Beruflich Dokumente
Kultur Dokumente
V2.1.3
James Bach, Satisfice, Inc. james@satisfice.com www.satisfice.com +1 (540) 631-0600 Michael Bolton, DevelopSense mb@developsense.com www.developsense.com +1 (416) 656-5160
Acknowledgements
Some of this material was developed in collaboration with Dr. Cem Kaner, of the Florida Institute of Technology. See www.kaner.com and www.testingeducation.org. Doug Hoffman (www.softwarequalitymethods.com) also contributes to and teaches from this material. Many of the ideas in this presentation were also inspired by or augmented by other colleagues including Jonathan Bach, Bret Pettichord, Brian Marick, Dave Gelperin, Elisabeth Hendrickson, Jerry Weinberg, Noel Nyman, and Mary Alton. Some of our exercises were introduced to us by Payson Hall, Jerry Weinberg, Ross Collard, James Lyndsay, Dave Smith, Earl Everett, Brian Marick, Cem Kaner and Joe McMahon. Many ideas were improved by students who took earlier versions of the class going back to 1996.
2
Although the value of the class is greater because of the people who helped us, the sole responsibility for the content of this class belongs to the authors, James Bach and Michael Bolton. This class is essentially a long editorial opinion about testing. We have no authority to say what is right. There are no authorities in our field. We dont peddle best practices. We dont believe in them. What we will do is share our experiences and challenge your mind. We hope you will challenge us back. Youll find the class more rewarding, we think, if you assume that our purpose is to make you stronger, smarter and more confident as a tester. Our purpose is NOT to have you listen to what the instructor says and believe it, but to listen and then think for yourself. All good testers think for themselves. In a way, thats what testing is about. We look at things differently than everyone else so that we can find problems no one else will find.
Assumptions
You test software. You have at least some control over the design of your tests and some time to create new tests. You are worried that your test process is spending too much time and resources on things that arent important. Good testing requires thinking. You test under uncertainty and time pressure. Your major goal is to find important problems quickly. You want to get very good at software testing.
3
If any of these assumptions dont fit, this class might not be for you. We dont make any assumptions about how experienced you are. The class can work well for novices or experts.
Triangle
Rapid Testing
Rapid testing is a mind-set and a skill-set of testing focused on how to do testing more quickly, less expensively, with excellent results.
Rapid testing involves considerations of skill, personal integrity, improved focus on the underlying need for testing tasks, improved appreciation for the stakeholders of testing tasks, and knowledge of the possible techniques and tools that could be brought to bear to improve efficiency.
If I call on you, and you dont want to be put on the spot, say Pass!
To teach you how to test a product when you have to test it right now, under conditions of uncertainty, in a way that stands up to scrutiny.
Without scrutiny, this would be easy to do. You could test badly, but no one would ever know or care. What makes testing hard is that someone, perhaps your employer, perhaps the users, or perhaps you yourself, will be judging your work. Maybe this scrutiny will be indirect, such as someone unhappy with the product and cursing your company for building it so poorly. Or perhaps it will be the most intimate form of scrutiny which is your feeling of pride or disappointment in your own work. If you want your testing to pass muster, you need to work at it.
To help you practice thinking like an expert tester. Do that well, and youll be able to handle any testing situation.
8
KEY IDEA
Quality is value to some person (who matters). A bug is anything about the product that threatens its value. These definitions are designed to be inclusive. Inclusive definitions minimize the chance that you will inadvertently overlook an important problem.
For a video lecture, see: http://www.satisfice.com/bbst/videos/BugAdvocacy.wmv
12
The first question about quality is always whose opinions matter? If someone who doesnt matter thinks your product is terrible, you dont necessarily change anything. So, an important bug is something about a product that really bugs someone important. One implication of this is that, if we see something that we think is a bug and were overruled, we dont matter. Thats a fact: testers dont matter. That is to say, our standards are not the standards to which the product must adhere; we dont get to make decisions about quality. This can be hard for some testers to accept, but its the truth. We provide information to managers; they get to make the hard decisions. They get the big bucks, and we get to sleep at night.
What is testing?
Asking Questions
Cem Kaner prefers this definition: Software testing is a process of empirical, technical investigation of the product under test conducted to provide stakeholders with quality-related information. Kaners definition means the same thing as our definition in every material respect. However, we sometimes prefer more concise wording. One surprising implication of both our definitions is that you can test a product that doesnt yet exist in operable form. The questioning process that precedes what we call test execution is still part of testing if it serves the process of test design and test execution.
What is testing?
Getting Answers
Procedures
Coverage
Oracles
14
What is testing?
Getting Answers
Try it to learn, sufficiently, everything that matters about whether it can work and how it might not work.
15
What is testing?
Serving Your Client
If you dont have an understanding and an agreement on what is the mission of your testing, then doing it rapidly would be pointless.
17
18
Calendar
1. 2. 3. 4. 5. 6. 7. 8. 9.
Model the test space. Determine coverage. Determine oracles. Determine test procedures. Configure the test system. Operate the test system. Observe the test system. Evaluate the test results. Report test results.
By modeling, we mean that we must build a representation in our minds of what the product must do. If our model is incorrect or limited, then we automatically will not test what should be tested. The first four items on the list are usually called test design. The latter five items are usually called test execution.
No!
ma ybe
Yes!
