0 All Slides
0 All Slides
0 All Slides
Software testing
Nguyen Thanh Binh IT Faculty, Danang University of Technology Email: [email protected] Website: www.dut.edu.vn/itf/ntb
Prerequisites
No testing experience needed Some familiarity with the development phases of a project would be helpful. Some mathematics would help
References
1. 2. 3. 4. 5. 6. 7. 8. 9.
10.
Paul Jorgensen, Software Testing-A Craftsman's Approach, CRC Press, 1995. Spyos Xanthakis, Pascal Rgnier, Constantin Karapoulios, Le test des logiciels, Hermes Science, 2000. Hung Q. Nguyen and al., Testing application on the Web, John Wiley & Sons, 2004. Ilene Burnstein, Practical Software Testing, Springer, 2003. Glenford J. Myers, The art of software testing, Wiley, 2004. Cem Kaner, Jack Falk, Hung Q. Nguyen, Testing Computer Software, 2nd Edition, John Wiley & Sons, 1999. Boris Beizer, Software Testing Techniques, International Thomson Computer Press, Second Edition, 1990. Neil Bitzenhofer, Software Testing and Verification, Course, MSSE, 2008. Paul Ammann and Jeff Offutt, Introduction to Software Testing, Cambridge University Press, Cambridge, UK, ISBN 0-52188-038-1, 2008. Mauro Pezz, Michal Young, Software Testing and Analysis: Process, Principles, and Techniques, John Wiley & Sons.
3
22/08/2011
Course description
Cover both theoretical and practical aspects of testing software The student will participate in the entire range of test activities:
Analyze a requirements document for test conditions Write a test plan Design, create and execute test cases using various testing approaches Record defects Write a test report
4
Contents
Session 1: Introductory lecture
Introductions and expectations Course overview Contents
Contents
Session 2: Introduction to Software Testing
Definitions, Principles, Axioms Stages of testing Perspectives on Software Testing
22/08/2011
Contents
Session 3: Requirements analysis
Software Development Life Cycle (SDLC) Software Development stage
Requirements
Some examples
Contents
Session 4
Exercise 1: Examining requirements
Contents
Session 5: Structural Testing
White box testing / Structural testing Graph Theory Control flow criteria Data flow criteria Graph Coverage for Source Code
Testing State Behavior
22/08/2011
Contents
Session 6: Static Testing
Reviews and the test process Types of review Static analysis
10
Contents
Session 7: Functional Testing
Introduction to functional testing Functional testing techniques
Boundary Value testing Equivalence Class testing Special Value testing Decision Tables
11
Contents
Session 8: Test Documentation
Test Plan
The need for test plans The structure of test plans A Test Plan Template A Test Plan example Testing on a large project
Test Cases
Test Case Design Test Case Examples
12
22/08/2011
Contents
Session 9 Exercise 2: Writing a test plan and test cases
13
Contents
Session 10: Levels of Testing
Levels of Testing
Integration Testing System Testing
14
Contents
Session 11: Defect Reports/Test Reports
Handling Defects Bug Tracking System Test Reports Examples
15
22/08/2011
Contents
Session 12: Test Automation and Tools
Test Automation Test tools
16
Why test?
List of 107 software failures that should have been caught by testing http://www.cs.tau.ac.il/~nachumd/verify/horro r.html One vital consideration from Myers book The Art of Software Testing Mars Climate Orbiter Mars Polar Lander
17
Software Errors
1. 2.
3. 4.
5.
6. 7.
The Mars Climate Orbiter crashed in September 1999 because of a "silly mistake": wrong units in a program. The 1988 shooting down of the Airbus 320 by the USS Vincennes was attributed to the cryptic and misleading output displayed by the tracking software. Death resulted from inadequate testing of the London Ambulance Service software. Several 1985-7 deaths of cancer patients were due to overdoses of radiation resulting from a race condition between concurrent tasks in the Therac-25 software. Errors in medical software have caused deaths. Details in B.W. Boehm, "Software and its Impact: A Quantitative Assessment," Datamation, 19(5), 48-59(1973). An Airbus A320 crashes at an air show. A China Airlines Airbus Industrie A300 crashes on April 26, 1994 killing 264. Recommendations include software modifications.
18
22/08/2011
Software Errors
The Explosion of the Ariane 5
On June 4, 1996 an unmanned Ariane 5 rocket launched by the European Space Agency exploded just forty seconds after its lift-off from Kourou, French Guiana. The rocket was on its first voyage, after a decade of development costing $7 billion. The destroyed rocket and its cargo were valued at $500 million. A board of inquiry investigated the causes of the explosion and in two weeks issued a report. It turned out that the cause of the failure was a software error in the inertial reference system. Specifically a 64 bit floating point number relating to the horizontal velocity of the rocket with respect to the platform was converted to a 16 bit signed integer. The number was larger than 32,767, the largest integer storeable in a 16 bit signed integer, and thus the conversion failed.
19
Software Errors
The Patriot Missile Failure
On February 25, 1991, during the Gulf War, an American Patriot Missile battery in Dharan, Saudi Arabia, failed to track and intercept an incoming Iraqi Scud missile. The Scud struck an American Army barracks, killing 28 soldiers and injuring around 100 other people. A report of the General Accounting office, GAO/IMTEC-92-26, entitled Patriot Missile Defense: Software Problem Led to System Failure at Dhahran, Saudi Arabia reported on the cause of the failure. It turns out that the cause was an inaccurate calculation of the time since boot due to computer arithmetic errors. Specifically, the time in tenths of second as measured by the system's internal clock was multiplied by 1/10 to produce the time in seconds. This calculation was performed using a 24 bit fixed point register. In particular, the value 1/10, which has a non-terminating binary expansion, was chopped at 24 bits after the radix point. The small chopping error, when multiplied by the large number giving the time in tenths of a second, led to a significant error. Indeed, the Patriot battery had been up around 100 hours, and an easy calculation shows that the resulting time error due to the magnified chopping error was about 0.34 seconds. A Scud travels at about 1,676 meters per second, and so travels more than half a kilometer in this time. This was far enough that the incoming Scud was outside the "range gate" that the Patriot tracked. Ironically, the fact that the bad time calculation had been improved in some parts of the code, but not all, contributed to the problem, since it meant that the inaccuracies did not cancel.
