ISTQB FOUNDATION 4.0 | Tutorial 23 | Static Testing Basics | Reviews & Static Analysis | CTFL

00:00

Hello friends and greetings for the day

00:02

welcome back to another tutorial on

00:04

istqb Foundation level certification we

00:07

are getting started with chapter 3

00:09

talking about static testing and as a

00:11

part of this we'll be getting started

00:12

with our first segment that is 3.1

00:16

static testing Basics and it has several

00:18

other subtopics today we'll be covering

00:21

3.1 work products examined by Static

00:24

testing and

00:26

3.1.2 the value of static testing so as

00:29

a part this tutorial we'll be

00:31

introducing you to how we can prevent

00:33

defects when it comes to

00:41

[Music]

00:44

testing to get started of course we are

00:46

talking about a quick introduction to

00:48

what is static testing all about so we

00:50

have indeed discussed this in our

00:52

earlier tutorials static testing is all

00:55

about reviewing the work products and

00:57

different work products do exist in our

00:59

entire zlc model and certainly they are

01:02

a good candidate of static testing that

01:04

means they must be reviewed for any kind

01:06

of anomalies inconsistencies

01:09

contradictions omissions Etc and being

01:11

reported right as in when they are

01:14

created it's it's very simple to

01:16

understand by correlating it to

01:17

principle number three that is early

01:19

testing saves time and money and at the

01:21

same time one of the objective of

01:22

testing is also to prevented effect

01:24

testing is just not limited to writing

01:26

and executing test cases as we learned

01:28

from chapter one we want to let you know

01:31

that in more detail that how static

01:33

testing can be conducted and what could

01:35

be the best possible benefits of having

01:38

static testing being conducted early in

01:40

the life cycle so let's quickly have a

01:42

look what exactly the introduction is

01:44

trying to say and there are different

01:45

terminologies what we are trying to look

01:47

forward to so when it comes to static

01:50

testing in contrast to Dynamic testing

01:53

in testing that is static testing the

01:55

soft Ender test does not need to be

01:57

executed it's more of like statically

01:59

review in the work products rather than

02:01

executing the product or the test cases

02:05

the code process specification system

02:07

architecture specification or any other

02:10

work products are generally evaluated

02:13

through manual examinations which are

02:15

conducted with two different ways of

02:17

course if you're doing it manually by

02:18

reading the documentation it's called as

02:20

review or with help of tools that is

02:23

static analysis so right here if I am

02:26

talking about a document like test case

02:28

requirement Etc which I have to go

02:31

through myself read it and find the

02:33

anomalies related to that I call it as a

02:35

review process which is static testing

02:38

however when it comes to the other part

02:40

of it for example things like control

02:42

flow diagram business models or code

02:45

especially then code is not certainly

02:47

something which I can read and find the

02:49

anomalies in it could be any number of

02:51

lines of code which could be sometime

02:52

very complicated to go through line by

02:55

line and actually identify the anomalies

02:57

so I need to take the help of tools and

03:00

such tools or such approach of reviewing

03:03

is called as static analysis so just a

03:06

simple difference when you do it

03:08

yourself by reading the documentation

03:09

you call it as review but you do the

03:12

same review with help of the tools you

03:14

call it as static analysis further to

03:16

add of course when it comes to static

03:18

testing the test objectives include

03:20

improving quality detecting defects and

03:22

assessing characteristics right

03:24

readability completeness correctness

03:26

testability and consistency static

03:28

testing can be applied for both

03:30

verification and validation that means

03:32

it's just not limited to only the work

03:34

products which we create initially in

03:36

the life cycle it also works when it

03:39

comes to the dynamic analysis or things

03:42

like you know reviewing the execution

03:44

report defect report Etc so uh testers

03:48

business representative and developers

03:50

both work together during example

03:52

mapping collaborating user story writing

03:55

and backlog refinement sessions to

03:57

ensure that user stories and related

03:59

work work products meet defined criteria

04:01

for an example definition of ready so in

04:04

simple words of course when it talks

04:05

about agile all the collaborative

04:07

activities do take place and it's just

04:09

not a one person responsibility to

04:11

review the work product we may invite

04:13

multiple cross functional stakeholders

04:16

to come and join us in order to find the

04:18

best possible defects in the static

04:22

documentations itself or the work

04:24

products also to add uh review

04:27

techniques can be applied to ensure user

04:29

stor are complete understandable and

