M.A.S.E testing (Manual Automated Scripted Exploratory) 20 June 2013
Keith Stobie So ware Quality Engineering Architect, TiVo Copyright © 2013 Keith Stobie, TiVo
testmuse.wordpress.com 1
Keith Stobie
ASQ CSQE. BBST Founda ons graduate. ISTQB FL. Member of AST, ASQ, ACM, and IEEE, also SASQAG and PSQNC 20 June 2013 Protocol Quality Assurance Process Model-Based Quality Assurance of Protocol Documenta on, STVR, 2011 Too Darn Big to Test – ACM Queue vol.3 (#1)-Feb.2005 Tes ng for Excep ons, STQE, July/Aug. 2000, 12-16 Keynoted at CAST 2007 and MBT-UC 2012 Test Architecture, Test Design, Test Automa on Copyright © 2013 Keith Stobie, TiVo Test Methodology TiVo, Bing, Microso servers & tools, BEA, Informix, Tandem 2
Context
• Scripted versus exploratory dimension and its interac on with manual versus automated.
• Learn about the forces that influence when automa on 20 June 2013 or manual tes ng is most appropriate and • When confirmatory (scripted) or bug finding (exploratory) is most appropriate. • The role and benefit of each type (manual scripted, automated scripted, manual exploratory, automated exploratory). Copyright © 2013 Keith Stobie, TiVo
3 Perfect Software Testing
So ware Tes ng – Cem Kaner Perfect Tes ng – James Bach an empirical Tes ng is the infinite process technical of comparing the invisible inves ga on to the ambiguous 20 June 2013 conducted to provide stakeholders so as to avoid the unthinkable with informa on happening to the anonymous about the quality of the product or service under test
tes ng. IEEE Standard for so ware and system test documenta on
(IEEE Std 829-2008) Copyright © 2013 Keith Stobie, TiVo (A) An ac vity in which a system or component is executed under specified condi ons, the results are observed or recorded, and an 4 evalua on is made of some aspect of the system or component. (B) To conduct an ac vity as in (A). Exhaustive vs. Pragmatic Testing
Exhaus ve / Complete Tes ng execute program on all possible inputs and compare actual to expected behavior.
• Could “prove” program correctness. 20 June 2013 • Not prac cal for any non-trivial program. Comprehensive Tes ng • Usually some (coverage) criteria. Pragma c tes ng Select a vanishingly small % of all possible tests. Copyright © 2013 Keith Stobie, TiVo Goal: Execu ng the ny % of test will uncover a large % of the defects present. 5 A tes ng method is essen ally a way to decide which ny % to pick.
Associations
Are you familiar with the term: Manual Tes ng? 20 June 2013 Automated Tes ng? Scripted Tes ng? Exploratory Tes ng?
It is tradi onal for testers to be untrained in what I consider the basic cogni ve skills of excellent tes ng. It is tradi onal, I suppose, for testers to have almost no ability to defend what they do, except through the use Copyright © 2013 Keith Stobie, TiVo of clichés and appeals to authority and folklore. That tradi on has poorly served our industry, in my opinion. I'd like to replace that with a tradi on 6 of context-driven, skilled tes ng -- James Bach h p://www.sa sfice.com/blog/archives/58 Manual testing What do you think of? 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
7 Automated testing What do you think of? 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
8 Scripted testing What do you think of?
A test script in so ware tes ng is a set of instruc ons that will be 20 June 2013 performed on the system under test to test that the system func ons as expected. -- h p://en.wikipedia.org/wiki/Test_script
Test script is a set of instruc ons (or steps) to follow in a prescribed sequence. Copyright © 2013 Keith Stobie, TiVo
9 Exploratory testing What do you think of?
Term was coined by Cem Kaner in 1983 in his book Tes ng Computer So ware : “Trust your ins ncts” 20 June 2013 Updated descrip on by James Bach: “Exploratory tes ng is simultaneous learning, test design, and test execu on, with an emphasis on learning” Design as you test No test scripts
Learn as you test Copyright © 2013 Keith Stobie, TiVo Adapt as you test Agile testing No detailed test planning 10 Lightweight test Find new bugs all the time h p://blogs.msdn.com/b/anu hara/archive/2011/10/20/exploratory-tes ng-introduc on.aspx h p://swtester.blogspot.com/2012/05/what-is-exploratory-tes ng.html Continuum
h p://swtester.blogspot.com/2012/05/ what-is-exploratory-tes ng.html 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
11 Test & Test Case (IEEE)
3.1.39 test: (A) A set of one or more test cases. (B) A set of one or more test procedures. 20 June 2013 (C) A set of one or more test cases and procedures. (D) The ac vity of execu ng (A), (B), and/or (C). test case. IEEE Standard for so ware and system test documenta on (1) (IEEE Std 610.12-1990) A set of test inputs, execu on condi ons, and expected results developed for a par cular objec ve, such as to exercise a par cular program path or to verify compliance Copyright © 2013 Keith Stobie, TiVo with a specific requirement. (2) (IEEE Std 829-2008) Documenta on specifying inputs, predicted 12 results, and a set of execu on condi ons for a test item. ScriptedóExploratory Continuum vague fragmentary freestyle exploratory pure scripted scripts test cases charters tours roles 20 June 2013 h p://www.qualitestgroup.com/media/presenta ons/ PPT_Exploratory_Tes ng_Explained.pdf exploratory side of the con nuum
Itkonen, Juha; Mika V. Mäntylä and Casper Lassenius (2007). "Defect Detec on Efficiency: Test Case Based vs. Exploratory Tes ng" no significant differences in defect detec on efficiency between {manually execu ng} test case based tes ng (TCT) and {manual} exploratory tes ng (ET). [However TCT took more me – to prepare the test cases] Copyright © 2013 Keith Stobie, TiVo no benefit in terms of defect detec on efficiency of using predesigned test cases in comparison to an exploratory tes ng approach. – BJ Rollins, 13 h p://www.sigist.org.il/_Uploads/dbsA achedFiles/Empirical_Evalua oness.pdf
Defect Detection Efficiency: Test Case Based vs. Exploratory Testing
79 advanced so ware engineering students performed manual func onal tes ng on an open-source applica on with actual and seeded defects. 20 June 2013 Phase Group 1 Group 2 Prepara on Test cases for feature set A Test cases for feature set B session 1 Test case based tes ng Feature Exploratory tes ng Tes ng 90 min set A Feature set A session 2 Exploratory tes ng Tes ng Test case based tes ng Feature 90 min Feature set B set B The distribu ons of detected defects did not differ significantly Copyright © 2013 Keith Stobie, TiVo regarding technical type, detec on difficulty, or severity.
TCT produced significantly more false defect reports than ET. 14 Surprisingly, our results show no benefit of using predesigned test cases in terms of defect detec on efficiency, emphasizing the need for further studies of manual tes ng.
Empirical Evaluation of Exploratory Testing Effectiveness
No significant differences between the two approaches in terms of the detected defect types, severi es, or detec on difficulty. 20 June 2013 Difference in cri cality of defects between the 2 approaches is sta s cally significant • ET more likely to iden fy behavioral issues (e.g., “look and feel”) • Scripted tests more likely to iden fy technical defects (computa onal / code level) • Both approaches may miss cri cal defects The overall effec veness of both exploratory tes ng and Copyright © 2013 Keith Stobie, TiVo designing effec ve scripted tests depends heavily upon the individual tester’s professional knowledge of the system and 15 tes ng! Automated óManual Continuum? Rule #1C: If you have a great automated test, it’s not the same as the manual test that you believe
you were automa ng. 20 June 2013 Manual Tests Rule #1B: If you can truly automate Cannot Be a manual test, it couldn’t have Automated been a good manual test. h p://www.sa sfice.com/ blog/archives/58 If you read and hand-execute the - James Bach code– if you do exactly what it “human eyes, ears, hands, tells you– then congratula ons, and brains are engaged in you will have performed a poor Copyright © 2013 Keith Stobie, TiVo the execu on of the test” – manual test. Michael Bolton 16 #1: A good manual test cannot be automated. Technique vs. Approach
• A technique is a specific method that is used to accomplish a specific goal.
• An approach is the overall manner in which you act. 20 June 2013 • Exploratory Tes ng is an approach to tes ng. • All test techniques (i.e. manual, func onal) can be done in an exploratory way or a scripted way (predefined test procedures, whether manual or automated) Copyright © 2013 Keith Stobie, TiVo • You can work in an exploratory way at any point in tes ng1 h p://www.qualitestgroup.com/media/presenta ons/ 1 h p://www.tes ngeduca on.org/BBST/exploratory/ 17 PPT_Exploratory_Tes ng_Explained.pdf BBSTExploring.pdf Random vs. Ad Hoc vs. Exploratory “To the extent that the next test we do is influenced by the result of the last test we did, we are doing exploratory tes ng. “ – James Bach 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
18
h p://qatestlab.com/services/No-Documenta on/ad-hoc-tes ng/ Coder - Domain Expert continuum
Automated Manual
20 June 2013
Coder Domain Expert
xUnit Keyword Ac on word Gherkin Rspec
test Copyright © 2013 Keith Stobie, TiVo libraries FIT scriptless flowchart 19 Automation goal 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
20 h p://www.methodsandtools.com/archive/archive.php?id=94 Continuum combinations
Exploratory – find bugs does not guarantee any type of coverage Numerous heuris cs
20 June 2013 Automated Exploratory Manual Exploratory
Automated Scripted Manual Scripted
Scripted – Confirma on requires some knowledge of upfront results
Automated – requires hardware and so ware Copyright © 2013 Keith Stobie, TiVo may miss side-effect issues 21 Manual – requires human (even if computer assisted) may miss minor issues . Keith’s History & Experience Mostly an automated script tester of Systems and Services (backend). Wrote tools for exploratory API tes ng. Did large scale system tes ng using random load 20 June 2013 generators. Rare bouts of manual tes ng: Bing, Doyenz, TiVo Three years of Model Based Tes ng to automa cally generate test scripts. Limited GUI tes ng (manual or automated) [not my focus] Copyright © 2013 Keith Stobie, TiVo Manual Scripted: 5% Automated Scripted: 85% 22 Manual Exploratory: 5% Automated Exploratory: 5% Manual Exploratory
Google “Z” safe off Bing – Defects every week
Ken Johnston 20 June 2013 Single le er queries – inappropriate results Bing log analysis : Big Data Abandonment analysis – naviga onal queries on images.
