Fundamentals of Software Testing

Objectives of Testing

Finding of Errors - Primary Goal

Trying to prove that software does not work. Thus, indirectly verifying
that software meets requirements
Software Testing
Software testing is the process of testing the functionality and
correctness of software by running it. Software testing is usually
performed for one of two reasons:
(1) defect detection
(2) reliability or Process of executing a computer program and
comparing the actual behavior with the expected behavior

What is the goal of Software Testing?

* Demonstrate That Faults Are Not Present
* Find Errors
* Ensure That All The Functionality Is Implemented
* Ensure The Customer Will Be Able To Get His Work Done

Modes of Testing
* Static Static Analysis doesn¡¦t involve actual program execution. The
code is examined, it is tested without being executed Ex: - Reviews
* Dynamic In Dynamic, The code is executed. Ex:- Unit testing

Testing methods
* White box testing Use the control structure of the procedural design
to derive test cases.
* Black box testing Derive sets of input conditions that will fully
exercise the functional requirements for a program.
* Integration Assembling parts of a system

Verification and Validation

* Verification: Are we doing the job right? The set of activities that
ensure that software correctly implements a specific function. (i.e.
The process of determining whether or not products of a given phase
of the software development cycle fulfill the requirements established
during previous phase). Ex: - Technical reviews, quality &
configuration audits, performance monitoring, simulation, feasibility
study, documentation review, database review, algorithm analysis etc
* Validation: Are we doing the right job? The set of activities that
ensure that the software that has been built is traceable to customer
requirements.(An attempt to find errors by executing the program in a
real environment ). Ex: - Unit testing, system testing and installation
testing etc

What's a 'test case'?

A test case is a document that describes an input, action, or event and
an expected response, to determine if a feature of an application is
working correctly. A test case should contain particulars such as test
case identifier, test case name, objective, test conditions/setup, input
data requirements, steps, and expected results

What is a software error ?

A mismatch between the program and its specification is an error in
the program if and only if the specifications exists and is correct.

Risk Driven Testing

What if there isn't enough time for thorough testing?
Use risk analysis to determine where testing should be focused. Since
it's rarely possible to test every possible aspect of an application,
every possible combination of events, every dependency, or everything
that could go wrong, risk analysis is appropriate to most software
development projects. This requires judgement skills, common sense,
and experience.

Considerations can include:

- Which functionality is most important to the project's intended
purpose?
- Which functionality is most visible to the user?
- Which aspects of the application are most important to the
customer?
- Which parts of the code are most complex, and thus most subject to
errors?
- What do the developers think are the highest-risk aspects of the
application?
- What kinds of tests could easily cover multiple functionality?
Whenever there's too much to do and not enough time to do it, we
have to prioritize so that at least the most important things get done.
So prioritization has received a lot of attention. The approach is called
Risk Driven Testing. Here's how you do it: Take the pieces of your
system, whatever you use - modules, functions, section of the
requirements - and rate each piece on two variables, Impact and
Likelihood.

Risk has two components: Impact and Likelihood

Impact
is what would happen if this piece somehow malfunctioned. Would it
destroy the customer database? Or would it just mean that the column
headings in a report didn't quite line up?

Likelihood
is an estimate of how probable it is that this piece would fail.
Together, Impact and Likelihood determine Risk for the piece.

Test Planning

What is a test plan?

A software project test plan is a document that describes the
objectives, scope, approach, and focus of a software testing effort.
The process of preparing a test plan is a useful way to think through
the efforts needed to validate the acceptability of a software product.
Elements of test planning
* Establish objectives for each test phase
* Establish schedules for each test activity
* Determine the availability of tools, resources
* Establish the standards and procedures to be used for planning and
conducting the tests and reporting test results
* Set the criteria for test completion as well as for the success of each
test

The Structured Approach to Testing

Test Planning
* Define what to test
* Identify Functions to be tested
* Test conditions
* Manual or Automated
* Prioritize to identify Most Important Tests
* Record Document References

Test Design
* Define how to test
* Identify Test Specifications
* Build detailed test scripts
* Quick Script generation
* Documents

Test Execution
* Define when to test
* Build test execution schedule
* Record test results

Bug Overview
What is a software error?
A mismatch between the program and its specification is an error in
the Program if and only if the specification exists and is correct.
Example: -
* The date on the report title is wrong
* The system hangs if more than 20 users try to commit at the same
time
* The user interface is not standard across programs

Categories of Software errors

* User Interface errors
* Functionality errors
* Performance errors
* Output errors
* documentation errors

What Do You Do When You Find a Bug?

