ISTQB_CTFL_Syllabus - 3

Static Testing

Overview

Static testing is defined as a testing method that examines the software products without executing the software, differentiating it from dynamic testing that depends on code execution. This approach is highly effective for assessing work products such as code, design documents, requirements specifications, and more. Static testing aims to improve software quality, identify defects, and assess attributes like readability, completeness, and correctness.

3.1 Static Testing Basics

3.1.1 Work Products Examinable by Static Testing

Static testing can be applied to a variety of work products, including:

• Requirement specification documents

• Source code

• Test plans

• Test cases

• Product backlog items

• Project documentation, contracts, and models

It is essential that the work products are readable and understandable to ensure thorough examination during static testing. Notably, products that lack interpretable structure, such as third-party executable code, should not be subjected to static analysis.

3.1.2 Value of Static Testing

The value of static testing lies in its ability to detect defects early in the Software Development Life Cycle (SDLC). Early detection aligns with the principle of early testing and enables identification of issues that dynamic testing may miss, such as unreachable code or design flaws. Additionally, it enhances stakeholder confidence by verifying documented requirements, facilitating improved understanding and communication among stakeholders. This collaborative process fosters a shared vision, reducing misunderstandings related to project requirements, thereby minimizing costly rework and project delays.

3.1.3 Differences between Static Testing and Dynamic Testing

Static and dynamic testing are complementary, yet they exhibit several differences:

• Defect Detection: Static testing finds defects directly through examination, while dynamic testing discovers defects via execution and subsequent analysis.

• Applicability: Static testing applies to non-executable work products, whereas dynamic testing exclusively addresses executable products.

• Cost Efficiency: Identifying defects through static testing can often be less resource-intensive, resulting in significant savings in development costs in the long run.

• Characteristics Evaluated: Static testing can gauge quality attributes irrespective of execution, like maintainability, while dynamic testing measures execution-dependent metrics, such as performance.

Commonly Detected Defects

Static testing is particularly effective in identifying:

• Requirement inconsistencies or omissions

• Poor database structures or design defects

• Coding anomalies like undeclared variables or excessive complexity

• Standards deviations

• Interface specification errors

• Security vulnerabilities like buffer overflows

3.2 Feedback and Review Process

3.2.1 Benefits of Early and Frequent Stakeholder Feedback

Engaging stakeholders from the beginning of the SDLC is paramount as it mitigates potential quality issues. Active stakeholder involvement ensures that their expectations are met, significantly reducing the probability of misunderstandings regarding requirements, which can lead to project failure. Frequent feedback helps developers align features with stakeholder expectations, enhancing project value delivery and risk management.

3.2.2 Review Process Activities

The review process, outlined in the ISO/IEC 20246 standard, includes:

• Planning: Establishing the scope, purpose, and resources required for the review.

• Review Initiation: Ensuring all participants are prepared and understand their roles prior to the review.

• Individual Review: Freelance assessments of the work product focus on identifying anomalies and quality.

• Communication and Analysis: Discussing identified anomalies in review meetings to determine follow-up actions.

• Fixing and Reporting: Documenting defects for corrective actions and reporting findings upon reaching exit criteria.

3.2.3 Roles and Responsibilities in Reviews

Understanding roles is crucial for effective reviews, which include:

• Manager: Decides on the reviews and allocates resources.

• Author: Crafts and modifies the work product.

• Moderator: Facilitates review meetings, ensuring effectiveness and openness.

• Scribe: Documents anomalies and decisions made during the review.

• Reviewer: Evaluates work, could be project members or external experts.

• Review Leader: Manages the overall review process and participants.

3.2.4 Review Types

Various review types cater to different levels of formality:

• Informal Review: No defined process, focuses on anomaly detection.

• Walkthrough: Led by the author; it evaluates quality and builds consensus.

• Technical Review: Involves technically adept reviewers aimed at resolving issues and building confidence.

• Inspection: Most formal type, emphasizing finding the maximum number of defects.

3.2.5 Success Factors for Reviews

To achieve effective reviews, key factors include:

• Defining clear objectives and measurable exit criteria.

• Choosing the right review type based on context and needs.

• Conducting reviews on manageable work product sizes for focus.

• Providing constructive feedback to enhance product quality.

• Ensuring stakeholder support and organizational culture promotes continuous improvement.

• Facilitating adequate training for participants to fulfill their roles effectively.