1. Introduction to Software Testing Chapter 1 Introduction Paul Ammann & Jeff Offutt http://www.cs.gmu.edu/~offutt/softwaretest/

2. Introduction to Software Testing (Ch 1) © Ammann & Offutt 2 A Talk in 3 Parts 1.Why do we test ? 2.What should we do during testing ? 3.How do we get to this future of testing ? We are in the middle of a revolution in how software is tested Research is finally meeting practice

3. History and Motivation Introduction to Software Testing (Ch 1) © Ammann & Offutt 3 A few spectacular software failures

4. The First Bugs Introduction to Software Testing (Ch 1) © Ammann & Offutt 4 “It has been just so in all of my inventions. The first step is an intuition, and comes with a burst, then difficulties arise—this thing gives out and [it is] then that 'Bugs'—as such little faults and difficulties are called—show themselves and months of intense watching, study and labor are requisite...” – Thomas Edison “an analyzing process must equally have been performed in order to furnish the Analytical Engine with the necessary operative data; and that herein may also lie a possible source of error. Granted that the actual mechanism is unerring in its processes, the cards may give it wrong orders. ” – Ada, Countess Lovelace (notes on Babbage’s Analytical Engine) Hopper’s “bug” (moth stuck in a relay on an early machine)

5. Failures in Production Software n NASA’s Mars lander, September 1999, crashed due to a units integration fault—over $50 million US ! n Huge losses due to web application failures –Financial services : $6.5 million per hour –Credit card sales applications : $2.4 million per hour n In Dec 2006, amazon.com’s BOGO (Buy One Game, Get One at 50% Off or free) offer turned into a double discount n 2007 : Symantec says that most security vulnerabilities are due to faulty software n Stronger testing could solve most of these problems Introduction to Software Testing (Ch 1) © Ammann & Offutt 5

6. Airbus 319 Safety Critical Software Control Introduction to Software Testing (Ch 1) © Ammann & Offutt 6 Loss of autopilot Loss of both the commander’s and the co ‑ pilot’s primary flight and navigation displays Loss of most flight deck lighting and intercom

7. Northeast Blackout of 2003 Introduction to Software Testing (Ch 1) © Ammann & Offutt 7 Affected 10 million people in Ontario, Canada Affected 40 million people in 8 US states Financial losses of $6 Billion USD 508 generating units and 256 power plants shut down The alarm system in the energy management system failed due to a software error and operators were not informed of the power overload in the system

8. Software is a Skin that Surrounds Our Civilization Introduction to Software Testing (Ch 1) © Ammann & Offutt 8

9. What Does This Mean? Introduction to Software Testing (Ch 1) © Ammann & Offutt 9 Software testing is getting more important

10. Testing in the 21st Century n We are going through a time of change n Software defines behavior –network routers, finance, switching networks, other infrastructure n Today’s software market : –is much bigger –is more competitive –has more users n Agile processes put increased pressure on testers n Embedded Control Applications –airplanes, air traffic control –spaceships –watches –ovens –remote controllers Introduction to Software Testing (Ch 1) © Ammann & Offutt 10 – PDAs – memory seats – DVD players – garage door openers – cell phones Industry is going through a revolution in what testing means to the success of software products

11. Testing in the 21st Century n More safety critical, real-time software n Enterprise applications means bigger programs, more users n Embedded software is ubiquitous … check your pockets n Paradoxically ( Surprisingly ) free software increases our expectations n Security is now all about software faults –Secure software is reliable software n The web offers a new deployment platform –Very competitive and very available to more users –Web apps are distributed –Web apps must be highly reliable Introduction to Software Testing (Ch 1) © Ammann & Offutt 11

12. Mismatch in Needs and Goals n Industry wants testing to be simple and easy –Testers with no background in computing or math n Universities are graduating scientists –Industry needs engineers n Testing needs to be done more rigorously ( strictly, carefully ) n Agile processes put lots of demands on testing –Programmers must unit test – with no training, education or tools ! –Tests are key components of functional requirements – but who builds those tests ? Introduction to Software Testing (Ch 1) © Ammann & Offutt 12

13. Introduction to Software Testing (Ch 1) © Ammann & Offutt 13 Cost of Testing n In the real-world, testing is the principle post-design activity n Restricting early testing usually increases cost n Extensive hardware-software integration requires more testing You’re going to spend at least half of your development budget on testing, whether you want to or not !!!