Better Thinking & Better Testing (Value) For a video lecture, see: http://www.satisfice.com/bbst/videos/QualityCost.mp4
22
VALUE Coverage. The value of the elements of the product that are exercised by the test. Power. The probability that if a problem exists in the area covered, the test will reveal it. Integrity. The degree to which the test can be trusted, because its results are valid and consistent across multiple executions of that test. Technical Necessity. The degree to which the information we want to discover exists; and the degree to which that information matters. Business Necessity. The degree to which a test is expected to be performed by your clients.
COSTS (remember that time = money) Opportunity Cost: the cost of choosing one activity instead of another activity; the value you lose by not doing the other thing. In other words, you should not choose to do something simply because it's worth doing, you should choose to do something when it is more worth doing than anything else in that context. It may be useful to document a test, for example, but maybe it's more useful to take that time and energy to design and perform additional tests. Development Cost: the cost of creating the test to the point where it's ready to perform. In exploratory testing development cost, maintenance cost, and execution cost are mixed together to some degree. Execution Cost: the cost to perform the test. Some aspects of execution cost can be lowered by automating the tests. However, a test run by machine is not the same as a test run by a human, since a human is able to think fresh thoughts and can be sensitive to more kinds of problems than a test tool would be. Maintenance Cost: the cost to maintain the test in the face of changing products and changing requirements. If you create a lot of test artifacts, you may be incurring a lot of test maintenance cost. Maintenance is like an ongoing debt to the project, which reduces the time and resources available to make new tests.
Ponderous
Slow, expensive, and easier
Exhaustive
Slow, very expensive, and difficult
Slapdash
Much faster, cheaper, and easier
Rapid
Faster, less expensive, still challenging
Rapid testing may not be exhaustive, but it is thorough enough and quick enough. Its less work than ponderous testing. It might be less work than slapdash testing. It fulfills the mission of testing.
23
There are big differences between rapid testing and testing that is merely fast. Testing can be fast, but might be shallow or sloppy or ill-considered or unprofessional. If so, we call it slapdash testing. Many organizations start with slapdash testing. It might be wonderful to test products exhaustively or completely or comprehensively. However, we can never test a product completely. To do all the testing that we could possibly imagine would take an enormous amount of timeand even if we had that time available, management wouldnt want to pay for all of the resources that it would take. Even though the value of exhaustive testing might be high, the prohibitive cost wouldnt justify the value. Still, there is a perception that exhaustive testing is a good thing, so people sometimes try to achieve it by adding work and time to the testing process. When exhaustive testing is carelessly scaled down, or slapdash testing is made to appear rigorous by piling on mounds of badly designed documentation, it becomes ponderous. Its expensive, and its slow, but it isnt very good testing. Rapid testing is as exhaustive as it needs to be, and no more.
KEY IDEA
24
The Test Project Context Where are you and what are you doing there?
Mission
Find Important Problems Assess Quality Certify to Standard Fulfill Process Mandates Satisfy Stakeholders Assure Accountability Advise about QA Advise about Testing Advise about Quality Maximize Efficiency Minimize Cost Minimize Time
Development
Product Project Lifecycle Project Management Configuration Management Defect Prevention Development Team
Test Team
Expertise Loading Cohesion Motivation Leadership Project Integration
Test Lab
Test Platforms Test Tools Test Library Problem Tracking System Office Facilities
25
Alpha
Beta
Beta
Beta
Incremental Design
Design...
Incremental Coding
Rapid Testing Starts Right Away Cycles of Work with Ongoing Status Reports
Getting ready to test Designing & doing tests Processing test results
START
Do a burst of testing
Report
STOP
27
Ship it!
Quality
Time
28
Near the beginning of the project, rapid testing is often a process of very rapid cycles of determining that there are major problems. Our focus is mostly on learning and developing the infrastructure for better testing, later on. In the middle of the project, we are find a lot of problems. We feel productive. Its near the end of the project that rapid testing becomes very important, because we have very little time to discover whether the product has been seriously degraded by that most recent change. A year long project can come down to an hour or two of retesting at the end. This is where rapid testing skill becomes very important.
Do You Test Under Time Pressure? You have less time than youd like. Faster is better. Your plans are often interrupted. You are not fully in control of your time.
29
When youre watching a televised professional team sport, have you noticed that there are no Gantt charts on the sidelines? Soccer teams, baseball teams, and yacht racing teams dont manage by Gantt charts. Thats because they have to respond in real time to the conditions set up by the other team, and that cant be predicted or charted.
Are you aware of the Can you let your teammates help you? criticality of the situation? Are you ready to act, right now?
30
A good sports team has to depend on the skills of the players, rather than on rote procedures. Professional sports teams begin with the skills of each player, and then work outwards from that. Skills get practiced offline, but every game is part of the practice too. Strategy matters, plans matter, techniques matter, but the focus is on the player to choose the appropriate techniques and to execute them skillfully.
Diversity makes exploration far more powerful Your team is more powerful because of your unique individual contribution
31
How do we deal with people who dont have the necessary skills? Set an Undemanding Context: We can give them a supportive environment by giving them easy problems to solve, easily tested technology, users with low quality standards, management that doesnt worry about quality or liability, or developers that dont put bugs in the software. The quality control school argues that you dont need to test, or that testing should be super-easy. This is how unskilled tester survive; if theyre not given hard problems to solve, it doesnt matter if theyre skilled. This is the approach that the quality control school takes. Assign Rote Tasks: We can give unskilled testers comprehensive procedures to follow. We can give them step-by-step procedures to follow, and we can turn testing into more of a clerical task than a bureaucratic one. This is the approach that the factory school takes. Give Personal Support: We can personally guide a tester. In the positive view, we can give a lessexperienced tester hands-on mentoring and coaching and relax the supervision as he gains experience and skill. The pathological version of this is to supervise at a distance, or to guide the tester so thoroughly that we end up doing all his thinking for him.