Copyright © 2013 Keith Stobie, TiVo Bing “s” (moderate) 23 Search Images Navigation 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
24 TiVo Manual Exploratory bugs
Take home builds
20 June 2013 TiVo Copyright © 2013 Keith Stobie,
Click 25 Login Manual Detail Charter 20 June 2013
Enter Username and Password Outline
• Click mouse in username field to place cursor in username field. Type “testuser”.
• Click mouse in password field to place cursor in Copyright © 2013 Keith Stobie, TiVo Specific password field. Type “Pa$$w0rd” • Click on login bu on 26 Specific Ac on LoginEnteringUsernameAndPassword • • •
string username, string password) Username.Enter Username.Enter Mouse.Position Mouse.Position LoginButton.Click Automated Details (“ (“Pa$$w0rd”) (password).Click (username).Click testuser
”) ( 27 Copyright © 2013 Keith Stobie, TiVo 20 June 2013 TiVo Manual Script Test Case 120527: Record from Live TV
Objec ve Verify that the TCD is able can make a recording from live TV
Steps 20 June 2013 1. Press the Live TV bu on 2. Press the Channel Up bu on to change channels and verify A 3. Wait awhile to build up some video in the cache 4. Press the Record bu on 5. Press select on the "Record this showing" menu item 6. Allow some me to pass 7. Press the Record bu on 8. Press the down bu on then select to select "Stop the current recording" 9. Press the TiVo bu on (you'll go to the main screen) 10. Press the Select bu on. You should be on My Shows (or what ever its name for that product) 11. Verify B Copyright © 2013 Keith Stobie, TiVo
Expected Results A. Verify the new channel has video that is correctly displayed 28 B. Verify the recorded show is present at the top of the show list if you are sorted by date
TiVo Manual Script Test Case 108864 Direct Tuning - cable channels
Objec ve
Verify able to direct tune cable channels. 20 June 2013 Steps 1. key in a cable channel number from liveTV such as 201 2. verify A Expected Results
A. Able to tune cable channel Copyright © 2013 Keith Stobie, TiVo
29 TiVo Automated script Test Case 108864 Direct Tuning - cable channels
$controller->gotoScreen('central’)
$controller->gotoLiveTVChannel($channel); 20 June 2013 $result = $controller->{'screendump'} ->parseScreenDump(filefilter => "livetv.xsl"); $tuned_channel = $result->{'channel-number'}; if ( $channel ne $tuned_channel ) { $self->setError("Not able to tune to Channel.");
return FAILURE; Copyright © 2013 Keith Stobie, TiVo } 30 return SUCCESS; Automated Scripted Testing Pros • Low learning curve, no special tools • Low risk, done it for years • Reach, everyone can do it, no tools required • Predictable, repeatable 20June 2013 • Success, proven mechanism to find bugs
Cons • Tests require a lot of code, every scenario • Expensive to maintain, cleanup actually lasts for years • Test issues, far surpass product bugs • Low coverage, out of the box Copyright © 2013 Keith Stobie, TiVo • Rigid, difficult to improve, change, or just keep up to date • Sta c, stop finding bugs, same scenarios, missing bugs • Doesn’t scale, increasing feature sets, complexity, dependencies 31
Ed Triou What’s a Model?
A model: Is an abstrac on or simplified representa on of the system from a 20 June 2013 par cular perspec ve Supports inves ga on, discovery, explana on, predic on, or construc on May be expressed as a descrip on, table, graphical diagram, or quan ta ve mathema cal model Is not necessarily comprehensive
Copyright (c) 2002 Elisabeth Hendrickson, Quality Tree So ware, Inc. Copyright © 2013 Keith Stobie, TiVo 32 Models in Everyday Life 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
33
Inspired by :“Modeling: A Picture's Worth 1000 Words” Copyright (c) 2002, Quality Tree So ware, Inc. Manual Model Exploration End API Simple Finite State Machine (FSM) of an API. Not Started Test Cases (input sequences) 1. begin; end; end endAPI
2. begin; begin beginAPI 20 June 2013 3. end; 4. begin; end; begin; end Proces- sing // Some WCF service interface [ServiceContract] public interface IService begin { API
[OperationContract(AsyncPattern = true)] Copyright © 2013 Keith Stobie, TiVo IAsyncResult BeginGetCustomers(AsyncCallback callback , object state); List
Accidental – thro led process crea on
Dumb Monkey & Fuzzing – Random input 20 June 2013 Random failures – similar to Chaos monkey Random stress tes ng
Copyright © 2013 Keith Stobie, TiVo
35
Fuzz Testing providing invalid, unexpected, or random data to the inputs of a computer program
History – a dark & stormy night
Fuzz Revisited: A Re-examina on of the Reliability of UNIX ... 20 June 2013 by BP Miller, et al h p://www.opensource.org/advocacy/fuzz-revisited.pdf h ps://www.owasp.org/index.php/Fuzzing Tools list
Copyright © 2013 Keith Stobie, TiVo
36 Fuzz Testing
Goal: push invalid data as far into system as possible. Unexpected input : length and content 20 June 2013 Both Dumb and Smart fuzzing valuable! • Dumb generates data with no regard to the format (data form of dumb Monkey tes ng) • Smart requires knowledge of data format or how data is consumed. The more detailed the knowledge – the be er. Generate - creates new data from scratch Muta on - transforms sample input data to create new input data : add/change/delete data Copyright © 2013 Keith Stobie, TiVo Most fuzzing tools are a mix of each approach 37
Monkey Testing
h p://www.ques oningso ware.com/2007/02/ people-monkeys-and-models.html
Dumb / Wild / Unmanaged
banging on the keyboard by randomly genera ng input (key- 20 June 2013 presses; and mouse moves, clicks, drags, and drops) Smart / Trained / Managed detects available op ons displayed to the user and randomly enters data and presses bu ons that apply to the detected state of the applica on Chaos Monkey (ne lix.com) h p://techblog.ne lix.com/2012/07/chaos-monkey-released-into-wild.html Copyright © 2013 Keith Stobie, TiVo Chaos Monkey is a service which runs in the Amazon Web Services (AWS) that seeks out Auto Scaling Groups (ASGs) and 38 terminates instances (virtual machines) per group.
