What is static testing?
Static testing is a software testing method that examines a program -- along with any associated documents -- but does not require the program to be executed. Dynamic testing, the other main category of software testing, requires testers to interact with the program while it runs. The two methods are frequently used together to ensure the basic functionalities of a program.
Instead of executing the code, static testing is a process of checking the code and designing documents and requirements before it's run to find errors. The main goal is to find flaws in the early stages of development because it is normally easier to find the sources of possible failures this way.
What is subject to static testing?
It's common for code, design documents and requirements to be static tested before the software is run to find errors. Anything that relates to functional requirements can also be checked. More specifically, the process will involve reviewing written materials that provide a wider view of the tested software application as a whole. Some examples of what's tested include the following:
Benefits of static testing
Some benefits of static testing include the following:
- Early detection and correction of any coding errors.
- Reduced cost in the early stages of development based on the amount of rework needed to fix any errors.
- Reduced time scales for development.
- Feedback received at this stage will help improve the overall software function. Once other testing types such as dynamic testing start, there won't be as many errors found. This means the code has become more maintainable.
- This process will also help give developers a better idea of the quality issues found in the software.
- Automated tools can expedite the code and document review process.
- Static testing can also boost the amount of communication between teams.
Static testing techniques
Static testing is carried out with two different steps or techniques -- review and static analysis. Static review is typically carried out to find and remove errors and ambiguities found in supporting documents. Documents reviewed include software requirements specifications, design and test cases. The documents can be reviewed in multiple ways, such as in a walkthrough, peer review or inspection.
The next step, static analysis, is where the code is analyzed. The evaluation is done to find any structural defects that could lead to errors when the program runs.
Some other techniques used while performing static testing include use case requirements validation, functional requirements validation, architecture review and field dictionary validation.
Use case requirements ensure possible end-user actions are properly defined. Functional requirements will identify any necessary requirements for the software. Review of architecture analyzes the business-level processes. Field dictionary validation will analyze user interface fields.
Static testing can also be conducted manually or automated with various tools.
Types of static testing reviews
The first step in static testing is reviews. They can be conducted in numerous ways and look to find and remove errors found in supporting documents. This process can be carried out in four different ways:
- Informal. Informal reviews will not follow any specific process to find errors. Co-workers can review documents and provide informal comments.
- Walk-through. The author of the document in question will explain the document to their team. Participants will ask questions and write down any notes.
- Inspection. A designated moderator will conduct a strict review as a process to find defects.
- Technical or peer reviews. Technical specifications are reviewed by peers to detect any errors.
Static testing vs. dynamic testing
Dynamic testing assesses the feasibility of a software program by giving input and examining output.
The biggest difference between static and dynamic testing is that the code must compile and run in dynamic testing. Static testing can be performed without the application running. Functional behavior and performance are checked to confirm if the code works properly.
Static testing will analyze the code, requirements documents and design documents, while dynamic testing will look at the functional behavior of software systems such as memory usage and performance.
Static testing essentially gives an assessment of code, while dynamic testing will try to find active bugs. From a time and cost perspective, dynamic testing is often more expensive than static testing.
The two types of testing are not meant to be mutually exclusive, however. Ideally, they should be used together. Static testing is about the prevention of defects, whereas dynamic testing is about finding active defects.
Static testing tools
Static testing tools can be used to automate the static testing process. Some examples include the following:
- SourceMeter is an example of a static testing tool that can aid in analyzing code in C, C++, Java, C# and Python. It can also integrate with other static testing tools such as PMD or FindBugs.
- Veracode is another static testing tool. This tool focuses on finding security defects. Veracode works with up to 24 programming languages and can perform static and dynamic testing.