But we prefer to train testers. Its cheaper, easier, and the more skill they have, the less of these other things are needed.
33
KEY IDEA
34
Sphere
Epistemology is the study of how we know what we know. The philosophy of science and the theory of testing comes from Epistemology.
35
Why do we talk about Epistemology? Just in case you want to become a true expert in testing. Reading about Epistemology can be a heady, theoretical undertaking. Its something you do in a caf while sipping espresso. Maybe thats not for you, but if youre the kind of person who likes to have a deep understanding of your work, get thee to a Starbucks and start reading. Even if you read five pages and stop, it will exercise your mind in important ways. What specifically should you read? We would recommend The Structure of Scientific Revolutions, by Kuhn, or the first 30 pages of Conjectures and Refutations, by Karl Popper. Or try Proofs and Refutations, by Imre Lakatos. These are all books about how scientists come up with theories and know if they are valid.
Mission
Strategy
Situation at Hand
Unachievable Mission
Strategies
Review assumptions. Check for overlooked resources. Consider radical shortcuts. Do something now. Share the problem. Make a counteroffer. Promise good faith effort, not unconditional success.
37
Scientific Skills
posing useful questions observing whats going on describing what you perceive thinking critically about what you know recognizing and managing bias designing hypotheses and experiments thinking despite already knowing analyzing someone elses thinking reasoning about cause and effect treating facts as merely what we believe we know as of this moment
38
Tests
What would constitute a diversified and practical test strategy? How can I improve my understanding of how this product works? If there were an important problem here, how would I uncover it? What document to load? Which button to push? What number to enter? How powerful is this test? What have I learned from this test that helps me perform powerful new tests? What just happened? How do I examine that more closely?
Problems
What quality criteria matter? What kinds of problems might I find in this product? Is what I see a problem? Why? How important is this problem? Why should it be fixed?
39
..also, explanations and predictions. what happened, what might happen, and why
1. 2. 3. 4. Collect data. Find several explanations that account for the data. Find more data that is either consistent or inconsistent with explanations. Choose the best explanation that accounts for the important data, or keep searching.
This is called abductive inference. To do it well, you must consider a variety of possible explanations. When you think you know what something is, stop and ask, What else could it be?
40
GST is about the relationship between simplicity and complexity, especially in dynamic and open systems. Testers practice GST when we confront complex systems and try to test them with relatively simple tests.
41
General Systems Thinking has been called the science of simplification (Weinberg, 1974). It is concerned with the study of complex and open systems in general, rather than with any specific system. The aim of GST is to help us understand the general relationships between systems and our simplified models of them, so that we can better observe, learn about, interact with and build specific systems. I think the basic textbook of testing is Introduction to General Systems Thinking, by Gerald M. Weinberg. This book doesnt specifically talk about software testing, but everything in it pertains to what testers do and how they think.
Magic
Studying magic can help you develop the imagination to find better bugs.
43
Accept that were all fallible, but that we can learn to be better observers by learning from mistakes. Pay special attention to incidents where someone notices something you could have noticed, but did not. Dont strongly commit to a belief about any important evidence youve seen only once. Whenever you describe what you experienced, notice where youre saying what you saw and heard, and where you are instead jumping to a conclusion about what was really going on. Where feasible, look at things in more than one way, and collect more than one kind of information about what happened (such as repeated testing, paired testing, loggers and log files, or video cameras).
44
Our colleague, Jeremy Kominar, is an expert amateur magician. We asked him to provide us with some remarks on the links between software testing and magic. Heres an edited version of what he had to say--we cant quote him exactly, because he asked us not to give away his secrets! Learning to perform magic causes the magician to be aware of not only his own perspective, but also (and more importantly) others perception of the trick. This becomes invaluable for testers because it helps us to recognize that the interests and perspectives of many stakeholders must be considered when testing software. The trick may look good or work from your angle, but there are always other angles to cover. When learning to perform magic tricks, you generally want to simplify things--minimize the number of moves and figure out how you can reach the same end result without as many steps to get there. In a testing context this idea can be used for creating different usage scenariostaking multiple paths and variables to attain the same goal. (We might want to minimize the number of steps, but we might also want to vary the paths to shake out more bugs.) Learning to perform magic and learning to figure out magic tricks require us to develop observational skills, and to recognize things that deceive us. Most non-magicians fail to consider possibilities that come easily to magicians; devices, coins, or cards can be gimmicked. Non-magicians only think about normal cards. You need to think outside of the box to be a magician or to figure out how the magician does his work. This kind of reasoning and deduction are key assets to being a tester. There isnt really such a thing as magic but there clearly is such a thing as deception. As the magician becomes more experienced and more wise to the practice, he should be able to reverse-engineer tricks by using patterns that he already knows about magic. Once youve seen one kind of trick, similar tricks arent so mysterious because you have heuristics that you can use to recognize how its done.
Screen
Wine Glass
Wason
whereby understanding the model may help you understand or manipulate what it represents.
- A map helps navigate across a terrain. - 2+2=4 is a model for adding two apples to a basket that already has two apples. - Atmospheric models help predict where hurricanes will go. - A fashion model helps understand how clothing would look on actual humans. - Your beliefs about what you test are a model of what you test.
45
I see
I believe
46
Thinking Like A Tester: Spot the missing words! I performed the tests. All my tests passed. Therefore, the product works. The programmer said he fixed the bug. I cant reproduce it anymore. Therefore it must be fixed. Microsoft Word frequently crashes while I am using it. Therefore its a bad product. Nobody complained about that bug after we shipped it. Therefore it wasnt important.
48
noun:
a fallible method for solving a problem or making a decision.
Heuristic reasoning is not regarded as final and strict but as provisional and plausible only, whose purpose is to discover the solution to the present problem.
- George Polya, How to Solve It
49
Types of Heuristics
Guideword Heuristics: Words or labels that help you access the full spectrum of your knowledge and experience as you analyze something. Trigger Heuristics: Ideas associated with an event or condition that help you recognize when it may be time to take an action or think a particular way. Like an alarm clock for your mind. Subtitle Heuristics: Help you reframe an idea so you can see alternatives and bring out assumptions during a conversation. Heuristic Model: A representation of an idea, object, or system that helps you explore, understand, or control it. Heuristic Procedure or Rule: A plan of action that may help solve a class of problems.
50
How Heuristics Differ from Other Procedures or Methods A heuristic is not an edict. Heuristics require guidance and control of skilled practitioner. Heuristics are context-dependent. Heuristics may be useful even when they contradict each other especially when they do! Heuristics can substitute for complete and rigorous analysis.
52
KEY IDEA
53
Oracles
An oracle is the principle or mechanism by which you recognize a problem.
..it works
...it appeared at least once to meet some requirement to some degree.
54
Jerry Weinberg has suggested that it works may mean We haven't tried very hard to make it fail, and we haven't been running it very long or under very diverse conditions, but so far we haven't seen any failures, though we haven't been looking too closely, either. In this pessimistic view, you have to be on guard for people who say it works without checking even once to see if it could work.
Consistency heuristics rely on the quality of your models of the product and its context.
56
Note that were saying system here, instead of product. A product could behave perfectly as a part of some system, but when something else within the system changes, that change could undermine the products usefulness or perceived quality. Seeing the product as a component or participant of some larger system opens our eyes to a greater range of potential problems.
Diskmapper
Easy Input
Fixed Markers. Use distinctive fixed input patterns that are easy to spot in the output. Statistical Markers. Use populations of data that have distinguishable statistical properties. Self-Referential Data. Use data that embeds metadata about itself. (e.g. counterstrings) Easy Input Regions. For specific inputs, the correct output may be easy to calculate. Outrageous Values. For some inputs, we expect error handling. Idempotent Input. Try a case where the output will be the same as the input. Match. Do the same thing twice and look for a match. Progressive Mismatch. Do progressively differing things over time and account for each difference. (code-breaking technique) 59
Fixed Markers. Some programmers use the hex values 0xDEADBEEF as a flag to indicate uninitialized data. Statistical Markers. If you create input that has a specific statistical property, then you may be able to detect missing or corrupted data by examining the statistical properties of the output. Self-referential data. Counterstrings are strings that identify their lengths. *3*5*7*9*12*15* is an example of a counterstring. (Satisfices PERLCLIP tool creates counterstrings of arbitrary lengths.) Another example is using JAMES_FIRSTNAME and BACH_LASTNAME as sample data in the first name and last name fields of a database. Easy Input Regions. A number times one is always itself; a number plus zero is always itself; a multiple of ten always ends in 0, and so on. Outrageous values. Examples include letters in fields that expect only numbers, extremely long strings in fields that expect short ones, huge numbers where modest ones are expected, or zero or null values where some positive value is required. Each example should trigger some kind of error handling. Idempotent input. Take some data and process it in some way, such that the output from the first run can be used as input for subsequent runs but shouldnt go through additional changes. Examples include spellchecking (after all the corrections have been accepted for the first run, no further changes should be suggested) or code formatters (after the code has been formatted once, the same code should pass through the process unchanged). Match. Given the same input data and the same function on that data, we would typically expect the output to be the same. This approach is sometimes used to check various kinds of encoding or checksums. Progressive mismatch. Check for consistency in a function by varying the input in some limited or controlled way, and observe the effect on the output. This is an exploratory approach, sometimes used as a code-breaking technique.
Quality Criteria
Many test approaches focus on Capability (functionality) and underemphasize the other criteria 60
Try pronouncing CRUSSPIC STMPL; sometimes we think of it as the name of an Eastern European hockey player, but however you think of it, it makes this list easier to remember. The point is to be able to cycle through the list at any time to ask a new question about something that we might value in the product, or something that might represent a vulnerability if it were missing or broken.
KEY IDEA
61
Coverage
Product coverage is the proportion of the product that has been tested.
Structure Function Data Platform Operations Time Capability Reliability Usability Security Scalability Performance Installability Compatibility Supportability Testability Maintainability Portability Localizability
62
input
output
platform
input
functions functions
output
platform
input
output
input
output
input
output
platform
Profiler
input
output
platform
69
Sometimes its really hard to cover Ask for testability! Controllability Observability Availability Simplicity Stability Information
Scriptable Interface! Log files!
