Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

An explanation of the concepts of static analysis testing

A software system or application indeed consists of many bugs and errors which cannot be rooted out using just one software testing methodology. Each aspect of a software system is tested by a uniquely defined testing methodology for it. As a result, many software testing and analysis methodologies have been developed and static analysis is one of them. This article deals with the concepts of the static analysis. Static code analysis is also known as static program analysis or SPA. It is somewhat similar to the static testing. Like static testing, static program analysis is a software testing methodology that is carried out on the software, but no actual execution takes place. The counterpart of static analysis is dynamic analysis in which the programs are executed and then tested. The static analysis can be carried out either on the source code or on the object code as the case may be.
The process of static analysis is often automated and rarely carried out manually. When carried out manually it is called code review or program comprehension. The levels on which the static program analysis is carried out may also vary depending up on the sophistication of the testing strategy i.e., whether the testing is to involve only the tests for the behavior of individual statements or it is to be carried out on the complete source code of the software program. The information deduced from the outcome of the static analysis can tell the programmers about the possible errors and flaws in the coding of the program. Nowadays, reverse engineering and software metrics are being considered as the different forms of the static program analysis.
This is so because in many of the testing strategies, the testers often deploy these three techniques i.e., software metrics, reverse engineering and static analysis together for the creation and testing of embedded software systems. These three testing methodologies are also used together for defining the objectives of the software quality. Static program analysis is being used commercially for the verification of the properties of the software system or application and these are the software that are implemented in the safety critical computer systems. From all this we can conclude that the static analysis is aimed at finding the code with potential vulnerabilities. Some of the organizations make use of this static program analysis for making improvements in the quality of their complex and highly sophisticated software systems and applications.
Such complex and sophisticated softwares include nuclear software and medical software. Another form of static program analysis is the SAST or static application security testing and it is employed in the industry of the application security. Certain formal methods have been defined to assist the static analysis. Formal methods are purely mathematical in nature and include techniques like axiomatic semantics, denotational semantics, abstract interpretation and operational semantics. Below we are mentioning some of the implementation techniques for formal static program analysis:
1. Data flow analysis: This technique is lattice based and is used for gathering the information regarding the set of values that is possible.
2. Model checking: This technique takes into consideration the software systems that either have a finite state or there is a possibility that they can be reduced to the finite state by the process of abstraction.
3. Abstract interpretation: This method is being used for the analysis of the effects that every statement has.
Static program analysis can also be thought of as a methodology for debugging the program. Static program analysis provides a better understanding of the software system or application.

Software Verification and Analysis Static Analysis of Software Software Testing and Analysis

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>