Orthagonal Array Test Strategy (OATS)

July 8th, 2009

Orthogonal Array Testing Strategy (OATS)

The Orthogonal Array Testing Strategy (OATS) is a systematic, statistical way of testing pair-wise interactions. It provides representative (uniformly distributed) coverage of of all variable pair combinations. This makes the technique particularly useful for integration testing of software components (especially in OO systems where multiple subclasses can be substituted as the server for a client). It is also quite useful for testing combinations of configurable options (such as a web page that
lets the user choose the font style, background color, and page layout).
Orthogonal Array Testing is a statistical testing technique implemented by Taguchi. This method is extremely valuable for testing complex applications and e-comm products. The e-comm world presents interesting challenges for test case design and testing coverage. The black box testing technique will not adequately provide sufficient testing coverage. The underlining infrastructure connections between servers and legacy systems will not be understood by the black box testing team. A gray box testing team will have the necessary knowledge and combined with the power of statistical testing, an elaborate testing net can be set-up and implemented.

The theory:
Orthogonal Array Testing (OAT) can be used to reduce the number of combinations and provide maximum coverage with a minimum number of test cases. OAT is an array of values in which each column represents a variable - factor that can take a certain set of values called levels. Each row represents a test case. In OAT, the factors are combined pair-wise rather than representing all possible combinations of factors and levels.
Orthogonal arrays are two dimensional arrays of numbers which possess the interesting quality that by choosing any two columns in the array you receive an even distribution of all the pair-wise combinations of values in the array.

Why use this technique?
Test case selection poses an interesting dilemma for the software professional. Almost everyone has heard that you can’t test quality into a product, that testing can only show the existence of defects and never their absence, and that exhaustive testing quickly becomes impossible — even in small systems.
However, testing is necessary. Being intelligent about which test cases you choose can make all the difference between (a) endlessly executing tests that just aren’t likely to find bugs and don’t increase your confidence in the system and (b) executing a concise, well-defined set of tests that are likely to uncover most (not all) of the bugs and that give you a great deal more comfort in the quality of your
software.

The basic fault model that lies beneath this technique is:
1. Interactions and integrations are a major source of defects.
2. Most of these defects are not a result of complex interactions such as “When the background is blue and the font is Arial and the layout has menus on the right and the images are large and it’s a Thursday then the tables don’t line up properly.”
3. Most of these defects arise from simple pair-wise interactions such as “When the font is Arial and the menus are on the right the tables don’t line up properly.”
4. With so many possible combinations of components or settings, it is easy to miss one.
5. Randomly selecting values to create all of the pair-wise combinations is bound to create inefficient test sets and test sets with random, senseless distribution of values.

OATS provides a means to select a test set that:
1. Guarantees testing the pair-wise combinations of all the selected variables.
2. Creates an efficient and concise test set with many fewer test cases than testing all combinations of all variables.
3. Creates a test set that has an even distribution of all pair-wise combinations.
4. Exercises some of the complex combinations of all the variables.
5. Is simpler to generate and less error prone than test sets created by hand.

Soni
http://www.amandustechnologies.com
Email: soni@amandustechnologies.com
Tel: +1(415)-944-1435
91-9481482882

Tags: , , , ,
Posted in General | No Comments »

