Copyright © 2008 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.
Library of Congress Cataloging-in-Publication Data
Naik, Kshirasagar, 1959–
Software testing and quality assurance/Kshirasagar Naik and Priyadarshi Tripathy.
p. cm
Includes bibliographical references and index.
ISBN 978-0-471-78911-6 (cloth)
1. Computer software—Testing. 2. Computer software—Quality control. I. Tripathy, Piyu, 1958–II. Title
QA76.76.T48N35 2008 005.14—dc22
2008008331
To our parents
Sukru and Teva Naik
Kunjabihari and Surekha Tripathy
karmany eva dhikaras te; ma phalesu kadachana; ma karmaphalahetur bhur; ma te sango stv akarmani.
Your right is to work only; but never to the fruits thereof; may you not be motivated by the fruits of actions; nor let your attachment to be towards inaction.
— Bhagavad Gita
We have been witnessing tremendous growth in the software industry over the past 25 years. Software applications have proliferated from the original data processing and scientific computing domains into our daily lives in such a way that we do not realize that some kind of software executes when we do even something ordinary, such as making a phone call, starting a car, turning on a microwave oven, and making a debit card payment. The processes for producing software must meet two broad challenges. First, the processes must produce low-cost software in a short time so that corporations can stay competitive. Second, the processes must produce usable, dependable, and safe software; these attributes are commonly known as quality attributes. Software quality impacts a number of important factors in our daily lives, such as economy, personal and national security, health, and safety.
Twenty-five years ago, testing accounted for about 50% of the total time and more than 50% of the total money expended in a software development project—and, the same is still true today. Those days the software industry was a much smaller one, and academia offered a single, comprehensive course entitled Software Engineering to educate undergraduate students in the nuts and bolts of software development. Although software testing has been a part of the classical software engineering literature for decades, the subject is seldom incorporated into the mainstream undergraduate curriculum. A few universities have started offering an option in software engineering comprising three specialized courses, namely, Requirements Specification, Software Design, and Testing and Quality Assurance. In addition, some universities have introduced full undergraduate and graduate degree programs in software engineering.
Considering the impact of software quality, or the lack thereof, we observe that software testing education has not received its due place. Ideally, research should lead to the development of tools and methodologies to produce low-cost, high-quality software, and students should be educated in the testing fundamentals. In other words, software testing research should not be solely academic in nature but must strive to be practical for industry consumers. However, in practice, there is a large gap between the testing skills needed in the industry and what are taught and researched in the universities.
Our goal is to provide the students and the teachers with a set of well-rounded educational materials covering the fundamental developments in testing theory and common testing practices in the industry. We intend to provide the students with the “big picture” of testing and quality assurance, because software quality concepts are quite broad. There are different kinds of software systems with their own intricate characteristics. We have not tried to specifically address their testing challenges. Instead, we have presented testing theory and practice as broad stepping stones which will enable the students to understand and develop testing practices for more complex systems.
We decided to write this book based on our teaching and industrial experiences in software testing and quality assurance. For the past 15 years, Sagar has been teaching software engineering and software testing on a regular basis, whereas Piyu has been performing hands-on testing and managing test groups for testing routers, switches, wireless data networks, storage networks, and intrusion prevention appliances. Our experiences have helped us in selecting and structuring the contents of this book to make it suitable as a textbook.
We have written this book to introduce students and software professionals to the fundamental ideas in testing theory, testing techniques, testing practices, and quality assurance. Undergraduate students in software engineering, computer science, and computer engineering with no prior experience in the software industry will be introduced to the subject matter in a step-by-step manner. Practitioners too will benefit from the structured presentation and comprehensive nature of the materials. Graduate students can use the book as a reference resource. After reading the whole book, the reader will have a thorough understanding of the following topics:
The purpose of this book is to teach how to do software testing. We present some essential background material in Chapter 1 and save the enunciation of software quality questions to a later part of the book. It is difficult to intelligently discuss for beginners what software quality means until one has a firm sense of what software testing does. However, practitioners with much testing experience can jump to Chapter 17, entitled “Software Quality,” immediately after Chapter 1.
There are three different ways to read this book depending upon someone’s interest. First, those who are exclusively interested in software testing concepts and want to apply the ideas should read Chapter 1 (“Basic Concepts and Preliminaries”), Chapter 3 (“Unit Testing”), Chapter 7 (“System Integration Testing”), and Chapters 8–14, related to system-level testing. Second, test managers interested in improving the test effectiveness of their teams can read Chapters 1, 3, 7, 8–14, 16 (“Test Team Organization”), 17 (“Software Quality”), and 18 (“Maturity Models”). Third, beginners should read the book from cover to cover.
The book can be used as a text in an introductory course in software testing and quality assurance. One of the authors used the contents of this book in an undergraduate course entitled Software Testing and Quality Assurance for several years at the University of Waterloo. An introductory course in software testing can cover selected sections from most of the chapters except Chapter 16. For a course with more emphasis on testing techniques than on processes, we recommend to choose Chapters 1 (“Basic Concepts and Preliminaries”) to 15 (“Software Reliability”). When used as a supplementary text in a software engineering course, selected portions from the following chapters can help students imbibe the essential concepts in software testing:
Supplementary materials for instructors are available at the following Wiley web-site: http:/www.wiley.com/sagar.
In preparing this book, we received much support from many people, including the publisher, our family members, and our friends and colleagues. The support has been in many different forms. First, we would like to thank our editors, namely, Anastasia Wasko, Val Moliere, Whitney A. Lesch, Paul Petralia, and Danielle Lacourciere who gave us much professional guidance and patiently answered our various queries. Our friend Dr. Alok Patnaik read the whole draft and made numerous suggestions to improve the presentation quality of the book; we thank him for all his effort and encouragement. The second author, Piyu Tripathy, would like to thank his former colleagues at Nortel Networks, Cisco Systems, and Airvana Inc., and present colleagues at NEC Laboratories America.
Finally, the support of our parents, parents-in-law, and partners deserve a special mention. I, Piyu Tripathy, would like to thank my dear wife Leena, who has taken many household and family duties off my hands to give me time that I needed to write this book. And I, Sagar Naik, would like to thank my loving wife Alaka for her invaluable support and for always being there for me. I would also like to thank my charming daughters, Monisha and Sameeksha, and exciting son, Siddharth, for their understanding while I am writing this book. I am grateful to my elder brother, Gajapati Naik, for all his support. We are very pleased that now we have more time for our families and friends.
University of Waterloo
Waterloo
NEC Laboratories America, Inc.
Princeton
1.1 Shewhart cycle
1.2 Ishikawa diagram
1.3 Examples of basic test cases
1.4 Example of a test case with a sequence of < input, expected outcome >
1.5 Subset of the input domain exercising a subset of the program behavior
1.6 Different activities in program testing
1.7 Development and testing phases in the V model
1.8 Regression testing at different software testing levels. (From ref. 41. © 2005 John Wiley & Sons.)
2.1 Executing a program with a subset of the input domain
2.2 Example of inappropriate path selection
2.3 Different ways of comparing power of test methods: (a) produces all test cases produced by another method; (b) test sets have common elements.
2.4 Context of applying test adequacy
3.1 Steps in the code review process
3.2 Dynamic unit test environment
3.3 Test-first process in XP. (From ref. 24. © 2005 IEEE.)
3.4 Sample pseudocode for performing unit testing
3.5 The assertTrue() assertion throws an exception
3.6 Example test suite
4.1 Process of generating test input data for control flow testing
4.2 Symbols in a CFG
4.3 Function to open three files
4.4 High-level CFG representation of openfiles(). The three nodes are numbered 1, 2, and 3.
4.5 Detailed CFG representation of openfiles(). The numbers 1–21 are the nodes
4.6 Function to compute average of selected integers in an array. This program is an adaptation of “Figure 2. A sample program” in ref. 10. (With permission from the Australian Computer Society.)
