Software Testing
Software Testing
Review of Software
Engineering and
Verification
Overview of SoftwareEvolution
SDLC "Testing Process
Terminologies in Testing : Error, Fault, Failure
Verification Validation
Difference between Verification and Validution
A. Concept Outline : Part-1 5E
B. Long and Medium Answer Type Questions ..... 5E
4 (CSIT-7) E
Software Testing and Audit 5(CSIT-7) E
PART- 1
Questions-Answers
the basic operation of the computer itself. There are many different
types of application software, because the range of tasks that can be
performed with a modern computer is so large.
2 System software: It is the software that directly operates the computer
hardware, to provide basic functionality needed by users and other
software, and to provide a platform for running application software.
System software includes :
Operating systems :
i They are essential collections of software that manage resources
and provides common services for other software that runs
"on top" of them.
ii. Supervisory programs, boot loaders, shells and window systems
are core parts of operating systems.
ii. n practice, an operating system comes bundled with additional
software (including application software) so that a user can
potentially do some work with a computer that only has an
operating system.
b. Device drivers:
i They operate or control a particular type of device that is
attached to a computer.
Each device needs at least one corresponding device driver
because a computer typically has at minimum at least one
input device and at least one output device, acomputer typically
needs more than one device driver.
C. Utilities : They are computer programs designed to assist users in
the maintenance and care of their computers.
Answer
Software evolution :
1 Software evolution is the term used in software engineering (specifically
software maintenance) to refer to the process of developing software
initially, then repeatedly updating it for various reasons.
2. The process of developing a software product using software engineering
principles and methods is referred to as software evolution.
3. This inchudes the initial development of software and its maintenance
and updates, tilldesired software product is developed, which satisfies
the expected requirements.
Change request
Fig. 1.3.1,
8(CSIT-7) E Review of Software Engineering & Verification
4. Evolution starts from the requirement gathering process after which
developers create a prototype of the intended software and show it to
the users to get their feedback at the early stage of software product
development.
5. The users suggest changes, on which several consecutive updates and
maintenance keep on changing too.
6. This process changes to the original software, till the desired software is
accomplished.
7. Even after the user has desired software in hand, the advancing
technology and the changing requirements force the software product
to change accordingly.
8 Re-creating software from scratch and to go one-on-one with
requirement is not feasible.
9. The only feasible and economical solution is to update the existing
software so that it matches the latest requirements.
Software evolution laws:
Lehman has given laws for software evolution. He divided the software into
three different categories :
1. S-type (static-type): This is a software which works strictly according
to defined specifications and solutions. The solution and the method to
achieve it, both are immediately understood before coding. The s-type
software is least subjected to changes hence this is the simplest of all.
For example,calculator program for mathematical computation.
2. P-type (practical-type) : This is a software with a collection of
procedures. This is defined by exactly what procedures can do. In this
software, the specifications can be described but the solution is not
obvious instantly. For example, gaming software.
3. E-type (embedded-type):This software works closely as the
requirement of real-world environment. This software has a high degree
of evolution as there are various changes in laws, taxes etc. in the real
world situations. For example, online trading software.
E-type software evolution : Lehman has given eight laws for E-type
software evolution:
a. Continuing change: An E-type software system must continue
to adapt to the real world changes, else it becomes progressively
less useful.
b. Increasing complexity : As an E-type software system evolves,
its complexity tends to increase unless work is done to maintain or
reduce it.
C. Conservation of familiarity:The familiarity with the software
or the knowledge about how it was developed, why was it developed
in that particular manner etc., must be retained at any cost, to
implement the changes in the system.
Software Testing and Audit 9(CSIT-7) E
System and
software design
Implementation
and unit testing
Integration and
system testing
Operation and
maintenance
Fig. 14.1. Software development life cycle.
Software Testing and Audit 11(CSIT-7) E
Answer
1 There are various software development life cycle models defined and
designed which are followed during software development process.
12 (CSTT-7) E Review of Software Engineering &Verification
2 Each process model follows a series of steps unique to its type, in order
to ensure success in process of software development.
3. Following are the most important and popular SDLC models followed in
the industry:
a. Waterfall model
b. Iterative model
C. Spiral model
d. V-model
4. The other related methodologies are Big Bang model, Agile model, RAD
model -Rapid Application Development and Prototyping models.
Que 1.6. Explain waterfall model in detail. What are the
advantages and disadvantages of it ?
OR
Write the various stages of waterfall model. What is the need
waterfall model ?
Answer
1 Waterfall model isa theoretical software development model whichwas
used in 70's. It is also known as classical, traditional, conventional or
linear segment model.
2 There are different stages to the development and the output of first
stage flow to the next (second) stage and output of second flows to third
stage and so on.
3 It force on sequential phase development in which no phase can overlap
another phase and so the developer must complete each phase before
starting next phase.
4 Each phase of this model has a well defined starting and ending criteria
which is to be documented by which the standard outputs (deliverables)
to be produced by each phase can formulate.
5 This model does not allow to go back to the previous stage from one
stage, "one way street with no turning back" like waterfall that's why it
is called waterfall model.
6 The different phases of this model are :
a. Feasibility study :
i. This phase is used to check whether the new proposed system
is economically, technically and operationally feasible or not.
In this, information is gathered about what outputs to be
produce, input required and process çan be used and then
different solution strategies are formulated.
ii. Finally, analysis of all solutions done on the basis of their cost
and benefits and accordingly the best solution is selected.
Software Testing and Audit 13 (CSTT-7) E
Feasibility
study
Requirement
analysis and
specification
System and
software design
Coding and
module testing
Integration and
system testing|
Implementation
and maintenance
Que 1.8. Write the various stages of spiral model. What are the
advantages and disadvantages of it ?
Answer
1. In 1987, Boehm proposed a model for the development of software
known as Boehm spiral life cycle model.
2, According to name, the activities ofthis model are organized ikea spiral
that has many circles whose number depends on software requirement.
3. The radial dimension of this model, the cumulative cost for accomplishing
different stages (phases) and angular dimension show the progress in
completing each cycle of the spiral."
4. The main objective ofthis model is to minimize the risk through the use
of prototype. This model is mainly used for large projects.
5 The spiral model can said to be made up of waterfall model in which each
stage is preceded by risk analysis.
6 Its main feature is risk avoidance rather than documentation or coding.
7 This model is more flexible than any other model as number of phases
through which the product will be developed is not fxed, it depends on
software requirement.
The two basic step of this model are :
a Identify the sub-problem which is having highest risk.
b. Find solution for that particular problem (risk).
9. Generally, there are four spirals in Boehm spiral life cyele model.
10. The inner (first)spiral is concept development cycle, the second spiral
indicates new product development cycle; the third spiral represents
18 (CSTT-7) E Review of Software Engineering & Verification
Risk analysis
Review
Risk analysis
Risk
|analy Proto
-sis type 1
Ooperyational
Prototype 3
Prototype 2
Bimulatiors, models, benchmatks
Requirements plan Concept of
life-cycle plan operation/Software
Product
Requiremyhts
Requirement
esignbetailed
Development desigy
validatie Code
plan
Design V&V Unit test
Integration and Integration
test plan test
Acceptance
test
Service Develop, verify next
Plan next phase level product
Fig. 1.8.1.
Advantages of Boehmspiral life cycle model:
1. This model tries to resolve all possible risks involved in the project
starting with the highest risk.
19 (CS/TT-7) E
Software Testing and Audit
2. User can see the product early in the life cycle.
3. In each phase, product is refined on the basis of customer feedbacks
which ensure good quality.
4. Little documentation is required as compared to waterfall model.
5. Efficient use of prototyping and component based design.
6. It is very flexible model.
It can cope with changing user requrements.
7
Disadvantages of Boehm spiral life cycle model :
1 The model requires experts for risk management.
2 This model is not suitable for small projects.
3 This is time consuming model.
4 The cost of risk analysis is high which makes the modelcostly.
5 Different persons involve in the project may find it complex to use.
6. This model is not widely used because it is relatively new.
Advantages of spiral model over traditional iterative process model:
1 The risk analysis and validation steps eliminate errors in the early phase
of development.
2 The model makes use of techniques like reuse, prototyping and
component based design.
3. It becomes equivalent to another life cycle model in appropriate situations.
The model is not suitable for small projects as cost of risk analysis may
exceed the actual cost of the project.
Que 1.9. Explain the verification and validation model with its
different phases.
OR
Discuss V- model indetail with their advantages and disadvantages.
Answer
1 The V- model is SDLC model where execution of processes happens in
a sequential manner in V-shape.
2. It is also known as verification and validation model.
3 V-model is an extension ofthe waterfall model and is based on association
of a testing phase for each corresponding development stage.
4. This means that for every single phase in the development cycle, there
is a directly associated testing phase.
5
This is a highly disciplined model and next phase starts only after
completion of the previous phase.
20 (CS/TT-7) E Review of Software Engineering &Verification
V- model design :
1. Under V-model, the corresponding testing phase of the development
phase is planned in parallel.
2. So, there are verification phases on one side and validation phases on
the other side.
3. Coding phase joins the two sides of the V-model.
4. Fig. 1.9.1 illustrates the different phases in V-model of SDLC.
Acceptance
test design Acceptance
Requirement testing
analysis
System test
design System
System testing
design
Lntegration
Architecture test design Integration
design testing
Module
Unit test Unit
design design testing
Coding
Fig. 1.9.1.
3. System testing :
System testing is directly associated with the system design phase.
b. System tests check the entire system functionality and the
communication of the system under development with external
systems.
C. Most of the software and hardware compatibility issues can be
uncovered during system test execution.
4. Acceptance testing :
a. Acceptance testing is associated with the business requirement
analysis phase and involves testing the product in user environment.
b. Acceptance tests uncover the compatibility issues with the other
systems available in the user environment.
C. It also discovers the non functional issues such as load and
performance defects in the actual user environment.
Advantages of V-model:
1 This is a highly disciplined model and phases are completed one at a
time.
2 It works well for smaller projects where requirements are very well
understood.
3. Simple and easy to understand and use.
4 Easy to manage due to the rigidity ofthe model. Each phase has specific
deliverables and a review process.
Disadvantages of V- model :
1 High risk and uncertainty.
2 Not a good model for complex and object-oriented projects.
3. Poor model for long and ongoing projects.
4 Not suitable for the projects where requirements are moderate to high
risk of changing.
5 Once an application is in the testing stage, it is difficult to go back and
change its functionality.
When to use V-model:
1. Requirement is well defined and not ambiguous.
2. Acceptance criteria are well defined.
3 Project is short to medium in size.
4. Technology and tools used are not dynamic.
Que 1.10.What do you understand by testing process ? What are
the basic steps of the testing process ?
Software Testing and Audit 23 (CS/TT-7) E
Answer
Testing is a process rather than a single activity. This process starts from test
planning then designing test cases, preparing for execution and evaluating
status till the test closure. So, we can divide the activities within the
fundamental test process into the following basic steps:
Implementation and
Execution control
Evaluating Exist
Criteria and Reporting
Test Closure
Activities
End
Fig. 1.10.1.
1. Planning and control: Test planning has following major tasks:
To determine the scope and risks and identify the objectives of
testing.
b To determine the test approach.
C. To implement the test policy and/or the test strategy.
24 (CSTT-7) E Review of Software Engineering &Verification
Answer
The terms like error, fault and failure are not synonymous and hence these
should not be used interchangeably. Al these terms are defined as :
Failure :
1 When the software is tested, failure is the first term being used.
2 It means the inability of a system or component to perform a required
function according to its specification.
3. In other words, when results or behaviour of the system under test are
different as compared to specified expectations, then failure exists.
4. Failure is the term which is used to describe the problems in a system or
software on the output side or result side.
Fault/Defect/Bug :
1 Fault is a condition, that in actual, causes a system to produce failures.
2 Fault is synonymous with the words defect or bug. Therefore, fault is
the reason embedded in any phase of SDLC (software development life
cycle) and results in failure.
Output
Fig. 1.11,1.
3 It can be said that failures are manifestation of bugs.
4. One failure may be due to one or more bugs or one bug may cause one
or more failures.
5 Thus, when the bug is executed, then failures are generated.
6 But this is not always true.
7 Some bugs are hidden, in sense that these are not executed as they do
not get the required conditions in the system.
8. So, hidden bugs may not always produce failures.
9. They may execute only in certain rare conditions.
Error:
1. Whenever a development team makes a mistake in any phase of SDLC,
errors are produced.
2. It might be a typographical error, a misleading of a
misunderstanding of what a subroutine does, and so on.specification,
a
3 Error is very general term used for human mistakes.
Software Testing and Audit 27 (CSIT-7) E
4 Thus, an error causes a bug and the bug in turn causes failures as
shown below :
Flow of faults
Fig. 1.11.2.
For example :
Let take a module in software as :
module A)
while(a>n + 1);
Suppose the module shown above is expected to print the value of x which is
critical for the use of software. But when this module will be executed, the
value of x will not be printed. It is a failure of the program.
