Static Testing: What You Need to Know
What Is Static Testing?
Static testing is a type of testing that’s performed on a piece of software without executing the actual code. During testing, we review and validate the product and its supporting documents. In contrast, dynamic testing is a type of testing that’s carried out on software during code execution. In this post, we’ll cover static testing techniques, as well as tools that can be used to perform static testing and best practices.
Why Should We Perform Static Testing?
Static testing is performed for the following reasons:
- We can find and address defects and errors early on.
- It improves development productivity.
- It reduces testing costs and the timeline for dynamic testing later on.
- And it reduces the number of defects found later in the process.
What Is Tested During Static Testing?
Static testing is carried out in the following areas:
- Business requirement documents
- Functional or system requirements
- Unit test cases
- Prototypes
- Test data
- DB fields dictionary spreadsheets
- Test plan strategies
- Traceability matrix documents
- Performance test scripts / automation
Static Testing Techniques
Static testing can be performed in two different ways:
- Review process
- Static analysis
Review Process
The goal of this process is to remove errors from the design of the software. This also includes reviewing documents like the software specification document for errors and ambiguities. We can further divide the review process into four steps:
- Informal: During an informal review, the owner of the documents presents the documents to an audience to give their inputs.
- Walkthrough: This type of review is carried out by an expert in a related subject area. The expert reviews the documents to confirm the feasibility of the features so as to ensure issues don’t appear during development.
- Peer review: Members of the internal team perform peer review so that every team member reviews the documents to spot any issues.
- Inspection: This involves reviewing the software requirements specifications (SRS) to verify the specs listed.
Static Analysis
Static analysis is the process of assessing the code written by programmers to ensure the code meets the required standard. Even though we assess code, we don’t actually execute the code. We merely review the code for general best practices, adherence to the style guide, and potential bugs. During static analysis, these are some of the issues you may find:
- Unused/undefined variables
- Dead code
- Infinite loops
- Incorrect coding style
We also review the flow of the program during this process in the two following ways:
- Data flow: Data flow looks at how data comes into the system, any interactions the data experiences, and how the data leaves the system.
- Control flow: Here, we evaluate the order of execution of code statements to ensure it meets the intended behavior.
Tools Used for Static Analysis
Depending on your selected programming language, you can choose from several tools for static analysis. These tools range from code linters to build tools as well as vulnerability checkers. Here are some popular tools for static analysis.
Checkstyle
Checkstyle is a development tool that’s used to maintain the quality of Java code written by programmers. It’s highly configurable and supports almost every type of coding standard available in Java. You can see some of its features below:
- Verifying code layout and formatting issues
- Identifying method and class design problems
- Checking the various features of the code
ESLint
ESLint is a development tool that’s used to detect and fix problems in JavaScript code. In addition, it supports popular coding styles like AirBnB and Standard. It also allows you to define custom style guides to suit your own use case. Some features include the following:
- Statically parse code to find issues
- Automatically fix errors that it finds in your code
- Write custom rules or use your own parsers
SourceMeter
SourceMeter is an advanced static code analysis tool. It supports different languages such as C, C++, Java, Python, and RPG projects. It also helps to identify issues in the source code. Other features are as follows:
- Precise coding error detection
- Deep static code analysis
- Platform-independent command-line tools
There are also other useful tools you can use for static analysis and testing. In fact, Cprime runs a Software Tester Certification Boot Camp that covers various testing concepts including static testing.
Tips for Successful Static Testing
In conclusion, to make sure you get value from static testing, here are some best practices:
- Train members on the process, with examples.
- Focus on the main things that really matter.
- Keep the process formal to maintain the project culture.
- Deliberately plan and track every activity.
- Remove any major delays that will hinder test execution.