SlideShare a Scribd company logo

Pragmatic Code Coverage

Alexandre (Shura) Iline
Alexandre (Shura) Iline
1 of 65
And now for something completely different ...
<Insert Picture Here> Code coverage. The pragmatic approach. Александр Ильин Java Quality architect alexandre.iline@oracle.com
What it is about? Should the testing be stopped at 100% coverage? Should 100% be the goal? How (else) to use code coverage information? 3 What it is not about? Tools
<Insert Picture Here> Preface
What is the code coverage data for Measure to which extent source code is covered during testing. 5 consequently … Code coverage is A measure of how much source code is covered during testing. Testing is A set of activities aimed to prove that the system under test behaves as expected. finally …
CC – how to get • Create a template 6 • “Instrument” the source/compiled code/bytecode • Run testing, collect data • Generate report Template is a collection of all the code there is to cover Insert instructions for dropping data into a file/network, etc. May need to change environment HTML, DB, etc
• Block / primitive block • Line • Condition/branch/predicate • Entry/exit • Method • Path/sequence 7 CC – kinds of
CC – how to use • 8 • Perform analysis • Develop more tests • GOTO 1 Performed repeatedly, so resource-efficiency is really important Find what tests you need to develop. • 1: Measure (prev. slide) for testbase improvement Find what code you need to cover.Find what code you need to cover. • Find dead code Measure (prev. slide)
<Insert Picture Here> Mis-usages
• Must get to 100% 10 • 100% means no more testing • CC does not mean a thing • There is that tool which would generate tests for us and we're done CC – how not to use mis-usages May be not. No it does not. It does mean a fair amount if it is used properly. Nope.
<Insert Picture Here> Mis-usages Test generation
Test generation “We present a new symbolic execution tool, ####, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs.” #### tool documentation
Test generation cont. if ( b != 3 ) { double a = 1 / ( b – 2); } else { … }
Test generation cont. if ( b != 3 ) { double a = 1 / ( b – 3); } else { … } Reminder: testing is ... A set of activities aimed to prove that the system under test behaves as expected.
Test generation - conclusion Generated tests do not verify conformance of the core to the requirements. * Hence … Generated tests code coverage should not be mixed with regular functional tests code coverage. 15 (*) Same is true for all static analysis techniques
Who watches the watchmen? • Test logic gotta be right • No way to verify the logic • No metrics • No approaches • No techniques • Code review – the only way • Sole responsibility of test developer
<Insert Picture Here> Mis-usages What does 100% coverage mean?
100% block/line coverage 1 false
100% branch coverage 1 true -1 false
100% domain coverage 0 0 .1 √.1 -.1 Exception 0 e
100% sequence coverage (-1,-1)1 (1,1) (0,0) 1 NaN b (-1,1) (1,-1) 1 1
100% sequence coverage (-1,-1)1 (1,1) (0,0) 1 NaN b (-1,1) (1,-1) -1 -1 But … isPositive(float) has a defect!
100% sequence coverage • Has conceptual problems • Code semantics • Loops • One of the two • Assume libraries has no errors • Done in depth – with the libraries • Very expensive • A lot of sequences: 2# branches , generally speaking • Very hard to analyze data
100% coverage - conclusion 100% block/line/branch/path coverage, even if reachable, does not prove much. Hence … No need to try to get there unless ... 24
100% coverage - conclusion Most importantly ... A code coverage only measures coverage of a code which has been written. 25
<Insert Picture Here> Mis-usages Target value
Block coverage target value
100% coverage - conclusion 100% block/line/branch/path coverage, even if reachable, does not prove much. Hence … No need to try to get there unless … 100% is the target value. Which could happen if cost of a bug is really big and/or the product is really small. 31
Target value - conclusion True target value for block/line/branch/path comes from ROI, which is really hard to calculate and justify. 32
<Insert Picture Here> Usages
• Test base improvement. 34 • Dead code. • Metric • Control over code development CC – how to use Right. How to select which tests to develop first Barely an artifact Better have a good metric. • Control flow analysis
<Insert Picture Here> CC as a metric
What makes a good metric Simple to explain Simple to work towards Has a clear goal So that you could explain your boss why is that important to spend resources on So that you know what to do to improve So you could tell how far are you.
Is CC a good metric? Simple to explain Simple to work towards Has a clear goal Is a metric of quality of testing. (Relatively) easy to map uncovered code to missed tests. Nope. ROI – too complicated. + + -
Filter code coverage … to only leave code which should be covered completely Examples • Public API coverage • UI coverage • Controller code coverage • “Important code” coverage
Public API* Is a set of program elements suggested for usage by public documentation. For example: all functions and variables which are described in documentation. For a Java library: all public and protected methods and fields mentioned in the library javadoc. For Java SDK: … of all public classes in java and javax packages. (*) Only applicable for a library or a SDK
