Академический Документы
Профессиональный Документы
Культура Документы
As crime continues to increase, software now needs to provide good security features. This
is true for mobile phone software, banking software, e-commerce portals, etc. And to provide
foolproof security is a very challenging task, as evident from the increase in virus attacks,
credit card information being stolen from the Internet and the cyber crime.
As the demand for new software products and services increases, there is an immense
pressure on the development organizations to deliver fast. The time pressure is so much that
the organizations and people are unable to cope up with it. Unfortunately, in many cases, this
is leading to the development of software full of bug.
1.3.1 CT Scanner
Getting a CT scan (Figure) done in a hospital is very simple and painless process. Really?
Think again!
In a Canadian hospital, suddenly a patient undergoing the scanning died. The machine was
rechecked thoroughly and then again the scanning started. After scanning of a few patients
was completed, another patient died. Randomly, patients were dieing and after the death of
more than 20 patients, the defect was identified. A glitch in the hardware was resetting the
software. During the short time of that resetting, the patient was exposed to large amounts of
radiation because of lack of control on the radiation. As a result, the patient used to die. Next
time, when you get a CT scan done, pray to God that the software should have been
developed and tested by those engineers who read this book, the people with quality
consciousness.
The software engineers and project managers have two choices --- to live with such a painful
process or to develop a process whereby the software development will be more of fun and
challenge. To make software development a fun-filled challenge; a creative activity is needed
that contributes to better quality of life. There is only one solution for this, a systematic and
disciplined approach to software development.
NOTE: To make software projects successful, the three important mantras are
Because testing is the most important phase in development, organizations are setting up
separate testing groups whose job is only to test the software developed by different groups.
The test engineers specialize in testing. The testing engineers need to have special skills and
they need to learn many tricks to do testing.
Every organization is now giving a lot of thrust to the testing team. How many people are
involved in testing, of course, differs depending on the type of project. In Microsoft
Corporation the ratio of development engineers to test engineers is 1:1. In NASA Goddard
Space Flight Center, the ratio is 1:7, ie. For every development engineer, there will be seven
test engineers. For mission-critical applications involving safety and security of people (eg,
space, medical, nuclear, transportation etc.), the testing teams should be pretty big.
Some software engineers, out of fear towards their employer, do unethical things. Suppose,
you are testing software for medical equipment that will be used in intensive care unit of a
hospital. The software still has bugs, but the manager asks you to declare that the software is
OK. What will you do?
If you say the software is OK, you may kill a patient, and if you say the software is not OK,
you may lose your job. In such situations the code of ethics provides you the guidelines
based on which you can take a decision based on what you think is morally correct.
Every software engineer has to realize that he/she significantly contributes for betterment of
society and for improving the quality of life. So, he/she has a responsibility towards society
and the software developed by him/her should be of high quality otherwise, it may result in
loss of money or loss of time or even loss of lives. Keeping in view the important role played
by software engineers as professionals, ACM and IEEE developed a code of ethics and
professional practice. Every software engineers must follow this code. This code helps you in
understanding what is ethical and what is unethical in your profession.
To take up testing of a software product, the test engineers need to do the following:
Understand the application domain: The software may be a Client/Server based, database
management system, or a telecom software, or data communication software, or embedded
software, or process control software, a web site, etc. As a test engineer, you may have to test
software of various application domains. Before starting the testing, you need to understand
the application from user point of view.
Learn about the development environment: Based on the application and the end user
needs, the development environment varies -- the operating system may be windows, UNIX,
Linux, or-Solaris; the programming language may be C, C++ or Java; some special tools
would have been used to develop the software such as database engines, cross-compilers, etc.
You need to have to work on different development environments.
Learn how to use the application: The test engineer has to assume that he/she is the end
user and run the application; to get a feel of how the software works. Only then, he will be in
a position to generate the test cases and also create automated test procedures
Study the source code: If the test engineer is asked to validate the source code also he needs
to study the source code based on which the test case generation has to be done.
