Static analysis involves going through the code in order to find out any possible defect in the code. Dynamic analysis involves executing the code and analyzing the output. After reading this tutorial refer the more detailed pdf tutorials about Static & Dynamic Analysis.
Static analysis : This may be the testing you are doing most of the time at your coding. While coding there may be a lot of typing errors, syntax error, loop structure, code termination etc etc . This should be fixed by inspecting ( thorough reading ) of your code. You program will run only after clearing all the coding defects by static analysis.
Dynamic analysis : Now you need to check your program output whether it is the desired output or not. This is called as dynamic analysis in testing. You will compile the program and check the output, then will do the necessary changes in codes .
Static & Dynamic Analysis
Static analysis is done in a non-runtime environment which is just when the program is not running at all. So, any kind of static analysis tool that is used will look at the code and will look at the run-time behaviors to find any kind of flaws, back door and bad code.
In contrast, dynamic analysis is done just when the program is running. A dynamic test will monitor system memory, function behavior, response time and overall performance of the system.
The strengths and weaknesses of static and dynamic analysis
For static analysis strengths are:
- A more thorough approach and more cost-efficient
- It is able to find future errors that would not be detected in dynamic analysis
- It can point out the exact spot in code where there is an error, so you can easily fix it
However, there is one big weakness of static analysis:
You may think it’s a better method than dynamic analysis, but the dynamic analysis is equally important. Because the static analysis is not going to catch some of the run-time errors that dynamic analysis would.
The strengths of dynamic analysis are:
- It identifies errors while program is running
- It can analyze code that can’t be accessed
The weaknesses are:
- It takes longer to fix errors because it can’t exactly pinpoint the errors like static analysis can.
- Automated tools that dynamic analysis has don’t do everything, they just do what they are programmed to do, so it can create a false sense of security
Examples of analysis tools
– Findbugs: It will report any potential issues, warnings will pop up, but not all of them are actually bugs, they are just spot points in the code that can possibly go wrong, so that helps you minimize the errors in your code.
– Veracode:Analysis tool that actually has both static and dynamic analysis. It is an online tool, whereas Findbugs is a tool that you can download.