Development testing

Last updated

Development testing is a software development process that involves synchronized application of a broad spectrum of defect prevention and detection strategies in order to reduce software development risks, time, and costs.

Contents

Depending on the organization's expectations for software development, development testing might include static code analysis, data flow analysis, metrics analysis, peer code reviews, unit testing, code coverage analysis, traceability, and other software verification practices.

Overview

Development testing is performed by the software developer or engineer during the construction phase of the software development lifecycle. [1]

Rather than replace traditional QA focuses, it augments it. [2] Development testing aims to eliminate construction errors before code is promoted to QA; this strategy is intended to increase the quality of the resulting software as well as the efficiency of the overall development and QA process. [3]

Purposes and benefits

Development testing is applied for the following main purposes:

VDC research reports that the standardized implementation of development testing processes within an overarching standardized process not only improves software quality (by aligning development activities with proven best practices) but also increases project predictability. [4] voke research reports that development testing makes software more predictable, traceable, visible, and transparent throughout the software development lifecycle. [2]

Key principles

In each of the above applications, development testing starts by defining policies that express the organization's expectations for reliability, security, performance, and regulatory compliance. Then, after the team is trained on these policies, development testing practices are implemented to align software development activities with these policies. [5] These development testing practices include:

The emphasis on applying a broad spectrum of defect prevention and defect detection practices is based on the premise that different development testing techniques are tuned to expose different types of defects at different points in the software development lifecycle, so applying multiple techniques in concert decreases the risk of defects slipping through the cracks. [3] The importance of applying broad set of practices is confirmed by Boehm and Basili in the often-referenced "Software Defect Reduction Top 10 List." [7]

Static analysis

The term "development testing" has occasionally been used to describe the application of static analysis tools. Numerous industry leaders have taken issue with this conflation because static analysis is not technically testing; even static analysis that "covers" every line of code is incapable of validating that the code does what it is supposed to do—or of exposing certain types of defects or security vulnerabilities that manifest themselves only as software is dynamically executed. Although many warn that static analysis alone should not be considered a silver bullet or panacea, most industry experts agree that static analysis is a proven method for eliminating many security, reliability, and performance defects. In other words, while static analysis is not the same as development testing, it is commonly considered a component of development testing. [8] [9]

Additional activities

In addition to various implementations of static analysis, such as flow analysis, and unit testing, development testing also includes peer code review as a primary quality activity. Code review is widely considered one of the most effective defect detection and prevention methods in software development. [10]

See also

Related Research Articles

In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.

Software testing is the act of examining the artifacts and the behavior of the software under test by validation and verification. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include, but are not limited to:

Quality assurance (QA) is the term used in both manufacturing and service industries to describe the systematic efforts taken to assure that the product(s) delivered to customer(s) meet with the contractual and other agreed upon performance, design, reliability, and maintainability expectations of that customer. The core purpose of Quality Assurance is to prevent mistakes and defects in the development and production of both manufactured products, such as automobiles and shoes, and delivered services, such as automotive repair and athletic shoe design. Assuring quality and therefore avoiding problems and delays when delivering products or services to customers is what ISO 9000 defines as that "part of quality management focused on providing confidence that quality requirements will be fulfilled". This defect prevention aspect of quality assurance differs from the defect detection aspect of quality control and has been referred to as a shift left since it focuses on quality efforts earlier in product development and production and on avoiding defects in the first place rather than correcting them after the fact.

The following outline is provided as an overview of and topical guide to software engineering:

Code review is a software quality assurance activity in which one or more people check a program, mainly by viewing and reading parts of its source code, either after implementation or as an interruption of implementation. At least one of the persons must not have authored the code. The persons performing the checking, excluding the author, are called "reviewers".

Software maintenance in software engineering is the modification of a software product after delivery to correct faults, to improve performance or other attributes.

In the context of software engineering, software quality refers to two related but distinct notions:

Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

In software development, peer review is a type of software review in which a work product is examined by author's colleagues, in order to evaluate the work product's technical content and quality.

<span class="mw-page-title-main">Parasoft</span> Software testing framework

Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.

Parasoft DTP is a development testing and software testing analytics solution from Parasoft that acts as a centralized hub for managing software quality and application security. DTP provides traditional software reports from normal software development activities and is also able to aggregate data from various software testing practices to present an overview of the state of the codebase.

<span class="mw-page-title-main">LDRA</span> Software companies of the United Kingdom

LDRA is a provider of software analysis, and test and requirements traceability tools for the Public and Private sectors, and is a pioneer in static and dynamic software analysis.

Micro Focus Application Lifecycle Management (ALM) is a set of software tools developed and marketed by Micro Focus (previously Hewlett-Packard and Hewlett Packard Enterprise) for application development and testing. It includes tools for requirements management, test planning and functional testing, performance testing (when used with Performance Center), developer management (through integration with developer environments such as Collabnet, TeamForge and Microsoft Visual Studio), and defect management.

Continuous testing is the process of executing automated tests as part of the software delivery pipeline to obtain immediate feedback on the business risks associated with a software release candidate. Continuous testing was originally proposed as a way of reducing waiting time for feedback to developers by introducing development environment-triggered tests as well as more traditional developer/tester-triggered tests.

<span class="mw-page-title-main">Parasoft C/C++test</span> Integrated set of tools

Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development practices that are part of development testing, including static code analysis, dynamic code analysis, unit test case generation and execution, code coverage analysis, regression testing, runtime error detection, requirements traceability, and code review. It's a commercial tool that supports operation on Linux, Windows, and Solaris platforms as well as support for on-target embedded testing and cross compilers.

Cantata++, or simply Cantata in newer versions, is a commercial computer program for dynamic testing, specifically unit testing and integration testing, and code coverage at run time of C and C++ programs. It is developed and sold by QA Systems, and was formerly a product of IPL Information Processing Ltd.

This article discusses a set of tactics useful in software testing. It is intended as a comprehensive list of tactical approaches to Software Quality Assurance (more widely colloquially known as Quality Assurance and general application of the test method.

References

  1. McConnell, Steve (2004). Code Complete (2nd ed.). Microsoft Press. ISBN   0-7356-1967-0.
  2. 1 2 voke Market Mover Array Report: Testing Platforms by Theresa Lanowitz, Lisa Dronzek, voke, June 05, 2012
  3. 1 2 3 4 Kolawa, Adam; Huizinga, Dorota (2007). Automated Defect Prevention: Best Practices in Software Management. Wiley-IEEE Computer Society Press. ISBN   0-470-04212-5.
  4. "Automated Defect Prevention for Embedded Software Quality" white paper by VDC Research
  5. Great expectations for development—with policy automation by Wayne Ariola, SD Times, July 28, 2011
  6. Rethinking Software Development, Testing and Inspection Archived 2013-05-07 at the Wayback Machine by Matthew Heusser , CIO, February 1, 2012
  7. Software Defect Reduction Top 10 List by Barry Boehm and Victor R. Basili, Computer, January 2001
  8. Static Analyzers in Software Engineering Archived 2012-10-15 at the Wayback Machine by Dr. Paul E. Black , CrossTalk: The Journal of Defense Software Engineering, March/April 2009
  9. Top 3 Mistakes with Static Analysis for Embedded and Safety-Critical Development by Arthur Hicken, EE Catalog, September 25, 2012
  10. Satisfying SIL Requirements: Ensuring Functional Safety of E/E/PE Safety-Related Systems Archived 2016-03-04 at the Wayback Machine article on DevelopmentTesting.com