Software Testing - How much is required?

Errors and how they occur

By definition, errors are made by human beings. All of us make mistakes at some time and in some environments mistakes are more likely to happen. During the development of software, errors are introduced for several reasons, including:

• Software systems are often complex. It is sometimes difficult for a developer to fully understand the system they are developing.

• Project deadlines and budget are often insufficient. The developers may not have had sufficient time to commit to the project.

• Sometimes people are assigned to a task for which they are not sufficiently trained.

• It is often difficult to pin down the system requirements and development starts based on assumed requirements. If these assumptions are wrong then errors are introduced into the system.

• Requirements often change during system development. The complexity of the system and the desire to minimise the effect of the change often introduces errors.

Cost of errors

The impact of a failure can be very little or nothing at all. For example, a financial report with an extra space character on every line may deviate from the system specification but it may go unnoticed by the reader and is unlikely to cause any misinterpretation of the report.

However, some failures are very expensive. The Mariner 1 spacecraft had to be destroyed shortly after its launch in 1962. It is reported that a failure in the guidance software caused erratic behaviour, and this led the safety officer to abort the mission.

Failures in financial systems could cost millions of pounds. Failures in safety critical systems could cost human lives.

Why we should test

There are many reasons why we should test software, such as:

• Testing identifies faults. The removal of faults helps reduce the number of system failures. Reducing failures improves reliability and the systems quality.

• Testing can improve other system qualities such as usability, maintainability, and testability.

• In order to meet contractual obligations. In the last few years of the 20^th century systems had to be shown to be free from the ‘millennium bug’.

• In order to meet legal requirements.

• In order to meet industry specific standards such as the Railway Signalling standard.

How much to test

It is important to realise that we cannot test every possible scenario. Exhaustive testing, as it is known, would require us to test every possible path through a program, executing every possible combination of the IF statements:

• A program with 1 IF statement could require two test runs, one where the result of the test is TRUE and where the result if FALSE.

• A program with 2 IF statements could require four test runs: TRUE/TRUE, TRUE/FALSE, FALSE/TRUE and FALSE/FALSE.

• A program with 20 IF statements could require as many as 2²⁰, or 1,048,576, tests.

The maximum number of tests required to exhaustively test a program doubles with each IF statement added to the program. 1,048,576 is a large number of tests for a small program with only 20 IF statements. We cannot hope to test every code path in real systems.

When we examine the possible inputs to a program we find that it is impractical to test every possible combination of input values. An age field alone can have about 100 possible values. How many possible values are there for a name or address?

Given that exhaustive testing is impractical, we need another approach. We need to devise tests that are effective at finding faults.

There are many issues to consider when deciding how much testing is enough. The major issue is risk. Those areas that are considered as critical to the business should be thoroughly tested. The amount of time and other resources assigned to testing affects the amount of testing that can be performed.

If part of the system has not been tested or is known to contain a lot of faults then the business must decide whether the system can be used or whether the release should be delayed until the risks are reduced. The business must assess:

• The risks to the business of system failures. This includes, loss of data, inability to do business and loss of face with their customers and market.

• The effects on the business of not deploying the software. This includes similar factors such as unavailability of a new business function, failure to meet a contractual or legal liability and loss of face.

Given that there may not be sufficient resources to test every aspect of a system before it is released, it is important to give priority to those parts of the system that carry the higher risks.