70
KEY IDEA
71
that emphasizes the personal freedom and responsibility of each tester to continually optimize the value of his work
(optimize how?)
by treating learning, test design and test execution as mutually supportive activities that run in parallel throughout the project.
72
IP Address
ET is a Structured Process
Exploratory testing, as I teach it, is a structured process conducted by a skilled tester, or by lesser skilled testers or users working under supervision.
73
ET is a Structured Process
In excellent exploratory testing, one structure tends to dominate all the others:
Exploratory testers construct a compelling story of their testing. It is this story that gives ET a backbone.
74
You must tell a story about the product about how it failed, and how it might fail... in ways that matter to your various clients. But also tell a story about testing how you configured, operated and observed it about what you havent tested, yet or wont test, at all and about why what you did was good enough.
75
Informs
Produces
Question
Knowledge
- Product Story - Technical Knowledge - Domain Knowledge - General Knowledge
Analysis
- Risk - Coverage - Oracles - Resources/Constraints - Value/Cost Investigate - Bugs
bugs
Experiment
Test Procedure
Produces
Informs
Answer
76
What do I need to produce for my client? What has already been done?
Informs Produces
Knowledge
Analysis
Experiment
What do I know? Do I have a product? What kind of testing What do I need to know? What can I do with am I good at? the product? What obstacles threaten my success?
Produces Informs
77
Starting a new project. Seeing a new feature for the first time.
S Testing a product deeply to reveal important bugs. L S Investigating a particular bug. L S Re-testing a product after a change.
S
79
Lyndsay Machine
Conformance
History: Where the product has been, and how it came to be. Operations: Its users and the conditions under which it will be used. Attitudes: What your clients care about and what they want from you. Complexities & Challenges: Discover the hardest things to test. Resources: Discover tools and information that might help you test.
80
Contrasting Approaches
In scripted testing, tests are first designed and recorded. Then they may be executed at some later time or by a different tester.
Test Scripts
In exploratory testing, tests are designed and executed at the same time, and they are not necessarily recorded, but may be.
Test Ideas
Product
81
Contrasting Approaches
Test Scripts
Test Ideas
Product
82
Contrasting Approaches
Test Scripts
Test Ideas
Product
83
pure scripted
vague scripts
freestyle exploratory
charters roles
When I say exploratory testing and dont qualify it, I mean anything on the exploratory side of this continuum.
84
Product
Test Ideas Guide testers with personal supervision and concise documentation of test ideas. Meanwhile, train them so that they can guide themselves and be accountable for increasingly challenging work.
86
Product or spec
If you have any autonomy at all, you can risk investing some time in
learning thinking refining approaches better tests
87
Allow some disposable time If it turns out that youve made a bad investmentoh well If it turns out that youve made a good investment, you might have
learned something about the product invented a more powerful test found a bug done a better job surprised and impressed your manager
88
Whenever you are called upon to test something very complex or frightening, plunge in! After a little while, if you are very confused or find yourself stuck, quit! This benefits from disposable time that part of your work not scrutinized in detail. Plunge in and quit means you can start something without committing to finish it successfully, and therefore you dont need a plan. Several cycles of this is a great way to discover a plan.
89
90
1. Look over your recent tests. 2. Find some pattern there. 3. With your next few tests, violate the old pattern and follow a new pattern. 4. Prefer MFAT (multiple factors at a time).
92
1. 2. 3. 4. 5.
Simplify your tests. Return frequently to a known state. Conserve states. Prefer OFAT heuristic (one factor at a time). Make precise observations.
93
State Conservation means that you minimize disturbances to the product state, maintaining it as much as possible while using the product.
KEY IDEA
94
Test Procedure
A test activity is a line of investigation that fulfills some part of the test strategy. A test case is one particular It can encompass many test cases. instance or variation of a test or test idea. A test procedure is a way of performing a test.
What role do you play in it? What role do tools play? Who controls your procedures? Should they be documented? How?
95
Some people prefer a more restrictive definition of procedure. Cem Kaner considers a sequential set of steps to be an important aspect of procedure. He would prefer that we use the word test implementation instead of procedure, in this section. However, in the Rapid Testing methodology, we usually opt for the most inclusive definitions that still express the key ideas, since that makes the conversation easier. In our view, the word procedure as it is commonly used is not limited only to sequential instruction sets. As always, its up to you what words you use.
(if necessary) Obtain product for testing (if necessary) Install on a platform. (if necessary) Prepare test data and tools for test execution. Assure that the product is in a clean enough starting state.
Operate
Control the product and platform with inputs to exercise the product. Cause the product to exercise the right functions/states in the right sequence with the right data. Collect information about how the product behaves (collect both direct and indirect output) so that it can be evaluated. Apply oracles to detect bugs. Provides a clear answer to the question
Observe
Evaluate
96
To test a simple product very thoroughly, part of a complex product very thoroughly, or to maximize test integrity
1. 2. 3. 4. 5. 6.
Start the test from a known (clean) state. Prefer simple, deterministic actions. Trace test steps to a specified model. Follow established and consistent lab procedures. Make specific predictions, observations and records. Make it easy to reproduce (automation helps).
97
To find unexpected problems, elusive problems that occur in sustained field use, or more problems quickly in a complex product
1. 2. 3. 4. 5. 6.
Start from different states (not necessarily clean). Prefer complex, challenging actions. Generate tests from a variety of models. Question your lab procedures and tools. Try to see everything with open expectations. Make the test hard to pass, instead of easy to reproduce.
