Code integrity

Last updated October 18, 2024

Code integrity is a measurement used in the software delivery lifecycle. It measures how high the source code's quality is when it is passed on to QA, and is affected by how thoroughly the code was processed by correctness-checking processes (whether manual or automatic). Examples for such correctness-checking processes can be unit testing and integration testing, code review, test automation, AI-based code analysis etc.^[1] Code integrity is the combination of applying code correctness processes (software quality) along with metrics that measure the completeness of these correctness-checking processes, such as, for example, code coverage. While code integrity is usually achieved by unit testing the source code to reach high code coverage, it is definitely not the only way, or the best way, to achieve code integrity. In fact, code coverage, a popular metric to measure the thoroughness of unit tests, is known to have a limited correlation with the measure of real code integrity.^[2]

Developer's confidence

Code integrity is not just about the correctness of the code, but also about developers’ confidence regarding correctness of their code. With code integrity, the developer can be sure that his/her code is written correctly when passed on to QA. This is, in fact, the expected quality level of the code. Code integrity helps developers and companies release better products, with fewer bugs, in a shorter time.^[3]

Shift-left testing and shift-left code integrity

Companies that practice code integrity avoid the classic scenario where the development stage is delayed, delaying the QA stage, delaying the release stage. Products of companies that do not adopt code integrity are released with more bugs (due to time pressure), users report tons of bugs back to the development team, and they start working on version 1.1 shortly after releasing version 1.0, just to fix bugs that could have been avoided.^{[ citation needed ]}

Shift-left testing is a method to perform related testing during the initial processes of software development, since the QA department cannot measure the code's integrity even after all their tests are run. Shift-left testing and code integrity are tightly connected but integrity consists not only of the testing part of the job which is a sub-task of the larger process of shift-left code integrity. This process not only applies more unit tests along with higher code coverage, but also involves various other correctness-checking processes against relevant data.^[4] Here are some examples:^{[ citation needed ]}

Unit testing of the code
Integration testing
Code review
AI-based code analysis
Automatic testing
Assigning a code integrity manager

Examples of correctness-checking completeness metrics

Pure code integrity metric formulation is: 1 − (Non-covered bugs) / (Total bugs), In words: the perfect code integrity minus the number of bugs that weren't covered by unit testing, divided by the total bugs found during the entire product cycle including development, is the code not in integrity.
Different types of code coverage (line-coverage, branch-coverage etc.)
Mutation testing

Advantages of shift-left code integrity

Shorter development time - bugs that are found during the development stage are fixed faster and easier than bugs found in later stages.
Lower development costs – It's cheaper to fix bugs that are found during the development stage than in later stages.
Confidence in your code's quality – Releasing products with high code integrity means more positive feedback from your customers.
Makes the QA's work much more efficient – The QA concentrates on testing the system, without worrying about bugs that could have been easily found through proper unit testing.

Shift-left code integrity enablement

This concept is based on the fact that developers would be able to make full use of the technological advantage if they have the relevant testing tools available to them from the start. As newer software become more and more complex and includes more dependencies, including the right side of the V-model in developers' roles will help them to assume control of the unit testing & integration processes.^[3]^[5] The result will allow developers to bring up complete environments in many software companies. This trend is expected to continue because in many cases it is impossible to perform unit/integration testing without the full system's context.^[6]

Related Research Articles

<span class="mw-page-title-main">Software testing</span> Checking software against a standard

Software testing is the act of checking whether software satisfies expectations.

Regression testing is re-running functional and non-functional tests to ensure that previously developed and tested software still performs as expected after a change. If not, that would be called a regression.

A sanity check or sanity test is a basic test to quickly evaluate whether a claim or the result of a calculation can possibly be true. It is a simple check to see if the produced material is rational. The point of a sanity test is to rule out certain classes of obviously false results, not to catch every possible error. A rule-of-thumb or back-of-the-envelope calculation may be checked to perform the test. The advantage of performing an initial sanity test is that of speedily evaluating basic function.

A software company is an organisation — owned either by the state or private — established for profit whose primary products are various forms of software, software technology, distribution, and software product development. They make up the software industry.