Public API
True Public API (c) Is a set of program elements which could be accessed directly by a library user Public API + all extensions of public API in non-public classes
True public API example ArrayList.java My code
UI coverage
UI coverage In a way, equivalent to public API but for a UI product • %% of UI elements shown – display coverage • %% user actions performed – action coverage Only “action coverage” could be obtained from CC data (*). (*) For UI toolkits which the presenter is familiar with.
Action coverage javax.swing.Action.actionPerformed(ActionEvent) javafx.event.EventHandler.handle(Event) org.myorg.NodeAction.actionPerformed(ActionEvent) org.myorg.NodeAction.nodeActionPerformed(Node myNode)
“Controller” code coverage Model Contains the domain logic View Implements user interaction Controller Maps the two. Only contains code which is called as a result of view actions and model feedbacks. Controller has very little boilerplate code. A good candidate for 100% block coverage.
“Important” code • Development/SQE marks class/method as important • We use an annotation @CriticalForCoverage • List of methods is obtained which are marked as important • We do that by an annotation processor right while main compilation • CC data is filtered by the method list • Goal is 100%
Examples of non-generic metrics • BPEL elements • JavaFX properties • A property in JavaFX is something you could set, get and bind • Project type coverage in NetBeans • Insert your own
CC as a metric - conclusion There are multiple ways to filter CC data to a set of code which needed to be covered in full. There are generic metrics and there is a possibility to introduce product specific metric. Such metrics are easy to use, although not always so straightforward to obtain. 51
<Insert Picture Here> Test prioritization
Test prioritization 100500 uncovered lines of code! Metric • Pick a metric • Develop tests “Metrics for managers. Me no manager! Me write code!” Consider mapping CC data to few other source code characteristics. “OMG! Where do I start?”
Age of the code New code is better be tested before getting to customer. (Improves bug escape rate, BTW) Old code is more likely to be tested by users or Not used by users.
What's a bug escape metric? Ratio of defects sneaked out unnoticed # defects not found before release # defects in the product In theory: # defects found after + # defects found before Practical: # defects found after release
Number of changes More times a piece of code was changed, more atomic improvements/bugfixes were implemented in it. Hence … Higher risk of introducing a regression.
Number of lines changed More lines changed – more testing it needs. Better all – number of uncovered lines which were changed in the last release.
Bug density Assuming all the pieces were tested equally well … Many bugs means there are, probably, even more • Hidden behind the known ones • Fixing existing ones may introduce yet more as regressions
Code complexity Assuming the same engineering talent and the same technology … More complex the code is – more bugs likely to be there. Any complexity metric would work: from class size to cyclomatic complexity
Putting it together A formula (1 – cc) * (a1 *x1 + a2 *x2 + a3 *x3 + ...) Where cc – code coverage (0 - 1) xi – a risk of bug discovery in a piece of code ai – a coefficient
Putting it together (1 – cc) * (a1 *x1 + a2 *x2 + a3 *x3 + ...) The ones with higher value are first to cover • Fix the coefficients • Develop tests • Collect statistics on bug escape • Fix the coefficient • Continue
Test prioritization - conclusion CC alone may not give enough information. Need to accompany it with other characteristics of test code to make a decision. Could use a few of other characteristics simultaneously. 62
<Insert Picture Here> Test prioritization Execution
Decrease test execution time Exclude tests which do not add coverage (*). But, be careful! Remember that CC is not everything and even 100% coverage does not mean a lot. While excluding tests get some orthogonal measurement as well, such as specification coverage. (*) Requires “test scales”
Control flow analysis Study the coverage report, see what test code exercises which code. (*). Recommended for developers. (*) Also requires “test scales”
Controlled code changes Do not allow commits unless all the new/changed code is covered. Requires simultaneous commits of tests and the changes.
Code coverage - conclusion 100% CC does not guarantee that the code is working right 100% CC may not be needed It is possible to build good metrics with CC CC helps with prioritization of test development Other source code characteristics could be used with CC 67
Coverage data is not free • Do just as much as you can consume * • Requires infrastructure work • Requires some development • Requires some analysis (*) The rule of thumb
Coverage data is not free • Do just as much as you can consume • Requires infrastructure work • Requires some development • Requires some analysis • Do just a little bit more than you can consume * • Otherwise how do you know how much you can consume? (*) The rule of thumb
<Insert Picture Here> Code coverage. The pragmatic approach. Александр Ильин Java Quality architect alexandre.iline@oracle.com

