STATIC TESTING       Hoang V. Nguyen       startnewday85@gmail.com       startnewday85.blogspot.com       Dept. of Compute...
User                                                            Acceptancerequirements                                    ...
• To find defects            • To find defects• Examine the work product   • Use the product to collectfor errors         ...
Tester Training Course   2011
 Early testing principle      • rework cost in average is responsible for ~40% of the      total software development cos...
 Reductions in lifetime costs     Improved communication results     Gaining understand     Aiding in professional dev...
Tester Training Course   2011
 What can be inspected          • anything that is written or typed      What can be tested by static testing          •...
 Deviations from standards                          Requirements defects                          Design defects       ...
Tester Training Course   2011
Tester Training Course   2011
Tester Training Course   2011
 is a moderated meeting in which                         reviewers list all issues and defects                         th...
 A work product and an inspection team is   selected    A moderator is chosen to moderate the meeting    Each inspector...
Review             FollowPlanning    Kick off      Preparation             Rework                                        m...
Review             FollowPlanning    Kick off      Preparation             Rework                                        m...
Review             FollowPlanning    Kick off      Preparation             Rework                                        m...
Review                      FollowPlanning    Kick off      Preparation                 Rework                            ...
Checklist     a list of problems which must be checked     usually in the form of questions     Why        • objectivel...
Review             FollowPlanning    Kick off      Preparation             Rework                                        m...
Review             FollowPlanning    Kick off      Preparation             Rework                                        m...
Review                FollowPlanning    Kick off      Preparation             Rework                                      ...
 is a discussion meeting that focuses on   achieving consensus about the technical   content    The experts that are nee...
 Goals       • assess the value of technical concepts and alternatives       in the product and project environment      ...
 Key characteristics       • is documented       • includes peers and technical experts       • often performed as a peer...
The author sends a copy of the                         work product to selected project                         team membe...
Tester Training Course   2011
 is a simple review    does not produce written logs    can be used as predecessors to inspections       • to reduce th...
 To present the document to stakeholders both                     within and outside the software discipline, in         ...
Tester Training Course   2011
 A code review is a special kind of inspection in    which the team examines a sample of code and    fixes any defects in...
 It’s important to review the code which is most likely    to have defects. This will generally be the most    complex, t...
Tester Training Course   2011
 Pair programming is a technique in which two    programmers work simultaneously at a single    computer and continuously...
 In pair programming, two programmers sit at one     computer to write code. Generally, one programmer will     take cont...
 Review is a static testing method(without running)   We have many types of review   From informal to formal   How to ...
 Manager       • decides on What is to be reviewed; schedule; closure    Moderator(review leader)       • planning the r...
Tester Training Course   2011
Tester Training Course   2011
Explicitly planand track review activitiesTester Training Course    2011
Train participantsTester Training Course      2011
Tester Training Course   2011
Process issues     must follow the rules but keep it simple     make the process only as formal as the    project cultur...
Continual Improvement            Process      ToolsTester Training Course           2011
Cost              BenefitTester Training Course             2011
Tester Training Course   2011
Question                              What is the main difference between a                                walkthrough and...
Question   Which of the following statements about reviews                       is true?Reviews cannot be performed on us...
Question                                      Which review is inexpensive                         Walkthrough             ...
Question   Review is one of the methods of V&V. The other                     method areInspectionWalkthroughTestingAll of...
Question                             In formal review, Rework: fixing defects                                 found typica...
Question   An important benefit of code inspections is that                        they:Are cheap to performCan be perform...
Question                             Objective of design review meeting is                         To identify problems wi...
Question    ______reviews are often held with just the    programmer who wrote the code and one or two    other programmer...
Question                         Which of the following activities differentiate a                         walkthrough fro...
Question    What makes an inspection different from other    review typesIt is led by a trained leader, uses formal entry ...
Tester Training Course   2011
 A form of automated static testing          • exactly automated review          • check for violations of standards     ...
 Does the program terminate?                     How large can the heap become during                    execution?     ...
 Ensure correctness          • verify behavior          • catch bugs early       Increase efficiency          • resource...
Tester Training Course   2011
Tester Training Course   2011
Tester Training Course   2011
Tester Training Course   2011
 Static Code Analysis to the rescueTester Training Course                      2011
 Use an automatic systematic approach     Use formal methods and measures     Without running code => can be applied   ...
Tester Training Course   2011
 Programming(code) standard violations     Security vulnerabilities     Unreachable(dead) code     Undeclared variable...
 The most well-known feature of SCA     Define coding standard         • a set of programming rules     Often configure...
 Is the study of data flow structure     Data flow structure follows the trail of    data items as it is accessed and mo...
