SlideShare a Scribd company logo

Static analysis by tools

Download as PPTX, PDF
W
winy setya ningrum

The document discusses static analysis tools which can examine software work products like requirements, design, code, and test plans without executing the system. This helps find defects before delivering the product to customers. Coding standards and code metrics are analyzed which help identify complex areas of code that require more testing. Control flow, data flow, and data structure are different aspects of code structure that static analysis considers to understand program effort and find defects.

Education
1 of 10
STATIC ANALYSIS BY TOOLSDEPARTEMENT OF INFORMATION SYSTEM FACULTY OF SCIENCE AND TECHNOLOGY STATE ISLAMIC UNIVERSITY OF SULTAN SYARIF KASIM OF RIAU Winy Setya Ningrum By :
STATIC ANALYSIS BY TOOLS There is much to be done examining software work products without actually running the system. For example, we saw in the previous section that we can carefully review requirements, designs, code, test plans and more, to find defects and fix them before we deliver a product to a customer. In this section, we focus on a different kind of static testing, where we carefully examine requirements, designs and code, usually with automated assistance to ferret out additional defects before the code is actually run. Thus, what is called static analysis is just another form of testing.
a. Coding standards An extra reason for adopting this approach is that if you take a well-known coding stan-dard there will probably be checking tools available that support this standard. It can even be put the other way around: purchase a static code analyzer and declare (a selection of) the rules in it as your coding standard. Without such tools, the enforcement of a coding standard in an organization is likely to fail. There are three main causes for this: the number of rules in a coding standard is usually so large that nobody can remember them all; some context- sensitive rules that demand reviews of several files are very hard to check by human beings; and if people spend time checking coding standards in reviews, that will distract them from other defects they might otherwise find, making the review process less effective.
b. Code metrics As stated, when performing static code analysis, usually information is calculated about structural attributes of the code, such as comment fre-quency, depth of nesting, cyclomatic number and number of lines of code. This information can be computed not only as the design and code are being created but also as changes are made to a system, to see if the design or code is becoming bigger, more complex and more difficult to understand and maintain. The measurements also help us to decide among several design alternatives, especially when redesigning portions of existing code.
Continue... Experienced programmers know that 20% of the code will cause 80% of the problems, and complexity analysis helps to find that all-important 20%, which relate back to the principle on defect clustering as explained in Chapter 1. Complexity metrics identify high risk, complex areas. The cyclomatic complexity metric is based on the number of decisions in a program. It is important to testers because it provides an indication of the amount of testing (including reviews) necessary to practically avoid defects. In other words, areas of code identified as more complex are can-didates for reviews and additional dynamic tests. While there are many ways to calculate cyclomatic complexity, the easiest way is to sum the number of binary decision statements (e.g. if, while, for, etc.) and add 1 to it. A more formal definition regarding the calculation rules is provided in the glossary.
Continue... Below is a simple program as an example: IF A = 354 THEN IF B > C THEN A = B ELSEA= C ENDIF ENDIF Print A The control flow shows seven nodes (shapes) and eight edges (lines), thus using the formal formula the cyclomatic complexity is 8-7 + 2 = 3. In this case there is no graph called or subroutine. Alternatively one may calculate the cyclomatic complexity using the decision points rule. Since there are two decision points, the cyclomatic complexity is 2 + 1 = 3.
c. Code structure There are many different kinds of structural measures, each of which tells us something about the effort required to write the code in the first place, to understand the code when making a change, or to test the code using particular tools or techniques. It is often assumed that a large module takes longer to specify, design, code and test than a smaller one. But in fact the code's structure plays a big part. There are several aspects of code structure to consider: • control flow structure; • data flow structure; • data structure.
Continue...  The control flow structure addresses the sequence in which the instructions are executed. This aspect of structure reflects the iterations and loops in a program's design. If only the size of a program is measured, no information is provided on how often an instruction is executed as it is run. Control flow analysis can also be used to identify unreachable (dead) code. In fact many of the code metrics relate to the control flow structure, e.g. number of nested levels or cyclomatic complexity.  Data flow structure follows the trail of a data item as it is accessed and mod-ified by the code. Many times, the transactions applied to data are more complex than the instructions that implement them. Thus, using data flow measures it is shown how the data act as they are transformed by the program. Defects can be found such as referencing a variable with an undefined value and variables that are never used.
BIBLIONGRAPHY Graham et.al. (2011). ISTQB-Fondation of Software Testing. London: Cengage Learning EMEA.
Link • http://sif.uin-suska.ac.id/ • http://fst.uin-suska.ac.id/ • http://www.uin-suska.ac.id/