Recommended

Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자Taeyeop Kim
 
Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Rapita Systems Ltd
 
Code coverage & tools
Code coverage & toolsCode coverage & tools
Code coverage & toolsRajesh Kumar
 
Code Coverage
Code CoverageCode Coverage
Code CoverageErnani Omar Cruz
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Pavneet Singh Kochhar
 
Code coverage for automation scripts
Code coverage for automation scriptsCode coverage for automation scripts
Code coverage for automation scriptsvodQA
 
Parasoft fda software compliance part2
Parasoft fda software compliance part2Parasoft fda software compliance part2
Parasoft fda software compliance part2Engineering Software Lab
 

Recommended

Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자
IoT 개발자를 위한 Embedded C에서 Test Coverage를 추출해보자Taeyeop Kim
 
Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Presentation slides: "How to get 100% code coverage"
Presentation slides: "How to get 100% code coverage" Rapita Systems Ltd
 
Code coverage & tools
Code coverage & toolsCode coverage & tools
Code coverage & toolsRajesh Kumar
 
Code Coverage
Code CoverageCode Coverage
Code CoverageErnani Omar Cruz
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...Pavneet Singh Kochhar
 
Code coverage for automation scripts
Code coverage for automation scriptsCode coverage for automation scripts
Code coverage for automation scriptsvodQA
 
Parasoft fda software compliance part2
Parasoft fda software compliance part2Parasoft fda software compliance part2
Parasoft fda software compliance part2Engineering Software Lab
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...Sung Kim
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Sung Kim
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect PredictionSung Kim
 
PHPUnit - Unit testing
PHPUnit - Unit testingPHPUnit - Unit testing
PHPUnit - Unit testingNguyễn Đào Thiên Thư
 
Unit testing on embedded target with C++Test
Unit testing on embedded target with C++TestUnit testing on embedded target with C++Test
Unit testing on embedded target with C++TestEngineering Software Lab
 
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUTest Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUInfinIT - Innovationsnetværket for it
 
Keyword Driven Testing
Keyword Driven TestingKeyword Driven Testing
Keyword Driven TestingMaveryx
 
Automock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationAutomock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationSabrina Souto
 
Practical unit testing in c & c++
Practical unit testing in c & c++Practical unit testing in c & c++
Practical unit testing in c & c++Matt Hargett
 
Automation and Technical Debt
Automation and Technical DebtAutomation and Technical Debt
Automation and Technical DebtIBM UrbanCode Products
 
Generic Test Automation Architecture
Generic Test Automation ArchitectureGeneric Test Automation Architecture
Generic Test Automation ArchitectureTestingCR
 
Android Test Driven Development
Android Test Driven DevelopmentAndroid Test Driven Development
Android Test Driven DevelopmentArif Huda
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09Pyxis Technologies
 
Introducing Keyword-Driven Test Automation
Introducing Keyword-Driven Test AutomationIntroducing Keyword-Driven Test Automation
Introducing Keyword-Driven Test AutomationTechWell
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionPyxis Technologies
 
Unit testing legacy code
Unit testing legacy codeUnit testing legacy code
Unit testing legacy codeLars Thorup
 
Some Commonly Asked Question For Software Testing
Some Commonly Asked Question For Software TestingSome Commonly Asked Question For Software Testing
Some Commonly Asked Question For Software TestingKumari Warsha Goel
 
Introducing Keyword-driven Test Automation
Introducing Keyword-driven Test AutomationIntroducing Keyword-driven Test Automation
Introducing Keyword-driven Test AutomationTechWell
 
Code coverage analysis in testing
Code coverage analysis in testingCode coverage analysis in testing
Code coverage analysis in testingNi
 
Code coverage
Code coverageCode coverage
Code coverageVijayan Reddy
 

More Related Content

What's hot

Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...Sung Kim
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Sung Kim
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect PredictionSung Kim
 
Unit testing on embedded target with C++Test
Unit testing on embedded target with C++TestUnit testing on embedded target with C++Test
Unit testing on embedded target with C++TestEngineering Software Lab
 
Keyword Driven Testing
Keyword Driven TestingKeyword Driven Testing
Keyword Driven TestingMaveryx
 
Automock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationAutomock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationSabrina Souto
 
Practical unit testing in c & c++
Practical unit testing in c & c++Practical unit testing in c & c++
Practical unit testing in c & c++Matt Hargett
 
Generic Test Automation Architecture
Generic Test Automation ArchitectureGeneric Test Automation Architecture
Generic Test Automation ArchitectureTestingCR
 
Android Test Driven Development
Android Test Driven DevelopmentAndroid Test Driven Development
Android Test Driven DevelopmentArif Huda
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09Pyxis Technologies
 
Introducing Keyword-Driven Test Automation
Introducing Keyword-Driven Test AutomationIntroducing Keyword-Driven Test Automation
Introducing Keyword-Driven Test AutomationTechWell
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionPyxis Technologies
 
Unit testing legacy code
Unit testing legacy codeUnit testing legacy code
Unit testing legacy codeLars Thorup
 
Some Commonly Asked Question For Software Testing
Some Commonly Asked Question For Software TestingSome Commonly Asked Question For Software Testing
Some Commonly Asked Question For Software TestingKumari Warsha Goel
 
Introducing Keyword-driven Test Automation
Introducing Keyword-driven Test AutomationIntroducing Keyword-driven Test Automation
Introducing Keyword-driven Test AutomationTechWell
 

What's hot (20)

Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
 
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis technique
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect Prediction
 
PHPUnit - Unit testing
PHPUnit - Unit testingPHPUnit - Unit testing
PHPUnit - Unit testing
 
Unit testing on embedded target with C++Test
Unit testing on embedded target with C++TestUnit testing on embedded target with C++Test
Unit testing on embedded target with C++Test
 
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAUTest Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
Test Automation and Keyword-driven testing af Brian Nielsen, CISS/AAU
 
Keyword Driven Testing
Keyword Driven TestingKeyword Driven Testing
Keyword Driven Testing
 
Automock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationAutomock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code Generation
 
Practical unit testing in c & c++
Practical unit testing in c & c++Practical unit testing in c & c++
Practical unit testing in c & c++
 
Automation and Technical Debt
Automation and Technical DebtAutomation and Technical Debt
Automation and Technical Debt
 
Generic Test Automation Architecture
Generic Test Automation ArchitectureGeneric Test Automation Architecture
Generic Test Automation Architecture
 
Android Test Driven Development
Android Test Driven DevelopmentAndroid Test Driven Development
Android Test Driven Development
 
FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09FluentSelenium Presentation Code Camp09
FluentSelenium Presentation Code Camp09
 
Introducing Keyword-Driven Test Automation
Introducing Keyword-Driven Test AutomationIntroducing Keyword-Driven Test Automation
Introducing Keyword-Driven Test Automation
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and Adoption
 
Unit testing legacy code
Unit testing legacy codeUnit testing legacy code
Unit testing legacy code
 
Some Commonly Asked Question For Software Testing
Some Commonly Asked Question For Software TestingSome Commonly Asked Question For Software Testing
Some Commonly Asked Question For Software Testing
 
Introducing Keyword-driven Test Automation
Introducing Keyword-driven Test AutomationIntroducing Keyword-driven Test Automation
Introducing Keyword-driven Test Automation
 

Viewers also liked

Code coverage analysis in testing
Code coverage analysis in testingCode coverage analysis in testing
Code coverage analysis in testingNi
 
