Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this


  1. 1. Software Testing Basics Elaine Weyuker AT&T Labs – Research Florham Park, NJ November 11, 2002
  2. 2. What is Software Testing? <ul><li>Executing software in a simulated or real environment, using inputs selected somehow . </li></ul>
  3. 3. Goals of Testing <ul><li>Detect faults </li></ul><ul><li>Establish confidence in software </li></ul><ul><li>Evaluate properties of software </li></ul><ul><ul><li>Reliability </li></ul></ul><ul><ul><li>Performance </li></ul></ul><ul><ul><li>Memory Usage </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Usability </li></ul></ul>
  4. 4. Software Testing Difficulties <ul><li>Most of the software testing literature equates test </li></ul><ul><li>case selection to software testing but that is just one </li></ul><ul><li>difficult part. Other difficult issues include: </li></ul><ul><li>Determining whether or not outputs are correct. </li></ul><ul><li>Comparing resulting internal states to expected states. </li></ul><ul><li>Determining whether adequate testing has been done. </li></ul><ul><li>Determining what you can say about the software when testing is completed. </li></ul><ul><li>Measuring performance characteristics. </li></ul><ul><li>Comparing testing strategies. </li></ul>
  5. 5. Determining the Correctness of Outputs <ul><li>We frequently accept outputs because they are plausible </li></ul><ul><li>rather than correct. </li></ul><ul><li>It is difficult to determine whether outputs are correct because: </li></ul><ul><li>We wrote the software to compute the answer. </li></ul><ul><li>There is so much output that it is impossible to validate it all. </li></ul><ul><li>There is no (visible) output. </li></ul>
  6. 6. Dimensions of Test Case Selection <ul><li>Stages of Development </li></ul><ul><li>Source of Information for Test Case Selection </li></ul>
  7. 7. Stages of Testing <ul><li>Testing in the Small </li></ul><ul><li>Unit Testing </li></ul><ul><li>Feature Testing </li></ul><ul><li>Integration Testing </li></ul>
  8. 8. Unit Testing <ul><li>Tests the smallest individually executable code units. </li></ul><ul><li>Usually done by programmers. Test cases might be </li></ul><ul><li>selected based on code, specification, intuition, etc. </li></ul><ul><li>Tools: </li></ul><ul><li>Test driver/harness </li></ul><ul><li>Code coverage analyzer </li></ul><ul><li>Automatic test case generator </li></ul>
  9. 9. Integration Testing <ul><li>Tests interactions between two or more units or </li></ul><ul><li>components. Usually done by programmers. </li></ul><ul><li>Emphasizes interfaces. </li></ul><ul><li>Issues: </li></ul><ul><li>In what order are units combined? </li></ul><ul><li>How do you assure the compatibility and correctness of externally-supplied components? </li></ul>
  10. 10. Integration Testing <ul><li>How are units integrated? What are the implications of this order? </li></ul><ul><li>Top-down => need stubs; top-level tested repeatedly. </li></ul><ul><li>Bottom-up => need drivers; bottom-levels tested repeatedly. </li></ul><ul><li>Critical units first => stubs & drivers needed; critical units tested repeatedly. </li></ul>
  11. 11. Integration Testing <ul><li>Potential Problems: </li></ul><ul><li>Inadequate unit testing. </li></ul><ul><li>Inadequate planning & organization for integration testing. </li></ul><ul><li>Inadequate documentation and testing of externally-supplied components. </li></ul>
  12. 12. Stages of Testing <ul><li>Testing in the Large </li></ul><ul><li>System Testing </li></ul><ul><li>End-to-End Testing </li></ul><ul><li>Operations Readiness Testing </li></ul><ul><li>Beta Testing </li></ul><ul><li>Load Testing </li></ul><ul><li>Stress Testing </li></ul><ul><li>Performance Testing </li></ul><ul><li>Reliability Testing </li></ul><ul><li>Regression Testing </li></ul>
  13. 13. System Testing <ul><li>Test the functionality of the entire system. </li></ul><ul><li>Usually done by professional testers. </li></ul>
  14. 14. Realities of System Testing <ul><li>Not all problems will be found no matter how thorough or systematic the testing. </li></ul><ul><li>Testing resources (staff, time, tools, labs) are limited. </li></ul><ul><li>Specifications are frequently unclear/ambiguous and changing (and not necessarily complete and up-to-date). </li></ul><ul><li>Systems are almost always too large to permit test cases to be selected based on code characteristics. </li></ul>
  15. 15. More Realities of Software Testing <ul><li>Exhaustive testing is not possible. </li></ul><ul><li>Testing is creative and difficult. </li></ul><ul><li>A major objective of testing is failure prevention. </li></ul><ul><li>Testing must be planned. </li></ul><ul><li>Testing should be done by people who are independent of the developers. </li></ul>
  16. 16. Test Selection Strategies Every systematic test selection strategy can be viewed as a way of dividing the input domain into subdomains , and selecting one or more test case from each. The division can be based on such things as code characteristics (white box), specification details (black box), domain structure, risk analysis, etc. Subdomains are not necessarily disjoint, even though the testing literature frequently refers to them as partitions.
  17. 17. The Down Side of Code-Based Techniques <ul><li>Can only be used at the unit testing level, and even then it can be prohibitively expensive. </li></ul><ul><li>Don’t know the relationship between a “thoroughly” tested component and faults. Can generally argue that they are necessary conditions but not sufficient ones. </li></ul>
  18. 18. The Down Side of Specification-Based Techniques <ul><li>Unless there is a formal specification, (which there rarely/never is) it is very difficult to assure that all parts of the specification have been used to select test cases. </li></ul><ul><li>Specifications are rarely kept up-to-date as the system is modified. </li></ul><ul><li>Even if every functionality unit of a specification has been tested, that doesn’t assure that there aren’t faults. </li></ul>
  19. 19. Operational Distributions <ul><li>An operational distribution is a probability distribution </li></ul><ul><li>that describes how the system is used in the field. </li></ul>
  20. 20. How Usage Data Can Be Collected For New Systems <ul><li>The input stream for this system is also the input stream for a different already-operational system. </li></ul><ul><li>The input stream for this system is the output stream for a different already-operational system. </li></ul><ul><li>Although this system is new, it is replacing an existing system which ran on a different platform. </li></ul><ul><li>Although this system is new, it is replacing an existing system which used a different design paradigm or different programming language. </li></ul><ul><li>There has never been a software system to do this task, but there has been a manual process in place. </li></ul>
  21. 21. Operational Distribution-Based Test Case Selection <ul><li>A form of domain-based test case selection. </li></ul><ul><li>Uses historical usage data to select test cases. </li></ul><ul><li>Assures that the testing reflects how it will be used in the field and therefore uncovers the faults that users are likely to see. </li></ul>
  22. 22. The Down Side of Operational Distribution-Based Techniques <ul><li>Can be difficult and expensive to collect necessary data. </li></ul><ul><li>Not suitable if the usage distribution is uniform (which it never is). </li></ul><ul><li>Does not take consequence of failure into consideration. </li></ul>
  23. 23. The Up Side of Operational Distribution-Based Techniques <ul><li>Really does provide a user-centric view of the system. </li></ul><ul><li>Allows you to say concretely what is known about the system’s behavior based on testing. </li></ul><ul><li>Have metric that is meaningfully related to the system’s dependability. </li></ul>
  24. 24. Domain-Based Test Case Selection <ul><li>Look at characteristics of the input domain or subdomains. </li></ul><ul><li>Consider typical, boundary, & near-boundary cases (these can sometimes be automatically generated). </li></ul><ul><li>This sort of boundary analysis may be meaningless for non-numeric inputs. What are the boundaries of {Rome, Paris, London, … }? </li></ul><ul><li>Can also apply similar analysis to output values, producing output-based test cases. </li></ul>
  25. 25. Domain-Based Testing Example <ul><li>US Income Tax System; </li></ul><ul><li>If income is Tax is </li></ul><ul><li>$0 - 20K 15% of total income </li></ul><ul><li>$20 -50K $3K + 25% of amount over $20K </li></ul><ul><li>Above $50K $10.5K + 40% of amount over $50K </li></ul><ul><li>Boundary cases for inputs: $0, $20K, $50K </li></ul>
  26. 26. Random Testing <ul><li>Random testing involves selecting test cases based </li></ul><ul><li>on a probability distribution. It is NOT the same as </li></ul><ul><li>ad hoc testing. Typical distributions are: </li></ul><ul><ul><li>uniform : test cases are chosen with equal probability </li></ul></ul><ul><ul><li>from the entire input domain. </li></ul></ul><ul><ul><li>operational : test cases are drawn from a distribution </li></ul></ul><ul><ul><li>defined by carefully collected historical usage data. </li></ul></ul>
  27. 27. Benefits of Random Testing <ul><li>If the domain is well-structured, automatic generation can be used, allowing many more test cases to be run than if tests are manually generated. </li></ul><ul><li>If an operational distribution is used, then it should approximate user behavior. </li></ul>
  28. 28. The Down Side of Random Testing <ul><li>An oracle (a mechanism for determining whether the output is correct) is required to determine whether the output is correct. </li></ul><ul><li>Need a well-structured domain. </li></ul><ul><li>Even a uniform distribution may be difficult or impossible to produce for complex domains, or when there is a non-numeric domains. </li></ul><ul><li>If a uniform distribution is used, only a negligible fraction of the domain can be tested in most cases. </li></ul><ul><li>Without an operational distribution, random testing does not approximate user behavior, and therefore does not provide an accurate picture of the way the system will behave. </li></ul>
  29. 29. Risk-based Testing <ul><li>Risk is the expected loss attributable to the failures </li></ul><ul><li>caused by faults remaining in the software. </li></ul><ul><li>Risk is based on </li></ul><ul><li>Failure likelihood or likelihood of occurrence. </li></ul><ul><li>Failure consequence. </li></ul><ul><li>So risk-based testing involves selecting test cases </li></ul><ul><li>in order to minimize risk by making sure that the most </li></ul><ul><li>likely inputs and highest consequence ones are selected. </li></ul>
  30. 30. Risk-based Testing <ul><li>Example: ATM Machine </li></ul><ul><li>Functions: Withdraw cash, transfer money, read balance, make payment, buy train ticket. </li></ul><ul><li>Attributes: Security, ease of use, availability </li></ul>
  31. 31. Risk Priority Table 9 High = 3 High = 3 Withdraw cash 4 Medium = 2 Medium = 2 Transfer money 1 Low = 1 Low = 1 Read balance 3 High = 3 Low = 1 Make payment 3 Low = 1 High = 3 Buy train ticket 6 High = 3 Medium = 2 Security Priority (L x C) Failure Consequence Occurrence Likelihood Features & Attributes
  32. 32. Ordered Risk Priority Table 1 Low = 1 Low = 1 Read balance 6 High = 3 Medium = 2 Security 9 High = 3 High = 3 Withdraw cash 4 Medium = 2 Medium = 2 Transfer money 3 High = 3 Low = 1 Make payment 3 Low 1 High = 3 Buy train ticket Priority (L x C) Failure Consequence Occurrence Likelihood Features & Attributes
  33. 33. Acceptance Testing <ul><li>The end user runs the system in their environment to </li></ul><ul><li>evaluate whether the system meets their criteria. </li></ul><ul><li>The outcome determines whether the customer will </li></ul><ul><li>accept system. This is often part of a contractual </li></ul><ul><li>agreement. </li></ul>
  34. 34. Regression Testing <ul><li>Test modified versions of a previously validated </li></ul><ul><li>system. Usually done by testers. The goal is to </li></ul><ul><li>assure that changes to the system have not </li></ul><ul><li>introduced errors (caused the system to regress). </li></ul><ul><li>The primary issue is how to choose an effective </li></ul><ul><li>regression test suite from existing, previously-run </li></ul><ul><li>test cases. </li></ul>
  35. 35. Prioritizing Test Cases <ul><li>Once a test suite has been selected, it is often </li></ul><ul><li>desirable to prioritize test cases based on some </li></ul><ul><li>criterion. That way, since the time available for </li></ul><ul><li>testing is limited and therefore all tests can’t be </li></ul><ul><li>run, at least the “most important” ones can be. </li></ul>
  36. 36. Bases for Test Prioritization <ul><li>Most frequently executed inputs. </li></ul><ul><li>Most critical functions. </li></ul><ul><li>Most critical individual inputs. </li></ul><ul><li>(Additional) statement or branch coverage. </li></ul><ul><li>(Additional) Function coverage. </li></ul><ul><li>Fault-exposing potential. </li></ul>
  37. 37. White-box Testing <ul><li>Methods based on the internal structure of code: </li></ul><ul><li>Statement coverage </li></ul><ul><li>Branch coverage </li></ul><ul><li>Path coverage </li></ul><ul><li>Data-flow coverage </li></ul>
  38. 38. White-box Testing <ul><li>White-box methods can be used for </li></ul><ul><li>Test case selection or generation. </li></ul><ul><li>Test case adequacy assessment. </li></ul><ul><li>In practice, the most common use of white-box </li></ul><ul><li>methods is as adequacy criteria after tests have been </li></ul><ul><li>generated by some other method. </li></ul>
  39. 39. Control Flow and Data Flow Criteria <ul><li>Statement, branch, and path coverage are examples of control flow criteria . They rely solely on syntactic characteristics of the program (ignoring the semantics of the program computation.) </li></ul><ul><li>The data flow criteria require the execution of path segments that connect parts of the code that are intimately connected by the flow of data. </li></ul>
  40. 40. Issues of White-box Testing <ul><li>Is code coverage an effective means of detecting faults? </li></ul><ul><li>How much coverage is enough? </li></ul><ul><li>Is one coverage criterion better than another? </li></ul><ul><li>Does increasing coverage necessarily lead to higher fault detection? </li></ul><ul><li>Are coverage criteria more effective than random test case selection? </li></ul>
  41. 41. Test Automation <ul><li>Test execution: Run large numbers of test cases/suites without human intervention. </li></ul><ul><li>Test generation: Produce test cases by processing the specification, code, or model. </li></ul><ul><li>Test management: Log test cases & results; map tests to requirements & functionality; track test progress & completeness </li></ul>
  42. 42. Why should tests be automated? <ul><li>More testing can be accomplished in less time. </li></ul><ul><li>Testing is repetitive, tedious, and error-prone. </li></ul><ul><li>Test cases are valuable - once they are created, they can and should be used again, particularly during regression testing. </li></ul>
  43. 43. Test Automation Issues <ul><li>Does the payoff from test automation justify the expense and effort of automation? </li></ul><ul><li>Learning to use an automation tool can be difficult. </li></ul><ul><li>Tests, have a finite lifetime. </li></ul><ul><li>Completely automated execution implies putting the system into the proper state, supplying the inputs, running the test case, collecting the results, and verifying the results. </li></ul>
  44. 44. Observations on Automated Tests <ul><li>Automated tests are more expensive to create and maintain (estimates of 3-30 times). </li></ul><ul><li>Automated tests can lose relevancy, particularly when the system under test changes. </li></ul><ul><li>Use of tools require that testers learn how to use them, cope with their problems, and understand what they can and can’t do. </li></ul>
  45. 45. Uses of Automated Testing <ul><li>Load/stress tests -Very difficult to have very large numbers of human testers simultaneously accessing a system. </li></ul><ul><li>Regression test suites -Tests maintained from previous releases; run to check that changes haven’t caused faults. </li></ul><ul><li>Sanity tests - Run after every new system build to check for obvious problems. </li></ul><ul><li>Stability tests - Run the system for 24 hours to see that it can stay up. </li></ul>
  46. 46. Financial Implications of Improved Testing <ul><li>NIST estimates that billions of dollars could be saved each year if improvements were made to the testing process. </li></ul><ul><li>*NIST Report: The Economic Impact of Inadequate Infrastructure for Software Testing, 2002. </li></ul>
  47. 47. Estimated Cost of Inadequate Testing *NIST Report: The Economic Impact of Inadequate Infrastructure for Software Testing, 2002. $22 billion $59 billion Total U.S. Economy $1,510,000,000 $3,340,000,000 Financial Services $589,000,000 $1,800,000,000 Transportation Manufacture Potential Cost Reduction from Feasible Improvements Cost of Inadequate Software Testing