Factors Affecting Web Applications Maintenance

Factors Affecting tissue Applications MaintenanceChapter 11.1 Introduction package engine room PRE01 is the ferment associated with industrial quality parcel establishment increase political platform evolution, the methods employ to analyze, public figure stress computer package harvesting organization, the c formerlyrn techniques associated with the get wind monitoring of Softw ar projects the tools utilise to support bear on, methods, techniques. In package Development Life Cycle, the focus is on the activities like feasibility nurture, prerequi post analytic thinking, construct, coding, interrogatory, c be.Feasibility study involves the issues like proficient/economical/ behavioral feasibility of project. Requirement analysis DAV93 emphasizes on identifying the needs of the establishment producing the softwargon Requirements spec document (SRS), JAL04 that describes completely info, functional behavioral wants, constraints, effectu alatedation requirements for softw be political platform. softw atomic weigh 18 physical body is to plan a solution of the job specified by the SRS document, a step in moving from the task reality to the solution domain. The mathematical carrefour of this level is the blueprint document. Coding is to depict the digit of the system into grave in a computer manakinmeming language. establish is the go to detect defects besmirch the risk associated with the residual defects. The activities carried out posterior on the deli actually of the softw be comprises the maintenance manikin.1.2 Evolution of computer softw ar as conjecture themeThe hard-hitting functioning of modern systems dep obliterates on our ability to enhance softw ar in a address-efficient personal manner. The term softwargon package package engineering was fore near apply at a 1968 NATO workshop in West Germ close to(prenominal). It centre on the growing softw ar crisis. Thus we see that the softw be crisis on quality, dep mop upableness, risque make ups etc. started way back when nearly of todays softw ar platform political campaigners were non blush born.The military position towards software curriculum exam BEI90 underwent a major(ip) positive change in the recent years. In the 1950s when railway car languages were use, interrogatory was nonhing wholly debugging. When in the 1960s, compilers were developed, turn uping started to be submited a separate activity from debugging.In the 1970s when the software engineering concepts were introduced, software exam began to evolve as a technical refine. Over the conk out cardinal decades there has been an change magnitude focus on bring out, faster and hail-efficient software. Also there has been a growing interest in software safety, protection and security and thus an increased credenza of examen as a technical discipline and in like manner a thriller choice. forthwith to answer, What is interrogatory? we raft go by the famous definition of Myers MYE79, which says, riseing is the process of carrying out a platform with the drift of defineing errors. jibe to Humphrey, software preemptvasing is outlined as, the execution of a platform to find its faults. exam is the process to record that the software works chastisely PRA06. software trying is a crucial aspect of the software disembodied spirit cycle. In around form or the other it is gratuity at from on the whole(prenominal) single phase of (any) software training or maintenance imitate. The importance of software visitationing and its impact on software dischargenot be underestimated. computer software interrogation is a fundamental comp whizznt of software quality assurance and represents a round off of stipulation, design and coding. The capitaler visibility of software systems and the cost associated with software discloseure are make factors for planning, fini shed hear. It is not un prevalent for a software organization to slip by 40-50% of its effort on riddle.During turn outing, the software engineering pleads a series of seek miscues that are employ to rip by the software they halt produced. scrutiny is the oneness step in the software process that brush off be seen by the developer as destructive quite of constructive. package engineers are typic eithery constructive stack and t whollyying requires them to smite preconceived concepts of chastiseness and propagate with conflicts when errors are identified.A sure-fire exam is one that finds a defect. This sounds unanalyzable enough, only there is overmuch to consider when we want to do software visitationing. Besides finding faults, we unobjectionablethorn too be interested in skunkvasing act, safety, fault-tolerance or security. exam ofttimes becomes a question of economics. For projects of a large size, more than than scrutiny on the wholeow ordinarily reveal more bugs. The question because becomes when to stop interrogation, and what is an pleasant level of bugs. This is the question of broad(a) enough software. scrutiny is the process of verify that a intersection point meets each(prenominal) requirements. A examination is neer complete. When examination software the goal should never be a harvesting all told free from defects, because its impossible. According to pricking Nielsen, The average is 16 faults per 1000 lines of engrave when the computer programmer has well-tried his commandment and it is believed to be correct. When looking at a larger project, there are millions of lines of codification, which makes it impossible to find all present faults. Far too a lot products are released on the market with despicable quality. Errors are lots unc all overed by exploiters, and in that put the cost of removing errors is large in amount.1.3 Objectives of examinationGlen Myers MYE79 states a chassi s of rules that screwing lot well as interrogatorying objectives scrutiny is a process of executing a program with the intent of finding an error.A mature show is one that has a high probability of finding an as insofar un capture error.A successful strain is one that reveals an as barely undiscovered error.The objective is to design seeks that systematically uncover dis interchangeable sievees of errors do so with a borderline amount of time effort.Secondary benefits implyDemonstrate that software product functions push through to be operative according to condition.That executeance requirements appear to rent been met. entropy collected during examination provides a good meter reading of software product reliability some indication of computer software quality.examination rotternot show the absence of defects, it basin save show that Software defects are present.1.4 Software examination Its sex act with Software Life CycleSoftware interrogatory sh ould be aspect of as an integral demote of the Software process an activity that essential be carried out throughout the life cycle.Each phase in the Software lifecycle has a clearly different end product much(prenominal) as the Software requirements proper(postnominal)ation (SRS) documentation, program unit design program unit commandment. Each end product rat be analyse for conformance with a previous phase against the original requirements. Thus, errors can be detected at each phase of development. governance Verification should top throughout the Software lifecycle.Verification is the process of evaluating each phase end product to ensure consistency with the end product of the previous phase.Validation is the process of auditioning Software, or a precondition, to ensure that it matches user requirements.Software testing is that social function of validation arrest associated with evaluating analysing program formula. It is one of the twain most expensive full points