4.7 A CFG representation of ReturnAverage(). Numbers 1–13 are the nodes.
4.8 Dashed arrows represent the branches not covered by statement covering in Table 4.4
4.9 Partial CFG with (a) OR operation and (b) AND operations
4.10 Example of a path from Figure 4.7
4.11 Path predicate for path in Figure 4.10
4.12 Method in Java to explain symbolic substitution [11]
4.13 Path predicate expression for path in Figure 4.10
4.14 Another example of path from Figure 4.7
4.15 Path predicate expression for path shown in Figure 4.14
4.16 Input data satisfying constraints of Figure 4.13
4.17 Binary search routine
5.1 Sequence of computations showing data flow anomaly
5.2 State transition diagram of a program variable. (From ref. 2. © 1979 IEEE.)
5.3 Definition and uses of variables
5.4 Data flow graph of ReturnAverage() example
5.5 Relationship among DF (data flow) testing criteria. (From ref. 4. © 1988 IEEE.)
5.6 Relationship among FDF (feasible data flow) testing criteria. (From ref. 4. © 1988 IEEE.)
5.7 Limitation of different fault detection techniques
5.8 Binary search routine
5.9 Modified binary search routine
6.1 Illustration of the concept of program domains
6.2 A function to explain program domains
6.3 Control flow graph representation of the function in Figure 6.2
6.4 Domains obtained from interpreted predicates in Figure 6.3
6.5 Predicates defining the TT domain in Figure 6.4
6.6 ON and OFF points
6.7 Boundary shift resulting in reduced domain (closed inequality)
6.8 Boundary shift resulting in enlarged domain (closed inequality)
6.9 Tilted boundary (closed inequality)
6.10 Closure error (closed inequality)
6.11 Boundary shift resulting in reduced domain (open inequality)
6.12 Boundary shift resulting in enlarged domain (open inequality)
6.13 Tilted boundary (open inequality)
6.14 Closure error (open inequality)
6.15 Equality border
6.16 Domains D1, D2 and D3
7.1 Module hierarchy with three levels and seven modules
7.2 Top-down integration of modules A and B
7.3 Top-down integration of modules A, B, and D
7.4 Top-down integration of modules A, B, D, and C
7.5 Top-down integration of modules A, B, C, D, and E
7.6 Top-down integration of modules A, B, C, D, E, and F
7.7 Top-down integration of modules A, B, C, D, E, F and G
7.8 Bottom-up integration of modules E, F, and G
7.9 Bottom-up integration of modules B, C, and D with E, F, and G
7.10 Bottom-up integration of module A with all others
7.11 Hardware ECO process
7.12 Software ECO process
7.13 Module hierarchy of software system
8.1 Types of system tests
8.2 Types of basic tests
8.3 Types of functionality tests
8.4 Types of robustness tests
8.5 Typical 1xEV-DO radio access network. (Courtesy of Airvana, Inc.)
9.1 Frequency selection box of Bluetooth specification
9.2 Part of form ON479 of T1 general—2001, published by the CCRA
9.3 Functionally related variables
9.4 Function in context
9.5 (a) Obtaining output values from an input vector and (b) obtaining an input vector from an output value in functional testing
