In this post, I will be sharing my views on Static Analysis and how the same is useful for Software Testing. Using Static Analysis in Testing will also be called or simulated as Static Testing. Static analysis / testing a method to validate the software without executing the same.
The generic definition for Static Testing is that
Testing of an Application at the specification or implementation level without execution of that Application.
Static Analysis helps a lot for better Code Quality and we can perform the following set activities against the source code.
- Identify the bug patterns in the source code
- Capture Metrics
- Complexity of the System (eg. Cyclomatic Complexity)
- Compliance against Standards (eg. check for the Java Coding Guidelines)
- Exception Handling (Captures the code that contains Unhandled exceptions)
- Infinite Loops
- Copy Paste Dectors (Most of the developers used to reuse the code via a copy paste and introduce some issues in the process)
- Duplicate Code
- Dead Code
We should be able to restrict most of the above said issues at very early stage of SDLC by applying Static Testing techniques and make these part of the build process.
Authors bio is coming up shortly.
Hi there – you might be interested in a tool I released for doing static code analyis of Perl code – http://twoalpha.blogspot.com/2006/12/countperl-count-lines-packages-subs-and.html
The ‘coutperl’ script produces a report that shows you the cyclomatic complexity of each subroutine in the Perl files you analyze.
Also, you may be interested in the Perl PPI module (“Parse Perl Independently”) which is a general purpose librray for parsing Perl code into a document-object-model, so you can, for example, find all the subroutines in a body of Perl code.
Hi Matisse,
Thanks for sharing ‘counterperl’. Can you shed some light on availability of similar tools for Java.
I figured out that you were interested into static analysis tools and I wanted to let you know about our tool NDepend.
http://www.NDepend.com
NDepend analyses source code and .NET assemblies. It allows controlling the complexity, the internal dependencies and the quality of .NET code.
NDepend provides a language (CQL Code Query Language) dedicated to query and constraint a codebase.
It also comes from with advanced code visualization (Dependencies Matrix, Metric treemap, Box and Arrows graph…), more than 60 metrics, facilities to generate reports and to be integrated with mainstream build technologies and development tools.
NDepend also allows to compare precisely different versions of your codebase.
@ Patrick,
Thanks for sharing Ndepend details. I wish it serves all the needs of source code metrics for .NET platform.
Thanks for sharing, Really cool Very nice and usefull information I have a good blog but need to take it to the next level. Thanks for this though I feel a little overwhelmed about the work I still need to do to make it extra STICKY and SEoptimized. Thanks for the good stuff! Check my site out about at,