Applying Static Analysis for Software Testing

In this post, I will be sharing my views on Static Analysis and how the same is useful for Software Testing. Using Static Analysis in Testing will also be called as Static Testing.

The generic definition for Static Testing is that

Testing of an Application at the specification or implementation level without execution of that Application.

Static Analysis helps a lot for better Code Quality and we can perform the following set activities against the source code.

  1. Capture Metrics
  2. Complexity of the System (eg. Cyclomatic Complexity)
  3. Compliance against Standards (eg. check for the Java Coding Guidelines)
  4. Exception Handling (Captures the code that contains Unhandled exceptions)
  5. Infinite Loops
  6. Copy Paste Dectors (Most of the developers used to reuse the code via a copy paste and introduce some issues in the process)
  7. Duplicate Code
  8. Dead Code

We should be able to restrict most of the above said issues at very early stage of SDLC by applying Static Testing techniques and make these part of the build process.

Explore posts in the same categories: Programming, Software Metrics, Software Testing, Static Analysis

7 Comments on “Applying Static Analysis for Software Testing”

  1. Hi there – you might be interested in a tool I released for doing static code analyis of Perl code –

    The ‘coutperl’ script produces a report that shows you the cyclomatic complexity of each subroutine in the Perl files you analyze.

    Also, you may be interested in the Perl PPI module (“Parse Perl Independently”) which is a general purpose librray for parsing Perl code into a document-object-model, so you can, for example, find all the subroutines in a body of Perl code.

  2. venkatreddyc Says:

    Hi Matisse,

    Thanks for sharing ‘counterperl’. Can you shed some light on availability of similar tools for Java.

    • Shashidhar Says:

      Hi Venkat,
      One of the best static analysis tools for Java applications would be Magic Lamp static analysis tool being promoted by Jenesys technologies and has been choosen by CISCO as well for mainly doing code level testing on their Java applications.Also being used by banking applications developers for finding security threats in code.

  3. I figured out that you were interested into static analysis tools and I wanted to let you know about our tool NDepend.

    NDepend analyses source code and .NET assemblies. It allows controlling the complexity, the internal dependencies and the quality of .NET code.

    NDepend provides a language (CQL Code Query Language) dedicated to query and constraint a codebase.

    It also comes from with advanced code visualization (Dependencies Matrix, Metric treemap, Box and Arrows graph…), more than 60 metrics, facilities to generate reports and to be integrated with mainstream build technologies and development tools.

    NDepend also allows to compare precisely different versions of your codebase.

  4. Aruna Says:

    Code reviews are helpful in finding unreachable code, references to variables without initializing them etc.

    However successfully exiting inspection is a pre-requisite to start review. Any buy-in or consensus on a product is wasteful unless the Inspection is done prior to it.
    Refer for Inspection which is yet another static analysis technique

  5. Srinivas Rao Labhani Says:

    Hi Venkat,

    I have used a tool called CAST for .NET and Java based apps for Static Code Analysis and it is really good 🙂

  6. Corporate Platina Says:

    Platina provides training in various Testing tools that can transform and help people to know their potential and also providing Staffing, Corporate Training for the required Companies with standards and values in healthy atmosphere.

    Software Testing Institutes in Hyderabad

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: