Chapter 34
Software Testing Trends
Today, many companies are still struggling with the requirements phase, which is often minimized (or bypassed) to get the application “out the door.” Testers constantly ask, “How do you test software without a requirements specification?” The answer is, you cannot. This lack of good requirements has resulted in losses of billions of dollars each year due to the rippling effect, which occurs when one phase of the development life cycle has not been sufficiently completed before proceeding to the next. For example, if the requirements are not fully defined, the design and coding will reflect the wrong requirements. The application project will have to constantly go back to redefine the requirements and then design and code. The efficiency of 4GLs in some ways has diminished the importance of previously learned lessons in software development.
Unfortunately, the foregoing historical development trends are being followed in software testing, as listed in the following text.
Automated Capture/Replay Testing Tools
The original purpose of automated test tools was to automate regression testing to verify that software changes do not adversely affect any portion of the application that has already been tested. This requires that a tester has developed detailed test cases that are repeatable, and the suite of tests is run every time after there is a change to the application. With the emergence of automated testing tools, many have embraced this as the final frontier for the testing effort.
However, on many occasions, testing tools are applied with no testing process or methodology. A test process consists of test planning, test design, test implementation, test execution, and defect management. Automated testing tools must integrate within the context of a testing process. The testing process must be embedded into the development methodology to be successful. Also, having a testing process is not enough. Many companies decline and even fail at the same time they are reforming their processes. They are winning Baldrige awards and creating dramatic new efficiencies, savings, and improvements in product quality and customer service. Companies experiencing this paradox have clearly gotten a process right. However, that is different from getting the right process right. The selection and usage of an automated testing tool do not guarantee success.
Test Case Builder Tools
Companies purchase many automated testing tools but soon realize that they need a programmer, or tester with programming experience, to create and maintain the scripts. The emphasis shifts to getting the automated test script (a program) to work. The scripting effort is a development project within a development project and requires a great deal of programming effort. Many testers do not have a programming background, and developers do not want to do testing.
Automated testing tools are just a delivery mechanism of the test data to the target application under test. Automated testing tools are typically used for function/GUI testing. Tools are the interface between the test data and the GUI; they verify that the target application responds as defined by the requirements (if there are any). The creation of the test data/scenarios is a manual process in which a tester (or business analyst) translates the requirements (usually written in a word processor such as Microsoft Word) to test data.
This is a very time-consuming and difficult problem in which humans are not very efficient. There are numerous testing techniques (see Appendix G, “Software Testing Techniques”) that aid in the translation, but this translation is still a human effort from one formalism to another, for example, an English language statement to test data/scenarios. It is ironic that so much attention has been given to developing test scenarios with little or no concern about the quality of the test data.
Necessary and Sufficient Conditions
Automated testing tools to date do not satisfy the necessary and sufficient conditions to achieve quality. These tools are as good as the quality of the test data input from the automated test scripts.
GIGO stands for garbage in, garbage out. Computers, unlike humans, will unquestioningly process the most nonsensical input data and produce nonsensical output. Of course, a properly written program will reject input data that is obviously erroneous, but such checking is not always easy to specify and is tedious to write. GIGO is usually said in response to users who complain that a program did not “do the right thing” when given imperfect input. This term is also commonly used to describe failures in human decision making due to faulty, incomplete, or imprecise data. This is a sardonic comment on the tendency human beings have to put excessive trust in “computerized” data.
The necessary and sufficient conditions for quality are that a robust tool be the deliverer of quality test data/test scenarios to be exercised against the target application based on what the application should or should not do. For most commercial applications, the data is key to the test result. Testing is just entering or verifying data values, but knowing what the state of the data is supposed to be so you can predict expected results. Gaining control of the test data is fundamental for any test effort, because a basic tenet of software testing is that you must know both the input conditions of the data and the expected output results to perform a valid test. If you do not know either of these, it is not a test; it is an experiment, because you do not know what will happen. This predictability is important for manual testing, but for automated testing it is essential.
However, for many systems you cannot even get started until you have enough test data to make it meaningful, and if you need thousands or millions of data records, you have got a whole new problem. In an extreme case, testing an airline fare-pricing application required tens of thousands of setup transactions to create the cities, flights, passengers, and fares needed to exercise all of the requirements. The actual test itself took less time than the data setup. Other necessary conditions are the people and process. The right people need to be trained, and there must be a solid testing process in place before test automation can be attempted.
Test Data Generation Strategies
Historically, there have been four basic strategies for assembling a test data environment: production sampling, starting from scratch, seeding data, or generating it from databases. Each strategy is considered, including the advantages and disadvantages of each. After this discussion, a fifth, or cutting-edge, approach generating not only test data but test scenarios and the expected results (based upon the requirements) is discussed.