Session 7 code_functional_coverage
Session 7 code_functional_coverageSession 7 code_functional_coverage
Session 7 code_functional_coverageNirav Desai
 
BT Global Services - Our approach to Innovation
BT Global Services - Our approach to InnovationBT Global Services - Our approach to Innovation
BT Global Services - Our approach to InnovationGrace Kermani
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 
Tma World Viewpoint: Building Global Alignment Through Enterprise Wide Learning
Tma World Viewpoint: Building Global Alignment Through Enterprise Wide LearningTma World Viewpoint: Building Global Alignment Through Enterprise Wide Learning
Tma World Viewpoint: Building Global Alignment Through Enterprise Wide LearningTMA World
 
Finding Bugs Faster with Assertion Based Verification (ABV)
Finding Bugs Faster with Assertion Based Verification (ABV)Finding Bugs Faster with Assertion Based Verification (ABV)
Finding Bugs Faster with Assertion Based Verification (ABV)DVClub
 
Unit Testing Done Right
Unit Testing Done RightUnit Testing Done Right
Unit Testing Done RightBrian Fenton
 
What's with All This Talk About Coverage?
What's with All This Talk About Coverage?What's with All This Talk About Coverage?
What's with All This Talk About Coverage?DVClub
 
Comparing model coverage and code coverage in Model Driven testing: an explor...
Comparing model coverage and code coverage in Model Driven testing: an explor...Comparing model coverage and code coverage in Model Driven testing: an explor...
Comparing model coverage and code coverage in Model Driven testing: an explor...REvERSE University of Naples Federico II
 
Functional Coverage Development Tips - Mentor Graphics
Functional Coverage Development Tips - Mentor GraphicsFunctional Coverage Development Tips - Mentor Graphics
Functional Coverage Development Tips - Mentor GraphicseInfochips (An Arrow Company)
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoEvgeny Mandrikov
 
Roadmap to world class safety for
Roadmap to world class safety for Roadmap to world class safety for
Roadmap to world class safety for vinuvinu
 
Road map to safety ppt
Road map to safety pptRoad map to safety ppt
Road map to safety pptDoug Crann
 
Enterprise Mobility - Strong Mobile Strategy (7 steps to get you started)
Enterprise Mobility - Strong Mobile Strategy (7 steps to get you started)Enterprise Mobility - Strong Mobile Strategy (7 steps to get you started)
Enterprise Mobility - Strong Mobile Strategy (7 steps to get you started)TkXel
 
Tools and techniques of code coverage testing
Tools and techniques of code coverage testingTools and techniques of code coverage testing
Tools and techniques of code coverage testingIAEME Publication
 
New product development cycle model
New product development cycle modelNew product development cycle model
New product development cycle modelMohit Singla
 
Mobile roadmap & maturity model
Mobile roadmap & maturity modelMobile roadmap & maturity model
Mobile roadmap & maturity modelPatrick McLean
 
Enterprise Mobility Strategy
Enterprise Mobility StrategyEnterprise Mobility Strategy
Enterprise Mobility StrategyFreeform Dynamics
 

Viewers also liked (20)

Code coverage analysis in testing
Code coverage analysis in testingCode coverage analysis in testing
Code coverage analysis in testing
 
Code coverage
Code coverageCode coverage
Code coverage
 
Session 7 code_functional_coverage
Session 7 code_functional_coverageSession 7 code_functional_coverage
Session 7 code_functional_coverage
 
Code coverage
Code coverageCode coverage
Code coverage
 
BT Global Services - Our approach to Innovation
BT Global Services - Our approach to InnovationBT Global Services - Our approach to Innovation
BT Global Services - Our approach to Innovation
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
Tma World Viewpoint: Building Global Alignment Through Enterprise Wide Learning
Tma World Viewpoint: Building Global Alignment Through Enterprise Wide LearningTma World Viewpoint: Building Global Alignment Through Enterprise Wide Learning
Tma World Viewpoint: Building Global Alignment Through Enterprise Wide Learning
 
Finding Bugs Faster with Assertion Based Verification (ABV)
Finding Bugs Faster with Assertion Based Verification (ABV)Finding Bugs Faster with Assertion Based Verification (ABV)
Finding Bugs Faster with Assertion Based Verification (ABV)
 
Unit Testing Done Right
Unit Testing Done RightUnit Testing Done Right
Unit Testing Done Right
 
What's with All This Talk About Coverage?
What's with All This Talk About Coverage?What's with All This Talk About Coverage?
What's with All This Talk About Coverage?
 
