Testing and Inspecting to Ensure High Quality Defects in Ordinary Algorithms Defects in Handling Stress or Unusual Situations Defects in Ordinary Algorithms Incorrect logical conditions • Defect: —The logical conditions that govern looping and ifthen-else statements are wrongly formulated. • Testing strategy: —Use equivalence class and boundary testing. —Consider as an input each variable used in a rule or logical condition. —Break into smaller, individual logical tests. © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 2 Example of incorrect logical conditions defect What is the hard-to-find defect in the following code? • The landing gear must be deployed whenever the plane is within two minutes from landing or takeoff, or within 2000 feet from the ground. If visibility is less than 1000 feet, then the landing gear must be deployed whenever the plane is within three minutes from landing or lower than 2500 feet If (!landingGearDeployed && (min(now-takeoffTime , estLandTime-now))< (visibility < 1000 ? 180 :120) || relativeAltitude < (visibility < 1000 ? 2500 :2000) ) { throw new LandingGearException(); } Class Exercise! What is the order of evaluation – for starters!! © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 3 Defects in Ordinary Algorithms Performing a calculation in the wrong part of a control construct • Defect: —The program performs an action when it should not, or does not perform an action when it should. —Typically caused by inappropriately excluding or including the action from a loop or a if construct. • Testing strategies: —Design tests that execute each loop zero times, exactly once, and more than once. - Ensure a Do…While (or While…) is false to begin with - Ensure a Perform … Until is true to begin with - Remember: Pre-tests and Post Tests —Anything that could happen while looping is made to occur on the first, an intermediate, and the last iteration. © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 4 Example of Performing a Calculation in the Wrong Part of a Control Construct What is wrong with the following loop?: while( j < maximum) { k=someOperation(j); j++; } If (k == -1) signalAnError(); © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 5 What is wrong with the following loop: while( j < maximum) { k=someOperation(j); j++; } If(k == -1) signalAnError(); Must assume j has an acceptable integral value prior to entering loop. Could say: while (j++ < would affect argument (j)! © Lethbridge/Laganière 2001 maximum) but this Chapter 10: Testing and Inspecting for High Quality 6 Defects in Ordinary Algorithms 1 Not terminating a loop or recursion • Defect: —A loop or a recursion does not always terminate, i.e. it is ‘infinite’. —Remember in recursion, you have the ‘recursive case’ and the ‘base case’ —What do we mean by the ‘recursive case?’ Properties?? —What do we mean by the ‘base case?’ • Testing strategies: —Analyze what causes a repetitive action to be stopped. —Run test cases that you anticipate might not be handled correctly. Count on these happening during operations! Does recursive case converge to base case? © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 7 Defects in Ordinary Algorithms 3 Not setting up the correct preconditions for an algorithm • Defect: —Preconditions state what must be true before the algorithm is executed. —A defect would exist if a program proceeds to do its work, even when the preconditions are not satisfied. Do we really want to ensure a < 14 is true prior to going into the algorithm? while (a<14) { …. ……} such that even if a >= 14, this loop (and perhaps other contents) continues to run appropriately. • Testing strategy: —Run test cases in which each precondition is not satisfied. —See what happens beyond the while-loop. Absolutely! Insert probes (Displays, printf, system.out.println…) © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 9 Defects in Ordinary Algorithms 4 Not handling null conditions • Defect: —A null condition is a situation where there normally are one or more data items to process, but sometimes there are none. —It is a defect when a program behaves abnormally when a null condition is encountered. —How do you test null (or non-numeric) condition in, say, COBOL, for a numeric field? How can it happen? • Testing strategy: —Brainstorm: determine unusual conditions and run appropriate tests. —Always test ‘no inputs’ interactively or via an OPENed file. —Always test to see if the Input or Read or … retrieved data was non-null! —Always test with only one input; - Oftentimes code runs perfect with a single input; —Always test with two or more. - If code runs correctly with two inputs, it’ll probably run with n inputs (if we are dependent upon checking null or EOF conditions, etc. © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 10 Defects in Ordinary Algorithms 5 Not handling singleton or non-singleton conditions • Defect: —A singleton condition occurs when there is normally more than one of something, but sometimes there is only one. (this is a little different than the last case) —A non-singleton condition is the inverse. —Defects occur when the unusual case is not properly handled. • Testing strategy: —Brainstorm: determine unusual conditions and run appropriate tests. —Can occur with incorrect number of parameters (in some languages). - Can abend or continue, providing null values to unmatched parameters… —Think argc and argv. Can easily test. © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 11 Defects in Ordinary Algorithms 6 Off-by-one errors • Defect: —A program inappropriately