9.6 Functional testing in general
9.7 System S with three input variables
9.8 (a) Too many test inputs; (b) one input selected from each subdomain
9.9 Gold standard oracle
9.10 Parametric oracle
9.11 Statistical oracle
10.1 Spectrum of software systems
10.2 Data-dominated systems
10.3 Control-dominated systems
10.4 FSM model of dual-boot laptop computer
10.5 Interactions between system and its environment modeled as FSM
10.6 PCOs on a telephone
10.7 FSM model of a PBX
10.8 FSM model of PBX
10.9 Interaction of test sequence with SUT
10.10 Derived test case from transition tour
10.12 Finite-state machine G1 (From ref. 5. © 1997 IEEE.)
10.11 Conceptual model of test case with state verification
10.13 UIO tree for G1 in Figure 10.12. (From ref. 5. © 1997 IEEE.)
10.14 Identification of UIO sequences on UIO tree of Figure 10.13
10.15 Finite-state machine G2
10.16 Distinguishing sequence tree for G2 in Figure 10.15
10.17 FSM that does not possess distinguishing sequence. (From ref. 11. © 1994 IEEE.)
10.18 DS tree for FSM (Figure 10.17)
10.19 Abstraction of N-entity in OSI reference architecture
10.20 Abstract local test architecture
10.21 Abstract external test architecture
10.22 Local architecture
10.23 Distributed architecture
10.24 Coordinated architecture
10.25 Remote architecture
10.26 Structure of module in TTCN-3
10.27 Definitions of two subtypes
10.28 Parameterized template for constructing message to be sent
10.29 Parameterized template for constructing message to be received
10.30 Testing (a) square-root function (SRF) calculator and (b) port between tester and SRF calculator
10.31 Defining port type
10.32 Associating port with component
10.33 Test case for testing SRF calculator
10.34 Executing test case
10.35 Comparison of state transitions of FSM and EFSM
10.36 Controlled access to a door
10.37 SDL/GR door control system
10.38 Door control behavior specification
10.39 Door control behavior specification
10.40 Transition tour from door control system of Figures 10.38 and 10.39
10.41 Testing door control system
10.42 Output and input behavior obtained from transition tour of Figure 10.40
10.43 Test behavior obtained by refining if part in Figure 10.42
10.44 Test behavior that can receive unexpected events (derived from Figure 10.43)
10.45 Core behavior of test case for testing door control system (derived from Figure 10.44)
10.46 User interface of ATM
10.47 Binding of buttons with user options
10.48 Binding of buttons with cash amount
10.49 FSM G
10.50 FSM H
10.51 FSM K
10.52 Nondeterministic FSM
11.1 State transition diagram of requirement
11.2 Test suite structure
11.3 Service interworking between FR and ATM services
11.4 Transformation of FR to ATM cell
11.5 FrAtm test suite structure
11.6 State transition diagram of a test case
11.7 State transition diagram of test case result
12.1 Concept of cycle-based test execution strategy
12.2 Gantt chart for FR–ATM service interworking test project
12.3 Broad criteria of test automation tool evaluation
12.4 Test selection guideline for automation
12.5 Characteristics of automated test cases
12.6 Six major steps in automated test case
12.7 Components of a automation infrastructure
13.1 State transition diagram representation of life cycle of defect
13.2 Projected execution of test cases on weekly basis in cumulative chart form
13.3 PAE metric of Bazooka (PE: projected execution; AE: actually executed) project
13.4 Pareto diagram for defect distribution shown in Table 13.12
13.5 Cause–effect diagram for DCA
15.1 Relationship between MTTR, MTTF, and MTBF
15.2 Graphical representation of operational profile of library information system
15.3 Failure intensity λ as function of cumulative failure µ (λ0 = 9 failures per unit time, ν0 = 500 failures, θ = 0.0075)
15.4 Failure intensity λ as function of execution time τ (λ0 = 9 failures per unit time, ν0 = 500 failures, θ = 0.0075)
15.5 Cumulative failure µ as function of execution time τ (λ0 = 9 failures per unit time, ν0 =500 failures, θ = 0.0075)
16.1 Structure of test groups
16.2 Structure of software quality assurance group
16.3 System test team hierarchy
16.4 Six phases of effective recruiting process
16.5 System test organization as part of development
17.1 Relation between quality factors and quality criteria [6]
17.2 ISO 9126 sample quality model refines standard’s features into subcharacteristics. (From ref. 4. © 1996 IEEE.)
18.1 CMM structure. (From ref. 3. © 2005 John Wiley & Sons.)
18.2 SW-CMM maturity levels. (From ref. 3 © 2005 John Wiley & Sons.)
18.3 Five-level structure of TMM. (From ref. 5. © 2003 Springer.)