Development testing

Last updated January 27, 2025

Development testing is a software development process that involves synchronized application of a broad spectrum of defect prevention and detection strategies in order to reduce software development risks, time, and costs.

Overview

Development testing is performed by the software developer or engineer during the construction phase of the software development lifecycle.^[1]

Rather than replace traditional QA focuses, it augments it.^[2] Development testing aims to eliminate construction errors before code is promoted to QA; this strategy is intended to increase the quality of the resulting software as well as the efficiency of the overall development and QA process.^[3]

Purposes and benefits

Development testing is applied for the following main purposes:

Quality assurance—To improve the overall development and test process by building quality and security into the software (rather than trying to test defects/vulnerabilities out).
Industry or Regulatory Compliance—To achieve compliance with industry or regulatory compliance initiatives (e.g.., FDA, IEC 62304, DO-178B, DO-178C, ISO 26262, IEC 61508, etc.) that commonly require strict risk reduction as well as bidirectional requirements traceability (e.g., between requirements, tests, code reviews, source code, defects, tasks, etc.)^[3]

VDC research reports that the standardized implementation of development testing processes within an overarching standardized process not only improves software quality (by aligning development activities with proven best practices) but also increases project predictability.^[4] voke research reports that development testing makes software more predictable, traceable, visible, and transparent throughout the software development lifecycle.^[2]

Key principles

In each of the above applications, development testing starts by defining policies that express the organization's expectations for reliability, security, performance, and regulatory compliance. Then, after the team is trained on these policies, development testing practices are implemented to align software development activities with these policies.^[5] These development testing practices include:

Practices that prevent as many defects as possible through a Deming-inspired approach that promotes reducing the opportunity for error via root cause analysis.
Practices that expose defects immediately after they are introduced—when finding and fixing defects is fastest, easiest, and cheapest.^[3]^[6]

The emphasis on applying a broad spectrum of defect prevention and defect detection practices is based on the premise that different development testing techniques are tuned to expose different types of defects at different points in the software development lifecycle, so applying multiple techniques in concert decreases the risk of defects slipping through the cracks.^[3] The importance of applying broad set of practices is confirmed by Boehm and Basili in the often-referenced "Software Defect Reduction Top 10 List."^[7]

Static analysis

The term "development testing" has occasionally been used to describe the application of static analysis tools. Numerous industry leaders have taken issue with this conflation because static analysis is not technically testing; even static analysis that "covers" every line of code is incapable of validating that the code does what it is supposed to do—or of exposing certain types of defects or security vulnerabilities that manifest themselves only as software is dynamically executed. Although many warn that static analysis alone should not be considered a silver bullet or panacea, most industry experts agree that static analysis is a proven method for eliminating many security, reliability, and performance defects. In other words, while static analysis is not the same as development testing, it is commonly considered a component of development testing.^[8]^[9]

Additional activities

In addition to various implementations of static analysis, such as flow analysis, and unit testing, development testing also includes peer code review as a primary quality activity. Code review is widely considered one of the most effective defect detection and prevention methods in software development.^[10]

Related Research Articles

In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment.

<span class="mw-page-title-main">Software testing</span> Checking software against a standard

Software testing is the act of checking whether software satisfies expectations.

Quality assurance (QA) is the term used in both manufacturing and service industries to describe the systematic efforts taken to assure that the product(s) delivered to customer(s) meet with the contractual and other agreed upon performance, design, reliability, and maintainability expectations of that customer. The core purpose of Quality Assurance is to prevent mistakes and defects in the development and production of both manufactured products, such as automobiles and shoes, and delivered services, such as automotive repair and athletic shoe design. Assuring quality and therefore avoiding problems and delays when delivering products or services to customers is what ISO 9000 defines as that "part of quality management focused on providing confidence that quality requirements will be fulfilled". This defect prevention aspect of quality assurance differs from the defect detection aspect of quality control and has been referred to as a shift left since it focuses on quality efforts earlier in product development and production and on avoiding defects in the first place rather than correcting them after the fact.

The following outline is provided as an overview of and topical guide to software engineering:

Code review is a software quality assurance activity in which one or more people examine the source code of a computer program, either after implementation or during the development process. The persons performing the checking, excluding the author, are called "reviewers". At least one reviewer must not be the code's author.

In the context of software engineering, software quality refers to two related but distinct notions:

Application security includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

Software safety is an engineering discipline that aims to ensure that software, which is used in safety-related systems, does not contribute to any hazards such a system might pose. There are numerous standards that govern the way how safety-related software should be developed and assured in various domains. Most of them classify software according to their criticality and propose techniques and measures that should be employed during the development and assurance:

In software development, functional testing is a form of software system testing that verifies whether software matches its design.

Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.

In software engineering, a software development process or software development life cycle (SDLC) is a process of planning and managing software development. It typically involves dividing software development work into smaller, parallel, or sequential steps or sub-processes to improve design and/or product management. The methodology may include the pre-definition of specific deliverables and artifacts that are created and completed by a project team to develop or maintain an application.

ParasoftDTP (PDTP) is a development testing and software testing analytics tool from Parasoft that acts as a centralized hub for managing software quality and application security. The software provides a dashboard which aggregates testing results and allows for compliance verification.

