Академический Документы
Профессиональный Документы
Культура Документы
December 2014
110001110001000011100110011110110000010000011110
000100110100101101110011000010111001001111001
Agile Testing Day in Utrecht
The Agile Testing Day is a one-day conference for and by international soft-
ware testing professionals involved in AGILE WORK PROCESSES. Join this
event with your agile team to LEARN and NETWORK with your peers.
Catch the
Early Bird
by January 16!
www.agiletestingday.nl
Follow us on Twitter:
@Agile_NL
Dear readers,
We are facing the end of the year 2014 and when we look back we see a great year behind us.
The magazine achieved the expectations set by the editorial team. We have increased the quality
of the articles, we have more readers worldwide, and we made some small changes to the structure
and the website. Even though we are happy with these changes, we want to improve your experience
next year and therefore we are facing new ones.
The conferences we organized ran amazingly well. The first edition of Mobile App Europe was impres-
sive with a lot of new insides on the mobile business and we have already started planning for next
year. Our main conference, Agile Testing Days, was the best ever and we are very proud of having so
many talented speakers at it. The attendees had a lot of fun and learned a lot. It was also a pleasure
to have had the exclusive release of the new book by Lisa Crispin and Janet Gregory. More Agile
Testing is a milestone in the agile world. The sister conference Agile Testing Days Netherlands that
took place earlier this year was a success and we are working hard to give you a great experience
again on March 19, 2015 in Utrecht, The Netherlands. Please visit the website www.agiletestingdays.nl.
I want to thank all the authors, sponsors, and partners for their support in issuing the magazine. A
special thank-you goes to Konstanze who laid-out the magazine for the last time!
Last, but not least, I wish you a Merry Christmas and a Happy New Year!
From the Editor...............................................................................................1 The Three Pillars of Agile Quality and Testing.....................................34
by Robert Galen
Editorial Board.............................................................................................C3
Combinatorial Testing Tools....................................................................24
by Danilo Berta
Picture Credits..............................................................................................C3
Agile
Is It Worth It? Advantages of Using It
Why Did Agility Appear? pivoting and iterating until they reach their expected results is almost
mandatory. Agile development allows small companies to refine their
Around 50 years ago, code was written without any plan and the ar-
products and goals on the go.
chitecture design was determined from many short-term decisions.
This worked well for small systems, but as they grew it became harder Nonetheless, Agile also works well in big companies. Multinationals are
to add new features and to fix bugs. more than ever required to move fast and adapt to the new environ-
ment. Besides, as we all know, the customer is always right. So why
After some years, methodologies were introduced in software develop-
leave them out of the development process? Agile involves the client in
ment to solve these issues. Methodologies are strict processes whose
the project, so companies can understand better and in greater detail
aim is to make software more efficient and predictable. Traditional
what the customer wants.
methodologies (for instance Waterfall) are plan-driven and require
a big effort at the beginning of the project in order to define require-
ments and architecture properly. As you may notice, these processes
Waterfall Agile
can be frustrating and not very open to changes.
Failed
Nowadays, technology and software applications evolve quickly faster Failed Successful Successful
9%
29% 14% 42%
than we expected. Therefore, time-to-market is critical in determining
whether a product will succeed or fail. Reaching the market before your
competitors might actually mean victory. Thus, it is very important
to have the right methodology that embraces and responds to the
continuous changes we are experiencing. That is the main reason why,
in 1975, practices based on iterative enhancements were introduced.
In other words, lets call it agility. Challenged
Challenged
57% 49%
What Advantages Does Agile Have for Developers? Help Business Analysts to define stories and their acceptance
criteria so they to know whether they are satisfying customer
Developers are the core of an agile team. Therefore, it is highly im-
requirements.
portant to provide the right tools and methodologies so they can do
a good job. Agile gives freedom to developers to estimate and write Integrate with the development team to assess the adoption of
code as they prefer, and motivates people to share how things are code standards and the improvement of the code base through
done and work as a team. refactoring.
With traditional methodologies, software engineers often feel they Provide developers with high level test cases and scenarios for the
mostly do work that has no meaning for the client, or that this work will stories before coding. Respond to change-over following a plan.
be removed from the final product. Agile focuses on doing tasks that
Ensure black box testing over the user interface and white box
provide value to the customer, so wasting time and effort on writing
testing to gain knowledge of the internal workings of the applica-
useless code is minimized.
tion.
Finally, in Agile there are no senior or junior levels. Everyone is a team
Increase automated testing, so the teams speed will increase.
member, so everyones opinion is valuable. Agile helps people to share
their opinions so the whole process may benefit and improve. Introduce quality control into every iteration.
Of course not. The first thing to note is that Agile is not about perfection,
it is about bringing value to your organization and to your customers in
the most cost-effective and transparent way. For this reason, you need
> about the authors
to be patient when adopting Agile frameworks. It is very important
that the executive team believes in Agile methods. If it happens, your
Antonio Gonzlez Sanchis is a telecommunica-
probability of project success increases considerably.
tions engineer with a Masters degree in Project
Moreover, Agile has several disadvantages. As it focuses strongly on Management and a Diploma in Business and
people, if someone leaves your team, it is likely you will be losing a lot Management from the London School of Eco-
of information and cohesion from the group. Besides, as the team is nomics. He has several years of experience as a
self-managed, maturity is required in all team members and this is software developer and business analyst for
often hard to obtain. companies such as Fraunhofer Institute, Hewlett-
Packard, and Amadeus, always working under agile methodologies.
Finally, there are common mistakes in adopting Agile that cause more
His interests are strongly related to applying agile frameworks to
inconveniences than advantages. One common mistake is trying to
non-related software environments.
adapt your organization to Agile. Agile is a framework that provides
LinkedIn: www.linkedin.com/in/antoniogonzalezsanchis
methods for being more productive, so the trick is to determine which
Website: www.openbmic.com
methods provided by Agile are suitable for your organization and to
tune your methodology to fit your individual or team needs. Another
Rubn Fernndez lvarez has seven years of
error is believing that Agile means that everything can be done at any
experience as a QA test engineer in medical
time. Agile is about flexibility, but if development of a feature has
and industrial environments in different com-
started, it is not possible to change it before it is finished.
panies, including Sogeti, Ingenico, Grifols, and
Aurigae Telefonica R+D. He presently holds the
role of SW QA Manager at Zitro Interactive, where
Does It Only Work in Software Environments?
he is responsible for test management and test
No, it could work in different environments. For example, think of this automation in mobile and web gaming projects. He is a qualified
article that we wrote in a kind of agile way. We first defined what we telecommunications and electronics engineer and is a certified
wanted to do (high level) and we started one week iterations of writing. Scrum Manager.
After every iteration we asked for feedback from experts and people Twitter: @rbnfdez
whom we considered to be important stakeholders. Using this infor- LinkedIn: www.linkedin.com/in/rbnfdez
mation, we improved our article and kept on writing. When we had
completed ten iterations, our stakeholders told us it was good enough
for them, so we decided to close the article. Obviously we were not 100%
agile as we did not release our article before it was finally completed.
As said, Agile does not only work for software projects, but it is true
that it might work better with small budget projects, as refining your
product every iteration may incur unexpected expenses. Moreover,
Agile is very effective in environments where changes in the require-
ments happen quite often due to various business reasons.
Conclusion
Agile is not a one-time aspect in the development process of a company.
It is a development philosophy that helps to deliver frequent releases
with high quality to final customers, through team collaboration,
transparency, and continuous improvement.
March 1920, 2015 Berlin, Germany Our training courses are available as inhouse courses
June 1112, 2015 Berlin, Germany and outside of Germany on demand.
In part 1 of this article, we outlined a number of criticisms and road- software. This is our target audience for this article. We are not pre-
blocks that we have encountered while looking for the best way to tending to describe how to test military-spec applications or embedded
test our application. systems, for example.
We know it is easy to criticize, but this was not for the sake of being What do we want to achieve with our tests? In simple terms, we are
negative. We believe that our experience has led to some valuable not looking for mathematical correctness proofs of our code. Nor are
insights, apart from the points we simply do not like. Further, we we looking for exhaustively tested use cases. We want to be reasonably
believe our experiences are not unique. So, in this second article we certain that the code we deploy is stable and behaves as expected. We
want to take a look at what can be done to test our software efficiently. are ready to accept the odd outlier case that gives an issue. We believe
our bug-fixing process is quick enough to address such issues in an
What we describe here is not all implemented today. As we said in the
acceptable timeframe (between 4 and 48 hours).
previous article, this is part of a journey, a search for the optimum way
of doing things. You might wonder why? There are a couple of reasons Lets look a bit closer at the various types of tests we might need to
for this. First and foremost, as a small startup company, our resources devise to achieve such reasonable assurance.
are limited. And, as Google says, scarcity brings clarity[1], so we have
to be careful what we spend our time and energy on. Second, when do-
ing our research on testing methodologies and how to apply these best, Testing a CRUD Application
there was one recurring theme: there is never enough time, money, or
The application presents a number of screens to the user, starting
resources to test. This can probably be translated into management
from the home screen, with a menu. The menu gives access to screens,
does not give me enough, because they apparently believe that what
mostly CRUD-type, while some screens are process-oriented or serve a
they spend on testing is already enough. Now here comes the big ques-
specific purpose (a screen to run reporting, for example).
tion: what if management is right? Can we honestly say that every test,
every check, every test department even, is super-efficient? We may A CRUD screen has five distinct, physical views:
argue that test effort may reach up to x% of development effort (30%
has been given as a rough guideline). Well then, if by magic, develop- 1. The items list (index), i.e., the Contracts list
ment effort is sliced down to one fifth, is it not logical to assume that
2. The item details, i.e., the Work Page details
the test effort should be reduced by the same factor? And how would
this be achieved? We want to explore this here. 3. The item edition, i.e., edit the Activities details
This is where we came from. We generate large parts of our code. This 4. The item creation, i.e., create a new Type of Risk
reduces development time dramatically. For a small startup this is a
5. And the item deleting, i.e., delete a Project and its related items
good thing. But this also means that we must be able to reduce our
testing time. And that was the reason we had a good and hard look at
Possible actions on each screen are standardized, with the exception
current testing methods, what to test, when to test, and how to test.
of the details screen, where specific, business-oriented actions can
be added. You may think of an action such as closing a record, which
involves a number of things such as checking validity, status change,
Testing a Web Application Deployable as Public-
updating log information, and maybe creating some other record in
Private Cloud and On-Premises Software
the system. In essence, these actions are always non-trivial.
First, lets frame our discussion. The application we are developing is
rather standard from a testing point of view: web-based, multi-tier,
a back-end database, and running in the cloud. The GUI is moderately Testing a Generated vs. a Hand-Coded Piece of
sprinkled with JavaScript (JQuery[2] and proprietary scripts from a set Software
of commercial off-the-shelf (COTS) UI controls like DevExpress[3]and
All CRUD screens are made of fully generated code, with the exception
Aspose[4]). The main way to interact is through a series of CRUD[5]
of the business actions, which are always hand-coded.
screens. We can safely say that there are probably thousands of ap-
plications like this, except that the same piece of code is deployable as The non-CRUD screens are not generated and always hand-coded.
a Private Cloud and Public Cloud application, as well as on-premises Needless to say we try to keep the number of these screens low.
The business actions are the third main concern for testing. These 4. A database containing acceptable data might be used by either
are non-trivial actions, highly context (data, user) dependent, and the business user or the tester. The data might be digested by the
with a multitude of possible outcomes. We have not yet figured out system testing the application and reduce the complexity of the
how to test these artifacts automatically due to the amount of cases BDD-tests while increasing the source code to test the applica-
we would need to take into account. Each change in our logic needs a tion
complete refactoring of those tests that will certainly produce most
of the complaints from of our beloved customers. 1. # file: ./Create_Contract_Request_for_offer.feature
3. As a registered user,
Testing the User Interface Using BDD 4. I want to create a Request for offer for a project
5. Background:
A final concern is the UI testing. Even with highly standardized screens,
6. Given I open StratEx "<url>"
we value this type of testing, for three reasons:
7. When I sign up as "<username>"
Second, it is what the user actually sees. If something is wrong 12. Then I click on "Create new" menu item
there, there is no escape. 13. Then I select "<project_name>" from the "Project"
dropdown
Third, we like to use such test runs to record documentation,
14. Then I set the "Title" box with "<project_title>"
and demo and training videos using Castro[7], Selenium[8], and
15. Then I click on "Save" button
Behave[9] mostly open source software.
16. Then I check that the "Project" field equals
"<project_name>"
We believe that this context is relatively common, with the possible
17. Then I check that the "Title" field equals
exception of massive code generation and the use of tests to docu-
"<project_title>"
ment the application (and we would recommend these as something
18. And I click on the link "Logout"
to consider for your next project!), so it makes sense to examine how
19. Examples: staging
these different areas can be tested efficiently.
20. | url| username
For the generated CRUD screens, tests should be standardized and | user_first_last_name| project_name | project_
generated. Do we need to test all the generated screens? Given the fact title |
that the tests are generated (so there is no effort involved in creating 21. | https://staging.<your application>.com | a Username
the tests), we would say that you must at least have the possibility of | a firstname, a lastname | a project name | a project
testing all screens. Whether you test them for every deployment is a title |
question of judgment.
Table 1. BDD Definition (Full Description): Create a Request for Offer 11_Create_Contract_
Hand-coded screens, if you have them, probably require hand-coded
Request_ for_offer.feature
tests. Yet, if you have information available that allows you to gener-
We believe that the most relevant tests for the development cycle are
Table 2. BDD Definition (Brief Description): Create a Request for Offer 11_Create_ the ones related to the work the developer does, i.e., producing code.
Contract_Request_ for_offer.feature This means that generated code can be excluded in principle (although
there is nothing against generating such tests). It focuses therefore on
hand-coded screens and business action implementation.
1. @then(u'I create one Request for offer')
2. def step_impl(context): Starting with the business action implementation, we observe that this
3. # click | 'Contract' menu item only requires coding in non-UI parts of the application: the model[12]
4. context.browser.find_element_by_xpath( and the database. It has been shown that it is possible to run unit-like
"//a[contains(text(),'Contract')]").click() tests against the model code and against the controller code. Unit tests
5. context.browser.dramatic_pause(seconds=1) against the model can be used to validate the individual functions (as
6. # click | 'Request for Offer' menu item in normal unit tests), while tests against the controller will actually
7. context.browser.find_element_by_xpath( validate that the action when invoked by the user from the UI will
"//a[contains(text(),'Request for Offer')]").click() yield the expected result. In that sense, this kind of test runs like a UI
8. context.browser.dramatic_pause(seconds=1) test without the overhead (and performance penalty) of a browser.
9. # click | 'Create New' menu item
What is so special about this approach? First, these are not real unit
10. context.browser.find_element_by_xpath(
tests because they do not isolate components. They test an architectural
"//a[contains(text(),'Create New')]").click()
layer, including the layers below it. This means that, when testing a
11. context.browser.dramatic_pause(seconds=2)
model, the database will be accessed as well. This is a deliberate trad-
12. # select | id=Project | label=StratEx Demo
eoff between the work required to make components unit-testable
13. Select(context.browser.find_element_by_id("Project")).
and the impact of testing them in context. It means we have to
select_by_visible_text(context.testData.find(
consider issues such as database content and we need to accept that
".//project_name").text)
these tests run slower than real unit tests. However, because we have
14. context.browser.dramatic_pause(seconds=1)
far fewer of this type of test (we only implement the tests for the busi-
15. # type | id=Title | Horizon 2020 dedicated SME
ness actions, which is between two and ten per screen), the number
Instrument - Phase 2 2014
of these tests will be around 100200 for the complete application.
16. context.browser.find_element_by_id("Title").clear()
We believe that this is a workable situation, as it allows developing
without having to consider the intricacies of emulated data, such as
Table 3. Excerpt from 11_Create_Contract_Request_ for_offer.py
mocks or other artificial architectural artifacts, to allow for out-of-
context testing. In other words, we can concentrate on the business
At StratEx, we our current practice is to write brief BDD, after many
problems we need to solve.
attempts to find a right balance between writing code and BDD-tests.
We did choose the Python Programming language (see Table 3) to An additional benefit here is that this allows us to test the database
implement the tests, because Python[11] is readable even by business along with the code. Database testing is an area we have not seen
users and can be deployed on all our diverse systems made of Linux covered often, for reasons that somewhat elude us.
and Windows machines.
In summary, we have presented here a method for efficiently testing
Business actions are hand-coded too, but such actions are good can- large parts of web-based software by using elements of code gen-
didates for BDD-tests, described in Gherkin. As we mentioned before, eration to generate automatable tests, and by using BDD concepts to
Gherkin is powerful for describing functional behavior, and this is model tests for non-generated screens and non-generated business
exactly what the business actions implement. So there seems to be a actions. Further, we have described a method for context-based unit
natural fit between business actions and BDD/Gherkin. The context testing that, when combined with generated code and tests, yields
This article has not covered other areas of testing, such as performance Rudolf de Schipper has extensive experience in
and security tests. Currently StratEx has no immediate concerns in project management, consulting, QA, and soft-
these areas that required us to critically observe how we validate the ware development. He has experience in manag-
application in this respect. ing large multinational projects and likes work-
ing in a team. Rudolf has a strong analytical
attitude, with interest in domains such as the
public sector, finance and e-business.
References
He has used object-oriented techniques for design and develop-
[1] How Google tests software (Whittaker, Arbon et al.) ment in an international context. Apart from the management
aspects of IT-related projects, his interests span program manage-
[2] jQuery: http://jquery.com
ment, quality management, and business consulting, as well as
[3] DevExpress: https://www.devexpress.com/ architecture and development. Keeping abreast with technical
work, Rudolf has worked with the StratEx team, developing the
[4] Aspose: http://www.aspose.com
StratEx application (www.stratexapp.com), its architecture, and the
[5] Create, Read, Update, Delete code generation tool that is used. In the process, he has learned
and experienced many of the difficulties related to serious soft-
[6] End-to-end test:
ware design and development, including the challenges of testing.
http://www.techopedia.com/definition/7035/end-to-end-test
LinkedIn: be.linkedin.com/pub/rudolf-de-schipper/3/6a9/6a9
[7] Castro is a library for recording automated screencasts via a
simple API: https://pypi.python.org/pypi/castro Abdelkrim Boujraf owns companies developing
software like StratEx (program and project man-
[8] Automating web applications for testing purposes:
agement) and SIMOGGA (lean operations man-
http://www.seleniumhq.org
agement). He has more than 15 years of experi-
[9] Behave is behavior-driven development, Python style: ence in different IT positions, from software
https://pypi.python.org/pypi/behave engineering to program management in man-
agement consulting and software manufactur-
[10] System Acceptance Test:
ing firms. His fields of expertise are operational excellence and col-
https://computing.cells.es/services/controls/sat
laborative consumption. Abdelkrim holds an MBA as well as a
[11] Python Programming Language: https://www.python.org/ masters in IT & Human Sciences. He is a scientific advisor for the
Universit Libre de Bruxelles where he is expected to provide occa-
[12] We assume an MVC or similar architecture is being used here,
sional assistance in teaching or scientific research for spin-offs.
or anything that clearly separates the UI from the rest of the
LinkedIn: be.linkedin.com/in/abdelkrimboujraf
system.
Referenced books
The Cucumber Book (Wynne and Hellesoy)
Referenced articles
Model Driven Software engineering (Brambilla et al.)
Starting Situation test sets had been worked out and iteratively improved by the tester
in the Scrum team (supported by the whole Scrum team). The work
Certainly some developers and testers in the agile environment are
of the QA teams was to be strictly separated from the Scrum team to
familiar with the following situation. A team had been working on a
avoid lowering the performance of the Scrum team. Therefore the
product for a long time, but they did not have a dedicated tester. As a
teams needed an interface to filter the exchange of information in the
result, quality requirements had rather been neglected. But now just
direction of the Scrum team, thus avoiding an information overflow
before the product release everything should get better and the team
(esp. only actual bugs, no duplicates, etc.). The Scrum team itself would
would be supported by additional testers.
focus on reproducing and troubleshooting the bugs. We decided to
At the beginning of this year, I became involved in a similar situation staff the interface between the teams with the PO and the tester from
when I was assigned as a tester to a Scrum team that had suffered the Scrum team. The only exception to the team seperation was the
from a high turnover of testers. Apart from the unit tests that the Daily Scrum meetings. Besides the Scrum team, one agent from each
developers had established, there were no automated tests. But as QA team attended to give their current status.
the product release moved closer, the team had to deal with various
This plan was refined so the teams were better balanced. One of the
short-term decisions regarding product changes. We had to find a way
Scrum teams developers moved to a QA team to test with them. Thus,
to test the products features as well as its non-functional criteria in
every QA team had three members, including one experienced tester
a fast and reliable manner.
who headed the execution of the tests. Furthermore, the Scrum team
To start the automation of integration tests and GUI tests during this had two relatively new members who were not sufficently trained
stage of the project would have been fatuous. We needed a manual to do quick and effective bugfixing of this complex software. These
solution. colleagues were given the mission of performing exploratory testing
apart from the test sets and reproducing bugs.
In summary, our final setup was with two QA teams executing a set
The Idea
of tests. These tests included all the positive and the most important
In collaboration with our Product Owner (PO), we created a concept to negative test cases. Every team worked with a different product con-
organise a pure quality assurance sprint (QA Sprint) only for testing, fix- figuration. The QA teams tests were supplemented by explorative tests
ing, and retesting. No feature stories had been planned for this sprint. from the two fresh developers in the Scrum team. Six developers within
the Scrum team took care of bugfixing and deployment. This way, two
But how could we test the whole product in such a short time span?
teams were established and they supported the Scrum team without
It is not possible to perform the test scope needed for a convincing
any signifcant negative effects for the self-organization of the Scrum
and informative result in a two-week iteration not even with all
team (shown in Figure 1). The atypical ratio between developers and
the nine team members. After all, it was necessary to cover different
testers in favour of developers was less problematic because the PO
configurations of the software with tests. But we were very lucky to
had enough old known issues to be fixed in her backlog, keeping the
receive special help from five additional testers and developers who
developers busy till the testers reported the first bugs.
had agreed to support our tests. So we had enough workforce. But
how to manage all these people?
From the outset it was obvious that the team could not simply be
extended. There is no way of conducting an effective Sprint Planning
or Daily Scrum with 14 team members (plus Scrum Master) and the
whole team would have had to reorganise itself. This was no practicable
solution, not even for only one sprint. As a consequence we had to find
another way to integrate the additional testers.
But what approach would work? The answer seems simple we needed
more teams! But a new Scrum team cannot simply be conjured out of
Bugs, issues, etc.
thin air, especially for just one sprint. So we had to distinguish between
the Scrum team and the QA teams. The Scrum team, consisting of the
former team, should basically work as usual in the best Scrum manner.
But to strengthen the Scrum team we needed the additional testers,
but could not get them aboard the Scrum boat due to the reasons
mentioned above. And so we had to create two new teams that were
substantially self-organized but not a fixed part of the Scrum team.
Figure 1. Two small QA teams supporting the Scrum team. The communication between
These QA teams focused on repeatedly running a given set of tests. The
the teams is handled by fixed interfaces and agents (blue).
The kick-off was the official start for the QA teams. For the first complete
execution of the test cases they needed exactly the assumed time of
two days. As an additional advantage, every team had a member who
> about the author
knew the product in advance. So the other members could benefit from
them in their steep learning curve.
Martin Uhlig works as a testing consultant for
On the first day, the Scrum team worked on the previously known is- Saxonia Systems AG in Dresden. Since studying
sues until the first bugs were delivered by the QA teams. Additionally, business informatics, he has been passionate
the two exploratory testers were able to produce some interesting in- about agile software development and the cur-
sights during their tests, which could be transformed into reproducible rent trends in the agile community. He has been
bugs. After the first two days, the first bugs and issues were fixed. The working on different projects within the sectors
retests for these and other improvements (mainly initiated by the QA of logistics, media, and product development.
teams) were taken into the test sets for the next test iteration. At the This also includes agile projects on which he has been working as a
Daily Scrum, the agents from the QA teams reported on their teams tester and Product Owner.
progress and took important information to the QA teams as planned.
The Conclusion
The QA sprint was a major success for the project. On the last day of
the sprint, the PO was able to successfully perform the acceptance
test and release the product. As a result of this QA sprint, the team
managed to considerably boost the quality of the product.
The Scrum team and the QA teams appreciated the nature of the
cooperation between the teams. The QA teams benefited from the
clear interfaces because they were given peace of mind whenever
they needed something. Any questions from the QA teams could be
answered very quickly and validly without spending a long time look-
Exploratory
Performance Testing
It looks like exploratory performance testing has started to attract If we look at the definition of exploratory testing as simultaneous
some attention and is getting a mention here and there. Mostly, I learning, test design and test execution1, we can see that it makes
assume, due to the growing popularity of functional exploratory test- even more sense for performance testing, because learning here is
ing[1]. A proponent of exploratory testing probably would not like my more complicated, and good test design and execution heavily depend
use of the word functional here, but not much has been written, for on a good understanding of the system.
example, about performance exploratory testing and even what has
If we talk about the specific techniques used in functional exploratory
been written often refers to different things.
testing, some can be mapped to performance testing but definitely
There have been attempts to directly apply functional exploratory should not be copied blindly. Working with a completely new system,
testing techniques to performance testing. SmartBear blog posts[2, 3] I found that I rather naturally align my work to a kind of session so
contrast exploratory performance testing with static traditional load session-related techniques of functional exploratory testing are prob-
testing. My view is probably closer to Goranka Bjedovs understanding ably applicable to performance testing. I would not apply such details
as she described it back in 2007[4]. as session duration, for example but the overall idea definitely makes
sense. You decide what area of functionality you want to explore,
It was clear to me that a traditional, waterfall-like approach to perfor-
figure out a way to do that (for example, create a load testing script)
mance testing is very ineffective and error-prone. I presented a more
and start to run tests to see how the system behaves. For example,
agile/exploratory approach to performance testing in a traditional
if you want to investigate the creation of purchase orders, you may
waterfall software development environment at CMG in 2008[5]. I in-
run tests for different numbers of concurrent users, check resource
tended to apply the original principals of Manifesto for Agile Software
utilization, see how the system will behave under stress load of that
Development[6] (valuing Individuals and interactions over processes
kind, or how response times and resource utilization respond to the
and tools. Working software over comprehensive documentation. Cus-
number of purchase orders in the database, etc. The outcome would
tomer collaboration over contract negotiation. Responding to change
be at least three-fold: (1) early feedback to development about the
over following a plan.) to performance engineering.
problems and concerns found; (2) understanding the system dynamic
Performance testing in projects utilizing specific agile development for that kind of workload, what kind of load it can handle, and how
methodologies is a separate topic. Having become more involved in the much resource it needs; (3) obtaining input for other kinds of test-
agile development environment, I added some aspects of it to my pre- ing, such as automated regression or realistic performance testing to
sentation at the Performance and Capacity 2013 conference by CMG[7]. validate requirements. Then we move to another session exploring
the performance of another area of functionality or another aspect of
The words agile and exploratory are periodically and loosely used in
performance (for example, how performance depends on the number
relation to performance testing but it does not look like we have any
of items purchased in the order).
accepted definition. Both terms are, in a way, antonyms of traditional
waterfall-like performance testing so their meaning may somewhat The approach looks quite natural to me and maximizes the amount of
overlap in certain contexts. I explained my view of using the word early feedback to development, which is probably the most valuable
agile for performance testing in the above-mentioned presentations. outcome of performance testing for new systems. However, there are
Now it is time to contemplate the use of the word exploratory in the different opinions. Objections mostly align along three notions, which,
context of performance testing.
So, actually, you probably do exploratory testing of new systems one For the last 17 years, Alex Podelko has worked as
way or another even if you do not recognize it. And it would probably a performance engineer and architect for sev-
be more productive to fully acknowledge it and make it a part of the eral companies. Currently he is a Consulting
process, so you will not feel bad facing multiple issues and will not Member of Technical Staff at Oracle, responsible
need to explain why your plans are changing all the time. I would for performance testing and optimization of
concur here with the great post TDD is dead. Long live testing. by Enterprise Performance Management and Busi-
David Heinemeier Hansson[8] discussing, in particular, issues related ness Intelligence (a.k.a. Hyperion) products. Alex
to using idealistic approaches. periodically talks and writes about performance-related topics, ad-
vocating tearing down silo walls between different groups of per-
formance professionals. His collection of performance-related links
References and documents (including his recent papers and presentations) can
be found at www.alexanderpodelko.com. He blogs at www.alexan-
[1] Exploratory Testing. Wikipedia.
derpodelko.com/blog and can be found on Twitter as @apodelko.
http://en.wikipedia.org/wiki/Exploratory_testing
Alex currently serves as a director of the Computer Measurement
[2] Ole Lensmar. 2012. Why Your Application Needs Exploratory Load Group (CMG) www.cmg.org, an organization of performance and
Testing Today. http://blog.smartbear.com/loadui/why-your- capacity planning professionals.
application-needs-exploratory-load-testing-today
Figure 1. Overview of the 27000 Standard Series. This article mainly deals with ISO 27001 Appendix A with interpretations derived from ISO 27002.
majority of the 114 controls from Appendix A. Some of them are only customer data is sensitive, who can access it, etc. Testers and engineers
relevant to developers, testers, and change managers. They have to are not involved in the classification, although the policies can impact
provide solutions for the controls (see Figure 2), for which they can them. They might forbid, e.g., the storage of credit card numbers of
rely on the next sections. clients in test systems.
Development Testing
Testing
duction systems
Usage on pro-
Developers work on Testers work on Usage on
development systems test systems production
Perform security tests Organize user systems
Security principles acceptance Development
followed testers
Figure 3. How ISO 27001 Influences in the Software Development Processes V-model (Left) and Scrum (Right)
Scrum, V-Model, Security Principles, and ISO 27001 As part of the requirements analysis for new software or new releases,
information security requirements have to be collected and specified
ISO27001 defines three controls for the software development pro-
(control A.14.1.1). The standard requires clarification of the security
cesses. First, acceptance testing against the requirements is manda-
needs of data transfers via public networks and electronic transactions
tory (control A.14.2.9) against functional and non-functional ones,
(control A.14.1.2/A.14.1.3). Again, confidentiality alone is not sufficient.
the latter including the security requirements. Second, there must be
Integrity and availability have to be addressed, too.
security tests during the overall development process (control A.14.2.8).
Third, development, test, and operational environments must be
separated (control A.12.1.4).
These controls are compatible with many software development pro- ISO 27001 Controls for Release and Change
cesses such as Scrum or the older V-model (Figure 3 ). However, Scrum Management
requires more thoughts than the V-model. IT departments using the
The ISO 27001 standard emphasizes availability controls, too, i.e., the
V-model often have a test center and quality gates. Quality gates define
A of the CIA triangle. The following controls help to ensure stable
the criteria for when tests can start and when they succeed. One cri-
production systems:
terion before the test start can be that developers performed security
tests. One exit criterion for testing can be that user acceptance tests
Formal change management for changes in IT and business (con-
in the test environment succeeded for functional and non-functional
trol A.12.1.2)
requirements. When testers work in a test center and are not part of
a development team, development teams cannot put much pressure Discouraging changes to vendor-provided software packages
on them. Thus, testers can enforce the ISO 27001 requirements more (A.14.2.4)
easily for all projects, even delayed ones.
Strict change control procedures even during development to
In the world of Scrum and Agile, there are often no test centers and no prevent unwanted modifications (control A.14.2.2)
central governance. It might be questionable, but it is reality (see[6]
Specific testing needs for operation system changes, which require
for better options). Development and testing overlap time-wise. Roles
business critical applications to be tested against a new platform
overlap. In the development methodology, however, this is no excuse
(control A.14.2.3)
for missing documentation or non-implemented controls in an ISO
27001 audit. All controls mentioned above must exist for all projects, Mandatory rules for software and operating system installation
even delayed ones. This is the key challenge for agile projects in an procedures, and who can do what (A.12.5.1)
ISO 27001 organization.
Preventing even small changes to circumvent testing or the
Besides the controls for the development process, the ISO standard change process by separating development, testing, and opera-
formulates controls for the software product itself. It demands that tional environments (control A.12.1.4), and by having access control
the security needs in the engineering process are reflected by defin- on the source code (control A.9.4.5)
ing principles and they must be applied to all development projects
(control A.14.2.5). First, the IT department has to write them down. This is old-time check-box style release management. IT staff have
Second, the IT department must enforce the principles in all projects. a list of criteria they check. If all have been met, a change can go to
1. Has the technical knowledge and deep analytical ability needed to 6. Is organized yet flexible. They pay attention to the manuals and
create extremely complex tests. These characteristics, along with conduct the tests systematically. This is very important in order to
an innate need to break things down, add to the strength and reli- reproduce a bug. A bug that cannot be properly detailed in order to
ability of the final product. Simple tests can find the most obvious be reproduced cannot be corrected. They can also adapt to changes
bugs, such as formatting errors or missing boundary validations. during the course of a project and are willing to repeat tests over and
But it takes more detailed testing scenarios to uncover errors of over, if necessary. After a bug correction, a test case might need to
logic or cascading effects. For example, going through all cases of be modified and re-executed to validate the quality of the system.
a state diagram, and especially from a state to a forbidden state,
often reveals surprising results. For complex cases, documenting Even with all these attributes, no one can be a good tester if they
the tests to execute is essential. Using an old fashioned Excel sheet cannot bring a positive influence to a development team. A tester
is always better than nothing. must provide positive feedback, be able to motivate team members to
Wissen fr Tester
Seit
10 Ja
hren
ein
Best
selle
r
-Book:
Buch + E unkt.de/
plus
www.dp
dpunkt.verlag GmbH Wieblinger Weg 17 69123 HeidelbergTesting
fon: Experience
0 62 21 / 1483 40
28/2014 21
fax: 0 62 21 / 14 83 99 e-mail: bestellung@dpunkt.de www.dpunkt.de
By Wolfgang Gottesheim
Figure 1. Running tests against the production system gives a better input for capacity planning and uncovers heavy load application issues
Four Milestones that Companies Should Have in Sharing: Share the Same Tools and Performance Metrics
Mind Data across Dev, Test, and Ops
Culture Tighten the Feedback Loops between The more traditional testing teams are used to executing perfor-
Dev and Ops mance and scalability tests in their own environments at the end of a
milestone. With less time for extensive testing, their test frameworks
Culture is the most important aspect because it changes the way in
and environments have to become available to other teams to make
which teams work together and share the responsibility for the end
performance tests a part of an automated testing practice in a Continu-
users of their application. It not only encourages the adoption of agile
ous Integration environment. The automatic collection and analysis of
practices in operations work, it also allows developers to learn from
performance metrics ensures that all performance aspects are covered.
real world Ops experience and starts a mutual exchange that breaks
This once again entails defining a set of performance metrics that is
down the walls between teams. From a performance perspective, it
applied across all phases, as this is beneficial to identifying the root
is important to establish a shared understanding of performance
cause of performance issues in production, testing, and development
between Dev, Test, and Ops. This enables collaboration based on well-
environments.
known measurements and metrics, establishes a shared language
understood by all teams, and allows all teams to focus on the actual
problems. Finger-pointing between teams has to be replaced by a Conclusion
practice that enables them to get to the root cause of performance
The first step in adopting a performance culture is to enable a shared
issues, and working together on current issues enables developers to
understanding of performance through a set of key performance
become aware of performance problems and their solutions.
metrics that are accepted, understood, and measured across all teams.
These performance metrics allow all teams to talk about performance
Automation Establish a Practice of Automated Perfor-
in the same way, and reduce the guesswork and finger-pointing of-
mance Monitoring
ten associated with troubleshooting performance problems. Once
Operations and test teams usually have a good understanding of these metrics have been defined, their automated measurement and
performance, and they need to educate developers on its importance analysis is the next step that makes performance a part of a DevOps
in large-scale environments under heavy load. Providing automated practice.
mechanisms to monitor performance in all environments, from CI and
test environments to the actual production deployment, allows the
shared language of performance to be spoken.
> about the author
Measurement Measure Key Performance Metrics in CI,
Wolfgang Gottesheim has nearly ten years of
Test, and Ops
experience as a software engineer and research
With performance aspects being covered in earlier testing stages, per- assistant for Java Enterprise environments. In his
formance engineers on testing teams have time to focus on large-scale role as Technology Strategist in the Dynatrace
load tests in production-like environments. This helps them to find Center of Excellence he is involved in the strate-
data-driven, scalability, and third party impacted performance prob- gic development of the Application Performance
lems. Close collaboration with Ops ensures that tests can be executed Management solutions. His focal points are Con-
either in the production environment or in a staged environment tinuous Delivery and DevOps.
that mirrors production, thus increasing confidence when releasing Twitter: @gottesheim
a new version.
A4 1 A1 * *
# Values 2 A2 * *
4 3 2 3 A3 * *
4 A4 * *
Table 1. Variables and Values
5 * B1 *
How can we carry out an effective test when the number of variables Having understood the mechanism, there remains only test case #4,
and values is so high as to make it impossible to exhaustively test all which covers A=A4; we can let B=* and C=*, postponing the choice of
combinations? What reduction techniques apply? what to actually select when we will really perform the test.
1 A1 B1 C1
Table 5. Counting the Pairs of Values of the Variables A, B, and C
2 A2 B2 C2
3 A3 B3 * Hence, the total of all the pairs of values of the variables A, B, and C
4 A4 * * whose values are reported in Table1 is equal to 26 and they are all
printed in the following table:
Table 4. Minimized Wise-1 Test Set
Table4 is drawn from Table3, moving up the columns of the variables B # # of pairs of values
N N!
= We mention also the opinion of James Bach and Patrick J. Schro-
K K ! (N K) !
eder about the pairwise method: Pairwise Testing: A Best Practice
That Is Not from James Bach, Patrick J. Schroeder available from
In our example we have three variables (N=3) taken two to two
http://www.testingeducation.org/wtst5/PairwisePNSQC2004.pdf[2]:
(K=2), and applying the combinatorial formula above we get
3 3!
= = 3 ; the three pairs are {(A, B), (A, C), (B, C)}. What do we know about the defect removal efficiency of pairwise
2 2 ! (3 2) !
testing? Not a great deal. Jones states that in the US, on average,
the defect removal efficiency of our software processes is 85%[26].
Wanting to compute all possible pairs of variable values, we need to
This means that the combinations of all fault detection techniques,
consider the following table:
including reviews, inspections, walkthroughs, and various forms of
testing remove 85% of the faults in software before it is released.
GET YOUR
PRINTED COPY
r a ll is s u e s in our shop!
Orde
There is also a second problem, maybe less popular compared to the The tools should be categorized as follows:
previous, as follows:
runTS
Tool runR
runsTS
Extracts a non-minimal test set but still smaller than the maximum
runTSF test set with guaranteed coverage equal to the Wise passed as input
runsTSF (runR = run Reduce).
runC
Tool runC
runR
Applies constraints to n-tuple file (or test set file) passed as input.
Table 7. Mapping of First Level vs. Second Level Tools (Wrapping Map)
Below is the list of second level executables: Second Level Tools Executable
1. calcolaCopertura.exe In the following we describes the second level tools, a little more hard
2. calcolaCoperturaSlow.exe to use but more versatile; may be useful to experienced users for
3. Combinazioni_n_k.exe managing more complex scenarios.
4. contrLimWise.exe
5. count_line.exe
Executable calcolacopertura.exe and
6. creaFileProdCart.exe
calcolaCoperturaSlow.exe
7. creaStringa.exe
8. generaTestSet.exe Performs the coverage calculation of the input test set in respect of
9. generaTestSetSlow.exe the input WISE.
10. ProdCart.exe
11. reduceNple.exe
Executable Combinazioni_n_k
12. runConstrains.pl
13. uniqueRowFile.exe Extracts all K by K combinations of a string of length N passed as input.
if we also include the outputs? This could be the material for another
Gets the minimal test set with guaranteed coverage equal to the Wise
article in the future
passed in input or equal to the coverage of the test set passed in input
if less than WISE, extracting the test cases from the file of the test set
passed in input, excluding n-tuples already covered by the partial
Notes of Appreciation
test set input file.
[1] Many thanks to Jacek Czerwonka, owner of the web site
www.pairwise.org, who allowed me to reprint the incipit of the
Executable ProdCart.exe
same. By the way, he wrote to me about some evolution on the subject
Generates all possible combinations of the values of variables as de- of pairwise vs. random testing that you can find in the article An Em-
fined in the input file. pirical Comparison of Combinatorial and Random Testing available at
the link: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=915439
written by: Laleh Sh. Ghandehari, Jacek Czerwonka, Yu Lei, Soheil
Executable reduceNple.exe
Shafiee, Raghu Kacker, and Richard Kuhn.
Squeezes as many n-tuples as possible contained in the input file,
[2] Many thanks to James Bach, owner of the website
replacing the values * with specific values of the variables and thus
www.satisfice.com who allowed me to reprint part of the article
creating a test set from the file of n-tuples. While not the test set
Pairwise Testing: A Best Practice That Is Not from James Bach, Pat-
minimum, it is reduced compared to the test set maximum (coincident
rick J. Schroeder, available from http://www.testingeducation.org/
with all n-tuples). The number of records depends on the sorting of the
wtst5/PairwisePNSQC2004.pdf.
n-tuples input file, in an unknown way. There is definitely a sorting of
the files row to which the test set output contains a minimum number [3] Many thanks to Dr. Richard Kuhn from NIST who kindly sent me a
of test cases with guaranteed WISE-coverage, but finding this sort is copy of the NIST CCM tools. We would like to remind you that you
not feasible from a computational point of view, as it is too onerous. should request a copy: go to http://csrc.nist.gov/groups/SNS/acts/
documents/comparison-report.html as previously reported.
There are six other executables that do not provide direct support to
the generation and/or operation of the test ssets, but are predomi-
nantly used by DOS batch tools to perform secondary operations that
it is impossible or at least very complex to do directly from DOS. > about the author
These utilities may also be of some use, even if they are not to be con-
sidered tout cours test tools. We have not described those utilities Danilo Berta graduated in Physics at Turin Uni-
in this article. versity (Italy) in 1993 and first started work as a
Laboratory Technician, but he soon switched to
the software field as an employee of a consul-
Conclusion tancy company working for a large number of
customers. Throughout his career, he has worked
In the article we gave an overview of a test methodology that uses
in banks as a Cobol developer and analyst, for
combinatorial calculus to find test cases for a software component,
the Italian treasury, the Italian railways (structural and functional
knowing the inputs of the same. Generally speaking a combinatorial
software testing), as well as for an Italian automotive company, the
technique like this generates too many test cases, so we need to define
European Space Agency (creation and testing of scientific data files
a so-called N-wise coverage (with N from 1 to the number of input
for the SMART mission), telecommunication companies, the na-
variables), select a value of N (usually N=2, pairwise testing) and ex-
tional Italian television company, Italian editorial companies, and
tract a subsystem of test cases with the guarantee of N-wise coverage.
more. This involved work on different kinds of automation test proj-
This is the Direct Combinatorial Test Problem and there are a lot ects (HP Tools), software analysis, and development projects. With
of wonderful tools on the market that solve the problem very quickly. his passion for software development and analysis which is not
just limited to testing he has written some articles and a software
We then dealt with the Reverse Combinatorial Test Problem: if you
course for Italian specialist magazines. His work enables him to deal
have a test set build upon the N inputs of a software component
mainly with software testing; he holds both the ISEB/ISTQB Founda-
about which you know nothing, what percentage of N-wise coverage
tion Certificate in Software Testing and the ISEB Practitioner Cer-
does the test set ensure? On the market I just found one tool that
tificate; he is a regular member of the British Computer Society.
addresses this problem: NIST CCM, which is still in alpha phase at the
Currently, he lives in Switzerland and works for a Swiss company.
time I am writing this article. In the article I give an overview of the
Website: www.bertadanilo.name
CTT (Combinatorial Testing Tools) I developed in C++ that, using a
brute-force approach, try to give a very first response to the Reverse
Combinatorial Test Problem.
But there is (at least) a problem whose solution is not still known. For a
software with N inputs, what is the minimum test set (if it exists) that
guarantees the N-level coverage? The solution exists just for a trivial
case: for 1-wise coverage is always equal to the number of values of the
Before there was CI, there was test automation. Numerous groups, Attr 1
working on the same large project in several locations, developed their Search
Attr 2
own automation methodology and tools. Unit testing was done by attrs
developers by adding test code; integration and system testers used Attr 3
name
a variety of CLI, GUI, SNMP, and load and stress test tools.
Resource
After the adoption of the CI paradigm, it soon became apparent that pollID
reusing the various independent test solutions at the mainstream level userID
Ownership
posed a challenge. The teams responsible for the build verification attrs
groupID
had to know the specifics of all tools, be able to debug and interpret
their results promptly, and manually build all the permutations of Figure 1. Resource attributes: name, pollID, search set, ownership set
test environments.
A test environment is presented as a set of resource placeholders
We looked at several existing CI test systems, but none seemed suit-
that should be filled with resources when the test task is issued. Each
able for our situation of testing many configurations of embedded
placeholder is defined as a set of search attributes.
systems. We decided to build our own framework using MySQL and a
web interface, with the following goals:
Attr 1
Provide common interfaces for debugging and reporting the build search attributes
status.
A test task description refers to one test environment and describes
Design a quick and easy way to define new software releases and
the ways to select resource(s) for environment placeholders. There are
projects, and integrate new test tools, testware, resource pools,
three ways of finding a resource for a placeholder: by resource name,
and test environments.
from a pool, or from the resources that satisfy the search attributes.
Intelligently select the appropriate test suites (sanity, regression, However, for each resource placeholder only one way should be used.
feature) whenever a build is completed to validate the integrity of
the mainstream, existing, and new functionality.
pool
PH 1
34
Attr 1
1. Resource Management Search
Test Task PH 2 Attr 2
attr
Embedded systems require comprehensive test environments that
Attr 3
include variety of test tools, network elements, load simulators, and a name
PH 3
large selection of end devices. Each build has to be tested on multiple abc23
test environments and resource permutations. It is impossible to have
a dedicated test environment for each release/project/feature. On the Figure 3. Test task as a set of resource placeholders and the respective rules of their
contrary, some teams do not want to share their resources, some teams replacements
TA_3
Resource 1
TA_1
Test Task Exe
UC_1 TC_2
Resource 2 TA_4
Attr 3
TA_2
Figure 4. Test Task Exe as a set of given resources TC_3
TA_4
A test task is started upon acquiring all the required resources. The TS_1 TA_2
states of its resources will be changed to running. The test task will TC_3
TA_4
start executing component by component, and each component knows UC_2
how to build an environment from the selected resources. Upon com- TC_4 TA_3
pleting the execution of a task, the resources are returned to the avail- TA_2
able state. If the returned resource is unhealthy, recovery mechanisms Test UC_3 TC_3
TA_4
restore it to its initial state, making it ready for subsequent test runs.
TA_1
TC_1 TA_2
2. Testware Management
TA_3
TS_2 UC_4
Continuous integration deals with code before the production stage.
TA_2
This means the testware needs to be adaptive to frequent changes of TC_3
many kinds, such as API and command syntax and semantic changes, TA_4
and changes in requirements. When these changes have occurred,
Figure 5. Testware Hierarchy
hardcoded syntax in testware will be hard to find and correct. The only
way to achieve testware maintenance is by providing a strict relation-
The hierarchical testware presentation is materialized in unconditional
ship between architecture, requirements, and design documents, and
execution of the test cases: all test sets are executed sequentially; all
by separating business functionality from implementation details.
use cases inside each test set are executed sequentially; all test cases
related to each use case are executed sequentially.
2.1 Testware Hierarchy
A hierarchy of testware should reflect the architecture, requirements, 2.2 Testware External Presentation
and design documents that describe the object-to-test from the struc-
The testware has to be updated as a result of changing the business
tural and behavioral views down to the implementation details. The
rules, the API syntax, or the GUI appearance. To minimize the number
latter is described below (top-down):
of changes, the testware is organized externally into configuration
A test (sanity, regression, functional, performance, etc) is a collection files, test set files, test scripts, and test case libraries. Such presentation
of test sets. separates the implementation details from the business functions,
making the testware independent of the environment. The test objects
A test set (TS) reflects the structural view of the object-to-test, as de-
are reusable across releases, projects, and test types.
scribed by the system architecture. Examples include: a set of hardware
components, a set of services, or a set of network configurations. A TS The relationships between the internal and external presentations
is a grouping of use cases. are described below:
UC_4
TA_4 The test structure as a tree of test sets, use cases, and test cases
TC_1
TC_4
TC_3 TA_3
Failed test cases can be filtered for known issues in order to avoid re-
Configu- Test set files: Test scripts: Test libraries: Test
analyzing expected failures. The standard results presentation format
ration file per TS UC(s)/TCs TC definitions actions
supports five levels of test hierarchy, which are presented on the web.
Figure 6. Testware external presentation
The configuration, test set, test script, and library are files that pres-
4. Test Process
ent testware. The narrow specialization of each file type serves a
maintenance purpose: a single change in the code of the object-to-test New releases/projects/features, test environments, and testware have
(on the structural, functional, or syntax level) should lead to a single to be created daily. This requires interfaces that work with test related
change in testware. objects: to create, to edit, to delete, to run, to monitor, and to report.
The management web interface has to provide a quick and easy way
3. Test Tool Management: Conform or Wrap to define new software releases and projects, and integrate new test
tools, testware, resource pools, and test environments directly into
Embedded systems applications demand a variety of test tools and
the database. The build server requests a test for a new build through
various independent test solutions. It is unreasonable to expect that
an execution interface and is notified of test results and metrics.
the teams responsible for build verification know the specifics of all
The request to run a test is called a verification request (Figure 6). A
tools and are able to debug and interpret their results promptly.
verification request specifies a set of test tasks that are independent
The challenge is to make all test tools (CLI, GUI, load and performance) and can execute in parallel. Each test task (task for short) specifies a
look alike, and appear transparent to the tester. The solution is to set of components, which are sets of tests to run sequentially, and is
require the testware framework to be followed or to create a wrap- associated with a test environment, which specifies a set of resources
per for each test tool that will serve as an interface between the test that must be acquired before execution.
framework and test tools.
A subdirectory structure that A subdirectory structure that A result file content that
mirrors the build structure mirrors the build test structure mirrors the test structure
Build 1 Test envi- Application 1 Test case 1
Project 1 Use case 1
Build 2 ronment 1 Application 2 Test case 2
Release 1 Test type 1 Test set 1
Build 3 Test envi- Application 3 Test case 3
Project 2 Use case 2
Build 4 ronment 2 Application 4 Test case 4
Results
Build 5 Test envi- Application 5 Test case 5
Project 3 Use case 3
Build 6 ronment 3 Application 6 Test case 6
Release 2 Test type 2 Test set 2
Build 7 Test envi- Application 7 Test case 7
Project 4 Use case 4
Build 8 ronment 4 Application 8 Test case 8
Test Task 6
Comp 1 Comp 4 Comp 3 7. Conclusions
Verification
Request 3 Test Task 7 CI puts heavy demands on testing systems. We found that no com-
Test Environment 3
mercial solution offered the functionality we needed, which is why we
Comp 5 Comp 3 Comp 6 developed our own CI test framework. The development was driven by
the demands of the test teams responsible for build validation, whose
Figure 8. A verification request is translated into independent test tasks; each task major constraint was the ability to determine the cause of failure in a
executes its components sequentially in its associated test environment. short interval. As a result, we deployed five releases of CITF during the
five years we have been in operation. We currently support four major
releases, approximately thirty projects for each release, ten different
5. Reliability test tools (commercial and in-house), and twenty embedded systems
applications. We support a pool consisting of hundreds of geographi-
A considerable number of failed test cases are not real code errors, but
cally distributed physical resources. The system verifies tens of builds
are environment issues, such as random network glitches, testware
daily, by running hundreds of thousands of test cases.
mis-synchronization, or resource failures. The following built-in testing
reliability features help test teams handle such errors:
2. Software Testing: This pillar is focused on the profession of testing. Speaking of Definition-of-Done, this is the pillar where cross-team
On solid testing practices, not simply agile testing practices, but physical constraints, conventions, and agreements are established.
leveraging the teams past testing experience, skills, techniques, But, more importantly than creating them, it is where the team
and tools. This is the place where agile teams move from a trivial makes commitments to consistency and actually holding to their
view of agile software testing (which only looks at TDD, ATDD, and agreements. Another important focus is on group integrity in con-
developer-based testing) towards a more holistic view of quality. ducting powerful retrospectives and fostering continuous improve-
ment in the long term.
It is a pillar where the breadth and depth of functional and non-
functional testing is embraced. Where exploratory testing is un-
derstood and practiced as a viable testing technique. It is where
the breadth of non-functional testing is understood and applied Foundational Practices
to meet business and domain needs, including performance, load,
But beneath the Three Pillars are some foundational principles and
security, and customer usability testing.
practices that glue everything together. For example, taking a whole-
By definition, this is where testing strategy resides, where planning team view of quality and testing, where it is not just the job of the
and governance sit, and where broad reporting is performed. I am testers, but of everyone on the team. I still find far too many agile
NOT talking about traditional testing with all of its process focus teams that relegate the ownership of quality and testing only to testers.
BTW: I am writing a book based on the Three Pillars model. If you would
like to have more information, participate in the books evolution, or
Cross-cutting Strategy
simply stay tuned in to this topic, please join the books mailing list
Beyond the individual pillars, the value resides in cross-cutting con- here http://goo.gl/ORcxbE
cerns. I will go back to my original story to help make this point. My
client was advanced in BDD practices, but struggling with user story
writing, or even understanding the point of a user story.
> about the author
The results would have been better if they had made the following
cross-Pillar connections:
Bob Galen is President & Certified Scrum Coach
(CSC) at RGCG, LLC a technical consultancy fo-
In Pillar #1 Behavior-Driven Development (BDD) and Acceptance
cused towards increasing agility and pragma-
Test-Driven Development (ATDD) are mostly technical practices. They
tism within software projects and teams. He has
focus on articulating user story acceptance testing in such a way
over 30 years of experience as a software devel-
as to make them automatable via a variety of open source tooling.
oper, tester, project manager and leader. Bob
Unfortunately they have an underlying assumption that you under-
regularly consults, writes, and is a popular speak-
stand how to write a solid story.
er on a wide variety of software topics. He is also the author of the
In Pillar #2 One thing I did not mention in the story was that every books: Agile Reflections and Scrum Product Ownership. He can
team had a different view of what a story should look like and the be reached at: bob@rgalen.com
rules for writing effective stories. There were no norms, consistency Twitter: @bobgalen
rules, templates, or even solid examples. A focus on the software
testing aspects of pillar two would have established these practices,
which would have significantly helped their teams.
I hope this example illustrates the cross-cutting nature for effective use
of the Three Pillars, and that you start doing that on your own as well.
1. How do we know that the solution solves the customers problem? During the workshop you also want to inform the team of time prog-
Does our solution add more value than his/her current solution? ress. You can, for example, let them know every 10 to 15 minutes how
much time is left and discuss whether you are still working on the
2. How do we know that we are solving the right problem? Is the prob-
most important things.
lem we are solving the problem the customer wants to be solved?
Finally, a parking lot is very useful to have. If you have any questions
3. How do we know we have solved the problem correctly? How do we
or issues that take up too much time or are not relevant, you can put
quantify the success and failure of the solution?
them on the parking lot and cover them at the end of the meeting.
In a story workshop we try to address all of these questions.
Interoperability testing Information exchange between Physical access Verification of the sensors and other hardware inter-
Networks faces during runtime with special access
Components Memory constraints Verification of the system failure due to low RAM
Systems availability
Conformance testing Sensors Behavioral aspects Verification of recompiling embedded code that af-
Smart devices fects the runtime behavior
Gateways
Code security Verification of the embedded system code in the
Mobile testing Mobile apps production version that should not be hacked
Mobile devices
Mobile OS (Android, iOS) Table 2. Additional Verification Aspects
Availability of multiple devices and technologies 7 Is the device fixed, mobile, or both
(testing will be different for each)?
Obtaining the complete overview on hardware and software archi-
8 Has the new device been properly
tecture to develop test strategy or test plan
tested?
Limitations with regard to memory, processing power, battery life 9 Are there any verifications and
validations in place?
Complexity of the software and the system
10 Is there any documentation avail-
able with regard to the IoT test
Best Practices strategy, test plan etc.?
Here are some of the best practices that can be practiced for the mutual Table 3. IoT Testing Checklist
Increase the device connections to gain more IoT value [4] http://www.elektron-technology.com/sites/elektron-technology.
com/files/iot-agar-scientific-white-paper-final.pdf
Help businesses deliver performance, reliability, and interoper- Venkat Ramesh Atigadda has over nine years
ability industry experience in software testing and has
worked in industry verticals such as energy and
Can be controlled from anywhere through their embedded com-
healthcare. Currently he is a solution developer
puters
in the Assurance CoE of the HiTech Industry So-
Can manage things better, from traffic flows to use of energy lution Unit at Tata Consultancy Services Limited.
In his role, he is responsible for test strategy con-
sulting, project technical reviews, writing white papers and analyz-
Checklist for IoT Testing ing the latest testing trends. He has also published articles in Testing-
Experience, TestingCircus magazines and white papers in the IJCEM
and IJRDET forums.
No Activities Yes No Comments
Paths Coverage of the variations in the process in terms of combina- Test depth level 1
tions of paths. Test depth level 2
Test depth level N
Right paths/fault paths Checking both the valid and invalid situations in every defined Right paths only
error situation. An invalid situation (faulty control steps in the Right paths and fault paths
process or algorithm that precede the processing) should lead
to correct error handling, while a valid situation should be ac-
cepted by the system without error handling.
Conditions/decisions Decision points Coverage of the various possibilities within a decision point Condition coverage
with the purpose of arriving at the outcomes of TRUE or FALSE Decision coverage
Condition/decision coverage
Modified condition/decision coverage
Multiple condition coverage (per deci-
sion point or across decision points)
Cause-effect graph
Pairwise testing
Data Boundary values A boundary value determines the transfer from one equiva- Light (boundary value + one value)
lence class to another. Boundary value analysis tests the Normal (boundary value + two values)
boundary value itself plus the value directly above and directly
below it.
Equivalence classes The value range of a parameter is divided into classes in which One value per class
different system behaviour takes place. The system is tested Combination with boundary values
with at least one value from each class.
Data combinations Testing of combinations of parameter values. The basis is Right paths/fault paths
equivalence classes. A commonly used technique for data One or some data pairs
combinations is the classification tree. N-wise (e.g. pairwise)
All possible combinations
Data flows Verifying information of a data flow that runs from actor to
actor, from input to output.
Right paths/fault paths Checking both the valid and invalid situations in every defined
error situation. An invalid situation (certain values or combina-
tions of values defined that are not permitted for the relevant
functionality) should lead to correct error handling, while a
valid situation should be accepted by the system without error
handling.
Operational profiles Simulation of the realistic use of the system by carrying out a
statistically responsible sequence of transactions.
Presentation Testing the layout of input (screens) and output (lists, reports).
Usability Validating whether the system is easy to use, understand, and Alpha testing
learn. Beta testing
Usability lab
Table 1. Overview of the coverage type groups, examples of coverage types, and possible variations
Data
Checklist-based
Data starts its lifecycle when it is created and ends when it is removed.
