It's easy to make
mistakes when testing software or planning a testing effort. Some
mistakes are made so often, so repeatedly, by so many different
people, that they deserve the label Classic Mistake.
Classic mistakes cluster usefully into five groups,
which I've called "themes":
· The Role of Testing: who does the testing team
serve, and how does it do that?
· 测试的作用:谁承担测试小组的责任,如何做?
· Planning the Testing Effort: how should the
whole team's work be organized?
· 制订测试工作计划:应该如何组织整个小组的工作?
· Personnel Issues: who should test?
· 人员问题:谁应该做测试?
· The Tester at Work: designing, writing, and
maintaining individual tests.
· 工作中的测试员:设计、编写和维护各测试。
· Technology Rampant: quick technological fixes
for hard problems.
· 过度使用技术:艰难问题的快速技术修复
I have two goals for this paper. First, it should
identify the mistakes, put them in context, describe why they're
mistakes, and suggest alternatives. Because the context of one mistake
is usually prior mistakes, the paper is written in a narrative style
rather than as a list that can be read in any order. Second, the
paper should be a handy checklist of mistakes. For that reason,
the classic mistakes are printed in a larger bold font when they
appear in the text, and they're also summarized at the end.
Although many of these mistakes apply to all types
of software projects, my specific focus is the testing of commercial
software products, not custom software or software that is safety
critical or mission critical.
This paper is essentially a series of bug reports
for the testing process. You may think some of them are features,
not bugs. You may disagree with the severities I assign. You may
want more information to help in debugging, or want to volunteer
information of your own. Any decent bug reporting system will treat
the original bug report as the first part of a conversation. So
should it be with this paper. Therefore, follow this link for an
ongoing discussion of this topic.
本文主要是测试过程的一系列错误报告。你可能认为它们中的部分属于特性问题而不是 bug。你可能不赞成我设定的严重性级别。你可能需要更多的信息以用于帮助排除错误,或者希望提供你自己的信息。任何设计良好的错误报告系统都将原始的错误报告当作是对话的起始部分。本文也是这样,所以,可以按照链接参加这个主题的讨论。
Theme One: The Role of Testing
A first major mistake people make is thinking
that the testing team is responsible for assuring quality. This
role, often assigned to the first testing team in an organization,
makes it the last defense, the barrier between the development team
(accused of producing bad quality) and the customer (who must be
protected from them). It's characterized by a testing team (often
called the "Quality Assurance Group") that has formal
authority to prevent shipment of the product. That in itself is
a disheartening task: the testing team can't improve quality, only
enforce a minimal level. Worse, that authority is usually more apparent
than real. Discovering that, together with the perverse incentives
of telling developers that quality is someone else's job, leads
to testing teams and testers who are disillusioned, cynical, and
view themselves as victims. We've learned from Deming and others
that products are better and cheaper to produce when everyone, at
every stage in development, is responsible for the quality of their
work ([Deming86], [Ishikawa85]).
In practice, whatever the formal role, most organizations
believe that the purpose of testing is to find bugs. This is a less
pernicious definition than the previous one, but it's missing a
key word. When I talk to programmers and development managers about
testers, one key sentence keeps coming up: "Testers aren't
finding the important bugs." Sometimes that's just griping,
sometimes it's because the programmers have a skewed sense of what's
important, but I regret to say that all too often it's valid criticism.
Too many bug reports from testers are minor or irrelevant, and too
many important bugs are missed.
实际上,不管表面上的作用是什么,大多数组织都相信测试的目的是发现 bug。这个定义的危害比前一个定义的危害要小,但是忽略了一个关键词。当我同程序员和开发经理谈到测试员的时候,不时听到一个关键的句子:测试员找不到重要的
What's an important bug? Important to whom? To
a first approximation, the answer must be "to customers".
Almost everyone will nod their head upon hearing this definition,
but do they mean it? Here's a test of your organization's maturity.
Suppose your product is a system that accepts email requests for
service. As soon as a request is received, it sends a reply that
says "your request of 5/12/97 was accepted and its reference
ID is NIC-051297-3". A tester who sends in many requests per
day finds she has difficulty keeping track of which request goes
with which ID. She wishes that the original request were appended
to the acknowledgement. Furthermore, she realizes that some customers
will also generate many requests per day, so would also appreciate
this feature. Would she:
什么是重要的 bug?对谁而言是重要的?直观的估计,答案肯定是“对于客户”。听到这个定义,几乎每个人都会点头称是,但他们确实这样认为吗?这里要测试一下你们组织的成熟度。假设你们的产品是一个接受电子邮件请求服务的系统。当收到请求时,它马上发送一个“您在97年5月12日发送的请求已经受理,参考ID是NIC-051297-3”的答复。一个每天发送很多请求的测试员发现要分清楚哪个请求与哪个ID对应是非常困难的。她希望最初的请求能够附加在确认邮件的后面。并且,她意识到某些可户可能每天也会产生很多请求,所以会高度评价这个功能的。那么她将:
1. file a bug report documenting a usability problem,
with the expectation that it will be assigned a reasonably high
priority (because the fix is clearly useful to everyone, important
to some users, and easy to do)?
写一个 bug 报告,记录一个可用性问题,希望能够分配一个合理的高优先级(因为这个修复很明显对每个人都很用,对有部分用户来说还非常重要,并且也容易修改)?
2. file a bug report with the expectation that
it will be assigned "enhancement request" priority and
disappear forever into the bug database?
写一个 bug 报告,希望它被分配为“功能提升请求”优先级并永远从 bug 数据库中消失?
3. file a bug report that yields a "works
as designed" resolution code, perhaps with an email "nastygram"
from a programmer or the development manager?
写一个 bug 报告,产生一个“按设计工作”解决码,可能还加上一个来自程序员或开发经理的“不同意”电子邮件?
4. not bother with a bug report because it would
end up in cases (2) or (3)?
不打算费事去写 bug 报告,因为它将以情况(2)或(3)结束?
If usability problems are not considered valid
bugs, your project defines the testing task too narrowly. Testers
are restricted to checking whether the product does what was intended,
not whether what was intended is useful. Customers do not care about
the distinction, and testers shouldn't either.
如果可用性问题不认为是有效的 bug,那么你们的项目将测试任务定义得太狭窄了。测试员严格限制为检查产品是否按预期工作,而不管这种预期是否有效。客户不关心这个区别,测试员也不应该关心。
Testers are often the only people in the organization
who use the system as heavily as an expert. They notice usability
problems that experts will see. (Formal usability testing almost
invariably concentrates on novice users.) Expert customers often
don't report usability problems, because they've been trained to
know it's not worth their time. Instead, they wait (in vain, perhaps)
for a more usable product and switch to it. Testers can prevent
that lost revenue.
While defining the purpose of testing as "finding
bugs important to customers" is a step forward, it's more restrictive
than I like. It means that there is no focus on an estimate of quality
(and on the quality of that estimate). Consider these two situations
for a product with five subsystems.
将测试的目的定义为“找到对用户重要的 bug ”是向前进了一步,但与我所喜欢定义相比仍有限制。这意味着没有集中于质量评估(以及这种评估的质量)。考虑一下测试含有五个子系统的产品的两种情况。
1. 100 bugs are found in subsystem 1 before release.
(For simplicity, assume that all bugs are of the highest priority.)
No bugs are found in the other subsystems. After release, no bugs
are reported in subsystem 1, but 12 bugs are found in each of the
other subsystems.
在发布前,在子系统1中找到了100个bug 。(为了简单起见,假设所有的 bug 都是最高级别的。)在其他子系统中没有发现
bug 。在发布后,在子系统1中没有报告 bug ,但在其他每个子系统中都报告了12个 bug 。
2. Before release, 50 bugs are found in subsystem
1. 6 bugs are found in each of the other subsystems. After release,
50 bugs are found in subsystem 1 and 6 bugs in each of the other
在发布前,在子系统1中找到了50个 bug 。在其他每个子系统中都找到了6个 bug 。在发布后,在子系统1中报告了50个
bug ,在其他每个子系统中都报告了6个 bug。
From the "find important bugs" standpoint,
the first testing effort was superior. It found 100 bugs before
release, whereas the second found only 74. But I think you can make
a strong case that the second effort is more useful in practical
terms. Let me restate the two situations in terms of what a test
manager might say before release:
从“找到重要 bug”的观点看,第1种测试情况较为理想。在发布前找到了100个 bug ,但是第2种情况中只找到74个。但我想你们可能会提出一个有力的理由认为第2中测试在实际中更有用。让我以产品发版前测试经理可能说些什么来重新描述一下两种测试情况:
1. "We have tested subsystem 1 very thoroughly,
and we believe we've found almost all of the priority 1 bugs. Unfortunately,
we don't know anything about the bugginess of the remaining five
“我们全面测试了子系统1,我们相信已经找出了几乎所有优先级为1的 bug。不幸的是,我们对其他五个子系统的的
bug 一无所知。”
2. "We've tested all subsystems moderately
thoroughly. Subsystem 1 is still very buggy. The other subsystems
are about 1/10th as buggy, though we're sure bugs remain."
“我们比较全面地测试了所有的子系统。子系统1仍旧有不少 bug。其他子系统虽然还有 bug,但只有子系统1的
bug 的十分之一。”
This is, admittedly, an extreme example, but it
demonstrates an important point. The project manager has a tough
decision: would it be better to hold on to the product for more
work, or should it be shipped now? Many factors - all rough estimates
of possible futures - have to be weighed: Will a competitor beat
us to release and tie up the market? Will dropping an unfinished
feature to make it into a particular magazine's special "Java
Development Environments" issue cause us to suffer in the review?
Will critical customer X be more annoyed by a schedule slip or by
a shaky product? Will the product be buggy enough that profits will
be eaten up by support costs or, worse, a recall?
“Java 开发环境” 特别期刊的评论中对我们造成损害吗?关键客户 X 对产品延期和劣质产品哪一个更感到烦恼?产品是否有很多 bug,以至于支持成本会吃掉利润,或者更糟糕的是将产品召回?
The testing team will serve the project manager
better if it concentrates first on providing estimates of product
bugginess (reducing uncertainty), then on finding more of the bugs
that are estimated to be there. That affects test planning, the
topic of the next theme.
It also affects status reporting. Test managers
often err by reporting bug data without putting it into context.
Without context, project management tends to focus on one graph:
这也会影响状态报告。测试经理常常会被没有放到具体环境中的报告 bug数据误导。没有具体环境,项目管理倾向于集中于一幅图:
The flattening in the curve of bugs found will be interpreted in
the most optimistic possible way unless you as test manager explain
the limitations of the data:
· "Only half the planned testing tasks have
been finished, so little is known about half the areas in the project.
There could soon be a big spike in the number of bugs found."
· 只有一半的计划测试做完了,对于项目的一半所知甚少。很快就有很多错误要被发现了。
· "That's especially likely because the last
two weekly builds have been lightly tested. I told the testers to
take their vacations now, before the project hits crunch mode."
· 很有可能这样,因为在过去的两个周构建只是略微测试了一下。我告诉测试员在项目进入艰难状态之前,现在开始休假。
· "Furthermore, based on previous projects
with similar amounts and kinds of testing effort, it's reasonable
to expect at least 45 priority-1 bugs remain undiscovered. Historically,
that's pretty high for a successful product."
· 并且,根据以前的经验,可以预料到至少还有45个级别为1的 bug还没有发现。从历史看,这对于一个成功产品来说是很高的。
For discussions of using bug data, see [Cusumano95],
[Rothman96], and [Marick97].
关于使用 bug 数据的讨论,请参阅[Cusumano95]、[Rothman96]和[Marick97]。
Earlier I asserted that testers can't directly
improve quality; they can only measure it. That's true only if you
find yourself starting testing too late. Tests designed before coding
begins can improve quality. They inform the developer of the kinds
of tests that will be run, including the special cases that will
be checked. The developer can use that information while thinking
about the design, during design inspections, and in his own developer
Early test design can do more than prevent coding
bugs. As will be discussed in the next theme, many tests will represent
user tasks. The process of designing them can find user interface
and usability problems before expensive rework is required. I've
found problems like no user-visible place for error messages to
go, pluggable modules that didn't fit together, two screens that
had to be used together but could not be displayed simultaneously,
and "obvious" functions that couldn't be performed. Test
design fits nicely into any usability engineering effort ([Nielsen93])
as a way of finding specification bugs.
bug 的方法,很好地与可用性工程工作相适应([Nielsen93])。
I should note that involving testing early feels
unnatural to many programmers and development managers. There may
be feelings that you are intruding on their turf or not giving them
the chance to make the mistakes that are an essential part of design.
Take care, especially at first, not to increase their workload or
slow them down. It may take one or two entire projects to establish
your credibility and usefulness.
I'll first discuss specific planning mistakes, then relate test
planning to the role of testing.
It's not unusual to see test plans biased toward
functional testing. In functional testing, particular features are
tested in isolation. In a word processor, all the options for printing
would be applied, one after the other. Editing options would later
get their own set of tests.
But there are often interactions between features,
and functional testing tends to miss them. For example, you might
never notice that the sequence of operations open a document, edit
the document, print the whole document, edit one page, print that
page doesn't work. But customers surely will, because they don't
use products functionally. They have a task orientation. To find
the bugs that customers see - that are important to customers -
you need to write tests that cross functional areas by mimicking
typical user tasks. This type of testing is called scenario testing,
task-based testing, or use-case testing.
bug——这些 bug 对于客户来说是很重要的——你需要编写模仿典型用户任务的跨功能区的测试用例。这类测试称为场景测试、基于任务的测试,或使用用例测试。
A bias toward functional testing also underemphasizes
configuration testing. Configuration testing checks how the product
works on different hardware and when combined with different third
party software. There are typically many combinations that need
to be tried, requiring expensive labs stocked with hardware and
much time spent setting up tests, so configuration testing isn't
cheap. But, it's worth it when you discover that your standard in-house
platform which "entirely conforms to industry standards"
actually behaves differently from most of the machines on the market.
Both configuration testing and scenario testing
test global, cross-functional aspects of the product. Another type
of testing that spans the product checks how it behaves under stress
(a large number of transactions, very large transactions, a large
number of simultaneous transactions). Putting stress and load testing
off to the last minute is common, but it leaves you little time
to do anything substantive when you discover your product doesn't
scale up to more than 12 users.
Two related mistakes are not testing the documentation
and not testing installation procedures. Testing the documentation
means checking that all the procedures and examples in the documentation
work. Testing installation procedures is a good way to avoid making
a bad first impression.
How about avoiding testing altogether?
At a conference last year, I met (separately)
two depressed testers who told me their management was of the opinion
that the World Wide Web could reduce testing costs. "Look at
[wildly successful internet company]. They distribute betas over
the network and get their customers to do the testing for free!"
The Windows 95 beta program is also cited in similar ways.
Wide Web)可以减少测试成本。“看看非常成功的网络公司”。他们在网络上分发β版,让客户免费给他们做测试!”。Windows
Beware of an overreliance on beta testing. Beta
testing seems to give you test cases representative of customer
use - because the test cases are customer use. Also, bugs reported
by customers are by definition those important to customers. However,
there are several problems:
1. The customers probably aren't that representative.
In the common high-tech marketing model, beta users, especially
those of the "put it on your web site and they will download"
sort, are the early adopters, those who like to tinker with new
technologies. They are not the pragmatists, those who want to wait
until the technology is proven and safe to adopt. The usage patterns
of these two groups are different, as are the kinds of bugs they
consider important. In particular, early adopters have a high tolerance
for bugs with workarounds and for bugs that "just go away"
when they reload the program. Pragmatists, who are much less tolerant,
make up the large majority of the market.
bug 的重要程度是不同的一样。特别地,早期的采用者对于能够用变通方法解决的 bug和重新加载程序就能消失的 bug有较强的容忍性。但容忍性较差的实用主义者占据了市场的大部分。
2. Even of those beta users who actually use the
product, most will not use it seriously. They will give it the equivalent
of a quick test drive, rather than taking the whole family for a
two week vacation. As any car buyer knows, the test drive often
leaves unpleasant features undiscovered.
3. Beta users - just like customers in general
- don't report usability problems unless prompted. They simply silently
decide they won't buy the final version.
4. Beta users - just like customers in general
- often won't report a bug, especially if they're not sure what
they did to cause it, or if they think it is obvious enough that
someone else must have already reported it.
β用户象客户一样,常常不会报告 bug ,尤其是当他们不能确定是什么操作导致了错误,或者是他们认为这个错误很明显,其他人肯定已经报告了。
5. When beta users report a bug, the bug report
is often unusable. It costs much more time and effort to handle
a user bug report than one generated internally.
Beta programs can be useful, but they require
careful planning and monitoring if they are to do more than give
a warm fuzzy feeling that at least some customers have used the
product before it's inflicted on all of them. See [Kaner93] for
a brief description.
The one situation in which beta programs are unequivocally
useful is in configuration testing. For any possible screwy configuration,
you can find a beta user who has it. You can do much more configuration
testing than would be possible in an in-house lab (or even perhaps
an outsourced testing agency). Beta users won't do as thorough a
job as a trained tester, but they'll catch gross errors of the "BackupBuster
doesn't work on this brand of 'compatible' floppy tape drive"
Beta programs are also useful for building word
of mouth advertising, getting "first glance" reviews in
magazines, supporting third-party vendors who will build their product
on top of yours, and so on. Those are properly marketing activities,
not testing.
Planning and replanning in support of the role
of testing
Each of the types of testing described above,
including functional testing, reduces uncertainty about a particular
aspect of the product. When done, you have confidence that some
functional areas are less buggy, others more. The product either
usually works on new configurations, or it doesn't.
There's a natural tendency toward finishing one
testing task before moving on to the next, but that may lead you
to discover bad news too late. It's better to know something about
all areas than everything about a few. When you've discovered where
the problem areas lie, you can test them to greater depth as a way
of helping the developers raise the quality by finding the important
Strictly, I've been over-simplistic in describing
testing's role as reducing uncertainty. It would be better to say
"risk-weighted uncertainty". Some areas in the product
are riskier than others, perhaps because they're used by more customers
or because failures in that area would be particularly severe. Riskier
areas require more certainty. Failing to correctly identify risky
areas is a common mistake, and it leads to misallocated testing
effort. There are two sound approaches for identifying risky areas:
1. Ask everyone you can for their opinion. Gather
data from developers, marketers, technical writers, customer support
people, and whatever customer representatives you can find. See
[Kaner96a] for a good description of this kind of collaborative
test planning.
2. Use historical data. Analyzing bug reports
from past products (especially those from customers, but also internal
bug reports) helps tell you what areas to explore in this project.
使用历史数据。分析以前产品的 bug 报告(特别是来自客户的,但也要包含内部 bug 报告)可以帮助你辨别在这个项目中还需要探索哪些领域。
"So, winter's early this year. We're
still going to invade Russia."
Good testers are systematic and organized, yet
they are exposed to all the chaos and twists and turns and changes
of plan typical of a software development project. In fact, the
chaos is magnified by the time it gets to testers, because of their
position at the end of the food chain and typically low status.
One unfortunate reaction is sticking stubbornly to the test plan.
Emotionally, this can be very satisfying: "They can flail around
however they like, but I'm going to hunker down and do my job."
The problem is that your job is not to write tests. It's to find
the bugs that matter in the areas of greatest uncertainty and risk,
and ignoring changes in the reality of the product and project can
mean that your testing becomes irrelevant.
bug 。忽略产品和项目的实际变化可能意味着你的测试变得无关紧要。
That's not to say that testers should jump to
readjust all their plans whenever there's a shift in the wind, but
my experience is that more testers let their plans fossilize than
overreact to project change.
Fresh out of college, I got my first job as a
tester. I had been hired as a developer, and knew nothing about
testing, but, as they said, "we don't know enough about you
yet, so we'll put you somewhere where you can't do too much damage".
In due course, I "graduated" to development.
Using testing as a transitional job for new programmers
is one of the two classic mistaken ways to staff a testing organization.
It has some virtues. One is that you really can keep bad hires away
from the code. A bozo in testing is often less dangerous than a
bozo in development. Another is that the developer may learn something
about testing that will be useful later. (In my case, it founded
a career.) And it's a way for the new hire to learn the product
while still doing some useful work.
The advantages are outweighed by the disadvantage:
the new hire can't wait to get out of testing. That's hardly conducive
to good work. You could argue that the testers have to do good work
to get "paroled". Unfortunately, because people tend to
be as impressed by effort as by results, vigorous activity - especially
activity that establishes credentials as a programmer - becomes
the way out. As a result, the fledgling tester does things like
become the expert in the local programmable editor or complicated
freeware tool. That, at least, is a potentially useful role, though
it has nothing to do with testing. More dangerous is vigorous but
misdirected testing activity; namely, test automation. (See the
last theme.)
Even if novice testers were well guided, having
so much of the testing staff be transients could only work if testing
is a shallow algorithmic discipline. In fact, good testers require
deep knowledge and experience.
The second classic mistake is recruiting testers
from the ranks of failed programmers. There are plenty of good testers
who are not good programmers, but a bad programmer likely has some
work habits that will make him a bad tester, too. For example, someone
who makes lots of bugs because he's inattentive to detail will miss
lots of bugs for the same reason.
bug 的人也会因为同样的原因而漏掉很多 bug 。
So how should the testing team be staffed? If
you're willing to be part of the training department, go ahead and
accept new programmer hires. Accept as applicants programmers who
you suspect are rejects (some fraction of them really have gotten
tired of programming and want a change) but interview them as you
would an outside hire. When interviewing, concentrate less on formal
qualifications than on intelligence and the character of the candidate's
thought. A good tester has these qualities:
· methodical and systematic.
· 有条理、有计划。
· tactful and diplomatic (but firm when necessary).
· 有策略、说话办事得体(但在需要的时候要坚定)
· skeptical, especially about assumptions, and
wants to see concrete evidence.
· 怀疑能力,特别是关于假设的,并要看到具体证明。
· able to notice and pursue odd details.
· 能够注意并跟踪奇怪的细节之处。
· good written and verbal skills (for explaining
bugs clearly and concisely).
· 良好的书面和口头表达技巧(可以清楚、简洁地解释 bug )。
· a knack for anticipating what others are likely
to misunderstand. (This is useful both in finding bugs and writing
bug reports.)
· 能够预料到其他人可能会误解什么的能力(这在发现 bug 和编写 bug 报告时非常有用)
· a willingness to get one's hands dirty, to experiment,
to try something to see what happens.
· 愿意不辞辛苦地进行实验,尝试一些事情来看看会发生什么。
Be especially careful to avoid the trap of testers
who are not domain experts. Too often, the tester of an accounting
package knows little about accounting. Consequently, she finds bugs
that are unimportant to accountants and misses ones that are. Further,
she writes bug reports that make serious bugs seem irrelevant. A
programmer may not see past the unrepresentative test to the underlying
important problem. (See the discussion of reporting bugs in the
next theme.)
bug 对于会计师来说不重要,但又漏掉了很多对于会计师来说很重要的 bug 。而且,她编写的 bug 报告将使严重的 bug 看起来无关紧要。程序员可能无法透过不具备代表性的测试来看到底层的重要问题(查看下一主题中的关于报告
bug 的讨论。)
Domain experts may be hard to find. Try to find
a few. And hire testers who are quick studies and are good at understanding
other people's work patterns.
Two groups of people are readily at hand and often
have those skills. But testing teams often do not seek out applicants
from the customer service staff or the technical writing staff.
The people who field email or phone problem reports develop, if
they're good, a sense of what matters to the customer (at least
to the vocal customer) and the best are very quick on their mental
Like testers, technical writers often also lack
detailed domain knowledge. However, they're in the business of translating
a product's behavior into terms that make sense to a user. Good
technical writers develop a sense of what's important, what's confusing,
and so on. Those areas that are hard to explain are often fruitful
sources of bugs. (What confuses the user often also confuses the
One reason these two groups are not tapped is
an insistence that testers be able to program. Programming skill
brings with it certain advantages in bug hunting. A programmer is
more likely to find the number 2,147,483,648 interesting than an
accountant will. (It overflows a signed integer on most machines.)
But such tricks of the trade are easily learned by competent non-programmers,
so not having them is a weak reason for turning someone down.
没有选择这两组人员的一个原因是坚持认为测试员都应当会编程。编程技巧会给搜寻 bug 带来一定的优势。与财务人员相比,程序员更有可能发现数字2,147,483,648是有趣的(这个数字在大多数机器的有符号整数中溢出。)但是这种技巧很容易被有能力的非程序员掌握,所以这是不录取他们的一个不充分的理由。
If you hire according to these guidelines, you
will avoid a testing team that lacks diversity. All of the members
will lack some skills, but the team as a whole will have them all.
Over time, in a team with mutual respect, the non-programmers will
pick up essential tidbits of programming knowledge, the programmers
will pick up domain knowledge, and the people with a writing background
will teach the others how to deconstruct documents.
All testers - but non-programmers especially -
will be hampered by a physical separation between developers and
testers. A smooth working relationship between developers and testers
is essential to efficient testing. Too much valuable information
is unwritten; the tester finds it by talking to developers. Developers
and testers must often work together in debugging; that's much harder
to do remotely. Developers often dismiss bug reports too readily,
but it's harder to do that to a tester you eat lunch with.
bug ,远程实现是非常困难的。开发人员常常随意关闭一个 bug 报告,但是对一个一起吃午餐的测试员的报告却很难这样做。
Remote testing can be made to work - I've done
it - but you have to be careful. Budget money for frequent working
visits, and pay attention to interpersonal issues.
Some believe that programmers can't test their
own code. On the face of it, this is false: programmers test their
code all the time, and they do find bugs. Just not enough of them,
which is why we need independent testers.
bug 。只是发现的 bug 还不够多,这也是为什么我们需要独立的测试员。
But if independent testers are testing, and programmers
are testing (and inspecting), isn't there a potential duplication
of effort? And isn't that wasteful? I think the answer is yes. Ideally,
programmers would concentrate on the types of bugs they can find
adequately well, and independent testers would concentrate on the
bug 类型,而独立测试员应集中于其他部分。
The bugs programmers can find well are those where
their code does not do what they intended. For example, a reasonably
trained, reasonably motivated programmer can do a perfectly fine
job finding boundary conditions and checking whether each known
equivalence class is handled. What programmers do poorly is discovering
overlooked special cases (especially error cases), bugs due to the
interaction of their code with other people's code (including system-wide
properties like deadlocks and performance problems), and usability
程序员能够较好地发现的 bug 是那些与他们预期不符的代码。例如,一个接受过一定培训、有一定积极性的程序员可以很好地找到边界条件,并且检查每一个等价类是否都处理了。程序员做的不好的地方是不能发现被忽略的某些情况(尤其是错误情况),不能发现由于他们的代码与其他人的代码交互作用而产生的
bug ,以及易用性问题。
Crudely put, good programmers do functional testing,
and testers should do everything else. Recall that I earlier claimed
an over-concentration on functional testing is a classic mistake.
Decent programmer testing magnifies the damage it does.
Of course, decent programmer testing is relatively
rare, because programmers are neither trained nor motivated to test.
This is changing, gradually, as companies realize it's cheaper to
have bugs found and fixed quickly by one person, instead of more
slowly by two. Until then, testers must do both the testing that
programmers can do and the testing only testers can do, but must
take care not to let functional testing squeeze out the rest.
bug 成本较低,这种情况也在逐步改变。在此之前,测试员不但必须完成程序员可以完成的测试,还要完成只有测试员才能完成的工作,还必须小心不要让功能测试挤占了其他测试。
When testing, you must decide how to exercise
the program, then do it. The doing is ever so much more interesting
than the deciding. A tester's itch to start breaking the program
is as strong as a programmer's itch to start writing code - and
it has the same effect: design work is skimped, and quality suffers.
Paying more attention to running tests than to designing them is
a classic mistake. A tester who is not systematic, who does not
spend time laying out the possibilities in advance, will overlook
special cases. They may be the same subtle ones that the programmers
Concentration on execution also results in unreviewed
test designs. Just like programmers, testers can benefit from a
second pair of eyes. Reviews of test designs needn't be as elaborate
as product design reviews, but a short check of the testing approach
and the resulting tests can find significant omissions at low cost.
What is a test design?
A test design should contain a description of
the setup (including machine configuration for a configuration test),
inputs given to the product, and a description of expected results.
One common mistake is being too specific about test inputs and procedures.
Let's assume manual test implementation for the
moment. A related argument for automated tests will be discussed
in the next section. Suppose you're testing a banking application.
Here are two possible test designs:
Design 1
Setup: initialize the balance in account 12 with
Start the program.
Type 12 in the Account window.
Press OK.
Click on the 'Withdraw' toolbar button.
In the withdraw popup dialog, click on the 'all'
Press OK.
Expect to see a confirmation popup that says "You
are about to withdraw all the money from this account. Continue?"
Press OK.
Expect to see a 0 balance in the account window.
Separately query the database to check that the
zero balance has been posted.
Exit the program with File->Exit.
通过“文件->退出” 退出程序。
Design 2
Setup: initialize the balance with a positive
Start the program on that account.
Withdraw all the money from the account using
the 'all' button.
It's an error if the transaction happens without
a confirmation popup.
Immediately thereafter:
- Expect a $0 balance to be displayed.
- Independently query the database to check that
the zero balance has been posted.
- 预期余额会显示$0。
- 单独查询数据库,检查余额为0。
The first design style has these advantages:
· The test will always be run the same way. You
are more likely to be able to reproduce the bug. So will the programmer.
· 测试总是以相同方式运行。重现错误的可能性更大。程序员也一样。
· It details all the important expected results
to check. Imprecise expected results make failures harder to notice.
For example, a tester using the second style would find it easier
to overlook a spelling error in the confirmation popup, or even
that it was the wrong popup.
· 它将所有要检查的预期结果的细节都描述出来。不精确的预期结果使得错误更难注意到。例如,使用第二种风格的测试员将会发现更容易忽略确认对话框中的错误拼写,甚至是错误的对话框。
· Unlike the second style, you always know exactly
what you've tested. In the second style, you couldn't be sure that
you'd ever gotten to the Withdraw dialog via the toolbar. Maybe
the menu was always used. Maybe the toolbar button doesn't work
at all!
· 不像第二种测试风格,你总是能明确地知道你在测试什么。在第二种风格中,你不能确定可以通过工具条得到“取款”对话框。也许总是使用菜单。也许工具条根本不起作用!
· By spelling out all inputs, the first style
prevents testers from carelessly overusing simple values. For example,
a tester might always test accounts with $100, rather than using
a variety of small and large balances. (Either style should include
explicit tests for boundary and special values.)
· 通过写出所有的输入,第一种风格防止程序员无意间过度使用简单的值。例如,一个测试员可能总是用$100测试帐户,而不是使用一些小的和大的余额的组合。(这两种风格都应显式地包含边界值和特殊值测试。)
However, there are also some disadvantages:
· The first style is more expensive to create.
· 创建第一种风格的测试成本较高。
· The inevitable minor changes to the user interface
will break it, so it's more expensive to maintain.
· 对用户界面的一些不可避免的更改将中断它,因此维护成本也就更高。
· Because each run of the test is exactly the
same, there's no chance that a variation in procedure will stumble
across a bug.
· 因为每一轮测试都完全相同,所以也就没有机会因为过程不同而偶然发现 bug 。
· It's hard for testers to follow a procedure
exactly. When one makes a mistake - pushes the wrong button, for
example - will she really start over?
· 测试员难于遵循测试过程。如果一个人出现错误——比如说按错按钮——她需要重新开始吗?
On balance, I believe the negatives often outweigh
the positives, provided there is a separate testing task to check
that all the menu items and toolbar buttons are hooked up. (Not
only is a separate task more efficient, it's less error-prone. You're
less likely to accidentally omit some buttons.)
I do not mean to suggest that test cases should
not be rigorous, only that they should be no more rigorous than
is justified, and that we testers sometimes error on the side of
uneconomical detail.
Detail in the expected results is less problematic
than in the test procedure, but too much detail can focus the tester's
attention too much on checking against the script he's following.
That might encourage another classic mistake: not noticing and exploring
"irrelevant" oddities. Good testers are masters at noticing
"something funny" and acting on it. Perhaps there's a
brief flicker in some toolbar button which, when investigated, reveals
a crash. Perhaps an operation takes an oddly long time, which suggests
to the attentive tester that increasing the size of an "irrelevant"
dataset might cause the program to slow to a crawl. Good testing
is a combination of following a script and using it as a jumping-off
point for an exploration of the product.
An important special case of overlooking bugs
is checking that the product does what it's supposed to do, but
not that it doesn't do what it isn't supposed to do. As an example,
suppose you have a program that updates a health care service's
database of family records. A test adds a second child to Dawn Marick's
record. Almost all testers would check that, after the update, Dawn
now has two children. Some testers - those who are clever, experienced,
or subject matter experts - would check that Dawn Marick's spouse,
Brian Marick, also now has two children. Relatively few testers
would check that no one else in the database has had a child added.
They would miss a bug where the programmer over-generalized and
assumed that all "family information" updates should be
applied both to a patient and to all members of her family, giving
Paul Marick (aged 2) a child.
一个重要的忽略 bug的特例情况是检查产品完成预期操作,但不检查它是否没有完成不应该完成的操作。举个例子,假设你有一个更新医疗机构的家庭记录数据库的程序。一个测试是在Dawn
Marick的记录中添加第二个小孩。几乎所有的测试员都将在更新之后检查Dawn Marick现在有两个小孩了。部分测试员——那些聪明的、有经验的专家——将会检查Dawn
Marick的配偶——Brian Marick,现在也有两个小孩了。相对较少的测试员将检查数据库中没有其他人添加了小孩。如果程序员将规则过分扩展,认为应当对所有的既是病人又是她的家庭成员的人都更新
“家庭信息”,给了Paul Marick(2岁)一个小孩,则这个 bug 就被忽略了。
Ideally, every test should check that all data
that should be modified has been modified and that all other data
has been unchanged. With forethought, that can be built into automated
tests. Complete checking may be impractical for manual tests, but
occasional quick scans for data that might be corrupted can be valuable.
Testing should not be isolated work
Here's another version of the test we've been
Design 3
Withdraw all with confirmation and normal check
for 0.
That means the same thing as Design 2 - but only
to the original author. Test suites that are understandable only
by their owners are ubiquitous. They cause many problems when their
owners leave the company; sometimes many month's worth of work has
to be thrown out.
I should note that designs as detailed as Designs
1 or 2 often suffer a similar problem. Although they can be run
by anyone, not everyone can update them when the product's interface
changes. Because the tests do not list their purposes explicitly,
updates can easily make them test a little less than they used to.
(Consider, for example, a suite of tests in the Design 1 style:
how hard will it be to make sure that all the user interface controls
are touched in the revised tests? Will the tester even know that's
a goal of the suite?) Over time, this leads to what I call "test
suite decay," in which a suite full of tests runs but no longer
tests much of anything at all.
Another classic mistake involves the boundary
between the tester and programmer. Some products are mostly user
interface; everything they do is visible on the screen. Other products
are mostly internals; the user interface is a "thin pipe"
that shows little of what happens inside. The problem is that testing
has to use that thin pipe to discover failures. What if complicated
internal processing produces only a "yes or no" answer?
Any given test case could trigger many internal faults that, through
sheer bad luck, don't produce the wrong answer.
In such situations, testers sometimes rely solely
on programmer ("unit") testing. In cases where that's
not enough, testing only through the user-visible interface is a
mistake. It is far better to get the programmers to add "testability
hooks" or "testpoints" that reveal selected internal
state. In essence, they convert a product like this:
在这样的情况中,有时候测试员单独依赖于程序员(“单元”) 测试。在这不够充足的情况下,仅从用户可见的界面测试是一个错误。如果使程序员加上“可测试性钩子”或“测试点”以揭示所选择的内部状态的话,会好得多。本质上,他们将一个产品:

to one like this:
It is often difficult to convince programmers to add test support
code to the product. (Actual quote: "I don't want to clutter
up my code with testing crud.") Persevere, start modestly,
and take advantage of these facts:
1. The test support code is often a simple extension
of the debugging support code programmers write anyway.
2. A small amount of test support code often goes
a long way.
A common objection to this approach is that the
test support code must be compiled out of the final product (to
avoid slowing it down). If so, tests that use the testing interface
"aren't testing what we ship". It is true that some of
the tests won't run on the final version, so you may miss bugs.
But, without testability code, you'll miss bugs that don't reveal
themselves through the user interface. It's a risk tradeoff, and
I believe that adding test support code usually wins. See [Marick95],
chapter 13, for more details.
bug 。但是,没有可测试的代码,你会漏掉一些通过用户界面无法揭示的 bug 。这是一个风险的权衡,我相信添加测试代码通常会占上风。参见[Marick95]的第13章以获取更多详细内容。
In one case, there's an alternative to having
the programmer add code to the product: have a tool do it. Commercial
tools like Purify, Boundschecker, and Sentinel automatically add
code that checks for certain classes of failures (such as memory
leaks). They provide a narrow, specialized testing interface. For
marketing reasons, these tools are sold as programmer debugging
tools, but they're equally test support tools, and I'm amazed that
testing groups don't use them as a matter of course.
Testability problems are exacerbated in distributed
systems like conventional client/server systems, multi-tiered client/server
systems, Java applets that provide smart front-ends to web sites,
and so forth. Too often, tests of such systems amount to shallow
tests of the user interface component because that's the only component
that the tester can easily control.
Finding failures is only the start
It's not enough to find a failure; you must also
report it. Unfortunately, poor bug reporting is a classic mistake.
Tester bug reports suffer from five major problems:
发现错误是不够的,还必须报告它。不幸的是,低劣的 bug 报告是一个典型错误。测试员的错误报告存在五个主要问题:
1. They do not describe how to reproduce the bug.
Either no procedure is given, or the given procedure doesn't work.
Either case will likely get the bug report shelved.
他们没有描述如何重现 bug 。要么没有描述过程,要么描述的过程不正确。这两种情况都会使错误报告被搁置。
2. They don't explain what went wrong. At what
point in the procedure does the bug occur? What should happen there?
What actually happened?
他们没有解释出了什么问题。在什么地方出现了 bug ?将会发生什么?实际上又发生了什么?
3. They are not persuasive about the priority
of the bug. Your job is to have the seriousness of the bug accurately
assessed. There's a natural tendency for programmers and managers
to rate bugs as less serious than they are. If you believe a bug
is serious, explain why a customer would view it the way you do.
If you found the bug with an odd case, take the time to reproduce
it with a more obviously common or compelling case.
4. 关于 bug 的级别没有说服力。你的工作是评估 bug 的严重性。对于程序员和经理有一种很自然的倾向:评估的严重性比实际的严重性低。如果你确信一个
bug 是严重的,要解释一下为什么客户要以你的方式看待这个问题。如果你发现一个奇怪的错误,花一些时间以更普通、更令人信服的方式重现它。
5. They do not help the programmer in debugging.
This is a simple cost/benefit tradeoff. A small amount of time spent
simplifying the procedure for reproducing the bug or exploring the
various ways it could occur may save a great deal of programmer
他们不能帮助程序员排除 bug 。这是一个简单的成本/收益权衡。花一点时间简化重现 bug
6. They are insulting, so they poison the relationship
between developers and testers.
[Kaner93] has an excellent chapter (5) on how
to write bug reports. Read it.
[Kaner93]有一章(第5章)非常好的内容说明了应该如何写 bug 报告。可以读一下。
Not all bug reports come from testers. Some come
from customers. When that happens, it's common for a tester to write
a regression test that reproduces the bug in the broken version
of the product. When the bug is fixed, that test is used to check
that it was fixed correctly.
不是所有的 bug 报告都是测试员写的。有一些是来自客户的。如果出现这样的情况,常见情况是测试员编写一个回归测试,在产品出现问题的版本上重现这个
bug 。如果 bug 得到修复,这个测试可以用于检查它是否正确修复。
However, adding only regression tests is not enough.
A customer bug report suggests two things:
但是,仅仅添加回归测试是不够的。客户 bug 报告暗示着两个东西:
1. That area of the product is buggy. It's well
known that bugs tend to cluster.
产品的那个领域包含了 bug。大家都知道, bug 一般是集中出现的。
2. That area of the product was inadequately tested.
Otherwise, why did the bug originally escape testing?
产品的那个领域没有进行充分测试。否则的话,为什么开始测试的时候漏掉了那个 bug ?
An appropriate response to several customer bug
reports in an area is to schedule more thorough testing for that
area. Begin by examining the current tests (if they're understandable)
to determine their systematic weaknesses.
对于某个领域中的几个客户 bug 报告的适当响应是对该领域安排一个更全面的测试。首先检查当前测试(如果它们是可以理解的话)以确定在系统性方面的不足之处。
Finally, every bug report is a gift from a customer
that tells you how to test better in the future. A common mistake
is failing to take notes for the next testing effort. The next product
will be somewhat like this one, the bugs will be somewhat like these,
and the tests useful in finding those bugs will also be somewhat
like the ones you just ran. Mental notes are easy to forget, and
they're hard to hand to a new tester. Writing is a wonderful human
invention: use it. Both [Kaner93] and [Marick95] describe formats
for archiving test information, and both contain general-purpose
总之,每个 bug 报告都是客户的礼物,告诉我们在今后如何更好地测试。一个常见错误是不能为下次测试工作做好记录。下一个产品将在某种程度上类似于这一个,
bug 在某种程度上类似于这一个,你刚才所做的测试在某种程度上类似于将来找出那些错误的测试。脑海中的记录容易忘记,也很难传授给新测试员。书写是人类一个美妙的发明:使用它。[Kaner93]和[Marick95]都描述了归档测试信息的格式,并包含了通用的示例。
Test automation is based on a simple economic
· If a manual test costs $X to run the first time,
it will cost just about $X to run each time thereafter, whereas:
· 如果第一次手工测试的成本是$X,则其后每次测试的成本大致都是$X,然而:
· If an automated test costs $Y to create, it
will cost almost nothing to run from then on.
· 如果创建自动化测试的成本是$Y,则其后的运行成本几乎为零。
$Y is bigger than $X. I've heard estimates ranging
from 3 to 30 times as big, with the most commonly cited number seeming
to be 10. Suppose 10 is correct for your application and your automation
tools. Then you should automate any test that will be run more than
10 times.
A classic mistake is to ignore these economics,
attempting to automate all tests, even those that won't be run often
enough to justify it. What tests clearly justify automation?
· Stress or load tests may be impossible to implement
manually. Would you have a tester execute and check a function 1000
times? Are you going to sit 100 people down at 100 terminals?
· 压力或负载测试可能无法手工实现。你会让测试员执行并检查一个函数1000次吗?你会找100个人坐在100个终端前面吗?
· Nightly builds are becoming increasingly common.
(See [McConnell96] or [Cusumano95] for descriptions of the procedure.)
If you build the product nightly, you must have an automated "smoke
test suite". Smoke tests are those that are run after every
build to check for grievous errors.
· 夜间构建变得越来越普遍了。(参见[McConnell96]或[Cusumano95]可以了解这个过程的描述)。如果在夜间构建产品,就必须有一个自动化的“冒烟测试套件”。
· Configuration tests may be run on dozens of
· 配置测试可能要在数十种配置上运行。
The other kinds of tests are less clear-cut. Think
hard about whether you'd rather have automated tests that are run
often or ten times as many manual tests, each run once. Beware of
irrational, emotional reasons for automating, such as testers who
find programming automated tests more fun, a perception that automated
tests will lead to higher status (everything else is "monkey
testing"), or a fear of not rerunning a test that would have
found a bug (thus leading you to automate it, leaving you without
enough time to write a test that would have found a different bug).
bug 的测试(这导致你将它自动化,使你没有足够的时间编写一个会发现其他 bug 的测试)。
You will likely end up in a compromise position,
where you have:
1. a set of automated tests that are run often.
2. a well-documented set of manual tests. Subsets
of these can be rerun as necessary. For example, when a critical
area of the system has been extensively changed, you might rerun
its manual tests. You might run different samples of this suite
after each major build.
3. a set of undocumented tests that were run once
(including exploratory "bug bash" tests).
一套没有文档的、只运行一次的测试(包括探索性的“bug 大清除”测试)。
Beware of expecting to rerun all manual tests.
You will become bogged down rerunning tests with low bug-finding
value, leaving yourself no time to create new tests. You will waste
time documenting tests that don't need to be documented.
注意不要期望重新运行所有的手工测试。重新运行这些很少能找到 bug 的测试会使你停滞不前,使你自己没有时间创建新的测试。你会把时间浪费在为不需要文档的测试编写文档上。
You could automate more tests if you could lower
the cost of creating them. That's the promise of using GUI capture/replay
tools to reduce test creation cost. The notion is that you simply
execute a manual test, and the tool records what you do. When you
manually check the correctness of a value, the tool remembers that
correct value. You can then later play back the recording, and the
tool will check whether all checked values are the same as the remembered
There are two variants of such tools. What I call
the first generation tools capture raw mouse movements or keystrokes
and take snapshots of the pixels on the screen. The second generation
tools (often called "object oriented") reach into the
program and manipulate underlying data structures (widgets or controls).
First generation tools produce unmaintainable
tests. Whenever the screen layout changes in the slightest way,
the tests break. Mouse clicks are delivered to the wrong place,
and snapshots fail in irrelevant ways that nevertheless have to
be checked. Because screen layout changes are common, the constant
manual updating of tests becomes insupportable.
Second generation tools are applicable only to
tests where the underlying data structures are useful. For example,
they rarely apply to a photograph editing tool, where you need to
look at an actual image - at the actual bitmap. They also tend not
to work with custom controls. Heavy users of capture/replay tools
seem to spend an inordinate amount of time trying to get the tool
to deal with the special features of their program - which raises
the cost of test automation.
Second generation tools do not guarantee maintainability
either. Suppose a radio button is changed to a pulldown list. All
of the tests that use the old controls will now be broken.
GUI interface changes are of course common, especially
between releases. Consider carefully whether an automated test that
must be recaptured after GUI changes is worth having. Keep in mind
that it can be hard to figure out what a captured test is attempting
to accomplish unless it is separately documented.
As a rule of thumb, it's dangerous to assume that
an automated test will pay for itself this release, so your test
must be able to survive a reasonable level of GUI change. I believe
that capture/replay tests, of either generation, are rarely robust
An alternative approach to capture/replay is scripting
tests. (Most GUI capture/replay tools also allow scripting.) Some
member of the testing team writes a "test API" (application
programmer interface) that lets other members of the team express
their tests in less GUI-dependent terms. Whereas a captured test
might look like this:
· text $main.accountField "12"
click $main.OK
menu $operations
menu $withdraw
click $withdrawDialog.all
文本 $main.accountField "12"
点击 $main.OK
菜单 $operations
菜单 $withdraw
点击 $withdrawDialog.all
a script might look like this:
· select-account 12
withdraw all
select-account 12
withdraw all
The script commands are subroutines that perform
the appropriate mouse clicks and key presses. If the API is well-designed,
most GUI changes will require changes only to the implementation
of functions like withdraw, not to all the tests that use them.
Please note that well-designed test APIs are as hard to write as
any other good API. That is, they're hard, and you shouldn't expect
to get it right the first time.
In a variant of this approach, the tests are data-driven.
The tester provides a table describing key values. Some tool reads
the table and converts it to the appropriate mouse clicks. The table
is even less vulnerable to GUI changes because the sequence of operations
has been abstracted away. It's also likely to be more understandable,
especially to domain experts who are not programmers. See [Pettichord96]
for an example of data-driven automated testing.
Note that these more abstract tests (whether scripted
or data-driven) do not necessarily test the user interface thoroughly.
If the Withdraw dialog can be reached via several routes (toolbar,
menu item, hotkey), you don't know whether each route has been tried.
You need a separate (most likely manual) effort to ensure that all
the GUI components are connected correctly.
Whatever approach you take, don't fall into the
trap of expecting regression tests to find a high proportion of
new bugs. Regression tests discover that new or changed code breaks
what used to work. While that happens more often than any of us
would like, most bugs are in the product's new or intentionally
changed behavior. Those bugs have to be caught by new tests.
不论你采用的是什么方法,不要陷入期望回归测试发现高比例的新 bug 的陷阱。回归测试是发现以前起作用、但新代码或更改后的代码不起作用的现象。虽然它比我们希望的发生的次数更多,但许多
bug 是产品的新的或故意更改的行为。那些 bug 必须通过新测试来捕捉。
Code coverage
GUI capture/replay testing is appealing because
it's a quick fix for a difficult problem. Another class of tool
has the same kind of attraction.
The difficult problem is that it's so hard to
know if you're doing a good job testing. You only really find out
once the product has shipped. Understandably, this makes managers
uncomfortable. Sometimes you find them embracing code coverage with
the devotion that only simple numbers can inspire. Testers sometimes
also become enamored of coverage, though their romance tends to
be less fervent and ends sooner.
What is code coverage? It is any of a number of
measures of how thoroughly code is exercised. One common measure
counts how many statements have been executed by any test. The appeal
of such coverage is twofold:
1. If you've never exercised a line of code, you
surely can't have found any of its bugs. So you should design tests
to exercise every line of code.
如果你从未执行过某一行代码,你当然不能找出它的任何 bug 。所以应当设计一个可以执行每一行代码的测试。
2. Test suites are often too big, so you should
throw out any test that doesn't add value. A test that adds no new
coverage adds no value.
Only the first sentences in (1) and (2) are true.
I'll illustrate with this picture, where the irregular splotches
indicate bugs:
句子(1)和(2)中,只有第一句是正确的。我将用下面的图说明,其中的不规则黑点指示的是 bug
If you write only the tests needed to satisfy
coverage, you'll find bugs. You're guaranteed to find the code that
always fails, no matter how it's executed. But most bugs depend
on how a line of code is executed. For example, code with an off-by-one
error fails only when you exercise a boundary. Code with a divide-by-zero
error fails only if you divide by zero. Coverage-adequate tests
will find some of these bugs, by sheer dumb luck, but not enough
of them. To find enough bugs, you have to write additional tests
that "redundantly" execute the code.
如果你仅编写需要满足覆盖率的测试,你会发现 bug 。那些总是失败的代码不论怎样执行,你都肯定能发现它们。但是大多数的
bug 取决于如何执行某一行代码。例如,对于“大小差一”(off-by-one)错误的代码,只有当你执行边界测试时才会失败。只有在被零除的时候,代码才会发生被零除的错误。覆盖率足够的测试会发现这些
bug 中的一部分,全靠运气,但发现得还不够多。要发现足够多的 bug ,你必须编写其他的测试“冗余地”执行代码。
For the same reason, removing tests from a regression
test suite just because they don't add coverage is dangerous. The
point is not to cover the code; it's to have tests that can discover
enough of the bugs that are likely to be caused when the code is
changed. Unless the tests are ineptly designed, removing tests will
just remove power. If they are ineptly designed, using coverage
converts a big and lousy test suite to a small and lousy test suite.
That's progress, I suppose, but it's addressing the wrong problem.
bug 。除非测试用例是不熟练的设计,否则去掉测试用例就是去除作用力。如果它们是不熟练的设计,可以使用覆盖率将一个大而粗劣测试用例套件转化成一个小而粗劣的测试用例套件。我想这是进步,但是与这个问题无关。
A grave danger of code coverage is that it is
concrete, objective, and easy to measure. Many managers today are
using coverage as a performance goal for testers. Unfortunately,
a cardinal rule of management applies here: "Tell me how a
person is evaluated, and I'll tell you how he behaves." If
a person is evaluated by how much coverage is achieved in a given
time (or in how little time it takes to reach a particular coverage
goal), that person will tend to write tests to achieve high coverage
in the fastest way possible. Unfortunately, that means shortchanging
careful test design that targets bugs, and it certainly means avoiding
in-depth, repetitive testing of "already covered" code.
bug 为目的的仔细测试设计的偷工减料,这当然也意味着避开了深层次、重复地测试“已经覆盖”的代码。
Using coverage as a test design technique works
only when the testers are both designing poor tests and testing
redundantly. They'd be better off at least targeting their poor
tests at new areas of code. In more normal situations, coverage
as a guide to design only decreases the value of the tests or puts
testers under unproductive pressure to meet unhelpful goals.
Coverage does play a role in testing, not as a
guide to test design, but as a rough evaluation of it. After you've
run your tests, ask what their coverage is. If certain areas of
the code have no or low coverage, you're sure to have tested them
shallowly. If that wasn't intentional, you should improve the tests
by rethinking their design. Coverage has told you where your tests
are weak, but it's up to you to understand how.
You might not entirely ignore coverage. You might
glance at the uncovered lines of code (possibly assisted by the
programmer) to discover the kinds of tests you omitted. For example,
you might scan the code to determine that you undertested a dialog
box's error handling. Having done that, you step back and think
of all the user errors the dialog box should handle, not how to
provoke the error checks on line 343, 354, and 399. By rethinking
design, you'll not only execute those lines, you might also discover
that several other error checks are entirely missing. (Coverage
can't tell you how well you would have exercised needed code that
was left out of the program.)
There are types of coverage that point more directly
to design mistakes than statement coverage does (branch coverage,
for example). However, none - and not all of them put together -
are so accurate that they can be used as test design techniques.
One final note: Romances with coverage don't seem
to end with the former devotee wanting to be "just good friends".
When, at the end of a year's use of coverage, it has not solved
the testing problem, I find testing groups abandoning coverage entirely.
That's a shame. When I test, I spend somewhat less than 5% of my
time looking at coverage results, rethinking my test design, and
writing some new tests to correct my mistakes. It's time well spent.