Code integrity

Last updated October 27, 2023

Code integrity is a measurement used in the software delivery lifecycle. It measures how high the source code's quality is when it is passed on to QA, and is affected by how thoroughly the code was processed by correctness-checking processes (whether manual or automatic). Examples for such correctness-checking processes can be unit testing and integration testing, code review, test automation, AI-based code analysis etc.^[1] Code integrity is the combination of applying code correctness processes (software quality) along with metrics that measure the completeness of these correctness-checking processes, such as, for example, code coverage. While code integrity is usually achieved by unit testing the source code to reach high code coverage, it is definitely not the only way, or the best way, to achieve code integrity. In fact, code coverage, a popular metric to measure the thoroughness of unit tests, is known to have a limited correlation with the measure of real code integrity.^[2]

Developer's confidence

Code integrity is not just about the correctness of the code, but also about developers’ confidence regarding correctness of their code. With code integrity, the developer can be sure that his/her code is written correctly when passed on to QA. This is, in fact, the expected quality level of the code. Code integrity helps developers and companies release better products, with fewer bugs, in a shorter time.^[3]

Shift-left testing and shift-left code integrity

Companies who practice code integrity avoid the classic scenario where the development stage is delayed, delaying the QA stage, delaying the release stage. Products of companies that do not adopt code integrity are released with more bugs (due to time pressure), users report tons of bugs back to the development team, and they start working on version 1.1 shortly after releasing version 1.0, just to fix bugs that could have been avoided.^{[ citation needed ]}

Shift-left testing is a method to perform related testing during the initial processes of software development, since the QA department cannot measure the code's integrity even after all their tests are run. Shift-left testing and code integrity are tightly connected but integrity consists not only of the testing part of the job which is a sub-task of the larger process of shift-left code integrity. This process not only applies more unit tests along with higher code coverage, but also involves various other correctness-checking processes against relevant data.^[4] Here are some examples:

Unit testing of the code
Integration testing
Code review
AI-based code analysis
Automatic testing
Assigning a code integrity manager

Examples of correctness-checking completeness metrics

Pure code integrity metric formulation is: 1 − (Non-covered bugs) / (Total bugs), In words: the perfect code integrity minus the number of bugs that weren't covered by unit testing, divided by the total bugs found during the entire product cycle including development, is the code not in integrity.
Different types of code coverage (line-coverage, branch-coverage etc.)
Mutation testing

Advantages of shift-left code integrity

Shorter development time - bugs that are found during the development stage are fixed faster and easier than bugs found in later stages.
Lower development costs – It's cheaper to fix bugs that are found during the development stage than in later stages.
Confidence in your code's quality – Releasing products with high code integrity means more positive feedback from your customers.
Makes the QA's work much more efficient – The QA concentrates on testing the system, without worrying about bugs that could have been easily found through proper unit testing.

Shift-left code integrity enablement

This concept is based on the fact that developers would be able to make full use of the technological advantage if they have the relevant testing tools available to them from the start. As newer software become more and more complex and includes more dependencies, including the right side of the V-model in developers' roles will help them to assume control of the unit testing & integration processes.^[3]^[5] The result will allow developers to bring up complete environments in many software companies. This trend is expected to continue because in many cases it is impossible to perform unit/integration testing without the full system's context.^[6]

Related Research Articles

Software testing is the act of examining the artifacts and the behavior of the software under test by validation and verification. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include, but are not necessarily limited to:

Regression testing is re-running functional and non-functional tests to ensure that previously developed and tested software still performs as expected after a change. If not, that would be called a regression.

A sanity check or sanity test is a basic test to quickly evaluate whether a claim or the result of a calculation can possibly be true. It is a simple check to see if the produced material is rational. The point of a sanity test is to rule out certain classes of obviously false results, not to catch every possible error. A rule-of-thumb or back-of-the-envelope calculation may be checked to perform the test. The advantage of performing an initial sanity test is that of speedily evaluating basic function.

In computer programming, unit testing is a software testing method by which individual units of source code—sets of one or more computer program modules together with associated control data, usage procedures, and operating procedures—are tested to determine whether they are fit for use. It is a standard step in development and implementation approaches such as Agile.