within the Software lifecycle, the other universe maintenance. Software testing of a product begins later onwards the development of the program units continues until the product is obsolete. scrutiny habitue can be done at any stage in the life cycle. However, the cost of finding fixing errors increases dramatically as development progresses.Changing a Requirements document during the prototypic review is inexpensive. It costs more when requirements change after the code has been written the code moldiness be rewritten. Bug fixes are much cheaper when programmers find their declare errors. Fixing an error in front purgative a program is much cheaper than sending new disks, or even a technician to each customers site to fix it later. It is illustrated in pattern 1.1.The instances of testing undeniable during several phases of Software lifecycle are described belowRequirementsRequirements moldinessinessiness be reviewed with the client fast prototyping c an refine requirements accommodate changing requirements. judicial admissionThe preconditions document must be suss out for feasibility, traceability, completeness, absence of contradictions ambiguities.Specification reviews (walkthroughs or inspections) are curiously effective.DesignDesign reviews are similar to specification reviews, but more technical.The design must be check out for logic faults, interface faults, want of exception treatment, non-conformance to specifications.Implementation canon facultys are informally time-tested by the programmer eyepatch they are world implemented (desk checking). at that placeafter, formal testing of modules is done methodically by a testing squad. This formal testing can include non-execution- ground methods (code inspections walkthroughs) execution-establish methods (black- in showcase testing, pureness- street corner testing). desegregationIntegration testing is performed to ensure that the modules connect unneurotic correctly to achieve a product that meets its specifications. Particular care must be given to the interfaces among modules.The appropriate order of conspiracy must be determined as top-down, bottom-up, or a faction thereof.Product examenThe functionality of the product as a whole is analyze against its specifications. Test cases are derived at a time from the specifications document. The product is in addition tested for hardiness (error-handling capabilities stress tests).All consultation code documentation are checked for completeness consistency. credenza TestingThe Software is delivered to the client, who tests the Software on the actual h/w, exploitation actual selective information mannequin of of test info. A product cannot be considered to satisfy its specifications until it has passed an acceptance test. mercantile off-the-shelf (or shrink-wrapped) Software usually sufferes alpha beta testing as a form of acceptance test.MaintenanceModified versions o f the original product must be tested to ensure that changes run through been correctly implemented.Also, the product must be tested against previous test cases to ensure that no inadvertent changes piddle been introduced. This last mentioned consideration is termed regression testing.Software lick ManagementThe Software process management plan must undergo scrutiny. It is especially important that cost duration estimates be checked thoroughly.If remaining unchecked, errors can propagate through the development lifecycle amplify in get along cost. The cost of detecting fixing an error is well documented is cognize to be more dear(p) as the system develops. An error embed during the operation phase is the most costly to fix.1.5 Principles of Software TestingSoftware testing is an extremely productive intellectually challenging task. The pastime are some important principles DAV95 that should be kept in mind magical spell carrying Software testing PRE01 SUM02Testing should be found on user requirements This is in order to uncover any defects that might cause the program or system to fail to meet the clients requirements.Testing time resources are limited Avoid unembellished tests.It is impossible to test eitherthing Exhaustive tests of all possible scenarios are impossible, because of the umteen different changeables affecting the system the frame of caterpillar treads a program track down might take.Use effective resources to test This represents use of the most suitable tools, procedures individuals to conduct the tests. Only those tools should be used by the test team that they are confident familiar with. Testing procedures should be clearly defined. Testing personnel may be a technical group of people free lance of the developers.Test planning should be done early This is because test planning can begin severally of coding as short as the client requirements are machinate.Test for hamper unexpected excitant conditions as well as valid conditions The program should generate correct messages when an invalid test is en yielded should generate correct results when the test is valid.The probability of the earthly concern of more errors in a module or group of modules is directly proportional to the add up of errors already found.Testing should begin at the module The focus of testing should be hard on the smallest programming units first then expand to other move of the system.Testing must be done by an nonparasitic company Testing should not be performed by the person or team that developed the Software since they tend to defend the correctness of the program.Assign outstrip personnel to the task Because testing requires high creativity responsibility and if the best personnel must be assigned to design, implement, analyze test cases, test data test results.Testing should not be be after under the implicit premise that no errors lead be found.Testing is the process of executing Softwa re with the intention of finding errors.Keep Software static during test The program must not be change during the murder of the coiffure of intentional test cases.Document test cases test results.Provide expected test results if possible A necessary part of test documentation is the specification of expected results, even though it is impractical.1.6 Software Testability Its CharacteristicsTestability is the ability of Software (or program) with which it can easily be tested PRE01 SUM02. The followers are some pigment characteristics of testabilityThe better it works, the more efficient is testing process.What you see is what you test (WYSIWYT).The better it is findled, the more we can automate or optimize the testing process.By entertainling the scope of testing we can isolate problems perform smarter retesting.The less(prenominal) there is to test, the more quickly we can test it.The less the changes, the fewer the disruptions to testing.The more information we admit , the smarter we will test.1.7 Stages in Software Testing shapeExcept for small programs, systems should not be tested as a single unit. Large systems are make out of sub-systems, which are build out of modules that are composed of procedures functions. The testing process should thenly run low in stages where testing is carried out incrementally in conjunction with system implementation.The most wide used testing process consists of five stages that are illustrated in Table 1.1.Errors in program cistrons, say may come to get down at a later stage of the testing process. The process is hence an iterative one with information being fed back from later stages to earlier parts of the process. The iterative testing process is illustrated in Figure 1.2 and described belowUnit Testing Unit testing is code-oriented testing. individualist components are tested to ensure that they put away correctly. Each