14. Introduction to Software Testing (Ch 1) © Ammann & Offutt 14 Part 1 : Why Test? n Written test objectives and requirements are rare n What are your planned coverage levels? n How much testing is enough? n Common objective – spend the budget … If you don’t know why you’re conducting a test, it won’t be very helpful

15. Introduction to Software Testing (Ch 1) © Ammann & Offutt 15 Why Test? n 1980: “The software shall be easily maintainable” n Reliability is a threshold requirements? n Testing is all about Software Quality … n What fact is each test trying to verify? n Requirements definition teams should include testers! If you don’t start planning for each test when the functional requirements are formed, you’ll never know why you’re conducting the test

16. Introduction to Software Testing (Ch 1) © Ammann & Offutt 16 Cost of Not Testing n Not testing is even more expensive n Planning for testing after development is prohibitively expensive (too expensive, unreasonable ) n A test station for circuit boards costs half a million dollars … n Software testing tools cost less than $10,000, some of which are free (open source testing tools) !!! Program Managers often say: “Testing is too expensive.”

17. Introduction to Software Testing (Ch 1) © Ammann & Offutt 17 Part 2 : What ? But … what should we do ? 1.Types of test activities 2.Software testing terms 3.Changing notions of testing –test coverage criteria –criteria based on structures

18. Types of Test Activities n Testing can be broken up into four general types of activities 1.Test Design 2.Test Automation 3.Test Execution 4.Test Evaluation n Each type of activity requires different skills, background knowledge, education and training n No reasonable software development organization uses the same people for requirements, design, implementation, integration and configuration control Introduction to Software Testing (Ch 1) © Ammann & Offutt 18 1.a) Criteria-based 1.b) Human-based

19. Types of Test Activities – Summary n These four general test activities are quite different n It is a poor use of resources to use people inappropriately Introduction to Software Testing (Ch 1) © Ammann & Offutt 19 1a.Design Criteria Design test values to satisfy coverage criteria or other engineering goals Requires knowledge of discrete math, programming and testing 1b.Design Human Design test values from domain knowledge and intuition Requires knowledge of domain, UI, testing 2.AutomationEmbed test values into executable scripts Requires knowledge of scripting 3.ExecutionRun tests on the software and record the results Requires very little knowledge 4.EvaluationEvaluate results of testing (Expected vs. Actual), report to developers Requires domain knowledge

20. Other Activities n Test management : –Sets policy, –chooses criteria, –organizes team, –interfaces with development specialist (development team), –decides how much automation is needed, … n Test maintenance : Tests must be saved for reuse as software evolves –Requires cooperation of test designers and automators –Deciding when to trim the test suite is partly policy and partly technical – generally is very hard ! –Tests should be put in configuration control ( use of testing tools i.e. Junit ) Introduction to Software Testing (Ch 1) © Ammann & Offutt 20

21. Other Activities n Test documentation : All parties should participate n Each test must document 1.“why” – criterion and test requirement is satisfied or 2.a rationale for human-designed tests n Traceability throughout the process must be ensured n Documentation must be kept in the automated tests Introduction to Software Testing (Ch 1) © Ammann & Offutt 21

22. Applying Test Activities Introduction to Software Testing (Ch 1) © Ammann & Offutt 22 To use our people effectively and to test efficiently we need a process that lets test designers raise their level of abstraction

23. Model-Driven Test Design Introduction to Software Testing (Ch 1) © Ammann & Offutt 23 software artifact model / structure test requirements refined requirements / test specs input values test cases test scripts test results Pass / Fail IMPLEMENTATION ABSTRACTION LEVEL DESIGN ABSTRACTION LEVEL test requirements