Recommended

Software Verification, Validation and Testing
Software Verification, Validation and TestingSoftware Verification, Validation and Testing
Software Verification, Validation and Testing
Dr Sukhpal Singh Gill
 
Formal Methods
Formal MethodsFormal Methods
Formal Methods
HendMuhammad
 
Test design techniques
Test design techniquesTest design techniques
Test design techniques
Mohamed Elshenawy
 
Model checking With ATM
Model checking With ATM Model checking With ATM
Model checking With ATM
Muhammad Ameer Hamza
 
Validation verification
Validation verificationValidation verification
Validation verification
khair20
 
Paper 06
Paper 06Paper 06
Paper 06
Sunil Pandey
 
Black box and white box testing
Black box and white box testingBlack box and white box testing
Black box and white box testing
AWADHESH PRATAP SINGH UNIVERSITY, REWA (M.P.)
 
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems CodeBugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code
Miro Cupak
 

Recommended

Software Verification, Validation and Testing
Software Verification, Validation and TestingSoftware Verification, Validation and Testing
Software Verification, Validation and Testing
Dr Sukhpal Singh Gill
 
Formal Methods
Formal MethodsFormal Methods
Formal Methods
HendMuhammad
 
Test design techniques
Test design techniquesTest design techniques
Test design techniques
Mohamed Elshenawy
 
Model checking With ATM
Model checking With ATM Model checking With ATM
Model checking With ATM
Muhammad Ameer Hamza
 
Validation verification
Validation verificationValidation verification
Validation verification
khair20
 
Paper 06
Paper 06Paper 06
Paper 06
Sunil Pandey
 
Black box and white box testing
Black box and white box testingBlack box and white box testing
Black box and white box testing
AWADHESH PRATAP SINGH UNIVERSITY, REWA (M.P.)
 
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems CodeBugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code
Miro Cupak
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box Testing
Testbytes
 
Software develop....
Software develop.... Software develop....
Software develop....
GCWUS
 
Introduction to formal methods
Introduction to formal methodsIntroduction to formal methods
Introduction to formal methods
Inzemamul Haque
 
SE2_Lec 21_ TDD and Junit
SE2_Lec 21_ TDD and JunitSE2_Lec 21_ TDD and Junit
SE2_Lec 21_ TDD and Junit
Amr E. Mohamed
 
White box black box & gray box testing
White box black box & gray box testingWhite box black box & gray box testing
White box black box & gray box testing
Himanshu
 
Mi0033 software engineering...
Mi0033 software engineering...Mi0033 software engineering...
Mi0033 software engineering...
smumbahelp
 
What is-requirement-traceability-matrix-and-why-is-it-needed-
What is-requirement-traceability-matrix-and-why-is-it-needed-What is-requirement-traceability-matrix-and-why-is-it-needed-
What is-requirement-traceability-matrix-and-why-is-it-needed-
pooja deshmukh
 
Different techniques-of-software-testing
Different techniques-of-software-testingDifferent techniques-of-software-testing
Different techniques-of-software-testing
pooja deshmukh
 
Software Testing Methodologies
Software Testing MethodologiesSoftware Testing Methodologies
Software Testing Methodologies
ABHISHEK KUMAR
 
Gray box testing
Gray box testingGray box testing
Gray box testing
Dasun Eranthika
 
Classic Formal Methods Model Checking
Classic Formal Methods Model CheckingClassic Formal Methods Model Checking
Classic Formal Methods Model Checking
tyramisu
 
Software, Security, manual testing training in Chandigarh
Software, Security, manual testing training in Chandigarh Software, Security, manual testing training in Chandigarh
Software, Security, manual testing training in Chandigarh
tapsi sharma
 
Experiments on Design Pattern Discovery
Experiments on Design Pattern DiscoveryExperiments on Design Pattern Discovery
Experiments on Design Pattern Discovery
Tim Menzies
 
