manage risk by risk- driven continual regression testingbob/asert_presentations/yc_0731.pdfcontinual...
TRANSCRIPT
Manage Risk by Risk-Driven Continual Regression Testing
Yanping ChenSchool of Information Technology and Engineering, University of Ottawa
[email protected] 231/07/2003
OutlineRisk and risk-based testingRegression testing and risk-based continual regression testingRisk-based regression test case selectionRisk-based end-to-end scenario selectionReal experience to dateSummary and recommendationsReference
[email protected] 331/07/2003
Risk and Risk-based TestingRisk: event that has some probability of happening, and that if it occurs, will result in some lossRisk-based testing: do heavier testing of those parts that may bring higher riskRisk-based testing actions
Identify risk for functions or featuresQuantify risk and create ranked list of functions or featuresDesign test cases based on ranked list
[email protected] 431/07/2003
Why Risk-based Testing?
All testing is motivated by risk: Tester’s job is finding high-priority problems to avoid riskTraditional testers have always used risk-based testing, but in ad hoc fashion based on their personal judgment [4]
Using risk to measure quality of test suite is reasonable
“Risk-based testing” vs. “Food-based living”Air
[email protected] 531/07/2003
Questions to asked for risk-based approach
Which areas are significant?How much testing is enough for average area?What are risks involved in leaving certain bug unresolved?At what point can product be considered adequately tested and ready for market?
[email protected] 631/07/2003
Continual Regression Testing
To ensure that new or modified features do not cause current release to regress after incorporating fixes into product -- ensure customer’s business won’t be at riskEssential to ensure software qualityIn software maintenance: validate modified softwareIn O-O software development
Ensure quality of successive incrementsAssess quality of re-used components
Continual regression testing: execute regression tests every day or on every new build
[email protected] 731/07/2003
Typical Regression Test Selection
Program P’
Program P
Program P
New Features
Changed Features
T”: New test cases
Test Suite T
T’: Regressiontest cases
selected from T
T”: New test cases
Regression Test Suite T’’’
[email protected] 831/07/2003
A Simple Risk Model [2]
Two elements of Risk Exposure (REf):Probability of faultCost (consequence or impact) of fault in corresponding function if it occurs in production
REf = Pf × CfREf: Risk Exposure of function fPf: probability of fault occurring in function f
In our model, we consider severity of defects to assess probabilityNote: P (f) is extended to severity probability
Cf: cost if fault occurs (in production) in function f
[email protected] 931/07/2003
Risk-based Regression Testing Approach
Subjective
Model-based Tests Selection Method:
Step 1. Assess cost Ct for each test case
Step 2. Derive severity probabilityPt for each test case
Step 3. Calculate Risk ExposureREt for each test case
Step 4. Select test cases with top Ret as regression test cases
Assess Ct
Derive Pt
Calculate REt
Select test cases
[email protected] 1031/07/2003
Assess Cost Ct
Two kinds of costsCt (c): Consequences of fault as seen by customer, i.e., losing market placeCt (v): Consequences of fault as seen by vendor, i.e., high software maintenance cost
Ct is categorized on 1~5 scale (1- low, 5 -high)
Weight Ct (c) and Ct (v) equallyCt = (Ct (c) + Ct (v))/2 ??
[email protected] 1131/07/2003
Assess Cost Ct (Cont’d)Ct (c)
Test case takes one, specific control flow and includes some data Create questionnaire with questions for both control flow and dataScore each test case based on answers for questionnaire as Ct (c), on 1~5 scale (1- low, 5 - high)
Ct (v) Cost to fix bugs is dependent on system complexityUse proper questionnaire in assessmentMeasure Ct (v) on 1~5 scale (1- low, 5 - high)
[email protected] 1231/07/2003
Derive Severity Probability PtSummarize number of defects opened for each test case after running full test suiteCalculate average severity of defects for each test caseUse result of Number of Defects (Nt) times Average Severity (St) Nt × St to assess severity probabilityPt falls into 1~5 range (1 - low, 5 - high)
Test cases without any defects in full testing, Pt =1.Test cases with the top 25% estimate Nt × St, Pt = 5Test cases with the bottom 25% estimate Nt × St, Pt = 2
[email protected] 1331/07/2003
Calculate Risk Exposure REtStep 1: Step 2:
0
……
1
2
St
10t n
………..……41t002053t0010
PtNtTest Case
3t n
……2t00205t0010CtTest Case
313t n
…………………842t00202555t0010
REt = Pt × CtPtCtTest Case =
[email protected] 1431/07/2003
Select Test Cases with Top REt
………01t007011t006001t005001t004001t0030
11t002011t0010
Regression Test Suite