24. Model-Driven Test Design – Steps Introduction to Software Testing (Ch 1) © Ammann & Offutt 24 software artifact model / structure test requirements refined requirements / test specs input values test cases test scripts test results IMPLEMENTATION ABSTRACTION LEVEL DESIGN ABSTRACTION LEVEL analysis criterionrefine generate prefix postfix expected automate execute evaluate test requirements domain analysis feedback Pass / Fail

25. Model-Driven Test Design – Activities 25 software artifact model / structure test requirements refined requirements / test specs input values test cases test scripts test results pass / fail IMPLEMENTATION ABSTRACTION LEVEL DESIGN ABSTRACTION LEVEL Test Design Test Execution Test Evaluation

26. Types of Activities in the Book Introduction to Software Testing (Ch 1) © Ammann & Offutt 26 Most of this book is on test design Other activities are well covered elsewhere

27. Software Testing Terms n Like any field, software testing comes with a large number of specialized terms that have particular meanings in this context n Some of the following terms are standardized, some are used consistently throughout the literature and the industry, but some vary by author, topic, or test organization n The definitions here are intended to be the most commonly used Introduction to Software Testing (Ch 1) © Ammann & Offutt 27

28. Important Terms Validation & Verification (IEEE) Introduction to Software Testing (Ch 1) © Ammann & Offutt 28  Validation : The process of evaluating software at the end of software development to ensure compliance with intended usage  Verification : The process of determining whether the products of a given phase of the software development process fulfill the requirements established during the previous phase IV&V stands for “independent verification and validation”

29. Verification and validation (c) 2007 Mauro Pezzè & Michal Young Ch 2, slide 29  Validation: does the software system meets the user's real needs? Are we building the right software?  Verification: does the software system meets the requirements specifications? Are we building the software right?

30. Validation and Verification (c) 2007 Mauro Pezzè & Michal Young Ch 2, slide 30 Actual Requirements SW Specs System Validation Verification Includes usability testing, user feedback Includes testing, inspections, static analysis

31. Validation and Verification Activities validation verification

32. Introduction to Software Testing (Ch 1) © Ammann & Offutt 32 Test Engineer & Test Managers n Test Engineer : An IT professional who is in charge of one or more technical test activities –designing test inputs –producing test values –running test scripts –analyzing results –reporting results to developers and managers n Test Manager : In charge of one or more test engineers –sets test policies and processes –interacts with other managers on the project –otherwise helps the engineers do their work

33. Introduction to Software Testing (Ch 1) © Ammann & Offutt 33 Test Engineer Activities Test Designs Output Executable Tests ComputerEvaluate P Test Manager Test Engineer Test Engineer design instantiate execute

34. Introduction to Software Testing (Ch 1) © Ammann & Offutt 34 Static and Dynamic Testing n Static Testing : Testing without executing the program –This include software inspections and some forms of analyses(static analysis) –Very effective at finding certain kinds of problems – especially “potential” faults, that is, problems that could lead to faults when the program is modified n Dynamic Testing : Testing by executing the program with real inputs

35. Introduction to Software Testing (Ch 1) © Ammann & Offutt 35 Software Faults, Errors & Failures n Software Fault : A static defect in the software n Software Error : An incorrect internal state that is the manifestation of some fault n Software Failure : External, incorrect behavior with respect to the requirements or other description of the expected behavior

36. Introduction to Software Testing (Ch 1) © Ammann & Offutt 36 Testing & Debugging n Testing : Finding inputs that cause the software to fail n Debugging : The process of finding (locating) the root cause of a fault given a failure

37. Introduction to Software Testing (Ch 1) © Ammann & Offutt 37 Fault & Failure Model Three conditions necessary for a failure to be observed 1.Reachability : The location or locations in the program that contain the fault must be reached 2.Infection : The state of the program must be incorrect 3.Propagation : The infected state must propagate to cause some output of the program to be incorrect

