There are several phases to a proper test analysis, the initial stage is normally the static review. This is the process of examining the static code initially to check for simple errors such as syntax problems or fundamental flaws in both design and application. It’s not normally a long exhaustive check, unless of course some obvious or major issues are identified at this stage.
Just like reviews, static analysis looks out for problems without executing the code. Nonetheless, as opposed to reviews static analysis is undertaken once the code has actually been written. Its objective is to ﬁnd flaws in software source code and software models. Source code is actually any series of statements recorded some human-readable computer programming language which can then be transposed to equivalent computer executable code– this is normally produced by the developer. A software model is an image of the ﬁnal approach developed using techniques such as Uniﬁed Modeling Language (UML); it is commonly generated by a software designer. Normally this should be accessed and stored securely, with restrictions on who can alter this. If accessed remotely it should be through a dedicated line if possible or at least using some sort of secure residential VPN (such as this).
Static analysis can ﬁnd issues that are hard to ﬁnd during the course of test execution by analyzing the program code e.g. instructions to the computer can be in the style of control ﬂow graphs (how control passes between modules) and data ﬂows (making certain data is identiﬁed and accurately used). The value of static analysis is:
Early discovery of defects just before test execution. Just like reviews, the sooner the issue is located, the cheaper and simpler it is to ﬁx.
Early warning regarding questionable aspects of the code or development, by the calculation of metrics, such as a high-complexity measure. If code is too complicated it could be a lot more prone to error or a lot less dependent on the focus given to the code by programmers. If they recognize that the code has to be complicated then they are more probable to check and double check that this is correct; nevertheless, if it is unexpectedly complex there is a higher chance that there will certainly be a problem in it.
Identiﬁcation of defects not easily found by dynamic testing, such as development standard non-compliances as well as detecting dependencies and inconsistencies in software models, such as hyperlinks or user interfaces that were actually either incorrect or unknown before static analysis was carried out.
Enhanced maintainability of code and design. By executing static analysis, defects will be removed that would certainly typically have increased the volume of maintenance needed after ‘go live’. It can also recognize complex code which if fixed will make the code more understandable as well as consequently easier to manage.
Prevention of defects. By pinpointing the defect early in the life cycle it is actually a great deal easier to identify why it was there in the ﬁrst place (root cause analysis) than during test execution, therefore providing information on possible process improvement that could be made to prevent the same defect appearing again.
Source: Finding Residential Proxies, James Williams