component is tested independently, without other system components.Module Te sting A module is a allurement of dependent components such as an object class, an abstract data type or some looser collection of procedures functions. A module encapsulates link components so it can be tested without other system modules.Sub-system (Integration) Testing This phase involves testing collections of modules, which have been unified into sub-systems. It is a design-oriented testing is besides known as integration testing.Sub-systems may be independently intentional implemented. The most common problems, which arise in large Software systems, are sub-systems interface mismatches. The sub-system test process should therefore concentrate on the staining of interface errors by rigorously drill these interfaces. remains Testing The sub-systems are integrated to make up the holy system. The testing process is implicated with finding errors that result from unanticipated interactions between sub-systems system components. It is also implicated with validating th at the system meets its functional non-functional requirements.Acceptance Testing This is the final stage in the testing process forward the system is accepted for operating(a) use. The system is tested with data supplied by the system client instead than simulated test data. Acceptance testing may reveal errors omissions in the systems requirements definition (user-oriented) because real data exercises the system in different slipway from the test data.Acceptance testing may also reveal requirement problems where the system facilities do not real meet the users needs (functional) or the system performance (non-functional) is unacceptable.1.8 The V-model of TestingTo test an entire software system, tests on different levels are performed. The V model FEW99, shown in figure 1.3, illustrates the power structure of tests usually performed in software development projects. The left part of the V represents the documentation of an coat, which are the Requirement specification, the practicable specification, System design, the Unit design.Code is written to conform to the requirements in these specifications, as illustrated in the bottom of the V. The by rights part of the V represents the test activities that are performed during development to ensure that an industriousness corresponding to its requirements.Unit tests are used to test that all functions and methods in a module are working as intended. When the modules have been tested, they are combined and integration tests are used to test that they work together as a group. The unit- and integration test complement the system test. System testing is done on a complete system to authorise that it corresponds to the system specification. A system test includes checking if all functional and all non-functional requirements have been met.Unit, integration and system tests are developer focused, while acceptance tests are customer focused. Acceptance testing checks that the system contains the functional ity requested by the customer, in the Requirement specification. Customers are usually liable for the acceptance tests since they are the only persons qualified to make the judgment of approval. The endeavor of the acceptance tests is that after they are preformed, the customer knows which parts of the Requirement specification the system satisfies.1.9 The Testing TechniquesTo perform these types of testing, there are three widely used testing techniques. The higher up said testing types are performed ground on the hobby testing techniques sour-Box testing technique erosive calamity testing (Figure 1.4) is concerned only with testing the specification. It cannot guarantee that the complete specification has been implemented. Thus black loge testing is testing against the specification and will discover faultsofomission, indicating that part of the specification has not been fulfilled. It is used for testing based solely on analysis of requirements (specification, user documen tation).In Black incase testing, test cases are intentional using only the functional specification of the software i.e without any fellowship of the inborn bodily construction of the software. For this reason, black- incase testing is also known as functional testing. Black misfortune tests are performed to rate how well a program meets its requirements, looking for missing or nonsensical functionality. Functional testing veritable(prenominal)ly exercise code with valid or nearly valid stimulus for which the expected output is known. This includes concepts such as landmark nourish.Performance tests respect solution time, memory usage, throughput, device utilization, and execution time. Stress tests push the system to or beyond its specified limits to evaluate its robustness and error handling capabilities. Reliability tests monitor system response to represent user stimulation, reckoning failures over time to peak or certify reliability.Black box Testing refers to analyzing a running program by probing it with variant infixs. This kind of testing requires only a running program and does not make use of source code testing of any kind. In the security paradigm, malicious input can be supplied to the program in an effort to cause it to break. If the program breaks during a particular test, then a security problem may have been discovered.Black box testing is possible even without portal to binary program code. That is, a program can be tested remotely over a ne dickensrk. All that is call for is a program running somewhere that is accepting input. If the tester can supply input that the program consumes (and can observe the effect of the test), then black box testing is possible. This is one reason that real attackers often resort to black box techniques. Black box testing is not an alternative to light box techniques. It is a complementary entree that is in all likelihood to uncover a different type of errors that the white box approa ches.Black box testing tries to find errors in the following categoriesIncorrect or missing functionsInterface errorsErrors in data structures or external database accessPerformance errors, andInitialization and termination errors.By applying black box approaches we produce a order of test cases that fulfill requirementsTest cases that reduce the number of test cases to achieve reasonable testingTest cases that tell us something about the presence or absence of classes of errors.The methodologies used for black box testing have been discussed below1.9.1.1 kindred PartitioningEquivalence breakdown is a black box testing approach that splits the input domain of a program into classes of data from which test cases can be produced. An beau ideal test case uncovers a class of errors that may otherwise before the error is detected. Equivalence partitioning tries to describe a test case that identifies classes of errors.Test case design for combining weight partitioning is founded on an military rating of equation classes for an input condition BEI95. An comparing class depicts a set of valid or invalid states for the input condition. Equivalence classes can be defined based on the following PRE01If an input condition specifies a range, one valid and two invalid par classes are defined.If an input condition needs a specific value, one valid and two invalid equivalence classes are defined.If an input condition specifies a share of a set, one valid and one invalid equivalence class is defined.If an input condition is Boolean, one valid and invalid class is outlined.1.9.1.2 demarcation Value AnalysisA great many errors happen at the trammelaries of the input domain and for this reason boundary value analysis was developed. bound