When we try to look for the reason of this failure, we find that in mnodule A),
the while loop is not being executed. A condition is preventing the body of
while loop to be executed. This is known as bug/defect/fault.
On close observation, we finda semicolon (;) being misplaced after the while
loop which is not its correct syntax and it is not allowing the loop to execute.
This mistake is known as an error.
Answer
Verification :
1 Verifñcation ="Are we building the project right".
2. Verification includes:
a. Verifying process includes checking documents, design, code and
program.
b. It does not involve executing the code.
C. Verification uses methods like reviews, walkthroughs, inspections
and desk-checking etc.
28 (CSTT-7) E Review of Software Engineering &Verification
Answer
S. No. Validation Verification
1. Am I building the right Am I building the product right?
product ?
2. Determining if the system The review of interim work
complies with the steps and interim deliverables
requirements and performs during a project to ensure they
functions for which it is
are acceptable. To determine if
intended and meets the the system is consistent,
organization's goals and user adheres to standards, uses
needs. It is traditional and is
performed at the end of the
reliable techniques and prudent
practices, and performs the
project. selected functions in the correct
manner.
Software Testing and Audit 29 (CS/TT-7) E
PART-2
Questions-Answers
Long Answer Type and Medium Answer Type Questions
Que 1.14. What is test case ? List the typical test case parameters.
30(CSTT-7) E Review of Software Engineering &Verification
Answer
1 A test case is a document, which has a set of test data,
preconditions,
expected results and post conditions, developed for a particular tést
scenario in order to verify compliance against a specific requirement.
2 Test case acts as the starting point for the test execution, and after
applying a set of input values; the application has a definitive outcome
and leaves the system at some end point or also known as execution
post condition.
3. While drafting a test case do include the following information:
a. Test steps:List all test execution steps in detail. Write test steps in
the order in which these should be executed. Make sure to
as much details as you can. Tip- to efficiently manage provide
test case with
lesser number of fields use this field to describe test conditions,test
data and user roles for running test.
b. Test data:Use of test data as an input for this test case. You
can
provide different data sets with exact values to be used as an input.
C.
Expected result : What should be the system output
execution? Describe the expected result in detail includingafter test
message/
error that should be displayed on screen.
d. Post-condition : What should be the state of the system after
executing this test case?
Actual result : Actual test result should be filled after test
execution. It describes system behaviour after test execution.
f Status (Pass/Fail) : If actual result is not as per the
expected
result, mark this test as failed. Otherwise, update aspassed.
Notes/Comments/Questions : To support above fields if there
are some special conditions which can't be described in any of
the
fields or there are questions related to expected or actual
mention those here. results
Typical test case parameters :
1 Test case ID
2. Test scenario
3. Test case description
4 Test steps prerequisite
5 Test data
6. Expected result
7. Test parameters
8. Actual result
9 Environment information
10. Comments
31 (CSTT-7) E
Software Testing and Audit
cases ?
Que 1.15.| How to write best test
Answer
are :
Best practice for writing good test cases
:
1 Test cases need to be simple and transparent
tested.
The deseription of what requirement is being
b The explanation ofhow the system will
be tested.
under test, software, data
The test setup like version of application
access, physical or logical
C.
OR
Write the difference between test case, test suite & test oracle.
OR
Explain the following:
i. Test suite
ii. Test oracle
Answer
Test suite :
1. In software development, a test suite, less commonly known as a
validation suite', is a collection of test cases that are intended to be used
to test a software program to show that it has some specified set of
behaviours.
2 Atest suite often contains detailed instructions or goals for each collection
of test cases and information on the system configuration to be used
during testing.
3 A group of test cases may also contain prerequisite states or steps, and
descriptions of the following tests.
4. Test suite is a container that has a set of tests which helps testers in
executing and reporting the test execution status.
5 It can take any of the three states namely active, in progress and
completed.
6 Atest case can be added to multiple test suites and test plans.
7 After creating a test plan, test suites are created which in turn can have
any number of tests.
8 Test suites are created based on the cycle or based on the scope.
9 It can contain any type of tests, functional or non-functional.
Test case
Test case 2
Test suite 1|
Test case 3
Test suite n
Test case 1
Test case 2)
Test case 3)
Test case .n)
Test oracle:
1. An oracle is a mechanism for determining whether the program has
passed or failed a test.
2. Acomplete oracle would have three capabilities and would carry them
out perfectly:
Agenerator, to provide predicted or expected results for each test.
b. Acomparator, to compare predicted and obtained results.
C. An evaluator, to determine whether the comparison results are
sufficiently close to be a pass.
3. Common oracles include :
a. Specifications and documentation.
b Other products (for example, an oracle for a software program
might be a second program that uses a different algorithm to evaluate
the same mathematical expression as the product under test).
C. Aheuristic oracle that provides approximate results or exact results
for a setof a few test inputs.
Astatistical oracle that uses statistical characteristics.
e. Aconsistency oracle that compares the results of one test execution
to another for similarity.
f A model-based oracle that uses the same model to generate and
verify system behaviour.
A human oracle (i.e., the correctness of the system under test is
determined by manual analysis).
Difference between test case, test suite and test oracle:
1. A test case is a set of conditions under which a tester will determine
whether an application, software system or one of its features is working
as it was originally established for it to do.
2. A
test suite is a collection of test cases that are intended to be used to
test a software program to show that it has some specified set of
behaviours. Atest suite often contains detailed instructions or goals for
each collection of test cases and information on the system configuration
to be used during testing.
3 The mechanism for determining whether a software program or system
has passed or failed, such a test is known as test oracle.
Que 1.18. Explain the following:
a. Impracticality of testing all data
b. Impracticality of testing all paths
Answer
a Impracticality of testing all data:For most programs, it is impractical
to attempt to test the program with all possible inputs, due to a
combinational explosion. For those inputs selected,a testing oracle is
Software Testing and Audit 35 (CS/IT-7) E
Questions-Answers
Long Answer Type and Medium Answer Type Questions
Answer
The four fundamental methods of verification are Inspection, Demonstration,
Test, and Analysis. The four methods are somewhat hierarchical in nature,
as each verifies requirements of aproduet or system with increasing rigor.
Following are the various verification methods :
1. Verification by test :
a. It involves special test equipment and/or instrumentation.
b. It also involves running multiple "tests" (activities) to collect data on
the system that will show proof the requirement has been met.
36 (CS/TT-7) E Review of Software Engineering &Verification
C Because there are multiple sets of data collected, we then have to
analyze (activity) the data to make a determination whether or not
the verification success criteria has been met to say the verification
by Test (method) was successful.
d Prior to running these tests (activities) we may inspect (activity)
the verification (method) results of the children requirements to
this requirement.
e. In this case, the method of verification is Test.
2. Verification by demonstration :
a. It involves running at least one "test" (activity) (usually more than
once) without special test equipment or instrumentation to collect
the sets of data that we analyze (activity) to prove the system meets
a requirement.
b Again, prior to running these tests (activities) we may inspect
(activity) the verification (method) results of the children
requirements to this requirement.
C In this case, the method of verification is demonstration.
3. Verification by analysis :
a. It is used when one of the other methods is not appropriate or you
can't afford to use verification by test (method) for every
requirement or you can't do an end-to-end test (activity) but only
on parts of the system.
b. In this case you collect data on parts of the system via test (activity).
C. Then based on this data and your knowledge of the system design,
you make an engineering judgment whether or not the defined
success criteria has been met in order to conclude (prove) that
verification by analysis (method)was successful.
d. In this case, even though Imay have run some tests (activities) to
collect the data, the method of verification is analysis.
4. Verification by inspection :
a. It is when you can use one of your senses to prove if the system
meetsa requirement.
b. You don't have to exercise the system, you can observe the results
of your observations or inspections (activities) to prove the system
meets a requirement.
C. The word inspection is often misused (activity vs method) when
there is a need to examine paperwork from other verification
activities as a prerequisite to completing one of the other verification
methods.
Example:
1. Imay be verifying the system meets a requirement that involves the
interaction of twoof the subsystems.
37 (CSIT-7) E
Software Testing and Audit
(method),
as part of verification by testeach of the
Before running a test (activity)verification
2.
the paperwork for
Imay want to examine make sure each subsystem was
subsystem children requirements to requirement prior to integrating
proven to meet its respective interface verifying that the integrated
then
the two subsystems together and
system meets the parent requirement.
even though Iinspected (examined) (activity) the lower
In this case,
3.
verification method is test (or one of
level verification paperwork, the
verification).
the other methods of
the key points of SRS verification ?
Que 1.20. Define SRS.What are
Answer
SRS:
system to be developed with
1 SRS is a detailed description of a software
its functional and non-functional requirements. and
agreement between customer
2 The SRS is developed based on the
contractors.
user is going to interact with software
3 It may include the use cases of how
system.
specification document consistent of all
4 The software requirement development.
necessary requirements required for project
5. To develop the software system we should have clear understanding of
software system. customers to
communication with
6. To achieve this we need a continuous
gather allrequirements.
will interact with all internal
7. A good SRS defines how software system and human
modules, hardware, communication with other programs
scenarios.
user interactions with wide range of real life
document on QA
8 Using the software requirements specification (SRS)
lead, managers creates test plan.
Key points of SRSverification are:
1. Correctness of SRS should be checked:
a. Since the whole testing phase is dependent on SRS, it is very
important to check its correctness.
b. There are some standards with which we can compare and verify.
2. Ambiguity should be avoided :
Sometimes in SRS, some words have more than one meaning and
this might confuse testers making it difficult to get the exact
reference.
b. It is advisable to check for such ambiguous words and make the
meaning clear for better understanding.
38 (CS/IT-7) E Review of Software Engineering &Verification
Answer
1. Any written or pictorial information describing, defining, specifying,
reporting, or certifying activities,requirements, procedures, or results.
2 Documentation is as important to a product's success as the product
itself.
3 If the documentation is p0or, non-existent, or wrong, it reflects on the
quality of the product and the vendor.
4 As per the IEEE documentation describing plans for, or results of the
testing of a system or component, types include test case specification,
test incident report, test log, test plan, test procedure, test report.
5 Hence, the testing of all the above mentioned documents is known as
documentation testing.
6 This is one of the most cost effective approaches to testing.
7. Ifthe documentation is not right, there will be major and costly problems.
8.
The documentation can be tested in a number of different ways to many
different degrees of complexity.
9.
a spelling and
These range from running the documents throughdocumentation to
grammar checking device to manually reviewing the
remove any ambiguity or inconsistency.
of the software
10. Documentation testing can start at the very beginning
since earlier a defect is
process and hence save large amounts of mnoney,
found, the less it will cost to be fixed.
accuracy and
11. Documentation testing means verifying the technical and the online
readability of the user manuals, including the tutorials
help.
explained:
12. Documentation testing is performed at three levels as
clarity,
Read test : In this test, documentation is reviewed for
organization, flow, and accuracy without executing the documented
instructions on the system.
b. Hands-on test : The online help is exercised and the error
usefulness.
messages are verified to evaluate their accuracy and
documentation
C. Functional test: The instructions embodied in the
are followed to verify that the system works as it has been
documented.
documentation
Following concrete tests are recommended for
testing :
1. Read all the documentations to verify :
a. Correct use of grammar.
42 (CSIT-7) E Review of Software Engineering & Verification
Answer
maintainability of a
1. Inspections improve the reliability, availability, and
software product.
development can
2 Anything readable that is produced during software
be inspected.
testing to
3 Inspections can be combined with structured, systematic
provide a powerful tool for creating defect-free programs.
participants
4 The inspection activity follows a specified process and the
play well-defined roles.
members who play the
5 An inspection team consists of three to eight
roles of moderator, author, reader, recorder, and inspector.
6 It alsohelps to have a client representative participate in requirements
specification inspections.
and
7. Group inspections enable team members to exchange knowledge
ideas during an inspection session.
8
Moderator leads the inspection, schedules meetings, controls meetings,
issues.
reportsinspection results, and follows up on rework
9. Author creates or maintains the work product being inspected.
10. Reader describes the sections of the work product to the team as they
proceed through inspection.
11. Recorder classifies and records defects and issues raised during the
inspection.
12. All participants play the role of inspectors. However, good inspectors are
those who have created the specification for the work product being
inspected.
13. For example, the designer can act as an inspector during code inspection
while a quality assurance representative can act as standard enforcer.
An error checklist for inspections :
1. An important part of the inspection process is the use of a checklist to
examine the program for common errors.
49 (CS/TT-) E
Software Testing and Audit
2. The checklist is largely language independent, meaning that most of the
errors can occur with any programming language.
3 We may wish to supplement this list with errors peculiar to our
programming language.
4 The errors may be :
a. Data reference errors
b. Data-declaration errors
C. Computation errors
d. Comparison errors
e. Control-flow errors
f. Interface errors
Input-output errors
Goals of inspection :
1 It helps the author to improve the quality of
the document under
inspection.
2, It removes defects efficiently and as early as possible.
