________________________________________________________________
Practical Combinatorial Testing
Embedded assertions
: An increasingly popular “light-weight formal methods”
technique is to embed assertions within code to ensure proper relationships between data,
for example as preconditions, postconditions, or input value checks. Tools such as the Java
Modeling language (JML) can be used to introduce very complex assertions, effectively
embedding a formal specification within the code. The embedded assertions serve as an
executable form of the specification, thus providing an oracle for the testing phase. With
embedded assertions, exercising the application with all
t
-way combinations can provide
reasonable assurance that the code works correctly across a very wide range of inputs.
This approach has been used successfully for testing smart cards, with embedded JML
assertions acting as an oracle for combinatorial tests [25]. Results showed that 80% - 90%
of errors could be found in this way.
Model based test generation
uses a mathematical model
of the SUT and a simulator or model checker to generate
expected results for each input [1,8,9,52,55]. If a simulator can
be used, expected results can be generated directly from the
simulation, but model checkers are widely available and can
also be used to prove properties such as liveness in parallel
processes, in addition to generating tests. Conceptually, a
Several types of
test oracle can be
used, depending on
resources and the
system under test.
model checker can be viewed as exploring all states of a system model to determine if a
property claimed in a specification statement is true. What makes a model checker
particularly valuable is that if the claim is false, the model checker not only reports this, but
also provides a “counterexample” showing how the claim can be shown false. If the claim
is false, the model checker indicates this and provides a trace of parameter input values and
states that will prove it is false. In effect this is a complete test case, i.e., a set of parameter
values and expected result. It is then simple to map these values into complete test cases in
the syntax needed for the system under test. Later chapters develop detailed procedures for
applying each of these testing approaches.
2.3 Chapter Summary
1. Empirical data suggest that software failures are caused by the interaction of relatively
few parameter values, and that the proportion of failures attributable to
t
-way interactions
declines very rapidly with increase in
t
. That is, usually single parameter values or a pair of
values are the cause of a failure, but increasingly smaller proportions are caused by 3-way,
4-way, and higher order interactions.
2. Because a small number of parameters are involved in failures, we can attain a high
degree of assurance by testing all
t
-way interactions, for an appropriate interaction strength
t
(2 to 6 usually). The number of
t
-way tests that will be required is proportional to
v
t
log
n
,
for
n
parameters with
v
values each.
3. Combinatorial methods can be applied to configurations or to input parameters, or in
some cases both.
4. As with all other types of testing, the oracle problem must be solved – i.e., for every
test input, the expected output must be determined in order to check if the application is
producing the correct result for each set of inputs. A variety of methods are available to
solve the oracle problem.
10