Static testing is a software testing method that involves the examination of a program, along with any associated documents, but does not require the program to be executed. Dynamic testing, the other main category of software testing, involves interaction with the program while it runs. The two methods are frequently used together to try to ensure the basic functionalities of a program.
Instead of executing the code, static testing is a process of checking the code and designing documents and requirements before it's run in order to find errors. The main goal is to find flaws in the early stages of development. It is normally easier to find the sources of possible failures this way.
What is subject to static testing?
It's common for code, design documents and requirements to be static tested before the software is run in order to find errors. Anything that relates to functional requirements can also be checked. More specifically, the process will involve reviewing written materials that, altogether, give a wider view of the tested software application as a whole. Some examples of what's tested include:
Benefits of static testing
Some benefits of static testing include:
- Early detection and correction of any coding errors.
- Reduces cost in early stages of development -- in terms of the amount of rework needed to fix any errors.
- Reduced timescales for development.
- Feedback received in this stage will help improve the overall functioning of the software. Once other testing types like dynamic testing start, there won't be as many errors found. This means code is overall more maintainable.
- This process will also help give developers a better idea of the quality issues found in the software.
- With automated tools, this process can be quite fast to review code and other documents.
- Static testing can also boost the amount of communication between teams.
Static testing techniques
Static testing is carried out with two different steps or techniques -- review and static analysis. Static review is typically carried out to find and remove errors and ambiguities found in supporting documents. Documents reviewed include software requirements specifications, design and test cases. The documents can be reviewed in multiple ways, such as in a walkthrough, peer review or as an inspection.
The next step, static analysis, is where the code written by developers is analyzed. The evaluation is done in order to find any structural defects that may lead to errors when run.
Some other techniques used while performing static testing include use case requirements validation, functional requirement validation, architecture review and field dictionary validation. Use case requirements ensure possible end-user actions are properly defined. Functional requirements will identify any necessary requirements for the software. Review of architecture means business-level processes are analyzed. Field dictionary validation will analyze UI fields.
Static testing may also be conducted either manually or through automation with the use of various software testing tools.
Types of static testing reviews
Reviews, the first step in static testing, can be conducted in numerous ways. Reviews are performed to find and remove errors found in supporting documents. This process can be carried out in four different ways:
- Informal -- informal reviews will not follow any specific process to find errors. Coworkers can review documents and provide informal comments.
- Walkthrough -- the author of whichever document is being reviewed will explain the document to their team. Participants will ask questions, and any notes are written down.
- Inspection -- a designated moderator will conduct a strict review as a process to find defects.
- Technical/peer reviews -- technical specifications are reviewed by peers in order to detect any errors.
Differences between static testing vs. dynamic testing
Dynamic testing is a method of assessing the feasibility of a software program by giving input and examining output. The dynamic method requires that the code be compiled and run.
The biggest and most notable difference between static and dynamic testing is that dynamic testing requires code to be executed. Functional behavior and performance are checked to confirm if the code works properly.
Static testing will analyze the code, requirement documents and design documents, while dynamic testing will look at the functional behavior of software systems like memory usage and performance.
Static testing essentially gives an assessment of code, while dynamic testing will try and find active bugs. The cost of finding code defects in dynamic testing will normally cost more in terms of time and money than in static testing.
The two types of testing are meant not meant to be mutually exclusive, however. Ideally, they should be used together. Static testing is about the prevention of defects, whereas dynamic testing is about finding active defects.
Static testing tools
Static testing tools can be used to automate the static testing process. Some example tools include:
- SourceMeter is an example of a static testing tool that can aid in analyzing code in C/C++, Java, C# and Python. It can also integrate with other static testing tools like PMD or FindBugs.
- Veracode Reviews is another static testing tool. This tool focuses on finding security defects. Veracode will work with up to 24 programming languages and can perform static and dynamic testing.