 Data flow structure         • variable defined where a value is stored into it         • variable used where the stored ...
n := 0;                             n is re-defined without    read (x);                being used    n := 1;             ...
 Data structure refers to the organization    of the data itself, independent of the    program     Provides a lot of in...
 Is the study of control flow structure     Control flow structure addresses the    sequence in which the instructions a...
a := 4;    b := 15;    z := 7;    while b > z do       begin             writeln(z);             z++;             if(a>b) ...
 Why      • How big and complex      • Help to decide among several design alternatives      • Help to decide how much ri...
 Is a measure of the complexity of a flow     graph        • the code that the flow graph represents    the more complex...
What is the cyclomatic complexity?           1            2                   3              5Tester Training Course      ...
Question           Static analysis is best described asThe analysis of batch programsThe reviewing of test plansThe analys...
Question                                       Data flow analysis studies                         Possible communications ...
Question                         Static analysisSame as static testingDone by the developersBoth A and BNone of the above ...
Question                            Cyclomatic complexity is used to calculate                         Number of independe...
Question                     Code WalkthroughType of dynamic testingType of static testingNeither dynamic or staticPerform...
Question                           Which of the following statements is true                                       of stat...
Question              Peer reviews are also called as:InspectionWalkthroughTechnical ReviewFormal Review Tester Training C...
Question                         Success Factors for a review include                         i.   Each review does not ha...
Question    The Kick Off phase of a formal review includes                    the following:Explaining the objectiveFixing...
Question                               A series of probing questions about the                               completeness ...
Upcoming SlideShare
Loading in...5
×

Static Testing

2,085

Published on

Static Testing

Published in: Technology, Business
1 Comment
3 Likes
Statistics
Notes
  • Hello. I would invite all who are interested in static code analysis, try our tool PVS-Studio.
    PVS-Studio is a static analyzer that detects errors in source code of C/C++/C++11 applications (Visual Studio 2005/2008/2010).
    Examples of use PVS-Studio:
    100 bugs in Open Source C/C++ projects
    http://www.viva64.com/en/a/0079/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
2,085
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
248
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Static Testing

  1. 1. STATIC TESTING Hoang V. Nguyen startnewday85@gmail.com startnewday85.blogspot.com Dept. of Computer Science – FIT - HUATester Training Course
  2. 2. User Acceptancerequirements Testing System System Testing requirements Integration Global Design Testing Detailed Design Unit Testing implementationTester Training Course 2011
  3. 3. • To find defects • To find defects• Examine the work product • Use the product to collectfor errors failures• without executing the • must execute the codecode Tester Training Course 2011
  4. 4. Tester Training Course 2011
  5. 5.  Early testing principle • rework cost in average is responsible for ~40% of the total software development cost • engineers spend up to 1/3 of their compiling & testing, relying on these activities to detect defects  Development productivity can be improved and timescales reduced  Testing costs and time can be reducedTester Training Course 2011
  6. 6.  Reductions in lifetime costs  Improved communication results  Gaining understand  Aiding in professional development for team membersTester Training Course 2011
  7. 7. Tester Training Course 2011
  8. 8.  What can be inspected • anything that is written or typed  What can be tested by static testing • Requirement specifications • Design document • Code • Schedules • Test plans, test cases, defect reportsTester Training Course 2011
  9. 9.  Deviations from standards  Requirements defects  Design defects  Insufficient maintainability  Incorrect interface specificationsTester Training Course 2011
  10. 10. Tester Training Course 2011
  11. 11. Tester Training Course 2011
  12. 12. Tester Training Course 2011
  13. 13.  is a moderated meeting in which reviewers list all issues and defects they have found in the document and log them so that they can be addressed by author  commonly inspected work products such as SRS, design documents and test plansTester Training Course 2011
  14. 14.  A work product and an inspection team is selected  A moderator is chosen to moderate the meeting  Each inspector prepares for the meeting by reading the work product and noting each defect  Meeting: discussion is focused on each defect, and coming up with a specific resolution  The moderator compiles all of the defect resolutions into a inspection logTester Training Course 2011
  15. 15. Review FollowPlanning Kick off Preparation Rework meeting up Tester Training Course 2011
  16. 16. Review FollowPlanning Kick off Preparation Rework meeting up Work product and inspection team is selected Moderator(inspection leader) is chosen Define entry and exit criteria Decide which part of work product to review Assign the roles to the reviewers Tester Training Course 2011