Things to Look for in Code Review

June 24th, 2009

Keep the source clean
• Always delete unused code. Including variables and using statements
• Don’t comment out code, delete it. We have source control to manage change.
General Principles
• The core imperative is to organise complexity.
• Clarity and readability is central. “Intention Revealing”
• Do not prematurely optimise for performance.
• Do not repeat yourself. Never copy-and-paste code.
• Decouple.
• Always try to leave the code you work on in a better state than before you started (the ‘boy scout’ principle)
Naming Conventions
• Naming conventions. We will follow Microsoft’s standard C# naming conventions. http://blogs.msdn.com/brada/articles/361363.aspx. Ignore the bit about putting using statements inside the namespace declaration.
Namespaces
• Namespaces should match the project name + path inside the project. This is what VS will give you by default.
• Classes that together provide similar functions should be grouped in a single namespace.
• Avoid namespace dependency cycles.
Error Handling
• Handling of Integere and other variable overflow, locks and race conditions, resources
• Handle all known and unknown errors in try..catch statement block and fail safe.
• Unexpected errors should only be handled at process boundaries.
• Never ‘bury’ exceptions.
Naming things
• The name should accurately describe what the thing does.
• Do not use shortenings, only use well understood abbreviations.
• If the name looks awkward, the code is probably awkward.
Variables
• Use constants where possible. Avoid magic strings.
• Use readonly where possible
• Avoid many temporary variables.
• Never use a single variable for two different puposes.
• Keep scope as narrow as possible. (declaration close to use)
Methods
• The name should accurately describe what the method does.
• It should only do one thing.
• It should be small (more than 10 lines of code is questionable).
• The number of parameters should be small.
• Public methods should validate all parameters.
• Assert expectations and throw an appropriate error if invalid.
• Avoid deep nesting of loops and conditionals. (Cyclomatic complexity).
Classes
• The name should accurately describe what the class does.
• Classes typically represent data or services, be clear which your class is.
• Design your object oriented schema deliberately.
• A class should be small.
• A class should have one responsibility only.
• A class should have a clear contract.
• A class should be decoupled from its dependencies.
• Favour composition over inheritance.
• Avoid static classes and methods.
• Make the class immutable if possible.
Interfaces
• Rely on interfaces rather than concrete classes wherever possible.
• An interface is a contract for interaction.
• An interface should have a single purpose (ISP)
Tests
• All code should have unit tests if possible.
• Test code should have the same quality as production code.
• Write code test-first wherever possible.

Tags: , , , , , ,
Posted in General | No Comments »

Standards for Software Testing Documentation

June 11th, 2009

Test documentation - IEEE 829 the standard for Software testing Documentation


Standards?

“Why standards? The use of standards simplifies communication, promotes consistency and uniformity, and eliminates the need to invent yet another (often different and even incompatible) solution to the same problem. Standards, whether ‘official’ or merely agreed upon, are especially important when we’re talking to customers and suppliers, but it’s easy to underestimate their importance when dealing with different departments and disciplines within our own organisation. They also provide vital continuity so that we are not forever reinventing the wheel. They are a way of preserving proven practices above and beyond the inevitable staff changes within organisations.” [Ed Kit - Software Testing in the Real World]

That paragraph neatly and [quite] succinctly describes WHY standards in general. How does that affect testing practitioners who live, as in the title of Ed Kit’s book, in the real world? Anything that promotes better project communication has to be good for testers. So my first point is that standards have to be effective, and produce recognisable (and measurable?) gains, while not adding disproportionate overheads. I once worked for a large organisation that had an internal (and mandatory) standard for almost all documents. This was such that a document of 200 real words was turned into 18 pages, when all the necessary parts (‘glossary’, ‘associated documents’) were added. Perhaps this was counterproductive and unnecessary in this instance.

IEEE 829 – Overview

There have been diverse document types used in software testing, developed in many cases for the needs of a particular organisation. IEEE 829 (1983) is the Standard for Software Test Documentation, and this was an attempt to pull sources together and present some best practice ideas. The standard was revisited, and revised in 1998. Note that the standard applies to any level of testing that may take place [including Acceptance testing], although there may be less obvious application in agile development methodologies. It is usual to have ‘a full set’ of IEEE 829 documents for each testing stage that is being undertaken.

IEEE 829 is often thought of as being the standard for a High Level Test Plan or Master Test Plan (HLTP or MTP). It is more than this, as the standard describes EIGHT documents that can be produced, as part of the testing effort. These documents are sometimes distributed between different categories, although there is no consensus on the subdivisions. I find the following partitioning helpful:

Test Planning
Test Plan
Test Specification
Test design specification
Test case specification
Test procedure specification
Test Reporting
Test Item transmittal report
Test log
Test incident summary
Test summary

The Eight parts

Most of these eight document types are well known; I will provide a very brief summary, before returning to the test plan.

