Software Testing and QA Midterm Exam Study Guide
January 15, 1990 - AT&T Network Outage bug
A bug in a new release of the software that controls AT&T's #4ESS long distance switches causes these mammoth computers to crash when they receive a specific message from one of their neighboring machines - a message that the neighbors send out when they recover from a crash. One day a switch in New York crashes and reboots, causing its neighboring switches to crash, then their neighbors' neighbors, and so on. Soon, 114 switches are crashing and rebooting every six seconds, leaving an estimated 60 thousand people without long distance service for nine hours. The fix: engineers load the previous software release.
July 28, 1962 - Mariner I space probe bug
A bug in the flight software for the Mariner 1 causes the rocket to divert from its intended path on launch. Mission control destroys the rocket over the Atlantic Ocean. The investigation into the accident discovers that a formula written on paper in pencil was improperly transcribed into computer code, causing the computer to miscalculate the rocket's trajectory.
Failure, Fault, Mistake: Example 1. int double(int param) { 2. int result; 3. result = param * param; 4. return(result); 5. }
A call to double(3) returns 9 Result 9 represents a failure Such failure is due to the fault at line 3 The error is a typo (hopefully)
1995/1996 - The Ping of Death bug
A lack of sanity checks and error handling in the IP fragmentation reassembly code makes it possible to crash a wide variety of operating systems by sending a malformed "ping" packet from anywhere on the internet. Most obviously affected are computers running Windows, which lock up and display the so-called "blue screen of death" when they receive these packets. But the attack also affects many Macintosh and Unix systems as well.
1985-1987 - Therac-25 medical accelerator bug
A radiation therapy device malfunctions and delivers lethal radiation doses at several medical facilities. Based upon a previous design, the Therac-25 was an "improved" therapy system that could deliver two different kinds of radiation: either a low-power electron beam (beta particles) or X-rays. The Therac-25's X-rays were generated by smashing high-power electrons into a metal target positioned between the electron gun and the patient. A second "improvement" was the replacement of the older Therac-20's electromechanical safety interlocks with software control, a decision made because software was perceived to be more reliable. What engineers didn't know was that both the 20 and the 25 were built upon an operating system that had been kludged together by a programmer with no formal training. Because of a subtle bug called a "race condition," a quick-fingered typist could accidentally configure the Therac-25 so the electron beam would fire in high-power mode but with the metal X-ray target out of position. At least five patients die; others are seriously injured.
Coverage Criterion
A rule or collection of rules that impose test requirements on a test set
Metrics
A set of data is called information, and sets of information combined to provide a perspective
1993 - Intel Pentium floating point divide bug
A silicon error causes Intel's highly promoted Pentium chip to make mistakes when dividing floating-point numbers that occur within a specific range. For example, dividing 4195835.0/3145727.0 yields 1.33374 instead of 1.33382, an error of 0.006 percent. Although the bug affects few users, it becomes a public relations nightmare. With an estimated 3 million to 5 million defective chips in circulation, at first Intel only offers to replace Pentium chips for consumers who can prove that they need high accuracy; eventually the company relents and agrees to replace the chips for anyone who complains. The bug ultimately costs Intel $475 million.
Test Requirements
A specific element of a software artifact that a test case must satisfy or cover
What question does validation answer?
Am I building a right product?
What question does verification answer?
Am I building the product right?
Mistake
Cause of a fault. Usually a human error (conceptual, typo, etc.)
Why is so difficult to build software?
Complexity - No linear relation with size - Technical and management problems • Conformity • Changeability • Invisibility
November 2000 - National Cancer Institute, Panama City bug
In a series of accidents, therapy planning software created by Multidata Systems International, a U.S. firm, miscalculates the proper dosage of radiation for patients undergoing radiation therapy. Multidata's software allows a radiation therapist to draw on a computer screen the placement of metal shields called "blocks" designed to protect healthy tissue from the radiation. But the software will only allow technicians to use four shielding blocks, and the Panamanian doctors wish to use five. The doctors discover that they can trick the software by drawing all five blocks as a single large block with a hole in the middle. What the doctors don't realize is that the Multidata software gives different answers in this configuration depending on how the hole is drawn: draw it in one direction and the correct dose is calculated, draw in another direction and the software recommends twice the necessary exposure. At least eight patients die, while another 20 receive overdoses likely to cause significant health problems. The physicians, who were legally required to double-check the computer's calculations by hand, are indicted for murder.