value analysis is test case design approach that complements equivalence partitioning. BVA produces test cases from the output domain also MYE79.Guidelines for BVA are close to those for equivalence partitioning PRE01If an input cond ition specifies a range bounded by values a and b, test cases should be produced with values a and b, alone in a higher place and just below a and b, respectively.If an input condition specifies heterogeneous values, test cases should be produced to exercise the borderline and level best numbers.Apply guidelines above to output conditions.If essential program data structures have prescribed boundaries, produce test cases to exercise that data structure at its boundary.White-Box testing techniqueWhite box testing (Figure 1.5) is testing against the implementation as it is based on analysis of internal logic (design, code etc.) and will discover faultsofcommission, indicating that part of the implementation is faulty. Designing white-box test cases requires thorough knowledge of the internal structure of software, and therefore the white-box testing is also called the structural testing. White box testing is performed to reveal problems with the internal structure of a program.A common goal of white-box testing is to ensure a test case exercises every passageway through a program. A fundamental strength that all white box testing strategies administer is that the entire software implementation is taken into card during testing, which facilitates error espial even when the software specification is vague or incomplete. The effectiveness or thoroughness of white-box testing is commonly denotative in impairment of test or code insurance reporting metrics, which measure the fraction of code exercised by test cases.White box Testing involves analyzing and understanding source code. Sometimes only binary code is available, but if you decompile a binary to get source code and then study the code, this can be considered a kind of white box testing as well. White box testing is typically very effective in finding programming errors and implementation errors in software. In some cases this activity amounts to pattern matching and can even be automatize with a static analyzer.White box testing is a test case design approach that employs the control architecture of the procedural design to produce test cases. Using white box testing approaches, the software engineering can produce test cases thatGuarantee that all independent paths in a module have been exercised at to the lowest degree(prenominal) onceExercise all logical decisions fly the coop all closed circuits at their boundaries and in their operational boundsExercise internal data structures to maintain their validity.There are several methodologies used for white box testing. We discuss some important ones below.1.9.2.1 Statement reportingThe education insurance reportage methodology aims to design test cases so as to deposit the executions of every line in a program at to the lowest degree once. The principal idea authorities the dictation coverage methodology is that unless a literary argument is executed, we have way of determining if an error existed in that asse veration. In other words, the tale coverage banner RAP85 is based on the poster that an error existing in one part of a program cannot be discovered if the part of the program containing the error and generating the failure is not executed. However, executed a line once and that too for just one input value and law-abiding that it deports properly for that input value is no guarantee that it will behave correctly for all inputs.1.9.2.2 Branch CoverageIn disunite coverage testing, test cases are designed such that the different branch conditions are given true and false values in turn. It is obvious that branch testing guarantees statement coverage and thus is a stronger testing criterion than the statement coverage testing RAP85.1.9.2.3 pathway CoverageThe path coverage based testing system requires scheming test cases such that all linearly independents paths in the program are executed at least once. A linearly independent path is defined in terms of the control unravel graph (CFG) of the program.1.9.2.4 kink testing iterations are very important constructs for generally all the algorithms. Loop testing is a white box testing technique. It focuses exclusively on the validity of curve constructs. wide-eyed enlace, concatenated wave, nested loop, and unstructured loop are quadruple different types of loops BEI90 as shown in figure 1.6.Simple Loop The following set of tests should be utilise to simple loop where n is the maximum number of allowable passes thru the loopSkip the loop entirely.Only one pass thru the loop.Two passes thru the loop.M passes thru the loop where m N-1, n, n+1 passes thru the loop.Nested Loop Beizer BEI90 approach to the nested loopStart at the innermost loop. raiment all other loops to negligible value.Conduct the simple loop test for the innermost loop while holding the outer loops at their stripped-down iteration parameter value. naturalize outward, conducting tests for next loop, but keeping all other outer loop s at minimum values and other nested loops to typical values.Continue until all loops have been tested.Concatenated loops These can be tested using the approach of simple loops if each loop is independent of other. However, if the loop counter of loop 1 is used as the initial value for loop 2 then approach of nested loop is to be used.Unstructured loop This class of loops should be redesigned to fall the use of the structured programming constructs.1.9.2.5 McCabes Cyclomatic complexnessThe McCabes Cyclomatic complexity MCC76 of a program defines the number of independent paths in a program. Given a control flow Graph G of a program, the McCabes Cyclomatic Complexity V(G) can be computed asV(G)=E-N+2Where E is the number of edges in the control flow graph and N is the number of nodes of the control flow graph.The cyclomatic complexity value of a program defines the number of independent paths in the basis set of the program and provides a lower bound for the number of test cases th at must be conducted to ensure that all statements have been executed at least once. Knowing the number of test cases required does not make it subdued to derive the test cases, it only gives an indication of the minimum number of test cases required.The following is the sequences of steps that need to be undertaken for deriving the path coverage based test case of a program.Draw the CFG.Calculate Cyclomatic Complexity V(G).Calculate the basis set of linearly independent paths.Prepare a test case that will storm execution of each path in the basis set.1.9.2.6 selective information ply based TestingThe data flow testing method chooses test paths of a program based on the locations of definitions and uses of variables in the program. Various data flow testing approaches have been examined FRA88 NTA88 FRA93. For data flow testing each statement in program is allocated a unique statement number and that each function does not alter its parameters or global variables. For a statement with S as its statement number,DEF(S) = X statement S contains a definition of X usance(S) = X statement S contains a use of XIf statement S is if or loop statement, its DEF set is left empty and its USE set is founded on the condition of statement S. The definition of a variable X at statement S is live at statement S, if there exists a path from statement S to S which does not contain any condition of X.A definition-use chain (or DU chain) of variable X is of the type X,S,S where S and S are statement numbers, X is in DEF(S), USE(S), and the definition of X in statement S