76201929
7620192976201929
76201929
IJRAT
 
Structural and functional testing
Structural and functional testingStructural and functional testing
Structural and functional testing
Himanshu
 
Se (techniques for black box testing ppt)
Se (techniques for black box testing ppt)Se (techniques for black box testing ppt)
Se (techniques for black box testing ppt)
Mani Kanth
 
June 2010 exam questions and answers
June 2010 exam questions and answersJune 2010 exam questions and answers
June 2010 exam questions and answers
DamonTauroa
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box Testing
MariamKhan120
 
Mca se chapter_9_formal_methods
Mca se chapter_9_formal_methodsMca se chapter_9_formal_methods
Mca se chapter_9_formal_methods
Aman Adhikari
 
White box testing
White box testingWhite box testing
White box testing
Neethu Tressa
 
1506.08725v1
1506.08725v11506.08725v1
1506.08725v1
Sandeep Sivanandan
 
Software Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsSoftware Engineering Important Short Question for Exams
Software Engineering Important Short Question for Exams
MuhammadTalha436
 

More Related Content

What's hot

Mi0033 software engineering...
Mi0033 software engineering...Mi0033 software engineering...
Mi0033 software engineering...
smumbahelp
 
Classic Formal Methods Model Checking
Classic Formal Methods Model CheckingClassic Formal Methods Model Checking
Classic Formal Methods Model Checking
tyramisu
 
June 2010 exam questions and answers
June 2010 exam questions and answersJune 2010 exam questions and answers
June 2010 exam questions and answers
DamonTauroa
 

What's hot (20)

Black Box Testing
Black Box TestingBlack Box Testing
Black Box Testing
 
Software develop....
Software develop.... Software develop....
Software develop....
 
Introduction to formal methods
Introduction to formal methodsIntroduction to formal methods
Introduction to formal methods
 
SE2_Lec 21_ TDD and Junit
SE2_Lec 21_ TDD and JunitSE2_Lec 21_ TDD and Junit
SE2_Lec 21_ TDD and Junit
 
White box black box & gray box testing
White box black box & gray box testingWhite box black box & gray box testing
White box black box & gray box testing
 
Mi0033 software engineering...
Mi0033 software engineering...Mi0033 software engineering...
Mi0033 software engineering...
 
What is-requirement-traceability-matrix-and-why-is-it-needed-
What is-requirement-traceability-matrix-and-why-is-it-needed-What is-requirement-traceability-matrix-and-why-is-it-needed-
What is-requirement-traceability-matrix-and-why-is-it-needed-
 
Different techniques-of-software-testing
Different techniques-of-software-testingDifferent techniques-of-software-testing
Different techniques-of-software-testing
 
Software Testing Methodologies
Software Testing MethodologiesSoftware Testing Methodologies
Software Testing Methodologies
 
Gray box testing
Gray box testingGray box testing
Gray box testing
 
Classic Formal Methods Model Checking
Classic Formal Methods Model CheckingClassic Formal Methods Model Checking
Classic Formal Methods Model Checking
 
Software, Security, manual testing training in Chandigarh
Software, Security, manual testing training in Chandigarh Software, Security, manual testing training in Chandigarh
Software, Security, manual testing training in Chandigarh
 
Experiments on Design Pattern Discovery
Experiments on Design Pattern DiscoveryExperiments on Design Pattern Discovery
Experiments on Design Pattern Discovery
 
76201929
7620192976201929
76201929
 
Structural and functional testing
Structural and functional testingStructural and functional testing
Structural and functional testing
 
Se (techniques for black box testing ppt)
Se (techniques for black box testing ppt)Se (techniques for black box testing ppt)
Se (techniques for black box testing ppt)
 
June 2010 exam questions and answers
June 2010 exam questions and answersJune 2010 exam questions and answers
June 2010 exam questions and answers
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box Testing
 
Mca se chapter_9_formal_methods
Mca se chapter_9_formal_methodsMca se chapter_9_formal_methods
Mca se chapter_9_formal_methods
 
White box testing
White box testingWhite box testing
White box testing
 

Similar to Static analysis by tools

Transaction Based Verification Methodology - 2000
Transaction Based Verification Methodology - 2000Transaction Based Verification Methodology - 2000
Transaction Based Verification Methodology - 2000
Steve Cox
 