Contribute to the organization’s growth: The bottom line is to help your organization to
grow (Your contribution as a test engineer to the quality of the software would help in
customer satisfaction, which in turn leads to more business for the organization.
Be proud of your work: Many test engineers feel that they are doing only testing and not
coding. Testing is as respectful a job as coding. In fact, organizations are giving equal
importance and value to the test engineers as development engineers; only when you feel
proud that you are involved in an important work, you can do a good job.
2. FUNDAMENTALS OF TESTING:
2.1 What is testing?
Testing is a process to check whether the software meets the user requirements or not. During
software development, the developers make many mistakes at different stages and testing
helps in correcting those mistakes.
So, in a broad sense, testing encompasses all phases of development-in every phase, the work
products of that phase are tested. Hence, there is a testing activity corresponding to every
phase of development. For example, in the requirements engineering stage, the SRS
document is written and tested to check whether it captures all the user requirements or not.
Testing is generally considered as a separate phase after the implementation/ construction
phase. Hence, once the code is converted into a working system, the testing phase starts.
The objective of testing is to find the defects. When the testing is done, the reasons for
failures are identified and the defects are found. Then the defects are corrected. This is an
iterative process-you need to test the software, find defects, correct the code, and test the
software again.
When you do the testing your objective is to find defects, i.e. you look at the software with
negative feelings and then do your job. This is called negative testing.
To check the effectiveness of the testing process, bugs are sometimes introduced
intentionally in the software. This is known as defect seeding or bebugging.
Suppose you have tested a software package and declared that it is OK. Now, the manager
can intentionally introduce 10 defects in the code and asked to test it again. If you are able to
find only 9 defects, it indicates that you are not able to find 10% of the defects that are
introduced. This shows that you are not able to find 10% of the total defects from the original
software. This technique of intentionally introducing defects is very useful to find out when
the testing is complete.
Consider the following example; where a program is written for controlling the temperature
of an air conditioner. In the code, a variable temp' is assigned a value of 25 using the
statement.
When you carry out the testing, you realize that you cannot reduce the temperature of the air
conditioner below 25. You find that the error is due to the above line of code; when you
change the value to 16, the program works well. Certainly, you have debugged well. But
what is the root cause? Is it the mistake that you made while coding? Or, is it a problem in
the specifications? You can refer to the SRS document and check whether any value is
mentioned for the minimum temperature that can be set. If it is not mentioned, or if it
mentioned erroneously as 25, then the root cause is due to poor specifications and you need
to improve the specifications process.
In this case, the root cause is poor specification and the effect is writing a wrong code.
Prevention cost is the cost of modifying the process to avoid defects in the software For
example; you may like to develop a prototype to reduce the defects due to improper
specifications.
If the person who has developed the software carries out the testing, he/she will try to use this
definition. This is the typical psychology of testing. The person who developed the software
will only try to show that the software works correctly. So, he will give only those inputs for
which correct results are obtained, or press only those keys by which the software does not
crash.
However, in a commercial environment, using this definition for testing is dangerous, you
cannot deliver software, full of bugs, to the customer. But, developers always try to follow
this definition of testing.
NOTE: From a developer's point of view, the definition of testing is: "testing is the process
to prove that the software works correctly".
Now, consider the following definition: Testing is the process to prove that the software does
not work.
When software is given to the QA department, they follow this definition. Here the aim of
the test engineer is to prove that the software does not work. If persons other than developers
test the software, then they follow this definition. This type of psychology towards testing
would bring out most of the defects.
NOTE: From a quality assurance/test engineer's point of view, the definition of testing is:
Testing is the process to prove that the software does not work.
Finally, a realistic definition of testing is: Testing is the process to detect the defects and
minimize the risk associated with the residual defects.
NOTE: From a manager's point of view, the definition of testing is: "testing is the process to
detect the defects and minimize the risk associated with the residual defects.
2.4.1 In-House Testing: In-house testing is certainly a good choice, if the necessary
infrastructure and manpower are available. The advantages are:
2.4.2 Outsourcing:
As testing has become very specialized, now a number of organizations are outsourcing
their testing activity. Thus have many advantages:
Software testing needs lot of infrastructure- high end servers, network with high
bandwidth, testing tools, and specialized test instruments. The prime contractor
need not maintain this infrastructure.
