3. Static techniques

Question 1

What is static testing?

Answer 1

During static testing, software work products are examined

manually, or with a set of tools, but not executed.

Question 2

What defects are easier to find with static techniques?

Answer 2

deviations from standards, missing
requirements, design defects, non-maintainable code and inconsistent interface
specifications. Note that in contrast to dynamic testing, static testing finds
defects rather than failures.

Question 3

What are the advantages of static techniques?

Answer 3

• Since static testing can start early in the life cycle, early feedback on quality issues can be established, e.g. an early validation of user requirements and not just late in the life cycle during acceptance testing.
• By detecting defects at an early stage, rework costs are most often relatively low and thus a relatively cheap improvement of the quality of software products can be achieved.
• Since rework effort is substantially reduced, development productivity
figures are likely to increase.
• The evaluation by a team has the additional advantage that there is an exchange of information between the participants.
• Static tests contribute to an increased awareness of quality issues.

Question 4

What are the main variations of reviews?

Answer 4

Reviews vary from very informal to formal (i.e. well structured and regulated)

Question 5

What are the phases of a formal review?

Answer 5

1  Planning 
2  Kick-off 
3  Preparation 
4  Review meeting 
5  Rework 
6  Follow-up.

Question 6

What are entry criteria for a document under entry check?

Answer 6

• A short check of a product sample by the moderator (or expert) does not
reveal a large number of major defects. For example, after 30 minutes of
checking, no more than 3 major defects are found on a single page or fewer
than 10 major defects in total in a set of 5 pages.
• The document to be reviewed is available with line numbers.
• The document has been cleaned up by running any automated checks
that apply.
• References needed for the inspection are stable and available.
• The document author is prepared to join the review team and feels confident
with the quality of the document.

Question 7

What is the average maximum size for the pages to be reviewed in a document during a review session?

Answer 7

10 and 20 pages. In formal inspection, only a page or two
may be looked at in depth in order to find the most serious defects that are
not obvious.

Question 8

What is a usual size fo the reviewing team?

Answer 8

4-6 persons including moderation and author.

Question 9

What roles regarding focus of the review can be assinged in a review team?

Answer 9

• focus on higher-level documents, e.g. does the design comply to the
requirements;
• focus on standards, e.g. internal consistency, clarity, naming conventions,
templates;
• focus on related documents at the same level, e.g. interfaces between soft
ware functions;
• focus on usage, e.g. for testability or maintainability.

Question 10

What is Kick-off?

Answer 10

An optional step in a review procedure is a kick-off meeting. The goal of this
meeting is to get everybody on the same wavelength regarding the document
under review and to commit to the time that will be spent on checking.
During the kick-off meeting the reviewers receive a short introduction on the
objectives of the review and the documents. The relationships between the doc-
ument under review and the other documents (sources) are explained, espe-
cially if the number of related documents is high.

Question 11

What is a critical success factro during Preparation step in review process?

Answer 11

A critical success factor for a thorough preparation is the number of pages
checked per hour. This is called the checking rate. The optimum checking
rate is the result of a mix of factors, including the type of document, its com-
plexity, the number of related documents and the experience of the reviewer.
Usually the checking rate is in the range of five to ten pages per hour, but
may be much less for formal inspection, e.g. one page

Question 12

What is a review meeting step in review process?

Answer 12

The meeting typically consists of the following elements (partly depending on
the review type): logging phase, discussion phase and decision phase.
During the logging phase the issues, e.g. defects, that have been identified
during the preparation are mentioned page by page, reviewer by reviewer and
are logged either by the author or by a scribe. To ensure progress and efficiency, no real discussion is allowed during the
logging phase. If an issue needs discussion, the item is logged and then handled
in the discussion phase.

Question 13

What classes of severity of defects can be identified during the logging?

Answer 13

• Critical: defects will cause downstream damage; the scope and impact of the
defect is beyond the document under inspection.
• Major, defects could cause a downstream effect (e.g. a fault in a design can
result in an error in the implementation).
• Minor, defects are not likely to cause downstream damage (e.g. non-compli
ance with the standards and templates).
During the logging phase the focus is on logging as many defects as possible
within a certain timeframe. To ensure this, the moderator tries to keep a good logging rate (number of defects logged per minute). In a well-led and disciplined formal review meeting, the logging rate should be between one and two
defects logged per minute.