(30%)
Full Test Suite
Test Case
Choose test cases with highest value of REt
Reach pre-defined coverage target (e.g., 30% of full test suite)
[email protected] 1531/07/2003
Risk-based End-to-end Regression Test Scenario SelectionTest Scenario
Simulate common user profiles of system use More customer-directedHighly effective at finding regression faultsCovers sequence of test cases -- Traceability
Selection rulesSelect scenarios that contain most critical test casesHave test suite of scenarios cover as many test cases as possible
[email protected] 1631/07/2003
Risk-based Regression Test Scenario SelectionEnd-to-end Test Scenario
Selection Method To start: Create traceability
matrix between scenarios and test cases
Step 1. Calculate Risk Exposure REsfor each scenario
Step 2. Select scenario with highest REs as regression tests
Step 3. Update traceability matrix and re-calculate REs
Step 4. Repeat Steps 2 and 3 until out of time and resources
Calculate REs
Select Scenario
Update Traceability Matrix
Terminate
Traceability Matrix
[email protected] 1731/07/2003
End-to-end Test Scenario Selection Method with Example
Step 1. Calculate Risk Exposure REs for each scenario
REs = ∑REti, {1 ≤ i ≤ n | test
case ti is covered by this scenario}Step 2. Select scenario with highest REs for regression testing
[email protected] 1831/07/2003
………………110t0070…010t0060…011t0050…101t0040…011t0030…001t0020…001t0010…s003s002s001
……70s007
127s006195s005213s004732s003463s002985s001REsScenario
313t n
…………………
842t0020
2555t0010REf = Pf ×CfPfCf
[email protected] 1931/07/2003
Step 3. Update traceability matrix and re-calculate REs
When running chosen scenario, some test cases will be covered – not necessary to cover againThus, after chosen scenario has been executed
Delete column for chosen scenario Delete rows for all test cases that have been covered by this scenario
Based on updated relation table, re-calculate REsfor rest scenarios and re-build Risk Exposure tableStep 4. Repeat Steps 2 and 3 until out of time and resources
Size of test suite is dependent on time and resources
[email protected] 2031/07/2003
………………110t0070…010t0060…011t0050…101t0040…011t0030…001t0020…001t0010…s003s002s001
……68s00796s006180s005176s004611s003356s002REsScenario
Next choice --
s003
[email protected] 2131/07/2003
Case Study with historical data of IBM WebSphere
Three components of IBM WebSphere with different characters
Component One: Focus on functionalityComponent Two: Focus on dataComponent Three: Both functionality and data are important
Each component was owned by one experienced tester306 test cases in total
[email protected] 2231/07/2003
Real Experiences to DateHigh Risk Exposure coverage and average Risk ExposureAcceptable specification coverage not our focusOnly requires straightforward calculation – can be automatedSystematic – not subjective !Powerful in selecting effective test cases and finding defects
Caught all defectsOmitted fewer test cases that failed in execution
√√√
Compared Well
83.1%93.9%Defect-revealing Test Cases Selected (%)
84.1%100%Defects Detected (%)
Manual Test Suite
Risk-based Test Suite
[email protected] 2331/07/2003
SummaryNew risk-based regression test technique
1. Risk-based regression test case selection2. Risk-based regression test scenario selectionNew objective selection criteria that has good potential to guide regression test selection, even for new or less-experienced test personnel –SYSTEMATIC APPROACH!An EFFECTIVE means of QUANTIFYING quality of test suite
[email protected] 2431/07/2003
Recommendations for Adoption in Process
Highlight & motivate RISKAnalysisPlanningResults
Collect risk dataTest plan
Cost of test casesScenarios vs. test cases
Test profileNumber of defects by test caseDefect severity
Measure efficiency & effectiveness% defect detection% defect-revealing test case coverage
[email protected] 2531/07/2003
Reference[1] John D. McGregor, and David A. Sykes, A Practical Guide to Testing
Object-Oriented Software, Addison Wesley Inc., 2001 [2] Gregg Rothermel and Mary Jean Harrold, Analyzing Regression Test
Selection Techniques, IEEE Transactions on Software Engineering, V.22, no. 8, August 1996, pages 529 – 551
[3] Robert V. Binder, Testing Object-Oriented Systems, Addison-Wesley Publishing Inc., 2000
[4] Stale Amland, Risk Based Testing and Metrics: Risk analysis fundamentals and metrics for software testing including a financial application case study, 5th International Conference EuroSTAR’99, November, 1999.
[5] Yanping Chen, Specification-based Regression Testing Measurement with Risk Analysis, Masters Thesis, University of Ottawa, Canada, 2002.
[6] Glenford L. Myers, The Art of Software Testing, Wiley-Interscience, 1979.
[7] Hung Nguyen, Testing Applications on the Web, Wiley-Interscience, 2003.