3. It improves product quality.
exchanging information.
4. It creates common understanding by
5. It learn from defects found and prevent
the occurrence of similar defects.
Answer
Difference between inspection and walkthrough :
S. No.
Inspection Wallkthrough
1 It is formal. It is informal.
2 Initiated by the project Initiated by the author.
team.
(55E - 67E)
Part-1
54(CS/IT-7) E
55 (CSIT-7) E
Software Testing and Audit
PART- 1
Equivalence Clas
Functional Testing: Boundary Value Analysis,
Cause-Efect Graphing
Testing, Decision Table Based Testing,
Technique.
Questions-Answers
Questions
Long Answer Type and Medium Answer Type
difference between
Que 2.1. What is functional testing? Write the
functional testing and non-functional testing.
OR
Explain functional testing. List some functional testing technique.
Answer
1. Functional testing is a quality assurance (QA) process and a type of
black box testing that bases its test cases on the specifications of the
software component under test.
2 Functions are tested by feeding them input and examining the output,
and internal program structure is rarely considered (not like in white
box testing).
3. Functional testing usually describes what the system does.
4 Functional testing is a testing technique, that is, used to test the features/|
functionality of the system or software, should cover all the scenarios
including failure paths and boundary classes.
5. Functional testing verifies that each function of the software application
operates in conformance with the requirement specification.
6 This testing mainly involves black box testing and it is not concerned
about the source code of the application.
7. Each and every functionality of the system is tested by providing
appropriate input, verifying the output and comparing the actual results
with the expected results.
56 (CS/TT-7) E Functional Testing and Structural Testing
8 This testing involves checking of user interface, AI"'; database, security,
client/ server applications and functionality of the application under
test.
9. The testing can be done either manually or using automation.
10. Functional testing does not imply that you are testing afunction (method)
of your module or class.
11. Functional testing tests aslice of functionality of the whole system.
12. Functional testing typically involves six steps :
a. The identification of functions that the software is expected to
perform.
b. The creation of input data based on the function's specifications.
C. The determination of output based on the function's specifications.
d. The execution of the test case.
e. The comparison of actual and expected outputs.
f Tocheck whether the application works as per the customer need.
Functional v/s non-functional testing
S. No. Functional testing Non-functional testing
1. Functional testing is Non-functional testing checks the
performed using the performance, reliability,scalability
functional specificationand other non-functional aspects
provided by the client and of the software system.
verifies the system against
the functional requirements.
2. Functional testing isexecuted Non-functional testing should be
first. performed after functional testing.
3 Manual testing or automation Using tools wil be effective for this
tools can be used for testing.
functional testing.
4 Business requirements are Performance parameters like
the inputs to functional speed, scalability are inputs tonon
testing. functional testing.
5. Functional testing describes Non-functional testing describes
what the product does. how good the product works.
6. Tough to do manual testing.
Easy to do manual testing.
Answer
of things (for
1. A decision table is a good way to deal with combinations
example, inputs).
'cause-effect' table.
2. This technique is sometimes also referred to asa
diagramming
3 The reason for this is that there is an associated logic
technique called 'cause-effect graphing' which was sometimes used to
help in deriving the decision table.
combination
4 It helps in reducing test effort in verifying each and every
of test data, at the same time ensuring complete coverage.
5 Decision tables provide a systematic way of stating complex business
rules, which is useful for developers as well as for testers.
whether
6. Decision tables can be used in test design in order to determine
or not they are used in specifications or not.
A decision table is the method used to build a complete set
of test cases
7.
without using the internal structure of the program in question.
input and
8. In order to create test cases, we use a table to contain the
output values of a program.
9.
Such a table is split up into four sections as shown in Fig. 2.6.1.
Stub
Conditions Entry
portion portion
Actions
18. Notice the use of input in the table below, these are known as don't care
entries.
19. Don't care entries are normally viewed as being false values which do
not require the value to define the output.
Stub Rule 1 Rule 2 Rule 3 Rule 4 Rule 5 Rule 6
c1 T F
c2 T T T T
c3 T T T
c4 T T
al X X X X X
a2 X X X X X
Answer
In order to build decision tables, first we need to determine the maximum
size of the table, then we have to eliminate any impossible situations,
inconsistencies, or redundancies, and finally we need to simplify the table as
much as possible.
Following are the ways to develop decision tables :
1 Study the given specification and determine the number of conditions
that may affect the decision. Remove any conditions that repeat. Once
we arrive at this list of non-repeatable conditions (that is, conditions
that are mutually exclusive), we have torecord all these conditions as
rows in the top left half of the decision table.
2. Determine the number of p0ssible actions that can be taken. These
become the number of rows in the lower left half of the decision table.
3. Determine the number of condition alternatives for each condition. In
the simplest form of decision table, there would be two alternatives (Y
or N) for each condition. In an extended-en'ry table, there may be many
alternatives for each condition.
4. Then, we have to calculate the maximum number of columns in the
decision table by calculating number of conditions raise to the number
Software Testing and Audit 63 (CSIT-7) E
Answer
1. Decision tables are very much helpful in test design technique.
2. It helps testers to search the effects of combinations of different inputs
and other software states that must correctly implement business rules.
3. It also provides a regular way of stating complex business rules, that is,
helpful for developers as well as for testers.
4. Testing combinations can be a challenge, as the number of combinations
can often be huge.
64 (CSTT-7) E Functional Testing and Structural Testing
do a better job.
5. It assists in development process with developer to
unfeasible.
6 Testing with all combination might be unrealistic or
7 We have to be happy with testing just a small
subset of combinations but
which to leave out
and
making the option of which combinations to test
is also significant.
an arbitrary
8. Ifyou do not have efficient way of selecting combinations,test effort.
ineffective
subset will be used and this may result in an
used in both testing
9 Adecisiontable is basically an outstanding technique
and requirements management.
requirements when dealing with
10. It is a structured exercise to prepare complicated logic.
complex business rules. It is also used in model
decision table.
Que 2.9. Write advantages and disadvantages of
OR
Write the application of decision table.
Answer
Advantagesof decision table :
1. This type of testing works iteratively.
2. These tables guarantee that we consider
every possible combination of
condition values. This is known as its "completeness property".
3 Decision tables are declarative.
Disadvantages of decision table:
1 Decision tables do not scale up well.
2. We need to "factor large tables into
smaller ones to remove redundancy.
Applications of decision table :
1 Prominent if-then-else logic.
2 Logical relationships among input
variables.
3 Calculations involving subsets of the input
variables.
4
Cause-and-effect relationships between inputs and outputs.
5 High cyclomatic complexity.
Also, write
Que 2.10. What is cause-effect graphing technique ?
the notations.
OR
What notations are used in cause-effect graphing technique ?
OR
Write the benefits of cause-effect graphing technique.
Answer
1. In software testing,a cause-effect graph is a directed graph that maps a
set of causes to a set of effects.
Software Testing and Audit 65 (CS/IT-7) E
2 The causes may be thought of as the input to the program, and the
effects may be thought of as the output.
3. Usually,the graph shows the nodes representing the causes on the left
side and the nodes representing the effects on the right side.
4 There may be intermediate nodes in between that combine inputs using
logical operators such as AND and OR.
5. A"cause" represents a distinct input condition that brings about an
internal change in the system.
6. An "effect" represents an output condition, a system transformation or
a state resulting from a combination of causes.
7. The graph's direction is as follows:
Causes ’ intermediate nodes Effects
Cause 1 |Cause 3
Effect
Cause 2 |Cause 4
C
C2) OR
(c3
AND
C
Fig. 2.10.2.
66 (CS/TT-7) E Functional Testing and Structural Testing
1 Just assume that each node having the value 0 or l where 0 shows the
'absent state' and 1shows the 'present state'.
2 The identity function states when C1= 1, El=lor we can say if CO = 0
and E0 = 0.
3 The NOT function states that, if C1=1, El=0 and vice-versa.
4
Likewise, OR function states that. if C1 or C2 or C3 = 0, E1 =0 else
El= 1.
5 The AND function states that, if both C1 and C2 = 1, El =1, else El= 0.
6 The AND and OR functions are permitted to have any number of inputs.
Steps to proceed on cause-effect diagram:
1 Recognize and describe the input conditions (causes) and actions (effect).
2. Build up a cause-effect graph.
3 Convert cause-effect graph into a decision table.
4 Convert decision table rules to test cases. Each column of the decision
table represents a test case.
5 For example :Ihave a requirement that says:"IfA OR B, then C." The
following rules hold for this requirement :
a. IfA is true and B is true, then Cis true.
b. If Ais true and Bis false, then Cis true.
C. IfA is false and B is true, then C is true.
IfA is false and Bis false, then Cis false.
The cause-effect graph that represents this requirement is provided in
Fig. 2.10.3. The cause-effect graph shows the relationship between the causes
and effects.
Node _A
OR Node C
2 Node_B
PART-2
Questions-Answers
Answer
1. The structural testing is the testing of the structure of the system or
component.
2. Structural testing is often referred to as 'white box' or glass box' or
clear-box testing because in structural testing we are interested in
what is happening inside the system/application.
3 In structural testing, the testers are required to have the khowledge of
the internal implementations of the code.
4. Here, the testers require knowledge of how the software is implemented,
how it works. It checks the implementation of the programn or code.
5. The objective of structural testing is not to check different input or
output conditions but to check different data and programming structure
used in the program.
6. During structural testing, the tester is concentrating on how the software
does it.
7. For example, a structural technique wants to know how loops in the
software are working.
8 Different test cases may be derived to exercise the loop once, twice, and
many times.
9 This may be done regardless of the functionality of the software.
10. Structural testing is done:
a To understand what is missing in our test suite.
b. To complement functional testing.
C. It helps to identify obvious inadequacies.
Categories of structural testing: The whole structural testing is
categorized into four divisions:
1. Statement coverage : It is the wealkest form of testing, as it requires
that every statement in the code has to be executed at least once.
2 Branch coverage : In this, each branch condition for the program is
tested for its true or false values.
3. Path coverage: For path coverage, the path ofthe program is executed
at least once, it test individual path for the program.
4. Condition coverage : In this type of testing, it checks allpossible
combinations of conditions. For conditional branches, we execute the
TRUE branch at least once and the FALSE branch, at least once. Unlike
branch coverage, it tests for both conditional as well as non-conditional
branches.
Advantages of structural testing :
1 Forces test developer to carefully give reason about implementation.
2 Reveals errors in hidden" code.
69 (CS/TT-7)E
Software Testing and Audit
3. Spots the dead code or other issues with respect to best programming
practices.
Disadvantages of structural testing :
perform white
1. Expensive as one has to spend both time and money to
box testing.
2. Every possibility that few lines of code are missed accidentally.
3 Deep knowledge about the programming language is necessary to
perform white box testing.
Difference between structural and functional testing:
?
Que 2.12. What are the steps of control flow testing
OR
the limitations of
Why control flow testing is important ? What are
control flow testing ?
Answer
Control flow testing :
1. Control flow testing uses the control structure of a program to develop
the test cases for the program.
2 It is a testing technique that comes under white box testing.
3. The entire structure, design, and code of the software
have to be studied
for this type of testing.
4. Often, the testing method is used by developers themselves to test their
own code and design as they are very familiar with the code.
5. The test cases are developed to sufficiently cover the whole control
structure of the program.
This method is implemented with the intention to test logic of the code
so that the required results or functionalities can be achieved.
70 (CSIT-7) E Functional Testing and Structural Testing
Draw a
Program unit control flow |Control flow Select Selected
graph path paths
graph
Inputs
Generated
test input
data
Are the
No selected
paths
feasible 2
Yes
Output
Test input|
data
int sum=0;
while (i <= 10)
if (i/2 == 0)
sum = Sum + 1:
i++;
return sum;
entry sum = 0:
AA T
i/2 == 0
T
exit
sum = sum + i;
i++:
1. IfA = 50
2.THEN IF B>C
3
3. THENA =B
4. ELSE A=C
5. ENDIF
6. ENDIF
7. PrintA
We can see that there are few conditional statements, that is, executed
depending on what condition it ? Here there are 3 paths or conditions that
need to betested to get the output.
1. Pathl: 1,2,3,4,5,6,7
2. Path 2: 1,2,4,5,6,7
3. Path 3: 1,6,7
74 (CSTT-7) E Functional Testing and Structural Testing
Edge
Node
Fig. 2.14.1.
Software Testing and Audit 75(CSIT-7) E
Path 1:1-11
Path 2: 1-2-3-4-5-10-1-11
Path 3:1-2-3-6-8-9-10-1-11
Path 4: 1-2-3-6-7-9-10-1-11
b. Note that each new path introduces a new edge.
C. The path 1-2-3-4-5-10-1-2-3-6-8-9-10-1-11 is not considered to be
an independent path because it is simply a combination of already
specified paths and does not traverse any new edges.
d. Independent paths for Fig. 2.14.2, are:
Path 1: 1-7
Path 2 : 1-2-6-1-7
Path 3:1-2-3-4-5-2-6-1-7
Path 4: 1-2-3-5-2-6-1-7
7 5
Fig. 2.14.2.
