First, we might think of devising a selection of test data values and comparing the actual with the expected outcome.. A second method of testing, called exhaustive testing, would be to
Trang 1We begin this chapter by discussing the general problem of testing – and discover that there is a significant problem We consider approaches called black box and white box testing
There are a whole number of associated testing techniques, which we outline The problems of testing large pieces of software that consist of many components are severe – particularly if all the components are combined at one and the same time
It would be convenient to know how errors arise, because then we could try to avoid them during all the stages of development Similarly, it would be useful to know the most commonly occurring faults, because then we could look for them during verifica-tion Regrettably, the data is inconclusive and it is only possible to make vague state-ments about these things
Specifications are a common source of faults A software system has an overall specification, derived from requirements analysis In addition, each component of the software ideally has an individual specification that is derived from architectural design The specification for a component can be:
■ ambiguous (unclear)
■ incomplete
■ faulty
Any such problems should, of course, be detected and remedied by verification of the specification prior to development of the component, but, of course, this verifica-tion cannot and will not be totally effective So there are often problems with a com-ponent specification
This is not all – there are other problems with specifications During programming, the developer of a component may misunderstand the component specification The next type of error is where a component contain faults so that it does not meet its specification This may be due to two kinds of problem:
1. errors in the logic of the code – an error of commission
2. code that fails to meet all aspects of the specification – an error of omission
This second type of error is where the programmer has failed to appreciate and cor-rectly understand all the detail of the specification and has therefore omitted some nec-essary code
Finally, the kinds of errors that can arise in the coding of a component are:
■ data not initialized
■ loops repeated an incorrect number of times
■ boundary value errors
19.2 ● The nature of errors
Trang 2Boundary values are values of the data at or near critical values For example, suppose
a component has to decide whether a person can vote or not, depending on their age The voting age is 18 Then boundary values, near the critical value, are 17, 18 and 19
As we have seen, there are many things that can go wrong and perhaps therefore it
is no surprise that verification is such a time-consuming activity
We now explore the limitations of testing Consider as an illustration a method to cal-culate the product of its two integer parameters First, we might think of devising a
selection of test data values and comparing the actual with the expected outcome So we
might choose the values 21 and 568 as sample values Remembering negative numbers,
we might also choose – 456 and –78 If we now look at possible coding for the proce-dure, we can immediately see the drawback with this approach:
public int product(int x, int y) { int p;
p = x * y;
if (p == 42) p = 0;
return p;
}
The problem is that, for some reason – error or malice – the programmer has cho-sen to include an ifstatement, which leads to an incorrect value in certain cases The test data that was chosen above would not reveal this error, nor, almost certainly, would any other selection of test data Thus use of selective test data cannot guarantee to expose bugs Now it could be argued that the bug is obvious in this example – simply
by looking at the program But looking at a program is not testing – it is a technique called inspection that is discussed later in this chapter
A second method of testing, called exhaustive testing, would be to use all possible data values, in each case checking the correctness of the outcome But even for the method to multiply two 32-bit integers would take 100 years (assuming a 1 millisec-ond integer multiply instruction is provided by the hardware of the computer) So exhaustive testing is almost always impracticable
These considerations lead us to the unpalatable conclusion that it is impossible to test any program exhaustively Thus any program of significant size is likely to contain bugs
Knowing that exhaustive testing is infeasible, the black box approach to testing is to
devise sample data that is representative of all possible data We then run the program, input the data and see what happens This type of testing is termed black box testing because no knowledge of the workings of the program is used as part of the testing –
we only consider inputs and outputs The program is thought of as being enclosed
19.4 ● Black box (functional) testing
19.3 ● The problem of testing
Trang 3within a black box Black box testing is also known as functional testing because it uses only knowledge of the function of the program (not how it works)
Ideally, testing proceeds by writing down the test data and the expected outcome of the test before testing takes place This is called a test specification or schedule Then you run the program, input the data and examine the outputs for discrepancies between the predicted outcome and the actual outcome Test data should also check whether exceptions are handled by the program in accordance with its specification
Consider a program that decides whether a person can vote, depending on their age (Figure 19.1) The minimum voting age is 18
We know that we cannot realistically test this program with all possible values, but instead we need some typical values The approach to devising test data for black box
testing is to use equivalence partitioning This means looking at the nature of the input
data to identify common features Such a common feature is called a partition In the voting program, we recognize that the input data falls into two partitions:
1. the numbers less than 18
2. the numbers greater than or equal to 18
This can be diagrammed as follows:
Figure 19.1 The voting checker program
There are two partitions, one including the age range 0–17 and the other partition with numbers 18 to infinity We then take the step of asserting that every number