IF A BUG IS FOUND,
* alert the developers that a bug exists
* show them how to reproduce the bug
* ensure that if the developer fixes the bug it is fixed correctly and
the fix
* didn't break anything else
* keep management apprised of the outstanding bugs and correction
trends

Bug Writing Tips

Ideally you should be able to write bug report clearly enough for a
developer to reproduce and fix the problem, and another QA engineer
to verify the fix without them having to go back to you, the author, for
more information.
To write a fully effective report you must :-
* Explain how to reproduce the problem
* Analyze the error so you can describe it in a minimum number of
steps
* Write a report that is complete and easy to understand
Product Test Phase - Product Testing Cycle

Pre-Alpha
Pre-Alpha is the test period during which QA, Information
Development and other internal users make the product available for
internal testing.
Alpha

Alpha is the test period during which the product is complete and
usable in a test environment but not necessarily bug-free. It is the
final chance to get verification from customers that the tradeoffs
made in the final development stage are coherent.
Entry to Alpha
* All features complete/testable (no urgent bugs or QA blockers)
* High bugs on primary platforms fixed/verified
* 50% of medium bugs on primary platforms fixed/verified
* All features tested on primary platforms
* Alpha sites ready for install
* Final product feature set Determined

Beta
Beta is the test period during which the product should be of "FCS
quality" (it is complete and usable in a production environment). The
purpose of the Beta ship and test period is to test the company's
ability to deliver and support the product (and not to test the product
itself). Beta also serves as a chance to get a final "vote of confidence"
from a few customers to help validate our own belief that the product
is now ready for volume shipment to all customers.
Entry to Beta

* At least 50% positive response from Alpha sites

* All customer bugs addressed via patches/drops in Alpha
* All bugs fixed/verified
* Bug fixes regression tested
* Bug fix rate exceeds find rate consistently for two weeks
* Beta sites ready for install

GM (Golden Master)
GM is the test period during which the product should require minimal
work, since everything was done prior to Beta. The only planned work
should be to revise part numbers and version numbers, prepare
documentation for final printing, and sanity testing of the final bits.
Entry to Golden Master

* Beta sites declare the product is ready to ship

* All customer bugs addressed via patches/drops in Beta
* All negative responses from sites tracked and evaluated
* Support declares the product is supportable/ready to ship
* Bug find rate is lower than fix rate and steadily decreasing

FCS (First Customer Ship)

FCS is the period which signifies entry into the final phase of a
project. At this point, the product is considered wholly complete and
ready for purchase and usage by the customers.
Entry to FCS

* Product tested for two weeks with no new urgent bugs

* Product team declares the product is ready to ship
================================
edit] Introduction
[edit] How Software Defects arise

The International Software Testing Qualifications Board says that software faults occur
through the following process:

A human being can make an error (mistake), which produces a defect (fault, bug) in the
code, in software or a system, or in a document. If a defect in code is executed, the
system will fail to do what it should do (or do something it shouldn’t), causing a failure.
Defects in software, systems or documents may result in failures, but not all defects do
so.[1]

A fault can also turn into a failure when the environment is changed. Examples of these
changes in environment include the software being run on a new hardware platform,
alterations in source data or interacting with different software.[2]

[edit] Inability to find all faults

A problem with software testing is that testing all combinations of inputs and
preconditions is not feasible when testing anything other than a simple product.[3] This
means that the number of defects in a software product can be very large and defects that
occur infrequently are difficult to find in testing.