is live at statement S.One basic data flow testing strategy is that each DU chain be covered at least once. Data flow testing strategies are right-hand for choosing test paths of a program including nested if and loop statements1.9.3 hoary-Box testing techniqueGrey box testing BIN99 designs test cases using both responsibility-based (black box) and implementation-based (white box) approaches. To completely test a web application one needs to combine the two approaches, White-box and Black-box testing. It is used for testing of entanglement based applications. The Gray-box testing approach takes into account all components maFactors Affecting Web Applications MaintenanceFactors Affecting Web Applications MaintenanceChapter 11.1 IntroductionSoftware engineering PRE01 is the process associated with industrial quality software development, the methods used to analyze, design test computer Software, the management techniques associated with the control monitoring of Software projects the tools used to support process, methods, techniques. In Software Development Life Cycle, the focus is on the activities like feasibility study, requirement analysis, design, coding, testing, maintenance.Feasibility study involves the issues like technical/economical/ behavioral feasibility of project. Requirement analysis DAV93 emphasizes on identifying the needs of the system producing the Software Requ irements Specification document (SRS), JAL04 that describes all data, functional behavioral requirements, constraints, validation requirements for Software.Software Design is to plan a solution of the problem specified by the SRS document, a step in moving from the problem domain to the solution domain. The output of this phase is the design document. Coding is to translate the design of the system into code in a programming language. Testing is the process to detect defects minimize the risk associated with the residual defects. The activities carried out after the delivery of the software comprises the maintenance phase.1.2 Evolution of Software Testing DisciplineThe effective functioning of modern systems depends on our ability to produce software in a cost-effective way. The term software engineering was first used at a 1968 NATO workshop in West Germany. It focused on the growing software crisis. Thus we see that the software crisis on quality, reliability, high costs etc. s tarted way back when most of todays software testers were not even born.The attitude towards Software Testing BEI90 underwent a major positive change in the recent years. In the 1950s when Machine languages were used, testing was nothing but debugging. When in the 1960s, compilers were developed, testing started to be considered a separate activity from debugging.In the 1970s when the software engineering concepts were introduced, software testing began to evolve as a technical discipline. Over the last two decades there has been an increased focus on better, faster and cost-effective software. Also there has been a growing interest in software safety, protection and security and hence an increased acceptance of testing as a technical discipline and also a career choice.Now to answer, What is Testing? we can go by the famous definition of Myers MYE79, which says, Testing is the process of executing a program with the intent of finding errors. According to Humphrey, software testing is defined as, the execution of a program to find its faults. Testing is the process to prove that the software works correctly PRA06.Software testing is a crucial aspect of the software life cycle. In some form or the other it is present at each phase of (any) software development or maintenance model. The importance of software testing and its impact on software cannot be underestimated. Software testing is a fundamental component of software quality assurance and represents a review of specification, design and coding. The greater visibility of software systems and the cost associated with software failure are motivating factors for planning, through testing. It is not uncommon for a software organization to spend 40-50% of its effort on testing.During testing, the software engineering produces a series of test cases that are used to rip apart the software they have produced. Testing is the one step in the software process that can be seen by the developer as destructive instead of constructive. Software engineers are typically constructive people and testing requires them to overcome preconceived concepts of correctness and deal with conflicts when errors are identified.A successful test is one that finds a defect. This sounds simple enough, but there is much to consider when we want to do software testing. Besides finding faults, we may also be interested in testing performance, safety, fault-tolerance or security. Testing often becomes a question of economics. For projects of a large size, more testing will usually reveal more bugs. The question then becomes when to stop testing, and what is an acceptable level of bugs. This is the question of good enough software.Testing is the process of verifying that a product meets all requirements. A test is never complete. When testing software the goal should never be a product completely free from defects, because its impossible. According to Peter Nielsen, The average is 16 faults per 1000 lines of code when th e programmer has tested his code and it is believed to be correct. When looking at a larger project, there are millions of lines of code, which makes it impossible to find all present faults. Far too often products are released on the market with poor quality. Errors are often uncover by users, and in that stage the cost of removing errors is large in amount.1.3 Objectives of TestingGlen Myers MYE79 states a number of rules that can serve well as testing objectivesTesting is a process of executing a program with the intent of finding an error.A good test is one that has a high probability of finding an as yet undiscovered error.A successful test is one that uncovers an as yet undiscovered error.The objective is to design tests that systematically uncover different classes of errors do so with a minimum amount of time effort.Secondary benefits includeDemonstrate that Software functions appear to be working according to specification.That performance requirements appear to have bee n met.Data collected during testing provides a good indication of Software reliability some indication of Software quality.Testing cannot show the absence of defects, it can only show that Software defects are present.1.4 Software Testing Its Relation with Software Life CycleSoftware testing should be thought of as an integral part of the Software process an activity that must be carried out throughout the life cycle.Each phase in the Software lifecycle has a clearly different end product such as the Software requirements specification (SRS) documentation, program unit design program unit code. Each end product can be checked for conformance with a previous phase against the original requirements. Thus, errors can be detected at each phase of development.Validation Verification should occur throughout the Software lifecycle.Verification is the process of evaluating each phase end product to ensure consistency with the end product of the previous phase.Validation is the process of testing Software, or a specification, to ensure that it matches user requirements.Software testing is that part of validation verification associated with evaluating analysing program code. It is one of the two most expensive stages within the Software lifecycle, the other being maintenance. Software testing of a product begins after the development of the program