Académique Documents
Professionnel Documents
Culture Documents
Fall
by
2004
James Bach
Principal, Satisfice Inc.
Copyright (c) Cem Kaner & James Bach, 2000-2004
This work is licensed under the Creative Commons Attribution-ShareAlike License. To view a copy
of this license, visit http://creativecommons.org/licenses/by-sa/2.0/ or send a letter to Creative
Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
These notes are partially based on research that was supported by NSF Grant EIA-0113539
ITR/SY+PE: "Improving the Education of Software Testers." Any opinions, findings and conclusions
or recommendations expressed in this material are those of the author(s) and do not necessarily
reflect the views of the National Science Foundation.
Black Box Software Testing
Copyright
2003
BlackBoxSoftwareTesting
Part2
CompleteTestingIsImpossible
Copyright
2003
Completetesting?
Whatdowemeanby"completetesting"?
Completetestingmustmeanthat,attheendof
testing,youknowtherearenoremaining
unknownbugs.
After all, if there are more bugs, you can find them if you do more
testing. So testing couldn't yet be "complete."
Black Box Software Testing
Copyright
2003
Completecoverage?
Somepeople(tryto)simplifyawaytheproblemof
completetestingbyadvocating"completecoverage."
What is coverage?
Extentoftestingofcertainattributesorpiecesoftheprogram,such
asstatementcoverageorbranchcoverageorconditioncoverage.
Extentoftestingcompleted,comparedtoapopulationofpossible
tests.
Typical definitions are oversimplified. They miss, for example,
Interruptsandotherparalleloperations
Interestingdatavaluesanddatacombinations
Missingcode
The number of variables we might measure is stunning. I
(Kaner) listed 101 examples in Software Negligence & Testing
Coverage.
Black Box Software Testing
Copyright
2003
Measuringandachievinghigh
coverage
Coveragemeasurementisagoodtooltoshow
howfaryouarefromcompletetesting.
But its a lousy tool for investigating how close you are to completion.
Driving testing to achieve high coverage is likely to yield a mass of
low-power tests.
Peopleoptimizewhatwemeasurethemagainst,attheexpenseofwhat
wedontmeasure.
For more on measurement distortion and dysfunction, read Bob
Austins book, Measurement and Management of Performance in
Organizations.
BrianMarickdiscussesthisandotherproblemswiththisandseveral
otherissuesinhispapersatwww.testing.com(e.g.HowtoMisuseCode
Coverage).Marickhasbeeninvolvedindevelopmentofseveralofthe
commercialcoveragetools.
Black Box Software Testing
Copyright
2003
Whataboutbugfindrates?
Somepeoplemeasurecompletenessoftesting
withbugcurves:
New bugs found per week ("Defect arrival rate")
Bugs still open (each week)
Ratio of bugs found to bugs fixed (per week)
Copyright
2003
Weibullreliabilitymodel
Bugcurvescanbeusefulprogressindicators,
butsomepeoplefitthedatatotheoreticalcurves
todeterminewhentheprojectwillcomplete.
The models assumptions
Testing occurs in a way that is similar to the way the software will be
operated.
All defects are equally likely to be encountered.
All defects are independent.
There is a fixed, finite number of defects in the software at the start of
testing.
The time to arrival of a defect follows the Weibull distribution.
The number of defects detected in a testing interval is independent of
the number detected in other testing intervals for any finite collection of
intervals.
SeeErikSimmons,WhenWillWeBeDoneTesting?SoftwareDefect
ArrivalModellingwiththeWeibullDistribution.
Black Box Software Testing
Copyright
2003
TheWeibullmodel
Ithinkitsabsurdtorelyonadistributional
model(oranymodel)wheneveryassumptionit
makesabouttestingisobviouslyfalse.
Copyright
2003
Sideeffectsofbugcurves
Earlierintesting,thepressureistoincrease
bugcounts.Inresponse,testerswill:
Formoreonmeasurementdysfunction,readBobAustinsbook,
MeasurementandManagementofPerformanceinOrganizations.
Formoreobservationsofproblemsliketheseinreputable
softwarecompanies,seeDougHoffman'sarticle,TheDarkSideof
SoftwareMetrics.
Black Box Software Testing
Copyright
2003
Sideeffectsofbugcurves
Laterintesting,thepressureistodecreasethe
Run lots of already-run regression tests.
newbugrate:
Copyright
2003
10
Badmodelsarecounterproductive
Copyright
2003
11
Testersliveandbreathetradeoffs
Thetimeneededfortestrelatedtasksis
infinitelylargerthanthetimeavailable.
Example: Time you spend on
analyzing,troubleshooting,andeffectivelydescribingafailure
Is time no longer available for
Designingtests
Documentingtests
Executingtests
Automatingtests
Reviews,inspections
Supportingtechsupport
Retooling
Trainingotherstaff
Copyright
2003
12
Let'sconsiderthenatureofthe
infinitesetoftests
Thereareenormousnumbersofpossibletests.