Edge
Switch statement
representation
Fig. 2.15.1. Basic constructs of a program graph.
77 (CSIT-7) E
Software Testing and Audit
6. The basic constructs are used to convert a program is its program graph.
and
7. Consider the program square which takes a number as an input
generates the square of the number.
#include <stdio.h>
void main()
Answer
Identification of independent paths / Calculation of independent
paths :
1. There are three equations from graphing theory that we will use to
calculate the number of linearly independent paths through any
structured system.
2. These three equations and the theory of linear independence were the
work of a Dutch scholar named C.
3. Berge who introduced them in his work graphs and hypergraphs.
4 Specifically, Berge's graph theory defines the cyclomatic number V(G)
of a strongly connected graph Gwith Nnodes, Eedges, and one connected
component.
5. This eyclomatic number is the number of linearly independent paths
through the system.
Software Testing and Audit 79 (CS/IT-7) E
pl
el
di e2 e3
p2
e4 Region 1
d2 e5 e6
p3
e7
Region 2
p4
Answer
1 The cyclomatic complexity is also known as structural complexity because
it gives internal view of the code.
Software Testing and Audit 81 (CSTT-7) E
Fig. 2.17.1.
V(G) = 9-6+2=5
Here e =9, n=6 and P=1
There will be five independent paths for the flow graph illustrated in
Fig. 2.17.1.
path 1: a cf
path 2: abef
82 (CSIT-7) E Functional Testing and Structural Testing
path 3:adcf
path 4:abeacfor a beabef
path 5:abebef
Notice that the sequence of an arbitrary number of nodes always has
unit complexity and that cyclomatic complexity conforms to our intuitive
notion of minimum number of paths. Several properties of cyclomatic
complexity are stated below :
VG) >=1
b. VIG) is the maximum number of independent paths in graph G.
C. Inserting and deleting functional statements to G does not affect
V(G).
G has only one path if and only if V(G) = 1.
e. Inserting a new row in G increases V(G) by unity.
f V(G) depends only on the decision structure of G.
For example,
if (Condition 1)
statement 1
else
statement 2
if (Condition 2)
statement 3
else
statement 4
int a, b, c;
a =b+C;
printf("%d", a);
84 (CSIT-7) E Functional Testing and Structural Testing
8
What will be the output ? The value of 'a' may be previously stored in the
memory location assigned to variable 'a' or garbage value.
9 If we execute the program, we may get an unexpected value.
10. The mistake is in the usages of this variable without first assigning a
value to it.
11. Data flow testing may help us to minimize such mistakes.
12. It has nothing to do with data flow diagram.
13. It is based on variables, their usages and their definitions in the program.
14. The main point of concern are :
Statements where variable receive values (definitions).
b Statements where these values are used (referenced).
Data flow testing strategies:
1. All definitions: Test cases for each
definition of each variable.
there is at least
2 All predicate uses: Test cases are generated so that
of variable.
one path of each variable definition to each P-use
that there is at
3. Allcomputational uses :Test cases are generated so variable.
use of
least one path of each variable definition to each C-
there is a path
4. AllP uses some Cuses :Test cases for every variable,
definition. If there is a
from every definition to every p-use of that definition is
definition with no p-use following it, then a c-use of the
considered.
is a path
5. All C uses some P uses:Test cases for every variable, there
definition. If there is a
from every definition to every c-use of that definition is
definition with no c-use following it, then a p-use of the
considered
path from
6 All uses: Test.cases for every use of the variable, there is a
the definition of that variable to the use.
7. All du paths: This is the strongest data flow testing strategy. Every du
definition.
path from every definition of every variable to every use ofthat
Data flow anomalies :
1. Data flow anomalies represent the rules which help to detect improper
use of data. The notation used to define these anomalies :
a. d- defined, created, initialized
b. k- undefined, killed
C u - used
c- Computation use
p-Predicate use
d -X -all prior actions are not of interest to x
Software Testing and Audit 85 (CSIT-7) E
k kill last
h use last
3. Anomalies which shows bug and should be avoided in the programs :
a. first use Bug. Data is used without definition.
b. -k first kill Bug. Data is killed without defining it.
C. dd define-define Bug. Redefinition of data.
d. dk define -> kill Bug, Data is killed without using it.
e. kk kill - kill Bug. Destroying already killed data.
f. ku kill - use Bug. Data is used after destroying it.
d define last Bug. Defining but not using it.
Que 2.19. What is mutation testing and mutation score ? Write
advantages and disadvantages of mutation testing.
OR
Write the steps to execute mutation testing. Explain types of
mutation testing.
Answer
Mutation testing:
1. Mutation testing is a method of software testing in which program or
source code is deliberately manipulated, followed by suite of testing
against the mutated code.
2. The mutations introduced to source code are designed to imitate common
programming errors.
3. Agood unit test suite typically detects the program mutations and fails
automatically.
4. Mutation testing is akind oftesting in which the application is tested for
the code that was modified after fixing a particular bug/defect.
5 It also helps in finding out which code and which strategy of coding can
help in developing the functionality effectively.
6. Mutation testing ensures the accuracy of our unit tests.
86 (CSTT-7) E Functional Testing and Structural Testing
successful and would not detect any
7. In some cases, our unit tests will be
may be not true.
bugs or defects in our source code, but that
source code (mutating)
8. In these situations, we will do some alteration in
test.
for making errors and again will run those unit
Following are the steps to execute mutation testing:
creating
Step 1:Faults are introduced into the source code of the program by
contain a single fault,
many versions called mutants. Each mutant should demonstrates the
and the goal is to cause the mutant version to fail which
effectiveness of the test cases.
the mutant
Step 2: Test cases are applied to the original program and also to faults in
detect
program. Atest case should be adequate, and it is tweaked to
a program.
Step 3: Compare the results of original and mutant program.
Step 4:If the original program and mutant programs generate the same
case is
output, then that the mutant is killed by the test case. Hence, the testmutant
good enough to detect the change between the original and the
program.
Step 5 :If the original program and mutant program generate different
need to
output, Mutant is kept alive. In such cases, more effective test cases
be created that kill all mutants.
Types of mutation testing:
1. Value mutations: An attempt to change the values to detect errors in
the programs. We usually change one value to a much larger value or
one value to a much smaller value. The most common strategy is to
change the constants.
2 Decision mutations : The decisions/conditions are changed to check
for the design errors. Typically, one changes the arithmetic operators to
locate the defects and also, we can consider mutating all relational
operators and logical operators (AND, OR, NOT).
3 Statement Mutations :Changes done to the statements by deleting
or duplicating the line which might arise when a developer is copy
pasting the code from somewhere else.
Create mutant programs :
A mutation is nothing but a single syntactic change that is made to the
program statement. Each mutant program should differ from the original
program by one mutation.
Original program : If (x>y) Print "Hello" Else Print "Hi"
Mutant program : If (x<y<strong ="">)kly<> Print "Hello" Else Print "Hi"
What to change in a mutant program ?
There are several techniques that could be used to generate mutant programs.
Let's look at them :
Software Testing and Audit 87(CS/IT-7) E
89 (CSTT-7) E
90 (CSTT-7) E Regression Testing &Prioritization Technique
PART-1
Regression Testing : What is Regression ?Regression Test Cases
Selection, Reducing the Number of Test Cases, Code Coverage
Prioritization Technique.
Questions-Answers
Long Answer Type and Medium Answer Type Questions
b When the customers start using the product, they may encounter
new defects, Dand D5.
C Again, the development and testing team will fix and test these
new defect fixes.
But, in this process defect D' is again occur.
6 Thus,the testing team should not only ensure that the fixes take care of
the defects they are supposed to fix, but also that they do not break
anything else that was already working.
7 Regression testing enables the test team to meet this objective.
8 Regression testing enables that any new feature introduced to the
existing product does not adversely affect the current functionality.
9. Regression testing follows "Selective re-testing technique".
10. Whenever the defect fixes are done, a set of test cases that need to be
run to verify the defect fixes are selected by the test team.
11. Since, this testing technique focuses on reuse of existing test cases that
have already been executed, the technique is called selective re-testing.
But also sometimes new test cases need to be developed for testing.
Types of Regression Testing:There are two types of regression testing in
practice :
1 Regular regression testing
2. Final regression testing
1. Regular regression testing :
a A regular regression testing is done between test cycles to ensure
that the defect fixes that are done and the functionality that were
working with the earlier test cycles continue to work.
b. A
regular regression testing can use more than one product build
for the test cases to be executed.
C. Abuild is an aggregation of all the defect fixes and features that are
present in the product.
2. Final regression testing :
a. It is done to validate the final build before release.
b. The CM engineer delivers the final build with the media and other
contents exactly as it would go to the customer.
C.
The final regression test cycle is conducted for a specific period of
duration, which is mutually agreed upon between the development
and testing teams. This is called "Cook time" for regression testing.
d. Cook time is necessary to keep testing the product for certain
duration, since some of the defects (as memory leaks) can be
unearthed only after the product has been used for certain time
duration.
92 (CSIT-7) E Regression Testing &Prioritization Technique
duration of
The product is continuously exercised for the complete identified.
the cook time to ensure that such time-bound defects are
completed for
f. All the defect fixes for the release should have been
the build used of the final regression test cycles.
type
The final regression test cycle is more critical than any other same
ensures the
or phase of testing, as this is the only testing that customer.
build of the product that was tested reaches the
Case 1:Ifthe defect fixes are low, then it is enough that atest engineer
select a few test cases from TCDB (test case database) which fall under
any priority (0, 1, 2).
Case 2:If theimpact of defect fixes are medium, then only Priority-0
and Priority-1 test case are need to be executed.
Case 3 : If the impact of the defect fixes are high, then we need to
execute all Priority-0, Priority-1and a carefully selected subset of priority
2test cases.
5. Resetting the test case for regression testing: Resetting test cases
reduces the risk involved in testing defect fixes by making the tester go
through all the test cases and selecting appropriate test cases based on
the impact of those defect fixes. It needs to be done with the following
consideration :
When there is a major change in product.
b When there is a change in the build procedure which affects the
product.
C. Large release cycle where some test cases were not executed for a
long time.
When the product is in the final regression test cycle with a few
selected test cases.
e. Whenever existing application functionality is removed, the related
test cases can be reset.
6. Concluding the results of regression testing :Sometimes testers
or developers monitor the results from regression as they would like to
know how well their defect fixes work in the product. It is used to
conclude whether regression was successful or not.
a. If the result of a particular test case was a pass using the previous
builds and a fail in the current build, then regression has failed.
b. If the result of particular test case was a fail using the previous
builds and a pass in the current build then it is safe to assume the
defect fixes worked.
Software Testing and Audit 95 (CS/TT-7) E
C. If the result of a particular test case was a fail using the previous
builds but works with a documented workaround then it should be
considered as a pass.
d. If you are satisfied with the workaround, then it should be
considered as a pass for both system test cycle and regression test
cycle.
Que 3.3. What methodology is used for selection of regression
test cases ?
OR
What is regression test cases selection ?
Answer
i. Once the test cases are prioritized, test cases can be selected. There
could be several approaches to regression testing which need to be
decided on a case by case basis.
For example:
1 Case l: If criticality and impact of the defect fixes are low, then it
is enough to select few test cases from Test Case DataBase (TCDB)
and execute them. These can fall under any priority (0, 1, or 2).
2. Case 2:
a. If the criticality and the impact of the bug fixes are medium,
then we need to execute all Priority-0 and Priority-1 test cases.
b. If bug fixes need additional test cases from Priority-2, then
those test cases can also be selected and used for regression
testing.
C. Selecting Priority-2 test cases in this case is desirable but not a
must.
3. Case 3: If the criticality and impact of the bug fixes are high, then
we need toexecute all Priority-0, Priority-1 and carefully selected
Priority-2 test cases.
i. The above methodology requires impact analysis of bug fixes for all
defects. It can be a time consuming process.
iv. If there is not enough time and the risk of not doing impact analysis is
low, then the following alternative methodologies are used:
1. Regress all : For regression testing, all priority 0, 1, and 2 test
cases are re-run.
Bug fixes
mpact
Legend
P, - Priority 0
P, - Priority 1
P, - Priority 2
Very few High
Low Medium
Al
Subset
PO PO
PO
P1 P1 P1
P2 P2 P2
Fig. 3.3.1.
the last cycle of
4. Regress changes: Code changes are compared totheir impact on the
testing and test cases are selected based on
code.
testing ?
Que 3.4. What is prioritization of test cases in regression
Answer
impact, critical and
1. Prioritizing the test cases depends on the business based on priority
frequently used functionality. Selection of test cases
will reduce the test suit.
2. The test cases may be classified into three categories:
cases
a. Priority-0: These test cases can be called as Sanity test
the
which check the basic functionality and are run for accepting
build for further testing. These are also run when a project goes
project
through major changes. These test cases deliver a very high
value to both development teams and to customers.
b. Priority-l :Uses the basic and normal setup and these test cases
deliver high project value to both development teams and customers.
