Chapter 3 Flashcards
Static Analysis
- Automated activity
- Performed on the code
- Security Testing
- For safety-critical computer systems
- Applied efficiently to any work product
- With tools that evaluate work products written in natural language
- Checking for spelling
- grammar
- readability
- Formal structure
Benefits of Static Testing
- The relative cost of fixing defects
- Saves time and money
Defects that are easier to find and fix in Static Testing
- Requirements defects
- Design defects
- Coding defects
- Deviations from standards
- Incorrect interface specifications
- Security vulnerabilities
- Gaps or inaccuracies in test basis traceability or coverage
- Maintainability defects
Which TWO of the following statements about static testing are MOST true?
→ A cheap way to detect and remove defects
→ Early validation of user requirements
Which of the following techniques is a form of static testing?
→ Code review
What is the main difference between static and dynamic testing?
→ Dynamic testing requires executing the software, the software is not executed during static testing
Planning review
- Defining the scope
- Estimating effort
- Identify review characteristics, types, roles
- Selecting the people to participate in the review and allocating roles
- Defining the entry and exit criteria (our goals)
- Checking those entry criteria are met
Initial Review
- Distributing the work
- Explaining the scope, objectives, process, roles, and work products
- Answering any questions that participants may have about the review
Individual Review
- Reviewing all parts of the work product
2. Noting potential defects, recommendations, and questions
Issue Communication and Analysis
- Communicating identified potential defects (review meeting)
- Analyzing potential defects, assigning ownership and status to them
- Evaluating and documenting quality characteristics
- Evaluating the review findings against the exit criteria to make a review decision
Fixing and Reporting
- Creating defect reports
- Fixing defects found
- Communicating defects to the appropriate person or team
- Recording updated status of defects
- Gathering metrics
- Checking that exit criteria are met
- Accepting the work product when the exit criteria are reached
Author
- Create the work product under review
2. Fixed defects in the work product under review
Manager
- Is responsible for review planning
- Executes control decisions in the event of inadequate outcomes
- Decides on the execution of reviews
- Assigns staff, budget, and time
- Monitors ongoing cost-effectiveness
Facilitator or Moderator
- Ensures effective running of review meetings
- Mediates, if necessary, between the various points of view
- Is often the person upon whom the success of the review depends
Review leader
- Takes overall responsibility for the review
2. Decides who will be involved and organizes when and where it will take place
Reviewers
- Maybe subject matter experts, persons working on the project
- Identify potential defects in the work product under review
- May represent different perspectives
Scribe or recorder
- Collates potential defects found during the individual review activity
- Records new potential defects, open points, and decisions from the review meeting
Informal review, buddy check, pairing, pair review
- Detecting potential defects
- Generating new ideas or solutions
- Quickly solving minor problems
- Optional → Results documentation and checklists
- May be performed by a colleague of the author
- Not based on a formal process
- May not involve a review meeting
- Varies in usefulness depending on the reviewers
- Very commonly used in Agile
Walkthrough
- Find defects, improve the software product, consider alternative implementations, evaluate conformance to standards and specifications
- Exchanging ideas about techniques or styles
- Training of participants
- Optional → Individual preparation , checklists, defect logs and review reports
- Mandatory → Scribe
- Review meeting is typically led by the author of the product
- May take the form of scenarios, dry runs
- May vary in practice from quite informal to very formal
Technical Review
- Gaining consensus, detecting potential defects
- Evaluating quality and building confidence in the work product
- Generating new ideas
- Motivating and enabling authors to improve future work products
- Optional → Review Meeting, checklists, defect logs and review reports
- Mandatory → Individual preparation, scribe (not the author)
- Reviewers should be technical peers of the author, and technical experts
Inspection
- Detecting potential defects, evaluating quality and building confidence in the work product, preventing future similar defects through author learning and root cause analysis
- Mandatory → defined process, checklists, clearly defined roles, individual preparation, entry and exit criteria, scribe, gathering metrics, defect logs and review report
- May include a dedicated reader, who reads the work product aloud
- Review meeting is led by a trained facilitator, no the author
- Author cannot act as the review leader, reader or scribe
The main purposes of ….. review type include: improving the software product, considering alternative implementations and finding defects.
Walkthrough
In the ‘’Walkthrough’’ review type the ….. is mandatory and the leader of the review meeting is the …………… .
→ scribe / author of the work product
In the ‘’Technical review’’ type, the ….. are mandatory, and the technical peers of the author are the …… .
→ individual preparation and scribe / reviewers
The purposes of ….. review type include: preventing future similar defects through author learning and root cause, and achieving consensus.
→ Inspection
Ad Hoc
- Reviewers are provided with little or no guidance on how this task should be performed
- Reviewers often read the work product sequentially, identifying and documenting issues as they encounter them
- Is a commonly used technique needing little preparation
- Is highly dependent on reviewer skills and may lead to many duplicates issues
Checklist-based
- Systematic technique, whereby the reviewers detect issues based on checklists that are distributed at review initiation
- Set of questions based on potential defects, which may be derived from experience
- Systematic coverage of typical defects types
- Check defects outside the checklist
Scenario and dry runs
- Reviewers are provided with structured guidelines on how to read through the work product
- Approach supports reviewers in performing “dry runs” on the work product based on the expected usage of the work product.
- These scenarios provide reviewers with better guidelines on how to identify specific defect types than simple checklist entries
- Reviewers should not be constrained to the documented scenarios
Role-based
- Is a technique in which the reviewers evaluate the work product from the perspective of individual stakeholder roles
- Typical roles include specific end user types (experienced, senior) and specific roles in the organization (user administrator, performance tester)
Perspective-based
- Reviewers take on different stakeholder viewpoints in individual reviewing
- Typical stakeholder viewpoints include end user, marketing, designer, tester, or operations
- Leads to more depth in individual reviewing with less duplication of issues across reviewers.
- Most effective general technique