Totesteverything,youwouldhaveto:
ReadTheImpossibilityofCompleteTesting
Copyright
2003
13
Inputstoindividualvariables
Considerthevalidinputs
Doug Hoffman worked for MASPAR (the Massively Parallel computer,
64K parallel processors). This machine is used for mission-critical and
life-critical applications.
Totestthe32bitintegersquarerootfunction,Hoffmancheckedallvalues
(all4,294,967,296ofthem).Thistookthecomputerabout6minutestorun
thetestsandcomparetheresultstoanoracle.
Therewere2(two)errors,neitherofthemnearanyboundary.(The
underlyingerrorwasthatabitwassometimesmisset,butinmosterror
cases,therewasnoeffectonthefinalcalculatedresult.)Withoutan
exhaustivetest,theseerrorsprobablywouldnthaveshownup.
Whataboutthe64bitintegersquareroot?Howcouldwefindthetimeto
runallofthese?Ifwedon'trunthemall,don'tweriskmissingsomebugs?
Black Box Software Testing
Copyright
2003
14
Inputstoindividualvariables
Morecomplexexamples
Easter Eggs
Bizarreinputs,bydesign
Edited inputs
Thesecanbequitecomplex.Howmucheditingisenough?
Variations on input timing
Tryenteringthedataveryquickly,orveryslowly.Enterthem
before,after,andduringtheprocessingofsomeotherevent,or
justasthetimeoutintervalforthisdataitemisabouttoexpire.
Now, what about all the error handling that you can trigger with
"invalid" inputs?
ThinkaboutWhittaker&Jorgensen'sconstraintfocusedattacks
(Whittaker,HowSoftwareFails)
ThinkaboutJorgensen'shostiledatastreamattacks
Black Box Software Testing
Copyright
2003
15
Whenpeoplechallengeextremevalue
tests
Copyright
2003
16
Combinationtesting
Variablesinteract.
Copyright
2003
17
Combinationtesting
Variablesinteract.
Copyright
2003
18
Sequences
B
F
A
D
EXIT
< 20 times
through the
loop
Heres an example that shows that there are too many paths to
test in even a fairly simple program. This is from Myers, The Art
of Software Testing.
Black Box Software Testing
Copyright
2003
19
Sequences
Myersexampleinpseudocode
The program starts at A.
FromAitcangotoBorC
FromBitgoestoX
FromCitcangotoDorE
FromDitcangotoForG
FromForfromGitgoestoX
FromEitcangotoHorI
FromHorfromIitgoestoX
FromXtheprogramcangoto
EXITorbacktoA.Itcangoback
toAnomorethan19times.
One path is ABX-Exit. There are 5 ways to get to X and then to the EXIT
in one pass.
Another path is ABXACDFX-Exit. There are 5 ways to get to X the first
time, 5 more to get back to X the second time, so there are 5 x 5 = 25
cases like this.
Black Box Software Testing
Copyright
2003
20
Sequences
AnalyzingMyersexample
Copyright
2003
21
PhoneSystem:TheTelenova
StackFailure
TelenovaStationSet1.Integratedvoiceanddata.
108voicefeatures,110datafeatures.1985.
Copyright
2003
22
TheTelenovaStackFailure
Contextsensitive
display
10deepholdqueue
10deepwaitqueue
Copyright
2003
23
TheTelenovaStackFailure
Thebugthattriggeredthesimulation:
Copyright
2003
24
TheTelenovaStackFailure
Asimplifiedstatediagramshowingthebug
Idle
Ringing
You
hung up
Caller
hung up
Connected
On Hold
Black Box Software Testing
Copyright
2003
25
TelenovaStackFailure
Idle
Ringing
You
hung up
Caller
hung up
Connected
On Hold
Copyright
2003
26
TelenovaStackFailure
Whyarewespendingsomuchtimeonthis
example?
Because it illustrates several important points:
Simplisticapproachestopathtestingcanmisscriticaldefects.
Criticaldefectscanariseundercircumstancesthatappear(inatest
lab)sospecializedthatyouwouldneverintentionallytestfor
them.
When(insomefuturecourseorbook)youhearanew
methodologyforcombinationtestingorpathtesting,Iwantyouto
testitagainstthisdefect.Ifyouhadnosuspicionthattherewasa
stackcorruptionprobleminthisprogram,wouldthenewmethod
leadyoutofindthisbug?
Thisexamplealsolaysafoundationforourintroductiontorandom/
statisticaltesting.
Black Box Software Testing
Copyright
2003
27
TelenovaStackFailure
Havingfoundandfixed
theholdstackbug,
shouldweassume
thatwevetakencareoftheproblem
orthatifthereisonelongsequencebug,
therewillbemore?
Hmmm
Ifyoukillacockroachinyourkitchen,
doyouassume
youvekilledthelastbug?
Ordoyoucalltheexterminator?
Copyright
2003
28
Conclusion
Complete testing is impossible
Thereisnosimpleanswerforthis.
Thereisnosimple,easilyautomated,comprehensiveoracleto
dealwithit.
Thereforetestersliveandbreathetradeoffs.
Copyright
2003
29