Fundamentals of Software Testing

Objectives of Testing
Finding of Errors - Primary Goal Trying to prove that software does not work. Thus, indirectly verifying that software meets requirements Software Testing Software testing is the process of testing the functionality and correctness of software by running it. Software testing is usually performed for one of two reasons: (1) defect detection (2) reliability or Process of executing a computer program and comparing the actual behavior with the expected behavior What is the goal of Software Testing? * Demonstrate That Faults Are Not Present * Find Errors * Ensure That All The Functionality Is Implemented * Ensure The Customer Will Be Able To Get His Work Done Modes of Testing * Static Static Analysis doesn¡¦t involve actual program execution. The code is examined, it is tested without being executed Ex: - Reviews * Dynamic In Dynamic, The code is executed. Ex:- Unit testing Testing methods * White box testing Use the control structure of the procedural design to derive test cases. * Black box testing Derive sets of input conditions that will fully exercise the functional requirements for a program. * Integration Assembling parts of a system Verification and Validation

* Verification: Are we doing the job right? The set of activities that ensure that software correctly implements a specific function. (i.e. The process of determining whether or not products of a given phase of the software development cycle fulfill the requirements established during previous phase). Ex: - Technical reviews, quality & configuration audits, performance monitoring, simulation, feasibility study, documentation review, database review, algorithm analysis etc * Validation: Are we doing the right job? The set of activities that ensure that the software that has been built is traceable to customer requirements.(An attempt to find errors by executing the program in a real environment ). Ex: - Unit testing, system testing and installation testing etc What's a 'test case'? A test case is a document that describes an input, action, or event and an expected response, to determine if a feature of an application is working correctly. A test case should contain particulars such as test case identifier, test case name, objective, test conditions/setup, input data requirements, steps, and expected results What is a software error ? A mismatch between the program and its specification is an error in the program if and only if the specifications exists and is correct. Risk Driven Testing What if there isn't enough time for thorough testing? Use risk analysis to determine where testing should be focused. Since it's rarely possible to test every possible aspect of an application, every possible combination of events, every dependency, or everything that could go wrong, risk analysis is appropriate to most software development projects. This requires judgement skills, common sense, and experience. Considerations can include: - Which functionality is most important to the project's intended purpose?

- Which functionality is most visible to the user? - Which aspects of the application are most important to the customer? - Which parts of the code are most complex, and thus most subject to errors? - What do the developers think are the highest-risk aspects of the application? - What kinds of tests could easily cover multiple functionality? Whenever there's too much to do and not enough time to do it, we have to prioritize so that at least the most important things get done. So prioritization has received a lot of attention. The approach is called Risk Driven Testing. Here's how you do it: Take the pieces of your system, whatever you use - modules, functions, section of the requirements - and rate each piece on two variables, Impact and Likelihood.

Risk has two components: Impact and Likelihood Impact is what would happen if this piece somehow malfunctioned. Would it destroy the customer database? Or would it just mean that the column headings in a report didn't quite line up? Likelihood is an estimate of how probable it is that this piece would fail. Together, Impact and Likelihood determine Risk for the piece.

Test Planning What is a test plan? A software project test plan is a document that describes the objectives, scope, approach, and focus of a software testing effort. The process of preparing a test plan is a useful way to think through the efforts needed to validate the acceptability of a software product.

Elements of test planning * Establish objectives for each test phase * Establish schedules for each test activity * Determine the availability of tools, resources * Establish the standards and procedures to be used for planning and conducting the tests and reporting test results * Set the criteria for test completion as well as for the success of each test The Structured Approach to Testing Test Planning * Define what to test * Identify Functions to be tested * Test conditions * Manual or Automated * Prioritize to identify Most Important Tests * Record Document References Test Design * Define how to test * Identify Test Specifications * Build detailed test scripts * Quick Script generation * Documents Test Execution * Define when to test * Build test execution schedule * Record test results

Bug Overview

What is a software error? A mismatch between the program and its specification is an error in the Program if and only if the specification exists and is correct. Example: * The date on the report title is wrong * The system hangs if more than 20 users try to commit at the same time * The user interface is not standard across programs Categories of Software errors * User Interface errors * Functionality errors * Performance errors * Output errors * documentation errors What Do You Do When You Find a Bug? IF A BUG IS FOUND, * alert the developers that a bug exists * show them how to reproduce the bug * ensure that if the developer fixes the bug it is fixed correctly and the fix * didn't break anything else * keep management apprised of the outstanding bugs and correction trends Bug Writing Tips Ideally you should be able to write bug report clearly enough for a developer to reproduce and fix the problem, and another QA engineer to verify the fix without them having to go back to you, the author, for more information. To write a fully effective report you must :* Explain how to reproduce the problem * Analyze the error so you can describe it in a minimum number of steps * Write a report that is complete and easy to understand

Product Test Phase - Product Testing Cycle Pre-Alpha Pre-Alpha is the test period during which QA, Information Development and other internal users make the product available for internal testing. Alpha Alpha is the test period during which the product is complete and usable in a test environment but not necessarily bug-free. It is the final chance to get verification from customers that the tradeoffs made in the final development stage are coherent. Entry to Alpha * All features complete/testable (no urgent bugs or QA blockers) * High bugs on primary platforms fixed/verified * 50% of medium bugs on primary platforms fixed/verified * All features tested on primary platforms * Alpha sites ready for install * Final product feature set Determined Beta Beta is the test period during which the product should be of "FCS quality" (it is complete and usable in a production environment). The purpose of the Beta ship and test period is to test the company's ability to deliver and support the product (and not to test the product itself). Beta also serves as a chance to get a final "vote of confidence" from a few customers to help validate our own belief that the product is now ready for volume shipment to all customers. Entry to Beta * At least 50% positive response from Alpha sites * All customer bugs addressed via patches/drops in Alpha * All bugs fixed/verified * Bug fixes regression tested

* Bug fix rate exceeds find rate consistently for two weeks * Beta sites ready for install GM (Golden Master) GM is the test period during which the product should require minimal work, since everything was done prior to Beta. The only planned work should be to revise part numbers and version numbers, prepare documentation for final printing, and sanity testing of the final bits. Entry to Golden Master * Beta sites declare the product is ready to ship * All customer bugs addressed via patches/drops in Beta * All negative responses from sites tracked and evaluated * Support declares the product is supportable/ready to ship * Bug find rate is lower than fix rate and steadily decreasing FCS (First Customer Ship) FCS is the period which signifies entry into the final phase of a project. At this point, the product is considered wholly complete and ready for purchase and usage by the customers. Entry to FCS * Product tested for two weeks with no new urgent bugs * Product team declares the product is ready to ship ================================

edit] Introduction
[edit] How Software Defects arise
The International Software Testing Qualifications Board says that software faults occur through the following process: A human being can make an error (mistake), which produces a defect (fault, bug) in the code, in software or a system, or in a document. If a defect in code is executed, the system will fail to do what it should do (or do something it shouldn’t), causing a failure. Defects in software, systems or documents may result in failures, but not all defects do so.[1] A fault can also turn into a failure when the environment is changed. Examples of these changes in environment include the software being run on a new hardware platform, alterations in source data or interacting with different software.[2]

[edit] Inability to find all faults
A problem with software testing is that testing all combinations of inputs and preconditions is not feasible when testing anything other than a simple product.[3] This means that the number of defects in a software product can be very large and defects that occur infrequently are difficult to find in testing.

[edit] When Testing is Carried Out
A common practice of software testing is that it is performed by an independent group of testers after the functionality is developed but before it is shipped to the customer.[4] This practice often results in the testing phase being used as project buffer to compensate for project delays, thereby compromising the time devoted to testing.[5] Another practice is to start software testing at the same moment the project starts and it is a continuous process until the project finishes.[6] Another common practice is for test suites to be developed during technical support escalation procedures.[citation needed] Such tests are then maintained in regression testing suites to ensure that future updates to the software don't repeat any of the known mistakes.

[edit] Finding Faults Early in the Process

It is commonly believed that the earlier a defect is found the cheaper it is to fix it.[7] This is reasonable based on the risk of any given defect contributing to or being confused with further defects later in the system or process. In particular, if a defect erroneously changes the state of the data on which the software is operating, that data is no longer reliable and therefore any testing after that point cannot be relied on even if there are no further actual software defects. Time Detected [8] Time Introduced Requirements Architecture Construction System Test Post-Release Requirements 1 3 5-10 10 10-100 Architecture 1 10 15 25-100 Construction 1 10 10-25 In counterpoint, some emerging software disciplines such as extreme programming and the agile software development movement, adhere to a "test-driven software development" model. In this process unit tests are written first, by the software engineers (often with pair programming in the extreme programming methodology). Of course these tests fail initially; as they are expected to. Then as code is written it passes incrementally larger portions of the test suites. The test suites are continuously updated as new failure conditions and corner cases are discovered, and they are integrated with any regression tests that are developed. Unit tests are maintained along with the rest of the software source code and generally integrated into the build process (with inherently interactive tests being relegated to a partially manual build acceptance process). The software, tools, samples of data input and output, and configurations are all referred to collectively as a test harness.

