3.1.3. Differences between Static Testing and Dynamic Testing
Static testing and dynamic testing practices complement each other. They have similar objectives, such
as supporting the detection of defects in work products (see section 1.1.1), but there are also some
differences, such as:
• Static and dynamic testing (with analysis of failures) can both lead to the detection of defects,
however there are some defect types that can only be found by either static or dynamic testing.
• Static testing finds defects directly, while dynamic testing causes failures from which the
associated defects are determined through subsequent analysis
• Static testing may more easily detect defects that lay on paths through the code that are rarely
executed or hard to reach using dynamic testing
• Static testing can be applied to non-executable work products, while dynamic testing can only be
applied to executable work products
• Static testing can be used to measure quality characteristics that are not dependent on executing
code (e.g., maintainability), while dynamic testing can be used to measure quality characteristics
that are dependent on executing code (e.g., performance efficiency)
Typical defects that are easier and/or cheaper to find through static testing include:
• Defects in requirements (e.g., inconsistencies, ambiguities, contradictions, omissions,
inaccuracies, duplications)
• Design defects (e.g., inefficient database structures, poor modularization)
• Certain types of coding defects (e.g., variables with undefined values, undeclared variables,
unreachable or duplicated code, excessive code complexity)
• Deviations from standards (e.g., lack of adherence to naming conventions in coding standards)
• Incorrect interface specifications (e.g., mismatched number, type or order of parameters)
• Specific types of security vulnerabilities (e.g., buffer overflows)
• Gaps or inaccuracies in test basis coverage (e.g., missing tests for an acceptance criterion)