with-in a partition is equivalent to any other, for the purpose of testwith-ing this program (Hence the term equivalence partitioning.) So we argue that the number 12 is equivalent to any other in the first partition and the number 21 is equivalent to any number in the
Trang 4We have reasoned that we need two sets of test data to test this program These two sets, together with a statement of the expected outcomes from testing, constitute a test specification We run the program with the two sets of data and note any discrepancies between predicted and actual outcome
Unfortunately we can see that these tests have not investigated the important distinction between someone aged 17 and someone aged 18 Anyone who has ever written a program knows that using ifstatements is error prone, so it is advisable to investigate this particu-lar region of the data This is the same as recognizing that data values at the edges of the partitions are worthy of inclusion in the testing Therefore we create two additional tests:
Test number Data Outcome
Test number Data Outcome
In summary, the rules for selecting test data for black box testing using equivalence partitioning are:
1. partition the input data values
2. select representative data from each partition (equivalent data)
3. select data at the boundaries of partitions
In the last program, there is a single input; there are four data values and there-fore four tests However, most programs process a number of inputs Suppose we wish to test a program that displays the larger of two numbers, each in the range 0–10,000, entered into a pair of text boxes If the values are equal, the program dis-plays either value
Each input is within a partition that runs from 0 to 10,000 We choose values at each end of the partitions and sample values somewhere in the middle:
Now that we have selected representative values, we need to consider what combi-nations of values we should use Exhaustive testing would mean using every possible combination of every possible data value, but this is, of course, infeasible Instead, we use every combination of the representative values So the tests are:
second So we devise two tests:
Trang 5This form of testing makes use of knowledge of how the program works – the struc-ture of the program – as the basis for devising test data In white box testing every state-ment in the program is executed at some time during the testing This is equivalent to ensuring that every path (every sequence of instructions) through the program is exe-cuted at some time during testing This includes null paths, so an ifstatement with-out an else has two paths and every loop has two paths Testing should also include any exception handling carried out by the program
Here is the Java code for the voting checker program we are using as a case study:
public void actionPerformed(ActionEvent event) { int age;
age = Integer.parseInt(textField.getText());
if (age >= 18) { result.setText("you can vote");
19.5 ● White box (structural) testing
SELF-TEST QUESTION
19.1 In a program to play the game of chess, the player specifies the desti-nation for a move as a pair of indices, the row and column number The program checks that the destination square is valid, that it is not out-side the board Devise black box test data to check that this part of the program is working correctly
Thus the additional step in testing is to use every combination of the (limited) rep-resentative data values
Trang 6else { result.setText("you cannot vote");
} }
In this program, there are two paths (because the ifhas two branches) and there-fore two sets of data will serve to ensure that all statements are executed at some time during the testing:
Test number Data Expected outcome
Test number Data Expected outcome
If we are cautious, we realize that errors in programming are often made within the conditions of ifand while statements So we add a further two tests to ensure that the ifstatement is working correctly:
Thus we need four sets of data to test this program in a white box fashion This hap-pens to be the same data that we devised for black box testing But the reasoning that led to the two sets of data is different Had the program been written differently, the white box test data would be different Suppose, for example, the program used an array, named table, with one element for each age specifying whether someone of that age can vote Then the program is simply the following statement to look up eligibility:
result.setText(table[age]);
and the white box testing data is different
SELF-TEST QUESTION
19.2 A program’s function is to find the largest of three numbers Devise white box test data for this section of program The code is:
int a, b, c;
int largest;
➞
Trang 7Stepping through code
Some debuggers allow the user to step through a program, executing just one instruc-tion at a time This is sometimes called single-shotting Each time you execute one instruction you can see which path of execution has been taken You can also see (or watch) the values of variables It is rather like an automated structured walkthrough
In this form of testing, you concentrate on the variables and closely check their val-ues as they are changed by the program to verify that they have been changed correctly
A debugger is usually used for debugging (locating a bug); here it is used for testing (establishing the existence of a bug)
19.6 ● Other testing methods
if (a >= b) {
if (a >= c) { largest = a;
} else { largest = c;
} } else {
if (b >= c) { largest = b;
} else { largest = c;
} }
19.3 In a program to play the game of chess, the player specifies the desti-nation for a move as a pair of integer indices, the row and column num-ber The program checks that the destination square is valid, that is, not outside the board Devise white box test data to check that this part of the program is working correctly
The code for this part of the program is:
if ((row > 8) || (row < 1)) { JOptionPane.showMessageDialog(null, "error");
}
if ((col > 8) || (col < 1)) { JOptionPane.showMessageDialog(null, "error");
}
Trang 8Testing the test data
In a large system or program it can be difficult to ensure that the test data is adequate One way to try to test whether it does indeed cause all statements to be executed is to
use a profiler A profiler is a software package that monitors the testing by inserting
probes into the software under test When testing takes place, the profiler can expose which pieces of the code are not executed and therefore reveal the weakness in the data
Another approach to investigating the test data is called mutation testing In this