  17. 17. Review FollowPlanning Kick off Preparation Rework meeting up Distributing documents Explaining the objectives, process, and documents Checking entry criteria Note: role assignments, checking rate, the pages to be checked Tester Training Course 2011
  18. 18. Review FollowPlanning Kick off Preparation Rework meeting up The participants work individually on the Timework product under review Can use the related documents, rules andchecklists provided Identify defects, questions and commentsand write a report for them Checking Note: should use checklist rate Size Tester Training Course 2011
  19. 19. Checklist  a list of problems which must be checked  usually in the form of questions  Why • objectively • based on lessons learned • as general as possible  can be used by both authors and reviewers  Example checklist for code review • Are comments accurate and meaningful? • Are all variables declared? Tester Training Course 2011
  20. 20. Review FollowPlanning Kick off Preparation Rework meeting up  The meeting typical consists of: logging, discussion and decision phase  The meeting is moderated by moderator(inspection leader)  During the logging phase the issues are mentioned page by page, reviewer by reviewer, and should not discuss  In discussion phase, focused on issues, and classify them(critical, major and minor)  At the end of the meeting, a decision on the work product under review has to be made by the participants Tester Training Course 2011
  21. 21. Review FollowPlanning Kick off Preparation Rework meeting up Based on the defects detected, the author will improve thework product under review step by step Changes that are made to the document should be easy toidentify during follow up Tester Training Course 2011
  22. 22. Review FollowPlanning Kick off Preparation Rework meeting up The moderator will check that the agreed defects have beenaddressed and will gather metrics such as how time was spent on thereview, how many defects were found will also check the exit criteria to ensure that they have beenmet Tester Training Course 2011
  23. 23.  is a discussion meeting that focuses on achieving consensus about the technical content  The experts that are needed for a technical review • architects • chief designers • key usersTester Training Course 2011
  24. 24.  Goals • assess the value of technical concepts and alternatives in the product and project environment • establish consistency in the use and representation of technical concepts • ensure, at an early stage, that technical concepts are used correctly • inform participants of the technical content of the documentTester Training Course 2011
  25. 25.  Key characteristics • is documented • includes peers and technical experts • often performed as a peer review with out management participant • ideally it is lead by a trained moderator, but possibly also by technical expert • Reviewers prepare for review meeting and prepare a review report with a list of findingsTester Training Course 2011
  26. 26. The author sends a copy of the work product to selected project team members. The team members read it, and then write up defects and comments to send back to the authorTester Training Course 2011
  27. 27. Tester Training Course 2011
  28. 28.  is a simple review  does not produce written logs  can be used as predecessors to inspections • to reduce the amount of effort involved in the inspection • to meet entry criteria of inspection processTester Training Course 2011
  29. 29.  To present the document to stakeholders both within and outside the software discipline, in order to gather information regarding the topic under documentation  To explain (knowledge transfer) and evaluate the contents of the document  To establish a common understanding of the document  To examine and discuss the validity of proposed solutions and the viability of alternatives, establishing consensusTester Training Course 2011
  30. 30. Tester Training Course 2011
  31. 31.  A code review is a special kind of inspection in which the team examines a sample of code and fixes any defects in it.  In a code review, a defect is a block of code which does not properly implement its requirements, which does not function as the programmer intended, or which is not incorrect but could be improved • For example, it could be made more readable or its performance could be improvedTester Training Course 2011
  32. 32.  It’s important to review the code which is most likely to have defects. This will generally be the most complex, tricky or involved code.  Good candidates for code review include: • A portion of the software that only one person has the expertise to maintain • Code that implements a highly abstract or tricky algorithm • An object, library or API that is particularly difficult to work with • Code written by someone who is inexperienced or has not written that kind of code before, or written in an unfamiliar language • Code which employs a new programming technique • An area of the code that will be especially catastrophic if there are defectsTester Training Course 2011
  33. 33. Tester Training Course 2011
  34. 34.  Pair programming is a technique in which two programmers work simultaneously at a single computer and continuously review each others’ work  Although many programmers were introduced to pair programming as a part of Extreme Programming, it is a practice that can be valuable in any development environment.  Pair programming improves the organization by ensuring that at least two programmers are able to maintain any piece of the softwareTester Training Course 2011