[edit] Measuring Software Testing
Usually, quality is constrained to such topics as correctness, completeness, security,[citation needed] but can also include more technical requirements as described under the ISO standard ISO 9126, such as capability, reliability, efficiency, portability, maintainability, compatibility, and usability.[citation needed] Testing is a process of technical investigation, performed on behalf of stakeholders, that is intended to reveal quality-related information about the product with respect to the context in which it is intended to operate.[citation needed] This includes, but is not limited to, the process of executing a program or application with the intent of finding errors. Quality is not an absolute; it is value to some person. With that in mind, testing can never completely establish the correctness of arbitrary computer software; testing furnishes a criticism or comparison that compares the state and behaviour of the product against a specification. An important point is that software testing should be distinguished from the

separate discipline of Software Quality Assurance (SQA), which encompasses all business process areas, not just testing.[citation needed] Today, software has grown in complexity and size. The software product developed by a developer is according to the System Requirement Specification.[citation needed] Every software product has a target audience. For example, a video game software has its audience completely different from banking software. Therefore, when an organization invests large sums in making a software product, it must ensure that the software product must be acceptable to the end users or its target audience. This is where Software Testing comes into play. Software testing is not merely finding defects or bugs in the software, it is the completely dedicated discipline of evaluating the quality of the software.[citation needed]

[edit] Static and Dynamic Testing
There are many approaches to software testing, but effective testing of complex products is essentially a to connote the dynamic analysis of the product—putting the product through its paces.[citation needed] Sometimes one therefore refers to reviews, walkthroughs or inspections as static testing, whereas actually running the program with a given set of test cases in a given development stage is often referred to as dynamic testing, to emphasize the fact that formal review processes form part of the overall testing scope.[citation needed]

[edit] Code coverage
Main article: Code coverage Code coverage measures aim to show the degree to which the source code of a program has been tested.[9] It is inherently a white box testing activity because it looks at the code directly. This allows the software team to examine parts of a system that are rarely tested and ensures that the most important function points have been tested.[10] Two common forms of code coverage are statement coverage, which reports on the number of lines executed, and path coverage, which reports on the branches executed to complete the test. They both return a coverage metric, measured as a percentage.

[edit] Software Testing Measurements
There are a number of common software measures, often called "metrics", which are used to measure the state of the software or the adequacy of the testing:
• • • • • •

Bugs found per Tester per unit time (Day/Week/Month)[citation needed] Total bugs found in a release[citation needed] Total bugs found in a module / feature[citation needed] Bugs found / fixed per build[citation needed] Number of customer reported Bug - As a measure of testing effectiveness[citation

Bug trend over the period in a release (Bugs should converge towards zero as the project gets closer to release) (It is possible that there are more cosmetic bugs

• • •

found closer to release - in which case the number of critical bugs found is used instead of total number of bugs found)[citation needed] Number of test cases executed per person per unit time[citation needed] % of test cases executed so far, total Pass, total fail[citation needed] Test Coverage[citation needed]

[edit] History
The separation of debugging from testing was initially introduced by Glenford J. Myers in 1979.[11] Although his attention was on breakage testing ,it illustrated the desire of the software engineering community to separate fundamental development activities, such as debugging, from that of verification. Dr. Dave Gelperin and Dr. William C. Hetzel classified in 1988 the phases and goals in software testing in the following stages:[12] 1. 2. 3. 4. 5. 6. Until 1956 - Debugging oriented[13] 1957-1978 - Demonstration oriented[14] 1983-1987 - Destruction oriented[15] 1983-1987 - Evaluation oriented[16] 1988-2000 - Prevention oriented[17] 2000 - onwards - Early Customer intervention (Beta testing)[citation needed]

[edit] White box, black box, and grey box testing
White box and black box testing are terms used to describe the point of view that a test engineer takes when designing test cases. Black box testing treats the software as a black-box without any understanding as to how the internals behave. It aims to test the functionality according to the requirements.[18]Thus, the tester inputs data and only sees the output from the test object. This level of testing usually requires thorough test cases to be provided to the tester who then can simply verify that for a given input, the output value (or behaviour), is the same as the expected value specified in the test case. White box testing, however, is when the tester has access to the internal data structures, code, and algorithms. For this reason, unit testing and debugging can be classified as white-box testing and it usually requires writing code, or at a minimum, stepping through it, and thus requires more knowledge of the product than the black-box tester.[19] If the software in test is an interface or API of any sort, white-box testing is almost always required.[citation needed] In recent years the term grey box testing has come into common usage. This involves having access to internal data structures and algorithms for purposes of designing the test cases, but testing at the user, or black-box level. Manipulating input data and formatting output do not qualify as grey-box because the input and output are clearly outside of the black-box we are calling the software under test. This is particularly important when

conducting integration testing between two modules of code written by two different developers, where only the interfaces are exposed for test. Grey box testing could be used in the context of testing a client-server environment when the tester has control over the input, inspects the value in a SQL database, and the output value, and then compares all three (the input, sql value, and output), to determine if the data got corrupt on the database insertion or retrieval.

[edit] Verification and validation
Main article: Verification and Validation (software) Software testing is used in association with verification and validation (V&V):

Verification: Have we built the software right (i.e., does it match the specification)? Software testing is just one kind of verification, which also uses techniques such as reviews, inspections, and walkthroughs.[20] Validation: Have we built the right software (i.e., is this what the customer wants)?[21]

[edit] Stages of testing
[edit] Pre Release

• • •

Unit testing tests the minimal software component, or module. Each unit (basic component) of the software is tested to verify that the detailed design for the unit has been correctly implemented. In an Object-oriented environment, this is usually at the class level, and the minimal unit tests include the constructors and destructors.[22] Integration testing exposes defects in the interfaces and interaction between integrated components (modules). Progressively larger groups of tested software components corresponding to elements of the architectural design are integrated and tested until the software works as a system.[citation needed] Functional testing tests at any level (class, module, interface, or system) for proper functionality as defined in the specification. The use of a traceability matrix often helps with functional testing.[citation needed] System testing tests a completely integrated system to verify that it meets its requirements.[23] System integration testing verifies that a system is integrated to any external or third party systems defined in the system requirements.[citation needed] Performance Testing validates whether the quality of service (sometimes called Non-functional requirements) parameters defined at the requirements stage is met by the final product.[citation needed] Acceptance testing can be conducted by the end-user, customer, or client to validate whether or not to accept the product. Acceptance testing may be

performed as part of the hand-off process between any two phases of development.[citation needed] See also software release life cycle

[edit] Post Release
This section needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (January 2008) •

Alpha testing is simulated or actual operational testing by potential users/customers or an independent test team at the developers' site. Alpha testing is often employed for off-the-shelf software as a form of internal acceptance testing, before the software goes to beta testing. Beta testing comes after alpha testing. Versions of the software, known as beta versions, are released to a limited audience outside of the company. The software is released to groups of people so that further testing can ensure the product has few faults or bugs. Sometimes, beta versions are made available to the open public to increase the feedback field to a maximal number of future users.

It should be noted that although both Alpha and Beta are referred to as testing it is in fact use immersion. The rigors that are applied are often unsystematic and many of the basic tenets of testing process are not used. The Alpha and Beta period provides insight into environmental and utilization conditions that can impact the software.

[edit] Regression Testing
Main article: Regression testing This section needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (January 2008)

After modifying software, either for a change in functionality or to fix defects, a regression test re-runs previously passing tests on the modified software to ensure that the modifications haven't unintentionally caused a regression of previous functionality. Regression testing can be performed at any or all of the above test levels. These regression tests are often automated. More specific forms of regression testing are known as Sanity testing, when quickly checking for bizarre behaviour, and Smoke testing when testing for basic functionality.

[edit] Test cases, suites, scripts, and scenarios
This section needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (January 2008)

A test case is a software testing document, which consists of event, action, input, output, expected result, and actual result. Clinically defined a test case is an input and an expected result.[24] This can be as pragmatic as 'for condition x your derived result is y', whereas other test cases described in more detail the input scenario and what results might be expected. It can occasionally be a series of steps (but often steps are contained in a separate test procedure that can be exercised against multiple test cases, as a matter of economy) but with one expected result or expected outcome. The optional fields are a test case ID, test step or order of execution number, related requirement(s), depth, test category, author, and check boxes for whether the test is automatable and has been automated. Larger test cases may also contain prerequisite states or steps, and descriptions. A test case should also contain a place for the actual result. These steps can be stored in a word processor document, spreadsheet, database, or other common repository. In a database system, you may also be able to see past test results and who generated the results and the system configuration used to generate those results. These past results would usually be stored in a separate table. The term test script is the combination of a test case, test procedure, and test data. Initially the term was derived from the product of work created by automated regression test tools. Today, test scripts can be manual, automated, or a combination of both. The most common term for a collection of test cases is a test suite. The test suite often also contains more detailed instructions or goals for each collection of test cases. It definitely contains a section where the tester identifies the system configuration used during testing. A group of test cases may also contain prerequisite states or steps, and descriptions of the following tests. Collections of test cases are sometimes incorrectly termed a test plan. They might correctly be called a test specification. If sequence is specified, it can be called a test script, scenario, or procedure. The developers are well aware what test plans will be executed and this information is made available to the developers. This makes the developers more cautious when developing their code.This ensures that the developers code is not passed through any suprise test case or test plans.

[edit] A sample testing cycle
This section needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (January 2008)

Although testing varies between organizations, there is a cycle to testing: 1. Requirements Analysis: Testing should begin in the requirements phase of the software development life cycle.

During the design phase, testers work with developers in determining what aspects of a design are testable and with what parameters those tests work. 2. Test Planning: Test Strategy, Test Plan(s), Test Bed creation. A lot of activities will be carried out during testing, so that a plan is needed. 3. Test Development: Test Procedures, Test Scenarios, Test Cases, Test Scripts to use in testing software. 4. Test Execution: Testers execute the software based on the plans and tests and report any errors found to the development team. 5. Test Reporting: Once testing is completed, testers generate metrics and make final reports on their test effort and whether or not the software tested is ready for release. 6. Retesting the Defects Not all errors or defects reported must be fixed by a software development team. Some may be caused by errors in configuring the test software to match the development or production environment. Some defects can be handled by a workaround in the production environment. Others might be deferred to future releases of the software, or the deficiency might be accepted by the business user. There are yet other defects that may be rejected by the development team (of course, with due reason) if they deem it.

[edit] Controversy
Main article: Software testing controversies Some of the major controversies include:

What constitutes responsible software testing? - Members of the "contextdriven" school of testing[25] believe that there are no "best practices" of testing, but rather that testing is a set of skills that allow the tester to select or invent testing practices to suit each unique situation. Some contend that this belief directly contradicts standards such as the IEEE 829 test documentation standard, and organizations such as the Food and Drug Administration who promote them.[citation

Agile vs. traditional - Should testers learn to work under conditions of uncertainty and constant change or should they aim at process "maturity"? The agile testing movement has popularity mainly in commercial circles,[citation needed] whereas the CMM was embraced by government and military software providers.[citation needed]

Exploratory vs. scripted[citation needed] - Should tests be designed at the same time as they are executed or should they be designed beforehand? Manual vs. automated - Some writers believe that test automation is so expensive relative to its value that it should be used sparingly.[26] Others, such as advocates of agile development, recommend automating 100% of all tests. Software design vs. software implementation[citation needed] - Should testing be carried out only at the end or throughout the whole process? Who watches the watchmen? - The idea is that any form of observation is also an interaction, that the act of testing can also affect that which is being tested.[citation needed]

[edit] Certification
Several certification programs exist to support the professional aspirations of software testers and quality assurance specialists. No certification currently offered actually requires the applicant to demonstrate the ability to test software. No certification is based on a widely accepted body of knowledge. This has led some to declare that the testing field is not ready for certification.[27] Certification itself cannot measure an individual's productivity, their skill, or practical knowledge, and cannot guarantee their competence, or professionalism as a tester.[28] Certifications can be grouped into: exam-based and education-based. Exam-based certifications: For these there is the need to pass an exam, which can also be learned by self-study: e.g. for ISTQB or QAI. Education-based certifications are instructor-led sessions, where each course has to be passed, e.g. IIST (International Institute for Software Testing).

[edit] Testing certifications
• • • • • •

CSTE offered by the Quality Assurance Institute (QAI)[29] CSTP offered by the International Institute for Software Testing[30] CSTP (TM) (Australian Version) offered by the K. J. Ross & Associates[31] CATe offered by the International Institute for Software Testing[32] ISEB offered by the Information Systems Examinations Board ISTQB offered by the International Software Testing Qualification Board

[edit] Quality assurance certifications
• •

CSQE offered by the American Society for Quality (ASQ)[33] CSQA offered by the Quality Assurance Institute (QAI)[34]

[edit] Roles in software testing
Software testing can be done by software testers. Until the 1950s the term software tester was used generally, but later it was also seen as a separate profession. Regarding the periods and the different goals in software testing[35] there have been established different roles: test lead/manager, tester, test designer, test automater/automation developer, and test administrator.

[edit] Relationship with Software Quality Assurance
Software testing may be viewed as an important part of the Software Quality Assurance (SQA) process.[citation needed] In SQA, software process specialists and auditors take a broader view on software and its development. They examine and change the software engineering process itself to reduce the amount of faults that end up in defect rate. What constitutes an acceptable defect rate depends on the nature of the software. An arcade video game designed to simulate flying an airplane would presumably have a much higher tolerance for defects than software used to control an actual airliner. Although there are close links with SQA testing departments often exist independently, and there may be no SQA areas in some companies.