Similar to Static analysis by tools (20)

1506.08725v1
1506.08725v11506.08725v1
1506.08725v1
 
Software Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsSoftware Engineering Important Short Question for Exams
Software Engineering Important Short Question for Exams
 
Maturity of-code-mgmt-2016-04-06
Maturity of-code-mgmt-2016-04-06Maturity of-code-mgmt-2016-04-06
Maturity of-code-mgmt-2016-04-06
 
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPUR
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPURLine Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPUR
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPUR
 
Traps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit WindowsTraps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit Windows
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Unit iv
Unit ivUnit iv
Unit iv
 
Chater 3 Static Technic (by Eva Normala)
Chater 3 Static Technic (by Eva Normala)Chater 3 Static Technic (by Eva Normala)
Chater 3 Static Technic (by Eva Normala)
 
CS2006Ch02A.ppt dfxgbfdcgbhfcdhbfdcbfdcgfdg
CS2006Ch02A.ppt dfxgbfdcgbhfcdhbfdcbfdcgfdgCS2006Ch02A.ppt dfxgbfdcgbhfcdhbfdcbfdcgfdg
CS2006Ch02A.ppt dfxgbfdcgbhfcdhbfdcbfdcgfdg
 
Chapter 3 - Analytical Techniques
Chapter 3 - Analytical TechniquesChapter 3 - Analytical Techniques
Chapter 3 - Analytical Techniques
 
Ensuring code quality
Ensuring code qualityEnsuring code quality
Ensuring code quality
 
Software testing and introduction to quality
Software testing and introduction to qualitySoftware testing and introduction to quality
Software testing and introduction to quality
 
Transaction Based Verification Methodology - 2000
Transaction Based Verification Methodology - 2000Transaction Based Verification Methodology - 2000
Transaction Based Verification Methodology - 2000
 
IRJET- A Detailed Analysis on Windows Event Log Viewer for Faster Root Ca...
IRJET- A Detailed Analysis on Windows Event Log Viewer for Faster Root Ca...IRJET- A Detailed Analysis on Windows Event Log Viewer for Faster Root Ca...
IRJET- A Detailed Analysis on Windows Event Log Viewer for Faster Root Ca...
 
IRJET- Development Operations for Continuous Delivery
IRJET- Development Operations for Continuous DeliveryIRJET- Development Operations for Continuous Delivery
IRJET- Development Operations for Continuous Delivery
 
Problems of testing 64-bit applications
Problems of testing 64-bit applicationsProblems of testing 64-bit applications
Problems of testing 64-bit applications
 
Mi0033 software engineering
Mi0033 software engineeringMi0033 software engineering
Mi0033 software engineering
 
The Magic Of Application Lifecycle Management In Vs Public
The Magic Of Application Lifecycle Management In Vs PublicThe Magic Of Application Lifecycle Management In Vs Public
The Magic Of Application Lifecycle Management In Vs Public
 
Deployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V CoreDeployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V Core
 
Computers in management
Computers in managementComputers in management
Computers in management
 

Recently uploaded

Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Shajedul Islam Pavel
 
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportIndustrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
Avinash Rai
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
Excellence Foundation for South Sudan
 
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringBasic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Denish Jangid
 

Recently uploaded (20)

Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. SalemOperations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
 
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
 
Salient features of Environment protection Act 1986.pptx
Salient features of Environment protection Act 1986.pptxSalient features of Environment protection Act 1986.pptx
Salient features of Environment protection Act 1986.pptx
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Benefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational ResourcesBenefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational Resources
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training ReportIndustrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
 
Gyanartha SciBizTech Quiz slideshare.pptx
Gyanartha SciBizTech Quiz slideshare.pptxGyanartha SciBizTech Quiz slideshare.pptx
Gyanartha SciBizTech Quiz slideshare.pptx
 
Introduction to Quality Improvement Essentials
Introduction to Quality Improvement EssentialsIntroduction to Quality Improvement Essentials
Introduction to Quality Improvement Essentials
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
NLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptxNLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptx
 
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringBasic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxMatatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Forest and Wildlife Resources Class 10 Free Study Material PDF
Forest and Wildlife Resources Class 10 Free Study Material PDFForest and Wildlife Resources Class 10 Free Study Material PDF
Forest and Wildlife Resources Class 10 Free Study Material PDF
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxslides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
 