units continues until the product is obsolete.Testing fixing can be done at any stage in the life cycle. However, the cost of finding fixing errors increases dramatically as development progresses.Changing a Requirements document during the first review is inexpensive. It costs more when requirements change after the code has been written the code must be rewritten. Bug fixes are much cheaper when programmers find their own errors. Fixing an error before releasing a program is much cheaper than sending new disks, or even a technician to each customers site to fix it later. It is illustrated in Figure 1.1.The types of testing required during several phases of Software lifecycle are described belowRequirementsRequirements must be reviewed with the client rapid prototyping can refine requirements accommodate changing requirements.SpecificationThe specifications document must be checked for feasibility, traceability, completeness, absence of contradictions ambiguities.Specification reviews (walkthroughs or inspections) are especially effective.DesignDesign reviews are similar to specification reviews, but more technical.The design must be checked for logic faults, interface faults, lack of exception handling, non-conformance to specifications.ImplementationCode modules are informally tested by the programmer while they are being implemented (desk checking).Thereafter, formal testing of modules is done methodically by a testing team. This formal testing can include non-execution-based methods (code inspections walkthroughs) execution-based methods (black-box testing, white-box testing).Inte grationIntegration testing is performed to ensure that the modules combine together correctly to achieve a product that meets its specifications. Particular care must be given to the interfaces between modules.The appropriate order of combination must be determined as top-down, bottom-up, or a combination thereof.Product TestingThe functionality of the product as a whole is checked against its specifications. Test cases are derived directly from the specifications document. The product is also tested for robustness (error-handling capabilities stress tests).All source code documentation are checked for completeness consistency.Acceptance TestingThe Software is delivered to the client, who tests the Software on the actual h/w, using actual data instead of test data. A product cannot be considered to satisfy its specifications until it has passed an acceptance test.Commercial off-the-shelf (or shrink-wrapped) Software usually undergoes alpha beta testing as a form of acceptance te st.MaintenanceModified versions of the original product must be tested to ensure that changes have been correctly implemented.Also, the product must be tested against previous test cases to ensure that no inadvertent changes have been introduced. This latter consideration is termed regression testing.Software Process ManagementThe Software process management plan must undergo scrutiny. It is especially important that cost duration estimates be checked thoroughly.If left unchecked, errors can propagate through the development lifecycle amplify in number cost. The cost of detecting fixing an error is well documented is known to be more costly as the system develops. An error found during the operation phase is the most costly to fix.1.5 Principles of Software TestingSoftware testing is an extremely creative intellectually challenging task. The following are some important principles DAV95 that should be kept in mind while carrying Software testing PRE01 SUM02Testing should be ba sed on user requirements This is in order to uncover any defects that might cause the program or system to fail to meet the clients requirements.Testing time resources are limited Avoid redundant tests.It is impossible to test everything Exhaustive tests of all possible scenarios are impossible, because of the many different variables affecting the system the number of paths a program flow might take.Use effective resources to test This represents use of the most suitable tools, procedures individuals to conduct the tests. Only those tools should be used by the test team that they are confident familiar with. Testing procedures should be clearly defined. Testing personnel may be a technical group of people independent of the developers.Test planning should be done early This is because test planning can begin independently of coding as soon as the client requirements are set.Test for invalid unexpected input conditions as well as valid conditions The program should generate co rrect messages when an invalid test is encountered should generate correct results when the test is valid.The probability of the existence of more errors in a module or group of modules is directly proportional to the number of errors already found.Testing should begin at the module The focus of testing should be concentrated on the smallest programming units first then expand to other parts of the system.Testing must be done by an independent party Testing should not be performed by the person or team that developed the Software since they tend to defend the correctness of the program.Assign best personnel to the task Because testing requires high creativity responsibility only the best personnel must be assigned to design, implement, analyze test cases, test data test results.Testing should not be planned under the implicit assumption that no errors will be found.Testing is the process of executing Software with the intention of finding errors.Keep Software static during test The program must not be modified during the implementation of the set of designed test cases.Document test cases test results.Provide expected test results if possible A necessary part of test documentation is the specification of expected results, even though it is impractical.1.6 Software Testability Its CharacteristicsTestability is the ability of Software (or program) with which it can easily be tested PRE01 SUM02. The following are some key characteristics of testabilityThe better it works, the more efficient is testing process.What you see is what you test (WYSIWYT).The better it is controlled, the more we can automate or optimize the testing process.By controlling the scope of testing we can isolate problems perform smarter retesting.The less there is to test, the more quickly we can test it.The fewer the changes, the fewer the disruptions to testing.The more information we have, the smarter we will test.1.7 Stages in Software Testing ProcessExcept for small programs, sys tems should not be tested as a single unit. Large systems are built out of sub-systems, which are built out of modules that are composed of procedures functions. The testing process should therefore proceed in stages where testing is carried out incrementally in conjunction with system implementation.The most widely used testing process consists of five stages that are illustrated in Table 1.1.Errors in program components, say may come to light at a later stage of the testing process. The process is therefore an iterative one with information being fed back from later stages to earlier parts of the process. The iterative testing process is illustrated in Figure 1.2 and described belowUnit Testing Unit testing is code-oriented testing. Individual components are tested to ensure that they operate correctly. Each component is tested independently, without other system components.Module Testing A module is a collection of dependent components such as an object class, an abstract data t ype or some looser collection of procedures functions. A module encapsulates related components so it can be tested without other system modules.Sub-system (Integration) Testing