The subcontractor will have the necessary human resources readily available--
professionals trained in specialized areas, such as security testing, conformance
testing to check whether the software meets international/national standards, etc.
The prime contractor need not bother about recruiting and training the manpower.
As testing professionals are experts in their area, their productivity will be very
high and hence testing is done faster and better at the subcontractor's premises.
The problems associated with psychology of testing are eliminated as the test
engineers belong to another organization.
If the testing activity is outsourced to an organization in a developing country,
then it results in lot of cost saving.
On the downside, the management will encounter a number of challenges:
The intellectual property (such as: the SRS document, the design, even the source
code) may be transferred to a third party. Ensuring that the third party will honor
the intellectual property rights is a big issue to be tackled.
The time frame is not under strict control of the prime contractor.
Evaluating the vendor, particularly for the first time is very difficult. Many prime
contractors feel that outsourcing creates problems-yes, when the choice of the
vendor is incorrect, and then outsourcing will result in a bad experience.
If the outsourcing organization is located in a different country, the laws related to
intellectual property, copyrights and cyber-laws may be different.
Keeping in view, the pros and cons of in-house testing and outsourcing, the
management has to decide very carefully where the testing has to be carried out.
2.5.1 Developers as Testers: If developers carry out the testing, there are some
advantages:
The developers are familiar with the user requirements from the beginning of the
coding activity. Hence they are in a better position to generate good test-cases.
The developers are familiar with the structure of the program---both code as well as
the structure of modules, sub-systems, etc. So, they can do the testing better.
2.5.2 Independent Testing Team: If an independent testing team does the testing, they
can do testing completely and thoroughly. However, as test engineers are not the developers,
there are a few issues to be tackled:
The test engineers may not be in the project since the beginning of the project and
hence, they may not be familiar with the user requirements. So, the test engineers
need to have an excellent knowledge of the application domain and also study all the
work products such as SRS document, design document, etc.
If the test engineers have to do the code reviews, then they need to become familiar
with the programming language and the source code.
The test engineers need to constantly interact with the developers to come out with a
good testing strategy.
The test engineers need to realize that the developers are emotionally attached to their
work (the code) and hence the test engineers need to be very careful when pointing
out software bugs. You need to tell them politely!
Test engineers can do the following testing with minimal interaction with the developers:
System testing: System testing involves testing the software against the
specifications. If the SRS document is available, the test engineers can study it and
then the system testing can be done.
Testing needs to be done on every work product that is produce during the development.
Work products, such as SRS document and design document, are tested through reviews and
inspections. Testing the software is done through dynamic testing by executing the code.
During the course of construction/implementation, the testing is done at different levels such
as unit level, module level, sub-system level and system level.
2.6.1 V Model:
To bring out a quality product, we need to test the output of every phase of software
development. This is fundamental to produce quality software. This is reflected in the V
Model. This model shows the various development phases and the corresponding testing
phases.
User Acceptance
Requirement Testing
System
SRS Testing
Integration
Design
Testing
Component/Unit
Testing
B.L.D.E.A’S SSM POLYTECHNIC, CSE (S.R. INAMDAR) Page 13
Software Testing
In the software development process, the end user needs are converted into user
requirements. From these user requirements, software requirements specifications document
is prepared. Based on the SRS document, the design is carried out and the design document is
made. Based on the design, the various modules are designed and each module is further
divided into units/components. These activities are shown in the left side of the V Model.
Each unit/component is coded and tested. The components are integrated into modules and
these modules are tested. Module testing is done to check whether the design is correct. After
the modules are integrated, system testing is done. System testing is to ensure that the
software is as per the SRS document. Subsequently, the software is tested by the customer
and this testing is called acceptance testing. Acceptance testing is done to check whether the
software meets the user requirements. After that, the software is installed in the operational
environment and tested. This is called operational testing. This testing is done to check
whether the software meets all the needs of the user. The various levels of testing are shown
on the right side of the V Model.