[edit] When Testing is Carried Out

A common practice of software testing is that it is performed by an independent group of
testers after the functionality is developed but before it is shipped to the customer.[4] This
practice often results in the testing phase being used as project buffer to compensate for
project delays, thereby compromising the time devoted to testing.[5] Another practice is to
start software testing at the same moment the project starts and it is a continuous process
until the project finishes.[6]

Another common practice is for test suites to be developed during technical support
escalation procedures.[citation needed] Such tests are then maintained in regression testing
suites to ensure that future updates to the software don't repeat any of the known
mistakes.

[edit] Finding Faults Early in the Process

It is commonly believed that the earlier a defect is found the cheaper it is to fix it.[7] This
is reasonable based on the risk of any given defect contributing to or being confused with
further defects later in the system or process. In particular, if a defect erroneously
changes the state of the data on which the software is operating, that data is no longer
reliable and therefore any testing after that point cannot be relied on even if there are no
further actual software defects.

Time Detected [8]

Time Introduced Requirements Architecture Construction System Test Post-Release
Requirements 1 3 5-10 10 10-100
Architecture - 1 10 15 25-100
Construction - - 1 10 10-25

In counterpoint, some emerging software disciplines such as extreme programming and

the agile software development movement, adhere to a "test-driven software
development" model. In this process unit tests are written first, by the software engineers
(often with pair programming in the extreme programming methodology). Of course
these tests fail initially; as they are expected to. Then as code is written it passes
incrementally larger portions of the test suites. The test suites are continuously updated as
new failure conditions and corner cases are discovered, and they are integrated with any
regression tests that are developed.

Unit tests are maintained along with the rest of the software source code and generally
integrated into the build process (with inherently interactive tests being relegated to a
partially manual build acceptance process).

The software, tools, samples of data input and output, and configurations are all referred
to collectively as a test harness.

[edit] Measuring Software Testing

Usually, quality is constrained to such topics as correctness, completeness, security,[citation
needed]
but can also include more technical requirements as described under the ISO
standard ISO 9126, such as capability, reliability, efficiency, portability, maintainability,
compatibility, and usability.[citation needed]

Testing is a process of technical investigation, performed on behalf of stakeholders, that

is intended to reveal quality-related information about the product with respect to the
context in which it is intended to operate.[citation needed] This includes, but is not limited to,
the process of executing a program or application with the intent of finding errors.
Quality is not an absolute; it is value to some person. With that in mind, testing can never
completely establish the correctness of arbitrary computer software; testing furnishes a
criticism or comparison that compares the state and behaviour of the product against a
specification. An important point is that software testing should be distinguished from the
separate discipline of Software Quality Assurance (SQA), which encompasses all
business process areas, not just testing.[citation needed]

Today, software has grown in complexity and size. The software product developed by a
developer is according to the System Requirement Specification.[citation needed] Every
software product has a target audience. For example, a video game software has its
audience completely different from banking software. Therefore, when an organization
invests large sums in making a software product, it must ensure that the software product
must be acceptable to the end users or its target audience. This is where Software Testing
comes into play. Software testing is not merely finding defects or bugs in the software, it
is the completely dedicated discipline of evaluating the quality of the software.[citation needed]

[edit] Static and Dynamic Testing

There are many approaches to software testing, but effective testing of complex products
is essentially a to connote the dynamic analysis of the product—putting the product
through its paces.[citation needed] Sometimes one therefore refers to reviews, walkthroughs or
inspections as static testing, whereas actually running the program with a given set of test
cases in a given development stage is often referred to as dynamic testing, to emphasize
the fact that formal review processes form part of the overall testing scope.[citation needed]

[edit] Code coverage

Main article: Code coverage

Code coverage measures aim to show the degree to which the source code of a program
has been tested.[9] It is inherently a white box testing activity because it looks at the code
directly. This allows the software team to examine parts of a system that are rarely tested
and ensures that the most important function points have been tested.[10] Two common
forms of code coverage are statement coverage, which reports on the number of lines
executed, and path coverage, which reports on the branches executed to complete the test.
They both return a coverage metric, measured as a percentage.