98
Wordpad
KEY IDEA
100
Test Strategy Strategy: The set of ideas that guide your test design. Logistics: The set of ideas that guide your application of
resources to fulfilling the test strategy.
Plan: The set of ideas that guide your test project. A good test strategy is:
Product-Specific Risk-focused Diversified Practical
101
Customers
Anyone who is a client of the test project. Information about the product or project that is needed for testing. How you get along with the programmers. Anyone who will perform or support testing. Hardware, software, or documents required to administer testing. The sequence, duration, and synchronization of project events. The product to be tested. The observable products of the test project.
103
Information
Test Items
Deliverables
Function testing Domain testing Stress testing Flow testing Scenario testing Claims testing User testing Risk testing Automatic testing
104
Well come back to these later. For now, note that were more likely to catch different bugs with different nets; a diverse set of test techniques will find a diverse set of bugs.
How much is enough? Diverse Half-Measures There is no single technique that finds all bugs. We cant do any technique perfectly. We cant do all conceivable techniques.
Use diverse half-measures-- lots of different points of view, approaches, techniques, even if no one strategy is performed completely.
105
New Project
Testing is itself a form of risk analysis: risk-based testing begins with a rumor of risk and transforms that into information. Even if testing reveals a problem that cannot be reproduced, you have learned something about risk. Exploratory testing is a popular and powerful approach to analyzing risk. Scripted testing is better suited for monitoring known risk.
Interruptions Undermining Adjustments Dog Piling Continuous Use Feature Interactions Click on Help
108
Happy Path: Use the product in the most simple, expected, straightforward way, just as the most optimistic programmer might imagine users to behave. Perform a task, from start to finish, that an end-user might be expected to do. Look for anything that might confuse, delay, or irritate a reasonable person. Documentation Tour: Look in the online help or user manual and find some instructions about how to perform some interesting activity. Do those actions. Improvise from them. If your product has a tutorial, follow it. You may expose a problem in the product or in the documentation; either way, youve found something useful. Even if you dont expose a problem, youll still be learning about the product. Sample Data Tour: Employ any sample data you can, and all that you canthe more complex or extreme the better. Use zeroes where large numbers are expected; use negative numbers where positive numbers are expected; use huge numbers where modestly-sized ones are expected; and use letters in every place thats supposed to handle numbers. Change the units or formats in which data can be entered. Challenge the assumption that the programmers have thought to reject inappropriate data. Variables Tour: Tour a product looking for anything that is variable and vary it. Vary it as far as possible, in every dimension possible. Identifying and exploring variations is part of the basic structure of my testing when I first encounter a product. Complexity Tour: Tour a product looking for the most complex features and using challenging data sets. Look for nooks and crowds where bugs can hide. File Tour: Have a look at the folder where the program's .EXE file is found. Check out the directory structure, including subs. Look for READMEs, help files, log files, installation scripts, .cfg, .ini, .rc files. Look at the names of .DLLs, and extrapolate on the functions that they might contain or the ways in which their absence might undermine the application. Menus and Windows Tour: Tour a product looking for all the menus (main and context menus), menu items, windows, toolbars, icons, and other controls. Keyboard and Mouse Tour: Tour a product looking for all the things you can do with a keyboard and mouse. Run through all of the keys on the keyboard. Hit all the F-keys. Hit Enter, Tab, Escape, Backspace. Run through the alphabet in order. Combine each key with Shift, Ctrl, and Alt. Also, click on everything. Interruptions: Start activities and stop them in the middle. Stop them at awkward times. Perform stoppages using cancel buttons, O/S level interrupts (ctrl-alt-delete or task manager), arrange for other programs to interrupt (such as screensavers or virus checkers). Also try suspending an activity and returning later. Undermining: Start using a function when the system is in an appropriate state, then change the state part way through (for instance, delete a file while it is being edited, eject a disk, pull net cables or power cords) to an inappropriate state. This is similar to interruption, except you are expecting the function to interrupt itself by detecting that it no longer can proceed safely. Adjustments: Set some parameter to a certain value, then, at any later time, reset that value to something else without resetting or recreating the containing document or data structure. Dog Piling: Get more processes going at once; more states existing concurrently. Nested dialog boxes and non-modal dialogs provide opportunities to do this. Continuous Use: While testing, do not reset the system. Leave windows and files open. Let disk and memory usage mount. You're hoping that the system ties itself in knots over time. Feature Interactions: Discover where individual functions interact or share data. Look for any interdependencies. Tour them. Stress them. I once crashed an app by loading up all the fields in a form to their maximums and then traversing to the report generator. Look for places where the program repeats itself or allows you to do the same thing in different places. Click for Help: At some point, some users are going to try to bring up the context-sensitive help feature during some operation or activity. Does the products help file explain things in a useful way, or does it offend the users intelligence by simply restating whats already on the screen? Is help even available at all?
