B4.

3-R3: SOFTWARE TESTING AND QUALITY MANAGEMENT

Previous Question Papers

• January, 2007
• January, 2006
• July 2006
• July, 2005
• January, 2005
• July, 2004
• January, 2004

January, 2007

Time: 3 Hours

1.
a) What are the parameters checked in performance testing of software? How is it
performed?
b) What is the difference between robustness and correctness?
c) What are the steps in automating the testing process?
d) When do you decide to stop testing any further?
e) What is information cohesion?
f) What is typical about a windows process in regards to memory allocation?
g) What is a testable design?
(7x4)
2.
a) What are the typical problems in testing web services? What are the differences
between testing intranet and internet-based web services in an organization?
b) In the context of web services testing, explain the following with example:
. Proof-of-concept testing
. Functional testing
. Regression testing
(6+12)
3.
a) What are the basic concepts behind software fault tolerance? What are design
diversity and independent failure modes? Explain in detail.
b) Explain the difference between recovery block and N-version software method of
fault tolerance.
(10+8)
4.
a) Can we directly measure the quality of software? What are the basic three sets of
factors that determine software quality? How can their indicators be derived?
b) What are clean tests and dirty tests? Which one works when?
(10+8)
5.
a) What are the parameters of a program that can be tested using glass-box or white-
box testing? Give examples.
b) What is mutation testing and random testing? IIIustrate your answer by an
example?
(8+10)
6.
a) What are the advantages of dynamic analysis over static testing? Explain dynamic
analysis process?
b) What are the categories of dynamic analyzers available? Describe their important
Features.
(10+8)
7.
a) Explain the general architecture of a test-data generator with a diagram. Give an
example.
b) What is SPICE? What are it’s advantages to various communities involved in the
software industry? Compare it with CMM of software.

july 2006
Time: 3 Hours Total Marks: 100

1.
a) Distinguish clearly between the terms fault and failure in software development.
b) A pure top-down integration testing is not just sufficient for the software testing
process. Justify your answer with a suitable example.
c) What is a code walkthrough and explain, how it is useful in White-Box testing.
d) Describe, how cyclomatic complexity is useful in software testing?
e) Explain, the differences between validation and verification. Why is validation
considered a difficult process?
f) How can a Client-Server Software be effectively tested?
g) Explain, why measurement of software reliability is much harder problem that the
measurement of hardware reliability.
(7x4)

2.
a) How can you determine the number of latent defects in a software product during the
testing phase?
b) Identify the types of information that should be presented in the test summary report.
c) What do you understand by “code review effectiveness”? How can review
effectiveness be determined?
 (6+6+6)

3.
a) What do you understand by test data generation? Explain, how test data can be
generated automatically.
b) Among the different development phases of life cycle, testing typically requires the
maximum effort. Identify the main reasons behind the large effort necessary for this
phase.
c) Design the black-box test suite for a program that accepts two strings and checks if
the first string is a substring of the second string and displays the number of times
the first string occurs in the second string.
(6+6+6)

4.
a) What do you understand by static analysis of a program? What are the different
types of information that are normally generated by static analysis tools? How are
these information useful?
b) Explain how the different defects in a system can be classified. Why is it necessary
to classify the defects into several classes?
c) How can we estimate the Cost of Repairing the software defect in a program.
(6+6+6)

5.
a) Usability of a software product is tested during which type of testing: unit, integration,
or system testing? How is usability tested?
b) Discuss the relative merits of ISO 9001 certification and the SEI CMM-based quality
assessment.
c) What do you understand by Key Process Area (KPA), in the context of SEI CMM?
Would there be any problem if an organization tries to implement higher level SEI
CMM KPAs before achieving lower level KPAs? Justify your answer using suitable
examples.
(6+6+6)

6.
a) What is the difference between process metrics and product metrics? Give four
examples of each.
b) Why is testing of real-time and embedded systems is considered more difficult than
testing of traditional systems? Explain a satisfactory scheme for testing real-time and
embedded systems.
c) What is a coding standard? Identify the problems that might occur if the engineers of
an organization do not adhere to any coding standard?
(6+6+6)

7.
a) What do you understand by stress testing? Explain using suitable examples, how
stress testing for a software product can be carried out.
b) Explain the importance of software configuration management in modern quality
paradigms such as SEI CMM and ISO 9001. An organization not using nay
configuration management tool can qualify for which SEI CMM level(s)?
c) List four metrics that can be determined from an analysis of a program’s source code
and would correlate well with the reliability of the delivered software.