Priority 0
10%
Priority 1
25%
Priority 2
65%
Fig. 3.4.1.
Software Testing and Audit 97 (CS/IT-7) E
Answer
1. For most projects it is nearly impossible to execute all of these tests.
Although many project schedules are strapped due to tight time
constraints, many other reasons exist that necessitate reducing the
number of test cases, for example:
a. Imminent ship date;
b. Impossibly large number of test cases;
C Limited staffing resources;
d Limited access to test equipment.
2. There are several techniques that reduce the number of test cases.
3. Although no one method will identify the best test cases, the intent is to
categorize the tests on a scale from most important down to least
important.
4. The methods described help to identify and prioritize key testing areas,
which then guides the tester to create and execute the most crucial test
cases first.
5. Any remaining available time can then be used to focus on the next tier
of tests.
6. The true art of testing is to select a meaningful subset of test cases that
are most likely to uncover problems, thereby reducing the total number
of tests while maintaining confidence in the product's operation.
7. Failure toassess the application's potential problems often results in
testing the least critical features.
8 Without proper risk assessment, neophyte testers often select
inappropriate tests resulting in some undesirable consequences such
as :
9. Atester can apply either or both of these methods during the design
phase to identify unique characteristics, and thus avoid ereating
redundant test cases.
10. These test design methods are :
a. Equivalence class partitioning consists of dividing the input domain
into groups, such that each member of a group evokes similar
responses from the application. The tester then creates test cases
by selecting representative data from each group.
b Orthogonal array testing provides good test coverage when an
input domain is small but too large to accommodate testing every
possible permutation of the input values. The input domain must
have parameters that take on a finite set of possible values, such as
enumerated types, a bounded set of numbers, or states in a state
machine.
11. Four schemes that focus on prioritizing the existing set of test cases.
These reduction schemes are as follows:
a. Priority category scheme;
b. Risk analysis;
C. Interviewing to identify problem areas;
d Combination schemes.
12. Allof these reduction methods are independent, and no one method is
better than the other. Different test case prioritization schemes may
generate different lists of prioritized features to test.
Que 3.6.Explain code coverage prioritization technique in detail.
Answer
1. We consider a program P with its modified program P, and its test suit T
created to test P.
2. When we modify Pto P, we would like to execute modified portion(s) of
the source code and portion affected by the modification to see the
correctness of modifications.
3. We neither have timne nor resources to execute all test cases of T.
4. Our objective is to reduce the size of T to T, using some selection
criteria, which may help us to execute the modified portion of the source
code and the portion affected by modification.
5. Acode coverage based technique has been developed which is based on
version specific test case prioritization and select T, from Twhich is a
subset ofT.
6. The technique also prioritizes test case of T,and recommends case of
high priornity test cases first and then law priority test cases in descending
order till time and resources are available or a reasonable level of
confidence is achieved.
100 (CIT-7) E Regression Testing &Prioritization Technique
Test case selection criteria:
1 The technique is based on version specific test case prioritization where
formation about changes in the program is known.
2. Hence, prioritization is focused around the changes in the modified
program.
3. We may like toexecute all modified line of source code with a minimum
number of selected test cases. This technique identifies those test cases
that,
a. Execute the modified line of source code at least once.
b. Execute the modified lines of source code deletion of deleted line
from the execution history of the test case and are not a redundant.
4. The technique uses two algorithms, one for modification and the other
for deletion, The following information has been used to design the
technique :
a. Program P with its modified program P,
b Test suite Twith test case t,, to, tn
C Execution history (number of lines of source code covered by a test
case) of each test case suite T.
d Line number of lines of source code covered by each test case is
stored in two dimensional array 213 t14j
Modification algorithm : The modification portion of the technique is
used to minimize and prioritize test case based on the modification line of
source code. The modification algorithm use the following variable name :
1 T1:It is two dimensional array and is used to store line numbers of lines
of source code covered by each test case.
2 modloc :It is used to store the total number of modified line of source
code.
3 mod locode : It is a one-dimensional array and is used to store line
numbers of modified line of source code.
4 nfound : It is a one dimensional arra÷ and is used to store the number
of lines of source code matched with modified lines of each test case.
5. pos: It is a one dimensional array and is used to set the position of each
test case when nfound is sorted.
6 candidate :Itis a one dimensional array. It sets the bit to l corresponding
to the position of the test case to be removed.
7. priority : It is a one dimensional array and is used to set the priority of
the selected test case.
Deletion algorithm :The deletion portion of thetechnique is used to :
a Update the execution history of test cases by removing the deleted lines
of source code.
101 (CS/IT-7) E
Software Testing and Audit
b. Identify and remove those test cases that cover only those lines which
are covered by other test case of the program.
The variable used in deletion algorithm:
1. T1:It is a two dimensional array. It keeps the number of lines of source
code covered by each test case.
2 deloc: It is used to store the total number of lines of source code deleted.
3. delunderscore locode: It is a one dimensional array and is used to store
line numbers of deleted lines of source code.
4. count:It is a two dimensional array. It sets the position corresponding to
every matched line of source code of each test case to 1.
5 match : It is a one dimensional array and stores the total count of the
number of l's in the count array for each test case.
6 deleted:It is a one dimensional array. It kecps the record of redundant
test cases. Ifthe value corresponding to test case i is l in deleted array,
then that test case is redundant and should be removed.
PART-2
Reducing the Number of Test Cases : Prioritization Guidelines,
Priority Category, Scheme, Risk Analysis.
Questions-Answers
Long Answer Type and Medium Answer Type Questions
Answer
1 The easiest scheme for categorizing tests is to assign a priority code
directly to each test description.
2 Although this approach may appear to be arbitrary, it is based on the
comparison "is test X more important than test Y ?"
3 The test descriptions can vary in form, such as a test outline, a
spreadsheet, a list of tests, a test document's table of contents, or actual
test case descriptions.
4 The tester can conduct this exercise himself or as a group exercise with
input from the developers, managers, and customer representative.
5 To illustrate, let's consider the following three-level priority categorization
scheme :
Priorityl: This test must be executed.
Priority 2: If time permits, execute this test.
Priority 3:If this test is not executed, the team won't be upset.
6. Assigning priority codes is as simple as writing a number adjacent to
each test description.
7. Once the priority codes have been assigned, the tester estimates the
amount of time required to execute the tests selected in each category.
8. If the time estimate falls within the allotted schedule, then the partitioning
exercise is completed and you have identified the tests to use.
103 (CSIT-) E
Software Testing and Audit
second round of
9 Otherwise, further partitioning is required. The new priority scheme.
partitioning can either reuse the same scale or use a
scale tofurther classify the tests.
10 This example uses a new five-level
jeopardy.
Priority la: This test must pass, otherwise, the delivery is in
delivery.
Priority 2a:This test must be executed prior to
Priority 3a:Iftime permits, execute this test.
release or shortly after
Priority 4a: This test can, wait until the next
the delivery date.
Priority 5a: We willprobably never execute this test.
most critical features, not
11. Priority (la)calls attention to the application's
the test must als0 execute
only must the test be executed, but
successfully.
are now moved to Priority 5a. The
12. The tests in the original Priority 3
Priorities 3a, 4a, and 5a,
tests from Priority 2 are now divided between into the new 5
whereas the tests from Priority 1 are now partitioned
level scheme.
from Priorities 1and 2 will be
13. Chances are that none of the tests of testsand
reassigned to Priority 5a, but do try to evaluate the validity
classification.
determine whether any tests can be downgraded to a lower
Answer
1. RiskWhen
analysis : have been identified, all items are analyzed using
the risks
different criteria.
and
b The purpose ofthe risk analysis is to assess the loss probability
magnitude of each risk item.
C
The input is the risk statement and context developed in the
identification phase.
d The output of this phase is a risk list containing relative ranking of
the risks and a further analysis of the description, probability,
consequence and context.
e. The main activities in this phase are :
1. Group similar risks : Detect duplicates and find new risk
items by grouping the identified risks into categories.
ii. Determine risk drivers : The risk drivers are parameters
that affect the identified risk. For example, schedule drivers
are included in the critical path model. Determining these
properties help toassess and prioritize the risks.
iii. Determine source of risks : The sources of risks are the
root causes of the risks. These are determined by asking the
104 (CSIT-7) E Regression Testing &Prioritization Technique
question why? and trying to figure out what may have caused
the risk. Several root causes may lead to the same risk.
iv. Estimate risk exposure:The risk exposure is a measure of
the probability and the consequence of a risk item. The
consequence can also be stated in terms of loss (for example,
life, money, property, reputation).
V.
Evaluate against criteria: Each risk item is evaluated using
the predefined criteria, which are important for the specific
project. Criteria may be stated in terms of the probability of
occurrence, the consequence and.the time frame. This
information is used to prioritize the risks.
Once this is done, risks can be prioritized, and the most serious
risks can be identified for monitoring.
2. Risk matrix :
A risk matrix allows the tester to evaluate and rank potential
problems by giving more weight to the probability or severity value
as necessary.
b. Use of a risk matrix disregards the risk exposure. The tester uses
the risk matrix to assign thresholds that classify the potential
problems into priority categories.
C.
Typically, the risk matrix contains four quadrants, as shown in
Fig. 3.9.1, with each quadrant representing a priority class defined
as follows:
Priority 1:high severity and high probability.
Priority 2 : high severity and low probability.
Priority 3 : low severity and high probability.
Priority 4:low severity and low probability.
d. In this particular example, a risk with high severity is deemed
more important than a problem with high probability. Thus, all
risks mapped in the upper left quadrant fall into Priority 2.
e For an entirely different application, the consensus may be to swap
the definitions of Priorities 2 and 3, as shown in Fig. 3.9.2.
f. An organization favouring Fig. 3.9.3, seeks to minimize the total
number of defects by focusing on problems with a high probability
of occurrence.
g. Although dividing a risk matrix into quadrants is most common,
testers can determine thresholds using different types of boundaries
based on application-specific needs.
h. Sometimes the best threshold limits are those that appease
management fears and address customer needs.
i. If severity and probability tend to be of equal weight, then adiagonal
band prioritization scheme, as shown in Fig. 3.9.3, may be more
appropriate.
Software Testing and Audit 105 (CSIT-7) E
"F
"D
Priority 4 Priority 3
G
"B "E
1
Probability
10
"F "C
Priority3 Priority 1
Severity
"D
Priority 4 Priority 2
G
"B "E
Probability 10
Priority
1
Severity
Priority
2
Priority
Low
Priority
4
Low
Probability
High
Fig. 3.9.3. Threshold by diagonal bands.
High
Priority 1
Low
Priority 5 Priority 4
Low
Probability
High
Fig. 3.9.4. Threshold based on high severity.
4
UNIT
Software
Testing Activities
..(108E - 125E)
Part-l ....
107 (CSIT-7) E
108 (CSIT-7) E Software Testing Activities
PART- 1
d. Acceptance testing
Unit testing focuses verification effort on the smallest unit of
software design, the software component or module.
Various integration techniques are:
a. Top-down integration
b. Bottom-up integration
c. Big-bang testing
System testing enables testers to ensure that the product meets
business requirements, as well as determine that it runs
smoothly within its operating environment.
Acceptance testing is the level in the software testing process
which decides whether a product is given the green light or not
i.e.,approved by the user or not.
Debugging is defined as a process of analyzing and removing
the error.
Questions-Answers
Answer
There are generally four recognized levels of testing :
1 Unit/Component testing
2 Integration testing
3. System testing
4 Acceptance testing
109 (CSIT-7) E
Software Testing and Audit
Unit/ Component
Testing
Integration
Testing
System
Testing
Acceptance
Testing
Fig. 4.1.1.
1. Unit /Component testing :
testing.
a The most basic type of testing isunit, or component by isolating it
software
b. Unit testing aims toverify each part of the that each individual
demonstrate
and then perform tests to requirements and the
component is correct in terms of fulfilling
desired functionality.
earliest stages of the
C. This type of testing is performed at the executed by the
development process, and in many cases it is
to the
developers themselves before handing the software over
testing team.
software early in the
d The advantage of detecting any errors in thesoftware development
day is that by doing so the team minimizes
and undo
risks, as well as time and money wasted in going back
fundamental problems in the program once it is nearly completed.
2. Integration testing :
system in
a. Integration testing aims to test different parts of the
combination in order to assess if they work correctly together.
they interact
b. By testing the units in groups, any faults in the way
together can be identified.
of the
C. There are many ways to test how different components
bottom
system function at their interface; testers can adopt eithera
up or a top-down integration method.
d In bottom-up integration testing, testing builds on the results
of
unit testing by testing higher-level combination of units, (called
modules) in successively more complex scenarios.
e.
It is recommended that testers start with this approach first, before
applying the top-down approach which tests higher-level modules
first and studies simpler ones later.