[edit] Software Testing Measurements

There are a number of common software measures, often called "metrics", which are used
to measure the state of the software or the adequacy of the testing:

• Bugs found per Tester per unit time (Day/Week/Month)[citation needed]

• Total bugs found in a release[citation needed]
• Total bugs found in a module / feature[citation needed]
• Bugs found / fixed per build[citation needed]
• Number of customer reported Bug - As a measure of testing effectiveness[citation
needed]

• Bug trend over the period in a release (Bugs should converge towards zero as the
project gets closer to release) (It is possible that there are more cosmetic bugs
 found closer to release - in which case the number of critical bugs found is used
instead of total number of bugs found)[citation needed]
• Number of test cases executed per person per unit time[citation needed]
• % of test cases executed so far, total Pass, total fail[citation needed]
• Test Coverage[citation needed]

[edit] History
The separation of debugging from testing was initially introduced by Glenford J. Myers
in 1979.[11] Although his attention was on breakage testing ,it illustrated the desire of the
software engineering community to separate fundamental development activities, such as
debugging, from that of verification. Dr. Dave Gelperin and Dr. William C. Hetzel
classified in 1988 the phases and goals in software testing in the following stages:[12]

1. Until 1956 - Debugging oriented[13]

2. 1957-1978 - Demonstration oriented[14]
3. 1983-1987 - Destruction oriented[15]
4. 1983-1987 - Evaluation oriented[16]
5. 1988-2000 - Prevention oriented[17]
6. 2000 - onwards - Early Customer intervention (Beta testing)[citation needed]

[edit] White box, black box, and grey box testing

White box and black box testing are terms used to describe the point of view that a test
engineer takes when designing test cases.

Black box testing treats the software as a black-box without any understanding as to how
the internals behave. It aims to test the functionality according to the
requirements.[18]Thus, the tester inputs data and only sees the output from the test object.
This level of testing usually requires thorough test cases to be provided to the tester who
then can simply verify that for a given input, the output value (or behaviour), is the same
as the expected value specified in the test case.

White box testing, however, is when the tester has access to the internal data structures,
code, and algorithms. For this reason, unit testing and debugging can be classified as
white-box testing and it usually requires writing code, or at a minimum, stepping through
it, and thus requires more knowledge of the product than the black-box tester.[19] If the
software in test is an interface or API of any sort, white-box testing is almost always
required.[citation needed]

In recent years the term grey box testing has come into common usage. This involves
having access to internal data structures and algorithms for purposes of designing the test
cases, but testing at the user, or black-box level. Manipulating input data and formatting
output do not qualify as grey-box because the input and output are clearly outside of the
black-box we are calling the software under test. This is particularly important when
conducting integration testing between two modules of code written by two different
developers, where only the interfaces are exposed for test.

Grey box testing could be used in the context of testing a client-server environment when
the tester has control over the input, inspects the value in a SQL database, and the output
value, and then compares all three (the input, sql value, and output), to determine if the
data got corrupt on the database insertion or retrieval.

[edit] Verification and validation

Main article: Verification and Validation (software)

Software testing is used in association with verification and validation (V&V):

• Verification: Have we built the software right (i.e., does it match the
specification)? Software testing is just one kind of verification, which also uses
techniques such as reviews, inspections, and walkthroughs.[20]
• Validation: Have we built the right software (i.e., is this what the customer
wants)?[21]

[edit] Stages of testing

[edit] Pre Release

• Unit testing tests the minimal software component, or module. Each unit (basic
component) of the software is tested to verify that the detailed design for the unit
has been correctly implemented. In an Object-oriented environment, this is
usually at the class level, and the minimal unit tests include the constructors and
destructors.[22]
• Integration testing exposes defects in the interfaces and interaction between
integrated components (modules). Progressively larger groups of tested software
components corresponding to elements of the architectural design are integrated
and tested until the software works as a system.[citation needed]
• Functional testing tests at any level (class, module, interface, or system) for
proper functionality as defined in the specification. The use of a traceability
matrix often helps with functional testing.[citation needed]
• System testing tests a completely integrated system to verify that it meets its
requirements.[23]
• System integration testing verifies that a system is integrated to any external or
third party systems defined in the system requirements.[citation needed]
• Performance Testing validates whether the quality of service (sometimes called
Non-functional requirements) parameters defined at the requirements stage is met
by the final product.[citation needed]
• Acceptance testing can be conducted by the end-user, customer, or client to
validate whether or not to accept the product. Acceptance testing may be
 performed as part of the hand-off process between any two phases of
development.[citation needed] See also software release life cycle

[edit] Post Release

This section needs additional citations for verification.

