Static Analysis Works Better with Peer Code Review

Lots of companies perform static analysis on their code. Developers who participate in this process know that running static analysis tools, while great at detecting certain classes of defects, cannot find all of them. In fact, statistics prove that static analysis and code review together find more bugs than either technique alone; finding all the issues requires more than one approach.

 

Static Analysis, Code Review, and Testing

As our friend Capers Jones likes to say:  "A synergistic combination of formal inspections, static analysis and formal testing can achieve combined defect removal efficiency levels of 99%." Capers’ research* has generated reliable metrics related to each type of approach.

Strategy

Percentage of defects found

Testing

35% to 85%

Inspection

On average 85%

Static Analysis

40% to 85%

*Capers Jones, Combining Inspections, Static Analysis and Testing to Achieve Defect Removal Efficiency Above 95%, January 2012.


Why You Should Add Peer Code Review?

Well one reason is that while static analysis tools are great at automatically checking code against pre-defined criteria, they only find certain kinds of violations of good coding practice. Peer code review finds additional classes of defects. What’s more, peer review inspects more than just code. Using peer review, developers can inspect requirements, design documents, test cases, and other deliverables, to ensure the highest quality possible in the end result. Peer code review is also very good at finding the kinds of defects and evolvability issues that only skilled humans excel at finding.

Webinar - Why Static Analysis Isn't Enough

Get the straight scoop from the experts – Register for the Why Static Analysis Isn’t Enough Webinar.

Capers JonesTom McCabe

On May 22 at 1pm ET, join Capers Jones and Tom McCabe as they show you the metrics that prove that when used together, static analysis and code review find more bugs and inconsistencies than either technique alone. Attend this webinar and learn about:

  • the different types of defects identified by each technique
  • why static analysis can’t replace peer code review
  • the 3 steps to take to remove more than 99% of your defects and improve software “evolvability;” and
  • how to use static analysis and inspections in regulatory and compliance-driven environments


Have only a few minutes? Watch our Better Quality Code: Static Analysis vs. Code Review video that delves into the differences between static analysis and peer code review and explains why they work better together.

 

subscribe-to-our-blog


Close

By submitting this form, you agree to our
Terms of Use and Privacy Policy

Thanks for Subscribing

Keep an eye on your inbox for more great content.

Continue Reading

Add a little SmartBear to your life

Stay on top of your Software game with the latest developer tips, best practices and news, delivered straight to your inbox