Professional Documents
Culture Documents
Static Techniques
4 Test
5 Management 6 Tools
techniques
Chapter 3
CONTENTS
• Review Process
• Static Analysis
CONTENTS
• Review Process
• Static Analysis
Static Testing
Reviews
Static
Testing
Static
Software Analysis
Testing
Dynamic
Testing
Static Testing
Additional benefits:
• More efficient detection & correction of defects
• Identification of defects which are hard to find by dynamic testing
• Prevention of defects in future design & code
• Increased development productivity
• Reduced development & testing code & time reduced total cost
of quality over the software’s lifetime
• Improved communication w/i the team
Reviews are cost-effective
• Educational
• Mutual understandings
• Decision-making facilitation
• Agreed commitment
Question
• Review Process
• Static Analysis
Review Process
Management
Initiate review Checklist-based
Walkthrough
Facilitator
Scenario-based &
Individual review
Dry runs
Review leader
Issue comms & Technical review
Role-based
analysis Reviewer
Issue
Initiate Individual Fixing &
Planning communication &
review review Reporting
Analysis
REVIEW PROCESS: Planning
• Discussion
o More formal review: logging & discussion parts are separated
o Less formal review: logging mixed with discussion
o Moderator takes care of people issues & how discussed items are
handled
• Decision marking: Evaluating the review findings against the exit
criteria to make a review decision
REVIEW PROCESS: Fixing & Reporting
• Optional characteristics:
o Individual preparation
o Checklists
o Defect logs & review reports
• Optional characteristics:
o Review Meeting (Led by a trained moderator, not the author)
o Checklists
o Defect logs & Review reports
• Mandatory characteristics:
o Individual preparation
o Scribe (not the author)
Effectiveness of
defect detection Effort
Typical review 10 – 20% Unknown
Early inspection 30 – 40% 6 - 8 hrs / Insp hr
Mature inspection 80 – 95% 8 - 30 hrs / Insp hr
Inspection Process Overview
Change
Software
Development Request Process
Stage Improvement
Planning
Next Software
Development
Stage
At first glance …
2 hrs? Time
100 pages?
Checking Size
Rate
2 hrs? Time
Optimum:
1 page*
per hour
Checking Size
Rate
• Review Process
• Static Analysis
What can static analysis do?
n := 0
read (x) Data flow anomaly: n is
n := 1 re-defined without being used
while x > y do
begin
Data flow fault: y is used
read (y) before it has been defined
write( n*y) (first time around the loop)
x := x - n
end
Control flow analysis
• Highlights:
o nodes not accessible from start node
o infinite loops
o multiple entry to loops
o whether code is well structured, i.e. reducible
o whether code conforms to a flowchart grammar
o any jumps to undefined labels
o any labels not jumped to
o cyclomatic complexity and other metrics
Unreachable code example
Buffsize: 1000
Mailboxmax: 1000
IF Buffsize < Mailboxmax THEN
Error-Exit
ENDIF
Static Analysis finds the THEN clause unreachable, so will flag a fault
Cyclomatic complexity
• The more complex the flow graph, the greater the measure
• It can most easily be calculated as:
o complexity = number of decisions + 1
Which flow graph is most complex?
2 3 5
init
Example control flow graph
do
Pseudo-code:
Result = 0 if r=r+1
Right = 0
DO WHILE more Questions
IF Answer = Correct THEN end
Right = Right + 1
ENDIF
res
END DO
Result = (Right / Questions)
IF Result > 60% THEN if pass
Print "pass"
ELSE fail
Print "fail”
ENDIF
end
Other static metrics
• Limitations
o cannot distinguish "fail-safe" code from programming faults or
anomalies (often creates overload of spurious error messages)
o does not execute the code, so not related to operating conditions
• Advantages
o can find faults difficult to "see"
o gives objective quality assessment of code
Summary: Key Points