Please help improve this article by adding reliable references. Unsourced material may be challenged and
removed. (January 2008)

• Alpha testing is simulated or actual operational testing by potential

users/customers or an independent test team at the developers' site. Alpha testing
is often employed for off-the-shelf software as a form of internal acceptance
testing, before the software goes to beta testing.
• Beta testing comes after alpha testing. Versions of the software, known as beta
versions, are released to a limited audience outside of the company. The software
is released to groups of people so that further testing can ensure the product has
few faults or bugs. Sometimes, beta versions are made available to the open
public to increase the feedback field to a maximal number of future users.

It should be noted that although both Alpha and Beta are referred to as testing it is in fact
use immersion. The rigors that are applied are often unsystematic and many of the basic
tenets of testing process are not used. The Alpha and Beta period provides insight into
environmental and utilization conditions that can impact the software.

[edit] Regression Testing

Main article: Regression testing

This section needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and
removed. (January 2008)

After modifying software, either for a change in functionality or to fix defects, a

regression test re-runs previously passing tests on the modified software to ensure that the
modifications haven't unintentionally caused a regression of previous functionality.

Regression testing can be performed at any or all of the above test levels. These
regression tests are often automated.

More specific forms of regression testing are known as Sanity testing, when quickly
checking for bizarre behaviour, and Smoke testing when testing for basic functionality.

[edit] Test cases, suites, scripts, and scenarios

This section needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and
removed. (January 2008)
A test case is a software testing document, which consists of event, action, input, output,
expected result, and actual result. Clinically defined a test case is an input and an
expected result.[24] This can be as pragmatic as 'for condition x your derived result is y',
whereas other test cases described in more detail the input scenario and what results
might be expected. It can occasionally be a series of steps (but often steps are contained
in a separate test procedure that can be exercised against multiple test cases, as a matter
of economy) but with one expected result or expected outcome. The optional fields are a
test case ID, test step or order of execution number, related requirement(s), depth, test
category, author, and check boxes for whether the test is automatable and has been
automated. Larger test cases may also contain prerequisite states or steps, and
descriptions. A test case should also contain a place for the actual result. These steps can
be stored in a word processor document, spreadsheet, database, or other common
repository. In a database system, you may also be able to see past test results and who
generated the results and the system configuration used to generate those results. These
past results would usually be stored in a separate table.

The term test script is the combination of a test case, test procedure, and test data.
Initially the term was derived from the product of work created by automated regression
test tools. Today, test scripts can be manual, automated, or a combination of both.

The most common term for a collection of test cases is a test suite. The test suite often
also contains more detailed instructions or goals for each collection of test cases. It
definitely contains a section where the tester identifies the system configuration used
during testing. A group of test cases may also contain prerequisite states or steps, and
descriptions of the following tests.

Collections of test cases are sometimes incorrectly termed a test plan. They might
correctly be called a test specification. If sequence is specified, it can be called a test
script, scenario, or procedure.

The developers are well aware what test plans will be executed and this information is
made available to the developers. This makes the developers more cautious when
developing their code.This ensures that the developers code is not passed through any
suprise test case or test plans.

[edit] A sample testing cycle

This section needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and
removed. (January 2008)

Although testing varies between organizations, there is a cycle to testing:

1. Requirements Analysis: Testing should begin in the requirements phase of the

software development life cycle.
 During the design phase, testers work with developers in determining what
aspects of a design are testable and with what parameters those tests work.

2. Test Planning: Test Strategy, Test Plan(s), Test Bed creation.

A lot of activities will be carried out during testing, so that a plan is needed.

