Archive for the ‘test coverage’ Category
Friday, September 30th, 2011 by Rex Black
This week, I’m pleased to feature a bonus bug of the week, courtesy of long-time reader John Singleton. He wrote to tell us:
Rex,
I was posting some comments in response to your blog post, entitled “Bad Agile Implementation Causes Software Test Challenges”. For whatever reason, the Submit button was entirely non-responsive in Firefox. Thankfully, switching over to IE resolved it.
Not griping, just thought you’d want to know. Good, thoughtful response you gave.
Cheers,
John
I responded:
Hi John–
That’s weird. It’s usually the other way around with WordPress (the software we use for our blog): Firefox works when IE doesn’t. I guess we have a bonus bug of the week. 
Glad you liked the post. I’m looking forward to your comments.
Regards,
Rex
So, while this isn’t a very serious bug, it is part of a very serious pattern: Failure of major players in the web world to test browser compatibility. See my previous posts http://bit.ly/mdBIRY and http://bit.ly/mPkD9z. Is this a lack of understanding of basic test design techniques such as equivalence partitioning and (for particularly risky situations) pairwise testing? Or just a lack of caring?
I have to say that this pattern is not universal. Working with a major e-commerce client this week, I was pleased to see that they include testing of most of the major browsers, covering the equivalence partitions.
What do you think about this pattern? Are you in the web world, and, if so, do you test browser compatibility? If not, why?
Tags: browser incompatibility, equivalence partitioning, pairwise testing, web testing
Posted in best practices, compatibility testing, software quality, software testing, test coverage | No Comments »
Saturday, July 16th, 2011 by Rex Black
I recently had an experience with a couple important lessons for software quality and software testing. I ordered a pair of identical products from an e-commerce retailer. I’ll not distract the discussion by mentioning the specific products, or the problems with them, as it would entail a long, technical digression that detracts rather than enforces my point.
Anyway, the order fulfillment process went reasonably well. The retailer did an acceptable job of keeping me posted on the status of the order, which apparently involved working directly with the vendor making the products.
The two products finally arrived, and I immediately tested them out. I was not impressed with the quality of the products. Both exhibited an annoying failure each time they were used, and about 2% of the time they exhibited a failure that made the items not fit for purpose under certain circumstances. However, the products hadn’t cost much and I could imagine using them in non-critical situations, so I decided not to bother with returning them.
A week later, an e-mail popped into my inbox, from the retailer, asking me to review the product. Okay, it’s worth five minutes warning other potential customers about these problems. I write a review, click to submit it, and immediately see an error message. I go back, copy the review, and try it with another browser. Exact same problem.
So, now I’m a bit irritated. I send an e-mail to the retailer, advising them of the problem with their site and with the product. I get back a terse response from them, via their online support web page, saying, “It sounds to me like you got a defective [product]. What I would suggest is contacting the manufacturer of the item and most likely they will replace it for you.”
I then asked the retailer whether they were able to post my review on my behalf, as their system didn’t work. Here’s another terse response: “I don’t have a way to do that on my end, you can attempt that again.” I did try again–and this is now three days after the initial failure of their site–and it still doesn’t work.
Okay, I concluded, enough nonsense. I’ve now flipped the bozo bit on the retailer. A textbook case of how not to handle customer complaints about your website and the products you sell.
Okay, let’s compare this to best-of-breed processes for handling customer quality complaints. When I recently had a problem with a Blue Snowball microphone, the vendor worked with me to repair the microphone. When their repairs failed, Blue then sent me a new one for free, and apologized for my inconvenience.
As another example–not to blow our own horn too loudly–we (RBCS) have a policy that, whenever a customer has a problem using our website, we give them a discount code, even when the problem is not our fault (e.g., the recent failures due to a stealth software update by Pair, our site host). In fact, when people attending our free webinars have had problems with attending the webinar, we have given them discount codes.
So, what lessons can we learn as IT people, software professionals, and software testers specifically?