20
Software Errors
Y2K
Spent some billions dollars
21
22/08/2011
22
A Perspective on Testing
More Definitions
Testing the process of finding errors and of validating the program/system Test Case a test case has Inputs Steps Outputs Expected results Process Test plan, Write test cases Run the test cases Evaluate results
23
A Perspective on Testing
Test Cases
Test Cases will be discussed in detail in Session 7 and throughout the course. Testing entails establishing the environment, providing the inputs (running the test case), observing outputs, and comparing to expected outputs. Test Cases are developed, reviewed, used, managed, and saved and hopefully reused!
24
22/08/2011
A Perspective on Testing
Identifying Test Cases
Functional Testing
The program is a function that maps input values to output values The only information used is the software specification In our Venn diagram, the Functional Test Cases are a subset of S Further elaborated on in Part II Math background: Chapter 3 We will discuss in Session 6
25
A Perspective on Testing
Identifying Test Cases
Structural Testing
Uses the information inside the black box the actual implementation In our Venn diagram, the Structural Test Cases are a subset of P. Further elaborated on in Part III of the text Math background: Chapter 4 We will discuss this in Session 4 Main method: Test coverage metrics
26
A Perspective on Testing
Identifying Test Cases
Comparing the two (Functional vs Structural)
We will discuss this in Sessions 4 and 6 If all specified behaviors have not been implemented, structural test cases will never be able to recognize this. Conversely, if the program implements behaviors that have not been specified, this will never be revealed by functional test cases.
27
22/08/2011
A Perspective on Testing
Levels of Testing
Again, this will be covered in detail in Session 2.
Requirements Specification System Testing
Preliminary Design
Integration Testing
Detailed Design
Unit Testing
Coding
28
Testing a Program
A program that we want to test reads in 3 integer values these 3 values are interpreted as the lengths of the sides of a triangle. The program prints a message that states whether the triangle is
Equilateral (all 3 sides equal) Isosceles (exactly 2 of the 3 sides are equal) Scalene (all 3 sides are of a different length)
On a sheet of paper, write specific sets of test data that you feel would adequately test this program.
29
10
22/08/2011
Contents
Definitions, Principles, Axioms Stages of testing Perspectives on Software Testing
31
32
Definitions
Testing Verification Validation Error/Defect Black box testing White box testing
33
11
22/08/2011
35
36
12
22/08/2011
37
38
39
13
22/08/2011
40
41
14
22/08/2011
43
44
45
15
22/08/2011
46
Stages of testing
47
48
16
22/08/2011
49
Unit Test
Performed by the developers White-box testing Should be done with each release to testing Results should be communicated to the Test Group
50
51
17
22/08/2011
52
53
54
18
22/08/2011
55
56
19
22/08/2011
58
Interface Testing
How does a user interact with the program? What input variables are required? What outputs are produced? Extremely important for e-business applications
59
Integration Testing
Integration between software components Integration with the front-end GUIs Integration between a server and its clients Integration between software and hardware Integration between Web services
60
20
22/08/2011
61
62
63
21
22/08/2011
64
65
66
22
22/08/2011
67
68
23
22/08/2011
70
71
72
24
22/08/2011
73
74
75
25
22/08/2011
77
What is Quality?
Quality from the Producers viewpoint: Does the product meet the requirements? Quality from the Customers viewpoint: Fitness for use (reliability, usability, portability, etc.) Quality (one strongly held view): The measure of a products quality is the satisfaction of the customers, not whether it meets a specification
78
26
22/08/2011
79
Premeditation
Written test plans, test scripts, test data, test schedules
Repeatability
Same results every time a result of a mature process
Accountability
Test logs; analysis and interpretation of results
Economy
The cost effectiveness of testing
80
81
27
22/08/2011
Requirements analysis
Contents
Software Development Life Cycle (SDLC) Software Development stage
Requirements
84
28
22/08/2011
85
86
SDLC models
Are a tailored form of SDLC phases. Provide a basis for categorizing and controlling the various activities required to develop and maintain the software system Typical types of SDLC models are
Linear model Iterative model
87
29
22/08/2011
Linear Models
Linear models are suitable for projects where all the requirements are identified and well understood before the design of the software begins. The two types of linear models are:
Waterfall model Prototyping model
88
Waterfall model
Describes the software development process in a linear sequential flow. Defines the software development process in seven phases:
Conception Initiation Analysis Design Construction Integration and testing Implementation and maintenance
89
Waterfall model
90
30
22/08/2011
Prototyping model
Is a sample implementation of the system that shows limited and main functional capabilities of the proposed system. Helps the customer determine how the features will function in the final software.
91
Prototyping model
92
Iterative model
Iterative model is used when the requirements for the software are likely to evolve throughout the development process. The various types of iterative models are
Spiral model Component-based development model Unified process
93
31
22/08/2011
Spiral model
Spiral model
Includes the iterative nature of the prototyping model and the linear nature of the waterfall model. Is ideal for developing software that are released in various versions.
Spiral model
95
96
32
22/08/2011
98
99
33
22/08/2011
101
102
34
22/08/2011
103
104
35
22/08/2011
Software Requirements
According to software engineering theory, software requirements should contain a finite list of behaviors and features, and each requirement should be written to be verifiable. Given a finite list of requirements and a set of completion criteria, requirements-based testing becomes a feasible process.