  35. 35.  In pair programming, two programmers sit at one computer to write code. Generally, one programmer will take control and write code, while the other watches and advises • Some teams have found that pair programming works best for them if the pairs are constantly rotated; this helps diffuse the shared knowledge throughout the organization. Others prefer to pair a more junior person with a more senior for knowledge sharing  The project manager should not try to force pair programming on the team; it helps to introduce the change slowly, and where it will meet the least resistance • It is difficult to implement pair programming in an organization where the programmers do not share the same nine-to-five (or ten-to-six) work schedule. • Some people do not work well in pairs, and some pairs do not work well togetherTester Training Course 2011
  36. 36.  Review is a static testing method(without running)  We have many types of review  From informal to formal  How to choose the appropriate level of formality • The maturity of the development process • Legal or regulatory requirementsTester Training Course 2011
  37. 37.  Manager • decides on What is to be reviewed; schedule; closure  Moderator(review leader) • planning the review, moderate review meeting and follow up after meeting  Author • takes responsibility for fixing any agreed defects  Reviewer • identify and describes defects(with solutions)  Scriber(recorder) • attends the review meeting and documents all of the issues and defects, problems and open pointsTester Training Course 2011
  38. 38. Tester Training Course 2011
  39. 39. Tester Training Course 2011
  40. 40. Explicitly planand track review activitiesTester Training Course 2011
  41. 41. Train participantsTester Training Course 2011
  42. 42. Tester Training Course 2011
  43. 43. Process issues  must follow the rules but keep it simple  make the process only as formal as the project culture or maturity level allows  do not become too theoretical or too detailed  checklist and roles are recommended to increase the effectiveness of defect identificationTester Training Course 2011
  44. 44. Continual Improvement Process ToolsTester Training Course 2011
  45. 45. Cost BenefitTester Training Course 2011
  46. 46. Tester Training Course 2011
  47. 47. Question What is the main difference between a walkthrough and an inspection? An inspection is lead by the author, whilst a walkthrough is lead by a trained moderator An inspection has a trained leader, whilst a walkthrough is lead by a trained moderator A walkthrough is lead by the author, whilst an inspection is lead by trained moderator Authors are not present during inspections, whilst they are during walkthroughsTester Training Course 2011
  48. 48. Question Which of the following statements about reviews is true?Reviews cannot be performed on user reuirementsspecificationsReviews are the least effective way of testing codeReviews are unlikely to find faults in test plansReviews should be performed on specifications,code and test plans Tester Training Course 2011
  49. 49. Question Which review is inexpensive Walkthrough Informal Review Techincal Review InspectionTester Training Course 2011
  50. 50. Question Review is one of the methods of V&V. The other method areInspectionWalkthroughTestingAll of the above Tester Training Course 2011
  51. 51. Question In formal review, Rework: fixing defects found typically done by_______ Moderator Author Reviewer RecorderTester Training Course 2011
  52. 52. Question An important benefit of code inspections is that they:Are cheap to performCan be performed by the person who wrote thecodeCan be performed by inexperienced staffEnable the code to be tested before the executionenviroment is ready Tester Training Course 2011
  53. 53. Question Objective of design review meeting is To identify problems with design To solve the problems with design Both A and B None of the aboveTester Training Course 2011
  54. 54. Question ______reviews are often held with just the programmer who wrote the code and one or two other programmers or testersFormal ReviewsPeer ReviewsSemi Formal ReviewsAll of the above Tester Training Course 2011
  55. 55. Question Which of the following activities differentiate a walkthrough from a formal review A walkthrough does not follow a defined process For a walkthrough individual preparation by the reviewers is optional A walkthrough requires meeting A walkthrough finds the causes of failures, while formal review finds the failuresTester Training Course 2011
  56. 56. Question What makes an inspection different from other review typesIt is led by a trained leader, uses formal entry andexit criteria and checklistsIt is led by the author of the document to beinspectedIt can only be used for reviewing design and codeIt is led by the author, uses checklists, and collectsdata for improvement Tester Training Course 2011
  57. 57. Tester Training Course 2011
  58. 58.  A form of automated static testing • exactly automated review • check for violations of standards • check for things which may be fault  often used by developer to automated code review, and is called Static Code Analysis  also used by designer to review software models, and is called Analysis of ModelsTester Training Course 2011
  59. 59.  Does the program terminate?  How large can the heap become during execution?  What is the possible output?  Some question about PC • what is value of variable x when it is used • Can the pointer p be null • is the variable x initialized before it is read • what is a lower and upper bound on the value of a variable • etcTester Training Course 2011
  60. 60.  Ensure correctness • verify behavior • catch bugs early  Increase efficiency • resource usage • compiler optimizationsTester Training Course 2011
  61. 61. Tester Training Course 2011
  62. 62. Tester Training Course 2011
  63. 63. Tester Training Course 2011
  64. 64. Tester Training Course 2011
  65. 65.  Static Code Analysis to the rescueTester Training Course 2011
