Software Analysis and Testing

Similar documents
25 Nov Arent Janszoon Ernststraat 595-H NL-1082 LD Amsterdam

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

Testing. Prof. Clarkson Fall Today s music: Wrecking Ball by Miley Cyrus

Manuel Oriol, CHCRC-C, Software Testing ABB

Tuesday, November 15. Testing

Software Design Models, Tools & Processes. Lecture 6: Transition Phase Cecilia Mascolo

10. Software Testing Fundamental Concepts

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

CS 424 Software Quality Assurance & Testing LECTURE 3 BASIC CONCEPTS OF SOFTWARE TESTING - I

CSE 374 Programming Concepts & Tools. Hal Perkins Fall 2015 Lecture 15 Testing

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Lecture 15 Software Testing

Chapter 9 Quality and Change Management

Pearson Education 2007 Chapter 9 (RASD 3/e)

Software Security and CISQ. Dr. Bill Curtis Executive Director

Topics in Software Testing

Object Oriented Software Design - I

Ready to Automate? Ready to Automate?

Learning outcomes. Systems Engineering. Debugging Process. Debugging Process. Review

In this Lecture you will Learn: Testing in Software Development Process. What is Software Testing. Static Testing vs.

Sample Exam Syllabus

No Source Code. EEC 521: Software Engineering. Specification-Based Testing. Advantages

113 BSIMM Activities at a Glance

Baseline Testing Services. Whitepaper Vx.x

Texas Regional Infrastructure Security Conference (TRISC) Dan Cornell

Black Box Testing. EEC 521: Software Engineering. Specification-Based Testing. No Source Code. Software Testing

Part 5. Verification and Validation

Bridge Course On Software Testing

CS 520 Theory and Practice of Software Engineering Fall 2018

Software Testing Lecture 1. Justin Pearson

Lecture 20: SW Testing Presented by: Mohammad El-Ramly, PhD

Software Testing. Software Testing

AppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Grow Your Services Business

Memory Safety (cont d) Software Security

Verification and Test with Model-Based Design

Appendix to The Health of Software Engineering Research

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

18-642: Code Style for Compilers

Cursul Aprilie

SDLC Maturity Models

Now you can Microsoft Visual Studio 2010 with MSDN

Introduction To Software Testing. Brian Nielsen. Center of Embedded Software Systems Aalborg University, Denmark CSS

Testing! The material for this lecture is drawn, in part, from! The Practice of Programming (Kernighan & Pike) Chapter 6!

Software Testing Interview Question and Answer

A Security Practice Evaluation Framework

Software Engineering 2 A practical course in software engineering. Ekkart Kindler

Chapter 10. Testing and Quality Assurance

People tell me that testing is

Reengineering II. Transforming the System

Sample Exam. Advanced Test Automation - Engineer

Program Correctness and Efficiency. Chapter 2

Campus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS

Quality Assurance & Standards

MSO Lecture Design by Contract"

Levels of Testing Testing Methods Test Driven Development JUnit. Testing. ENGI 5895: Software Design. Andrew Vardy

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

Certified Tester Foundation Level(CTFL)

MPLAB X Debugging Techniques

INTRODUCTION TO SOFTWARE ENGINEERING

The Power of Unit Testing and it s impact on your business. Ashish Kumar Vice President, Engineering

Verification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process

Hacking in C. Pointers. Radboud University, Nijmegen, The Netherlands. Spring 2019

Sample Exam. Advanced Test Automation Engineer

Examination Questions Time allowed: 1 hour 15 minutes

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Unit Testing. Emina Torlak

Test Driven Development TDD

Software Engineering

Chapter 15. Software Testing The assert Statement

Software Testing. Overview

Test Driven Development (TDD)

SE420 Software Quality Assurance

Software Testing. Software Testing. in the textbook. Chapter 8. Verification and Validation. Verification and Validation: Goals

Testing! Prof. Leon Osterweil! CS 520/620! Spring 2013!

Management. Software Quality. Dr. Stefan Wagner Technische Universität München. Garching 28 May 2010

Development*Process*for*Secure* So2ware

Chapter 8 Software Testing. Chapter 8 Software testing

Credit where Credit is Due. Lecture 29: Test-Driven Development. Test-Driven Development. Goals for this lecture

QMS ISO 9001:2015 CERTIFIED COMPANY Software Testing TRAINING.

Verification and Validation

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

Levels of Testing Testing Methods Test Driven Development JUnit. Testing. ENGI 5895: Software Design. Andrew Vardy

Automated Unit Testing A Practitioner's and Teacher's Perspective

Computer Science and Software Engineering University of Wisconsin - Platteville 9-Software Testing, Verification and Validation

Practical Objects: Test Driven Software Development using JUnit

100% Generation: No More Excuses!

Software Engineering Testing and Debugging Testing

Software Testing. Hans-Petter Halvorsen, M.Sc.

Extreme programming XP 6

Program Verification! Goals of this Lecture! Words from the Wise! Testing!