Unit testing, a.k.a. component or module testing, is a form of software testing by which isolated source code is tested to validate expected behavior.

Software development is the process used to create software. Programming and maintaining the source code is the central step of this process, but it also includes conceiving the project, evaluating its feasibility, analyzing the business requirements, software design, testing, to release. Software engineering, in addition to development, also includes project management, employee management, and other overhead functions. Software development may be sequential, in which each step is complete before the next begins, but iterative development methods where multiple steps can be executed at once and earlier steps can be revisited have also been devised to improve flexibility, efficiency, and scheduling.

Quality assurance (QA) is the term used in both manufacturing and service industries to describe the systematic efforts taken to assure that the product(s) delivered to customer(s) meet with the contractual and other agreed upon performance, design, reliability, and maintainability expectations of that customer. The core purpose of Quality Assurance is to prevent mistakes and defects in the development and production of both manufactured products, such as automobiles and shoes, and delivered services, such as automotive repair and athletic shoe design. Assuring quality and therefore avoiding problems and delays when delivering products or services to customers is what ISO 9000 defines as that "part of quality management focused on providing confidence that quality requirements will be fulfilled". This defect prevention aspect of quality assurance differs from the defect detection aspect of quality control and has been referred to as a shift left since it focuses on quality efforts earlier in product development and production and on avoiding defects in the first place rather than correcting them after the fact.

Test-driven development (TDD) is a way of writing code that involves writing an automated unit-level test case that fails, then writing just enough code to make the test pass, then refactoring both the test code and the production code, then repeating with another new test case.

In software project management, software testing, and software engineering, verification and validation is the process of checking that a software engineer system meets specifications and requirements so that it fulfills its intended purpose. It may also be referred to as software quality control. It is normally the responsibility of software testers as part of the software development lifecycle. In simple terms, software verification is: "Assuming we should build X, does our software achieve its goals without any bugs or gaps?" On the other hand, software validation is: "Was X what we should have built? Does X meet the high-level requirements?"

In the context of software engineering, software quality refers to two related but distinct notions:

Continuous integration (CI) is the practice of integrating source code changes frequently and ensuring that the integrated codebase is in a workable state.

Game testing, also called quality assurance (QA) testing within the video game industry, is a software testing process for quality control of video games. The primary function of game testing is the discovery and documentation of software defects. Interactive entertainment software testing is a highly technical field requiring computing expertise, analytic competence, critical evaluation skills, and endurance. In recent years the field of game testing has come under fire for being extremely strenuous and unrewarding, both financially and emotionally.

Continuous testing is the process of executing automated tests as part of the software delivery pipeline to obtain immediate feedback on the business risks associated with a software release candidate. Continuous testing was originally proposed as a way of reducing waiting time for feedback to developers by introducing development environment-triggered tests as well as more traditional developer/tester-triggered tests.

Database testing usually consists of a layered process, including the user interface (UI) layer, the business layer, the data access layer and the database itself. The UI layer deals with the interface design of the database, while the business layer includes databases supporting business strategies.

Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development practices that are part of development testing, including static code analysis, dynamic code analysis, unit test case generation and execution, code coverage analysis, regression testing, runtime error detection, requirements traceability, and code review. It's a commercial tool that supports operation on Linux, Windows, and Solaris platforms as well as support for on-target embedded testing and cross compilers.

Development testing is a software development process that involves synchronized application of a broad spectrum of defect prevention and detection strategies in order to reduce software development risks, time, and costs.

Cantata++, commonly referred to as Cantata in newer versions, is a commercial computer program designed for dynamic testing, with a focus on unit testing and integration testing, as well as run time code coverage analysis for C and C++ programs. It is developed and marketed by QA Systems, a multinational company with headquarters in Waiblingen, Germany.

In software deployment, an environment or tier is a computer system or set of systems in which a computer program or software component is deployed and executed. In simple cases, such as developing and immediately executing a program on the same machine, there may be a single environment, but in industrial use, the development environment and production environment are separated, often with several stages in between. This structured release management process allows phased deployment (rollout), testing, and rollback in case of problems.

This article discusses a set of tactics useful in software testing. It is intended as a comprehensive list of tactical approaches to software quality assurance and general application of the test method.

