- Mastering Software Testing with JUnit 5
- Boni García
- 603字
- 2021-07-02 15:34:24
Static analysis
Static analysis of a software piece is performed without executing the code. There are several advantages to software analysis over testing:
- During testing, errors can hide other errors. This situation does not happen with static analysis, because it is not concerned with interactions between errors.
- Incomplete versions of a system can be statically analyzed without additional cost. In testing, if a program is incomplete, test harnesses have to be developed.
- Static analysis can consider broader quality attributes of a software system, such as compliance with standards, portability, and maintainability.
There are different methods that can be identified as static analysis:
- Inspection (first proposed by Michael Fagan in 1976) are examinations of software artifacts by human inspectors aimed at discovering and fixing faults in the software systems. All kinds of software assets are subject to be inspected, for example the specification, design models, and so on. The primary reason for the existence of inspection is not waiting for the availability of executable programs (such as in testing) before starting performing inspection.
- Review is the process in which a group of people examine the software and its associated documentation, looking for potential problems and non-conformance with standards, and other potential problems or omissions. Nowadays, reviews are frequently carried out for new code before being merged in a shared source code repository. Typically, the review is done by a different person to the code author within the same team (peer review). This process is quite expensive in terms of time and effort, but on the other side, when correctly performed, it helps to ensure a high internal code quality reducing potential risks.
- Automated software analysis assesses the source code using patterns that are known to be potentially dangerous. This technique is usually delivered as commercial or open source tools and services, commonly known as lint or linter. These tools can locate many common programming faults, analyze the source code before it is tested, and identify potential problems in order to re-code them before they manifest themselves as failures. The intention of this linting process is to draw a code reader’s attention to faults in the program, such as:
- Data faults: This may include variables declared but never used, variables assigned twice but never used between assignments, and so on.
- Control faults: This may include unreachable code or unconditional branches into loops.
- Input/output faults: This may include variables output twice with no intervening assignment.
- Interface faults: This may include parameter-type mismatches, parameter under mismatches, non-usage of the results of functions, uncalled functions and procedures, and so on.
- Storage management faults: This may include unassigned pointers, pointers arithmetic, and so on.
Halfway between static analysis and dynamic testing we find an especial way of software evaluation, called formal verification. This kind of assessment provides mechanisms to check that a system operates according to its formal specification. To that aim, software is treated as a mathematical entity whose correctness can be proved using logical operations, combining different types of static and dynamic evaluation. Nowadays, formal methods are not widely adopted mainly due to scalability problems. Projects using these techniques are mostly relatively small, such as critical kernel systems. As systems grow, the effort required to develop a formal specification and verification grow excessively.
- 精通Nginx(第2版)
- 數(shù)據(jù)庫(kù)程序員面試筆試真題與解析
- Java 9 Programming Blueprints
- PostgreSQL 11從入門到精通(視頻教學(xué)版)
- 鋒利的SQL(第2版)
- JavaScript by Example
- FPGA Verilog開發(fā)實(shí)戰(zhàn)指南:基于Intel Cyclone IV(進(jìn)階篇)
- Selenium Testing Tools Cookbook(Second Edition)
- Scratch3.0趣味編程動(dòng)手玩:比賽訓(xùn)練營(yíng)
- Unity 3D腳本編程:使用C#語(yǔ)言開發(fā)跨平臺(tái)游戲
- RESTful Web Clients:基于超媒體的可復(fù)用客戶端
- Android技術(shù)內(nèi)幕(系統(tǒng)卷)
- Unity 5 Game Optimization
- SQL Server 2014 Development Essentials
- Mastering Responsive Web Design