technique, artificial bugs are inserted into the program An example would be to change a + into a – The test is run and if the bugs are not revealed, then the test data
is obviously inadequate The test data is modified until the artificial bugs are exposed
Team techniques
Many organizations set up separate teams to carry out testing and such a team is
some-times called a quality assurance (QA) team There are, of course, fruitful grounds for
possible conflict between the development group and the QA team
One way of actually exploiting conflict is to set up an adversary team to carry out
testing Such a team is made up of what we might normally think of as being anti-social people – hackers, misfits, psychotics Their malice can be harnessed to the effective dis-covery of bugs
Another approach is to set up bounty hunters, whose motivation for finding errors is
financial reward
Other techniques for collaborative working are explained in Chapter 20 on groups
Beta testing
In beta testing, a preliminary version of a software product is released to a selected mar-ket, the customer or client, knowing that it has bugs Users are asked to report on faults
so that the product can be improved for its proper release date Beta testing gets its name from the second letter of the Greek alphabet Its name therefore conveys the idea that it
is the second major act of testing, following on after testing within the developing organ-ization Once Beta testing is complete and the bugs are fixed, the software is released
Automated testing
Unfortunately this is not some automatic way of generating test data There is no magical way of doing that But it is good practice to automate testing so that tests can be reapplied
at the touch of a button This is extra work in the beginning but often saves time overall
Regression testing
An individual test proceeds like this:
1. apply a test
2. if a bug is revealed, fix it
Trang 93. apply the test again
4. and so on until the test succeeds
However, when you fix a bug you might introduce a new bug Worse, this new bug may not manifest itself with the current test The only safe way to proceed is to apply all the previous tests again This is termed regression testing Clearly this is usually a for-midable task It can be made much easier if all the testing is carried out automatically, rather than manually In large developments, it is common to incorporate revised com-ponents and reapply all the tests once a day
Formal verification
Formal methods employ the precision and power of mathematics in attempting to ver-ify that a program meets its specification They place emphasis on the precision of the specification, which must first be rewritten in a formal mathematical notation One such specification language is called Z Once the formal specification for a program has been written, there are two alternative approaches:
1. write the program and then verify that it conforms to the specification This requires considerable time and skill
2. derive the program from the specification by means of a series of transformations, each of which preserve the correctness of the product This is currently the favored approach
Formal verification is very appealing because of its potential for rigorously verifying
a program’s correctness beyond all possible doubt However, it must be remembered that these methods are carried out by fallible human beings, who make mistakes So they are not a cure-all
Formal verification is still in its infancy and is not widely used in industry and com-merce, except in a few safety-critical applications Further discussion of this approach is beyond the scope of this book
When we discussed black box and white box testing above, the programs were very small However, most software consists of a number of components, each the size of a small program How do we test each component? One answer is to create an
environ-ment to test each component in isolation (Figure 19.2) This is termed unit testing A driver component makes method calls on the component under test Any methods that the component uses are simulated as stubs These stubs are rudimentary replacements
for missing methods A stub does one of the following:
■ carries out an easily written simulation of the mission of the component
■ displays a message indicating that the component has been executed
■ nothing
19.7 ● Unit testing
Trang 10Thus the component under test is surrounded by scaffolding This is a large under-taking In many developments, the collections of drivers and stubs is often as big as the software itself
Thus far we have only considered unit testing – testing an individual software compo-nent, a method or a class We have implicitly assumed that such a component is fairly small This is the first step in the verification of software systems, which typically con-sist of tens or hundreds of individual components The task of testing complete systems
is called system or integration testing.
Suppose that we have designed and code all the components for a system How can
we test these components and how can we test the complete system?
Here are three different approaches to system testing:
1. big bang – bring all the components together, without prior testing, and test the complete system
2. improved big bang – test each component individually (unit testing), bring them all together and test the complete system
3. incremental – build the system piece by piece, testing the partial system at each stage
The first approach – big bang or monolithic testing – is a recipe for disaster There is
no easy way of knowing which component is the cause of a fault, and there is an enor-mous debugging task The second approach is slightly better because when the com-ponents are brought together, we have some confidence in them individually Now any faults are likely to be caused by the interactions between the components Here again, there is a major problem of locating faults
An alternative is to use some form of incremental testing In this approach, first one
component of the system is tested, then a second component is linked with the first and the system tested Any fault is likely to be localized either in the newly incorpo-rated component or in the interface between the two We continue like this, adding just one component at a time At each stage, any fault that presents itself is likely to be caused by the new component, or by its interface to the system Thus fault finding is
19.8 ● System (integration) testing
Stub
Stub
Stub
Driver Component
under test
Figure 19.2 Unit testing