Sampling from Production
The most common test data acquisition technique is to take it from production. This approach seems both logical and practical: production represents reality, in that it contains the actual situations the software must deal with and it offers both depth and breadth while ostensibly saving the time required to create new data.
There are at least three major drawbacks, however. The test platform seldom replicates production capacity, and so a subset must be extracted. Acquiring this subset is not as easy as taking every Nth record or some flat percentage of the data: the complex interrelationships between files means that the subset must be internally cohesive. For example, the selected transactions must reference valid selected master accounts, and the totals must coincide with balances and histories. Simply identifying these relationships and tracing through all of the files to ensure that the subset makes sense can be a major undertaking in and of itself. Furthermore, it is difficult to know how large a sample is necessary to achieve coverage of all critical states and combinations.
The second major drawback of this approach is that the tests themselves and the extracted data must be constantly modified to work together. Going back to our basic tenet, we must know the input conditions for a valid test, in this case, the data contents. Each fresh extraction resets everything. If a payroll tax test requires an employee whose year-to-date earnings will cross over the FICA limit on the next paycheck, for example, the person performing the test must either find such an employee in the subset, modify one, or add one. If the test is automated, it too must be modified for the new employee number and related information. Searching for an employee who meets all the conditions you are interested in is like searching for a needle in a haystack. Thus, the time savings are illusory because there is limited repeatability: all effort to establish the proper test conditions is lost every time the extract is refreshed.
And finally, this approach obviously cannot be employed for new systems under development, inasmuch as no production data is available.
Starting from Scratch
The other extreme is to start from scratch, in effect reconstructing the test data each time. This approach has the benefit of complete control; the content is always known and can be enhanced or extended over time, preserving prior efforts. Internal cohesion is ensured because the software itself creates and maintains the interrelationships, and changes to file structures or record layouts are automatically incorporated.
However, reconstructing test data is not free from hazards. The most obvious is that, without automation, it is highly impractical for large-scale applications. Less obvious is the fact that some files cannot be created through online interaction: they are system-generated only through interfaces or processing cycles. Thus, it may not be possible to start from a truly clean slate.
A compelling argument also might be made that data created in a vacuum, so to speak, lacks the expanse of production: unique or unusual situations that often arise in the real world may not be contemplated by test designers. Granted, this technique allows for steady and constant expansion of the test data as necessary circumstances are discovered, but it lacks the randomness that makes production so appealing.
Seeding the Data
Seeding test data is a combination of using production files and creating new data with specific conditions. This approach provides a dose of reality tempered by a measure of control.
This was the strategy adopted by a major mutual fund to enable test automation. Without predictable repeatable data there was no practical means of reusing automated tests across releases. Although much of the data, such as funds, customers, and accounts, could be created through the online interface, other data had to be extracted from production. Testing statements and tax reports, for example, required historical transactions that could not be generated except by multiple execution cycles. So, the alternative to acquiring the data from production and performing the necessary maintenance on the tests proved to be less time consuming. Once the data was assembled, it was archived for reuse.
It is still not easy. You must still surmount the cohesion challenge, ensuring that the subset you acquire makes sense, and you must still have an efficient means of creating the additional data needed for test conditions. Furthermore, you must treat the resulting data as the valuable asset that it is, instituting procedures for archiving it safely so that it can be restored and reused.
Although a popular and sensible concept, reuse brings its own issues. For time-sensitive applications, which many if not most are, reusing the same data over and over is not viable unless you can roll the data dates forward or the system date back. For example, an employee who is 64 one month may turn 65 the next, resulting in different tax consequences for pension payouts.
Furthermore, modifications to file structures and record layouts demand data conversions, but this may be seen as an advantage because, it is hoped, the conversions are tested against the test bed before they are performed against production.
Generating Data Based on the Database
Generated test data can obviously be used to create databases with enough information to approximate real-world conditions for testing capacity and performance. If you need to ensure that your database design can support millions of customers or billions of transactions and still deliver acceptable response times, generation may be the only practical means of creating these volumes.
Test data generators begin with the description of the file or database that is to be created. In most cases, the tools can read the database tables directly to determine the fields and their type, length, and format. The user can then add the rules, relationships, and constraints that govern the generation of valid data.
Standard “profiles” are also offered, which can automatically produce billions of names, addresses, cities, states, zip codes, Social Security numbers, test dates, and other common data values such as random values, ranges, and type mixes. User-customizable data types are also available in most products, which can be used for generating unique SIC (standard industrialization classification) business codes, e-mail addresses, and other data types.