38. Introduction to Software Testing (Ch 1) © Ammann & Offutt 38 Test Case n Test Case Values : The values that directly satisfy one test requirement n Expected Results : The result that will be produced when executing the test if the program satisfies its intended behavior

39. Introduction to Software Testing (Ch 1) © Ammann & Offutt 39 Observability and Controllability n Software Observability : How easy it is to observe the behavior of a program in terms of its outputs, effects on the environment and other hardware and software components –Software that affects hardware devices, databases, or remote files have low observability n Software Controllability : How easy it is to provide a program with the needed inputs, in terms of values, operations, and behaviors –Easy to control software with inputs from keyboards –Inputs from hardware sensors or distributed software is harder Note: Data abstraction reduces controllability & observability?

40. Introduction to Software Testing (Ch 1) © Ammann & Offutt 40 Inputs to Affect Controllability and Observability n Prefix Values : Any inputs necessary to put the software into the appropriate state to receive the test case values n Postfix Values : Any inputs that need to be sent to the software after the test case values n Two types of postfix values 1.Verification Values : Values necessary to see the results of the test case values 2.Exit Commands : Values needed to terminate the program or otherwise return it to a stable state n Executable Test Script : A test case that is prepared in a form to be executed automatically on the test software and produce a report

41. Stress Testing Introduction to Software Testing (Ch 1) © Ammann & Offutt 41  Examples:  Very large numeric values (or very small)  Very long strings, empty strings  Null references  Very large files  Many users making requests at the same time  Invalid values  etc…. Tests that are at the limit of the software’s expected input domain

42. Introduction to Software Testing (Ch 1) © Ammann & Offutt 42 Top-Down and Bottom-Up Testing n Top-Down Testing : Test the main procedure, then go down through procedures that it calls, and so on n Bottom-Up Testing : Test the leaves in the tree (procedures that make no calls), and move up to the root. –Each procedure is not tested until all of its children have been tested

43. Introduction to Software Testing (Ch 1) © Ammann & Offutt 43 White-box and Black-box Testing n Black-box testing : Deriving tests from external descriptions of the software, including specifications, requirements, and design n White-box testing : Deriving tests from the source code internals of the software, specifically including branches, individual conditions, and statements This view is really out of date. The more general question is: from what level of abstraction do we derive tests?

44. More About Testing Types n Load Test –Load Testing is a method of testing used to identify the performance of critical situations and the maximum workload the application can handle. –It is important, specially, for multi-user applications or web applications, where it is necessary to determine the application behavior under normal and peak load conditions. n Regression Testing –Regression testing is the process of testing changes to software programs to make sure that the older code still works with the new changes (for example, bug fixes or new functionality) that have been made. Introduction to Software Testing (Ch 1) © Ammann & Offutt 44

45. More About Testing Types n Exploratory Testing –Exploratory testing is a type of testing in which the tester does not have specifically planned Test Cases, –It does the testing to explore the software features and to discover unknown bugs. n Smoke Tests –Smoke tests are used as an acceptance test prior to introducing new changes to the main testing process. –A smoke test is usually the first test made after modifications to provide some assurance that the system under test will not catastrophically fail. Introduction to Software Testing (Ch 1) © Ammann & Offutt 45

46. Testing at Different Levels Introduction to Software Testing (Ch 1)© Ammann & Offutt46 Class A method A1() method A2() Class B method B1() method B2() main Class P  Acceptance testing: Is the software acceptable to the user?  Integration testing: Test how modules interact with each other  System testing: Test the overall functionality of the system  Module testing: Test each class, file, module or component  Unit testing: Test each unit (method) individually This view obscures underlying similarities

47. Introduction to Software Testing (Ch 1) © Ammann & Offutt 47 Changing Notions of Testing n Old view of testing is to test at specific software development phases –Unit, module, integration, system … n New view is to test in terms of structures and criteria –Graphs, –logical expressions, –syntax, –input space, etc.

48. Introduction to Software Testing (Ch 1) © Ammann & Offutt 48 Find a Graph and Cover It n Tailored to: –a particular software artifact code, design, specifications –a particular phase of the lifecycle requirements, specification, design, implementation n This viewpoint obscures underlying similarities n Graphs do not characterize all testing techniques well n Four abstract models suffice …

49. Introduction to Software Testing (Ch 1) © Ammann & Offutt 49 New : Criteria Based on Structures 1.Graphs 2.Logical Expressions 3.Input Domain Characterization 4.Syntactic Structures (not X or not Y) and A and B if (x > y) z = x - y; else z = 2 * x; Structures : Four ways to model software A: {0, 1, >1} B: {600, 700, 800} C: {swe, cs, isa, infs}

50. Coverage Overview Introduction to Software Testing (Ch 1)© Ammann & Offutt50 Four Structures for Modeling Software Graphs Logic Input Space Syntax Use cases Specs Design Source Applied to DNF Specs FSMs Source Input Models Integ Source

51. Introduction to Software Testing (Ch 1) © Ammann & Offutt 51 Test Coverage Criteria  Test Requirements (TR) : Specific things that must be satisfied or covered during testing  Test Criterion (TC): A collection of rules and a process that define test requirements A tester’s job is simple :Define a model of the software, then find ways to cover it Testing researchers have defined dozens of criteria, but they are all really just a few criteria on four types of structures …

52. Introduction to Software Testing (Ch 1) © Ammann & Offutt 52 Coverage n Infeasible test requirements : test requirements that cannot be satisfied –No test case values exist that meet the test requirements –Dead code –Detection of infeasible test requirements is formally undecidable for most test criteria n Thus, 100% coverage is impossible in practice

53. Introduction to Software Testing (Ch 1) © Ammann & Offutt 53 Two Ways to Use Test Criteria 1.Directly generate test values to satisfy the criterion 1.Often assumed by the research community 2.Most obvious way to use criteria 3.Very hard without automated tools 2.Generate test values externally and measure against the criterion usually favored by industry –sometimes misleading –if tests do not reach 100% coverage, what does that mean? Test criteria are sometimes called metrics

54. Introduction to Software Testing (Ch 1) © Ammann & Offutt 54 Generators and Recognizers n Generator : A procedure that automatically generates values to satisfy a criterion n Recognizer : A procedure that decides whether a given set of test values satisfies a criterion n Both problems are provably undecidable for most criteria n It is possible to recognize whether test cases satisfy a criterion far more often than it is possible to generate tests that satisfy the criterion n Coverage analysis tools are quite plentiful

55. Introduction to Software Testing (Ch 1) © Ammann & Offutt 55 Comparing Criteria with Subsumption n Criteria Subsumption : A test criterion C1 subsumes C2 if and only if (iff) every set of test cases that satisfies criterion C2 also satisfies C1 n Must be true for every set of test cases n Example : If a test set has covered every branch in a program (satisfied the branch criterion), then the test set is guaranteed to also have covered every statement

56. Introduction to Software Testing (Ch 1) © Ammann & Offutt 56 Test Coverage Criteria n Traditional software testing is expensive and labor- intensive n Formal coverage criteria are used to decide which test inputs to use n More likely that the tester will find problems n Greater assurance that the software is of high quality and reliability n Test Coverage Criteria is A goal or stopping rule for testing n Criteria makes testing more efficient and effective But how do we start to apply these ideas in practice?