Test Plan A high level view of how testing will proceed; WHAT is to be tested, by WHOM, HOW, in what TIME frame, to what QUALITY level.

Test Design Spec Details the test conditions to be exercised, with the expected outcome (in general terms).

Test Case Spec Specific data requirements to run tests, based upon the test conditions identified

Test Procedure Spec Describes how the tester will physically run the test, including set up procedures. The standard defines ten procedure steps that may be applied when running a test.

Test Item Transmittal The recording of when individual items to be tested have been passed from one stage of testing to another. This includes where to find such items, what is new about them, and is in effect a warranty of ‘fit for test’.

Test Log Details of what tests were run, by whom, and whether individual tests passed or failed.

Test Incident Summary Details of instances where a test ‘failed’ for a specific reason.

Test Summary The Test Summary brings together all pertinent information about the testing, including the number of incidents raised and outstanding, and crucially an assessment about the quality of the system. Also recorded for use in future project planning is details of what was done, and how long it took.

This document is important in deciding whether the quality of the system is good enough to allow it to proceed to another stage. This assessment is based upon detailed information that was documented in the Test Plan.

Test planning revisited

Test planning is a key activity in any software testing project, and for that reason many would associate IEEE 829 ONLY with test planning. “To fail to plan is to plan to fail”. The standard defines 16 items that should be considered for an MTP. This includes the key activities of estimation (as ‘schedule’ is one of the 16) and risk, both of which are large topics in their own right.

The 16 are given below, for completeness, with a well-known mnemonic for remembering the list although textbooks, and web sites that are commonly used have the 16 items listed, with more detail for each.

S Scope Test items, What to test, what not to test
P People Training, Responsibilities, Schedule
A Approach The approach that will be taken to testing
C Criteria Entry / Exit Criteria, Suspension / Resumption Criteria
E Environment Environment needs

D Deliverables What is being delivered as part of the test process
I Incidentals Introduction, Identification (of the document), Approval authorities
R Risks Risks and contingencies
T Tasks The test tasks that are involved in the testing process.

It is worth noting at this point that the standard lists as ‘deliverables’ the seven other document types that perform part of the standard. Some organisations add to this basic list, including key items such as ‘glossary’, and ‘references to other documents’. I usually keep MTP documents, both from other projects within the same firm, and from previous firms, so that I can look back and see specific details that were included.

MTP is a LIVING document

The document specifies what is going to be done, and how it is going to be done. It needs to be published, to appropriate people, to make others aware of what is going to be tested, and what is not going to be tested. However, don’t wait for everything to be completed, before the document is circulated for comment and / or review. The MTP will change during the life of the project. This does not mean that it is not necessary to get individual and departmental sign-off; sign-off is achieved on the basis of what is known at a point in time. In one organisation, sign-off is achieved by stating that unless this is received by a specified (and realistic) date, it will be assumed. It is remarkable how that concentrates the minds of those concerned.

Two areas that indicate the dynamic nature of the MTP concern schedules, and risks. During the testing phase, good news and bad news can occur, and this can change priories. Does that mean that the original MTP was wrong? No; the MTP is what its name suggests, just a plan. At the time, it was based on the best available information, incomplete though this was. Information will be improved as testing progresses, and what was time a critical risk has now been addressed (by third-party security testing, for example). The risk is now answered, and will possibly require no further action.

Review the document

The MTP needs to be reviewed, with review taking place face-to-face. If it is contentious, points of conflict need to be talked through. The MTP is not just “owned” by the testing team(s), but developments groups and users can significantly contribute to clarification, and suggest the addition of other items. What is to be tested, and what not to be tested are two KEY elements in the MTP. One example dates back to work undertaken in October 2002, where testing was pushed for time (as always). The MTP specified that significant testing would concentrate on the retail system, with respect to 53-week year processing (2002 – 2003 is a 53-week year). The development team had not realised the significance of 53-week years (that it was THIS year), and merely the insertion of the testing intention resulted in better code (development extended unit test coverage, found some problems and implemented fixes).