A more critical feature, and more difficult to implement, is support for parent/child and other relationships in complex databases. For example, a parent record, such as a customer account master, must be linked with multiple child records, such as different accounts and transactions. This type of functionality is essential for relational database environments in which referential integrity is key.
Some users have found it easier to use a test data generator to create data that is then read by an automated test tool and entered into the application. This is an interesting combination of data generating and seeding. The synergy between test data generation and test automation tools is natural, and in some cases the test data generation capability is being embedded in test execution products.
Databases can contain more than just data, such as stored procedures or derived foreign keys that link other tables or databases. In these cases, it is not feasible to generate data directly and populate the tables. Too often, maintaining database integrity is a project in itself.
And, of course, in the end, volume is its own challenge. More is not necessarily better. Too much data will take too long to generate, will require too much storage, and may create even more issues than not having enough data will.
A Cutting-Edge Test Case Generator Based on Requirements
Because most test efforts require hundreds, if not thousands, of test cases, an extensive development effort is the result when a capture/replay tool uses a scripting language. This is time consuming, as automating an hour of manual testing can require ten hours of coding and debugging. The net result is another development effort within the test cycle, which is not planned, staffed, or budgeted for. For testers who do not have a programming background, there is a steep learning curve to learn how to use these tools.
As the inevitable changes are made to the application, even minor modifications can have an extensive impact on the automated test library. A single change to a widely used function can affect dozens of test cases or more. Not only do the changes have to be mapped to the affected scripts and any necessary modifications made, but the results also have to be tested. Eventually, the maintenance effort takes so much of the test cycle time that testers are forced to revert to manual testing to meet their deadlines. At this point, the tool becomes shelfware.
The focus of future automated testing tools will have a business perspective rather than a programming view. Business analysts will be able to use such tools to test applications from a business perspective without having to write test scripts.
Instead of requiring one to learn a scripting language, or to document their tests so someone else can code them into scripts, the most advanced automated testing tools let one document and automate in one step with no programming effort. Application experts with business knowledge will be able to learn to develop and execute robust automated tests using simple drop-down menus.
As pointed out previously, the focus of test automation to date has been on getting the scripts to work. But where does the data come from? How does the tester know the right test data is being used by the script and how does the tester know there is adequate requirements coverage by the data?
This is a fundamental element that has typically been missing from capture/replay automated tools up to now. What is not being addressed is the quality of the test data input and test scenarios to the scripts. Typically, the automated testing tool scripter is assigned to the testing department. Because this is a very specialized and intensive programming effort, the focus is on getting the script working correctly. It is assumed someone else will provide the test data/test scenarios.
The following is a description of a tool that derives the test data directly from the test objects and requirements. The output of such tools is the input to the automated testing tools. Such a tool bridges the gap between the requirements and testing phases.
Smartware Technology’s SmartTest™ is an example of such a futuristic tool and has the following major capabilities:
■ Enables manual inputs of parameters and values or imports from Excel
■ Generates pairwise test data that can be input as variable data to automated tools (or manual testing) offered by the following:
– HP’s Quick Test Pro
– IBM’s Computer Associate’s CA Verify
– Compuware’s TestPartner
– Empirix’s e-Test Suite
– Segue’s SilkTest
■ Dynamically applies requirements/business rules to the pairwise test data
■ Provides traceability between test cases and the requirements (business rules)
Figure 34.1 shows the SmartTest™ tree structure in which the test cases are organized and housed. It also shows an Excel-like table format that contains the parameters and associated values. In this example, a parameter is a row in a GUI mortgage application along with the respective values. These parameters are entered either manually or through screen scraping of the target application GUI.
Figure 34.2 shows the SmartTest™ business rule builder. The rules are entered by pointing at and clicking on predefined parameters and associated values to build a Structured English if–then–else format. A built-in parameter called “Expected Result” enables a rule to self-define the expected result from a test.
Figure 34.3 shows how SmartTest™ generates test cases and test data with pairwise interactions of the parameters and values. Each row is a test case. The business rules are then dynamically applied to each test row. This adjusts the tests to reflect the requirements (or business rules). Negative and positive test data can be constructed.
Figure 34.4 shows a bidirectional SmartTest™ report that associates which test cases are associated with each business rule and vice versa. This feature is very useful during maintenance to identify the test cases that should be executed based upon the change on a requirement. (See www.smartwaretechnologies.com for more details.)
Figure 34.1 Test case tree, test parameters, and values.
Figure 34.2 Structured English business rules.
Figure 34.3 Pairwise generated test data.
Figure 34.4 Traceability matrix (business rules versus test cases). (See www.smartwaretechnologies.com for more details.)