EXAM PREPARATION GUIDE

Software Testing Prof. Meenakshi D Souza Department of Computer Science and Engineering International Institute of Information Technology, Bangalore

Test-Driven Development

Client-server application testing plan

csc444h: so(ware engineering I matt medland

Application Security at Scale

Important Points to Note

Unit Testing and Test Driven Design

Transcription:

Software and Testing Métodos Formais em Engenharia de Software November 2007 Joost Visser Arent Janszoon Ernststraat 595-H NL-1082 LD Amsterdam info@sig.nl www.sig.nl Software Improvement Group Company Spin-off from CWI in 2000, self-owned, independent Management consultancy grounded in source code analysis Winner of the Innovator Award 2007 Services Software Risk Assessments (snapshot) and Software Monitoring (continuous) Toolset enables to analyze source code in an automated manner Experienced staff transforms analysis data into recommendations We analyze over 50 systems annually Focus on technical quality, primarily maintainability / evolvability 2 I 97

Who is using our services? 3 I 97 Financials / Insurance companies Financials / Insurance companies Government Government Logistical Logistical IT IT Other Other Our services 4 I 97 Software Risk Assessment Remeasurement Monitor Software Toolkit Portfolio Monitor

Software Risk Assessment Report 5 I 97 Presentation Interpretation, reconciliation, evaluation Facts Facts Facts Automated analysis Documentation Interviews Benchmark Source code Software Quality Monitor 6 I 97 Annual Report Board Interpretation by SIG experts Quarterly Report IT Management Monitor Web portal Software Engineers Source code

Structure of the lectures Today Introduction SIG General overview of software analysis and testing Testing Patterns 7 I 97 Next week Quality & metrics Reverse engineering Software Engineering 8 I 97 Create Change Analyze requirements analysis design, code, compile configure, install refactor, fix, patch maintain, renovate evolve, update, improve understand, assess evaluate, test measure, audit

Software (and Testing) 9 I 97 Static syntax checking type checking code metrics style checking verification reverse engineering decompilation Dynamic testing debugging program spectra instrumentation profiling benchmarking log analysis Is testing un-cool? Edsger Wybe Dijkstra (1930-2002) 10 I 97 Program testing can be used to show the presence of bugs, but never to show their absence! Notes On Structured Programming, 1970 Program testing can be a very effective way to show the presence of bugs, but is hopelessly inadequate for showing their absence. The Humble Programmer, ACM Turing Award Lecture, 1972 Does not mean: Don t test!!

Is testing un-cool? Industry Testers earn less then developers Testing is mechanical, developing is creative Testing is done with what remains of the budget in what remains of the time 11 I 97 Academia Testing is not part of the curriculum, or very minor part Verification is superior to testing Verification is more challenging than testing Software. How much? 50-75% 12 I 97

Software. Enough? $60! 10 9 13 I 97 Software. More? 14 I 97 high profile low frequency

Software Room for improvement? 15 I 97 1994 2004 Succeeded 16% Failed 18% Failed 31% Succeeded 29% Challenged 53% Challenged 53% Standish Group, The CHAOS Report So 16 I 97 Testing " Dynamic analysis " " S.E. is a major and essential part of software engineering Inadequate analysis costs billions # More effective and more efficient methods are needed Interest will keep growing in both industry and research

Structure of the lectures 17 I 97 Static Dynamic metrics patterns models testing 18 I 97 TESTING

Testing Kinds Conformance Interoperability Performance Functional White-box Black-box Acceptance Integration Unit Component System Smoke Stress Ways Manual Automated Randomized Independent User Developer With Plans Harness Data Method Frameworks 19 I 97 Testing V-model 20 I 97 V-model = waterfall -1 waterfall No testing while programming!

Testing Eliminate waste Waste 21 I 97 Coding and debugging go hand-in-hand Coding effort materializes in the delivered program Debugging effort? Evaporates! Automated tests Small programs that capture debugging effort. Invested effort is consolidated and can be re-used without effort ad-infinitum Unit testing What is unit testing? A unit test is fully automated and repeatable easy to write and maintain non-intrusive documenting applies to the simplest piece of software TestCase 22 I 97 Tool support JUnit and friends public void testmymethod { X x = ; Y y = mymethod(x); Y yy = ; assertequals( WRONG,yy,y) }

Testing goals Unit testing has the following goals: Improve quality Test as specification Test as bug repellent Test as defect localization Help to understand Test as documentation Reduce risk Test as a safety net Remove fear of change 23 I 97 Observing unit-testing maturity in the wild (characterization of the population) Organization public, financial, logistics under contract, in house, product software with test departments, without test departments Architecture & Process under architecture, using software factories model driven, handwritten open source frameworks, other frameworks using use-cases/requirements with blackbox tools, t-map Technology information systems, embedded webbased, desktop apps java, c#, 4GL s, legacy latest trend: in-code asserts (java.spring) 24 I 97