1. If you provide a means for customers to provide online feedback on your product or service, make sure it works! Testing should cover that feedback mechanism, and compatibility testing should be included in that, due to browser diversity.
2. If a customer reports a problem via an online feedback mechanism, make sure that the workflow includes tracking that problem to resolution, and test that workflow. Just telling the customer, “Tough crackers, take it up with the vendor,” is actually worse than not having an online feedback mechanism at all.
All in all, for me this experience has gone from the “that’s too bad, but not big deal” category to “I’ll never do business with that retailer again.” I’m sure that’s not the customer experience the retailer had in mind when they were designing their website, and, had they bothered to test it sufficiently, it probably wouldn’t have been the experience I had.
Tags: ecommerce testing, software testing
Posted in best practices, software testing, test coverage | No Comments »
Monday, July 4th, 2011 by Rex Black
As long-time listeners–or even brand new listeners, for that matter–of the RBCS webinars know, we use Citrix’s GoToWebinar service for our free monthly webinars. Now, I’ve been fairly satisfied with GoToWebinar. I’ve used one or two of the competing services, and been less happy with those. Of course, webinar listeners (and readers of this blog) might remember I chided Citrix back in May for the ungraceful way the system handles audio drop-outs by the presenter.
So, during the June webinar, webinar attendee Keith Stobie reported an inability to see the presentation using Internet Explorer 9. He said that Chrome (not sure which version) worked just fine. I reported the problem to Citrix on Wednesday of last week. Five days later, I receive the following reply, quoted in its entirety (minus the links provided at the end):
Thank you for contacting Citrix Online Global Customer Support,
Dear Rex Black,
IE 9 has not been tested with any of our products as of yet. we will try to help fix any issues the best we can, but cannot guarantee anything. Hopefully we should get this done as soon as possible.
If you have any additional questions or need further clarification regarding this matter, please feel free to reply directly to this email. For any other product inquiries or technical assistance, please visit us at our Support Centers listed at the bottom of this email. Our Support Centers include Self Help files and our Global Customer Support Contact Information.
Thank you,
Richard Carrel | Global Customer Support
So, I appreciate the reply, though I have to say that five days isn’t quick turnaround for a customer complaint about a browser-based service that’s incompatible with a major vendor’s browser.
More surprising to me is the admission that Citrix hadn’t tested IE9. I don’t keep up with the browser wars, so I’m not sure what share of the browsing action IE9 has, but I’m pretty sure that Microsoft’s IE family of browsers remains at least one of the 800 pound gorillas in the room.
Putting myself in the position of the Director of Quality or VP of Testing or whatever the head-testing-honcho’s title is at Citrix, I understand that there are constraints on compatibility testing. I wouldn’t bother to test four-year-old versions of Opera, for example. But come on, not testing IE9? If I were in charge of testing for any SaaS provider, compatibility would be one of my top quality risks, and testing browser/OS/malware configuration combinations would receive a fair amount of time, money, and attention. Of course, functionality, reliability, performance, and security would also be high on the list of risk categories, too.
Here’s some free consulting advice to my fellow test professionals who work at Citrix: Spend a little time getting ramped up on how to do quality risk analysis and risk based testing. You can find lots of free resources on our web site, especially in the articles and the Digital Library. You’ll notice that compatibility is one of the quality risk categories included in our free quality risk checklist. If you need more help, let me know, as we can provide a one-week risk based testing bootstrapping service that will get you headed in the right direction.
Morale of the story: If you are in charge of testing at any SaaS vendor, and you’re not testing for compatibility, it’s only a matter of time before someone writes a blog post like this one about your product and the degree to which you aren’t testing it.
Tags: software compatibility, software testing
Posted in best practices, risk based testing, software quality, software testing, test coverage | No Comments »
Monday, March 28th, 2011 by Rex Black
Here’s a question about equivalence partitioning.
My name is Nhat Khai Le and I’m taking ISTQB Advanced Technical Test Analyst online course (provided by RBCS).
I faced this sample question:
You are testing an accounting software package. You have a field which asks for the month of a transaction.
