读书笔记-Software Testing(By Ron Patton)

Software Testing

• Part I:The Big Picture
  • 1.Software Testing Background

    • Bug's formal definition

      • 1.The software doesn't do something that the product specification says it should do.

        2.The software does something that the product specification says it shouldn't do.

        3.The software does something that the product specification doesn't mention.

        4.The software doesn't do something that the product specification doesn't mention but should.

        5.The software is difficult to understand,hard to use,slow,
        or in the software tester's eyes will be viewed by the end user as just plain not right.

      The sources of Bugs

      • 1.Spesification
        • The spec isn't written
        • The spec isn't thorough enough
        • The spec is constantly changing
        • Not communicated well to the entire development team
      • 2.Design
        • It's rushed
        • It's changed
        • Not well communicated
      • 3.Code
        • The Software's complexity
        • Poor documentation
        • Schedule pressure
        • Plain dumb mistakes
      • 4.Other
        • False positives
        • Duplicate bugs
        • Testing errors
        • etc.

      The costs increase tenfold as time increases

      The goal of a software tester is to find bugs,
      
      find them as early as possible,
      
      and make sure they get fixed

  • 2.Software Development Process
    • Hidden efforts

      • Customer Requirements

        Specification

        Schedules,such as the Gantt chart

        Software Design Documents,

        to plan and organize the code that is to be written

        Test Documents

        • Test plan
        • Test cases
        • Bug reports
        • Test tools and automation
        • Metrics,statistics,summaries
    • Lifecycle models
      • Big-Bang
        • The only virtue is simple
      • Code-and-Fix
        • A good introduction to software development
      • Waterfall
        • Three important things
          • 1.There's a large emphasis on specifying what the product will be
          • 2.The steps are discrete;there's no overlap
          • 3.There's no way to back up.
        • Disadvantage:Testing occurs only at the end
      • Spiral
        • Steps
          • 1.Determine objectives,alternatives and constraints
          • 2.Identify and resolve risks
          • 3.Evaluate alternatives
          • 4.Develop and test the current level
          • 5.Plan the next level
          • 6.Decide on the approach for the next level
        • Virtue:the lower costs and finding problens earlier
  • 3.The Realities of Software Testing
    • Testing Axioms
      • It's impossible to test a program completely
      • Software testing is a risk-based exercise
      • Testing can't show that bugs don't exist
      • The more bugs you find,the more bugs there are
      • The pesticide paradox
        • The more you test software,the more immune it becomes to your tests
      • Not all the bugs you find will be fixed
        • There's not enough time
        • It's really not a bug
        • It's too risky to fix
        • It's just not worth it
      • When a bug's a bug is difficult to say
      • Product specifications are never final
      • Software tester aren't the most popular members of a project team
        • Find bugs early
        • Temper your enthusiasm
        • Don't just report bad news
      • Software testing is a disciplined technical profession
• Part II:Testing Fundamentals
  • 4.Examining the specification
    • High-Level Review

      • Pretend to be the customer

        • Don't forget about software security

        Research existing standards and guidelines

        • Corporate Terminology and Conventions
        • Industry Requirements
        • Government Standards
        • Graphical User Interface（GUI）
        • Security Standards

        Review and test similar software:

        Scale,Complexity,Testability,Quality/Reliability,Security

    • Low-Level Review

      • Attributes checklist(Flush out oversights and omissions):

        Complete,Accurate,Precise and clear,Consistent,Relevant,Feasible,Code-free,Testable

        Terminology checklist:

        Help assure that all the details are defined

        • Always,every,all,none,never
        • Certainly,therefore,clearly,obviously,evidently
        • Some,sometimes,often,usually,ordinarily,customarily,most,mostly
        • Etc.,and so forth,and so on,such as
        • Good,fast,cheap,efficient,small,stable
        • Handled,processed,rejected,skipped,eliminated
        • If...then..(but missing else)
  • 5.Black-Box Testing
    • Dynamic Black-Box Testing
      • Testing without knowing exactly how it works with
      • Entering inputs,receiving outputs and checking the results according to the specification
    • Test-to-Pass and Test-to-Fail
    • Equivalence Partitioning
      • Similar inputs,similar outputs and similar operation
    • Data Testing

      • Buffer overruns are the number one cause of software security issues,it's caused by boundary condition bugs

        Sub-boundary conditions:Powers-of-Two

        Null:default,empty,blank,null,zero,and none

        Bad data:invalid,wrong,incorrect,and garbage data

    • State Testing

      • The one side of software:the data-the numbers,words,inputs,outputs

        The other side:to verify the program's logic flow through it's various states.