Flavors of Stress Tests
Load Ensures that system can perform “acceptably” under Input and Resource load both Constant and Varying When capacity\limits are known. Limit 20 June 2013 Equivalent to boundary testing Breakpoint When capacity\limits are not known. Find heaviest load the component can handle, before failure Torture Taking component beyond known or pre-defined min\max limits Duration To run for some amount of time without undue load or failures. (aka “soak” testing)
Synchronization Flush out timing\synchronization\concurrency issues, e.g., Copyright © 2013 Keith Stobie, TiVo multi-thread tests Deterministically inject faults, simulate error conditions Fault Injection 39 Chat Slice where local consistency does matter 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
40 Spec Explorer
point and shoot h p://msdn.microso .com/en-us/library/ee620432.aspx
Move to a par cular state (point), and then explore it
(shoot). 20 June 2013
Also “On The Fly” tes ng – con nue genera ng inputs un l me runs out. (Smart “state” monkey).
Copyright © 2013 Keith Stobie, TiVo
41 www.So wareTes ngSo ware.com Manual Testing Advantages Disadvantages Leverage experience of Testers to me consuming find Defects usable for majority of so ware not suitable for Performance Tes ng, tes ng types Stress Tes ng and Soak Tes ng 20 June 2013 performable in different phases of ROI Is low for tests like Smoke or SDLC Regression Tests performable even when Can lead to defect leakage due to human applica on is not stable miss or error Effec ve when requirements are Not effec ve if tests require valida on of vola le large data sets Effec ve when UI changes are Cannot perform most of the tests related frequent to Security Tes ng Testers can lose interest running same tests over longer period of me Success depends on experience and knowledge of testers Copyright © 2013 Keith Stobie, TiVo
42 Manual/Automated Effectiveness
Manual Effec ve Automated Effec ve Func onal Sanity Unit Smoke 20 June 2013 Exploratory Database Ad-Hoc Regression Integra on API User Acceptance Web Services
Usability Copyright © 2013 Keith Stobie, TiVo Alpha / Beta Compliance 43
h p://www.so waretes ngso ware.com/manual-tes ng/ Differences Between Scripted and Exploratory Testing
Scripted Tes ng Exploratory Tes ng Directed from requirements Directed from requirements and exploring during 20 June 2013 Determina on of test cases well in Determina on of test cases during advance tes ng • Func onality 1 • Func onality 1 Scripted Confirma on of tes ng with the Inves ga on of system or applica on • Func onality 4 requirements Tes ng • Func onality 2 Exploratory Emphasizes on predic on and decision Emphasizes on adaptability and making • Func onality 3 learning Tes ng • Involves confirmed tes ng Involves Inves ga on Func onality 2 • Func onality 4 • Func onality 3
Is about Controlling tests Is about Improvement of test design Copyright © 2013 Keith Stobie, TiVo Like making a speech — you read from Like making a conversion — it’s a dra spontaneous 44 The script is in control The tester’s mind is in control
h p://tes nginterviewsques ons.blogspot.com/2013/01/exploratory-tes ng.html Bene its of Computer-Assisted Testing • Easy test case maintenance • Reduced costs “You can start with a small model and build in the direc on you think will do the most good 20 June 2013 • More test cases for you. “ • Early bug detec on • Increased bug count • Time savings • Time to address bigger test issues Copyright © 2013 Keith Stobie, TiVo • Improved tester job sa sfac on Harry Robinson Exploratory Test Automa on slides from CAST 2010 45 Issues with Random Testing
Verifica on of the result. Easier to have sta c tests with pre-computed outputs.