In Waterfall model, testing phase starts after the module integration is done and hence
testing is done on a reasonably mature product. The testing is done using the SRS
document as the reference.
In Prototyping model, the prototype is tested based on the preliminary user
requirements obtained. Hence, at this level, testing is very simple. However, after the
user feedback on the prototype is obtained and the SRS document is finalized, the
software is developed using the Waterfall model and testing is done on a mature
product.
In Evolutionary development model, the software is developed incrementally and
hence testing is also done incrementally. This involves lot of testing effort because
every time the system is incremented, the testing is done differently.
Projects that use Spiral model are high-risk projects. Hence, in every spiral while
studying the risk factors, the testability of the software has to be given lot of thrust.
The SRS document contains mainly two sections: One section contains the functional
requirements and the other section contains the non functional requirements.
Functional requirements specify what the software does. This functionality obviously
differs from application to application. For most of the application software packages
functional testing involves testing the Graphical User Interface (GUI). The results obtained
through the software have to be compared with the existing manual system. If the results
match, then we can confidently say that, the software is indeed meeting the functional
requirement.
Figure 3.2 shows the various requirements under these three categories.
If portability is a requirement, the various platforms on which the software has to work also
will be specified (for example, Windows XP and Red Hat Linux operating systems running
on Pentium 4 processor). The test engineers need to test the software on both these operating
systems.
The test engineers need to study the various non-functional requirements that need to be
tested and write test cases for each of these requirements as well. Note that testing each non-
functional requirement is a very involved task.
Static testing is generally done manually. Tools are also available for static analysis. For
example, whether the code written in С programming language is portable or not can be
easily tested using tool “lint” available on the UNIX systems.
Consider a program to find the square root of a given number. You first write the code and
then execute it. You need to give some numbers as input and check whether you are getting
the correct result or not. The inputs can be:
12, 34, 16, 32, -23, -46 . . . .
For positive numbers, it should give the correct value (4 for 16. It should give 0 if the input is
0 and if the input is a negative number, it should display a message: "Please give only
positive numbers".
Now, can we say that the software is perfectly OK? Suppose, you give a number 45678990.
What will be the output? If your program takes integers as input, and if the system allocates
only 2 bytes to an integer, then the above value is not acceptable as it results in an overflow
and you will get a run time error.
So, there are lots of issues that need to be resolved in dynamic testing you need to check the
software for valid inputs and invalid inputs, and also ensure that the software gives
appropriate error messages.
Exhaustive testing:
Let us consider another example of testing a GUI of a standard calculator (available on your
Windows systems (Start-Programs-Accessories- Calculator). The GUI is shown in figure 3.3.
In this GUI, the meaning of various symbols is as follows:
+: To perform addition.
- : To perform subtraction.
*: To perform Multiplication.
/ : To perform division
. : Decimal point
Sqrt : To find square root of a number.
% : To find percent.
1/x : To find inverse of a number
MC : To clear the memory
MR : To recall for memory
MS : To save in memory
M+ : To add the memory
C : To clear the current calculation
CE: To clear the displayed number.
Backspaces: To remove left most digit.
+/- : To give sign to a number (positive or negative)
Your job is now to test whether the calculator is working correctly or not.
You have to test the addition ( + ) by adding integer, floating point numbers—Small
numbers, large numbers—and check whether the results are OK or not. You need to repeat
this process or all other arithmetic operations. Then you need to check whether correct
percentages are being obtained. You need to test whether the inverse number functionality is
correct. You need to check all memory operations. You need to do all this for positive
numbers, negative numbers, 0, very small numbers, very large numbers and so on.
For one small GUI like this, if you have to give all possible combinations of inputs and test,
then you need infinite time and energy to do the testing.