adds or subtracts one. —Or loops one too many times or one too few times. —This is a particularly common type of defect. • Thoughts: —Results: often EOF reached; executing same instructions twice; —Very easy in C and Java: side effects of a++ and ++a; careful in using a++ or a++ within predicate (condition) of loop as in while (a++ < b) is quite different than while (++a < b) ! —Test: if a = 1 and b = 2, which of the two preceding, if any, were true? COBOL: Perform …. Until X >= 25 or ….Until X=25! Java, C++ for (int i = 1; i < 25; i++) ….. ++i or i++ no difference here. Always able to give correct value if ‘i’ within loop”! What is value of loop control variable when we terminate the loop? • Testing strategy: —Develop tests in which you verify that the program: - computes the correct numerical answer. performs the correct number of iterations. Always display value of loop control variables upon exiting loop!!! Insert probes for counting!!!! © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 12 Example of off-by-one defect 7 for (i=1; i<arrayname.length; i++) { /* do something */ } Difference between length and size???? What if arrayname.length = 1? Use Iterators to help eliminate these defects while (iterator.hasNext()) { anOperation(++val); } Nice boolean checks are almost always benign! © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 13 Defects in Ordinary Algorithms 8 Operator precedence errors • Defect: —An operator precedence error occurs when a programmer omits needed parentheses, or puts parentheses in the wrong place. —Operator precedence errors are often extremely obvious... - but can occasionally lie hidden until special conditions arise. —E.g. If x*y+z should be x*(y+z) this would be hidden if z =0 and perhaps is normally zero. • Testing: —In software that computes formulae, run tests that anticipate such defects. —Know the operator precedence rules! —Don’t parenthesize to death! It shows you don’t know what you are doing! © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 14 Defects in Ordinary Algorithms 9 Use of inappropriate standard algorithms • Defect: —An inappropriate standard algorithm is one that is unnecessarily inefficient or has some other property that is widely recognized as being bad. —Can you think of any? - How about Order n**2 sorts? - How about QuickSort? - How about Address Calculation sorts (various kinds)? • Testing strategies: —The tester has to know the properties of algorithms and then design tests that will determine whether any undesirable algorithms have been implemented. —There is no ‘one size fits all.’ —Knowing some of the data characteristics is a big help! © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 15 Defects in Handling Stress and Unusual Situations Incompatibility with specific configurations of hardware or software • Defect: —The system fails if it is run using particular configurations of hardware, operating systems, and external libraries. — (How about browsers too?) • Testing strategy: —Extensively execute the system with all possible configurations that might be encountered by users. —For standard software, must anticipate (or restrict) platforms! © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 16 Defects in Handling Stress and Unusual Situations 2 Defects in handling peak loads or missing resources • Defects: —The system does not gracefully handle resource shortage. —Resources that might be in short supply include: - memory, disk space or network bandwidth, permissions, processors, other peripherals, …. - Honeywell: PAT Table Overflow (< 32 files) —The program being tested should report problems in a way the user will understand. • Testing strategies: —Devise a method of denying resources (test missing resources, such as disk drives not available, etc.). —Run a very large number of copies of the program being tested, all at the same time. —May require some redesign or rethinking of the process! © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 17 Defects in Handling Stress and Unusual Situations 3 Inappropriate management of resources • Defect: —A program uses certain resources but does not make them unavailable when no longer needed. —Memory leakage? C – free? Java? Always good? No. • Testing strategy: —Run the program intensively in such a way that it uses many resources, relinquishes them and then uses them again repeatedly. — Can require some sophisticated testing! — Can require heavy loading! © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 18 Defects in Handling Stress and Unusual Situations 4 Defects in the process of recovering from a crash • Defects: —Any system will undergo a sudden failure if its hardware fails, or if its power is turned off. —It is a defect if the system is left in an unstable state and hence is unable to fully recover. —It is also a defect if a system does not correctly deal with the crashes of related systems. • Testing strategies: —Kill a program at various times during execution. —Try turning the power off; however, operating systems themselves are often intolerant of doing that. —Abruptly pre-empt key processes. © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 19 Disaster Recovery Earthquakes, Hurricanes, Tornadoes, Floods. What do we do??? Discussion of Disaster Recovery approaches Data – the real valuable corporate asset Backup computing platforms Renting / leasing resources, CPU cycles, disk space, etc. Procedures for evacuation fire, emergency generators, travel. etc. © Lethbridge/Laganière 2001 Chapter 10: Testing and Inspecting for High Quality 20