Very low probability sub-domains 20 June 2013 • likely to be disregarded by random tes ng but cost of failures in those sub-domains may be very high • good reason for using it as a complementary rather than the sole tes ng strategy. Copyright © 2013 Keith Stobie, TiVo
46 Validation & Veri ication
Valida on (requirements confirma on)
• Establishing the fitness of a so ware product for its use. 20 June 2013 • “Are we building the right product?” • Requires interac on with customers
Verifica on (design confirma on) • Establishing the correspondence between the so ware and its specifica on. Copyright © 2013 Keith Stobie, TiVo • “Are we building the product right?” • Requires interac on with so ware 47
h p://www.construx.com/Prac cing_Earl/Doing_Jus ce_to_V_V/ … Confirmaiton Analyze these claims: Becoming a Test Expert – James Bach
You should write a test plan
It’s important that tes ng be repeatable 20 June 2013 Each test case should have an expected result Test automa on saves money and me All tes ng is based on a model of what is being tested Good enough quality is not good enough An undocumented test cannot be improved Exploratory tes ng is a useful prac ce Copyright © 2013 Keith Stobie, TiVo
It’s be er to use the term defect than bug 48 Ambiguity should be removed from requirements Con irmation & Bug Finding
Confirm Find bugs
Quality isn’t worse than before Quality isn’t sufficient 20 June 2013 Support the team Cri que the product Repeatable Unpredictable Copyright © 2013 Keith Stobie, TiVo
49 Automated Business Facing Manual & Manual
Exploratory Tes ng Inc
Func onal Tests Scenarios Examples Usability Tes ng Story Tests DragonFire User Acceptance Tes ng Prototypes Critique (UAT) 20 June 2013 Simula ons Alpha / Beta Q2 Q3 Product Q1 Q4 used with permission.
Supporting the Team Team the Supporting Performance & Load Unit Tests Tes ng Component Tests Security Tes ng Copyright © 2013 Keith Stobie, TiVo Copyright 2009: Lisa Crispin, Janet Gregory – h p://wa rmelon.com/2011/06/10/yet-another-so ware-tes ng-pyramid/ “ility” Tes ng 50
Automated Agile Testing Quadrants Tools Technology Facing Construx Validation Test list Level Test Type Description Notes 0 Unit Do individual code units (i.e., Typically done by developer to modules) work by themselves? check the integrity and functionality of code units. 0 Code Do individual code units work well Typically done by developer to Integration with one another? insure code units interface 20 June 2013 successfully with one another. 1 Build Can the application be successfully Done by Tester Acceptance installed? 1 Smoke Does the build work well enough to Done by Tester be tested? 1 Regression Have bug fixes or design Executed immediately after a enhancements in the code caused successful Smoke Test. Tester other parts of the program to reruns tests proved successful in
malfunction? the previous build. Copyright © 2013 Keith Stobie, TiVo 2 Functional Are all the features and functions Should cover both described in the Functional Front End (UI, GUI) as well as 51 Specifications implemented and Backend (i.e., data validation). working properly? Conducted by QA as Black Box testing. Construx Validation Test list Level Test Type Description Notes 3 Desktop Does the program: Integrates the program into the Configuratio 1) Work in the communications, hardware environment, n/Host hardware and software environment confirms that it can run Integration described in the Requirements concurrently with other typical documents? software and that all 20 June 2013 2) Run successfully with other typical necessary resources (local programs loaded? and remote) can be accessed. 3) Interface successfully with remote Conducted by QA as Black network resources (e.g., database Box testing. servers) and local peripherals (e.g., printers and modems)? 4 Load / Does the program: Finds out how well the Performance 1) Work acceptably fast for the user program handles under less under typical conditions? than optimal conditions. 2) Work acceptably well when subject Managed by QA but often to extreme processor activity or involves automation or Copyright © 2013 Keith Stobie, TiVo volumes of inputs/outputs? volunteer ad hoc testers and 3) Work acceptably well with limited network personnel to create 52 resources? atypical conditions. Level Level 5 4 6 Construx Validation Test list
Production Test in ance Accept- Compliance Security Test Type
/
Is the service: policy/procedure. organizational and government threaten the product Does 2) 1) to expose: threaten the program Does confirmed? systembeen to security end end Has Description with real load load real with 1) path. for error every instructions 5) scenarios user typical 4) functions) and features desired 3) 2) 1) Private Customer Information? Customer Private assets? Corporate Does the service operate correctly correctly operate the service Does offering driven: Error flow and options efficiently driven: flow Control handles user all (includes Correct? Complete? (if applicable) Customizable? to use? Comfortable
continual satisfaction satisfaction continual the system for Monitors satisfaction. user ultimate for the program Checks procedures. and policies organizational and industry governmental, with compliance assures and access from unauthorized information user private assets and corporate of protection Insures Notes
53 Copyright © 2013 Keith Stobie, TiVo 20 June 2013 Static / Dynamic V&V Verifica on(design) & Valida on(requirements)
Sta c
• So ware inspec ons 20 June 2013 • Sta c analysis of source code • control/data flow analysis Dynamic • Defect tes ng – look for errors in func onality
• Load tes ng – look for errors in scalability, performance, Copyright © 2013 Keith Stobie, TiVo reliability. 54 An Evalua on Scheme of So ware Tes ng Techniques, H-D. Chu, Univ. of Newcastle, Dept. of CS, TR 583, June 1997 Software Testing Techniques
So ware tes ng techniques no must execute the so ware? yes Sta c Dynamic no examine yes no code yes 20 June 2013 code syntax? examine? Syntac c Seman c Black-box White-box
How is test data selected? Random Func onal Structural
Test data type generated? Sta s cal Determinis c Classifica on Evalua on Copyright © 2013 Keith Stobie, TiVo Exit Criterion Adequacy Criterion (reliability model) (control / data flow, …) 55
Discrete Con nuous Fault-based Error-based What do you think?