You know that months are treated differently in this software depending on the month of the quarter (first month of the quarter is treated differently than the second which is treated differently than the third.)
How many test cases, minimum, would you need to test this field to get equivalence coverage?
A. 4
B. 3
C. 5
D. 7
I chose answer B, i.e 3, but the answer is C, i.e 5.
The reason the answer is C is because there are three months in each quarter, each of which is different, plus the two months immediately preceding and following the quarter. It’s important to remember that equivalence partitioning includes partitions outside the “normal” range when using it for testing.
To help visualize the answer, see the illustration below:
 Equivalence Partitioning for the Months in the Quarter
Tags: software testing
Posted in software testing, test coverage | 3 Comments »
Tuesday, March 1st, 2011 by Rex Black
A quick follow-up related to my earlier post on evidence. As some readers may know, avionics software that controls flight on airplanes (e.g., cockpit software) is subject to a test coverage standard, FAA DO-178B. That standard applies lower standards of test coverage to software that is not safety critical.
So far, so good.
Here’s an example of why such standards are useful. During my flight from the US to China today, I managed to crash the entertainment software running at my seat not once by three times. I did this by pausing, rewinding, and resuming play when the flight attendants were taking my dinner orders (i.e., not by unusual actions). I was ultimately able to get it working again, thanks to a series of hard reboots by a flight attendant. One of my fellow passengers wasn’t so lucky, as his system never recovered.
Okay, that’s just entertainment, and anyone who travels regularly knows they should bring a book or plan to winnow down their sleep deprivation balance on long flights.
However, what if the flight control software were as easy to crash? Who would want to hear a cockpit announcement along the lines of the following: “Our entire flight control system just crashed. This enormous airliner is now essentially an unpowered and uncontrolled glider. We’ll reboot the system until we get it working again, or until we have an uncontrolled encounter with terrain”?
Personally, I want people testing the more safety-critical aspects of avionics software to adhere to higher standards of coverage, and to be able to provide evidence of the same.
Posted in risk based testing, software test management, software testing, test coverage | 3 Comments »
Saturday, January 29th, 2011 by Rex Black
Like most people, I don’t always read those pesky agreements that come with software these days, but I made an exception for the Tune-Up package I’m installing to try to revive my tired old Windows XP system. I came across this curious contradiction in the warranty section of the agreement:
The Software and your documentation are free of defects if they can be used in accordance with the description of the Software and its functionalities that was provided by TuneUp at the point in time that you received the Software and documentation. Further qualities of the Software are not agreed.
Since no Software is free of defects, we urgently recommend you to back up your data regularly.
Okay, guys, what is it? Is the software free of defects or not? If it is free of defects, perhaps you could enlighten us all on how you did that?
Posted in software testing, test coverage | No Comments »
Tuesday, January 18th, 2011 by Rex Black
As I mentioned earlier in this blog, we are adopting a unique feature here. Readers can submit questions about my books to me to answer in this blog. I will answer at most one a week–as I have a lot of other work going on, which I hope everyone can understand–but I will get to the questions eventually. Here’s the first question, from Gianni Pucciani of CERN.
Gianni wrote:
Hi Rex,
I finished reading the book Advanced Software Testing Vol.2 for the preparation of the ISTQB AL-TM. First of all thanks a lot, I found the book excellent, with lots of good tips that one could not know without adequate experience, and very well explained. Now I am reviewing all the chapters and their Q/A. I am planning to send you an email at the end of each chapter in case I have doubts, in order to clarify some of the questions.
For Chapter 1 I have only one doubt, on question #2 [which I've inserted here].
Assume you are a test manager working on a project to create a programmable thermostat for home use to control central heating, ventilation, and air conditioning (HVAC) systems. This project is following a sequential lifecycle model, specifically the V-model. Currently, the system architects have released a first draft design specification, based on the approved requirements specification released previously. Which of the following are appropriate test tasks to execute at this time?