What is validation exactly?
It is a dynamic process of testing the real product
Failure
Observable incorrect behavior of a program. Conceptually related to the behavior of the program, rather than its code.
1982 - Soviet gas pipeline bug
Operatives working for the Central Intelligence Agency allegedly (.pdf) plant a bug in a Canadian computer system purchased to control the trans-Siberian gas pipeline. The Soviets had obtained the system as part of a wide-ranging effort to covertly purchase or steal sensitive U.S. technology. The CIA reportedly found out about the program and decided to make it backfire with equipment that would pass Soviet inspection and then fail once in operation. The resulting event is reportedly the largest non-nuclear explosion in the planet's history.
Fault
Related to the code. Necessary (not sufficient!) condition for the occurrence of a failure.
1988-1996 - Kerberos Random Number Generator bug
The authors of the Kerberos security system neglect to properly "seed" the program's random number generator with a truly random seed. As a result, for eight years it is possible to trivially break into any computer that relies on Kerberos for authentication. It is unknown if this bug was ever actually exploited.
1988 - Buffer overflow in Berkeley Unix finger daemon bug
The first internet worm (the so-called Morris Worm) infects between 2,000 and 6,000 computers in less than a day by taking advantage of a buffer overflow. The specific code is a function in the standard input/output library routine called gets() designed to get a line of text over the network. Unfortunately, gets() has no provision to limit its input, and an overly large input allows the worm to take over any machine to which it can connect. Programmers respond by attempting to stamp out the gets() function in working code, but they refuse to remove it from the C programming language's standard input/output library, where it remains to this day.
Testing
To execute a program with a sample of the input data
June 4, 1996 - Ariane 5 Flight 501 bug
Working code for the Ariane 4 rocket is reused in the Ariane 5, but the Ariane 5's faster engines trigger a bug in an arithmetic routine inside the rocket's flight computer. The error is in the code that converts a 64-bit floating-point number to a 16-bit signed integer. The faster engines cause the 64-bit numbers to be larger in the Ariane 5 than in the Ariane 4, triggering an overflow condition that results in the flight computer crashing. First Flight 501's backup computer crashes, followed 0.05 seconds later by a crash of the primary computer. As a result of these crashed computers, the rocket's primary processor overpowers the rocket's engines and causes the rocket to disintegrate 40 seconds after launch.
Unit Testing
a level of software testing where individual units/ components of a software are tested
White Box Testing aka Structural Testing
a software testing method in which the internal structure/design/implementation of the item being tested is known to the tester
Measurement
a unit used by metrics (e.g., effort, elapsed days, number of defects)
The V-model splits testing into these two parts:
design and execution
What kind of activity is validation?
high-level
What activities are involved in verification?
inspections, reviews, and walkthroughs
Quality
is meeting the requirements consistently and predictably
What is verification exactly?
it is a static method of checking documents and files
What kind of activity is verification?
low-level
Verification
process to ensure whether we are building the product right to verify the requirements we have and to verify whether we are developing the product accordingly or not
Validation
process to ensure whether we are building the right product to validate the product which we have developed is right or not
What activities are involved in validation?
testing the software application by means of white box, gray box, and white box testing
Effort
the actual time that is spent on a particular activity or a phase
As per IEEE-STD-610(Validation):
the process of evaluating software during or at the end of the development process to determine whether it satisfies specified requirements
As per IEEE-STD-610(Verification):
the process of evaluation software to determine whether the products of a given development phase satisfy the conditions imposed at the beginning of that phase.
What's the difference in code execution in verification and code execution in validation?
verification doesn't involve it, but validation does
What are the difference in costs for verification and validation?
verification is low and validation isn't
Coverage Criteria
what we want to cover with our test cases