04:32

include testable acceptance criteria by

04:35

asking the right questions testers

04:37

explore challenge and help improve the

04:39

proposed user stories so put together we

04:42

do have different types of techniques

04:44

which can be made use of in order to

04:45

make the most out of the existing part

04:48

of the process and that certainly brings

04:50

out a lot of value to us also to add

04:52

further we do have static analysis being

04:55

defined further so static analysis can

04:57

identify problems prior to Dynamic

04:59

testing in while often requiring less

05:01

effort since no test cases are required

05:04

and tools are typically used static

05:06

analysis is often incorporated into CI

05:09

Frameworks while largely used to detect

05:12

specific code defects static analysis

05:15

also used to evaluate maintainability

05:17

and security spelling Checkers and

05:20

readability tools are other examples of

05:23

static analysis tool however we do have

05:25

more specialized tools available to deal

05:27

with different languages but a generate

05:29

static analysis tool would help you to

05:31

analyze the code and find anomalies

05:33

related to coding standard deviations or

05:36

some mistakes like unreachable code the

05:38

dead code the infinite Loop or the

05:40

variables which are declared but never

05:42

used or the variables which are used but

05:45

never declared so all these kind of

05:47

anomalies can be easily found by having

05:49

use of this particular tool so put

05:51

together introduction to static testing

05:53

says that we have two different ways to

05:55

do it that is reviews and static

05:58

analysis to talk further of course we

06:01

are talking about what kind of work

06:02

products are good candidate of static

06:05

testing that means is there any specific

06:08

list of documentation or work product

06:10

which are used or referred or reviewed

06:14

using static testing but in simple words

06:16

I would like to say that any such work

06:19

product which you create as a part of

06:21

sdlc including business work product the

06:24

development work product or testing work

06:26

products are by default a candidate of

06:29

review be about a requirement be about a

06:32

code beat about a test case test plan

06:34

project plan any such document must be

06:37

reviewed for a normaly because we just

06:39

accepted and understood in chapter one

06:42

as per the human psychology human is

06:44

eror prone a human can go wrong anywhere

06:47

no matter what they are doing and that

06:48

mistake should be found before we

06:51

further interpret it in other activities

06:54

like design and development so when it

06:57

comes to the work products which we must

06:59

be making use of so almost any work

07:01

product can be examined using static

07:03

testing examples includes requirement

07:05

specification document Source Code test

07:08

plan test cases product backlog items

07:11

test Charters project documentation

07:14

contracts and models that means every

07:16

single thing it's just not that there

07:18

are some specific items which we review

07:21

every single thing maybe of course uh

07:23

not formally but informally you can

07:25

certainly review them also to add uh any

07:28

work product that can can be read and

07:30

understood can be subject of a review

07:33

however the static analysis work

07:36

products need to structure against which

07:38

they can be checked so not everything

07:40

can certainly be just read and you know

07:43

tested but uh things like code and

07:45

control flow diagram data flow diagram

07:47

or business models can be done with the

07:49

help of the

07:50

Tool Work products that are not

07:53

appropriate for static testing include

07:55

those that are difficult to interpret by

07:57

human beings and that should not be

07:59

analyzed by the tools so here basically

08:02

the third party ex executable code due

08:05

to legal reasons so we must be uh kind

08:08

of like restricting ourself to that of

08:10

those things which I must review before

08:13

going into action but not getting into a

08:16

legal sanction also our third segment is

08:18

talking about what is the key value of

08:20

having static testing being conducted as

08:22

a part of the process because it's very

08:24

important for one to know that how

08:26

important and beneficial it could be

08:28

when it comes to static testing however

08:30

static testing is not something new it

08:33

has been being conducted from a long

08:34

time but being brought into attention

08:37

recently for a few years that means

08:39

people were not giving value to static

08:41

testing at all thinking that it is a

08:43

waste of time come on who does read the

08:45

document we look forward to find the

08:47

bugs but today people are talking about

08:49

prevention of bugs which indeed was

08:51

there from a long time because istqb did

08:54

not write this for the first time it was

08:57

written 20 years ago but it's just that

08:59

the people who ignore a few things for

09:01

some time but later realize that oh it

09:04

was worthy enough to do and today we are

