Path selection criteria Tor Stålhane & Wande Daramola

Why path selection criteria White box testing using the test-all-paths strategy can be tedious and expensive. The strategies discussed here will reduce the number of paths to be tested. As with all white box tests, it should only be used for small chunks of code – less than say 200 lines.

Variables have a defined life cycle: created, used, and killed (destroyed) { // begin outer block int x; // x is defined as an integer within this outer block …; // x can be accessed here { // begin inner block int y; // y is defined within this inner block...; // both x and y can be accessed here } // y is automatically destroyed at the end of this block...; …;// x can still be accessed, but y is gone } // x is automatically destroyed Data flow testing

define, use, kill (duk) – 1 We define three usages of a variable: d – define the variable u – use the variable k – kill the variable. A large part of those who use this approach will only use define and use – du. Based on the usages we can define a set of patterns potential problems.

duk – 2 We have the following nine patterns: dd: define and then define again – error dk: define and then kill – error ku: kill and then used – error kk: kill and then kill again – error du: define and then use – OK kd: kill and then redefine – OK ud: use and then redefine – OK uk: use and then kill – OK uu: use and then use – OK

duk examples (x) – 1 Define x Use x Define x Use x ddu du

duk examples (y) - 2 Define y Use y Define y Use y Kill y Use y Kill y uduk udk

duk examples (z) - 3 Kill z Use z Kill z Define z Kill z Define z Kill z Use z kuuud kkduud Use z

Dynamic data flow testing Test strategy – 1 Based on the three usages we can define a total of seven testing strategies. We will have a quick look at each All definitions (AD): test cases cover each definition of each variable for at least one use of the variable. All predicate-uses (APU): there is at least one path of each definition to p-use of the variable

Test strategy – 2 All computational uses (ACU): there is at least one path of each variable to each c- use of the variable All p-use/some c-use (APU+C): there is at least one path of each variable to each c- use of the variable. If there are any variable definitions that are not covered then cover a c-use

Test strategy – 3 All c-uses/some p-uses (ACU+P): there is at least one path of each variable to each c-use of the variable. If there are any variable definitions that are not covered then cover a p-use. All uses (AU): there is at least one path of each variable to each c-use and each p- use of the variable.

Test strategy – 4 All du paths (ADUP): test cases cover every simple sub-path from each variable definition to every p-use and c-use of that variable. Note that the “kill” usage is not included in any of the test strategies.

Application of test strategies – 1 Define x c-use x c-use z Kill z c-use x Define z p-use y Kill z Define y p-use z c-use c-use z Kill y Define z All definitions All c-use Define x c-use x c-use z Kill z c-use x Define z p-use y Kill z Define y p-use z c-use c-use z Kill y Define z All p-use

Application of test strategies – 2 Define x c-use x c-use z Kill z c-use x Define z p-use y Kill z Define y p-use z c-use c-use z Kill y Define z ACU APU+C

Relationship between strategies - 1 All paths All du-paths All uses All c/some p All p/some c All c-uses All p-uses All defs Branch Statement The higher up in the hierarchy, the better is the test strategy

Relationship between strategies - 2 To make the relationships clear: The main testing method here is path- testing. However, since full path testing often will require us to execute a large number of paths, the duk-strategy helps us to reduce the number of paths necessary. The diagram on the preceding slide helps us to make the necessary decisions.

Acknowledgement The material on the duk patterns and testing strategies are taken from a presentation made by L. Williams at the North Carolina State University. Available at: Further Reading: An Introduction to data flow testing – Janvi Badlaney et al., 2006 Available at: ftp://ftp.ncsu.edu/pub/tech/2006/TR pdf

Use of coverage measures Tor Stålhane

Model – 1 We will use the following notation: c: a coverage measure r(c): reliability 1 – r(c): failure rate r(c) = 1 – k*exp(-b*c) Thus, we also have that ln[1 – r(c)] = ln(k) – b*c

Model – 2 The equation ln[1 – r(c)] = ln(k) – b*c is of the same type as Y = α*X + β. We can thus use linear regression to estimate the parameters k and b by doing as follows: 1.Use linear regression to estimate α and β 2.We then have –k = exp(α) –b = - β

Coverage measures considered We have studied the following coverage measures: Statement coverage: percentage of statements executed. Branch coverage: percentage of branches executed LCSAJ Linear Code Sequence And Jump

Statement coverage

Graph summary

Equation summary Statements: -ln(F) = C statement, R 2 (adj) = 85.3 Branches: -ln(F) = C branches, R 2 (adj) = 82.6 LCSAJ -ln(F) = C LCSAJ, R 2 (adj) = 77.8

Usage patterns – 1 Not all parts of the code are used equally often. When it comes to reliability, we will get the greatest effect if we have a high coverage for the code that is used most often. This also explains why companies or user groups disagrees so much when discussing the reliability of a software product.

Usage patterns – 2 input domain X X X X X X X X X X Input space A Corrected

Usage patterns – 3 As long as we do not change our input space – usage pattern – we will experience no further errors. New user groups with new ways to use the system will experience new errors.

Usage patterns – 4 input domain X X X X X X Input space A Input space B

Extended model – 1 We will use the following notation: c: coverage measure r(c): reliability 1 – r(c): failure rate r(c) = 1 – k*exp(-a*p*c) p: the strength of the relationship between c and r. p will depend the coupling between coverage and faults. a: scaling constant

Extended model – 2 C 1 - k R(C) 1 Large p Small p Residual unreliability

Extended model - comments The following relation holds: ln[1 – r(c)] = ln(k) – a*p*c Strong coupling between coverage and faults will increase the effect of test coverage on the reliability. Weak coupling will create a residual gap for reliability that cannot be fixed by more testing, only by increasing the coupling factor p – thus changing the usage pattern.

Bishop’s coverage model – 1 Bishop’s model for predicting remaining errors is different from the models we have looked at earlier. It has a Simpler relationship between number of remaining errors and coverage More complex relationship between number of tests and achieved coverage

Bishop’s coverage model – 2 We will use f = P(executed code fails). Thus, the number of observed errors will depend on three factors Whether the code –Is executed – C –Fails during execution – f Coupling between coverage and faults - p N 0 – N(n) = F(f, C(n, p)) C(n) = 1 – 1/(1 + kn p )

Bishop’s coverage model – 3 Based on the assumptions and expression previously presented, we find that If we use the expression on the previous slide to eliminate C(n) we get

A limit result It is possible to show that the following relation holds under a rather wide set of conditions: The initial number of defects – N 0 – must be estimated e.g. based on experience from earlier projects as number of defects per KLOC.

An example from telecom