Question 14

What is the most important exit criteria for a document under review?

Answer 14

The most
important exit criterion is the average number of critical and/or major defects
found per page (e.g. no more than three critical/major defects per page).

Question 15

What is rework step in document review process?

Answer 15

Based on the defects detected, the author will improve the document under
review step by step.

Question 16

What is follow-up step in document review process?

Answer 16

The moderator is responsible for ensuring that satisfactory actions have been
taken on all (logged) defects, process improvement suggestions and change
requests.

Question 17

What are the main types of participants that can be distinguished in the review team?

Answer 17

moderator, author, scribe and reviewer. In addition man-
agement needs to play a role in the review process.
The moderator (or review leader) leads the review process.
As the writer of the document under review, the author’s basic goal should
be to learn as much as possible with regard to improving the quality of the
document, but also to improve his or her ability to write future documents.
the scribe (or recorder) has to record each defect
mentioned and any suggestions for process improvement. In practice it is often
the author who plays this role, ensuring that the log is readable and understand-
able. If authors record their own defects, or at least make their own notes in
their own words, it helps them to understand the log better during rework.
The task of the reviewers (also called checkers or inspectors) is to check any
material for defects, mostly prior to the meeting.
The manager is involved in the reviews as he or she decides on the execution of
reviews, allocates time in project schedules and determines whether review
process objectives have been met.

Question 18

What the main types of review?

Answer 18

Walkthrough, technical review, inspection

Question 19

What is a walkthrough review?

Answer 19

A walkthrough is characterized by the author of the document under review
guiding the participants through the document and his or her thought
processes, to achieve a common understanding and to gather feedback.

Question 20

What is a technical review?

Answer 20

A technical review is a discussion meeting that focuses on achieving con-
sensus about the technical content of a document. Compared to inspec-
tions, technical reviews are less formal and there is little or no focus on
defect identification on the basis of referenced documents, intended read-
ership and rules. During technical reviews defects are found by experts,
who focus on the content of the document.

Question 21

What is inspection review?

Answer 21

Inspection is the most formal review type. The document under inspection is
prepared and checked thoroughly by the reviewers before the meeting, compar-
ing the work product with its sources and other referenced documents, and
using rules and checklists. In the inspection meeting the defects found are
logged and any discussion is postponed until the discussion phase.

Question 22

What are the success factors for reviews?

Answer 22

Find a ‘champion’ - a champion is needed, one who will lead the process on a project or organiza-
tional level. They need expertise, enthusiasm and a practical mindset in order
to guide moderators and participants.
Pick things that really count - Select the documents for review that are most important in a project.
Explicitly plan and track review activities - To ensure that reviews become part of the day-to-day activities, the hours to
be spent should be made visible within each project plan.
Train participants
Manage people issues
Follow the rules but keep it simple - do not become too theoretical or too detailed. Checklists and roles are recom-
mended to increase the effectiveness of defect identification.
Continuously improve process and tools (e.g. checklists)
Report results - Report quantified results and benefits to all those involved as soon as possible,
and discuss the consequences of defects if they had not been found this early.
Just do it! - The process is simple but not easy. Each step of the process is clear, but expe-
rience is needed to execute them correctly.

Question 23

What makes static analiysis different from the dynamic one?

Answer 23

• Static analysis is performed on requirements, design or code without actually
executing the software artifact being examined.
• Static analysis is ideally performed before the types of formal review dis
cussed in Section 3.2.
• Static analysis is unrelated to dynamic properties of the requirements, design
and code, such as test coverage.
• The goal of static analysis is to find defects, whether or not they may cause
failures. As with reviews, static analysis finds defects rather than failures.

