In contrast to dynamic testing, which requires the execution of the software being tested, static testing relies on the manual examination of work products via reviews or tool-driven evaluation of the code or other work products through static analysis. Both types of static testing assess the code or other work product being tested without actually executing the code or work product being tested.
A benefit of static testing is that you can use reviews or static analysis to examine almost any work product, including:
- Specifications like ICD and ECD
- Acceptance criteria for features or user stories
- Architecture and design
- Test scenarios and automated test scripts
- Configuration setup
You can apply a review to any work product that you know how to read and understand. Static analysis can be applied efficiently to any work product with a formal structure (typically code) for which appropriate static analysis tools exist.
Static testing techniques provide a variety of benefits. When applied early in the software development lifecycle, static testing enables the detection of defects before dynamic testing is performed. For example, these defects can be spotted in the requirements or design specifications reviews, backlog refinement, and the like. Defects found early are often much cheaper to remove than defects found later in the lifecycle, especially compared to defects found after the software is deployed and in active use.
Compared to dynamic testing, typical defects that are easier and cheaper to find and fix through static testing include:
- Requirement defects: Inconsistencies, ambiguities, contradictions, omissions, inaccuracies, and redundancies
- Design defects: Inefficient algorithms or database structures, high coupling, and low cohesion
- Coding defects: Variables with undefined values, variables that are declared but never used, unreachable code, duplicate code
- Deviations from standards: Lack of adherence to coding standards
- Incorrect interface specifications: Different units of measurement used by the calling system than by the called system
- Security vulnerabilities: Susceptibility to buffer overflows
- Gaps or inaccuracies in test basis traceability or coverage: Missing tests for an acceptance criterion
While it's easy to want to rush a product or feature out the door to meet a deadline, don't compromise on your testing. It's important that you give static testing the same level of weightage and focus as dynamic testing.