108
36
22/08/2011
Functionality Requirements
Correctness
Extent to which a program satisfies its specifications and meets customer expectations
Usability Requirements
Ease of use
Measures the effort required to learn, operate, prepare input for, and interpret the output of, a program
111
37
22/08/2011
Reliability Requirements
Frequency and severity of failure - MTBF Recoverability Predictability Accuracy
112
Performance Requirements
Speed Efficiency Resource consumption Throughput Response time
113
Supportability Requirements
Testability Adaptability Maintainability
Effort required to locate and fix errors
Serviceability
Effort required to modify/update a program
Installability Portability
114
38
22/08/2011
Contents
115
Testing Requirements
Usually done by review Are they complete? Are they reasonable? Can they be tested?
116
Requirements Testing
Testing of the requirements Determine all testable requirements Determine all non-testable requirements Write and execute the tests
117
39
22/08/2011
119
Some examples
Some requirements statements Some examples of Test Cases
120
40
22/08/2011
Requirements Example 1
After a high temperature is detected, an alarm must be raised quickly
121
Requirements Example 2
Novice users should be able to learn the interface with little training When thinking about a test for this, ask yourself: What would be the criterion for saying the test passed? failed?
123
41
22/08/2011
Requirements Example 3
There was a hidden requirement in this feature change: The menu option 6. Utilities | 1. Security will now display a new submenu rather than a Security dialog box. The submenu will have 3 items - 1. CSM, 2. CIS, and 3. Options.
124
Requirements Example 4
How many testable requirements are here? The Access Profile choices for 2. CIS and 3. Options will be grayed out unless those options have been purchased and installed.
125
126
42
22/08/2011
If the CIS option is installed, Access Profile choices will be available for CIS If the Options option is installed, Access Profile choices will be available for Options If the CIS option is not installed, Access Profile choices for CIS will not be available If the Options option is not installed, Access Profile choices for Options will not be available
127
Requirements Example 5
An upgraded security system was being installed with enhanced password protection. Here is one requirement: Existing passwords which do not conform to the new restrictions will be reset to the User ID, and a list of those users whose passwords were reset will be generated.
128
Requirements Example 6
Untestable requirement Number of invalid attempts before a user is suspended: This count is reset when a successful logon is completed for the user. The default is that the User will never be suspended. The valid range is from 0 (never) to 10 attempts.
129
43
22/08/2011
130
Requirements Example 7
Vagueness in different disguises: The Advanced Color Module will improve the print quality of the module. The Advanced Color Module firmware will increase the number of color shades per panel from 4 - 9 shades to 25 - 30 shades. The Advanced Color Module will reduce the tiling effects associated with previous modules.
131
Requirements Example 8
A lot of test cases from just one sentence: All new and modified screens will provide online help.
132
44
22/08/2011
Requirements Example 9
The user interface must be easy to use. In case of failure, the system must be easy to recover and must suffer minimum loss of important data.
133
Lessons Learned
Watch for words like always, never, every, etc. They are difficult to verify. Words like must, should, shall, will, has to, etc. signal potential requirements. Watch for hidden or unstated requirements. Watch for vague requirements: high, quickly, better, faster, should be able to. For negative testing, ask What happens if the test case fails? Ask yourself the question: How will I know if the requirement is not met?
134
Structural testing
45
22/08/2011
Contents
White box testing / Structural testing Graph Theory Control flow criteria Data flow criteria Graph Coverage for Source Code
Testing State Behavior
136
137
Pseudonyms: Glass Box, Clear Box, Crystal Box, Structural Testing To distinguish from functional (requirements-based, black-box testing) What do you need for white-box testing?
A white-box testing model and test criteria A white-box test design and generation method Program source code
138
46
22/08/2011
The goal is to
Guarantee that all independent paths within a module have been exercised at least once Exercise all logical decisions one their true and false sides Execute all loops at their boundaries and within their operational bounds Exercise internal data structures to assure their validity Exercise all data define and use paths
140
No guarantees
Executing all control flow elements does not guarantee finding all faults
Execution of a faulty statement may not always result in a failure The state may not be corrupted when the statement is executed with some data values Corrupt state may not propagate through execution to eventually lead to failure
47
22/08/2011
Graph theory
142
Definition of a Graph
A set N of nodes, N is not empty A set N0 of initial nodes, N0 is not empty A set Nf of final nodes, Nf is not empty A set E of edges, each edge from one node to another
( ni , nj ), i is predecessor, j is successor
143
3 N0 = { 0 } Nf = { 3 }
8 N0 = { 0, 1, 2 } Nf = { 7, 8, 9 }
3 N0 = { } Nf = { 144 3}
48
22/08/2011
Paths in Graphs
Path : A sequence of nodes [n1, n2, , nM]
Each pair of nodes is an edge
Subpath : A subsequence of nodes in p is a subpath of p Reach (n) : Subgraph that can be reached from n
0 1 2
Paths [ 0, 3, 7 ] 6
[ 1, 4, 8, 5, 1 ] [ 2, 6, 9 ]
SESE graphs : All test paths start at a single node and end at another node
Single-entry, single-exit N0 and Nf have exactly one node
1 0 2 3
4 6 5
49
22/08/2011
Test Requirements (TR) : Describe properties of test paths Test Criterion : Rules that define test requirements Satisfaction : Given a set TR of test requirements for a
criterion C, a set of tests T satisfies C on a graph if and only if for every test requirement in TR, there is a test path in path(T) that meets the test requirement tr
Control flow (Structural) Coverage Criteria : Defined on a
148
149
50
22/08/2011
edges
NC and EC are only different when there is an edge and
151
than 2 edges
The logical extension is to require all paths
weak compromise is to make the tester decide which paths: Specified Path Coverage (SPC) : TR contains a set S of 152 test paths, where S is supplied as a parameter. parameter.
51
22/08/2011
Loops in Graphs
If a graph contains a loop, it has an infinite number of paths Thus, CPC is not feasible SPC is not satisfactory because the results are subjective and vary with the tester Attempts to deal with loops:
1970s : Execute cycles once ([4, 5, 4] in previous example, informal) 1980s : Execute each loop, exactly once (formalized) 1990s : Execute loops 0 times, once, more than once (informal description) 2000s : Prime paths
154
Prime Path : A simple path that does not appear as a proper subpath of any other simple path
Simple Paths : [ 0, 1, 3, 0 ], [ 0, 2, 3, 0], [ 1, 3, 0, 1 ], [ 2, 3, 0, 2 ], [ 3, 0, 1, 3 ], [ 3, 0, 2, 3 ], [ 1, 3, 0, 2 ], [ 2, 3, 0, 1 ], [ 0, 1, 3 ], [ 0, 2, 3 ], [ 1, 3, 0 ], [ 2, 3, 0 ], [ 3, 0, 1 ], [3, 0, 2 ], [ 0, 1], [ 0, 2 ], [ 1, 3 ], [ 2, 3 ], [ 3, 0 ], [0], [1], [2], [3] Prime Paths : [ 0, 1, 3, 0 ], [ 0, 2, 3, 0], [ 1, 3, 0, 1 ], [ 2, 3, 0, 2 ], [ 3, 0, 1, 3 ], [ 3, 0, 2, 3 ], [ 1, 3, 0, 2 ], 155 [ 2, 3, 0, 1 ]
0 1 3 2
Will tour all paths of length 0, 1, That is, it subsumes node, edge, and edge-pair coverage
156
52
22/08/2011
Round Trips
Round-Trip Path : A prime path that starts and ends at the same node Simple Round Trip Coverage (SRTC) : TR contains at least one roundround-trip path for each reachable node in G that begins and ends a roundround-trip path path. . Complete Round Trip Coverage (CRTC) : TR contains all round-trip paths for each reachable node in G. round These criteria omit nodes and edges that are not in round trips That is, they do not subsume edge-pair, edge, or node coverage
157
158
Prime Paths
159
53
22/08/2011
160
54
22/08/2011
163
AllAll -defs coverage (ADC) : For each set of du du-paths S = du (n, v), TR contains at least one path d in S.
Then we make sure that every def reaches all possible uses
All-uses coverage (AUC) : For each set of duAlldu-paths to uses S = du (ni, nj, v), TR contains at least one path d in S.
Finally, we cover all the paths between defs and uses
AllAll -dudu-paths coverage (ADUPC) : For each set S = du (ni, nj, v), TR contains every path d in S. 164
All-defs for X [ 0, 1, 3, 4 ]
All-uses for X [ 0, 1, 3, 4 ] [ 0, 1, 3, 5 ]
All-du-paths for X [ 0, 1, 3, 4 ] [ 0, 2, 3, 4 ] [ 0, 1, 3, 5 ] [ 0, 2, 3, 5 ]
165
55
22/08/2011
Complete Round Trip Coverage CRTC Simple Round Trip Coverage SRTC
166
167
56
22/08/2011
2 4
x=y
if (x < y) { y = 0; x = x + 1; }
1
x<y y=0 x=x+1
x >= y
3
170
x >= y
171
57
22/08/2011
Loops
Loops require extra nodes to be added Nodes that do not represent statements or basic blocks
172
1 dummy node 2
x<y
x >= y
3
y =f(x,y) x=x+1
x=0
2
x<y x >= y
y = f (x, y)
x=x+1
173
1
c == N
read ( c );
c == Y default
y = 25; break;
3
y = 50; break;
y = 0; break;
5
print (y);
174
58
22/08/2011
175
varsum = 0; i < length for (int i = 0; i < length; i++) i++ 4 { varsum = varsum + ((numbers [ I ] - mean) * (numbers [ I ] - mean)); } var = varsum / ( length - 1.0 ); sd = Math.sqrt ( var ); System.out.println System.out.println System.out.println System.out.println System.out.println } ("length: " + length); ("mean: " + mean); ("median: " + med); ("variance: " + var); ("standard deviation: " + sd);
5 i=0
3 4 5
59
22/08/2011
If a def and a use appear on the same node, then it is only a DUpair if the def occurs after the use and the node is in a loop
178
i=0
3
i < length
i >= length med = numbers [ length / 2 ] mean = sum / (double) length; varsum = 0 i=0 i >= length var = varsum / ( length - 1.0 ) sd = Math.sqrt ( var ) print (length, mean, med, var, sd)
4
sum += numbers [ i ] i++
6
i < length varsum = i++
180
60
22/08/2011
CFG for Stats With Defs & Uses 1 def (1) = { numbers, sum, length }
2
def (2) = { i }
3
use (3, 4) = { i, length }
4
def (4) = { sum, i } use (4) = { sum, numbers, i }
def (5) = { med, mean, varsum, i } use (5) = { numbers, length, sum }
6
use (6, 7) = { i, length }
8
181
Use
61
22/08/2011
5 expect a loop not to be entered 5 require at least one iteration of a loop 2 require at least two iteration of a loop
184
Test Case : numbers = (2, 10, 15) ; length = 3 Test Path : [ 1, 2, 3, 4, 3, 4, 3, 4, 3, 5, 6, 7, 6, 7, 6, 7, 6, 8 ] DU Paths covered
[ 4, 3, 4 ] [ 7, 6, 7 ] The two stars that require at least two iterations of a loop
Other DU paths require arrays with length 0 to skip loops But the method fails with divide by zero on the statement
mean = sum / (double) length; A fault was found
185
186
62
22/08/2011
On
Tropical Storm
circulation = yes windspeed = 39..73 mph
Something Else
circulation = no windspeed = 0..38 mph
Major Hurricane
circulation = yes windspeed >= 110 mph
Hurricane
circulation = yes windspeed 74..109 mph
188
Creating FSMs can help find software problems Numerous languages for expressing FSMs
UML statecharts Automata State tables (SCR) Petri nets
Limitations : FSMs are not always practical for programs that have lots of states (for example, GUIs)
189
63
22/08/2011
Annotations on FSMs
FSMs can be annotated with different types of actions
Actions on transitions Entry actions to nodes Exit actions on nodes
Actions can express changes to variables or conditions on variables These slides use the basics:
Preconditions (guards) : conditions that must be true for transitions to be taken Triggering events : changes to variables that cause transitions to be taken
This is close to the UML Statecharts, but not exactly the same
190
Example Annotations
open elevator door Closed pre: elevSpeed = 0 trigger: openButton = pressed Open
191
Covering FSMs
Node coverage : execute every state (state coverage) Edge coverage : execute every transition (transition coverage) Edge-pair coverage : execute pairs of transitions (transition-pair) Data flow:
Nodes often do not include defs or uses of variables Defs of variables in triggers are used immediately (the next state) Defs and uses are usually computed for guards, or states are extended FSMs typically only model a subset of the variables
64
22/08/2011
Deriving FSMs
With some projects, a FSM (such as a statechart) was created during design
Tester should check to see if the FSM is still current with respect to the implementation
If not, it is very helpful for the tester to derive the FSM Strategies for deriving FSMs from a program:
1. 2. 3. 4.
Combining control flow graphs Using the software structure Modeling state variables Using implicit or explicit specifications Class Watch uses class Time
193
Class Watch
class Watch
// Constant values for the button (inputs) private static final int NEXT = 0; private static final int UP = 1; private static final int DOWN = 2; // Constant values for the state private static final int TIME = 5; private static final int STOPWATCH = 6; private static final int ALARM = 7; // Primary state variable private int mode = TIME; // Three separate times, one for each state private Time watch, stopwatch, alarm;
public Watch () // Constructor public void doTransition (int button) // Handles inputs public String toString () // Converts values
194
// Takes the appropriate transition when a button is pushed. public void doTransition (int button) { switch ( mode ) { case TIME: if (button == NEXT) mode = STOPWATCH; else watch.changeTime (button); break; case STOPWATCH: if (button == NEXT) mode = ALARM; else stopwatch.changeTime (button); break; case ALARM: if (button == NEXT) mode = TIME; else alarm.changeTime (button); break; default: break; } } // end doTransition()
// Increases or decreases the time. // Rolls around when necessary. public void changeTime (int button) { if (button == UP) { minute += 1; if (minute >= 60) { minute = 0; hour += 1; if (hour >= 12) hour = 0; } } else if (button == DOWN) { minute -= 1; if (minute < 0) { minute = 59; hour -= 1; if (hour <= 0) hour = 12; } } } // end changeTime()
195
65
22/08/2011
Watch example
196
changeTime () 1 2 4 6 8 10
4 10
Watch example
198
66
22/08/2011
inDoTransition
inChangeTime
??? Not clear what triggers this button==DOWN / change hour, minute
199
67
22/08/2011
mode : TIME, STOPWATCH, ALARM watch : 12:00, 12:01..12:59, 01:00..11:59 stopwatch : 12:00, 12:01..12:59, 01:00..11:59 alarm : 12:00, 12:01..12:59, 01:00..11:59
Total 3*3*3*3 = 81 states But the three watches are independent, so we only care about 3+3+3 = 9 states (still a messy graph )
202
next nextnext
68
22/08/2011
The disadvantage of FSM testing is that some implementation decisions are not modeled in the FSM
205
Tests can be designed before implementation Analyzing FSMs is much easier than analyzing source
Some implementation decisions are not modeled in the FSM There is some variation in the results because of the subjective nature of deriving FSMs Tests have to mapped to actual inputs to the program the names that appear in the FSM may not be the same as the names in the program
206
Static testing
69
22/08/2011
Contents
Reviews and the test process Types of review Static analysis
208
209
Static testing
Static: Not Dynamic, i.e. you dont execute the code This is the process of testing some documentation products The primary goal of Static Testing is to reduce defects in the software by reducing defects in the documentation from which the software is developed
210
70
22/08/2011
Static techniques
Do not execute code
People techniques
Specific techniques
Desk checking Developer tests his/her own documentation Walkthroughs Developer walks the participants through the documentation Peer Reviews/Inspections More formal documentation is distributed beforehand
211
Benefits of reviews
Development productivity improvement Reduced development timescales Reduced testing time and cost Lifetime cost reductions Reduced fault levels Improved customer relations
212
25% reduction in schedules, remove 80% 95% of faults at each stage, 28 times reduction in maintenance cost, many others
Gilb & Graham, Software Inspection
213
71
22/08/2011
215
Accept. Test
System Test
Integration T
72
22/08/2011
Costs of reviews
Rough guide: 5%-15% of development effort
half day a week is 10%
Types of review
218
Decision-making Review
group discusses document and makes a decision about the content, e.g. how something should be done, go or no-go decision, or technical comments
219
73
22/08/2011
Inspection
formal individual and group checking, using sources and standards, according to generic and specific rules and checklists, using entry and exit criteria, Leader must be trained & certified, metrics required
220
Reviews in general 1
Objectives / goals
validation & verification against specifications & standards achieve consensus (excluding Inspection) process improvement (ideal, included in Inspection)
221
Reviews in general 2
Activities
planning overview / kickoff meeting (Inspection) preparation / individual checking review meeting (not always) follow-up (for some types) metrics recording & analysis (Inspections and sometimes reviews)
222
74
22/08/2011
Reviews in general 3
Roles and responsibilities
Leader / moderator - plans the review / Inspection, chooses participants, helps & encourages, conducts the meeting, performs follow-up, manages metrics Author of the document being reviewed / Inspected Reviewers / Inspectors - specialised fault-finding roles for Inspection Managers - excluded from some types of review, need to plan project time for review / Inspection Others: e.g. Inspection/ review Co-ordinator
223
Reviews in general 4
Deliverables
Changes (edits) in review product Change requests for source documents (predecessor documents to product being reviewed / Inspected) Process improvement suggestions
to the review / Inspection process to the development process which produced the product just reviewed / Inspected
Reviews in general 5
Pitfalls (they dont always work!)
Lack of training in the technique (especially Inspection, the most formal) Lack of or quality of documentation - what is being reviewed / Inspected Lack of management support Failure to improve processes
225
75
22/08/2011
Inspection is different
the document to be reviewed is given out in advance typically dozens of pages to review instructions are "please review this" not just product, sources chunk or sample training, roles
226
Inspection is different
some people have time to look through it and make comments before the meeting (which is difficult to arrange) the meeting often lasts for hours entry criteria to meeting, may not be worth holding
227
Change Request
Process Improvement
Exit Edit
.
Next Software 228 Development Stage
76
22/08/2011
Static analysis
229
77
22/08/2011
Data flow anomaly: n is re-defined without being used Data flow fault: y is used before it has been defined (first time around the loop)
Cyclomatic complexity
cyclomatic complexity is a measure of the complexity of a flow graph
(and therefore the code that the flow graph represents)
the more complex the flow graph, the greater the measure it can most easily be calculated as:
complexity = number of decisions + 1
234
78
22/08/2011
3
235
init do if r=r+1
end
res
if
pass
fail
end
236
79
22/08/2011
Advantages
can find faults difficult to "see" gives objective quality assessment of code
238
Summary
Reviews help to find faults in development and test documentation, and should be applied early Types of review: informal, walkthrough, technical / peer review, Inspection Static analysis can find faults and give information about code without executing
239
Functional testing
80
22/08/2011
Contents
Introduction to functional testing Functional testing techniques
Boundary Value testing Equivalence Class testing Special Value testing Decision Tables
241
242
Functional testing
Functional testing: Deriving test cases from program specifications
Functional refers to the source of information used in test case design, not to what is tested
81
22/08/2011
Systematic (non-uniform):
Try to select inputs that are especially valuable Usually by choosing representatives of classes that are apt to fail often or not at all
245
If we systematically test some cases from each part, we will include the dense parts
Functional testing is one way of drawing pink lines to isolate regions with likely failures 246
82
22/08/2011
247
248
83
22/08/2011
251
2. Select representatives
Representative values of each input, or Representative behaviors of a model
Often simple input/output transformations dont describe a system. We use models in program specification, in program design, and in test design
84
22/08/2011
253
Input: ZIP code (5-digit US Postal code) Output: List of cities What are some representative values (or classes of value) to test?
254
Empty; 1-4 characters; 6 characters; very long Non-digit characters Non-character data
255
85
22/08/2011
256
Examples
257
258
86
22/08/2011
NextDate Function
This program reads in a date in a certain format and prints out the next days date. For example, an input of 03 31 1998 gives an output of 04 01 1998. The year is constrained to lie between 1812 and 2012 inclusive
260
261
87
22/08/2011
263
Boundary/Limits Testing
Test values, sizes or quantities near the design limits Value limits Length limits Volume limits Null strings vs Empty strings Errors tend to occur near the extreme values of inputs Robustness: How does the software react when boundaries are exceeded?
264
88
22/08/2011
265
Robustness testing
Exceed the limits
Worst-case testing
Like boundary value testing above, but discard Single Fault Assumption
267
89
22/08/2011
x(min)
x(min+)
x(nom)
x(max -)
x(max)
Test cases for a variable x, where a x b Experience shows that errors occur more frequently for extreme values of a variable
268
c x1 a
Test cases for variables x1 and x2, where a x1 b and c x2 d
As in reliability theory, two variables rarely assume their extreme values simultaneously.
269
Robustness Testing
An extension of Boundary Value testing: Include values below the minimum value and above the maximum value This is a form of what we call negative testing -- how does the program handle errors in the input? This type of testing may not be possible with some strongly-typed languages, GUIs with fixed palette values or drop-down lists, etc.
270
90
22/08/2011
Robustness Testing
a b x
1. Stress input boundaries 2. Acceptable response for invalid inputs? 3. Leads to exploratory testing (test hackers)
271
c x1 a b
272
Worst-Case Testing
Discard the Single Fault Assumption Allow the input values to simultaneously approach their boundaries
273
91
22/08/2011
275
c x1 a b
276
92
22/08/2011
277
examples
278
93
22/08/2011
280
282
94
22/08/2011
283
Equivalence Classes
Idea
divide the input domain of a program into classes of data derive test cases based on these partitions
If a given set of values all cause the program to behave in exactly the same way, then thats a candidate for an Equivalence Class
284
Equivalence Classes
An equivalence class represents a set of valid or invalid states for input condition An input condition is:
a specific numeric value, a range of values a set of related values, or a Boolean condition
Valid inputs
285
95
22/08/2011
Examples
Area code
input condition, Boolean: the area code may or may not be present input condition, range: value defined between 200 and 900
Password
input condition, Boolean: a password may or may not be present input condition, value: six character string
287
96
22/08/2011
Strong normal
one data point from each class in the cross product of the valid classes
290
291
97
22/08/2011
g f
e d x
292
g f
e d x
293
294
98
22/08/2011
296
297
99
22/08/2011
298
299
300
100
22/08/2011
301
302
303
101
22/08/2011
304
305
306
102
22/08/2011
103
22/08/2011
310
2.
3. 4.
Complex mathematical (or algorithmic) calculations Worst Case situations (similar to robustness) Problematic situations from past experience Second guess the likely implementation
312
104
22/08/2011
313
Experience really helps Done by the customer or user frequently Defies measurement Highly intuitive Seldom repeatable Often, very effective
314
315
105
22/08/2011
Decision Tables
Inputs are interpreted as conditions Outputs are interpreted as actions The columns in a table are rules they show which actions result from which conditions Every rule then becomes a test case Dashes represent dont care conditions
316
a1 a2 Action a3 a4
X X
X X X X X X
317
Rule
F T T T F
T F T F T F F T F
T F X
X X X X
106
22/08/2011
F T T T T T T T T T T -- F T T T T T T T T T -- -- F T T T T T T T T -- -- -- T T T T F F F F -- -- -- T T F F T T F F -- -- -- T F T F T F T F X X X X X X X
Rule 9 is identical to Rule 4 (T, F, F) Since the action entries for rules 4 and 9 are identical, there is no ambiguity, just redundancy.
321
107
22/08/2011
Rule 9 is identical to Rule 4 (T, F, F) Since the action entries for rules 4 and 9 are different there is ambiguity. This table is inconsistent, and the inconsistency implies non-determinism cant tell which rule to apply!
322
2. Develop the Decision Table, watching for completeness don't care entries redundant and inconsistent rules 3. Each rule defines a test case.
323
324
108
22/08/2011
325
Exercises
Test cases for NextDate function Test cases for Commission problem
326
Test documentation
109
22/08/2011
Contents
Test Plan
The need for test plans The structure of test plans A Test Plan Template A Test Plan example Testing on a large project
Test Cases
Test Case Design Test Case Examples
328
Test plan
329
110
22/08/2011
331
332
111
22/08/2011
335
336
112
22/08/2011
338
339
113
22/08/2011
340
Test case
342
114
22/08/2011
Terminology
Test Case
Documentation specifying inputs, predicted results, and a set of execution conditions for a test item
Test Suite
a collection of test cases that are intended to be used to test a software program
343
Non-redundant Efficient Medium complexity Repeatable Specific Always list expected results
344
345
115
22/08/2011
347
To read more
Cem Kaner, What Is a Good Test Case?
348
116
22/08/2011
349
Case-insensitive Passwords
Write the test cases to verify that Passwords are case insensitive when logging onto a secure system
350
An example
Test Case: Verify that passwords are case insensitive Test Procedure:
1. 2. 3. 4. 5. 6.
Create a User with Password ABCDE. Log off the system. Log on using Password ABCDE (should be successful) Log off the system. Log on using Password abcDe (should be successful). Repeat Steps 4 and 5 using abcde, ABCDe, etc.
351
117
22/08/2011
State Lookup
Input: 2-character state abbreviation The program looks up the state in a table and displays the full name Discuss all considerations for testing such a function
352
Simple program
The program accepts as input 2 integers and outputs their sum Assume arbitrary limits, say -100 to +100 Design the test cases
353
Levels of Testing
118
22/08/2011
Contents
Levels of Testing Additional System Test Categories
355
Levels of Testing
356
Levels of Testing
Waterfall model
Requirements Specification System Testing
Preliminary Design
Integration Testing
Detailed Design
Unit Testing
Coding
357
119
22/08/2011
Levels of Testing
Unit testing Integration Testing System Testing Acceptance Testing Regression Testing
358
Unit testing
Lowest Level of Testing Individual unit of the software is tested in isolation from other parts of a program What can be a unit?
Function / method / module / class / component Screen / Program Back-end related to a Screen Screen + back end
359
Unit testing
Uncover errors in design and implementation, including
data structure in a unit program logic and program structure in a unit unit interface functions and operations of a unit
Unit testers
developers of the units
360
120
22/08/2011
Integration Testing
Intermediate level of testing Group of dependent components are tested together Test that evaluates the interaction and consistency of interacting components Uncover errors in:
Design and construction of software architecture Integrated functions or operations at sub-system level Interfaces and interactions between them Resource integration and/or environment integration
Integration testers
either developers and/or test engineers
361
System Testing
Test the whole system Test end to end functionality Testing against complete requirement Requirement focus
Test cases derived from specification
System testers
test engineers
362
Acceptance Testing
User (or customer) involved Environment as close to field use as possible Focus on:
Building confidence Compliance with defined acceptance criteria in the contract
363
121
22/08/2011
Regression Testing
Testing activities occur after software changes Regression testing usually refers to testing activities during software maintenance phase Retest changed components (or parts) Check the affected parts (or components) Who perform regression testing
Developers - regression testing at the unit level or integration Test engineers - regression testing at the function level QA and test engineers - regression testing at the system level
364
Stress Testing
Also called Load Testing or Volume Testing Test the extremes of real-world workloads Large data volumes Repetitive operations Operation for extended periods: Endurance Testing
366
122
22/08/2011
Destructive Testing
This is what we have called Error Testing The product should
Detect, diagnose and perhaps inhibit unexpected conditions Correct the conditions where possible Report on the unexpected conditions Recover gracefully in any case
367
Thinking Destructively
The most disastrous failure for most software is the loss or corruption of data Think like a hacker, especially when it comes to security issues Destructive Testing is usually unstructured, but document what you do Be creative! Think about the consequences if you succeed
368
Configuration Testing
Software components Hardware components Software with hardware
369
123
22/08/2011
Security Testing
Password usage Access rights Protection Encryption
370
Performance Testing
Usually pertains to hardware Software can be the bottleneck Generally, how fast a task can be done Can also be measured in volume
371
Compatibility Testing
Shared data Shared memory Compatibility with previous versions
operating system, utilities, setups, etc.
372
124
22/08/2011
Usability Testing
Human factors Accessibility Ease of use (product) Availability of documentation Can a non-familiar user perform a task?
373
Reliability Testing
Low if a bug is likely to be found High if bugs are unlikely Failures and Time
Time when the failure occurs Time interval between failures Cumulative failures up to a given time Number of failures in a time interval
374
375
125
22/08/2011
Installability
Installing a product and its options De-installing (or Uninstalling) a product or its options Re-installing a product or its options Doing upgrade installs vs doing clean installs
376
Documentation
Reviews Inspections Walkthroughs
377
Documentation
Keep a copy of your comments This is a possible place for new testers to start Manuals can be task-oriented or featureoriented Tutorials are very helpful, so test them out, too
378
126
22/08/2011
Documentation
Installation instructions If task oriented, do the tasks! Other documentation (README, Utilities, etc.) Ease of use of the documentation Missing features Feature compatibility
379
Documentation
On-line Help
Availability Relevance Accuracy Completeness Links Controls
380
Test Reports
127
22/08/2011
Contents
Handling Defects Bug Tracking System Test Reports Examples
382
Handling Defects
383
Handling a defect
Analyze the defect Report the defect Track the defect Retest the defect Close the defect
384
128
22/08/2011
Analyzing a defect
Is it the test, the tester, or the product? Reproducible vs Repeatable Can it be isolated? Find related problems Look for alternate paths to the problem Is it worth reporting?
385
Handling a defect
Analyze the defect Report the defect Track the defect Retest the defect Close the defect
386
387
129
22/08/2011
388
389
390
130
22/08/2011
Description
391
Keep it to 3 or 4 sentences if you can Avoid vague or confusing terms (frequently, sometimes) Avoid uncommon abbreviations Use any standard terminology Pay attention to spelling and grammar
392
393
131
22/08/2011
Open Closed
394
None In Process Fixed Ready for Test Retest Not repeatable Not a problem Do Not Fix Duplicate Multiple Deferred
396
132
22/08/2011
397
398
133
22/08/2011
400
Handling a defect
Analyze the defect Report the defect Track the defect Retest the defect Close the defect
401
Tracking a Defect
Must have a process in place Generally done by some sort of Review Board The lead tester should be on that board The purpose is to make sure the defect progresses from being submitted to getting closed
402
134
22/08/2011
Retesting a Defect
Retest can have 3 outcomes
The problem has indeed been fixed The problem remains A different problem shows up
403
Closing a Defect
Add Tester Notes or Verification Notes Make sure that anyone else with an interest in the problems resolution has a chance to test it too Close it, or recommend closure
404
135
22/08/2011
406
407
408
136
22/08/2011
Test Reports
409
Test Reports
Your chance to evaluate how testing went List what was tested List what was not tested, and why List still-open defects (some ask for all defects) Show the actual schedule (Test Plan) Lets management know the status of that product, from a testing standpoint, as it went out the door
410
411
137
22/08/2011
Examples
412
Examples
Test Report template Test Report example
413
138
22/08/2011
Contents
Test Automation Testing Tools
415
Test Automation
416
assists software testers and software testing managers with different aspects of a testing project
417
139
22/08/2011
418
Level 2: Repeatable
A software test process at this level not only provides engineers with tools to manage diverse software testing information, but also provides systematic solutions to execute software tests in a systematic manner. These solutions allow engineers to use a systematic approach to run tests and validate test results However, no systematic solutions and tools are available to assist test engineers in test design, test generation, and test coverage 420 measurement
140
22/08/2011
Level 4: Optimal
At this level, systematic solutions are available to manage test information, execute tests, and generate tests, and measure test coverage The primary benefit of achieving this level is to help engineers understand the current coverage of a test process, and identify the test coverage issues
421
Types of Automation
Automated test case generation Automated test data generation Automated test execution Applications
Client-server architecture Networks GUI Regression Testing
423
141
22/08/2011
425
Benefits of Automation
Reduce manual software testing operations and eliminate redundant testing efforts Produce more systematic repeatable software tests, and generate more consistent testing results Execute much more software tests and achieve a better testing coverage in a very limited schedule.
426
142
22/08/2011
428
Decision to automate testing Test tool acquisition Automated testing introduction process Test planning, design and development Execution and management of tests Test program review and assessment
429
143
22/08/2011
Testing Tools
430
Types of tools
Requirements Management
Generate (or capture) requirements quickly and efficiently, and manage them Basic notification maybe even determine which test procedures are affected when a requirement changes Examples
TBIs Caliber-RM, QSSs DOORS, Rationals RequisitePro, Integrated Chipwares RTM Workshop
432
144
22/08/2011
Types of tools
Configuration Management
Controls software code, documentation, hardware, firmware, and system environment configuration Examples
CVS, Subversion, Visual SourceSafe http://www.daveeaton.com/scm/CMTools.html
433
Types of tools
Test Planning and Test Case Management
Create and manage your test projects Import test cases from other file formats Tracks history and status of test cases Examples
TestLog, Salome-TMF, IBM Rational Quality Manager http://www.opensourcetesting.org/testmgt.php
434
Types of tools
Test Data Generators
Generate test data from specifications / design / code Examples DataGen, Tnsgen, forSQL Data Generator
GUI testing
Record and Playback a test Rerun repetitive test cases Regression testing Examples
Segue SilkTest, Compuware QA Run, QuickTestPro
435
145
22/08/2011
Types of tools
Load/Performance/Stress Testing Tools
Simulate thousands of users
Specially client-server systems
Examples
Empirix Eload, XML Load Testing, Segue SilkPerformers, IBM Rational Suite
436
Types of tools
Code Coverage
Determining a quantitative measure of code coverage
Statement, Decision, Condition, Path
Types of tools
Rule-Based Analyzers
Compare the code written with coding standards or languages-specific rules Support Review / Inspection Examples
Intelli J, FlexeLint for C++, SSW Code Auditor
438
146
22/08/2011
Types of tools
Defect Tracking
Communicate and mange defect-related issues Examples
BugTracker, TrackGear, Bugtrack http://www.testingfaqs.org/t-track.html
439
Types of tools
Debuggers
Allow inspection of program state Pause execution at selected points (breakpoints) when certain conditions occur (watchpoints) after a fixed number of execution steps Provide display and control at the level of program source code
Examples
DDD, Debuggy, Valgrind
440
147