Quality assurance (QA) is the term used in both manufacturing and service industries to describe the systematic efforts taken to assure that the product(s) delivered to customer(s) meet with the contractual and other agreed upon performance, design, reliability, and maintainability expectations of that customer. The core purpose of Quality Assurance is to prevent mistakes and defects in the development and production of both manufactured products, such as automobiles and shoes, and delivered services, such as automotive repair and athletic shoe design. Assuring quality and therefore avoiding problems and delays when delivering products or services to customers is what ISO 9000 defines as that "part of quality management focused on providing confidence that quality requirements will be fulfilled". This defect prevention aspect of quality assurance differs from the defect detection aspect of quality control and has been referred to as a shift left since it focuses on quality efforts earlier in product development and production and on avoiding defects in the first place rather than correcting them after the fact.

Test-driven development (TDD) is a software development process relying on software requirements being converted to test cases before software is fully developed, and tracking all software development by repeatedly testing the software against all test cases. This is as opposed to software being developed first and test cases created later.

In software project management, software testing, and software engineering, verification and validation (V&V) is the process of checking that a software system meets specifications and requirements so that it fulfills its intended purpose. It may also be referred to as software quality control. It is normally the responsibility of software testers as part of the software development lifecycle. In simple terms, software verification is: "Assuming we should build X, does our software achieve its goals without any bugs or gaps?" On the other hand, software validation is: "Was X what we should have built? Does X meet the high-level requirements?"

In software testing, test automation is the use of software separate from the software being tested to control the execution of tests and the comparison of actual outcomes with predicted outcomes. Test automation can automate some repetitive but necessary tasks in a formalized testing process already in place, or perform additional testing that would be difficult to do manually. Test automation is critical for continuous delivery and continuous testing.

In the context of software engineering, software quality refers to two related but distinct notions:

In software engineering, continuous integration (CI) is the practice of merging all developers' working copies to a shared mainline several times a day. Nowadays it is typically implemented in such a way that it triggers an automated build with testing. Grady Booch first proposed the term CI in his 1991 method, although he did not advocate integrating several times a day. Extreme programming (XP) adopted the concept of CI and did advocate integrating more than once per day – perhaps as many as tens of times per day.

Game testing, also called quality assurance (QA) testing within the video game industry, is a subset of game development that involves a software testing process for quality control of video games. The primary function of game testing is the discovery and documentation of software defects. Interactive entertainment software testing is a highly technical field requiring computing expertise, analytic competence, critical evaluation skills, and endurance. In recent years the field of game testing has come under fire for being extremely strenuous and unrewarding, both financially and emotionally.

Parasoft DTP is a development testing solution from Parasoft that acts as a centralized hub for managing software quality and application security. DTP provides a wide range of traditional software reports from normal software development activities, such as coding and testing, and is also able to aggregate data from various software testing practices to present a comprehensive view of the state of the codebase. DTP provides software testing analytics via an internal intelligence engine.

Continuous testing is the process of executing automated tests as part of the software delivery pipeline to obtain immediate feedback on the business risks associated with a software release candidate. Continuous testing was originally proposed as a way of reducing waiting time for feedback to developers by introducing development environment-triggered tests as well as more traditional developer/tester-triggered tests.

Database testing usually consists of a layered process, including the user interface (UI) layer, the business layer, the data access layer and the database itself. The UI layer deals with the interface design of the database, while the business layer includes databases supporting business strategies.

Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development practices that are part of development testing, including static code analysis, dynamic code analysis, unit test case generation and execution, code coverage analysis, regression testing, runtime error detection, requirements traceability, and code review. It's a commercial tool that supports operation on Linux, Windows, and Solaris platforms as well as support for on-target embedded testing and cross compilers.

Development testing is a software development process that involves synchronized application of a broad spectrum of defect prevention and detection strategies in order to reduce software development risks, time, and costs.

Cantata++, or simply Cantata in newer versions, is a commercial computer program for dynamic testing, specifically unit testing and integration testing, and code coverage at run time of C and C++ programs. It is developed and sold by QA Systems, and was formerly a product of IPL Information Processing Ltd.

In software deployment, an environment or tier is a computer system or set of systems in which a computer program or software component is deployed and executed. In simple cases, such as developing and immediately executing a program on the same machine, there may be a single environment, but in industrial use, the development environment and production environment are separated, often with several stages in between. This structured release management process allows phased deployment (rollout), testing, and rollback in case of problems.

