Why does the code auditing tools like FindBugs require a compile step to work properly?
Basically I ran Intellij Idea ‘s plug in called FindBugs-Idea to analyze my code . I corrected whatever errror was caught and then ran the tool again but it was still complaining about the same error even though it was fixed in the source file . It only stopped complaining after I recompiled my classses . Why does it require a compilation step ? Shouldn’t it basically look in the source file and detect a possible bug ? How do these tools work in general ?
How to avoid the pitfalls of static analysis
I’m working at a company that would score 11 on Joel Test – at least on paper.
Programmaticaly finding the Landau notation (Big O or Theta notation) of an algorithm?
I’m used to search for the Landau (Big O, Theta…) notation of my algorithms by hand to make sure they are as optimized as they can be, but when the functions are getting really big and complex, it’s taking way too much time to do it by hand. it’s also prone to human errors.
Why some consider static analysis a testing and some do not?
Preparing myself also to ISTQB certification, I found they call static analysis actually as a static testing, while some engineering book distinct between static analysis and testing, which is the dynamic activity. I tent to think that static analysis is not a testing in the true sense as it does not test, it checks/verifies. But sure I would love to hear opinion of the true experts here.
Thank you
Automatic static analysis vs White box testing
Many sources note that automatic static code analysis include data flow and control flow. But these two are included in white box testing as well. Is there a difference in the automation? That in automatic static analysis all is done by the tools while in white box testing, a person creates the data to exercise the possible paths?
Inspection, code review – is it really testing?
ISTQB, Wikipedia or other sources classify verification acitivities (reviews etc.) as a static testing, yet other do not. If we can say that peer reviews and inspections are actually a kind of a testing, then a lot of standards do not make sense (consider e.g. ISO which say that validation is done by testing, while verification by checking of work products) – it should at least say dynamic testing for validation, shouldn’t it?
I am completing master thesis dealing with QA and I must admit that I have never seen worse and more ambiguous and contradicting literature than in this field :/
Do you think (and if so, why) that static testing is a good and justifiable term or should we stick to testing and static checks/analysis?
Static analysis, dynamic analysis and testing
Based on answers I have received here and then confirmed in some authoritative sources (not ISTQB which seems to be too vague), there are 3 activities:
Strategies for using a code metric evaluation tool
Should code quality metric evaluation tools like Sonar be integrated with IDE for running local analysis or should they be a part of the build process (like integrated with maven) for continuous inspection or should it be a combination of both? How can we leverage the power of such tools to the maximum extent possible?
How is it possible to build the whole codebase from source at Google scale?
The first answer to an old, recently active question linked to a video which talks about how Google repository is done.
Why would anyone invest time in Microsoft “Roslyn”?
I have just been reading through some of the white papers & examples from Microsoft “Roslyn” and the concept seems very interesting. From what I can tell, it opens up the black box that is the compiler and provides an interface that we can use to get information and metrics about code written in Visual Studio.