tag:blogger.com,1999:blog-5028009537158799436.post4622981690492869975..comments2023-07-10T04:50:03.236-07:00Comments on Building Real Software: Static Analysis isn’t Development TestingJim Birdhttp://www.blogger.com/profile/17371102366836131341noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-5028009537158799436.post-33949703081472672032012-12-04T13:27:03.808-08:002012-12-04T13:27:03.808-08:00@Anonymous, I am not saying that static analysis t...@Anonymous, I am not saying that static analysis tools aren't useful - we use them and they do find problems. And I am not the one that is mixing static analysis and software testing. The point that I was trying to make is that static analysis shouldn't be thought of the same as testing. I am being critical of the vendor marketing hype where a developer running a static analysis tool is being branded "development testing" and statements like "In the land of software testing, static analysis reigns king" which mislead people on the value and use of static analysis tools. Just google the phrases and you'll see what I mean. Jim Birdhttps://www.blogger.com/profile/17371102366836131341noreply@blogger.comtag:blogger.com,1999:blog-5028009537158799436.post-11257932297232848732012-12-03T00:07:51.733-08:002012-12-03T00:07:51.733-08:00Hi, completely disagree.
Something you do not fin...Hi, completely disagree.<br /><br />Something you do not find useless does not mean that it is useless.<br /><br />Here, you are mixing the subjects. Testing has nothing to do with static analysis. No static analysis tool claim that they can replace testing, never heard one.<br /><br />By testing, you can count the trees but could not see the forest. You even do not know that, nowadays, static analysis tools work multi platform, which means, they detect the problems in different layer interactions. How will you find this by testing? With how many scenarios?<br /><br />You might choose not to use any static analysis tool but please avoid mixing the subjects..They -software testing and static analysis- are both important in their domain and they are different..Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5028009537158799436.post-43778460082999652892012-01-18T00:28:12.384-08:002012-01-18T00:28:12.384-08:00What do you think of on-the-fly mode, in the analy...What do you think of <a href="http://www.viva64.com/en/b/0107/" rel="nofollow">on-the-fly</a> mode, in the analyzer <a href="http://www.viva64.com/en/pvs-studio/" rel="nofollow">PVS-Studio</a>?Andrey Karpovhttps://www.blogger.com/profile/03558914480862897227noreply@blogger.comtag:blogger.com,1999:blog-5028009537158799436.post-36965440453847977322012-01-17T11:44:52.721-08:002012-01-17T11:44:52.721-08:00Good article. Based on experience in software deve...Good article. Based on experience in software development and testing, I can say these static analysis tool really avoid coding mistakes which leads to exceptions.Pavanhttps://www.blogger.com/profile/16674451956611701677noreply@blogger.comtag:blogger.com,1999:blog-5028009537158799436.post-8963938405753614182012-01-16T03:58:58.751-08:002012-01-16T03:58:58.751-08:00Testing is by definition a dynamic activity that n...Testing is by definition a dynamic activity that needs a portion of code to be executer. Static analysis is not a replacement of testing but it can complements itAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-5028009537158799436.post-20629750867561128682012-01-08T07:18:40.912-08:002012-01-08T07:18:40.912-08:00Static Analysis is a helper for "white box re...Static Analysis is a helper for "white box review". It don' replace "white box review" or any kind of testing neither.gorlokhttp://entrellaves.blogspot.comnoreply@blogger.comtag:blogger.com,1999:blog-5028009537158799436.post-48819831749260648772012-01-06T11:33:12.537-08:002012-01-06T11:33:12.537-08:00Good write up. You might as well include XCode'...Good write up. You might as well include XCode's static analysis engine in the mix there. If someone thinks SAST is a panacea and a replacement for DAST or good old external penetration testing of your applications, the might (sooner or later) be in for a surprise.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5028009537158799436.post-50352618349222368322012-01-06T11:27:54.818-08:002012-01-06T11:27:54.818-08:00Jim,
I very much agree that static analysis does ...Jim,<br /><br />I very much agree that static analysis does not replace all of the different types of testing. That's just crazy. I would argue that static analysis is a type of testing. From my point of view, quality is a part of testing and I think static analysis falls into that category. Maybe I'm biased because I'm one of the no-good-dirty-vendors (HP), but I think static analysis is a form of testing that can complement other types of development testing.<br /><br />BTW, really enjoy the blog.Eric Friesehttp://ericfriese.comnoreply@blogger.com