Static, as in Stationary or Stagnant. What do you think is stationary in software terms? Yeah! The code. Either it can be stationary – or running, i.e. when you run the code. As the name suggests Static Code Testing is one of the software testing technique where the code is stationary, i.e. NOT running. How? Simple, you don’t execute any functionality (or code). Then how does it ‘test’ the system, you may ask 🙂 In Static Code Testing we don’t execute the code, instead it is checked manually or via tools for any design defects. As you might have guessed – Static Testing is not just limited to the code, we can even analyse the associated documentation like requirement & design documents to identify any potential errors or standard violations. Static testing is also known as Dry run testing.
Note: We have used Static Code testing and Static Testing inter-changeably. However as you might have guessed – Static code testing is a sub-set of Static testing!
Main objective of Static Code testing is to improve the quality of software products by finding errors in early stages of the development cycle. Some of the defect types that are easier to find during static code testing are: Programming standards violations, missing requirements, design defects, non-maintainable code, inconsistent interface specifications, variable with an undefined value, variables that are declared but never used, Unreachable code (or) Dead Code, Security vulnerabilities or Syntax violations.
Static Testing Techniques
Conducting a static testing involves a series of procedures and techniques that evaluate the software for possible errors and bugs. Specific techniques of static testing include Informal and Formal reviews, Walk-through sessions, Inspection and Code analysis.
- Informal Reviews: As the name suggests – these are informal reviews wherein no process is followed to find errors in the document. Just review the document and give informal comments on it.
- Technical Reviews: A technical team (mostly consisting of peers) review the technical specification of the software product and checks whether it is suitable for the project. The aim is to find any discrepancies in the specifications and standards followed.
- Walk-through: A step-by-step presentation by the author of a document in order to gather information and to establish a common understanding of its content. Participants can ask questions if any. A Scribe makes note of review comments.
- Inspection: The most formal review technique and therefore always based on a documented procedure. Reviewers have checklist to review the work products. They record the defects such as violation of development standards or non-conformance to higher level documentation and inform the participants to rectify those errors. The meeting is led by trained moderator.
- Static code analysis: This is systematic review of the software source code without executing the code. It checks the syntax of the code, coding standards, code optimization, etc. This is also termed as white box testing .This review can be done at any point during development.
Static Testing starts early in the Software Life-cycle, i.e. during the verification process. Most static testing techniques can be used to ‘test’ any form of documentation including source code, design documents and models, functional specifications and requirement specifications.
Advantages of Static testing
Static testing is not an in-depth type of testing. However, it provides software developers useful insights about the code structure of the software products. The primary objective of all static testing is to find errors as early as possible in the SDLC and thereby improve the quality of the end-product with the least amount of cost.
- Since static testing can start early in the life cycle, early feedback on quality issues can be established and rework costs are most often relatively low.
- Since rework effort is substantially reduced, development productivity figures are likely to increase.
- The evaluation by a team has the additional advantage that there is an exchange of information between the participants.
- Static tests contribute to an increased awareness of quality issues.
Static Code testing may be conducted manually or through the use of various software testing tools. The sophistication of the analysis performed by tools varies from those that only consider the behavior of individual statements and declarations, to those that include the complete source code of a program in their analysis. A growing commercial use of static analysis is in the verification of properties of software used in safety-critical computer systems and locating potentially vulnerable code.
Static Code Testing is essential
Many people, even some testers, don’t realize that testing can and should start before a line of code is ever written. Static testing is that process, and it continues even after coding has started, but execution of the code isn’t necessary in static code testing. By thoroughly reviewing requirements, design documents, design specifications, and prototypes, static testing can unearth defects early in the SDLC where it’s more cost effective to fix them.
All software organizations should consider using reviews in all major aspects of their work including requirements, design, implementation, testing, and maintenance. However, static code testing alone is not enough to prove the reliability of the software. Conducting static and dynamic tests together in combination will ensure proper validation, verification and all types of quality assurance tests.