Static and Dynamic Code Inspections

I have been doing code inspections for over a year now. I always felt that code review process is very adhoc and their is no organized way but unknowingly most of the times the bugs found through the inspections falls into one of this category.

- Null reference exceptions
- Ignored return values
- Infinite recursive loops
- Thread unsafe.(Not Synchronized / Infinite Wait)
- Data type Overflows/ Index out of bounds.

The process of finding above bugs is called static code analysis. The static code analysis does not need any test cases and its a more generic process.

Dynamic code inspections on the other hand is to execute the code for all the basic test cases and coming up with more test cases by looking at the code and ensuring that it behaves as expected in all these cases. This is more specific to the project and needs requirements specification.

Static code analysis can be automated. FindBugs is one such automated tool for Java though I never used it. Dynamic code inspections are more specific to project and are not possible to automate them.

2 comments:

  1. Hi Mallikarjun,

    Thanks for bringing this out. Through this we can automate most of the code review process (not though 100%). There many other tools on this segment and i tried to list the same at my blog http://venkatreddyc.wordpress.com/2006/11/24/static-analysis-for-code-quality/

    ReplyDelete
  2. Hi Mallik,
    First of all, it is indeed heartening to get to this blog, which you have put for Software testing. Thank you.

    I got to your blog thru Google when I was searching for Dynamic Code analyzers. I read your thoughts on the same. Here are some of mine:

    1. Static Code analysis does MUCH more than what you have put in. A sample of errors that such a tool catches are:
    Buffer overflow: Most issues are caused by off-by-one errors in array indexing. This is a very critical class of errors that is caught

    Un-initialized variables usage: This is another potential crash situation detected. Mostly, I've observed that people declare a local variable, and simply assign it to another without INITIALIZING.

    Non-null terminated strings

    Unused variables and functions --> this simply adds to code size

    Loss of precision --> This happens when you (for eg) assign an integer to a character.

    Result of functions that return NULL, but are not checked

    Multiple declarations

    Unreachable code

    Unreachable break statements

    Global variable used only locally

    These are only a few set of errors that are detected.

    We were very skeptical so far and had not used any tool.

    Over the last 2 months, we have evaluated several Static code analyzers and have come to the conclusion that they REALLY make a remarkable difference.

    I can tell you that we found some 200 potential bugs in a released software product :-)
    -Venkatesh.

    ReplyDelete