        Test-to-pass：State transition map

        • The following items:
          • Each unique state that the software can be in
          • The input or condition that takes it from one state to the next
          • Set condition and produced output when a state is entered or exited
        • Reducing the number of state and transitions to test
          • Visit each state at least once
          • Test the state-to-state transitions that look like the most common or popular
          • Test the least common paths betwee states
          • Test all the error states and returning from the error states
          • Test random state transitions

        Test-to-fail：Testing states to fail

        • Race conditions and bad timing
        • Repetition testing
          • The main reason is to look for memory leaks
        • Stress testing
          • Look at the software and determine what external resources and dependencies it has
        • Load testing
          • Don't forget about time as a load testing variable
        • Other Black-Bos test techniques
          • Behave like a dumb user
          • Look for bugs where you've already found them
          • think like a hacker
          • follow experience,intuition,and hunches
  • 6.Examining the Code:white-box testing

    • reason

      • Obvious reason:to find bugs early

        Other reason:gives the team's black-box testers ideas for test cases to apply when they receive the software for testing

      Formal review(structural analysis):

      Static white-box testing

      • Essential elements
        • Identify problems
        • Follow rules
        • Prepare
        • Write a report
      • Indirect results:communications,quality,team camaraderie,solutions
      • The method
        • Peer reviews:the easiest way
        • Walkthroughs:having at least one senior programmer as a reviewer
        • Inspections:the presenter or reader isn't the original programmer
        • Check the coding standards and guidelines
      • Generic code review checklist

        • Data reference errors:the primary cause of buffer overrun

          Caused by using a vareable,constant,array,string,or record that hasn't been properly declared or initialized for how it's bing used and referenced

          Data declaration errors:

          Caused by improperly declaring or using variables or constants.

          Computation errors:math

          Comparison errors:Suseptible to boundary condition problems

          Control flow errors:The result of loops and other control constructs in the  language not behaving as expected

          Subroutine parameter errors:incorrent passing of data

          Other:languages,Protable,Compatibility,'warning' or 'informational' messages

      7.Dynamic white-box testing(structural testing):

      Seeing what the code does,directly testing and controlling the software

      • Unit testing

        • Bottom-up----test driver

          Top-down----test stub

          Data coverage:

          Data flow,Sub-boundaries,Formulas and Equations,Error forcing

          Code coverage:

          Statement coverage,Path testing(branch coverage),Condition coverage

      • Iintegration testing
• Part III:Applying Your Testing Skills

  • 8.Configuration Testing

    • The different configuration possibilities:

      The PC,Components,Peripherals,Interfaces,Options and memory,Device drivers

      Decision-making process

      • 1.Decide the types of hardware you'll need
      • 2.Decide whar hardware Brands,models,and device drivers are available
      • 3.Decide which hardware features,modes,and options are possible
      • 4.Pare down the identified hardware configurations to a manageable set
      • 5.Identify your software's unique features that work with the hardware configurations
      • 6.Design the test cases to run on each configuration
      • 7.Execute the testing and rerun until the results satisfy your team

    9.Compatibility Testing

    • The job:checking that your software interacts with and shares information correctly with other software

      The goal:to make sure that this interaction works as users would expect

      1.Platform and application versions

      • Backward and forward compatibility

        The inpact of testing multiple versions:

        Popularity,Age,Type,Manufacturer

      2.Standards and guidelines

      • High-level:Guide your product's general operation
      • Low-level:The nitty-gritty details

      3.Data sharing compatibility

      • File save and file load
      • File export and file import
      • Cut,copy,and paste
      • DDE,COM,and OLE

    10.Localization Testing/Internationalization Testing
    (Foreign-Language Testing)

    • Translation Issues

      • Text expansion

        • A good rule:to expect up to 100 percent increase in size of individual words on a button

        ASCII,DBCS,and Unicode

        Hot keys and shortcuts

        Extended characters

        • to look for all the places that your software can accept character input or send output

        Computations on characters

        • word sorting
        • uppercase and lowercase conversion
        • Spellchecking ,etc.

        Reading left to right and right to left

        Text in graphics

        Keep the text out of the code:

        all text strings, error messages, and really anything that could possibly be translated should be stored in a separate file independent of the source code

      Localization Issues(native culture):

      Content,Data formats(formats for data units)

      Configuration and Compatibility Issues

      • Foreign platform configurations
        • Keyboards:the largest language dependencies piece of hardware
        • Print,Paper sizes
        • Communication protocol
      • Data compatibility

    11.Usability Testing:

    The appropriate, functional, and effective of interaction

    • GUI testing:

      Graphical user interfaces

      • Important trait:Follows standards and guidelines,Intuitive,Consistent,Flexible,Comfortable,Correct,Useful

      Accessibility Testing:

      For the disabled

    12.Testing the Documentation

    • Packaging text and graphics

      Marketing material,ads,and other inserts

      Warranty/registration

      EULA:End User License Agreement

      Labels and stickers:
      
      the box,printed material,serial number stickers and labels that seal the EULA envelope

      Installation and setup instructions,User's manual,Online help

      Tutorials,wizards,and CBT(Computer based training)