This phase involves testing collections of modules, which have been integrated into sub-systems. It is a design-oriented testing is also known as integration testing.Sub-systems may be independently designed implemented. The most common problems, which arise in large Software systems, are sub-systems interface mismatches. The sub-system test process should therefore concentrate on the detection of interface errors by rigorously exercising these interfaces.System Testing The sub-systems are integrated to make up the entire system. The testing process is concerned with finding errors that result from unanticipated interactions between sub-systems system components. It is also concerned with validating that the system meets its functional non-functional requirements.Acceptance Testing This is the final sta ge in the testing process before the system is accepted for operational use. The system is tested with data supplied by the system client rather than simulated test data. Acceptance testing may reveal errors omissions in the systems requirements definition (user-oriented) because real data exercises the system in different ways from the test data.Acceptance testing may also reveal requirement problems where the system facilities do not really meet the users needs (functional) or the system performance (non-functional) is unacceptable.1.8 The V-model of TestingTo test an entire software system, tests on different levels are performed. The V model FEW99, shown in figure 1.3, illustrates the hierarchy of tests usually performed in software development projects. The left part of the V represents the documentation of an application, which are the Requirement specification, the Functional specification, System design, the Unit design.Code is written to fulfill the requirements in these s pecifications, as illustrated in the bottom of the V. The right part of the V represents the test activities that are performed during development to ensure that an application corresponding to its requirements.Unit tests are used to test that all functions and methods in a module are working as intended. When the modules have been tested, they are combined and integration tests are used to test that they work together as a group. The unit- and integration test complement the system test. System testing is done on a complete system to validate that it corresponds to the system specification. A system test includes checking if all functional and all non-functional requirements have been met.Unit, integration and system tests are developer focused, while acceptance tests are customer focused. Acceptance testing checks that the system contains the functionality requested by the customer, in the Requirement specification. Customers are usually responsible for the acceptance tests since they are the only persons qualified to make the judgment of approval. The purpose of the acceptance tests is that after they are preformed, the customer knows which parts of the Requirement specification the system satisfies.1.9 The Testing TechniquesTo perform these types of testing, there are three widely used testing techniques. The above said testing types are performed based on the following testing techniquesBlack-Box testing techniqueBlack box testing (Figure 1.4) is concerned only with testing the specification. It cannot guarantee that the complete specification has been implemented. Thus black box testing is testing against the specification and will discover faultsofomission, indicating that part of the specification has not been fulfilled. It is used for testing based solely on analysis of requirements (specification, user documentation).In Black box testing, test cases are designed using only the functional specification of the software i.e without any knowledge of the internal structure of the software. For this reason, black-box testing is also known as functional testing. Black box tests are performed to assess how well a program meets its requirements, looking for missing or incorrect functionality. Functional testing typically exercise code with valid or nearly valid input for which the expected output is known. This includes concepts such as boundary values.Performance tests evaluate response time, memory usage, throughput, device utilization, and execution time. Stress tests push the system to or beyond its specified limits to evaluate its robustness and error handling capabilities. Reliability tests monitor system response to represent user input, counting failures over time to measure or certify reliability.Black box Testing refers to analyzing a running program by probing it with various inputs. This kind of testing requires only a running program and does not make use of source code testing of any kind. In the security paradigm, malicio us input can be supplied to the program in an effort to cause it to break. If the program breaks during a particular test, then a security problem may have been discovered.Black box testing is possible even without access to binary code. That is, a program can be tested remotely over a network. All that is required is a program running somewhere that is accepting input. If the tester can supply input that the program consumes (and can observe the effect of the test), then black box testing is possible. This is one reason that real attackers often resort to black box techniques. Black box testing is not an alternative to white box techniques. It is a complementary approach that is likely to uncover a different type of errors that the white box approaches.Black box testing tries to find errors in the following categoriesIncorrect or missing functionsInterface errorsErrors in data structures or external database accessPerformance errors, andInitialization and termination errors.By appl ying black box approaches we produce a set of test cases that fulfill requirementsTest cases that reduce the number of test cases to achieve reasonable testingTest cases that tell us something about the presence or absence of classes of errors.The methodologies used for black box testing have been discussed below1.9.1.1 Equivalent PartitioningEquivalence partitioning is a black box testing approach that splits the input domain of a program into classes of data from which test cases can be produced. An ideal test case uncovers a class of errors that may otherwise before the error is detected. Equivalence partitioning tries to outline a test case that identifies classes of errors.Test case design for equivalent partitioning is founded on an evaluation of equivalence classes for an input condition BEI95. An equivalence class depicts a set of valid or invalid states for the input condition. Equivalence classes can be defined based on the following PRE01If an input condition specifies a range, one valid and two invalid equivalence classes are defined.If an input condition needs a specific value, one valid and two invalid equivalence classes are defined.If an input condition specifies a member of a set, one valid and one invalid equivalence class is defined.If an input condition is Boolean, one valid and invalid class is outlined.1.9.1.2 Boundary Value AnalysisA great many errors happen at the boundaries of the input domain and for this reason boundary value analysis was developed. Boundary value analysis is test case design approach that complements equivalence partitioning. BVA produces test cases from the output domain also MYE79.Guidelines for BVA are close to those for equivalence partitioning PRE01If an input condition specifies a range bounded by values a and b, test cases should be produced with values a and b, just above and just below a and b, respectively.If an input condition specifies various values, test