System testing :
The next level of testing is system testing.
b. Asthe name implies, all the componentsofthe software are tested
as a whole in order to ensure that the overall produet meets the
requirements specified.
110(CST-7) E Software Testing Activities
Answer
fCheck Out
Code From
\Repository/
Checkin Make
Code into
Changes
Repository
UNIT TEST
LIFE CYCLE
Code Execute
Review Unit Tests
Fix Defects
and Re
execute Unit
Test
Data types and their valid ranges may mismatch between the
modules.
Thus, integration testing focuses on bugs caused by interfacing between the
modules while integrating them.
Que 4.4. Discuss various approaches of integration testing.
OR
Discuss top-down and bottom-up integration tèsting.
OR
Discuss incremental and non-incremental integration testing.
OR
Discuss graph based and path based integration testing.
Answer
There are three approaches for integration testing.:
Integration
methods
B D
E F G H J
6 4 5
Fig.4.4.2.
E
1 1
Stub for 6
Fig. 4.4.3.
114 (CSIT-7) E Software Testing Activities
1 1
2
K 3 2
EK
Stub for6|Stub for 4 Stub for 5 6 4 Stub for 5
Fig. 4.44.
1
2 3’ 2 3
6 4 5 6 5 6
i. After testing these modules, they are integrated and tested moving
from bottom to top level.
ii. Since the processing required for modules subordinate to a given
level is always available, stubs are not required in this strategy.
iv. Unlike top-down strategy, this stratgy does not require the
architectural design of the system to be complete. Thus, bottom-up
integration can be performed at an early stage in the development
proces.
V. It may be used where the system reuses and modifies component
from other systems.
vi The steps in bottom-up integration are as follows:
1 Start with the lowest level modules in the design hierarchy.
These are the modules from which no other module is being
called.
2 Look for the super-ordinate module which calls the module
selected in step 1. Design the driver module for this super
ordinate module.
3 Test the module selected in step 1with the driver designed in
step 2.
4. The next module to be tested is any module whose subordinate
modules have all been tested.
5 Repeat steps 2 to 5 and move up in the design hierarchy.
6. Whenever, the actual modules are available, replace stubs and
drivers with the actual one and test again.
Driver for 6 Driver for 3 |Driver for 2
6
7 8 4 5
7 8
Fig. 4.4.6.
Driver for 1
2 3
6 6 4 5
5
8 7
Fig. 44.7.
2. Call graph-based integration :
a Integration testing not only detects bugs which are structural, it
also detect some behavioural bugs. This can be done with the help
of a call graph.
116 (CS/TT-7) E Software Testing Activities
b. Acall graph is a directed graph, wherein the nodes are either
modules or units and a directed edge from one node to another
means one module called another module.
C. The call graph can be captured in a matrix form which is known as
the adjacency matrix.
(10)
3
)
8 9
Fig. 4.4.8.
1 2 3 4 5 7 8 9 10
1 X X X X
(Adjacency
matrix)
3
4
X
5
6
7
X
8
9
10
d. The idea behind using acall graph for integration testing is to avoid
the efforts made in developing the stub and drivers.
e If we know the calling sequence, and if we wait for the called or
calling function, if not ready, then call graph-based integration can
be used.
a. Path-based integration :
In a call graph, when a module or unit executes, some path of
source instructions is executed.
b. And it may be possible that in that path execution, there may be a
call to another unit.
C. At that point, the control is transferred from one unit to another
unit which is necessary for integration testing.
Software Testing and Audit 117(CSIT-7) E
d. Also, there should be information within the module regarding
instructions that call the module or return to the module.
e.
This must be tested at the time of integration. It can be done with
the help of path based integration.
Que 4.5. What do you understand by Bi-directional integration ?
OR
What is sandwich integration ?
Answer
1 Bi-directional testing is a combination of the top-down and bottom-up
integration approaches used together to derive integration steps.
2 4 5
Fig. 4.5.1.
2 Now, the individual modules 1, 2, 3, 4 and 5 are tested separately and
bi-directional integration is performed initially with the use of stubs and
drivers.
3 Drivers are used toprovide upstream connectivity while stubs provide
downstream connectivity.
4. Adriver is a function which redirects the requests to some other modules
and stubs simulate the behaviour of missing module.
5. After the functionality of these integrated modules is tested, the drivers
and stub are discarded.
6 Once modules 6, 7 and 8 become available, the integration methodology
then focuses only on those modules, which need focus and are new.
7. This approach is also called "Sandwich integration".
Steps for integration using sandwich testing :
Step Interface tested
1 6-2
2 7-3-4
3 8-5
4 (1-6-2) - (1-7-3-4) - (1-8-5)
As shown above, steps 1-3 use a bottom-up integration approach and step 4
uses a top-down integration approach. This approach is used when migrating
from two-tier to three-tier environment.
Que 4.6. What is system testing ?
Software Testing Activities
118(CSIT-7) E
Answer
performed to evaluate
1 System testing is a black-box testing technique
the complete system.
the system are tested from an
2 In system testing, the functionalities of
end-to-end perspective.
team that is independent of
3. System testing is usually carried out by a
the quality of the system
the development team in order to measure
unbiased.
non-functional testing.
4. It includes both functional and
tests whose sole purpose
5. System testing is actually a series of different
is to exercise the full computer based system.
code for following :
6 System testing involves testing the software
applications including external
a Testing the fully integrated components interact with one
peripherals in order to check how
This is also called end-to
another and with the system as a whole.
end scenario testing.
b. Verify thorough testing of
every input in the application tocheck
for desired outputs.
application.
Testing of the user's experience with the
C.
5. Debugging by testing :
This debugging method can be used in conjunction with debugging
by induction and debugging by deduction methods.
b. Additional test cases are designed that help in obtaining information
to devise and prove a hypothesis in induction method and to
eliminate the invalid causes and refine the hypothesis in deduction
method.
C. The test casesused in debugging are different from the test cases
used in testing process.
d Here, the test cases are specifically designed to explore the internal
program state.
PART-2
Questions-Answers
Domain testing
e. Equivalence class analysis
f. Boundary testing
g. Best representative testing
h. Map and test all the ways to edit a field
Logic testing
State-based testing
k. Path testing
1 Specification-based testing
m. Requirements-based testing
n. Combination testing
3. Problems-based techniques focus on why youre testing :
a. Risk-based testing
4. Activity-based techniques focus on how you test :
Regression testing
b. Seripted testing
C. Smoke testing
d. Exploratory testing
e. Guerrilla testing
f Scenario testing
g Installation testing
h Load testing
i Long sequence testing
j Performance testing
5. Evaluation-based techniques focus on how totell whether the
test passed or failed:
Self-verifying data
b. Comparison with saved results
C. Comparison with the specification or other authoritative document
Heuristic consistency
e Oracle-based testing
'Answer
1 It is an ad-hoc testing which keep exploring the product, covering more
depth and breadth. Exploratory testing tries to do that with specific
objectives, tasks and plans. Exploratory testing can be done during any
phase of testing.
2. Exploratory testers may execute their tests based on their past
experiences in testing a similar product.
3: They also uses their past experience of finding defects in the previous
product release and check if the same problems persist in the current
version.
4. Exploratory testing can be used to test software that is untested,
unknown, or unstable. It is used when it is not obvious what the next
test should be or when we want to go beyond the obvious tests.
5. Exploring can happen not only for functionality but also for different
environmnents, configuration parameters,test data and so on.
6. Since there is large creative element to exploratory testing, similar test
cases may result in different kinds of defects when done by two different
individuals.
Exploratory testing techniques : There are many ways of doing
exploratory testing:
1 Guesses :Guesses are used to find the part of the program that is likely
tohave more errors. Previous experience on working with a similar
product helps in guessing.
2,. Architecture diagrams, us cases :
a. Architecture diagrams depict the interactions and relationships
between different components and modules.
b. Use cases give an insight of the product's usage from the end user's
perspective. Exploration technique may use these diagrams and use
cases to test the product.
3. Study of past defects : Defect reports oftheprevious releases act as a
pointer to explore an area of the product further.
4 Error handling :
PART-3
Automated Test Data Generation: Test Data; Approaches to Test
Data Generation, Test Data Generation using Genetic Algorithm,
Test Data Generation Tools, Software Testing Tools, and
Software Test Plan.
CONCEPT OUTLINE: PART-3
Test data is actually the input given to a software program.
Test data generators based on their approaches are typically
classified into following:
a. Random test data generators
b. Pathwise data generators
c. Goal-oriented generators
d. Intelligent test data generators
The tools are divided into different categories as follows:
a. Test management tools
b. Functional testing tools
c. Load testing tools
Software test plan typically contains a detailed understanding of
the eventual workflow.
Questions-Answers
Answer
1. Test data is data which has been specifically identified for use in tests,
typically of a computer program.
2. Some data may be used in a confirmatory way, typically to verify that
a given set of input to a given function produces some expected result.
3. Other data may be used in order to challenge the ability of the program
to respond to unusual, extreme, exceptional, or unexpected input.
4 Test data may be produced in a focused or systematic way (as is typically
the case in domain testing), or by using other, less-focused approaches
(as is typically the case in high-volume randomized automated tests).
Software Testing and Audit 131 (CSTT-7) E
5 Test data may be produced by the tester, or by a program or function
that aids the tester.
6 Test data may be recorded for re-use, or used once and then forgotten.
7 Test data is actually the input given to a software program.
8 It represents data that affects or is affected by the execution of the
specific module.
9 Some data may be used for positive testing, typically to verify that a
given set of input to a given function produces an expected result.
10. Other data may be used for negative testing to test the ability of the
program to handle unusual, extreme, exceptional, or unexpected input.
11. Poorly designed testing data may not test all possible test scenarios
which will hamper the quality of the software.
Limitations of test data :
1 It is really difficult to create sufficient test data for testing.
2 The quantity of an efficiency data to be tested is determined or limited
by time, cost and quality.
Types of test data: Test data can be classified into following type:
1 No data/Blank file : Refers to those fles which do not have any data
i.e. no input is given to the application and this verifies that application
handles such exceptions and throws proper error.
2, Valid set of test data : Refers to the valid or supported files by the
application. These should give the expected output when given as input.
3. Invalid set of test data: Refers to all the unsupported file formats in
order to see that application handles all ofthem properly without breaking
and warnsuser with proper error message.
4. Huge test data : For load, performance and stress, testing cannot be
made at the time of execution and should be prepared while making
your test environment ready.
which
5. Test data : To check all the boundary conditions includes data
ifa text
has all possible combinations of boundary values. For example, then
(minimum). and 20
box can have number 2-20 then input 2
(maximum) values.
of data so that no
Ideal test data is the one which has all the combinations
major defects are missed.
Important point while creating test data:
leads
1. Always make sure that test data files are not corrupted. This can
to invalid output and might miss important defects as well.
a clear
2 Test data should be updated on a regular basis. This will give
picture of expected output.
save time and
3. Test data should be created before test cases execution to
meet deadline.
132 (CSIT-7) E Software Testing Activities
4
It is a good practice to use some automation tool to create huge amount
of test data as manual effort in creating such data would be more and
also it willbe time consuming.
5. Test data should have invalid inputs to test negative scenarios.
6. Tester can take developer's help to ereate test data.
7 It is always a better practice to include all possible combinations of
supported and unsupported formats in test data toensure that test
coverage is maximum.
Answer
Fig. 4.17.1 shows the schematic representation of test data generation using
GA.
START
Generate CFC
NO YES
Gen <500
GA Execution
STOP
Fig. 4.17.1.
Algorithm:
Input: Randomly generated numbers (initial population act as test data)
based on the target path to be covered.
Output : Test data for the target path.
1. Gen = 0
2 While Gen < 500
3 do
4.
Evaluate the fitness value of each chromosome based on the objective
function.
5. Use Elitism as selection operator, to select the individuals to enter into
the mating pool.
6. Perform two-point cross over on the individuals in the mating pool, to
generate the new population.
7 Perform bitwise mutation on chromosomes of the new population.
136 (CSIT-7) E
Software Testing Activities
8 Gen = Gen+1
9. go to Step 3
10. end
11. Select the chromosome having the best fitness value as the desired
result (test data for target path).
Que 4.18. What is a test data generation tool ? List the
various
test data generation tools.
Answer
Test data generation tool:
1. Testing adata-aware application is one of the most important but time
consuming tasks.
2. It is important to test your application with "real" data.
3. To fill your database with test data, you need a
willgenerate realistic data for you based on thegenerator. The generators
column characteristics
and/or based on what the user defines.
List of test data generation tools :
Some tools are mentioned here:
Product Product Kind of tool Databases
DTM Data SQL Edit| Automatically fills a SQL Server,
Generator database with test data. DB2, Oracle
GS Data
GSApps Generates meaningful| SQL Server,
Generator data for our database. DB2, Oracle,
MS Access
Advanced Data UpsceneIt can generate real-life- InterBase,
Generator Productions like data into our Firebird, My
database, SQL script or SQL
CSV files.