      Samples,examples,and templates

      Error messages

    13.Testing for Software Security

    • It is a test-to-fail activity

      Buffer Overrun

      • Buffer overruns caused by improper handling of strings are by far the most common coding error
      • Using safe string functions

      Latent data:

      Data that "stays around" and isn't deleted from user to user

      • RAM slack
      • Disk slack

    14.Website Testing

    • Black-Box Testing

      • Text:the regular text and text what's contained in the graphics, scrolling marquees, forms, and so on

        Don't forget the text layout issues

        Hyperlinks:Look for orphan pages

        Graphics:make sure that the text wraps properly around the graphics

        Forms:the text boxes, list boxes, and other fields for entering or selecting information

        Objects and other simple miscellaneous functionality

      Gray-Box Testing:

      HTML and web pages

      White-Box Testing

      • Dynamic content:

        such as the time

        Database-Driven web pages:

        Such as the inventories of e-commerce web pages

        Programmatically created web pages

        Server performance and loading

        Security

      Configuration and Compatibility Testing

      • Hardware platform,browser software and version
      • Browser plug-ins,Options
      • Video resolution and color depth
      • Text size
      • Modem speeds

      Usability Testing

      • Gratuitous Use of Bleeding-Edge Technology
      • Scrolling Text, Marquees, and Constantly Running Animations
      • Long Scrolling Pages
      • Non-Standard Link Colors
      • Outdated Information
      • Overly Long Download Times
      • Lack of Navigation Support
      • Orphan Pages
      • Complex Website Addresses (URLs)
      • Using Frames
• Part IV:Supplementing Your Testing
  • 15.Automated Testing and Test Tools

    • The Benefits

      • Speed,Efficiency,Accuracy and precision,

        Resource reduction,Simulation and emulation,Relentlessness

      Test Tools:

      Non-invasive and invasive

      • Viewers and monitors
      • Drivers and stubs
      • Stress and load tools
      • Interference Injectors and Noise Generators
      • Analysis Tools

      Test Automation

      • Macro Recording and Playback

        • The biggest problem is lack of verification

          Playback speed can be another difficulty with macros

          Setting the playback position to be relative to the program's window
          
          rather than absolute to the screen can help

        Programmed Macros

        • Can pause their execution to prompt the tester with an expected result
          
          and a query for her to okay whether the test passed or failed

          Can also solve many timing problems of recorded macros by
          
          waiting for certain conditions to occur before they go on

          Defect:lack of verification,can only loop and repeat

        Fully Programmable Automated Testing Tools:

        Have the ability to perform verification

        Important issuse

        • The software changes

          There's no substitute for the human eye and intuition

          Verification is hard to do

          It's easy to rely on automation too much

          Don't spend so much time working on tools and

          automation that you fail to test the software

          Some tools are invasive and can cause

          the software being tested to improperly fail

  • 16.Bug Bashes and Beta Testing:omit
• Part V:Working with Test Documentation

  • 17.Test Plan

    • The Goal

      • To prescribe the scope, approach, resources, and schedule of the testing activities.
        
        To identify the items being tested, the features to be tested, the testing tasks to be performed,
        
        the personnel responsible for each task, and the risks associated with the plan

    • The Topics

      • High-Level expectations,People-Places-and Things,Definitions,
        
        Inter-groug responsibilities,What will and won't be tested,Test phases,
        
        Test strategy,Resource requirements,Tester assignments,Test schedule,
        
        Test cases,Bug reporting,Metrics and statistics,Risks and issues

    18.Test Cases:

    organization, repeatability, tracking, and proof

    • Test Design:

      Identifiers,Features to be tested,Approach,Test case identification,Pass/fail criteria

      Test Cases:

      Identifiers,Test item,Input specification,Output specification,Environmental needs,Special procedural requirements,Intercase dependencies

      Test Procedures:

      Identifier,Purpose,Special requirements,Procedure steps

      Test Case Organization and Tracking

    19.Test Report

    • The Reasons for not fixing a bug
      • There's not enough time
      • It's really not a bug
      • It's too risky to fix
      • It's just not worth it
      • Ineffective bug reporting
    • Fundamental Principles

      • Report bugs as soon as possible

        Effectively describe the bugs:

        Minimal,Singular,Obvious and general,Reproducible

        Be non-judgmental in reporting bugs

        Follow up on your bug reports

    • Bugs

      • Severily

        • 1.System crash, data loss, data corruption, security breach
        • 2.Operational error, wrong result, loss of functionality
        • 3.Minor problem, misspelling, UI layout, rare occurrence
        • 4.Suggestion

        Priority

        • 1.Immediate fix, blocks further testing, very visible
        • 2.Must fix before the product is released
        • 3.Should fix when time permits
        • 4.Would like to fix but the product can be released as is

        Life cycle:

        New,Open,Review,Fixed,Closed,Rejected,Reopen,Deferred

    20.Measuring Your Success:omit