JANUARY 2006
NOTE:
1. Answer question 1 and any FOUR questions from 2 to 7.
2. Parts of the same question should be answered together and in the same
sequence.

Time: 3 Hours Total Marks: 100

1. State whether the following statements are TRUE or FALSE. In each case, justify your
answer using one or two sentences. Irrelevant and unnecessarily long answers will be
penalized.

a) The terms software verification and software validation are essentially synonyms.

b) Introduction of additional sequence type of statements in a program can not increase its
cyclomatic complexity.

c) Code walkthrough for a module is normally carried out after completion of unit test.

d) During code review you detect errors whereas during code testing you detect failures.

e) Branch coverage is a stronger testing technique compared to statement coverage

technique.

f) Modern quality assurance paradigms are centered around to carryout thorough product
testing.

g) A satisfactory way to test object-oriented programs to test all the methods supported by
the different classes individually and then by performing adequate integration and system
testing.

(7x4)
2.a) Explain why testing techniques used for traditional procedure-oriented programs can not
effectively be used to test object-oriented programs? What additional types of tests are
needed for object-oriented programs?

b) Explain the difference between code inspection and code walk through. Why is detection
and correction of errors during inspection and walkthrough preferable to that achieved using
testing.

c) Prepare a checklist that can be used for inspection of the user interface of a software
product.

(6+6+6)

3.a) What is the difference between the top-down and the bottom-up integration testing
approaches? Explain your answer using an example. Why is the mixed integration testing
approach preferred by many testers?

b) Design the black-box test suite for a program that accepts two strings and checks if the
first string is a substring of the second string and displays the number of times the first string
occurs in the second string.

c) Explain what do you understand by client-server software. What are its advantages over the
traditional software architecture? How can a client-server software be effectively tested?

(6+6+6)

4.a) Consider the following program segment.

/* num is the number the function searches in a presorted integer array arr */

int bin_search(int num)

int min, max;

min =0;

max =100;

while(min!=max){

if(arr[(min+max)/2]>num)

max= (min+max)/2;

else if(arr[(min+max)/2]<num)

min=(min+max)/2;
else return((min+max)/2);

return(-1);

a) Draw the control flow graph for this program segment.

b) Determine the cyclomatic complexity for this program. (Show the intermediate steps in
your computation. Writing only the final result is not sufficient)

c) How is the cyclomatic complexity metric useful?

(6+6+6)

For more questions papers visit www.DoeaccOnline.com, www.IgnouOnline.com

5.a) Explain, why measurement of software reliability is a much harder problem than the
measurement of hardware reliability.

b) What do you understand by a reliability growth model? How is reliability growth modeling
useful? Give examples of two reliability growth models.

c) Explain the importance of software configuration management in modern quality paradigms

such as SEI CMM and ISO 9001. What problems might arise if a development organization
does not use any configuration management tool?

(6+6+6)

6.a) Explain two test coverage metrics for procedural code. How are these useful? Can these
be used satisfactorily for object-oriented programs? Explain your answer.

b) Why effective testing of real-time and embedded systems is considered more difficult than
testing traditional systems? Explain a satisfactory scheme to test real-time and embedded
systems.

c) Distinguish between the static and dynamic analysis of a program. Explain at least one
metric that a static analysis tool reports and one metric that a dynamic analysis tool reports.
How are these metrics useful?

(6+6+6)

7.a) What do you understand by volume testing? Explain using a suitable example how
volume test cases can be designed and the types of defects these tests can help to detect.
b) Explain at least one defect metric and how this metric can be collected. Also explain how
defects can be effectively tracked for a software product.

c) What do you understand by data flow testing? How is data flow testing performed? Is it
possible to design dataflow test cases manually? Explain your answer.

(6+6+6)

July, 2005
Note:

1. Answer question 1 and any FOUR questions from 2 to 7.

2. Parts of the same question should be answered together and in the same sequence.

Time: 3 Hours Total Marks:100

1.
1. What is 'Software Testing'? How is it different from debugging?
2. What makes a good Software Test Engineer?
3. Differentiate between static testing and dynamic testing?
4. Differentiate between verification and validation.
5. Describe the characteristics of 'good code'.
6. Explain the concept of a test case and test plan.
 7. What is the normal procedure to assure quality of an SRS document?