Cost as a Simplifying Factor Try quick tests as well as careful tests Input Attack A quickConstraint test is a cheap test that has some value but requires little preparation, knowledge, Click Frenzy or time to perform. Shoe Test Resource Starvation Blink Test Multiple Instances Error Message Hangover
Crazy Configs Cheap Tools
109
Input Constraint Attack: Discover sources of input and attempt to violate constraints on that input. For instance, use a geometrically expanding string in a field. Keep doubling its length until the product crashes. Use special characters. Inject noise of any kind into a system and see what happens. Use Satisfices PerlClip utility to create strings of arbitrary length and content; use PerlClips counterstring feature to create a string that tells you its own length so that you can see where an application cuts off input. Click Frenzy: Ever notice how a cat or a kid can crash a system with ease? Testing is more than "banging on the keyboard", but that phrase wasn't coined for nothing. Try banging on the keyboard. Try clicking everywhere. I broke into a touchscreen system once by poking every square centimeter of every screen until I found a secret button. Shoe Test: This is any test consistent with placing a shoe on the keyboard. Basically, it means using auto-repeat on the keyboard for a very cheap stress test. Look for dialog boxes so constructed that pressing a key leads to, say, another dialog box (perhaps an error message) that also has a button connected to the same key that returns to the first dialog box. That way you can place a shoe (or Coke can, as I often do, but sweeping off a cowboy boot has a certain drama to it) on the keyboard and walk away. Let the test run for an hour. If theres a resource or memory leak, this kind of test will expose it. Blink Test: Find some aspect of the product that produces huge amounts of data or does some operation very quickly. For instance, look a long log file or browse database records very quickly. Let the data go by too quickly to see in detail, but notice trends in length or look or shape of the data. Some bugs are easy to see this way that are hard to see with detailed analysis. Use Excels conditional formatting feature to highlight interesting distinctions between cells of data. Error Message Hangover: Make error messages happen and test hard after they are dismissed. Often developers handle errors poorly. Resource Starvation: Progressively lower memory, disk space, display resolution, and other resources until the product collapses, or gracefully (we hope) degrades. Multiple Instances: Run a lot of instances of the app at the same time. Open the same files. Manipulate them from different windows. Crazy Configs: Modify the operating systems configuration in non-standard or non-default ways either before or after installing the product. Turn on high contrast accessibility mode, or change the localization defaults. Change the letter of the system hard drive. Consider that the product has configuration options, toochange them or corrupt them in a way that should trigger an error message or an appropriate default behavior. Cheap Tools: Learn how to use InCtrl5, Filemon, Regmon, AppVerifier, Perfmon, and Process Explorer, and Task Manager (all of which are free). Have these tools on a thumb drive and carry it around. Also, carry a digital camera. I now carry a tiny 3 megapixel camera and a tiny video camera. Both fit into my coat pockets. I use them to record screen shots and product behaviors. While its not cheap, you can usually find Excel on most Windows systems; use it to create test matrices, tables of test data, charts that display performance results, and so on. Use the World-Wide Web Consortiums HTML Validator at http://validator.w3c.org. Pay special attention to tools that hackers use; these tools can be used for good as well as for evil. Netcat, Burp Proxy, wget, and fuzzer are but a few examples.
Can tests be repeated? You cant be certain that you control all the factors that might matter to fulfill the purpose of a test. So, to repeat a test means that you believe you are repeating some part of a test that matters, while other parts of that test may not be repeated. Even if you repeat just 1% of a test, it may be fair to say that you have repeated that test in every way that matters.
110
Minefield Argument
Should tests be repeated? Consider cost vs. value. Consider what could be gained from some of the many tests you have not yet ever performed. Annoying, eh? To test is to question:
Why ask the same question again? Why ask the same question again? Why ask the same question again? Why ask the same question again?
112
113
What is Testing?
Try it to learnhow it might not work.
1. 2. 3. 4. 5. 6. 7. 8. 9.
Model the test space. Determine coverage. Determine oracles. Determine test procedures. Configure the test system. Operate the test system. Observe the test system. Evaluate the test results. Report test results.
There are numerous ways of doing these things. Patterns that describe how to do this are called test techniques.
114
By modeling, we mean that we must build a representation in our minds of what the product must do. If our model is incorrect or limited, then we automatically will not test what should be tested. The first four items on the list are usually called test design. The latter five items are usually called test execution.
KEY IDEA
115
Common Claims About Test Documentation Its needed for new testers. Its needed to deflect legal liability. Its needed to share testing with other testers. Its needed for repeatability. Its needed for accountability. It forces you to think about test strategy.
Something is wrong with these claims. Can you see the problem?
116
That should be documented if and when and how it serves our purposes.
Who will read it? Will they understand it? Is there a better way to communicate that information? 117 What does documentation cost you?
What Does Rapid Testing Look Like? Concise Documentation Minimizes Waste
General
Testing Heuristics
Risk Catalog
Coverage Model
ProjectSpecific
Risk Model
Schedule
Issues
Bugs
Detailed procedural documentation is expensive and largely unnecessary. Tutorial documentation is also usually unnecessary, but if you do it, then keep it separate from the working documents.
Consider Automatic Logging Exploratory testing works better when the product produces an automatic log of everything that was covered in each test. You can also use external logging tools such as Spector (www.spectorsoft.com). Automatic logging means that you get something like a retrospective script of what was tested.
120
Taking Notes
Coverage Oracles Procedures (key elements only) Test Ideas Bugs/Risks Issues, Questions & Anomalies
It would be easier to test if you changed/added How does work? Is this important to test? How should I test it? I saw something strange
121
1) 2) 3) 4)
vs.
122
Charter:
A clear mission for the session A charter may suggest what should be tested, how it should be tested, and what problems to look for. A charter is not meant to be a detailed plan. General charters may be necessary at first:
Analyze the Insert Picture function
Specific charters provide better focus, but take more effort to design:
Test clip art insertion. Focus on stress and flow techniques, and make sure to insert into a variety of documents. Were concerned about resource leaks or anything else that might degrade performance over time.