Question 24

Tell about statis analysis tools

Answer 24

Static analysis tools are typically used by developers before, and
sometimes during, component and integration testing and by designers
during software modeling.
The tools can show not only structural attributes
(code metrics), such as depth of nesting or cyclomatic number and check
against coding standards, but also graphic depictions of control flow, data
relationships and the number of distinct paths from one line of code to
another. Even the compiler can be considered a static analysis too

Question 25

What information is usually calculated about structural attributes of the code furing static code analysis?

Answer 25

As stated, when performing static code analysis, usually information is
calculated about structural attributes of the code, such as comment fre-
quency, depth of nesting, cyclomatic number and number of lines of code.

Question 26

What is a cyclomatic complexity metric?

Answer 26

The cyclomatic complexity metric is based on the number of decisions
in a program. It is important to testers because it provides an indication of
the amount of testing (including reviews) necessary to practically avoid
defects. In other words, areas of code identified as more complex are can-
didates for reviews and additional dynamic tests

Question 27

How the cyclomatic complexty can be calculated?

Answer 27

The control flow shows seven nodes (shapes) and eight edges
(lines), thus using the formal formula the cyclomatic complexity
is 8-7 + 2 = 3. In this case there is no graph called or subroutine.
Alternatively one may calculate the cyclomatic complexity using
the decision points rule. Since there are two decision points, the
cyclomatic complexity is 2 + 1 = 3

Question 28

What aspects of code are to be considered during the structural measurement of the code?

Answer 28

• control flow structure - The control flow structure addresses the sequence in which the
instructions are executed. This aspect of structure reflects the
iterations and loops in a program’s design. It can identify ureachable code
• data flow structure - it is shown how the data act as they are transformed by the program.
Defects can be found such as referencing a variable with an undefined value and
variables that are never used.
• data structure - refers to the organization of the data itself, independent of
the program. That is, sometimes a program is
complex because it has a complex data structure, rather than because of
complex control or data flow.

Question 29

What is the value of static analysis?

Answer 29

• early detection of defects prior to test execution;
• early warning about suspicious aspects of the code, design or requirements;
• identification of defects not easily found in dynamic testing;
• improved maintainability of code and design since engineers work according
to documented standards and rules;
• prevention of defects, provided that engineers are willing to learn from their
errors and continuous improvement is practised.

Question 30

What is review?

Answer 30

An evaluation of a product or project status to ascertain discrepancies from planned
results and to recommend improvements. Examples include management review, informal review,
technical review, inspection, and walkthrough. [After IEEE 1028]

Question 31

What is entry criteria?

Answer 31

The set of generic and specific conditions for permitting a process to go forward with a
defined task, e.g. test phase. The purpose of entry criteria is to prevent a task from starting which
would entail more (wasted) effort compared to the effort needed to remove the failed entry criteria.

Question 32

What is exit criteria?

Answer 32

The set of generic and specific conditions, agreed upon with the stakeholders
ATM for permitting a process to be officially completed. The purpose of exit criteria
ATA is to prevent a task from being considered completed when there are still outstanding parts of the
task which have not been finished. Exit criteria are used to report against and to plan when to stop
testing.

Question 33

What is formal review?

Answer 33

A review characterized by documented procedures and requirements, e.g. inspection.

Question 34

What is informal review?

Answer 34

A review not based on a formal (documented) procedure.

Question 35

What is compiler?

Answer 35

A software tool that translates programs expressed in a high order language into their
machine language equivalents. [IEEE 610]

Question 36

ISTQB definition of cyclomatic complexity

Answer 36

The maximum number of linear, independent paths through a program.
Cyclomatic complexity may be computed as: L – N + 2P, where
- L = the number of edges/links in a graph
- N = the number of nodes in a graph
- P = the number of disconnected parts of the graph (e.g. a called graph or subroutine)
[After McCabe]

Question 37

What is a control flow?

Answer 37

A sequence of events (paths) in the execution through a component or system.

Question 38

What is data flow

Answer 38

An abstract representation of the sequence and possible changes of the state of data
objects, where the state of an object is any of: creation, usage, or destruction. [Beizer]

Question 39

What is static analysis?

Answer 39

Analysis of software development artifacts, e.g. requirements or code, carried
out without execution of these software development artifacts. Static analysis is usually carried out by means of a supporting tool.