(7x4)

2.
1. DOEACC is planning to start online testing. It will use an automated
process for recording candidate information, scheduling candidates for
exams, keeping track of results and sending out certificates. Write a brief
test plan for this project.
2. Software testing can be an unending process. What criteria are used to
stop testing?
3. Explain Stress, Load and Performance testing?

(6+6+6)

3.
1. What is the objective of Unit and integration testing? Indicate the quality
measures to assure that unit testing is complete?
2. You are a tester for testing a large system. The system data model is very
large with many attributes and there are many interdependencies within
the fields. What steps would you use to test the system and what are the
effects of the steps you have taken on the test plan?

(12+6)

4.
1. Explain and give examples of the following black box techniques?

Boundary Value testing.

Equivalence testing,

Error Guessing.
2. Suppose you company is about to roll out an E-Commerce application. It
is not possible to test the application on all types of browsers on all
platforms and operating systems. What steps would you take in the testing
environment to reduce the business risks and commercial risks?

(12+6)

5.
1. What are the special features of client/server environments? Discuss the
various strategies employed to test such systems.
2. Compare and contrast the top-down and bottom-up approach to testing
Computer programs.

(12+6)

6.
 1. What is data flow testing? Illustrate its use by an example.
2. Describe the popular software quality assurance models. Compare and
contrast the ISO 9000 and CMM models.

(9+9)

7.
1. How can Software Quality Assurance process be implemented without
stifling productivity? Explain.
2. Discuss the salient features of graphical interface testing. How is it
different from WWW Testing?
3. Explain the testing process for Object Oriented programs.

(6+6+6)

January, 2005
Note:

1. Answer question 1 and any FOUR questions from 2 to 7.

2. Parts of the same question should be answered together and in the same sequence.

Time: 3 Hours Total Marks:100

1. State whether the following statements are TRUE or FALSE. In each case. justify
your answer using one or two sentences. Irrelevant and unnecessarily long
answers will be penalized.
1. A pure top-down integration testing does not require the use of any stub
modules
 Ans. False: Because top down integration testing completely depend on
stub.and while it is completely working on the basis of stubs it is called
pure.

2. Use of static and dynamic program analysis tools is an effective substitute

for through testing.

Ans.True: Through testing is that where we test the complete structure

module by module and go through whole structure of the program. And
the combination of static and dynamic program analysis tools also do that.

3. Once the McCabe's Cyclomatic complexity of a program has been

determined. It is very easy to identify all the linearly independent paths of
the program.

Ans.True: Because cyclomatic complexity is equal to the total number of

independent path present.

4. During code review you detect errors whereas during code testing you
detect failures.

Ans.True: Code review find that if the code is executing well without see
the output of the code. While during code testing it also find weather the
program output is correct.

More:- An error is usually a programmer action or omission that results in

a fault. A fault is a software defect that causes a failure, and a failure is the
unacceptable departure of a program operation from program
requirements.

5. The reliability of a software product increases almost linearly, each time a

defect gets detected and fixed.

Ans.True: Because every time we fix a defect we ensure the less

possibility of failure of a system, so it's reliability increases.

6. Modern quality assurance paradigms are centered around carrying out

thorough product testing.

Ans.True: Because if we through test a product it mean it go through all

the testing phase and it will work as required and in all condition.

7. An important use of receiving a ISO 9001 certification by a software

organization is that it can improve its sales efforts by advertizing its
products as conforming to ISO 9001 certification.
 Ans.True: ISO 9001 is the actual specification for the quality management
system for production..So a organization can represent itself as a ISO 9001
company that will ensure the customer about the quality of product.

More On ISO:- The International Organisation for Standardisation (ISO)

is a worldwide federation of national standards bodies from some 130
countries, one from each country (So Europe has 14 votes to USA's 1
vote!). The mission of ISO is to promote the development of
standardisation with a view to facilitating the international exchange of
goods and services, and to developing co-operation in the spheres of
intellectual, scientific, technological and economic activity. ISO's work
results in international agreements, which are published as International
Standards.

2. (7x4)
3.
1. What do you understand by automatic program analysis? Give a broad
classification of the different types of program analysis tools used during
program developement. What are the different types of information
produced by each type of tool?

Ans.Program analysis = deriving information about the behaviour of

computer programs.

