Verification and Validation

Automated Acceptance Tests

Our customer is a savvy one. They have a full time team that conducts acceptance tests of our software. This team keeps on top of new requirements and the overall business. They make sure they are in the loop at all times during the decision making process. In the end, this team makes the final call on whether our software is ready for prime time.

Here is something new I have read that might help our customer's acceptance test team. That is automated acceptance tests. No that will not put them out of a job. It may make their lives easier. You write up your test cases in some English like language. Most of the time you focus on positive testing. That is, you test the normal case. The benefit it that you can run the tests against every new release.

Currently my customer does acceptance tests manually. That requires them to load up on resources during the software delivery period. It also means that the testers are forever generating huge volumes of interesting test data. That is a good step. However the tedious manual execution of the tests makes me dread the job. I must confess that they are successful in finding where our software breaks down or does not meet the business need. Automated acceptance testing might take their game to the next level. Do I hear a promotion in some acceptance tester's future?

Test Automation

A common theme I read a lot about is the automation of testing. At the root this is wise move. Automate your testing. Then you can code up some changes, and retesting quickly by kicking off the tests. The big three places where automation can be used are unit, regression, and system acceptance tests.

On our own project, most of the test phases are manual. Once in a while I will automate a unit test if I have the time. However we normally have no time in development. Everything is rush rush rush.

Let's step back a minute and define our testing. Unit tests is where small units of code are tested. Normally you write your test cases in the same language that the product is implemented in. You try to cover all the lines of code in your tests. There are popular frameworks which assist in this endeavor.

Regression tests are supposed to cover all the functionality in your product. This is difficult to achieve. There is not really a framework you can pick up to help with this. That is because the products themselves are very diverse. The regression tests themselves can check different characteristics of the system. This includes things like performance.

This one is getting long. So I will pick up with System Acceptance tests next time.

Time for TDD

Test Driven Development (TDD) is gaining more acceptance in programming circles. But at least one question still remains. When should you apply TDD? In other words, when do you develop the tests? A simple answer is to create the tests first. That way you have tested code from day one. However this may not always be the right way to go.

I read a blog entry stressing that TDD is beneficial for maintenance work. You should have mature code complete with self tests. However the very first class you write for a new system may not need tests right away. Testing may in fact get in the way of rapid progress. I myself am divided on this very topic.

In a perfect world, you would have understood all the requirements and performed a full analysis and design on the project. At that point you are ready to add TDD before you write the first line of code. The real world is never perfect. So this may not be the way to go. Sometimes you need to write some code to figure things out. I would not call this production code. This may be throw away code. And that code does not need TDD applied to it.

We do not use TDD in general on my project. I have tried it. For small tasks it seems to work well. But when everything is crazy and we are terribly behind schedule, the TDD goes out the window and we hack together solutions. Sure it is not the best way to go. But it is life. There is probably a time and place for TDD. That time may not be before you write any code.

Cost of TDD

I read a blog about a developer that tried Test Driven Development (TDD) for a day. He found that a useful way to generate the tests is to debug your code. When you find errors, you can write a test that checks for that bug. This would be perfect for my project. It is a maintenance project. We get trouble tickets all the tine that we resolve. It would not take much more effort to integrate the tests for the bugs we fix into a automated test script. We already do the unit testing for each fix anyway.

Getting back to the subject of TDD, the developer who tried it and wrote about it did not like it. He said the TDD technique led to very little actual debugging. He did gain some new respect for the method in general. However he would still not use it for everyday programming purposes. While the effort did seem to result in higher quality code, it took much longer to develop code that way.

When can you use TDD? I know we can’t use it on our project. We hardly have the time to race through coding and hack together some solutions on my project. If TDD causes the development cycle to double in time, we would never get anything done at my job. Here is the funny thing about this.

Perhaps we really are the best candidates for a TDD approach. The problem is that it would be a hard sell. One of the main things that drives our schedule is customer needs. And our particular customer wants more functionality in less time. They don’t seem to care about our methodology. Yes they do not like bugs. However they will tolerate bugs if it means they get a lot of features right away.

Production Volume

I read this blog about how you should test using volume comparable to production. Big hard disks cost little these days right? Wrong. Well yes some el cheapo hard disk can be found for a bargain. However that disk will never match the characteristics of our production server box.

Now I don't know all the details. But we have a massive box to run our production system. There is probably something like 128 processors on the darn thing. And there is more RAM in there than you could find on a mainframe.

Don't get me started about the super speed disk array we got powering our database. But I guess you get the point. You cannot compare your little bitty workstation with a production box. To do some is futile. I guess the only pearl of wisdom from the blog post I read was that you should not do tests if you only have a couple records in your tests tables. Point taken.

Oracle Application Suite

You would think a tool called Oracle Application Suite would be focused on some type of database work. Specifically it sounds like it does something with the Oracle Database. However I just read an article that tells how this tool can be used for testing.

The Oracle Application Suite is actually a part of Oracle Enterprise Manager. Now I have heard of this product. However I have seen DBAs use this to manage Oracle databases. But I digress. Let's get back to how Oracle Application Suite can be used to test.

There are three things that Oracle Application Suite does to assist testing. It helps load testing by simulating a lot of users logging on to the database. It also performs functional testing by automating test scripts. Finally it helps with all kinds of chores related to web application testing.

Now like most Oracle tools, I hope this one is free. If so I plan on checking it out. On a final note, I understand this tool integrates with other products. I guess I will have to play with it to find out how that works.

Fuzzing

I read an article in Software Test and Performance magazine about the topic “Fuzzing”. This was the first time I had heard this term. However recently I heard some of my team’s tester talking about the issues involved with fuzzing. So I thought I would write about this as well.

Fuzzing is a negative software testing method. That means you do not test for whether the system works correctly with correct inputs. Instead fuzzing concentrates on things such as inputting malformed data to an application. It also involves attempts to defeat system security. This used to be a hacking technique. Now it has been formalized as a testing methodology.

Requirements themselves can be written in a positive and negative form. That is, requirements usually dictate what the software must do. However some requirements also define the desired system behavior by describing also what the system shall not do.

A way to perform fuzzing is to start with a test case. Then you can modify the test data and rerun the test. The more general realm of testing is robustness testing. This is where you test how the system behaves when there are invalid inputs. One such form of robustness testing is fuzzing. The main purpose of fuzzing is to identify security problems in the system.

When I was with some of our team’s testers, I heard them talking about their negative testing. I did not drop the “fuzzing” buzzword with them. However it was good to see that they are addressing modern topics in the test world.