Many sources note that automatic static code analysis include data flow and control flow. But these two are included in white box testing as well. Is there a difference in the automation? That in automatic static analysis all is done by the tools while in white box testing, a person creates the data to exercise the possible paths?
Automatic Static Analysis vs White Box Testing – A Comparison
static analysistesting
Related Solutions
I've never heard of the term "static testing". I have only heard of the term "static analysis", which refers to any time a work product is examined without being used. This includes code reviews as well as using tools such as lint, FindBugs, PMD, and FxCop.
Here is some information from sources that I have available:
- Section 5 (Software Testing) of the Guide to the Software Engineering Body of Knowledge does not reference "static testing". It refers to "static software quality management techniques" described in Section 11 (Software Quality). Section 11 only has a single mention of tools being used to support these activities, stating that the analytic static activities may be conducted "with or without the assistance of tools".
- Ian Sommerville's Software Engineering, 8th Edition's glossary specifically mentions static analysis as being a "tool-based analysis of a program's source code to discover errors and anomalies". However, in Chapter 22.3, Sommerville does refer to inspections as "one form of static analysis". There is no reference to "static testing". This book is considered one of the canonical references about the breadth of software engineering and is often cited as recommended reading before both IEEE certification exams.
- Roger S. Pressman's Software Engineering: A Practitioner's Approach, 6th Edition makes no references to static analysis or static testing that I could find in the index or the chapters on testing.
- Steve McConnell's Code Complete, 2nd Edition makes no specific references to either static analysis or static testing. However, Chapter 30.2 has a section about analyzing code quality. Tools to automatically check syntax and semantics are called tools that "examine the static source code to assess its quality". A specific example is Lint, which is frequently referred to as a static analysis tool by other sources.
Analysis tools can only be used to verify the product. Human reviews of artifacts can be used to perform both verification and validation. Testing that involves the software's execution can be verification, validation, or both, depending on the context. The key difference is that verification is concerned with finding mistakes and defects. In contrast, validation is concerned with ensuring the requirements adequately describe the customer/user's needs, and the work artifacts (design, implementation, and tests) correspond to the requirements (and the products that they are derived from).
The branch is an optionnal execution path, whereas a decision is the result of a combination of conditions (i.e. a boolean expression).
Thus, there can be decision without branch. For example:
int fun(int a, int b){
return (a > 5) && (b < 15);
}
In the above function, "(a > 5)" is a condition, "(b < 15)" is another condition. "(a > 5) && (b < 15)" is a decision. And there is no branch.
Thus in this example, the decision coverage will be reached with only 2 tests, and the branch coverage on source code reach 100% with a single test.
Branch coverage at assembly level would require the same two tests, but the question become tricky if you write the function like this:
int fun(int a, int b){
return (a > 5) & (b < 15);
}
There is still a boolean decision (computed with arithmetic operations) and the assembly would not have branches.
Nasa handbook on MCDC measurement clarify this type of differences. http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20040086014_2004090420.pdf
Best Answer
Static analysis and testing are different things, and pick up different classes of problems.
With black or white box testing, you execute parts of the code with inputs, etc that the developer or tester thinks are important. The only real quality control you have over the developer / tester's design of test cases is code coverage ... and that doesn't tell you anything about whether the logic has been properly tested.
By contrast, static analysis is looking for problems in a different way; i.e. by analysing what the code does independently of the test cases / data. Typically they find different kinds of problem, and typically they find them with less effort on the part of the developer / tester. For example, a static analyser might identify dead code, or a storage or resource leak that would be impossible to find by unit testing, or an unsafe practice like (in Java) using
==
to test strings.In short the two approaches are complementary.