SQL Data Red-Gate Create realistic data MS SQL Server
Generator based on column and table
names.
EMS Data EMS This utility can help you Oracle, MySQL,
Generator simulating the database MS SQL,
production environment Postgre SQL,
and allows you to populate DB2,Firebird.
several database tables
with test data. Multiple
editions, one for each
supported database.
137 (CST-7) E
Software Testing and Audit
meaningful, Oracle, MySQL,
Datanamic Data Datanamic Generates MS SQL
Generator Solution realistic test data based on
column characteristics. Server, MS
MultiDB BV
MultiDB edition supports Access and
data generation for 5| Postgre SQL
database types.
IBM DB2 Test BM Creates realistic test datal DB2
for your database
Database
Generator application development
projects. Only for DB2.
E-Naxos Mainly focused on Exports insert
E-Naxos
DataGen generating random data. scriptsfor your
A free online version is database.
also available.
tools.
Que 4.19. List the various software testing
Answer
and
1. Selection of tools is totally based on the project requirements
(Open source
commercial (Proprietary/Commercial tools) or free tools
tools).
features, so it is
2. Free testing tools may have some limitation in the
paid
totally based on requirement fulfilled in free version or go for
software testing tools.
3 The tools are divided into different categories as follows:
a. Test Management Tools
b. Functional Testing Tools
C. Load Testing Tools
Open source tools :
1 Test management tools :
a. TET (Test Environment Toolkit):
1. The goal behind creating the Test Environment Toolkit (TET)
was to produce a test driver that accommodated the current
and anticipated future testing needs of the test development
community.
To achieve this goal, input from a wide sample of the community
was used for the specification and development of TET's
functionality and interfaces.
b. TETware:
The TETware is the Test Execution Management Systemns
which allows you to do the test administration, sequencing of
138 (CSIT-7) E Software Testing Activities
test, reporting of the test result in the standard format (IEEE
Std 1003.3 1991) and this tool supports both UNIX as well as
32-bit Microsoft Windows operating systems, so portability of
this is with test cases you developed.
The TETware tools llow testers to work on a single, standard,
test harness, which helps you to deliver software projects on
time.
C. Test Manager :
i. The test manager is an automated software testing tool and is
used in day to day testing activities.
iü. The Java programming language is used to develop this tool.
iüi. Such test management tools are used to facilitate regular
software development activities, automate & manage the
testing activities.
d. RTH:
RTH is called as Requirements and Testing Hub".
This is a open source test management tool where you can use
arequirement management tool along with this. It also provides
the bug tracking facilities.
2. Functional testing tools :
Selenium
b. Soapui
C. Watir
d HTTP::Recorder
e WatiN
f. Canoo WebTest
Webcorder
h. Solex
i. Imprimatur
SAMIE
k. Swete
ITP
m WET
n. Webinject
3 Load testing tools:
a. Jmeter
b. FunkLoad
Software Testing and Audit 139 (CSIT-7) E
Proprietary/Commercial tools :
1. Test management tools :
HP Quality Center/ALM
b QA Complete
C T-Plan Professional
d Automated Test Designer (ATD)
e Testuff
SMARTS
g QAS.TCS (Test Case Studio)
h. PractiTest
Test Manager Adaptors
SpiraTest
k. TestLog
ApTest Manager
m. DevTest
2. Functional testing tools :
QuickTest Pro
b Rational Robot
C Sahi
d SoapTest
e. Badboy
f. Test Complete
QA Wizard
h. Netvantage Functional Tester
i. PesterCat
j. AppsWatch
k. Squish
actiWATE
m. iSA
n VTest
0. Internet Macros
Ranorex
3. Load testing tools ;
a. WebLOADProfessional
b. HP LoadRunner
C LoadStorm
140 (CSTT-7) E Software Testing Activities
d. NeoLoad
e. Loadtracer
f Forecast
g ANTS- Advanced .NET TestingSystem
h. vPerformer
i Webserver Stress Tool
preVue-ASCII
k. Load Impact
Que 4.20. What is software test plan ? Explain major elements of
test plan.
OR
Discuss test plan activities. Explain test plan structure.
Answer
Software test plan :
1 Atest plan is adocument detailing the objectives, target market, internal
beta team, and processes for a specific beta test for a software or hardware
product.
2. The plan typically contains a detailed understanding of the eventual
workflow.
3. Test planning, the most important activity to ensure that there is initially
a list oftasks and milestones in a baseline plan to track the progress of
the project.
4 It also defines the size of the test effort.
5. It is the main document often called as master test plan or a project test
plan and usually developed during the early phase of the project.
6. Atest plan documents the strategy that will be used to verify and ensure
that a product or system meets its design specifications and other
requirements.
7. A test plan is usually prepared by or with significant input from test
engineers.
8 Depending on the product and the responsibility of the organization to
which the test plan applies, a test plan may include a strategy for one or
more of the following :
a. Design Verification or Compliance test : To be performed
during the development or approval stages of the product, typically
on a small sample of units.
b. Manufacturing or Production' test : To be performed during
preparation or assembly of the product in an ongoing manner for
purposes of performance verification and quality control.
141 (CSIT-) E
Software Testing and Audit
C. Acceptance or Commissioning test : To be performed at the
time of delivery or installation of the product.
d Service and Repair test : To be performed as required over the
service life of the product.
e
Regression test: To be performed on an existing operational
product, to verify that existing functionality did not get broken
when other aspects of the environment are changed (example,
upgrading the platform on which an existing application runs).
Major elements of test plan:
organizations
Test plan document formats can be as varied as the products and
that should be described
towhich they apply. There are three major elements
in the test plan :
1 Test Coverage
2 Test Methods
3 Test Responsibilities
1. Test coverage :
will be
a. Test coverage in the test plan states what requirements
verified during what stages of the product life.
other
b Test coverage is derived from design specifications and
requirements, such as safety standards or regulatory codes, where
each requirement or specification of the design ideally will have
one or more corresponding means of verification.
C. Test coverage for different product life stages may overlap, but will
not necessarily be exactly the same for all stages.
d. For example, some requirements may be verified during design
verification test, but not repeated during acceptance test.
e Test coverage also feeds back into the design process, since the
product, may have to be designed to allow test access.
2. Test methods :
a. Test methods in the test plan state how test coverage will be
implemented.
b Test methods may be determined by standards, regulatory agencies,
or contractual agreement, or may have to be created new.
C. Test methods als0 specify test equipment to be used in the
performance of the tests and establish pass/fail criteria.
d Test methods used to verify hardware design requirements can
range from very simple steps, such as visual inspection, to elaborate
test procedures that are documented separately.
3. Test responsibilities:
a Test responsibilities include what organizations will perform the
test methods and at each stage of the product life.
142 (CST-7) E Software Testing Activities
Answer
There are three broad categories of software testing tools :
1. Static
2. Dynamic
3 Process management
1. Static software testing tools :
a. Static software testing tools are those that perform analysis of the
program without executing them at all.
b. They may also find the source code which will be hard to test and
maintain.
C, Static testing is about prevention and dynamic testing is about
cure. Both tools are used but prevention is always better than cure.
d. Static tools will find more bugs'as compared to dynamic testing
tools.
e There are many areas for which effective static testing tools are
available and they have show their results for the improvement of
the quality of the software.
144 (CSIT-7) E Software Testing Activities
Types of static software testing tools :
Complexity analysis tools :
Complexity of a program play a very important role while
determining its quality. Ahigher value of cyclomatic complexity
may indicate poor design and risky implementation.
b. Complexity analysis tools may take the program as an input, process
it and produce a complexity value as output.
C This value may be an indicator of the quality of design and
implementation.
ii. Syntax and Semantic analysis tools :
a. These tools find syntax and semantic errors. These tools are
language dependent and may parse the source code, maintain a list
of errors and provide implementation information.
iii. Flow graph generator tools : These tools are language dependent
and convert it to flow graph. These tools assist us to understand the
risky and poorly designed area of the source code.
iv. Code comprehension tools : These tools may help to understand
unfamiliar source code.
V. Code inspectors :
a. Source code inspectors do the simple job of enforcing standard in a
uniform way for many programs. They inspect the programs and
force us to implement the guidelines of good programming practices.
b. These tools are simple and may find many critical and weak areas
of the program. They may also suggest possible change in the source
code for improvement.
2. Dynamic software testing tools :
a. Dynamic software testing tools select test cases and execute the
program to get the result. They also analyze the result and find
reasons for failures of the program.
b They will be used after the implementation of the program and
may also test non-functional requirements like efficiency,
performance, reliability etc.
Types of dynamic software testing tools :
i. Coverage analysis tools :
These tools are used to find the level of coverage of the program
after executing the selected test cases. They give an idea about the
effectiveness of the selected test cases.
b. They highlight the unexecuted portion of the source code.
ii. Performance testing tools :
a. We may like to test the performance of the software under stress/
load.
Software Testing and Audit 145 (CSTT-7) E
b. For example, if we are testing a result management software, we
may observe the performance when 10 users are entering the data
and also when 100 users are entering the data simultaneously.
C Similarly, we may like totest a website with 10 users, 100 users,
1000 users etc. working simultaneously.
This may require huge resources and sometimes, it may not be
possible tocreate such real life environment for testing in the
company.
e. A tool may help us to simulate such situations and test there
situations in various stress conditions.
f. Some of the popular tools are Mercury Interactive's Load Runner,
Apache's I Meter, Segue Software's Silk Performer, IBM Rational's
performance Tester, Comuware's QALOAD and Autotester's
AutoController.
iii. FuctionaVRegression testing tools :
a. These tools are used to test the software on the basis of its
functionality without considering the implementation details.
b. They may also generate test cases automatically and execute them
without human intervention.
C Some of the popular available tools are IBM Rational's Robot,
Mercury Interactive's Win Runner, Compuware's QA center
3. Process management tools :
a. These tools help us to manage and improve the software testing
process.
b We may create a test plan, allocate resources and prepare a schedule
for unattended testing for tracking the status of a bug using such
tools.
C. They improve many aspects of testing and make it a disciplined
process.
d. Some of the tools are IBM Rational Test Manager, Mercury
Interactive's Test Director, Segue Software's Silk plan Pro and
Compuware's QA Director.
UNIT
5 Object-Oriented
Testing
Part-1 ...(147E - 165E)
146 (CSIT-7) E
Software Testing and Audit 147 (CSTT-7) E
PART-1
Object-Oriented Testing :Definition, Issues, Class Testing, Object
Oriented Integration and System Testing, Testing Web Application :
What is Web Testing ?, User Interfaee Testing, Usability Testing.
Questions-Answers
Long Answer Type and Medium Answer Type Questions
2 Encapsulation :
hiding
a. "Encapsulation is a technique for enforcing informationunit are
where the interface and implementation of a program
syntactically separated".
decisions within the
b. This enables the programmer to hide designinterdependencies with
implementation and to narrow the possible
other components by means of interface.
of unit leaving
C Ifaprogrammer changes only the implementation
that unit and any units
the interface same then he needs to retest
that explicitly depend on it.
d. Therefore, if we modify the super class then it is necessary to retest
all its subclasses because they depend on it in the sense that they
inherit its methods.
3. Data abstraction :
a. Data abstraction refers to the act of representing essential features
without including the background details.
b.
Also due to data abstraction there is no visibility of the insight of
objects.
The data is not accessible to the outside world and only those
C.
functions which are wrapped in the class can access it.
d. This data hiding makes it difficult for the tester to check what
happens inside an object during testing.
4. Inheritance :
a.
Inheritance is one of the primary strengths of object-oriented
programming. "Inheritance means properties defined for a class
are inherited by its subclasses, unless it is otherwise stated".
So, actually it provides the idea of reusability. However, method
that is tested to be "correct" in the context of the base class does not
guaranteed that it will work "correctly" in the context of the derived
class.
C. Therefore, it is precisely because of inheritance that we find problems
arising with respect to testing. It also complicates inter-class testing
as multiple classes are coupled through inheritance.
5. Polymorphism:
Polymorphism means the ability to assume more than one form,
both in terms of data and operations.
b Itis the capability of an operation exhibiting different behaviour in
different instances.
C. However, polymorphism results in lack of controllability as actual
binding of object reference is not known till runtime.
d. In program based testing as it can lead to messages sent to wrong
object.
153 (CST-7))E
Software Testing and Audit
6. Abstract classes :
into a
a. Abstract class is the way to push up common implementation
because a lot of
base class. Hence, adding new objects are easier,
the common interfaces may already be implemented.
b. These classes are designed only to act as a base class. However,
cannot
since their features are not fully implemented, these classestesting.
be instantiated and thus pose challenges for execution base
tested,
C. Only classes derived from the abstract class can be easily class.
i.e. abstract
but errors can be present also in the super class
Que 5.4.Explain
i. State-based testing
ii. Fault-based testing
iüi. Scenario-based testing
OR
Discuss methods of object-oriented testing.