3. Test Development: Test Procedures, Test Scenarios, Test Cases, Test Scripts to use
in testing software.
4. Test Execution: Testers execute the software based on the plans and tests and
report any errors found to the development team.
5. Test Reporting: Once testing is completed, testers generate metrics and make final
reports on their test effort and whether or not the software tested is ready for
release.
6. Retesting the Defects

Not all errors or defects reported must be fixed by a software development team. Some
may be caused by errors in configuring the test software to match the development or
production environment. Some defects can be handled by a workaround in the production
environment. Others might be deferred to future releases of the software, or the
deficiency might be accepted by the business user. There are yet other defects that may be
rejected by the development team (of course, with due reason) if they deem it.

[edit] Controversy
Main article: Software testing controversies

Some of the major controversies include:

• What constitutes responsible software testing? - Members of the "context-

driven" school of testing[25] believe that there are no "best practices" of testing, but
rather that testing is a set of skills that allow the tester to select or invent testing
practices to suit each unique situation. Some contend that this belief directly
contradicts standards such as the IEEE 829 test documentation standard, and
organizations such as the Food and Drug Administration who promote them.[citation
needed]

• Agile vs. traditional - Should testers learn to work under conditions of

uncertainty and constant change or should they aim at process "maturity"? The
agile testing movement has popularity mainly in commercial circles,[citation needed]
whereas the CMM was embraced by government and military software
providers.[citation needed]
 • Exploratory vs. scripted[citation needed] - Should tests be designed at the same time as
they are executed or should they be designed beforehand?

• Manual vs. automated - Some writers believe that test automation is so

expensive relative to its value that it should be used sparingly.[26] Others, such as
advocates of agile development, recommend automating 100% of all tests.

• Software design vs. software implementation[citation needed] - Should testing be

carried out only at the end or throughout the whole process?

• Who watches the watchmen? - The idea is that any form of observation is also
an interaction, that the act of testing can also affect that which is being
tested.[citation needed]

[edit] Certification
Several certification programs exist to support the professional aspirations of software
testers and quality assurance specialists. No certification currently offered actually
requires the applicant to demonstrate the ability to test software. No certification is based
on a widely accepted body of knowledge. This has led some to declare that the testing
field is not ready for certification.[27] Certification itself cannot measure an individual's
productivity, their skill, or practical knowledge, and cannot guarantee their competence,
or professionalism as a tester.[28]

Certifications can be grouped into: exam-based and education-based. Exam-based

certifications: For these there is the need to pass an exam, which can also be learned by
self-study: e.g. for ISTQB or QAI. Education-based certifications are instructor-led
sessions, where each course has to be passed, e.g. IIST (International Institute for
Software Testing).

[edit] Testing certifications

• CSTE offered by the Quality Assurance Institute (QAI)[29]

• CSTP offered by the International Institute for Software Testing[30]
• CSTP (TM) (Australian Version) offered by the K. J. Ross & Associates[31]
• CATe offered by the International Institute for Software Testing[32]
• ISEB offered by the Information Systems Examinations Board
• ISTQB offered by the International Software Testing Qualification Board

[edit] Quality assurance certifications

• CSQE offered by the American Society for Quality (ASQ)[33]

• CSQA offered by the Quality Assurance Institute (QAI)[34]
[edit] Roles in software testing
Software testing can be done by software testers. Until the 1950s the term software tester
was used generally, but later it was also seen as a separate profession. Regarding the
periods and the different goals in software testing[35] there have been established different
roles: test lead/manager, tester, test designer, test automater/automation developer, and
test administrator.

[edit] Relationship with Software Quality Assurance

Software testing may be viewed as an important part of the Software Quality Assurance
(SQA) process.[citation needed] In SQA, software process specialists and auditors take a
broader view on software and its development. They examine and change the software
engineering process itself to reduce the amount of faults that end up in defect rate. What
constitutes an acceptable defect rate depends on the nature of the software. An arcade
video game designed to simulate flying an airplane would presumably have a much
higher tolerance for defects than software used to control an actual airliner. Although
there are close links with SQA testing departments often exist independently, and there
may be no SQA areas in some companies.