Question 202 - CTFL-2018 discussion

A key difference between a peer review of code and static analysis of code using a tool is that static analysis targets the code technically whereas peer review is applicable to further aspects. Static analysis focuses on the technical aspects of the code, such as syntax, logic, complexity, quality, security, etc. Peer review can also address these aspects, but it can also consider other aspects, such as readability, maintainability, usability, functionality, etc. Peer review can also provide feedback, suggestions, or opinions from different perspectives or expertise levels. compares these two techniques as follows:

Static analysis tools are software tools that examine (analyse) source code without executing it. They are used by developers as part of their development environment for checking their code against coding standards (rules), finding syntax errors etc.

Peer reviews are manual checking activities where work products such as requirements specifications or code are examined by colleagues (peers) for defects.

A, B, and C are incorrect answers. A peer review does not find defects while static analysis finds failures (A), as both techniques can find defects but not failures. Failures are observed at runtime when executing the code. Peer reviews cannot find missing requirements whereas static analysis can (B), as both techniques cannot find missing requirements but only check conformance to existing requirements. Missing requirements can be found by other techniques such as elicitation or validation. A peer review finds failures while static analysis finds defects , as both techniques find defects but not failures. Failures are observed at runtime when executing the code.