It is usual for the detail listed in the MTP to be used as a basis for deciding whether the software under test is suitable for the next stage of testing, deployment to production, etc. Therefore key individuals need to see this detail, and agree, before the crunch implementation meeting!

Face Reality

The MTP is one place where testing faces reality. The MTP is not free-standing, but fits into the overall Test Strategy. In some ways, it is not a prescriptive approach, but more of a check list, to remind those responsible what should be CONSIDERED to go into the MTP. The only prescriptive thing about it is the use of the 16 point “check-list”. It is perfectly OK to not include one of the 16 points – as long as the reason why that has been excluded are listed (and agreed by the reviewers of the MTP). Risks and assumptions are also included in the MTP; sometimes the explicit stating of a risk or assumption can promote lively discussion, and even resolution!

Relationship to other standards

IEEE 829 as a standard is not so much about how to test, but how to document that you have tested. There is interplay between other standards, and other documents on the project. Just because IEEE 829 is being adhered to does not mean that the testing project will be a success. These are some of the other standards that may be referred to when documenting according to IEEE 829:
IEEE 1008 (Standard for Unit testing),
IEEE 1028 (Standard for Software Reviews),
IEEE 1044 (Standard Classification for Software Anomalies),
IEEE 1044-1 (Guide to Classification for Software Anomalies)
BSS 7925-1 (Vocabulary of Terms in Software Testing),
BSS 7925-2 (Standard for Software Component Testing),

Conclusion

IEEE 829 should be used as a standard appropriately, not blindly. Testing is a service organisation. In themselves, testers add nothing to the output of the project team. A tester does not make better software (testers are not allowed to change the code, are they?). Therefore, we need to slay the “documentation for documentation’s sake” myth. Is the output enabling the test team to do a better job, helping them to present the information found during testing in a clearer way, or showing to an outside agency (auditors?) that testing has been completed? In itself, merely incorporating IEEE 829 will not make the project a success. It can help to make a success, by giving guidelines and pointing the way to the light.

 

Tags: , , , ,
Posted in Software Testing | No Comments »

Firefox Add-ons for testing

June 9th, 2009

Firefox is one of the most important browser for testers working in web application domain. Specially, with all the add-ons around it, Firefox is certainly essential for testing web applications. Over a period of time, I have used plenty of add-ons to test various web applications. Following list of add-ons are extremely useful for testing web applications. There are add-ons useful for security testing, analyzing page source, accessibility, debugging and pretty much everything you need for web application testing. You can certainly enhance your productivity using some of these add-ons.

1. Firesizer 0.92
Provides a menu and status bar to resize the window dimensions to a specific size. This add-on is extremely useful if you want to test how your application will look in different size windows.

2. W3C Page Validator 3.0.0
This little add-on validates a page using the W3C Markup Validation Service. Depending on your context, if your organization is committed to create W3C compliant web applications, this might be very handy.

3. SQL Injection 1.2
This is an excellent tool to help developers in identifying SQL injection vulnerabilities. This add-on transform checkboxes, radio buttons and select elements to an input text box.

4.QuickRestart 1.1.5
If you need to restart firefox to test your cookies, sessions or because of any other reason, this little button in your toolbar will do it with a mouse click. This is a very simple utility, but can be extremely useful.

5. Firebug
If you are working in web application domain, I am sure you are already familiar with this add-on. Firebug, along with the development toolbar are absolute minimum your firefox should have if you are working in web application testing domain.

6. Regular Expression Tester
This small add-on allows you to test your regular expression. The tool includes options like case sensitive, global and multiline search, color highlighting of found expressions and of special characters, a replacement function incl. backreferences, auto-closing of brackets, testing while writing and saving and managing of expressions.