123
Time Box:
Focused test effort of fixed duration Short: 60 minutes (+-15) Normal: 90 minutes (+-15) Long: 120 minutes (+-15)
Brief enough for accurate reporting. Brief enough to allow flexible scheduling. Brief enough to allow course correction. Long enough to get solid testing done. Long enough for efficient debriefings. Beware of overly precise timing.
124
Debriefing:
Measurement begins with observation The manager reviews session sheet to assure that he understands it and that it follows the protocol. The tester answers any questions. Session metrics are checked. Charter may be adjusted. Session may be extended. New sessions may be chartered. Coaching happens.
125
Issues
CHARTER ----------------------------------------------Analyze MapMakers View menu functionality and report on areas of potential risk. #AREAS OS | Windows 2000 Menu | View Strategy | Function Testing Strategy | Functional Analysis START ----------------------------------------------5/30/00 03:20 pm TESTER ----------------------------------------------Jonathan Bach TASK BREAKDOWN ----------------------------------------------#DURATION short #TEST DESIGN AND EXECUTION 65
#ISSUE #DURATION #TEST DESIGN AND EXECUTION #BUG INVESTIGATION AND REPORTING #SESSION SETUP #CHARTER/OPPORTUNITY
Data Files
126
Session Setup
Activity Hierarchy
All test work fits here, somewhere all work nonsession
inferred
session
opportunity
on charter
test
bug
setup
129
Work Breakdown:
Diagnosing the productivity
Do these proportions make sense? How do they change over time? Is the reporting protocol being followed?
Non-Session 61% T est 28%
Bug 4%
Setup 6% Opportunity 1%
6/9
6/23
7/7
7/21
8/4
8/18
130
Coverage:
Specifying coverage areas These are text labels listed in the Charter section of the session sheet. (e.g. insert picture) Coverage areas can include anything
areas of the product test configuration test strategies system configuration parameters
Use the debriefings to check the validity of the specified coverage areas.
131
Coverage:
Are we testing the right stuff? Is this a risk-based test strategy?
Distribution of On Charter Testing Across Areas
120 100 80 60 40 20 0
132
KEY IDEA
134
0 to 100
Reporting Considerations
Reporter safety: What will they think if I made no progress? Client: Who am I reporting to and how do I relate to them? Rules: What rules and traditions are there for reporting, here? Significance of report: How will my report influence events? Subject of report: On what am I reporting? Other agents reporting: How do other reports affect mine? Medium: How will my report be seen, heard, and touched? Precision and confidence levels: What distinctions make a difference?
Test Cycle Report Product Areas vs. Test Effort Test Coverage Quality Assessment vs. Time
137
Testing Dashboard
Updated:
Build:
2/21
38
Area
file/edit view insert format tools slideshow online help clipart converters install compatibility general GUI
Effort C. Q.Comments
high low low low blocked low blocked none none start 3/17 start 3/17 low 1 1+ 2 2+ 1 2 0 1 1 0 0 3
1345, 1363, 1401 automation broken crashes: 1406, 1407 animation memory leak new files not delivered need help to test... need help to test... lab time is scheduled
138
Product Area
Area
file/edit view insert format tools slideshow online help clipart converters install compatibility general GUI
15-30 areas (keep it simple) Avoid sub-areas: theyre confusing. Areas should have roughly equal value. Areas together should be inclusive of everything reasonably testable. Product areas can include tasks or risks- but put them at the end. Minimize overlap between areas. Areas must "make sense" to your clients, or they wont use the board.
139
Test Effort Use red to denote significant problems or stoppages, as in blocked, none, or pause. Color ship green once the final tests are complete and everything else on that row is green. Use neutral color (such as black or blue, but pick only one) for others, as in start, low, or high.
141
Test Coverage
0 1 1+ 2 2+ 3
Sanity Check:
Complex Cases:
Test Coverage
Color green if coverage level is acceptable for ship, otherwise color black. Level 1 and 2 focus on functional requirements and capabilities: can this product work at all? Level 2 may span 50%-90% code coverage. Level 2+ and 3 focus on information to judge performance, reliability, compatibility, and other ilities: will this product work under realistic usage? Level 3 or 3+ implies if there were a bad bug in this area, we would probably know about it.
143
Quality Assessment
We know of no problems in this area that threaten to stop ship or interrupt testing, nor do we have any definite suspicions about any. We know of problems that are possible showstoppers, or we suspect that there are important problems not yet discovered. We know of problems in this area that definitely stop ship or interrupt testing.
144
Comments Use the comment field to explain anything colored red, or any non-green quality indicator. Problem ID numbers. Reasons for pausing, or delayed start. Nature of blocking problems. Why area is unstaffed.
145
147
KEY IDEA
148
Getting started
Take advantage of resources
Email me See my book Lessons Learned in Software Testing Browse the appendices of the class Join forum: software-testing@yahoogroups.com
Do some focused ET
Try a three-hour chartered bug hunt with a group of testers. See what happens. Do some ET sessions by yourself and practice noticing how you think and practice taking notes
Getting started
Try using guideword heuristics
Use my model Or modify my model Or make your own model
Getting started
Practice your systems thinking
Read The Art of Systems Thinking or An Introduction to General Systems Thinking Try the exercises in those books. Take any part of your product and model it in terms of its most important dimensions.