A. Design tests from the requirements specification.
B. Analyze design-related risks.
C. Execute unit test cases.
D. Write the test summary report.
E. Design tests from the design specification .
The solution is A, B, E, but I don’t agree on A. It asks to identify the tests that are appropriate to execute at this time (release of the first draft design, requirements specification was already released). A (design tests from the requirements specification) is wrong in my opinion because this should have already been done as soon as the requirements specification was available. So, I don’t think A is appropriate, it can be done “now,” but it should have been done before. I would agree with including A if the questions was “identify the tests that can be done at this time”. The Chapter stresses the importance of testing activities aligned with the development process. Executing A at that time for me is an example of sub-optimal alignment. What do you think?
Thank you.
Best regards,
Gianni Pucciani
CERN IT Dept.
Gianni, you are correct that the design of tests based on the requirements should have started earlier, which is indeed a key theme of the chapter. However, that set of test tasks might not have been completed yet. In addition, the design of tests from design specifications often involves referring to the requirements specification as well (e.g., as a test oracle). Therefore, it is appropriate that the test tasks described in option A take place at this time.
I hope that helps?
Tags: requirements based testing, risk based testing, test basis, test design
Posted in risk based testing, software testing, test coverage | 2 Comments »
Tuesday, January 18th, 2011 by Rex Black
Recently, one of our licensed instructors asked me about a question in our Advanced Test Analyst course, related to two very useful test design techniques, the decision table and the related cause-effect graph. The question is as follows:
An on-line shoe-selling e-commerce Web site stocks the following options for men’s loafers:
-
Tassel: Tassel (T) or non-tassel (~T)
-
Color: Black (B), cordovan (C), or white (W)
-
Size: all full and half sizes from 8 to 14 (S=n)
The store is overstocked with tasseled loafers of all sizes and colors, along with white loafers in all sizes, and cordovan loafers in sizes 13, 13 ½, and 14. As a result, they are offering a 10% discount (10%) and free shipping (FS) on these items. Design a full decision table that shows all combinations of conditions, then collapse that table by using don’t care (“-“) notation where one or two conditions cannot influence the action. Which of the following statements is true about these two tables?
A. The full table has 8 rules; the collapsed table has 5.
B. The full table has 12 rules; the collapsed table has 7.
C. The full table has 12 rules; the collapsed table has 5.
D. Both tables have 12 rules, as no combinations can collapse
The instructor wrote, “The answer is C – however I was wondering if you explain the logic to as to why?”
Okay, so here’s the trick. The full table has twelve rules (columns) because you have one condition with three possible values (color) and two conditions with two possible values (size >= 13 and tassel), so 3×2x2=12. Because half of the columns have tassel == true, then six columns collapse to one, leaving seven columns. The four remaining columns that collapse to leave two columns each (or five columns total) have to do with color being black (which is not on sale no matter size) and color being white (which is on sale no matter size).
So, you can completely test the combinations of conditions for the business logic behind the discount with just twelve tests, and, if you are pressed for time, just five tests will give you pretty good risk mitigation.
Tags: decision tables, risk based testing
Posted in risk based testing, software testing, test coverage | No Comments »
Tuesday, November 30th, 2010 by Rex Black
Fresh off my diatribe just a couple weeks ago about how McAfee had a bug that serendipitously made a credit card charge in their favor, here’s another “bug from the trenches.” Now, Cisco enjoys a good reputation for the quality of their products, but the packaging doesn’t exactly inspire confidence. Can you spot the error?
 Does Packaging Quality Matter? Yes The point of this post is not to yank Cisco’s chain–though I am surprised to see such a large, serious organization making such an obvious and silly mistake–but to reinforce an important point. Product quality includes the whole product, and that includes the package. I’ve done some consulting for systems and consumer electronics makers, and most of them include testing of the “out of box experience”.
Cisco, did your OBE testers miss this one? I’d be happy to post a comment from Cisco explaining how this kind of obvious bug snuck past.
