# Tool support for static testing ###### tags: `ISTQB` `SQA` `Test tools` ### Review tools Review tools (also known as review process support tools) ==provide a framework for reviews or inspections.== - Maintaining information about the review process, such as rules and checklists. - The ability to record, communicate and retain review comments and defects. - The ability to amend and reissue the deliverable under review while retaining a history or log of the changes made. :question: :::info amend = 修正， reissue重啟issuse，這個工具要能在修正或是重啟問題的時候要能夠保留log跟歷史紀錄 ::: - Traceability functions to enable changes to deliverables under review to highlight other deliverables that may be affected by the change. **著重在Tracebility** - The use of web technology to provide access from any geographical location to this information. **Review tools can interface with configuration management tools** ==to control the version numbers of a document under review.== **If reviews and inspections are already performed** effectively then a review tool can be **implemented fairly quickly and relatively cheaply.** However, **if such a tool is used as a means for imposing the use of reviews** then the training and implementation costs will be fairly high (as would be the case for implementing a review process without such tools). These tools support the review process, **but management buy-in to reviews is necessary if benefits from them are to be obtained in the long run.**  ### Static analysis tools Static analysis tools (also known as static code analysers) **analyse code before it is executed in order to identify defects as early as possible.** ==Therefore they are used mainly by developers prior to unit testing.== A static analysis tool generates **lots of error and warning messages about the code.** **Training may be required in order to interpret these messages** and it may also be necessary to configure the tool to filter out particular types of warning messages that are not relevant. ==A rewrite should be considered if the existing code is significantly non-compliant.== **The types of defect that can be found using a static analysis tool can include:** - Syntax errors (e.g. spelling or missing punctuation). - Variance from programming standards (e.g. too difficult to maintain). - Invalid code structures (missing ENDIF statements). - **The structure of the code means that some modules or sections of code may not be executed.** Such unreachable code or invalid code dependencies may point to errors in code structure. - Portability (e.g. code compiles on Windows but not on UNIX). - Security vulnerabilities. - References to variables that have a null value or variables declared **but never used