7. HttpFox
This add-on is an amazing tool if you want to dig deeper into http request / response and analyze all the traffic. Using this add-on, you can get information about request / response header, sent and received cookies, Querystring parameters, POST parameters and Response body.

8. HackBar 1.3.2
Useful for SQL injections, XSS and site security.

9. Web Developer Toolbar
As mentioned earlier, this one along with the firebug are must have extensions if you are working in web application domain. These extensions are complete toolset and probably require separate articles to explain their capabilities.

10. Accessibar 0.7.8
Its an amazing add-on to test accessibility of any site. Using this add-on, you can change font size, line spacing, hide all the images / flash and so on. It also integrates text to speech reader and reads string on mouse hover / focus elements.

11. Add N Edit Cookies
There are very few applications which does not use cookies these days. This little add-on allows you to add / edit cookies and test how your application will respond to changes in the cookies setting.

12. LinkChecker 0.6.3
This is a very simple tool to check if there are any broken links on the web page. It highlights all the links in various colors to show if they are broken or not.

13. MeasureIt 0.3.8
If you have a design team which is very particular about the size of every element, than this little add-on can be used to test hight and width of all the elements. It draws a ruler around any element and shows hight / width of the element.

14. YSlow 2.0.0b3
YSlow analyzes web pages and gives you information on why they are slow based on the Yahoo’s rule for high performance websites.

15. User Agent Switcher
If your application behaves differently based on the user agent or if it records this information than this add-on can be very handy. It simply switch the user agent of the browser. Please note, changing user agent will not make it render like IE.

16. FireShot 0.69
FireShot can be handy in situations where you want to take screen shot of your web application. It even allows you to write comments, highlight specific element of your application and so on.

17. URLParams 2.2.0
This little add-on make it convenient to analyze GET and POST parameters of the current website in the sidebar. You can ever change their values, add new parameters etc.

18. Tamper Data 10.1.0
Tamper Data allows you to view and modify HTTP/HTTPS headers and post parameters. You can use it to test security of your web applications by modifying POST data and analyzing how your application will respond to those changes.

19. View Dependencies 0.3.3.0
This is an extremely useful add-on if you want to figure out what are all the files / images etc. are getting downloaded for every page, how much time they are taking and many such details.

20. Flash Switcher 2.0.2
If you are involved in testing Flash Applications, than this little add-on is extremely useful to test your flash application on various versions of flash players.



21. Switch Proxy
SwitchProxy is a Mozilla tool you can use to organize all your proxies. You can add, edit and remove them from a single master list. When you need to use one, just select it from the list and click apply.

Tags: , , , , ,
Posted in General | No Comments »

Why adopt Agile Development environment

June 8th, 2009

The positive indicators of a growing business are a widening customer base and rising return on investment (ROI). Various parameters steer these indicators in a positive direction, chiefly cost, time and quality. Balancing these parameters is of paramount significance for business growth. Companies need to deliver, cost effectively, the right product, in the right way, to meet customer requirements with assured quality. They must do this first time every time to ensure that they can bring new products and services to market ahead of their competition. Companies also need to extensively consider market dynamics including technological developments, changing customer preferences, evolving global standards and regulation. These market developments add further complexity and force companies to enhance the frequency of their product updates and accelerate delivery schedules.

In software product development, an Agile methodology is one strategy adopted while addressing the challenges of market dynamics. As customer satisfaction and ROI are linked to product quality and cost of quality, QA and testing services have a critical bearing on the success of any Agile project.

Tags: , , ,
Posted in General | No Comments »

What is Software Quality

June 2nd, 2009

what is Quality? Quality can be define in different manner. It’s definition may vary from person to person. But finally all agree to some standards to define it such as:
•Degree of excellence - Oxford dictionary
•Fitness for purpose - Edward Deming
•Best for the customer’s use and selling price - Feigenbaum
•The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs - ISO

Sheetal
http://www.amandustechnologies.com
91-9481482882
1-4159441435

Tags: , , , , ,
Posted in General | No Comments »