
 50 - 80 % total cost reduction
 Reduced faults
 Improved customer satisfaction
 Catching most errors before test
 Fewer defects after release

 Static Analysis Methods

Some static analysis methods are:

 Check the code for things such as type errors,

memory leaks etc.

 Compiling code

26
 Static Analysis Finds

 Syntax violations
 A variable with an undefined value
 Variables that are declared but never used
 Unreachable code (or) Dead Code
 Programming standards violations
 Inconsistent interfaces
 Security vulnerabilities

27