Stage 1 No unit testing Observations: Very few organizations use unit testing 25 I 97 Also brand new OO systems without any unit tests Small software shops and internal IT departments In legacy environments: programmers describe in words what tests they have done. Symptoms: Code is instable and error-prone Lots of effort in post-development testing phases Stage 1 No unit testing Excuses: It is just additional code to maintain The code is changing too much We have a testing department Testing can never prove the absence of errors Testing is too expensive, the customer does not want to pay for it We have black-box testing 26 I 97 Action Provide standardized framework to lower threshold Pay for unit tests as deliverable, not as effort

Stage 2 Unit test but no coverage measurement Observations Contract requires unit testing, not enforced Revealed during conflicts Unit testing receives low priority Developers relapse into debugging practices without unit testing Good initial intentions, bad execution Large service providers 27 I 97 Symptoms: Some unit tests available Excluded from daily build No indication when unit testing is sufficient Producing unit test is an option, not a requirement Stage 2 Unit test but no coverage measurement Excuses: There is no time, we are under pressure We are constantly stopped to fix bugs 28 I 97 Actions Start measuring coverage Include coverage measurement into nightly build Include coverage result reports into process

Stage 3 Coverage, not approaching 100% Observations Coverage is measured but gets stuck at 20%-50% Ambitious teams, lacking experience Code is not structured to be easily unit-testable 29 I 97 Symptoms: Complex code in GUI layer Libraries in daily build, custom code not in daily build Stage 3 Coverage, not approaching 100% Excuses we test our libraries thoroughly, that effects more customers 30 I 97 Actions: Refactor code to make it more easily testable Teach advance unit testing patterns Invest in set-up and mock-up

Stage 4 Approaching 100%, but no test quality Observations Formal compliance with contract Gaming the metrics Off-shored, certified, bureaucratic software factories 31 I 97 Symptoms: Empty tests Tests without asserts. Tests on high-level methods, rather than basic units Need unit tests to test unit tests Stage 4 Approaching 100%, but no test quality Anecdotes: Tell me how you measure me, and I tell you how I behave We have generated our unit tests (at first this seems a stupid idea) 32 I 97 Action: Measure test quality Number of asserts per unit test Number of statements tested per unit test Ratio of number of execution paths versus number of tests

Stage 5 Measuring test quality Enlightenment: Only one organization: a Swiss company Measure: Production code incorporated in tests number of assert and fail statements low complexity (not too many ifs) The process part of daily build stop the line process, fix bugs first by adding more tests happy path and exceptions code first, test first, either way 33 I 97 Testing Intermediate conclusion Enormous potential for improvement: Do unit testing Measure coverage Measure test quality 34 I 97 May not help Ariane 5 Does increase success ratio for normal projects

Randomized Testing (quickcheck) Randomized testing: QuickCheck: initially developed for Haskell Parameterize tests in the test data Property = parameterized test Generate test data randomly Test each property in 100 different ways each time 35 I 97 Test generation Model-driven testing Fault-injection -- Range of inverse is domain. prop_rnginvdom r = rng (inv r) == dom r where types = r::rel Int Integer Projects Quality 36 I 97 Static metrics interpretation of source code clusters Dynamic testing evaluation of QuickCheck solutions for Java

Evaluate QuickCheck tools for Java QuickCheck Randomized testing Specify properties QuickCheck tests each property with 100 randomly generated cases 37 I 97 Problem Originally for Haskell, now also for Erlang Several initiatives to develop QuickCheck for Java Question Which QuickCheck for Java is the best? Fun Find bugs in our programs, and get rewarded for it! Is testing un-cool? Edsger Wybe Dijkstra (1930-2002) 38 I 97 Program testing can be used to show the presence of bugs, but never to show their absence! Martin Fowler Don t let the fear that testing can t catch all bugs stop you from writing the tests that will catch most bugs.

Structure of the lectures 39 I 97 Static Dynamic metrics patterns models testing 40 I 97 PATTERNS

Patterns Coding style and coding standards E.g. layout, identifiers, method length, 41 I 97 Secure coding guidelines E.g. SQL injection, stack trace visibility Bug patterns E.g. null pointer dereferencing, bounds checking Code smells E.g. god class, greedy class,.. Patterns Style and standards Checking coding style and coding standards Layout rules (boring) Identifier conventions Length of methods Depth of conditionals Aim Consistency across different developers Ensure maintainability Tools E.g. CheckStyle, PMD, Integrated into IDE, into nightly build Can be customized 42 I 97

Patterns Secure coding Checking secure coding guidelines SQL injection attack Storing and sending passwords Stack-trace leaking Cross-site scripting Aim Ensure security Security = Confidentiality + Integrity + Availability Tools E.g. Fortify 43 I 97 Patterns Bugs Detecting bug patterns Null-dereferencing Lack of array bounds checking Buffer overflow Aim Correctness Compensate for weak type checks Tools: e.g. FindBugs Esp. for C, C++ 44 I 97

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback