Category Archives: Defect detection

Activity intended to find defects

Book Review Pt4: Black-box testing: techniques for functional testing of software and systems

Chapter 3: Control Flow Testing

This chapter introduces a basic graph, control flow. I found the tax documents for this exercise.

I read this in two parts. The first part, after the standard definitions section, focused on the relationships of a control-flow model, how they vary, and how to draw them. I liked the use of the truth table to show the relationships in a compound predicate.By the end of this section, I knew (remembered might be a better term) how to use the tactics of this technique. I could differentiate when the nodes would be serial instructions and when they would be selection as an if or case statement..

Dr. Beizer presented a step-by-step instruction set for building and using the control-flow model for testing. The model development seemed to be as if I were modeling a script or coded program. but showed what happened in the methods as well. The steps within the tax instructions gave that feel. The space of each instruction gave us a memory register to store the result. Each instruction did one thing… well, mostly. While I didn’t like the idea of reviewing 18 year old tax instructions, it worked well with this lesson.

The coverage, which is beginning to be developed in the previous chapter, starts to become more relevant. Where is the risk? In some places, the decisions seem somewhat arbitrary; to the whim of the author. Most of the coverage decisions are direct to the risks, and causes of the risks. Even within those, some of the reasons appear to be “old” ways of thinking.

In summary, this chapter gives the tester something they can use right now. It is the first finished feature of model-based testing. It is releasable, usable, and helpful.

Book Review Pt3: Black-box testing: techniques for functional testing of software and systems

Chapter 2: Graphs and Relations

This chapter introduces graphs as the central tool of testing.

Just running through the definitions got me pumped for testing. Every relationship Dr. Beizer described brought about examples in my head from software that I commonly test in my job. Then I saw the Question/Answer of the book. What do you do when you see a graph? Cover it! In 20 years, that has never left me or my test methodology.

I am not an expert on graphing so I did not see anything blatantly left out. I noticed in the undirected links section of definitions that the author didn’t think symmetric relations are not common in testing – I thought that modern software models include load balanced services, as well as multiple threads, which may have those relationships. I have tested those relationships many times.

Regarding the graph types used in testing, I took interest to the those. I felt that the transaction flow model he described doesn’t get enough attention. The finite-state model of menus… modern menus often change based on the current task or context – in the author’s word processing example, one may see a different menu set when editing a table.

While I enjoyed the discussion of transitive/intransitive relationships, I really liked the end. To paraphrase, If specification or programmer is confused about transitivity, then you have a fertile ground for testing.

The examples of the relationship types are helpful. Except the part about equivalence classes. I had to look at 3 web definitions and two YouTube videos before I felt comfortable. Then I reviewed a single partition example and said “oh yeah, I know that.”

The concept of the matrix of relationships between nodes was completely boring, but so much more efficient. If I were modeling with intention to automate coverage of a model, I would use the matrices in some form. But I get why Dr. Beizer says “…the format is cumbersome and error-prone for large matrices.”

The generic testing principles outlined have covered a great deal of my testing lifetime. It’s also the ToC for the rest of this chapter. Each instruction expands to a cookbook for creating a testing tool.

  1. Define the graph
  2. Define the relation
  3. Node Cover
  4. Link Cover
  5. Test All Weights
  6. Design Loop Tests

The instructions are simple, and mostly straight-forward. I didn’t particularly like calling properties as ‘weights’ because I think of weight as a particular type of property. Like the weight might show the likelihood one branch of the graph is used compared to an alternate branch. The author also describes the purpose & significance of each step.

I am not sure the ‘test all weights’ is necessary as a separate step. The properties can be tested within the node cover & link cover. They should be tested there.

In summary, I think this chapter sets up the following chapters by creating vocabulary and tools for them.

Book Review Pt2: Black-box testing: techniques for functional testing of software and systems

Chapter 1: Introduction

This chapter introduces testing purposes, roles, and methods.

The first thing that hits me are the definitions. Is this book like 20 years old or something? The Performance Bug and Security Bug definitions have grey hair. I like how Dr. Beizer dances around the unit, component, and integration tests. I can now understand it as well as I’ve ever understood it – but I won’t try explaining this to a child because they’ll tear me apart. People don’t try to break software anymore. They find where it’s already broken, it’s weaknesses, and it’s limitations. Otherwise, I generally agree with the definitions.

I agree with the numbered reasons for testing software. Most of these reasons can be incorporated into a cucumber scenario. The “penultimate objective” implies that using some kind of find-rate will help make a decision about readiness – I disagree because it could be a problem with the pesticide paradox.

In the Test Strategies section, test strategy is so much more than test techniques. I’m surprised to see them treated an synonyms. But there… BAM! Behavioral testing IS black box testing. I also like that the author doesn’t assume that unit tests are white box tests – one could test units and methods without knowing the code within them, only the promise of the interfaces.

I noticed that when the author talks about the progressive cost of testing units, to components, to integration, to system testing, he leaves out that the biggest cost of those bugs found late are because the time passed since the bug’s introduction is greater AND the number of people involved in repeating past work is higher (building, deploying, and possibly releasing).

In the testing isn’t everything section, I am wondering what happened to Formal Inspections. I’m fully trained in them, though I haven’t participated in one since probably 1997. I like how he says don’t try to justify automated tools as if that ever worked. I hate to do it but I have to do it.

The process section seems pretty old school as well. Old fashion we must have group discipline vs. current day we must have personal discipline. Or maybe I’m just remembering the command & control days poorly, and the short-cuts of today as not poorly enough.

I did not love this chapter. It’s basic and out of date. If I were to teach this chapter to younger testers/developers, I would focus on what has expired, and what replaced it. Then I would ask for reflections of what the students wish we had retained from the days this book was written.

A Quick Way to Test Rest Web Services


Photo “Seagulls on the American River” courtesy of Vince Mig.

Testing a Rest API

When I think of rest, it’s usually the type that requires a bed or comfortable couch. But these days I am spending more time verifying intermediate components of a larger system that take advantage of the synchronous behavior known as a restful web service than working on web GUI interfaces.

Continue reading

Article: Secrets to Success in Web Test Automation

Automating tests is an investment that is valuable as long as the investment is not too great. We want to get to the payback more quickly. The true investment is not only the cost of creating and maintaining automated tests. Learn more in my article for Software Test Magazine at Secrets to Successful Test Automation with Watir.

Issue & Story Tracking

Everywhere that I’ve ever worked at had a defect tracking system, requirements system, and sometimes merged into one. Some were off the shelf, some were homemade, and others were services. I never felt the need to install one for work, but I did want to see what was involved with doing this, including how to integrate it with other products in the test stack.

I didn’t look around much for an open source solution. I know Bugzilla is commonly used. I also looked at Mantis and Trac. I decided to go with Redmine because it’s a Ruby On Rails app.


The biggest issue was to identify which ports to use. I already had a Puppies application that I was testing as part of my Cucumber and Cheese book. I added a Graylog2 application, also Ruby On Rails for the web interface (server component is java).

I originally chose to use sqlite3 because it was already installed on my system. I knew that I could use IRB to crack into the database if I needed to. Turned out that I did. I had to create an admin user (default one did not work). I eventually switched to MySQL.


I integrated it with Git. I had trouble getting it working until I discovered that I needed to point it to the .git directory of my project directory. By including issue id’s in my checking comments, the issue automatically associated the issue with the checkin. The comment showed up on the repository page and the issue page. It supports diffing, too.

I was able to install a Jenkins Plugin (technically it is for Hudson but works on Jenkins) to integrate with my Jenkins. This allowed me to identify which builds the associated checkins would be built. I also installed a Redmine plugin to Jenkins could also track builds on Jenkins to show Redmine issues associated with the build in aggregate.

It also supported multiple projects, and sub-projects. The wiki and news seemed relevant for keeping track of project information.

There is role based access control. That probably isn’t necessary for an agile team so I ignored this capability. Also non-agile (my opinion) is time tracking and Gantt charts.


I found all the features to be useful. If I were going to build my own stack then I would like using this component.