• Is it “tes ng” if you simply run the program to see what
it does? 20 June 2013 • Is requirements confirma on done best with sta c or dynamic tes ng? • Is design confirma on done best with sta c or dynamic tes ng?
Copyright © 2013 Keith Stobie, TiVo
56 A Beginners Guide to Tes ng – Phillip Johnson, Informa on & CS, U. of Hawaii Acceptance Breadth Equivalence Model-Based … Testing Accessibility Business Logic Par oning Muta on Ac ve Code-driven Fault injec on Modularity-driven Sta c Agile Compa bility Formal verifica on Non-func onal Stability Age Comparison Func onal Nega ve Smoke Ad-hoc Component Fuzz Opera onal Storage Alpha Configura on Gorilla Orthogonal array Stress Asser on Condi on Gray Box Pair Structural
API Coverage Glass box Passive System 20 June 2013 All-pairs Compliance GUI so ware Parallel System Integra on Automated Concurrency Globaliza on Path Tes ng in Basis Path Conformance Hybrid Integra on Penetra on Produc on Backward Context Driven Integra on Performance Top Down Compa bility Conversion Interface Qualifica on Integra on Beta Decision Coverage Install/uninstall Ramp Thread Upgrade Benchmark Destruc ve Interna onaliza on Regression Big Bang Integra on Dependency Inter-Systems Recovery Unit Binary Portability Dynamic Keyword-driven Requirements User Interface Copyright © 2013 Keith Stobie, TiVo Black box Domain Load Security Usability Boundary Value Error-Handling Localiza on Sanity Volume Vulnerability Bo om Up End-to-end Loop Scenario 57 White box Integra on Endurance Manual Scripted Scalability Workflow Branch Exploratory Manual-Support Statement Manual Exploratory
+ Cost effec ve one-shot bug discovery - No coverage guarantees, varies every me (for be er or worse) 20 June 2013
Tester requires extensive background or knowledge Numerous heuris cs
Copyright © 2013 Keith Stobie, TiVo
58 Manual Scripted for rapidly changing product + can guarantee some coverage ⬇ Manual exploratory doesn’t guarantee coverage 20 June 2013 ⬇ Automated scripted maintenance can be too high + Costly automa on vs. cheap human Moravec's paradox : reasoning vs. sensorimotor, e.g., sound quality, video quality, captcha - May miss “minor” changes, e.g., typos, wrong font, … Copyright © 2013 Keith Stobie, TiVo • Requires upfront result knowledge Asperger syndrome highly talented specialist people 59
Automated Scripted
+ Guaranteed coverage for slowly or non-changing product - Misses many “side” observa ons, and/or very fragile 20 June 2013 • Requires upfront result knowledge
⬇ Manual Scripted expensive vs. repeated automa on • Manual Exploratory complements large uncovered areas Copyright © 2013 Keith Stobie, TiVo
60 Regression vs Latent
Wri ng tests and running tests both have costs. Run same tests, reduce regression defects. Regression: old code fails due to new code 20 June 2013 Automa on mostly helps here Create new tests, reduce latent defects (always there). Manual tes ng can most help here Copyright © 2013 Keith Stobie, TiVo Regression Latent 61 Old Code New Code Regression Risk vs Code Base
250 Example for 10 itera ons when each new 20 units of code 100% has 5% errors and old code 1% regression errors.
200 20 June 2013 Old Code % of bugs New Code 150 Units of Code Regression Risk 50% due to regression 100
50 Copyright © 2013 Keith Stobie, TiVo
0 0% 1 2 3 4 5 6 7 8 9 10 11 62
Itera on / Sprint / Release Automated Exploratory
+ Finds defects that other approaches miss - Incomplete, can’t cover most of products today 20 June 2013 • Numerous heuris cs
Copyright © 2013 Keith Stobie, TiVo
63 For each Type or Technique an approach to testing
Automated Exploratory Manual Exploratory Pex (pexforfun.com) ModelJUnit, gene c Modifying in the debugger Many tools, e.g. xUnit Unit / Structural Debugger script 20 June 2013 Automated Scripted Manual Scripted
Automated Exploratory Manual Exploratory Broad, not deep Smoke Primary paths (for slow changing) most basic use cases (for fast changing) Automated Scripted Manual Scripted Copyright © 2013 Keith Stobie, TiVo Automated Exploratory Manual Exploratory Model Based Tes ng heuris cs Func onal / Black Box 64 for most common/cri cal no ROI to automate Automated Scripted Manual Scripted Automated Unit Testing Current automa c unit genera on test techniques: • Simple known failure modes (e.g., null parameters as inputs) •
analysis of the data structures used. 20 June 2013 Data structure genera on can be based on Constraint Solvers, Models, and symbolic execu on You may see 100% code coverage, with no results checking! Be aware of results checking thoroughness; not just code coverage. Eclat creates approximate test oracle from a test suite, then uses it to aid in genera ng test inputs likely to reveal bugs or expose new behavior while ignoring those that are invalid Copyright © 2013 Keith Stobie, TiVo inputs or that exercise already-tested func onality 65 Manual Script Exactness Avoiding Overkill in Manual Regression Tes ng - Lisa Shepard h p://www.uploads.pnsqc.org/2012/papers/t-46_Shepard_paper.pdf
20 June 2013 Copyright © 2013 Keith Stobie, TiVo
66 Document the Intention of the Test Avoiding Overkill in Manual Regression Tes ng - Lisa Shepard 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
67 Manual Exploratory 20 June 2013 Copyright © 2013 Keith Stobie, TiVo
68
Jonathan Kohl, h p://www.methodsandtools.com/archive/archive.php?id=65 Marick hypothesis:
h p://www.exampler.com/blog/2008/03/23/an-alterna ve-to-business-facing-tdd/
An applica on built with programmer TDD, whiteboard-
style and example-heavy business-facing design, 20 June 2013 exploratory tes ng of its visible workings, and some small set of automated whole-system sanity tests will be cheaper to develop and no worse in quality than one that differs in having minimal exploratory tes ng, done through the GUI, plus a full set of business-facing TDD tests derived from the example-heavy design.