Automatic = no humans involved

Why do program analysis?

optimization

validation

Automated Testing Tools available for programmers:

3. Static analyzer

Static Program Analysers: Static analysis tools scan the source

code to try to detect errors. The code does not need to be executed.
Most useful for languages which do not have strong typing. The
can check the following:

1. Syntax
2. Unreachable code
3. Unconditional branches into loops
4. Undeclared variables
5. Uninitialised variables
6. Parameter type mismatches
 7. Uncalled functions and procedures
8. Variables used before initialization
9. Non usage of function results
10. Possible array bound errors
11. Misuse of pointers
4. Code Auditors
5. Assertion processors
6. Test file generators
7. Test Data Generators
8. Test VerifiersvOutput comparators
2. What is stress testing? How is it performed? Why is stress testing
applicable to only certain types of systems? .

Ans.Stress testing is the system testing of an integrated, blackbox

application that attempts to cause failures involving how its performance
varies under extreme but valid conditions (e.g., extreme utilization,
insufficient memory inadequate hardware, and dependency on over-
utilized shared resources). Stress testing typically involves the
independent test team performing the following testing tasks using the
following techniques:

Test Planning

Test Reuse

Test Design:

Use Case Based Testing

Workload analysis to determine the maximum production
workloads.

Test Implementation:

Develop test scripts simulating extreme workloads.

Test Execution:

Regression Testing

Profiling

Test Reporting

Stress testing is typically complete when the following
postconditions hold:

At least one stress test suite exists for each scalability requirement.

The test suites for every scheduled scalability requirement execute
successfully.

Typical examples include stress testing of an application that is:

Software only.

A system including software, hardware, and data components.

Huge (e.g., number of users, number of transactions, amount of
data).

Batch with no realtime requirements.

Soft realtime (i.e., human reaction times).

Hard realtime (e.g., avionics, radar, automotive engine control).

Embedded within another system (e.g., flight-control software,
cruise-control software).

Client/server or n-tier distributed.

A research prototype that will not be placed into service.

Business-critical or safety-critical.

Stress testing is applicable to only certain types of systems and is not for
systems that are not much performance dependent and that don't work in
the extreme conditions. e.g a utility system working on a stand alone
system.

3. Define three metrics to measure software reliability. Do you consider

these metrics entirely satisfactory to provide measure of the reliability of a
system? Justify your answer.

Ans.Reliability of the delivered code is related to the quality of all of the

processes and products of software development; the requirements
documentation, the code, test plans, and testing.

Software reliability is comprised of three activities:

Error prevention

Fault detection and removal

Measurements to maximize reliability, specifically measures that
support the first two activities

Three types of reliability Metric:

Requirements Reliability Metrics

Design and Code Reliability Metrics

Testing Reliability Metrics

Requirements Reliability Metrics

Requirements specify the functionality that must be included in the

final software. It is critical that the requirements be written such
that is no misunderstanding between the developer and the client.
There are three primary formats for requirement specification
structure, by IEEE, DOD and NASA.[7,8,9] These specify the
content of the requirement specification outside the requirements
themselves. Consistent use of a format such as these ensures that
critical information, such as operational environment, is not
omitted.

The importance of correctly documenting requirements has caused

the software industry to produce a significant number of aids to the
creation and management of the requirements specification
documents and individual specification statements. However very
few of these aids assist in evaluating the quality of the
requirements document or the individual specification statements
 themselves. The SATC has developed a tool to parse requirement
documents. The Automated Requirements Measurement (ARM)
software was developed for scanning a file that contains the text of
the requirement specification. During this scan process, it searches
each line of text for specific words and phrases. These search
arguments (specific words and phrases) are indicated by the
SATC's studies to be an indicator of the document's quality as a
specification of requirements. ARM has been applied to 56 NASA
requirement documents. Seven measures were developed, as
shown below.

0. Lines of Text - Physical lines of text as a measure of size.

1. Imperatives - Words and phases that command that
something must be done or provided. The number of
imperatives is used as a base requirements count.
2. Continuances -Phrases that follow an imperative and
introduce the specification of requirements at a lower level,
for a supplemental requirement count.
3. Directives - References provided to figures, tables, or
notes.
4. Weak Phrases - Clauses that are apt to cause uncertainty
and leave room for multiple interpretation measure of
ambiguity.
5. Incomplete - Statements within the document that have
TBD (To be Determined) or TBS (To Be Supplied).
6. Options - Words that seem to give the developer latitude in
satisfying the specifications but can be ambiguous.