Answer
As many organizations are currently using or
targeting to switch to the 00
paradigmn, the importance of O0 software testing is increasing. The methods
used for performing object-oriented testing are:
1. State-based testing
2. Fault-based testing
3. Scenario-based testing
1. State-based testing:
State-based testing is used to verify whether the methods of a class
are interacting properly with each other.
b. This testing seeks to exercise the transitions among the states of
objects based upon the identified inputs.
C.
For this testing, finite-state machine (FSM) or state-transition
diagram representing the possible states of the object and how
state transition 0ccurs is built.
d. In addition, state-based testing generates test cases, which check
whether the method is able to change the state of object as expected.
e
If any method of the class does not change the object state as
expected, the method is said to contain errors.
f. To perform state-based testing, a number of steps are followed,
which are listed below:
Derive a new class from an existing class with some additional
features, which are used to examine and set the state of the
object.
154 (CSTT-7) E Object-Oriented Testing
ii. Next, the test driver is written. This test driver contains a
main program to create an object, send messages to set the
state of the object, send messages to invoke methods of the
class that is being tested and send messages to check the final
state of the object.
ii. Finally, stubs are written. These stubs call the untested
methods.
2. Fault-based testing :
Fault-based testing is used to determine or uncover a set of plausible
faults.
b. In other words, the focus of tester in this testing is to detect the
presence of possible faults.
Fault-based testing starts by examining the analysis and design
models of 00software as these models may provide an idea of
problems in the implementation of software.
d. With the knowledge of system under test and experience in the
application domain, tester designs test cases where each test case
targets to uncover some particular faults.
e. The effectiveness of this testing depends highly on tester experience
in application domain and the system under test. This is because if
he fails to perceive real faults in the system to be plausible, testing
may leave many faults undetected.
f. However, examining analysis and design models may enable tester
todetect large number of errors with less effort.
g. As testing only proves the existence and not the absence of errors,
this testing approach is considered to be an effective method and
hence is often used when security or safety of a system is to be
tested.
h. Integration testing applied for 00 software targets to uncover the
possible faults in both operation calls and various types of messages
(like amessage sent toinvoke an object).
1. These faults may be unexpected outputs, incorrect messages or
operations, and incorrect invocation.
j. The faultscan be recognized by determining the behaviour of all
operations performed to invoke the methods of a class.
3. Scenario-based testing:
a. Scenario-based testing is used to detect errors that are caused due
toincorrect specifications and improper interactions among various
segments of the software.
b. Incorrect interactions often lead to incorrect outputs that can cause
malfunctioning of some segments of the software.
155 (CSIT-7) E
Software Testing and Audit
C The use of scenarios in testing is a common way of describing how
a user might accomplish a task or achieve a goal within a specific
context or environment.
d Note that these scenarios are more context and user specific instead
of being product-specific. Generally, the structure ofa scenario
includes the following points :
i A
condition under which the scenario runs.
A goal to achieve, which can also be a name of the scenario.
A set of steps of actions.
An end condition at which the goal is achieved.
V Apossible set of extensions written as scenario fragments.
e Scenario-based testing combines all the classes that support a use
case (scenarios are subset of use-cases) and executes a test case to
test them.
f. Execution of all the test cases ensures that all methods in all the
classes are executed at least once during testing.
g. However, testing all the objects (present in the classes combined
together) collectively is difficult.
h. Thus, rather than testing all objects collectively, they are tested
using either top-down or bottom-up integration approach.
This testing is considered to be the most effective method as
scenarios can be organized in such a manner that the most likely
scenarios are tested first with unusual or exceptional scenarios
considered later in the testing process.
This satisfies a fundamental principle of testing that most testing
effort should be devoted to those paths of the system that are
mostly used.
Answer
a. The methods used to design test cases in 00 testing are based on the
conventional methods.
b. However, these test cases should encompass special features so that
they can be used in the object-oriented environment.
C. The points that should be noted while developing test cases in an object
oriented environment are listed below :
1. It should be explicitly specified with each test case which class it
should test.
2. Purposeof each test case should be mentioned.
156 (CSIT-7) E Object-Oriented Testing
3 External conditions that should exist while conductinga test should
be clearly stated with each test case.
4 Allthe states of object that is to be tested should be specified.
5. Instructions to understand and conduct the test cases should be
provided with each test case.
Answer
1. Web testing is the name given to software testing that
focuses on testing
the web applications.
2. Web application testing, a software testing technique exclusively adopted
totest the applications that are hosted on web in which the application
interfaces and other functionalities are tested.
to production
3. In web-based, application is completely tested before going bugs in the
environment. This stage of web testing find out the possible
system.
Web application testing checklist :
1. Functionality testing :
component is
a. In functional testing, we need to check that each
functioning as expected or not, so it is also called as "Component
Testing".
b Functional testing is to test the functionality
of the software
application. Basically, it is to check the basic functionality mentioned
in the functional specification document.
C Also, check whether software application is meeting the user
the
expectations. We can also say that checking the behaviour of
software application against test specification.
d In this, testing activities should include:
i Link testing
Web form testing
ii. Cookies testing
iv. Test HTML and CSS
2 Usability testing :
a. This testing is to be carried out by testers to ensure that it cover all
possible test cases which targeted audience of the web application
are doing regularly.
b. This would include :
Navigation testing of the web site :
i Allpossible options like menus, links or buttons on web pages
F: should be visible &accessible from all the web pages.
E:
Web pages navigation should be easy to use.
Help instruction content should be clear & should satisfy the
purpose.
be
iv. All options on header, footer &leftright navigation should
consistent throughout the pages.
158(CSIT-7) E
Object-Oriented Testing
Content testing of theweb site:
i. No spelling or grammatical errors mistake in content
throughout the page.
All text should be present on images.
iüi. No broken images.
iv. Itstask is to validate all for UItesting.
V. Follow some standard on content building on web
page.
vi. Allcontent should be legible & easy to
understand.
vii. Proper size images should be placed on web page.
3. Compatibility testing :
a In software application testing, the compatibility
testing is the non
functional part of testing. It is ensuring that how application's
working in the supported environments.
b. Customers are using web application on different operating systems,
browser compatibility, computing capacity of hardware platform,
databases and bandwidth handling capacity of networking
hardware.
C.
The compatibility testing is to make sure that "Is web
show correctly across different devices ?" application
d This would include:
Browser compatibility test :
Web applications are rendering differently on different
browsers and mobile browser.
ii. The objective of browser compatibility testing is to ensure that
noerror exist on the different web browsers while rendering
the sites.
ii. In browser compatibility testing, we need to
ensure that our
web application is being displayed properly on different
browsers.
0S compatibility :
i. In new technology newer graphics designs are used &
different
APls are used which may not work on different operating
systems.
i. Alsoon rendering of different objects like text fields,
may display different on different operating system. buttons
iü. So, testing of web application should be carried out on
different
OS like Windows, MAC, Solaris,Unix, Linux with different
flavours. OS
4. Database testing :
Datareliability is key part in the database testing.'
159 (CST-7) E
Software Testing and Audit
Answer
1. Usability testing is a technique used in user-centred interaction design
to evaluate a product by testing it on users.
2. This can be seen as an irreplaceable usability practice, since it gives
direct input on how real users use the system.
This is in contrast with usability inspection methods where experta use
different methods to evaluate a user interface without involving users.
162 (CSTT-7) E Object-Oriented Testing
4 Usability testing is a technique used to evaluate a product by testing it
on users. Most people who set up a usability test carefully construct a
scenario wherein a person performs a list of tasks that someone who is
using the website for the first time is likely to perform.
5 Someone else observes and listens to the person who is performing the
tasks while taking notes.
6 Watching someone perform common tasks on a website is a great way
to test whether the site is usable because you will immediately be able to
see whether they are able to perform the tasks and any difficulties they
have while doing so.
7. Usability testing focuses on measuring a human-made product's capacity
to meet its intended purpose.
Usability testing measures the usability, or ease of use, of a specific
object or set of objects, whereas general human-computer interaction
studies attempt to formulate universal principles.
Methods of usability testing:
Methods of usability testing are :
1. Hallway testing :
a. Hallway testing is a quick, cheap method of usability testing in
which randomly-selected people, example those passing by in the
hallway are asked to try using the product or service.
b. This can help designers to identify "brick walls", problems are so
serious that users simply cannot advance, in the early stages of a
new design.
C. The idea behind hallway usability testing began as an alternative to
hiring trained or certified personnel to test a particular software or
technology product.
The idea is that you can go out and grab random individuals passing
by an office in a hallway and get them to testa product being
developed.
e
Another way to think of it is that random individuals are gathered
from the street and then assembled in the hallway before having
them testa product under development.
f Some experts believe that using hallway usability testing can reveal
up to 95% of usability problems with a given interface or product.
In a lot of ways, hallway usability testing is like developing a beta
testing phase, where the product or interface is constrained to a
random sample group before it is released to the public.
2, Remote usability testing :
a. In a scenario where usability evaluators, developers and prospective
users are located in different countries and time zones, conducting
Software Testing and Audit 163 (CSTT-7) E
3. Accuracy :
No outdated or incorrect data like contact information/address
should be present.
b. No broken links should be present.
4 User friendliness :
Controls used should be self-explanatory and must not require
training tooperate.
b. Help should be provided for the users to understand the application/
website.
C. Alignment with above goals helps in effective usability testing.
Advantages of usability testing :
1 Usability test can be modified to cover many other types of testing such
as functional testing, system integration testing, nit testing, smoke
testing etc.
2. Usability testing can be very economical if planned properly, yet highly
effective and beneficial.
3 Ifproper resources (experienced and creative testers) are used, usability
test can help in fixing all the problems that user may face even before
the system is finally released to the user. This may result in better
performance and a standard system.
4. Usability testing can help in discovering potential bugs and potholes in
the system which generally are not visible to developers and even escape
the other type of testing.
PART-2
CONCEPT OUTLINE:PART-2
Security testing is a process intended to reveal flows in the
security mechanisms of an information system that protect data
and maintain functionality as intended.
" Performance testing measures the quality attributes of the
system, such as scalability, reliability and resource usage.
Types of database testing :
a. Structural testing
b. Functional testing
c. Non-functional testing
The purpose of post deployment testing is to ensure that the
performance of the web site remains good.
166 (CS/IT-7) E
Object-Oriented Testing
Questions-Answers
Long Answer Type and Medium Answer Type Questions
6 Runtime testing :
a. Also referred to as dynamic testing and black box testing. This kind
of test involves assessing the system for security issues from the
perspective of an end user.
b The main difference between this and code review is that the tester
does not have access to source code or other detailed knowledge of
system internals.
C This is an accurate reflection of the kind of knowledge an external
attacker has.
d Not having access to source code limits the tester's visibility into
potential security issues.
e
Because runtime tests are often time-limited in order to control
costs, they may not accurately capture the kinds of attacks a
dedicated adversary can find with more time.
7. Security audit:
a Driven by an audit / risk function to look at a specific control or
compliance issue.
b. Characterised by a narrow scope, this type of engagement could
make use of any of the earlier approaches discussed (vulnerability
assessment, security assessment, penetration test).
8. Security review :
Verification that industry or internal security standards have been
applied to system components or product.
b. This is typically completed through gap analysis and utilizes build /
code reviews or by reviewing design documents and architecture
diagrams.
C This activity does not utilize any of the earlier approaches
(Vulnerability Assessment, Security Assessment, Penetration Test,
Security Audit).
4. Spike testing :
a. Spike testing is done by suddenly increasing the load generated by
a very large number of users, and observing the behaviour of the
system.
b. The goal is to determine whether performance will suffer, the
system will fail, or it will be able to handle dramatic changes in load.
5. Configuration testing :
a. Rather than testing for performance from a load perspective, tests
are created to determine the effects of configuration changes to
the system's components on the system's performance and
behaviour.
b. Acommon example would be experimenting with different methods
of load-balancing.
6. Isolation testing :
a Isolation testing is not unique to performance testing but involves
repeating a test execution that resulted in a system problem.
b Such testing can often isolate and confirm the fault donmain.
Answer
1. Processor usage : Amount of time processor spends executing non
idle threads.
2. Memory use : Amount of physical memory available to processes on a
computer.
3. Disk time : Amount of time disk is busy in executing a read or write
request.
4. Bandwidth : Shows the bits per second used by a network interface.
5. Private bytes: Number ofbytes a process has allocated that can not be
shared amongst other processes. These are used to measure memory
leaks and usage.
6. Committed memory : Amount of virtual memory used.
7. Memory pages/second : Number of pages written to or read from the
disk in order to resolve hard page faults. Hard page faults are when code
not from the current working set is called up from elsewhere and
retrieved from a disk.
8 Page faults/second:The overall rate in which fault pages are processed
by the processor. This again occurs when a process requires code from
outside of its working set.
Software Testing and Audit 171 (CSSIT-7) E
Answer
Process of performance testing includes:
1. Identify your testing environment :
a Know your physical test environment, production environment
and what testing tools are available.
172 (CIT-7) E Object-Oriented Testing