Tags: packaging, software quality
Posted in risk based testing, software quality, software testing, test coverage | 4 Comments »
Saturday, November 13th, 2010 by Rex Black
Some of the readers of this blog have perhaps read or heard me say that the state of the common practice of software testing lags about 25 years behind the state of the art. Here’s a situation which either is a case study in why I say that, or it’s something worse.
We (RBCS) used McAfee AntiVirus software for years on many of the PCs in our office as well as on company laptops. This was mostly due to laziness, not a high level of satisfaction. McAfee often came pre-installed on computers we bought, so we would simply renew the update subscriptions. However, repeated problems with McAfee’s virus protection–especially its aggressive interference with e-mail programs–led us to switch to Trend Micro, which now runs on all our PCs.
On September 30, we received an e-mail from McAfee (specifically, an account called “subscriptions” at “mcafee.com”). This e-mail read, in part, “ATTENTION: The credit card linked to your account for McAfee-based security products has expired. Please update your account now to keep your PC protected without interruption.” After checking to make sure that we were no longer using McAfee software on any of our computers, we ignored the message. After all, the credit card had expired.
It turns out that McAfee’s software had a bug in it that cause it to submit the charge anyway, because my October 13 American Express bill has a charge for $43.29 from McAfee.com. No receipt was mailed for the charge, unlike in previous years, though I’m not sure this has anything to do with the expired card. We’re going to contest and reverse this charge, of course; it is a relatively minor hassle.
The testing implications of this situation are significant, though. Remember, antivirus software, like other security software, is software that we rely on to keep systems safe. Given the kind of damage a widespread interruption to computer systems due to virus attacks can cause, you’d expect the entire suite of software–including the online systems that provide updates and handle customer financial matters–to be well tested, following known best practices and techniques.
So, what’s the explanation for this situation? If a credit card has expired, the system should not silently put through a charge on the card, especially when the system has sent an e-mail to the customer giving the impression that, unless the customer takes a specific and deliberate action to update the card, no charge will occur and the subscription will expire. We have an obvious equivalence partition. Equivalence partitioning as a test technique is over 25 years old. We clearly have a block of code that recognizes the equivalence partition and triggers an e-mail to the customer prior to the charge occuring. Statement coverage, the lowest of the white box coverage criteria, is also a test technique that is over 25 years old.
In risk based testing–a topic I’ve covered often in this blog–it’s almost certain that two financial-related risks would be noted during quality risk identification:
- Processing a credit card transaction that should be rejected for processing
- Not processing a credit card transaction that should be accepted for processing
Best practices of risk based testing would generally lead to such risks given a high impact rating, even if the likelihood rating were low. That would require more than cursory testing against such risks. Now, analytical risk based testing as a strategy is relatively leading edge, having been perfected only in the last ten years.
Maybe someone at McAfee would care to post a comment about which of the following statements is true:
- McAfee software systems receive only cursory testing, with financial processing code tested to less than 100% equivalence partition coverage and less than 100% statement coverage. McAfee’s test team was not aware that the system attempts charges against credit cards it knows to be no longer valid.
- McAfee’s test team was aware that the system attempts charges against credit cards it knows to be no longer valid. A bug was reported against this behavior by the testers, and deliberately deferred or cancelled by the product or project manager because they decided that they wanted the additional revenue from former customers.
Of course, it’s quite possible that McAfee’s financial processing code is tested to less than 100% equivalence partition coverage and less than 100% statement coverage, but even so their testers found this bug. After all, testing to force all possible messages to occur–a simple experience based technique recommended by James Whittaker in How to Break Software–would have revealed this bug as well.
In all, any of three well-established test design techniques–one black box (equivalence partitioning), one white box (statement coverage), and one experience based (the force-all-messages attack)–would have found this bug. Risk based testing would have lead to more thorough coverage of the underlying quality risk. If financial related quality risks are not being tested using well-established best practices, then what else isn’t being tested in McAfee’s systems?
Posted in best practices, risk based testing, security testing, software quality, software test skills, software testing, test coverage | 4 Comments »
|
Rex Black is President of RBCS (