It must be emphasized that the tool does not attempt to assess the
correctness of the requirements specified. It assesses individual
specification statements and the vocabulary used to state the
requirements; it also has the capability to assess the structure of the
requirement document.

Design and Code Reliability Metrics

Although there are design languages and formats, these do not lend
themselves to an automated evaluation and metrics collection. The
SATC analyzes the code for the structure and architecture to
identify possible error prone modules based on complexity, size,
and modularity.

It is generally accepted that more complex modules are more

difficult to understand and have a higher probability of defects than
less complex modules.[5] Thus complexity has a direct impact on
overall quality and specifically on maintainability. While there are
 many different types of complexity measurements, the one used by
the SATC is logical (Cyclomatic) complexity, which is computed
as the number of linearly independent test paths.

Size is one of the oldest and most common forms of software

measurement. Size of modules is itself a quality indicator. Size can
be measured by: total lines of code, counting all lines; non-
comment non-blank which decreases total lines by the number of
blanks and comments; and executable statements as defined by a
language dependent delimiter.

Testing Reliability Metrics

Testing metrics must take two approaches to comprehensively

evaluate the reliability. The first approach is the evaluation of the
test plan, ensuring that the system contains the functionality
specified in the requirements. This activity should reduce the
number of errors due to lack of expected functionality. The second
approach, one commonly associated with reliability, is the
evaluation of the number of errors in the code and rate of
finding/fixing them. The SATC has developed a model to simulate
the finding of errors and projects the number of remaining errors
and when they will all be identified.

To ensure that the system contains the functionality specified, test

plans are written that contain multiple test cases; each test case is
based on one system state and tests some functions that are based
on a related set of requirements. The objective of an effective
verification program is to ensure that every requirement is tested,
the implication being that if the system passes the test, the
requirement's functionality in included in the delivered system. An
assessment of the traceability of the requirements to test cases is
needed.

4. (6+6+6)
5.
1. What is the difference between the top-down and the bottom-up
integration testing approaches? Explain your answer using an example.
Why is the mixed integration testing approach preferred by many testers?

Ans.

Aspect Bottom-up Top-down

Allows
Major
early testing aimed at
Features
proving feasibility and

The
control program is
tested first
 practicality of
Modules
particular modules. are integrated one at a

Major time
emphasis is on module
Major
functionality and emphasis is on
performance. interface testing

Modules
can be integrated in
various clusters as
desired.

No test
drivers are needed

No test
The
stubs are needed control program plus a

It is few modules forms a
easier to adjust basic early prototype
Advantages
manpower needs
Interface

Errors in errors are discovered
critical modules are early
found early
Modular
features aid debugging

Test
Test
drivers are needed stubs are needed

Many
The
modules must be extended early phases
integrated before a dictate a slow
Disadvantages
working program is manpower buildup
available
Errors in

Interface critical modules at low
errors are discovered levels are found late
late
At any given point, more code An early working program
has been written and tested raises morale and helps
that with top down testing. convince management
Comments
Some people feel that bottom- progress is being made. It is
up is a more intuitive test hard to maintain a pure top-
philosophy. down strategy in practice.

The cost of drivers and stubs in the top-down and bottom-up testing
methods is what drives the use of 'big bang(mixed integration testing)'
testing. This approach waits for all the modules to be constructed and
tested independently, and when they are finished, they are integrated all at
once.
6. Design the black-box test suite for a program that accepts two strings and checks
of the first string is a substring of the second string and displays the number of
times the first string occurs in the second string.

7. Explain, what do you understand with client-server architecture. What are its
advantages over the traditional software architecture? How can a client-server
software be effectively tested?

Ans.The client/server software architecture is a versatile, message-based

and modular infrastructure that is intended to improve usability,
flexibility, interoperability, and scalability as compared to centralized,
mainframe, time sharing computing. A client is defined as a requester of
services and a server is defined as the provider of services. A single
machine can be both a client and a server depending on the software
configuration.

Advantages:

This approach introduced a database server to replace the file
server.

Using a relational database management system (DBMS),

user queries could be answered directly.

The client/server architecture reduced network traffic by providing
a query response rather than total file transfer.

It improves multi-user updating through a GUI front end to a
shared database.

In client/server architectures, Remote Procedure Calls (RPCs) or
standard query language (SQL) statements are typically used to
communicate between the client and server.