09:06

talking about shift left you're talking

09:08

about prevention my question is where

09:10

were you 20 years

09:12

ago anyway so I'm not here to have a

09:15

dispute and controversial talks but uh

09:18

let's have a word quickly to understand

09:20

what is the value of static testing

09:21

being conducted so static testing

09:24

certainly can detect defects in an

09:26

earliest phase of the sdlc fulfilling

09:28

the princi principle of early testing

09:30

that is testing saves cost and time that

09:32

is early testing saves cost and time it

09:35

can also identify defects which cannot

09:37

be detected by Dynamic testing for

09:39

example things like unreachable code

09:41

design patterns not implemented as

09:43

desired defects in non-executable work

09:46

product also static testing provides the

09:48

ability to evaluate the quality of and

09:51

to build confidence in the work product

09:53

by verifying the documented requirements

09:56

the stakeholders can also make sure that

09:59

these requirements describes their

10:01

actual needs see again the point being

10:03

made here is why would I go through a

10:05

requirement altogether number one to

10:07

find anomalies made by human mistakes

10:10

second if the requirements are unclear

10:12

incomplete inconsistent ambiguous vague

10:15

that means cannot be achieved I can go

10:17

and point this out and make sure that we

10:19

have a very clear set of requirement

10:21

with us because starting to implement

10:23

and then realizing that this is not

10:25

something we can achieve this is not

10:27

something we can test is actually not

10:29

correct because you'll be stuck or

10:31

probably you would have wasted a lot of

10:32

your time so in that context it is very

10:34

important that you should look forward

10:36

to review them in advance before you

10:38

start working on them also

10:41

Communications will uh be improved

10:44

between the involved stakeholders for

10:46

this reason it is recommended to involve

10:48

a wide variety of stakeholder in static

10:50

testing so indeed uh static testing

10:53

brings multiple stakeholders together in

10:55

order to review the provoked product

10:57

commonly and in that context context we

10:59

do have a better communication

11:02

established among the team member and

11:04

healthy relationship so static testing

11:06

do claim that by doing static testing in

11:08

your organization you can have healthier

11:10

relationship among the team member the

11:13

other point I think I missed since

11:15

static testing can be performed early in

11:16

the sdlc a shared understanding can be

11:19

created among the involved stakeholders

11:21

see uh sometime we do find that there

11:23

are a lot of defects which are just

11:26

created due to misunderstanding of the

11:28

same piece of information inform between

11:29

two different stakeholders for example

11:32

there's a requirement I understand it as

11:34

X and developers understand it as a why

11:37

so until unless we both sit together and

11:39

have a discussion on to we know we will

11:41

not have a very common understanding at

11:44

all so we will always be conflicting or

11:46

probably misunderstanding things that

11:48

what it should

11:50

be talking about other point that is

11:53

even though review can be costly to

11:55

implement the overall project costs are

11:57

usually much lower

11:59

than when no reviews are performed

12:02

because less time and effort needs to be

12:04

spent on fixing defects later in the

12:07

project so all you're trying to say that

12:09

we may think that unnecessary cost has

12:12

been involved by conducting reviews

12:14

before doing Dynamic testing but if you

12:17

find a defect in Dynamic testing which

12:19

is related to misunderstanding of

12:21

requirement you're actually putting that

12:24

time of you know uh usage into a waste

12:28

other around right so conducting static

12:30

testing in the beginning certainly can

12:32

save your overall cost of doing your

12:35

work more effectively efficiently and on

12:38

time by just having static testing in

12:40

place so it's not that it is actually

12:42

expensive it's just that we may feel it

12:45

but over a long period of time or if you

12:46

consider the whole project it is cheaper

12:49

enough also to add uh the code defects

12:52

can be detected using static analysis

12:54

more efficiently than in Dynamic testing

12:56

usually resulting in both fewer code

12:59

defects and a lower lower overall

13:02

development effort so certainly static

13:04

analysis has reduced a lot of our

13:06

productivity cost and the overall time

13:10

taken to do that so it certainly brings

13:12

a lot of value by having static testing

13:14

in place and in practice so put together

13:17

that's all from this particular tutorial

13:19

team should you have anything else feel

13:20

free to comment below I'm always there

13:22

to address your queries and answer them

13:24

well till then keep learning keep

13:25

exploring keep understanding the context

13:27

thanks for watching the video Beauty and

13:29

happy

13:34

[Music]

13:40

learning