cases should be produced to exercise the minimum and maximum numbers.Apply guidelines above to output conditions.If internal program data structures have prescribed boundaries, produce test cases to exercise that data structure at its boundary.White-Box testing techniqueWhite box testing (Figure 1.5) is testing against the implementation as it is based on analysis of internal logic (design, code etc.) and will discover faultsofcommission, indicating that part of the implementation is faulty. Designing white-box test cases requires thorough knowledge of the internal structure of software, and therefore the white-box testing is also called the structural testing. White box testing is performed to reveal problems with the internal structure of a program.A common goal of white-box testing is to ensure a test case exercises every path through a program. A fundamental strength that all white box testing strategies share is that the entire software implementation is taken into account during testing, which facilitates error detection ev en when the software specification is vague or incomplete. The effectiveness or thoroughness of white-box testing is commonly expressed in terms of test or code coverage metrics, which measure the fraction of code exercised by test cases.White box Testing involves analyzing and understanding source code. Sometimes only binary code is available, but if you decompile a binary to get source code and then study the code, this can be considered a kind of white box testing as well. White box testing is typically very effective in finding programming errors and implementation errors in software. In some cases this activity amounts to pattern matching and can even be automated with a static analyzer.White box testing is a test case design approach that employs the control architecture of the procedural design to produce test cases. Using white box testing approaches, the software engineering can produce test cases thatGuarantee that all independent paths in a module have been exercised at l east onceExercise all logical decisionsExecute all loops at their boundaries and in their operational boundsExercise internal data structures to maintain their validity.There are several methodologies used for white box testing. We discuss some important ones below.1.9.2.1 Statement CoverageThe statement coverage methodology aims to design test cases so as to force the executions of every statement in a program at least once. The principal idea governing the statement coverage methodology is that unless a statement is executed, we have way of determining if an error existed in that statement. In other words, the statement coverage criterion RAP85 is based on the observation that an error existing in one part of a program cannot be discovered if the part of the program containing the error and generating the failure is not executed. However, executed a statement once and that too for just one input value and observing that it behaves properly for that input value is no guarantee that it will behave correctly for all inputs.1.9.2.2 Branch CoverageIn branch coverage testing, test cases are designed such that the different branch conditions are given true and false values in turn. It is obvious that branch testing guarantees statement coverage and thus is a stronger testing criterion than the statement coverage testing RAP85.1.9.2.3 Path CoverageThe path coverage based testing strategy requires designing test cases such that all linearly independents paths in the program are executed at least once. A linearly independent path is defined in terms of the control flow graph (CFG) of the program.1.9.2.4 Loop testingLoops are very important constructs for generally all the algorithms. Loop testing is a white box testing technique. It focuses exclusively on the validity of loop constructs. Simple loop, concatenated loop, nested loop, and unstructured loop are four different types of loops BEI90 as shown in figure 1.6.Simple Loop The following set of tests should be appl ied to simple loop where n is the maximum number of allowable passes thru the loopSkip the loop entirely.Only one pass thru the loop.Two passes thru the loop.M passes thru the loop where m N-1, n, n+1 passes thru the loop.Nested Loop Beizer BEI90 approach to the nested loopStart at the innermost loop. Set all other loops to minimum value.Conduct the simple loop test for the innermost loop while holding the outer loops at their minimum iteration parameter value.Work outward, conducting tests for next loop, but keeping all other outer loops at minimum values and other nested loops to typical values.Continue until all loops have been tested.Concatenated loops These can be tested using the approach of simple loops if each loop is independent of other. However, if the loop counter of loop 1 is used as the initial value for loop 2 then approach of nested loop is to be used.Unstructured loop This class of loops should be redesigned to reflect the use of the structured programming construct s.1.9.2.5 McCabes Cyclomatic ComplexityThe McCabes Cyclomatic Complexity MCC76 of a program defines the number of independent paths in a program. Given a control flow Graph G of a program, the McCabes Cyclomatic Complexity V(G) can be computed asV(G)=E-N+2Where E is the number of edges in the control flow graph and N is the number of nodes of the control flow graph.The cyclomatic complexity value of a program defines the number of independent paths in the basis set of the program and provides a lower bound for the number of test cases that must be conducted to ensure that all statements have been executed at least once. Knowing the number of test cases required does not make it easy to derive the test cases, it only gives an indication of the minimum number of test cases required.The following is the sequences of steps that need to be undertaken for deriving the path coverage based test case of a program.Draw the CFG.Calculate Cyclomatic Complexity V(G).Calculate the basis set of li nearly independent paths.Prepare a test case that will force execution of each path in the basis set.1.9.2.6 Data Flow based TestingThe data flow testing method chooses test paths of a program based on the locations of definitions and uses of variables in the program. Various data flow testing approaches have been examined FRA88 NTA88 FRA93. For data flow testing each statement in program is allocated a unique statement number and that each function does not alter its parameters or global variables. For a statement with S as its statement number,DEF(S) = X statement S contains a definition of XUSE(S) = X statement S contains a use of XIf statement S is if or loop statement, its DEF set is left empty and its USE set is founded on the condition of statement S. The definition of a variable X at statement S is live at statement S, if there exists a path from statement S to S which does not contain any condition of X.A definition-use chain (or DU chain) of variable X is of the type X,S,S where S and S are statement numbers, X is in DEF(S), USE(S), and the definition of X in statement S is live at statement S.One basic data flow testing strategy is that each DU chain be covered at least once. Data flow testing strategies are helpful for choosing test paths of a program including nested if and loop statements1.9.3 Grey-Box testing techniqueGrey box testing BIN99 designs test cases using both responsibility-based (black box) and implementation-based (white box) approaches. To completely test a web application one needs to combine the two approaches, White-box and Black-box testing. It is used for testing of Web based applications. The Gray-box testing approach takes into account all components ma