The experienced tester uses a high-level list of items to be noted, In between, the data is used by updating or consulting it. This lifecycle
checked, or remembered, or a set of rules or criteria against which a of data can be tested, as can combinations of input data, and the at-
product has to be verified. These checklists are built based on a set of tributes of input or output data. Some coverage types in this respect
standards, on experience, and on other considerations. A checklist of are boundary values, CRUD, data flows, and data combinations.
user interface standards used as the basis for testing an application
is an example of checklist-based testing.
Appearance
Checking of individual elements is often done using an unstructured
How a system operates, how it performs, and what its appearance
list. Each element in the list is directly tested by at least one test case.
should be are often described in non-functional requirements. Within
Although checklist-based testing is more organized than error guess-
this group we find coverage types like heuristics, operational and load
ing, it is still highly dependent on the skills of the tester, and the test
profiles, and presentation.
is only as good as the checklist that is used.
Hybrid approaches
Test Intensity Table
In practice, the use of hybrid approaches is very common. Exploratory
testing, for instance, can be very well combined with the use of coverage A main goal of the test strategy is to define the necessary intensity of the
types. And there are test design techniques that may be used within testing, commonly based on risk. High risk requires thorough testing,
experience-based as well as coverage-based testing, such as the data low risk may need only light testing. To give you a practical overview
combination test (which uses classification trees). of the coverage types you can select for the different classes, we have
Conclusion
Applying an effective and efficient way of testing does not need to be
bothersome. Using test varieties, a combination of experience-based
and coverage-based testing, and your choice of about five coverage
types that are relevant for your situation, testing in these fast-paced
times will focus on establishing the stakeholders confidence without
tedious and unnecessary work.
Literature
Testing Embedded Software, Bart Broekman & Edwin Notenboom,
Addison Wesley, 2003, ISBN 9780321159861
TMap NEXT for result-driven testing, Tim Koomen, Leo van der
Aalst, Bart Broekman, Michiel Vroon, UTN Publishers, 2006, ISBN
9072194799
TMap NEXT in Scrum, Leo van der Aalst & Cecile Davis, Sogeti, 2012,
ISBN 9789075414646
Neils Quest for Quality; A TMap HD Story, Aldert Boersma & Erik
Vooijs, Sogeti, 2014, ISBN 9789075414837
By Sujith Shajee
This article is the authors viewpoint and experience on how the origi- What everyone seems to understand now is that ROI is indicative of cost
nal myth has transformed into a new version, and how derided the savings associated with a planned and thought-through implementa-
myth still is. The article also provides the authors thoughts on the tion. The calculation of ROI alone does not assure cost savings, but you
new generation of myths. need to ensure that the implementation is planned and executed with
caution. Hence savings are not always assured.
Myth # 5
Version 1.0 Any changes to test automation can be done in no time
because it is automation
No, it is not a typo, and most definitely you are not reading the ver-
sions wrongly. This is one myth that has just forgotten to evolve over
time. It was just the other day when a colleague of mine was telling
me about the agony he has to go through every automated regression
1 http://www.gartner.com/newsroom/id/2334015
A Unified Framework
For All Automation Needs Part III
Introduction 8. // associate a channel with the session
3. mapper = CsvWithHeaderMapper.class)
The SSH connection is easy to accomplish by using the JCraft JSch
4. public void showCommand(String option, String pattern) {
(Java Security Channel) class. Since the session is established once, the
5. // input: show <option>
corresponding statement is placed within the @BeforeClass method
6. expect.send("show " + option + "\n");
(Listing 1).
7. // expect
8. expect.expect(Pattern.compile(pattern, Pattern.DOTALL));
1. JSch jsch = new JSch();
9. // verify
2.
10. assertTrue(expect.isSuccess);
3. // create a connection with an SSH server
11. System.out.println(expect.match);
4. Session session = jsch.getSession(userName, sshHost);
12. }
5. session.setPassword(password);
7. session.connect(CONNECTION_TIMEOUT);
The data file showCommand.csv contains two columns: one with the
command options and one with the regex patterns for expected match.
command that has two possible outcomes: Crypto-user logged in: 3. public void cryptoUserLogin(String file) throws Exception {
5. }
1. // input
Listing 6. Test described through the CSV file
2. expect.send("show hsm status\n");
3.
4. // expect
10. assertTrue(expect.isSuccess); The UTA can be extended to include other interfaces as well, and maybe
11. // make a decision someday we will come up with one global test automation framework
12. switch(matchIndex) { that fits all automation needs.
13. // crypto-user logged in
14. case 0:
Book Review:
A few weeks ago, I got my hands on this little same), there is need for more technically-oriented skills, like reading
gem. It is available on Leanpub for a recom- code structures or supporting the team with test automation.
mended price of US$15. It has 340 pages over
Overall, I enjoyed reading through the book and it contains the broad
nine chapters, plus some introduction and
palette of information one would expect.
acknowledgement segments.
Due to the eBook format, it plays to its strengths with a short update
The book is A guide for mobile testers and
cycle for outdated information and a direct access through the URLs
anyone involved in the mobile app business.
to various topics and information.
While non-testing professionals can benefit
from a lot of useful information and getting a If the audience is new to the field, they get a comprehensive, up-to-date
better understanding of mobile needs, it clearly caters to testers (sic). book. Daniel also makes a quick side tour to provide an overview of dif-
ferent test methods and techniques, ranging from the classic preventive
In its initial chapters, the book lays the foundation as to why the mo-
vs. constructive testing with its analytical and dynamic approach (e.g.
bile factor is different to non-mobile, aka our regular software on
white box/black box) to references to Exploratory Testing, BBST and
desktop or even laptop (arguably a kind of mobile) computers. In a
more. If this book is combined with one of the training courses in the
nutshell, this covers user expectations, data networks, fragmentation,
field (CMAP for example), this would be a very good way for a person
and the (often) short release cycles.
to launch themselves into a mobile testing career.
It builds up by showing the landscape which constitutes mobile work,
On the other hand, if the reader is an active mobile testing profes-
including the challenges, and gives practical tips on how to approach
sional, he/she might not take a lot from it. But, as Daniel wrote in his
the different aspects, e.g. how to create mobile device groups to get a
intro: This book is a practical guide on mobile testing. You can read
handle on the huge fragmentation of devices on the market.
it from front to back to get an overview of mobile testing, or you jump
Throughout the chapters there are a lot of useful links, be it statistical straight to the chapters youre most interested in.
sites, which can help identify relevant devices in your local market
For me personally it repeated a lot of known information, which made
region, testing heuristics to provide support in finding more test ideas,
it hard for me to keep reading. But it was worth it, because in each
or links to tools for different purposes.
chapter I found some useful information to take away, which surprised
Another chapter is dedicated to the so-called soft skills of testers. I me in a positive way. Thanks for taking the time to create this book
think that they are not exclusive to mobile testers and every tester can and providing a good guide.
benefit from them. With the advent of the fast paced development
cycles in agile and also in mobile app development (not necessarily the Maik Nogens
New Releases:
Editor Editorial
Daz& Hilterscheid Jos Daz
Unternehmensberatung GmbH
Kurfrstendamm 179 Layout&Design
10707 Berlin Lucas Jahn
Website
Germany Konstanze Ackermann
www.testingexperience.com
ISSN 1866-5705
Verband der Zeitschriftenverleger Print version: 8.00 (plus shipping)
Berlin-Brandenburg e.V.. www.testingexperience-shop.com
In all of our publications at Daz& Hilterscheid labelling legislation and the rights of ownership without permission from Daz& Hilterscheid Un-
Unternehmensberatung GmbH, we make every of the registered owners. The mere mention of ternehmensberatung GmbH, including other elec-
effort to respect all copyrights of the chosen graphic a trademark in no way allows the conclusion to tronic or printed media.
and text materials. In the case that we do not have be drawn that it is not protected by the rights of The opinions mentioned within the articles and
our own suitable graphic or text, we utilize those third parties. contents herein do not necessarily express those
from public domains. The copyright for published material created by of the publisher. Only the authors are responsible
All brands and trademarks mentioned, where ap- Daz& Hilterscheid Unternehmensberatung GmbH for the content of their articles.
plicable, registered by third parties are subject remains the authors property. No material in this
without restriction to the provisions of ruling publication may be reproduced in any way or form
CMAP Certified
Mobile App Professional
The new certification for Mobile App Testing
Apps and mobiles have become an important ele- and test software in their everyday work. A Mobile
ment of todays society in a very short time frame. App Testing certified professional can support the
It is important that IT professionals are up-to-date requirements team in review of mobile application,
with the latest developments of mobile technology improve user experience with a strong understand-
in order to understand the ever evolving impacts on ing of usability and have the ability to identify and ap-
testing, performance, and security. These impacts ply appropriate methods of testing, including proper
transpire and influence how IT specialists develop usage of tools, unique to mobile technology.