TestOps refers to the discipline of managing the operational aspects of testing within the software delivery lifecycle.

References

↑ Sharma, Tushar; Kechagia, Maria; Georgiou, Stefanos; Tiwari, Rohit; Vats, Indira; Moazen, Hadi; Sarro, Federica (2021). "A Survey on Machine Learning Techniques for Source Code Analysis". arXiv: 2110.09610 [cs.SE].
↑ Hemmati, Hadi (2015). "How Effective Are Code Coverage Criteria?". 2015 IEEE International Conference on Software Quality, Reliability and Security. pp. 151–156. doi:10.1109/QRS.2015.30. ISBN 978-1-4673-7989-2. S2CID 7305779 . Retrieved 15 March 2023.
1 2 Gadi Zimerman (11 November 2022). "Tests are not enough – Why code integrity matters?" . Retrieved 16 March 2023.
↑ Bjerke-Gulstuen, Kristian; Larsen, Emil Wiik; Stålhane, Tor; Dingsøyr, Torgeir (2015). "High Level Test Driven Development – Shift Left". Agile Processes in Software Engineering and Extreme Programming. Lecture Notes in Business Information Processing. Vol. 212. pp. 239–247. doi:10.1007/978-3-319-18612-2_23. ISBN 978-3-319-18611-5 . Retrieved 15 March 2023.
↑ Rook, Paul, E. Rook (1986). "Controlling software projects". Software Engineering Journal. 1 (1): 7–16. doi:10.1049/sej.1986.0003 . Retrieved 15 March 2023.{{cite journal}}: CS1 maint: multiple names: authors list (link)
↑ Mowad, Abrar Mohammad; Fawareh, Hamed; Hassan, Mohammad A. (2022). "Effect of Using Continuous Integration (CI) and Continuous Delivery (CD) Deployment in DevOps to reduce the Gap between Developer and Operation". 2022 International Arab Conference on Information Technology (ACIT). pp. 1–8. doi:10.1109/ACIT57182.2022.9994139. ISBN 979-8-3503-2024-4. S2CID 255419041 . Retrieved 15 March 2023.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Sharma, Tushar; Kechagia, Maria; Georgiou, Stefanos; Tiwari, Rohit; Vats, Indira; Moazen, Hadi; Sarro, Federica (2021). "A Survey on Machine Learning Techniques for Source Code Analysis". arXiv: 2110.09610 [cs.SE].

[2] Hemmati, Hadi (2015). "How Effective Are Code Coverage Criteria?". 2015 IEEE International Conference on Software Quality, Reliability and Security. pp. 151–156. doi:10.1109/QRS.2015.30. ISBN 978-1-4673-7989-2. S2CID 7305779 . Retrieved 15 March 2023.

[wim-3] 1 2 Gadi Zimerman (11 November 2022). "Tests are not enough – Why code integrity matters?" . Retrieved 16 March 2023.

[4] Bjerke-Gulstuen, Kristian; Larsen, Emil Wiik; Stålhane, Tor; Dingsøyr, Torgeir (2015). "High Level Test Driven Development – Shift Left". Agile Processes in Software Engineering and Extreme Programming. Lecture Notes in Business Information Processing. Vol. 212. pp. 239–247. doi:10.1007/978-3-319-18612-2_23. ISBN 978-3-319-18611-5 . Retrieved 15 March 2023.

[5] Rook, Paul, E. Rook (1986). "Controlling software projects". Software Engineering Journal. 1 (1): 7–16. doi:10.1049/sej.1986.0003 . Retrieved 15 March 2023.{{cite journal}}: CS1 maint: multiple names: authors list (link)

[6] Mowad, Abrar Mohammad; Fawareh, Hamed; Hassan, Mohammad A. (2022). "Effect of Using Continuous Integration (CI) and Continuous Delivery (CD) Deployment in DevOps to reduce the Gap between Developer and Operation". 2022 International Arab Conference on Information Technology (ACIT). pp. 1–8. doi:10.1109/ACIT57182.2022.9994139. ISBN 979-8-3503-2024-4. S2CID 255419041 . Retrieved 15 March 2023.

[1]

[2]

[3]

[4]

[5]

[6]