Wednesday 17 November 2010

Static Analysis versus Dynamic for Application Compatibility Assessment

Today I get to talk a little about one of the approaches that I use to capture application data and subsequently analyse for application compatibility, suitability and quality issues.

Our company employs an approach termed "static analysis" as it takes an application package (generally a MSI application package) whereas the application package configuration information is extracted and then inserted in a specially formatted database. In addition, all of the binaries (files) included in that application package are extracted to the target file-system and all binary information including; API's, COM, DLL header and dependency information is captured and inserted into a target database.

"Dynamic Analysis" requires the actual exercising of an application (installing, configuring, running, testing, uninstalling). This is a deep-dive approach that really suits application developers but not necessarily corporate system administrators.

For example, the following questions are raised when conducting dynamic analysis testing scenarios.

  1. Do you need to test/exercise/run your applications for a period of time (months/weeks) ?
  2. Do you need to install an agent?
  3. Do you need to create model office? (workstations, power, networking, OS config)? 
  4. Do you need to install the application and configure it?
  5. Do you need to spend 4, 8, 24 hours testing your applications?
  6. Can you capture the testing data and then re-analyse the results for other platforms? 64-bit, App-V, Citrix, RDS, Office 2010, Internet Explorer 8/9?
  7. How do you create consistent test results from other testers and locations?
  8. Do you need access to back-end systems and databases?
  9. Do you need to acquire/configure/install future planned test applications (license issues) ?

And, here are some of the benefits of using the static analysis approach

  • No agent: no change control requirement, no risk to business production environment
  • No applications licenses required, no copyright issues.
  • Applications binary level analysed, not installed or run
  • Application data-capture and analysis in minutes - Vastly improved reporting time
  • Applications can be cross-tested against different technologies and platforms


Of course, I have a bias here. And, I promise to post more on the strengths and weaknesses of both approaches.

1 comment:

Anonymous said...

But static analysis only covers the surface of compatibility problems. What about those custom actions often used in setups? They can execute ANYTHING you don't know about in the installation process whon only using the static analysis approach! To be sure you capture all those compatibility and furthermore interoperability issues, you have to use a dynamic testing approach including really executing the setup phase of your applications.