  66. 66.  Use an automatic systematic approach  Use formal methods and measures  Without running code => can be applied earlier  Some kinds of defects are hard to find by dynamic testingTester Training Course 2011
  67. 67. Tester Training Course 2011
  68. 68.  Programming(code) standard violations  Security vulnerabilities  Unreachable(dead) code  Undeclared variables  Inconsistent interface  Boundary violations  Syntax violationsTester Training Course 2011
  69. 69.  The most well-known feature of SCA  Define coding standard • a set of programming rules  Often configured on IDE  Without such tools, more violations • the number of rules is usually so large that nobody can remember them all • some context-sensitive rules that demand reviews of several files are very hard to check by human being • avoid checking coding standards in review, that will distract them from other defectsTester Training Course 2011
  70. 70.  Is the study of data flow structure  Data flow structure follows the trail of data items as it is accessed and modified by the code  Typical defects can be found • referencing a variable with an undefined value • variables that are never usedTester Training Course 2011
  71. 71.  Data flow structure • variable defined where a value is stored into it • variable used where the stored value is accessed • variable is undefined before it is defined or when it goes out of scope y = x+z; //y is defined; x,z are used if a>b then read(c); //a,b are used; c is definedTester Training Course 2011
  72. 72. n := 0; n is re-defined without read (x); being used n := 1; ==> Data flow anomaly while x > y do begin y is used before it has read (y); been defined ==> Data flow fault write( n*y); x := x – n; end;Tester Training Course 2011
  73. 73.  Data structure refers to the organization of the data itself, independent of the program  Provides a lot of information about the difficulty in writing programs to handle the data; then is used in designing test cases  Sometimes a program is complex because it has a complex data structure, rather than because of complex control or data flowTester Training Course 2011
  74. 74.  Is the study of control flow structure  Control flow structure addresses the sequence in which the instructions are executed  Typical defects can be found • unreachable(dead) code • infinite loops • any jumps to undefined labels • provide the code metrics • whether code conforms to a flowchart grammarTester Training Course 2011
  75. 75. a := 4; b := 15; z := 7; while b > z do begin writeln(z); z++; if(a>b) then b:=a; unreachable(dead) code end;Tester Training Course 2011
  76. 76.  Why • How big and complex • Help to decide among several design alternatives • Help to decide how much risk  Typical code metrics • LOC – Lines of code • operands & operators(Halstead’s metrics) • fan-in & fan-out • nesting levels • OO metrics: inheritance tree depth, coupling & cohesionTester Training Course 2011
  77. 77.  Is a measure of the complexity of a flow graph • the code that the flow graph represents  the more complex the flow graph, the greater the measure  it can most easily be calculated as: • complexity = number of decisions + 1Tester Training Course 2011
  78. 78. What is the cyclomatic complexity? 1 2 3 5Tester Training Course 2011
  79. 79. Question Static analysis is best described asThe analysis of batch programsThe reviewing of test plansThe analysis of program codeThe use of black box testing Tester Training Course 2011
  80. 80. Question Data flow analysis studies Possible communications bottlenecks in a program The rate of change of data values as a program executes The use of data on paths through the code The intrinsic complexity of the codeTester Training Course 2011
  81. 81. Question Static analysisSame as static testingDone by the developersBoth A and BNone of the above Tester Training Course 2011
  82. 82. Question Cyclomatic complexity is used to calculate Number of independent paths in the basic set of a program Number of binary decisions + 1 Number bound for the number of test that must be conducted to ensure that all statements have been executed at least one Number of braches and decisionsTester Training Course 2011
  83. 83. Question Code WalkthroughType of dynamic testingType of static testingNeither dynamic or staticPerformed by the testing team Tester Training Course 2011
  84. 84. Question Which of the following statements is true of static analysis Compiling code is not a form of static analysis Static analysis need not be performed before imperative code is executed Static analysis can find faults that are hard to find with dynamic testing Extensive static analysis will not needed if white- box testing is to be performedTester Training Course 2011
  85. 85. Question Peer reviews are also called as:InspectionWalkthroughTechnical ReviewFormal Review Tester Training Course 2011
  86. 86. Question Success Factors for a review include i. Each review does not have a predefined objective ii. Defects found are welcomed and expressed objectively iii. Management supports a good review process iv. There is an emphasis on learning and process improvement Ii, iii, iv are correct and i is incorrect iii, i, iv are correct and ii is incorrect i, iii, iv, ii are in correct Ii is correctTester Training Course 2011
  87. 87. Question The Kick Off phase of a formal review includes the following:Explaining the objectiveFixing defects found typical done by authorFollow upIndividual meeting preparations Tester Training Course 2011
  88. 88. Question A series of probing questions about the completeness and attributes an application system is called Cheklist Checkpoint review Decision table Decision treeTester Training Course 2011
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×