LDRA, previously known as the Liverpool Data Research Associates, is a privately held company producing software analysis, testing, and requirements traceability tools for the public and private sectors. It is involved static and dynamic software analysis.

OpenText ALM (Application Lifecycle Management) is a software suite designed to support application development and management. It provides tools for planning, development, testing, deployment, and maintenance.

Continuous testing is the process of executing automated tests as part of the software delivery pipeline to obtain immediate feedback on the business risks associated with a software release candidate. Continuous testing was originally proposed as a way of reducing waiting time for feedback to developers by introducing development environment-triggered tests as well as more traditional developer/tester-triggered tests.

Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development practices that are part of development testing, including static code analysis, dynamic code analysis, unit test case generation and execution, code coverage analysis, regression testing, runtime error detection, requirements traceability, and code review. It's a commercial tool that supports operation on Linux, Windows, and Solaris platforms as well as support for on-target embedded testing and cross compilers.

Cantata++, commonly referred to as Cantata in newer versions, is a commercial computer program designed for dynamic testing, with a focus on unit testing and integration testing, as well as run time code coverage analysis for C and C++ programs. It is developed and marketed by QA Systems, a multinational company with headquarters in Waiblingen, Germany.

This article discusses a set of tactics useful in software testing. It is intended as a comprehensive list of tactical approaches to software quality assurance and general application of the test method.

References

↑ McConnell, Steve (2004). Code Complete (2nd ed.). Microsoft Press. ISBN 0-7356-1967-0.
1 2 voke Market Mover Array Report: Testing Platforms by Theresa Lanowitz, Lisa Dronzek, voke, June 05, 2012
1 2 3 4 Kolawa, Adam; Huizinga, Dorota (2007). Automated Defect Prevention: Best Practices in Software Management. Wiley-IEEE Computer Society Press. ISBN 978-0-470-04212-0.
↑ "Automated Defect Prevention for Embedded Software Quality" white paper by VDC Research
↑ Great expectations for development—with policy automation by Wayne Ariola, SD Times, July 28, 2011
↑ Rethinking Software Development, Testing and Inspection Archived 2013-05-07 at the Wayback Machine by Matthew Heusser , CIO, February 1, 2012
↑ Software Defect Reduction Top 10 List by Barry Boehm and Victor R. Basili, Computer, January 2001
↑ Static Analyzers in Software Engineering Archived 2012-10-15 at the Wayback Machine by Dr. Paul E. Black , CrossTalk: The Journal of Defense Software Engineering, March/April 2009
↑ Top 3 Mistakes with Static Analysis for Embedded and Safety-Critical Development by Arthur Hicken, EE Catalog, September 25, 2012
↑ Satisfying SIL Requirements: Ensuring Functional Safety of E/E/PE Safety-Related Systems Archived 2016-03-04 at the Wayback Machine article on DevelopmentTesting.com

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[codecomplete-1] McConnell, Steve (2004). Code Complete (2nd ed.). Microsoft Press. ISBN 0-7356-1967-0.

[voke-2] 1 2 voke Market Mover Array Report: Testing Platforms by Theresa Lanowitz, Lisa Dronzek, voke, June 05, 2012

[adp-3] 1 2 3 4 Kolawa, Adam; Huizinga, Dorota (2007). Automated Defect Prevention: Best Practices in Software Management. Wiley-IEEE Computer Society Press. ISBN 978-0-470-04212-0.

[vdc-4] "Automated Defect Prevention for Embedded Software Quality" white paper by VDC Research

[sdtimespolicy-5] Great expectations for development—with policy automation by Wayne Ariola, SD Times, July 28, 2011

[cio-6] Rethinking Software Development, Testing and Inspection Archived 2013-05-07 at the Wayback Machine by Matthew Heusser , CIO, February 1, 2012

[cd.umd-7] Software Defect Reduction Top 10 List by Barry Boehm and Victor R. Basili, Computer, January 2001

[8] Static Analyzers in Software Engineering Archived 2012-10-15 at the Wayback Machine by Dr. Paul E. Black , CrossTalk: The Journal of Defense Software Engineering, March/April 2009

[9] Top 3 Mistakes with Static Analysis for Embedded and Safety-Critical Development by Arthur Hicken, EE Catalog, September 25, 2012

[DevelopmentTesting.com-10] Satisfying SIL Requirements: Ensuring Functional Safety of E/E/PE Safety-Related Systems Archived 2016-03-04 at the Wayback Machine article on DevelopmentTesting.com

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

v t e Software testing
The "box" approach	Black-box testing All-pairs testing Exploratory testing Fuzz testing Model-based testing Scenario testing Grey-box testing White-box testing API testing Mutation testing Static testing
Testing levels	Acceptance testing Integration testing System testing Unit testing
Testing types, techniques, and tactics	A/B testing Benchmark Compatibility testing Concolic testing Concurrent testing Conformance testing Continuous testing Destructive testing Development testing Differential testing Dynamic program analysis Installation testing Negative testing Random testing Regression testing Security testing Smoke testing (software) Software performance testing Stress testing Symbolic execution Test automation Usability testing
See also	Graphical user interface testing Manual testing Orthogonal array testing Pair testing Soak testing Software reliability testing Stress testing Web testing