I have been doing code inspections for over a year now. I always felt that code review process is very adhoc and their is no organized way but unknowingly most of the times the bugs found through the inspections falls into one of this category.
- Null reference exceptions
- Ignored return values
- Infinite recursive loops
- Thread unsafe.(Not Synchronized / Infinite Wait)
- Data type Overflows/ Index out of bounds.
The process of finding above bugs is called static code analysis. The static code analysis does not need any test cases and its a more generic process.
Dynamic code inspections on the other hand is to execute the code for all the basic test cases and coming up with more test cases by looking at the code and ensuring that it behaves as expected in all these cases. This is more specific to the project and needs requirements specification.
Static code analysis can be automated. FindBugs is one such automated tool for Java though I never used it. Dynamic code inspections are more specific to project and are not possible to automate them.