Code
Test Input Test Result
Suppose you need to test a program that takes a filename as input, opens the file, writes
today’s date into the file and close the file. You can define a test case as follows:
Pesticide Paradox
In 1990, Boris Beizer, used the phrase pesticide paradox to describe an interesting
phenomenon in testing. When you use the same set of test cases to test software, you cannot
uncover the defects. This is similar to using the same pesticide again and again the insects set
immune to it! Similarly, the software gets immune to your test cases. Hence, it is not a good
strategy to repeatedly use the same set of test cases. You need to keep on changing the test
cases.
Defect Clustering
A software package consisting of a number of modules, it is likely that defects cluster in a
module or function. So, when you encounter defects in a module, keep testing that module
more rigorously by choosing a large number of test cases that can test that module.
This can happen due to various reasons-the developers who worked on that module would
not have got the necessary expertise, the module would have been more complex, etc.
Whatever be the reason, if you find a good number of defects in a module, thorough testing
of the module is a must. More test cases need to be selected to test the functionality of the
module.
Software
under Test Comparator
Test Cases
Results of
Test Oracle Testing
Suppose you need to test the software that has to work on a satellite-based computer
network. Since you will not have access to a satellite-based network, you can
simulate the environment on a LAN. You need to write some additional software to
simulate the long delays in a satellite network. If the software works in the simulated
environment, you get some confidence on the software. Finally, you need to conduct
a field trial by installing the software on the satellite-based computer network and
testing it.
Suppose you have to test embedded software that has to be ported on an Washing
machine hardware module. If the module is not available to you, you need to test the
software on a PC using the cross platform tools and emulators.
Suppose you have to integrate your software package with another software package
being developed by another organization. When your software is ready, you can write
special software that gives the necessary inputs from the other software package. In
other words, you are simulating an environment in which a subsystem can be tested.
This is called test harness. Writing test harnesses is a part of test engineer's job.
Testing unit/components is also very difficult for developers. Additional code needs
to be written to test the units/component. This test software is called stubs and
drivers.
This manual testing has a lot of problems, Every time the testing is repeated, manually
entering the data becomes very boring and it is likely that mistakes are made in data entry.
Comparing the actual results with expected results may also turn out to be boring for many
types of testing. Entering all the details of the defect, each time, is again a very tedious task.
Lot of repetitive, unproductive work can be easily automated using software testing tools.
Nowadays, a lot of commercial and open source tools are available that can be used for
carrying out functional testing and performance testing. Tools are also available for
managing the entire testing process. Specialized testing tools are used for testing embedded
systems, networks, etc.
A more practical approach for declaring that the testing is complete is to use the third
criterion. After the coding is completed and testing begins, initially many defects are
detected. Slowly, the number of defects found is keeps on reducing. The graph showing the
number of defects found every week would be as shown in Figure 3.7. If the number of
defects found per weeks less than a predefined threshold consecutively for three weeks, then
the software can be considered a mature product and released to the client.
5
4.5
4
3.5
3
2.5
2
1.5
Threshold
1
0.5
0
week1 week2 week3 week4 week5 week6
Defect Seeding:
Defect seeding another method used to decide when to finish the testing. In Defect seeding,
intentionally some defects are introduced in the code and the testing team is asked to detect
the defects. Suppose, 100 defects are intentionally introduced in the code and the testing team
is able to detect 90 defects. We can conclude that 10% of the defects are undetected, out of
the intentionally introduced defects; so it is likely that 10% of the actual defects are also not
detected by the testing team. Based on this conclusion, we can estimate the residual defects
(or latent defects) in the software. In other words, we can conclude that:
Latent Defects = Total defects found * (total defects intentionally seeded / seeded defects
found -1)
Suppose, during the testing you have found 300 defects in the software. When you
intentionally introduce 100 defects, you are able to find only 90 defects. So, you can
estimate the latent defects to be
The project risks are due to the problems in executing a project. Failure to complete the
project within the time frame (time overrun) or within the budget (budget overrun) are
project risks. If the project is not completed within the time frame, there are two types of
damage:
1. You need to spend additional money due to the extended time on manpower complete
the project.
2. The customer may impose a late delivery clause and cut some money from your total
project cost. Such damages are very costly and project risks need to be minimized to a
great extent.