Static analysis by tools

  • 1. STATIC ANALYSIS BY TOOLSDEPARTEMENT OF INFORMATION SYSTEM FACULTY OF SCIENCE AND TECHNOLOGY STATE ISLAMIC UNIVERSITY OF SULTAN SYARIF KASIM OF RIAU Winy Setya Ningrum By :
  • 2. STATIC ANALYSIS BY TOOLS There is much to be done examining software work products without actually running the system. For example, we saw in the previous section that we can carefully review requirements, designs, code, test plans and more, to find defects and fix them before we deliver a product to a customer. In this section, we focus on a different kind of static testing, where we carefully examine requirements, designs and code, usually with automated assistance to ferret out additional defects before the code is actually run. Thus, what is called static analysis is just another form of testing.
  • 3. a. Coding standards An extra reason for adopting this approach is that if you take a well-known coding stan-dard there will probably be checking tools available that support this standard. It can even be put the other way around: purchase a static code analyzer and declare (a selection of) the rules in it as your coding standard. Without such tools, the enforcement of a coding standard in an organization is likely to fail. There are three main causes for this: the number of rules in a coding standard is usually so large that nobody can remember them all; some context- sensitive rules that demand reviews of several files are very hard to check by human beings; and if people spend time checking coding standards in reviews, that will distract them from other defects they might otherwise find, making the review process less effective.
  • 4. b. Code metrics As stated, when performing static code analysis, usually information is calculated about structural attributes of the code, such as comment fre-quency, depth of nesting, cyclomatic number and number of lines of code. This information can be computed not only as the design and code are being created but also as changes are made to a system, to see if the design or code is becoming bigger, more complex and more difficult to understand and maintain. The measurements also help us to decide among several design alternatives, especially when redesigning portions of existing code.
  • 5. Continue... Experienced programmers know that 20% of the code will cause 80% of the problems, and complexity analysis helps to find that all-important 20%, which relate back to the principle on defect clustering as explained in Chapter 1. Complexity metrics identify high risk, complex areas. The cyclomatic complexity metric is based on the number of decisions in a program. It is important to testers because it provides an indication of the amount of testing (including reviews) necessary to practically avoid defects. In other words, areas of code identified as more complex are can-didates for reviews and additional dynamic tests. While there are many ways to calculate cyclomatic complexity, the easiest way is to sum the number of binary decision statements (e.g. if, while, for, etc.) and add 1 to it. A more formal definition regarding the calculation rules is provided in the glossary.
  • 6. Continue... Below is a simple program as an example: IF A = 354 THEN IF B > C THEN A = B ELSEA= C ENDIF ENDIF Print A The control flow shows seven nodes (shapes) and eight edges (lines), thus using the formal formula the cyclomatic complexity is 8-7 + 2 = 3. In this case there is no graph called or subroutine. Alternatively one may calculate the cyclomatic complexity using the decision points rule. Since there are two decision points, the cyclomatic complexity is 2 + 1 = 3.
  • 7. c. Code structure There are many different kinds of structural measures, each of which tells us something about the effort required to write the code in the first place, to understand the code when making a change, or to test the code using particular tools or techniques. It is often assumed that a large module takes longer to specify, design, code and test than a smaller one. But in fact the code's structure plays a big part. There are several aspects of code structure to consider: • control flow structure; • data flow structure; • data structure.
  • 8. Continue...  The control flow structure addresses the sequence in which the instructions are executed. This aspect of structure reflects the iterations and loops in a program's design. If only the size of a program is measured, no information is provided on how often an instruction is executed as it is run. Control flow analysis can also be used to identify unreachable (dead) code. In fact many of the code metrics relate to the control flow structure, e.g. number of nested levels or cyclomatic complexity.  Data flow structure follows the trail of a data item as it is accessed and mod-ified by the code. Many times, the transactions applied to data are more complex than the instructions that implement them. Thus, using data flow measures it is shown how the data act as they are transformed by the program. Defects can be found such as referencing a variable with an undefined value and variables that are never used.
  • 9. BIBLIONGRAPHY Graham et.al. (2011). ISTQB-Fondation of Software Testing. London: Cengage Learning EMEA.