(6+6+6)

8. Consider the following program segment.

1.
2. /* sort takes an integer array and sorts it in ascending order *1
3.
4. void sort (int a [ ], int n) {
5.
6. int i, j;
7.
8. for(i=0;i<n-l;i++)
9.
10. for(i=i+1;j<n;j++)
11.
12. if(a[i]>a[j])
13.
14. {
15.
16. temp=a[i] ;
17.
18. a[i]=a[j];
19.
20. a[j]=temp;
21.
22. }
23.
24.
25.
26. }
27.
28.
29.
a. Draw the control flow graph for this program segment
b. Determine the cyclomatic complexity for this program. (Show the
intermediate steps your computation. Writing only the final result is not
sufficient)
c. How is the cyclomatic complexity metric useful?

(6+6+6)

9.
a. What problems would you face if you are developing several versions of
the same product according to a client's request and you are not using any
configuratlon management tools?
b. Discuss the relative merits of ISO 9001 certification and the SEI CMM-
based quality assessment.
c. What do you understand by performance testing? What are the different
types of performance testing that should be performed on a software
product.

(6+6+6)

10.
a. When during the development process is the compliance with coding
standards is checked? List two coding standards each for (i) enhancing
readability of the code, (ii) reuse of the code.
b. For the program segment given in Question 4, design the branch coverage
and statement coverage test suite. Which of these is the stronger testing?
Why?
c. Distinguish between the static and dynamic analysis of a program. How
are static and dynamic program analysis results useful?

(6+6+6)

11.
a. Distinguish between software verification and software validation. When
are verification and validation performed during the software life cycle?
Can one be used in place of the other?
 Ans. Validation: Are we producing the right product?
Verification: Are we producing the product right?

Verification is a process to check that the software meets its requirements.

Validation is to check that the software does what the customer expects.

There are two complementary approaches to system checking and analysis

in validation and verification (V & V). Software inspections or peer
reviews analyze and check representations such as requirements
document, design diagrams and program source code. It can be used at all
stages of software engineering process. Software inspections or peer
reviews are static V & V techniques because there is no need to run the
software on a computer.

The other approach is software testing, which involves running an

implementation of the software and its operational behavior to check that
it is performing as required. Software testing is dynamic V & V technique.
Testing can also be used at different stages of software engineering
process. A validation testing can be used to show that software is what the
customer wants (It meets the requirements). Defect testing is intended to
reveal defects in the software.

b. What is the difference between process metrics and product metrics? Give
examples of each.
c. Briefly highlight the difference between code inspection and code walk
through Compare the relative merits of code inspection and code walk
through.

Ans.Walkthrough is co-operative, organised activity by several

participants. Participants select some test cases and simulate execution of
the code by hand. A participant, usually the developer of the software
being reviewed, narrates a description of the software and the remainder of
the review group provides their feedback throughout the presentation.

In a Walkthrough, the producer describes the product and asks for

comments from the participants. These gatherings generally serve to
inform participants about the product rather than correct it.

Inspection - analysis is aimed explicitly at the discovery of commonly

made errors. Code/design is examined by checking it for the presence of
errors. Inspections require a high degree of preparation of the review
participants, but the benefits include a more systematic review of the
software and more controlled and less stressed meeting.
Software Inspections are a disciplined engineering practice for detecting
and correcting defects in software artifacts, and preventing their leakage
into field operations.

Moderator: Responsible for ensuring that the inspection procedures are

performed through out the entire inspection process. The responsibilities
include:

i. Verifying the work products readiness for inspection

ii. Verifying that the entry criteria is met
iii. Assembling an effective inspection team
iv. Keeping the inspection meeting on track
v. Verifying that the exist criteria is met

Software Inspections are a reasoning activity performed by practitioners

playing the defined roles of Moderator, Recorder, Reviewer, Reader, and
Producer.

The major difference between walkthroughs and inspections is that an

inspection process involves the collection of data that can be used to
feedback on the quality of the development and review process.

In the methods of quality control, inspection is a mechanism that has

proven extremely effective for the specific objective of product
verification in many development activities. It is a structured method of
quality control, as it must follow a specified series of steps that define
what can be inspected, when it can be inspected, who can inspect it, what
preparation is needed for the inspection, how the inspection is to be
conducted, what data is to be collected, and what the follow-up to be the
inspection is. Thus the result of inspections on a project has the
performance of close procedural control and repeatability.