Copyright © 2013 Keith Stobie, TiVo
69 Automated Exploratory Testing
Gene c Algorithms -- global op miza on vs random
Unit, Func onal, Concurrency 20 June 2013 Guided -- Kyle A. Larsen – coverage explora on of virus detec on Don Sleuts – SQL grammar & nega ve grammar
Large (e.g. nested) SQL legal inputs Copyright © 2013 Keith Stobie, TiVo SQL almost correct (SQL monkey, Fuzzing) 70 Basic outline of Genetic Algorithm Input vars == genes, set of inputs == chromosomes.
Ini alize (popula on) -- global op miza on
Evaluate (popula on) 20 June 2013 While (stopping condi on not sa sfied) { Selec on (popula on) -- most fit => most likely to swap Crossover (popula on) -- swap “genes” Mutate (popula on) -- small changes to small group Evaluate (popula on) -- kill off less fit Copyright © 2013 Keith Stobie, TiVo } 71 A Survey on So ware Tes ng Techniques using Gene c Algorithm JCSI Interna onal Journal of Computer Science Issues, Vol. 10, Issue 1, No 1, January 2013 ISSN (Print): 1694-0784 | ISSN (Online): 1694-0814 h p://ijcsi.org/papers/IJCSI-10-1-1-381-393.pdf Testing real-time systems using genetic algorithms
use gene c algorithms to find inputs with the longest or
shortest execu on mes automa cally. 20 June 2013 check whether they produce a temporal error. The fitness func on is the execu on me measured in processor cycles. Experiments using gene c algorithms on a number of programs with up to 1511 LOC and 843 integer input
parameters have successfully iden fied new longer and Copyright © 2013 Keith Stobie, TiVo shorter paths than had been found using random tes ng or systema c tes ng. 72
So ware Quality Journal, 1997, Volume 6, Issue 2, pp 127-135 Machine vs. Human
Machine Human Chess Play (deep search) Chess Play (pa ern match) Learning (training data) Learning 20 June 2013 Exploring Exploring
Advanced Chess is a form of chess developed in 1998 by Kasparov where a human plays against another human, and both have access to computers to
enhance their strength. Copyright © 2013 Keith Stobie, TiVo Argued by Kasparov to be stronger than a human or computer alone 73 What Is Exploratory Test Automation?
“Computer assisted tes ng
that supports learning of new informa on 20 June 2013 about the quality of the so ware under test” -- Douglas Hoffman & Cem Kaner “automated” tests are en rely scripted tests – Michael Bolton
Copyright © 2013 Keith Stobie, TiVo
74 For each Type or Technique an approach to testing
Automated Exploratory Manual Exploratory (aka Stress!) Performance Poke & Measure Many tools “exercises” 20 June 2013 Automated Scripted Manual Scripted
Automated Exploratory Manual Exploratory Reachability, GUITAR, AUTO Usability Works for me? Automated checks Specifics to look for Automated Scripted Manual Scripted Copyright © 2013 Keith Stobie, TiVo Automated Exploratory Manual Exploratory Dynamic fuzzing Social a acks Security 75 Script kiddies Captcha Automated Scripted Manual Scripted Memes about Test Automation
“Automated tests represent the automa on of a manual process.” – Harold F. Tipton, Micki Krause 20 June 2013 “The most important benefit of automated tes ng over conven onal manual tes ng is the minimiza on of costs over repeated tests.” – Markus Helfen, Michael Lauer “I have never been convinced that finding ‘new’ bugs is a realis c expecta on for test automa on.” – I.M. Testy “A er you have run your automated tests for the first me, you are done finding new bugs. Never again will you find a new issue. ” – Steve Rowe Copyright © 2013 Keith Stobie, TiVo
“Running automated test scripts can not be used to find new 76 bugs in the so ware ...” – Cordell Vail
The Net lix Simian Army h p://techblog.ne lix.com/2011/07/ne lix-simian-army.html
Chaos Monkey randomly disables produc on instances
Freely available on github 20 June 2013 Latency Monkey induces ar ficial delays Security Monkey finds security viola ons or vulnerabili es 10-18 Monkey (short for Localiza on-Interna onaliza on, or L10n-i18n) detects configura on and run me problems in instances serving customers in mul ple geographic regions, using different languages and character sets. Copyright © 2013 Keith Stobie, TiVo Chaos Gorilla simulates an outage of an en re Amazon 77 availability zone. Hybrid Approach An Innova ve Approach to Model-based Tes ng Heuris c Search Phases
