They are also known as non-execution techniques. Most static testing techniques can be used to ‘test’ any form of the document including source code, design documents and models, functional specifications, and requirement specifications. Static reviews are most often used to statically test source code. Static reviews find errors, code flaws, and potentially malicious code in the software application. The types of reviews done during this process are formal and informal reviews.
Phases of the formal review
- Planning – In this step exit criteria is defined, and review is done on the following documents: higher-level documents, e.g. design document, standards, e.g. code comments, naming conventions, other related documents of the same level, e.g. interfaces between software functions; usage, e.g. for testability or maintainability
- Kick-off – Kick-off meeting goal is to get everybody on the same line regarding the document under review and the time that will be spent on checking is committed. the result of the entry check and defined exit criteria are also discussed.
- Preparation – All the participants work individually on the document under review using the related documents, procedures, rules, and checklists provided. They identify defects, questions, and comments, according to their understanding of the document and role.
- Review meeting – It consists of the logging phase, discussion phase, and decision phase. In logging phase defects are logged. If the defects logged need to discuss then it goes to the discussion phase whereas in the decision phase, a decision is made on the defects logged and If the number of defects found per page exceeds a certain limit, the document needs rework and review again.
- Rework – Based on the defects detected, the author has to re-work on the document under review by removing defects step by step.
- Follow-up – Changes made to the document are identified during follow-up.
Following are the main review types with their characteristics and common objectives
- Walkthrough – This is an informal type of review meeting conductor by the author where a large number of people participate and bring diverse viewpoints regarding the contents of the document being reviewed. A walkthrough is useful for higher-level documents, such as requirement specifications and architectural documents.
- Technical Review – A technical review focuses on the technical content of a document and compared to inspections, they are less formal. It is performed by peers and technical experts without management participation.
- Inspection – This is the most formal review type which involves peers to examine the product. Rules and checklists are used during the preparation phase and the defects found are documented which will be fixed and reviewed in the follow-up. This improves product quality, by creating documents with a higher level of quality.
- Informal review – This is the most common type of review done at the life cycle. Informal reviews are applied at various times during the early stages in the life cycle document is reviewed informally and informal comments are provided. Example- two-person team conducts an informal review where an author asks his colleague to review a document or code and provide comments.
- Static Analysis – This is the method of debugging by examining source code before executing the program. It’s done by analyzing a set of code against a set (or multiple sets) of coding rules. It helps to ensure that the code meets the industry standards. It exposes weaknesses in source code that might lead to vulnerabilities. It is further categorized as :
- Data-flow analysis: This technique is used for gathering information about the possible set of values calculated at various locations in a computer program.
- Control-flow analysis: This technique is used to determine the control flow or the actions of the program.