However, reviews and walkthroughs have less structured procedures. They

can have many purposes and formats. Reviews can be used to form
decisions and resolve issues of design and development. They can also be
used as a forum for information swapping or brainstorming. Walkthroughs
are used for the resolution of design or implementation issues. Both
methods can range from being formalized and following a predefined set
of procedures to completely informal. Thus they lacks the close procedural
control and repeatability.

(6+6+6)
July, 2004
Note:

1. Answer question 1 and any FOUR questions from 2 to 7.

2. Parts of the same question should be answered together and in the same sequence.

Time: 3 Hours Total Marks:100

1.
1. Explain why it is not necessary for a program to be completely free of
defects before it is delivered to its customers. To what extent can testing
be used to validate that the program is fit for its purpose?
2. Discuss the differences between verification and validation and explain
why validation is a particularly difficult process.
 3. Discuss the differences in testing a business critical system, a safety
critical system and a system whose failure would not seriously affect lives,
health or business.
4. Explain differences between testing a system program based on object-
oriented and procedure-oriented approach.
5. How is the cyclomatic complexity metric useful in the testing process?
6. Briefly list out the .parties who have vested interest in software testing and
their interest too.
7. What are the two basic components of the testing strategy? Explain them
briefly.

(7x4)

2.
1. Explain the various aspects involved in testing web applications.
2. Discuss in detail security testing issues of web-based programs.

(9+9)

3.
1. What is a test plan? Discuss the features of good test-plans.
2. Normally test design methods involve large number of test cases and it is
nearly impossible to execute all of the tests. Describe and illustrate the
various strategies and criteria employed by practitioners to reduce the
number of test cases.

(6+12)

4.
1. Explain the flow graph notation. Use this notation to represent the
structured programming constructs.
2. Develop a test plan for exhaustive testing of a program that computes the
roots, all possible types, of a quadratic equation.

(8+10)

5.
1. Static Analysis is a technique for assessing the structural characteristics of
source code. Explain this technique by taking a simple example. Bring out
the utility and limitations of static analyzers.
2. Explain the concept and utility of function point metric.

(12+6)

6.
 1. Differentiate between black box and white-box testing. Consider a
program that reads three integer values, representing the inputs and prints
a message stating whether the triangle is scalene, isosceles or equilateral.
Develop a flowchart of the program. Suggest a white-box testing
methodology.

(18)

7.
1. Explain what you understand by software process quality and software
product quality. How would you assure the quality of software product?
2. A commonly used software quality measure is the number of known errors
per thousand lines of product source code. Compare the usefulness of this
measure for developers and users. What are the possible problems with
relying on this measure as the sole expression of software quality?

(10+8)

January, 2004
Note:

1. Answer question 1 and any FOUR questions from 2 to 7.

2. Parts of the same question should be answered together and in the same sequence.

Time: 3 Hours Total Marks:100

1. State whether the following statements are TRUE or FALSE. In each case, justify
your answer using one or two sentences. Irrelevant and unnecessarily long
answers shall be avoided.
1. System test plan can be prepared immediately after the requirements
specification phase is complete.
 Ans.True: Because a test plan can be make on the basis of user manual,
which tell the expected functionality of the system.

2. The effectiveness of a test suite in detecting errors can be determined by

counting the total number of test cases present in the test suite.

Ans.False: Because test cases should minimum in a test suite but test cases
should distinguish as they can move between all possible path of system,
and find all possible result of system.

3. One of the objectives of system testing is to check whether coding

standards have been adhered to or not.

Ans.False : System testing is for test the functionality of system.

4. Error and failure are synonymous in software testing terminology.

Ans.False: Because an error is usually a programmer action or omission

that results in a fault. A fault is a software defect that causes a failure, and
a failure is the unacceptable departure of a program operation from
program requirements.

5. Development of suitable driver and stub functions are essential for

carrying out effective system testing of a product.

Ans.True: Because during system testing because whole system is not

integrated so to execute the system stub and drivers needs.

6. The main purpose of integration testing is to find design errors.

Ans.True: Because if the design of a software is correct and it built on the

basis of that design it will integrate without any error.

7. Introduction of additional sequence type statements in a program would

not increase the program's cyclomatic complexity.

Ans.False: Because to introduce new independent path a conditional

statement required.

2. (7 x 4)
3.
1. Usability of a software product is tested during which type of testing: unit,
integration or system testing? How is usability tested?