Random Search Phases • Hybrid approach combines pure random tes ng with heuris c search strategies in interleaving phases to increase overall coverage • User can choose between various coverage goals, exit criteria and search strategies
TestIstanbul Conferences 2012 Fake Traf ic (capacity test)
User Frontend Backend Service Requests service service 20 June 2013 replayed Requests Data Data Feed Produc on
Test Copyright © 2013 Keith Stobie, TiVo
79 Capacity test a single service, or en re offering (via the frontend) From: Greg Veith – Workshop on Performance & Reliability 2010 (WOPR14) Modern Cap Generation Toolset DC1 DC3 Monitoring system Monitoring system
Capacity clients Capacity clients
VIP VIP 20 June 2013
Bing Entry point Controller Bing entry point
DC2 DC…n Monitoring system Monitoring system
Capacity clients Capacity clients
VIP VIP
Bing Entry point Bing entry point Copyright © 2013 Keith Stobie, TiVo
1. Controller drives each of the clients across any/all DCs 80 2. Capacity is generated within each datacenter to avoid cross-DC network u liza on 3. Controller pulls data from monitoring system auto-thro ling based on SLA 4. 2 -3 engineers required for a typical full scale test Harry Robinson Rules of Thumb
Consistency Heuris c
Birthdates 20 June 2013
Abraham Lincoln 2/12/1809 Abe Lincoln 12/2/1809
Copyright © 2013 Keith Stobie, TiVo
81 Exploratory Test Automation www.kaner.com/pdfs/highvolCSTER.pdf Examples h p://www.associa onforso waretes ng.org/wp-content/files/ Kaner_Hoffman-ExploratoryTestAutoma on.pdf 1. Disk buffer size 2. Simulate events with diagnos c probes
3. Database record locking 20 June 2013 4. Long sequence regression tes ng 5. Func on equivalence tes ng (sample or exhaus ve comparison to a reference func on) 6. Func onal tes ng in the presence of background load 7. Hos le data stream tes ng 8. Simulate the hardware system under test (compare to actual system) 9. Comparison to self-verifying data Copyright © 2013 Keith Stobie, TiVo 10. Comparison to a computa onal or logical model or some other oracle 11. State-transi on tes ng without a state model (dumb monkeys) 82 12. State-transi on tes ng using a state model (terminate on failure rather than a er achieving some coverage criterion) 13. Random inputs to protocol checkers For More Information
Keith Stobie TiVo 20 June 2013 h p://testmuse.wordpress.com/ [email protected] Copyright © 2013 Keith Stobie, TiVo
83 References Exploratory Tes ng h p://blogs.msdn.com/b/anu hara/archive/2011/10/20/exploratory- tes ng-introduc on.aspx h p://tes nginterviewsques ons.blogspot.com/2013/01/exploratory- 20 June 2013 tes ng.html h p://wa rmelon.com/2011/06/10/yet-another-so ware-tes ng- pyramid/ h p://swtester.blogspot.com/2012/05/what-is-exploratory- tes ng.html h p://www.sa sfice.com/ar cles/what_is_et.shtml h p://www.goforexam.in/2012/01/what-is-difference-between- scripted.html Copyright © 2013 Keith Stobie, TiVo h p://www.methodsandtools.com/archive/archive.php?id=65 84 h p://www.tes ngeduca on.org/BBST/exploratory/BBSTExploring.pdf
References Automated Exploratory h p://www.associa onforso waretes ng.org/wp-content/
files/Kaner_Hoffman-ExploratoryTestAutoma on.pdf 20 June 2013 kaner.com/pdfs/VISTACONexploratoryTestAutma on.pdf www.kaner.com/pdfs/highvolCSTER.pdf
Harry Robinson Exploratory Test Automa on slides from CAST 2010 Copyright © 2013 Keith Stobie, TiVo
85 References Model Based Tes ng
Hendrickson, E. “A Picture’s Worth 1000 Words,” STQE
Magazine, September/October 2002 20 June 2013 PNSQC 2002 Winant, B. “Modeling Prac ce and Requirements,” S ckyminds.com. Available: h p://www.s ckyminds.com/ se/s3565.asp Harry’s Model-Based Tes ng website:
h p://www.geoci es.com/model_based_tes ng/ Copyright © 2013 Keith Stobie, TiVo
86 References Manual vs Automated h p://www.so waretes ngso ware.com/manual-tes ng/ h p://www.methodsandtools.com/archive/archive.php? 20 June 2013 id=94 h p://qatestlab.com/services/We-Are-Professionals-in/ automated-tes ng/ Copyright © 2013 Keith Stobie, TiVo
87