57. Introduction to Software Testing (Ch 1) © Ammann & Offutt 57 Part 3 : How ? How do we get there ? Now we know why and what …

58. Testing Levels Based on Test Process Maturity Introduction to Software Testing (Ch 1) © Ammann & Offutt 58  Level 0 : There’s no difference between testing and debugging  Level 1 : The purpose of testing is to show correctness  Level 2 : The purpose of testing is to show that the software doesn't work  Level 3 : The purpose of testing is not to prove anything specific, but to reduce the risk of using the software  Level 4 : Testing is a mental discipline that helps all IT professionals develop higher quality software

59. Introduction to Software Testing (Ch 1) © Ammann & Offutt 59 Level 0 Thinking n Testing is the same as debugging n Does not distinguish between incorrect behavior and mistakes in the program n Does not help develop software that is reliable or safe This is what we teach undergraduate CS majors

60. Introduction to Software Testing (Ch 1) © Ammann & Offutt 60 Level 1 Thinking n Purpose is to show correctness n Correctness is impossible to achieve n What do we know if there are no failures? –Good software or bad tests? n Test engineers have no: –Strict goal –Real stopping rule –Formal test technique –Test managers are powerless This is what hardware engineers often expect

61. Introduction to Software Testing (Ch 1) © Ammann & Offutt 61 Level 2 Thinking n Purpose is to show failures n Looking for failures is a negative activity n Puts testers and developers into an adversarial (oppositional) relationship n What if there are no failures? This describes most software companies. How can we move to a team approach ??

62. Introduction to Software Testing (Ch 1) © Ammann & Offutt 62 Level 3 Thinking n Testing can only show the presence of failures n Whenever we use software, we incur some risk n Risk may be small and consequences unimportant n Risk may be great and the consequences catastrophic n Testers and developers work together to reduce risk This describes a few “enlightened” software companies

63. Introduction to Software Testing (Ch 1) © Ammann & Offutt 63 Level 4 Thinking A mental discipline that increases quality n Testing is only one way to increase quality n Test engineers can become technical leaders of the project n Primary responsibility to measure and improve software quality n Their expertise should help the developers This is the way “traditional” engineering works

64. How to Improve Testing ? n Testers need more and better software tools n Testers need to adopt practices and techniques that lead to more efficient and effective testing –More education –Different management organizational strategies n Testing / QA teams need more technical expertise –Developer expertise has been increasing dramatically n Testing / QA teams need to specialize more –This same trend happened for development in the 1990s Introduction to Software Testing (Ch 1) © Ammann & Offutt 64

65. Four Roadblocks to Adoption Introduction to Software Testing (Ch 1) © Ammann & Offutt 65 1. Lack of test education 2. Necessity to change process 3. Usability of tools 4. Weak and ineffective tools Number of UG CS programs in US that require testing ? 0 Number of MS CS programs in US that require testing ? Number of UG testing classes in the US ? 0 ~25 Most test tools don’t do much – but most users do not realize they could be better Adoption of many test techniques and tools require changes in development process Many testing tools require the user to know the underlying theory to use them This is very expensive for most software companies Do we need to know how an internal combustion engine works to drive ? Do we need to understand parsing and code generation to use a compiler ? Few tools solve the key technical problem – generating test values automatically Bill Gates says half of MS engineers are testers, programmers spend half their time testing

66. Introduction to Software Testing (Ch 1) © Ammann & Offutt 66 Summary n More testing saves money –Planning for testing saves lots of money n Testing is no longer an “art form” –Engineers have a tool box of test criteria n When testers become engineers, the product gets better –The developers get better

67. Introduction to Software Testing (Ch 1) © Ammann & Offutt 67 Open Questions n Which criteria work best on embedded, highly reliable software? –Which software structure to use? n How can we best automate this testing with robust tools? –Deriving the software structure –Constructing the test requirements –Creating values from test requirements –Creating full test scripts –Solution to the “mapping problem ” n Empirical validation n Technology transition n Application to new domains

68. Summary of Today’s New Ideas n Why do we test – to reduce the risk of using the software n Four types of test activities – test design, automation, execution and evaluation n Software terms – faults, failures, the RIP model, observability and controllability n Four structures – test requirements and criteria n Test process maturity levels – level 4 is a mental discipline that improves the quality of the software Introduction to Software Testing (Ch 1) © Ammann & Offutt 68 Earlier and better testing can empower the test manager