Ans.Usability of software product tested during system testing. It is not

possible during unit testing because a single unit can not define whole
 working of the software. Unit testing can only define that a indivisual unit
is working properly or not.

Integration testing is whether all units of software work together as a

system because it is possible that one unit of software working correctly in
isolation causes an error when integrates with another. However, it is not
about the usability of the software.

Therefore, it is the system testing where we test the usability of a software.

In Usability testing, we test system for it's usabilty in real environment.we

test for:

if the system is according to the requirement specification of the

system.

if the system is giving output as the user wants.

if the system is taking only the valid input and it's not taking the
incorrect input of the user.

if the system have a interface according to the requirement of the
user.

If the software is fit for it's purpose for what it is developed.
2. Explain difference between testing a system program based on object-
oriented and procedure-oriented approach.

Ans.

Unit Testing
In procedure-oriented approach, the units for unit testing unit can not be identified
easily while in object oriented systems, units for testing can be easily identified as
these are already divided in individual units of objects and classes. And after
testing indivdual units we can go further.
Integration testing
Integration testing is more important in procedure oriented approach as in this
modules have more dependency on each other. To integrate procedure oriented
module there is requirement of more stubs and drivers as they are not working
module and here top down approach is better. In contrast, under OO approach,
individual units can easily integrate facilitating bootom up approach.

We can summarize the differences as:-

With Procedural
Test Method With Object-Oriented Software
Software
Unit testing is really integration Test individual,
Unit Testing testing, test logically related functionally
operations and data cohesive operations
Integration Object-oriented's unit testing No Test an integrated
 Testing more bugs related to common set of units
global data (though could have (operations and
errors associated with global objects common global
and classes) data)
Of limited value if using strongly
Used on units or
Boundary typed object oriented languages and
integrated units and
Value Testing proper data abstraction is used to
systems
restrict the values of attributes
Limited to operations of objects.
Must address exception handling
Basis Path Generally performed
and concurrency issues (if
Testing on units
applicable). Lowered complexity of
objects lessens the need for this
Equivalence Emphasized for object-oriented: Used on units,
and Black-Box objects are black boxes, equivalence integrated units and
Testing classes are messages systems

3. Design the black-box test suite for a function that accepts two pairs of
floating point numbers representing two coordinate points. Each pair of
coordinate points represents the center and a point on the circumference of
the circle. The function prints whether the two circles are intersecting, one
is contained within the other or are disjoint.

(6+4+8)

4.
1. Distinguish between software verification and software validation. When
the verification and validation are performed during the software life
cycle. Can one be used in place of the other?
2. What is a coding standards? Give their importance and identify the
problems that might occur if the engineers of a software development
organization do not adhere to any coding standard?
3. How is data flow testing performed? Is it possible to design data flow test
cases manually? Explain your answer.

(6+6+6)

5. Consider the following program segment.

1.
2. int find-maximum(int i, int j, int k)
3.
4. {
5.
6. int max,
7.
8. if(i>j) then
9.
10. if (i>k) then max=i;
11.
12. else max=k;
13.
14. else if (j>k) max=j
15.
16. else max=k;
17.
18. return (max);
19.
20. }
21.
a. Draw the control flow graph for this program segment. .
b. Determine the cyclomatlc complexity for this program. (Show the
intermediate steps in your computation. Writing only the final result is not
sufficient)
c. How is the cyclomatlc complexity metric useful in the testing process?

(6+7+5)

6)
a. Explain how code inspection is carried out. What are some of the
important types of defects that can be detected during code inspection?

Click here for Answer

b. Do you agree with the following statement:

Modern quality assurance paradigms ara centered around carrying out

through product testing.

Justify your answer.

c. What do you understand by performance testing? What are the different

types of performance testing that should be performed on a software
product?

(6+6+6)

7)
a. What is the difference between black-box and white-box testing? Can one
be used in place of another?
b. For the program segment given in Q. 4, design the branch coverage and
statement coverage test suite. Which of these is the stronger testing?
c. Distinguish between the static and dynamic analysis of a program. How
are static and dynamic program analysis results useful?

(6+6+6)
8)
a. Normally as testing continues on a software product more and more errors
are discovered. Explain how you would decide when to stop testing.
b. What is the difference between process metrics and product metrics? Give
examples of each.
c. List five salient requirements that a software development organization
must comply with before it can be awarded the ISO 9001 certificate.

(6+6+6)