This article discusses a set of tactics useful in software testing. It is intended as a comprehensive list of tactical approaches to Software Quality Assurance (more widely colloquially known as Quality Assurance and general application of the test method.

TestOps refers to the discipline of managing the operational aspects of testing within the software delivery lifecycle.

References

↑ Sharma, Tushar; Kechagia, Maria; Georgiou, Stefanos; Tiwari, Rohit; Vats, Indira; Moazen, Hadi; Sarro, Federica (2021). "A Survey on Machine Learning Techniques for Source Code Analysis". arXiv: 2110.09610 [cs.SE].
↑ Hemmati, Hadi (2015). "How Effective Are Code Coverage Criteria?". 2015 IEEE International Conference on Software Quality, Reliability and Security. pp. 151–156. doi:10.1109/QRS.2015.30. ISBN 978-1-4673-7989-2. S2CID 7305779 . Retrieved 15 March 2023.
1 2 Gadi Zimerman (11 November 2022). "Tests are not enough – Why code integrity matters?" . Retrieved 16 March 2023.
↑ Bjerke-Gulstuen, Kristian; Larsen, Emil Wiik; Stålhane, Tor; Dingsøyr, Torgeir (2015). "High Level Test Driven Development – Shift Left". Agile Processes in Software Engineering and Extreme Programming. Lecture Notes in Business Information Processing. Vol. 212. pp. 239–247. doi:10.1007/978-3-319-18612-2_23. ISBN 978-3-319-18611-5 . Retrieved 15 March 2023.
↑ Rook, Paul, E. Rook (1986). "Controlling software projects". Software Engineering Journal. 1 (1): 7–16. doi:10.1049/sej.1986.0003 . Retrieved 15 March 2023.{{cite journal}}: CS1 maint: multiple names: authors list (link)
↑ Mowad, Abrar Mohammad; Fawareh, Hamed; Hassan, Mohammad A. (2022). "Effect of Using Continuous Integration (CI) and Continuous Delivery (CD) Deployment in DevOps to reduce the Gap between Developer and Operation". 2022 International Arab Conference on Information Technology (ACIT). pp. 1–8. doi:10.1109/ACIT57182.2022.9994139. ISBN 979-8-3503-2024-4. S2CID 255419041 . Retrieved 15 March 2023.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Sharma, Tushar; Kechagia, Maria; Georgiou, Stefanos; Tiwari, Rohit; Vats, Indira; Moazen, Hadi; Sarro, Federica (2021). "A Survey on Machine Learning Techniques for Source Code Analysis". arXiv: 2110.09610 [cs.SE].

[2] Hemmati, Hadi (2015). "How Effective Are Code Coverage Criteria?". 2015 IEEE International Conference on Software Quality, Reliability and Security. pp. 151–156. doi:10.1109/QRS.2015.30. ISBN 978-1-4673-7989-2. S2CID 7305779 . Retrieved 15 March 2023.

[wim-3] 1 2 Gadi Zimerman (11 November 2022). "Tests are not enough – Why code integrity matters?" . Retrieved 16 March 2023.

[4] Bjerke-Gulstuen, Kristian; Larsen, Emil Wiik; Stålhane, Tor; Dingsøyr, Torgeir (2015). "High Level Test Driven Development – Shift Left". Agile Processes in Software Engineering and Extreme Programming. Lecture Notes in Business Information Processing. Vol. 212. pp. 239–247. doi:10.1007/978-3-319-18612-2_23. ISBN 978-3-319-18611-5 . Retrieved 15 March 2023.

[5] Rook, Paul, E. Rook (1986). "Controlling software projects". Software Engineering Journal. 1 (1): 7–16. doi:10.1049/sej.1986.0003 . Retrieved 15 March 2023.{{cite journal}}: CS1 maint: multiple names: authors list (link)

[6] Mowad, Abrar Mohammad; Fawareh, Hamed; Hassan, Mohammad A. (2022). "Effect of Using Continuous Integration (CI) and Continuous Delivery (CD) Deployment in DevOps to reduce the Gap between Developer and Operation". 2022 International Arab Conference on Information Technology (ACIT). pp. 1–8. doi:10.1109/ACIT57182.2022.9994139. ISBN 979-8-3503-2024-4. S2CID 255419041 . Retrieved 15 March 2023.

[1]

[2]

[3]

[4]

[5]

[6]