Comparing model coverage and code coverage in Model Driven testing: an explor...
Comparing model coverage and code coverage in Model Driven testing: an explor...Comparing model coverage and code coverage in Model Driven testing: an explor...
Comparing model coverage and code coverage in Model Driven testing: an explor...
 
Functional Coverage Development Tips - Mentor Graphics
Functional Coverage Development Tips - Mentor GraphicsFunctional Coverage Development Tips - Mentor Graphics
Functional Coverage Development Tips - Mentor Graphics
 
Code Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCoCode Coverage Revised : EclEmma on JaCoCo
Code Coverage Revised : EclEmma on JaCoCo
 
Roadmap to world class safety for
Roadmap to world class safety for Roadmap to world class safety for
Roadmap to world class safety for
 
Road map to safety ppt
Road map to safety pptRoad map to safety ppt
Road map to safety ppt
 
Enterprise Mobility - Strong Mobile Strategy (7 steps to get you started)
Enterprise Mobility - Strong Mobile Strategy (7 steps to get you started)Enterprise Mobility - Strong Mobile Strategy (7 steps to get you started)
Enterprise Mobility - Strong Mobile Strategy (7 steps to get you started)
 
Tools and techniques of code coverage testing
Tools and techniques of code coverage testingTools and techniques of code coverage testing
Tools and techniques of code coverage testing
 
New product development cycle model
New product development cycle modelNew product development cycle model
New product development cycle model
 
Mobile roadmap & maturity model
Mobile roadmap & maturity modelMobile roadmap & maturity model
Mobile roadmap & maturity model
 
Enterprise Mobility Strategy
Enterprise Mobility StrategyEnterprise Mobility Strategy
Enterprise Mobility Strategy
 

Similar to Pragmatic Code Coverage

Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab
 
Code instrumentation
Code instrumentationCode instrumentation
Code instrumentationMennan Tekbir
 
Полезные метрики покрытия. Практический опыт и немного теории
Полезные метрики покрытия. Практический опыт и немного теорииПолезные метрики покрытия. Практический опыт и немного теории
Полезные метрики покрытия. Практический опыт и немного теорииSQALab
 
Improving the Quality of Existing Software
Improving the Quality of Existing SoftwareImproving the Quality of Existing Software
Improving the Quality of Existing SoftwareSteven Smith
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerIevgenii Katsan
 
Improving the Quality of Existing Software
Improving the Quality of Existing SoftwareImproving the Quality of Existing Software
Improving the Quality of Existing SoftwareSteven Smith
 
Improving the Quality of Existing Software - DevIntersection April 2016
Improving the Quality of Existing Software - DevIntersection April 2016Improving the Quality of Existing Software - DevIntersection April 2016
Improving the Quality of Existing Software - DevIntersection April 2016Steven Smith
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Dinis Cruz
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Automating The Process For Building Reliable Software
Automating The Process For Building Reliable SoftwareAutomating The Process For Building Reliable Software
Automating The Process For Building Reliable Softwareguest8861ff
 
How to improve code quality for iOS apps?
How to improve code quality for iOS apps?How to improve code quality for iOS apps?
How to improve code quality for iOS apps?Kate Semizhon
 
Vulnerability Detection Based on Git History
Vulnerability Detection Based on Git HistoryVulnerability Detection Based on Git History
Vulnerability Detection Based on Git HistoryKenta Yamamoto
 
DevOps for Machine Learning overview en-us
DevOps for Machine Learning overview en-usDevOps for Machine Learning overview en-us
DevOps for Machine Learning overview en-useltonrodriguez11
 
The Magic Of Application Lifecycle Management In Vs Public
The Magic Of Application Lifecycle Management In Vs PublicThe Magic Of Application Lifecycle Management In Vs Public
The Magic Of Application Lifecycle Management In Vs PublicDavid Solivan
 

Similar to Pragmatic Code Coverage (20)

Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Unit tests and TDD
Unit tests and TDDUnit tests and TDD
Unit tests and TDD
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019
 
Verification Challenges and Methodologies
Verification Challenges and MethodologiesVerification Challenges and Methodologies
Verification Challenges and Methodologies
 
Code instrumentation
Code instrumentationCode instrumentation
Code instrumentation
 
Полезные метрики покрытия. Практический опыт и немного теории
Полезные метрики покрытия. Практический опыт и немного теорииПолезные метрики покрытия. Практический опыт и немного теории
Полезные метрики покрытия. Практический опыт и немного теории
 
Improving the Quality of Existing Software
Improving the Quality of Existing SoftwareImproving the Quality of Existing Software
Improving the Quality of Existing Software
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Security
 
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
 
Improving the Quality of Existing Software
Improving the Quality of Existing SoftwareImproving the Quality of Existing Software
Improving the Quality of Existing Software
 
Improving the Quality of Existing Software - DevIntersection April 2016
Improving the Quality of Existing Software - DevIntersection April 2016Improving the Quality of Existing Software - DevIntersection April 2016
Improving the Quality of Existing Software - DevIntersection April 2016
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)Scaling security in a cloud environment v0.5 (Sep 2017)
Scaling security in a cloud environment v0.5 (Sep 2017)
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically Guaranteed
 
Fundamentals of unit testing
Fundamentals of unit testingFundamentals of unit testing
Fundamentals of unit testing
 
1506.08725v1
1506.08725v11506.08725v1
1506.08725v1
 
Automating The Process For Building Reliable Software
Automating The Process For Building Reliable SoftwareAutomating The Process For Building Reliable Software
Automating The Process For Building Reliable Software
 
How to improve code quality for iOS apps?
How to improve code quality for iOS apps?How to improve code quality for iOS apps?
How to improve code quality for iOS apps?
 
Vulnerability Detection Based on Git History
Vulnerability Detection Based on Git HistoryVulnerability Detection Based on Git History
Vulnerability Detection Based on Git History
 
DevOps for Machine Learning overview en-us
DevOps for Machine Learning overview en-usDevOps for Machine Learning overview en-us
DevOps for Machine Learning overview en-us
 
The Magic Of Application Lifecycle Management In Vs Public
The Magic Of Application Lifecycle Management In Vs PublicThe Magic Of Application Lifecycle Management In Vs Public
The Magic Of Application Lifecycle Management In Vs Public
 

Pragmatic Code Coverage

  • 1. And now for something completely different ...
  • 2. <Insert Picture Here> Code coverage. The pragmatic approach. Александр Ильин Java Quality architect alexandre.iline@oracle.com
  • 3. What it is about? Should the testing be stopped at 100% coverage? Should 100% be the goal? How (else) to use code coverage information? 3 What it is not about? Tools
  • 5. What is the code coverage data for Measure to which extent source code is covered during testing. 5 consequently … Code coverage is A measure of how much source code is covered during testing. Testing is A set of activities aimed to prove that the system under test behaves as expected. finally …
  • 6. CC – how to get • Create a template 6 • “Instrument” the source/compiled code/bytecode • Run testing, collect data • Generate report Template is a collection of all the code there is to cover Insert instructions for dropping data into a file/network, etc. May need to change environment HTML, DB, etc
  • 7. • Block / primitive block • Line • Condition/branch/predicate • Entry/exit • Method • Path/sequence 7 CC – kinds of
  • 8. CC – how to use • 8 • Perform analysis • Develop more tests • GOTO 1 Performed repeatedly, so resource-efficiency is really important Find what tests you need to develop. • 1: Measure (prev. slide) for testbase improvement Find what code you need to cover.Find what code you need to cover. • Find dead code Measure (prev. slide)
  • 10. • Must get to 100% 10 • 100% means no more testing • CC does not mean a thing • There is that tool which would generate tests for us and we're done CC – how not to use mis-usages May be not. No it does not. It does mean a fair amount if it is used properly. Nope.
  • 12. Test generation “We present a new symbolic execution tool, ####, capable of automatically generating tests that achieve high coverage on a diverse set of complex and environmentally-intensive programs.” #### tool documentation
  • 13. Test generation cont. if ( b != 3 ) { double a = 1 / ( b – 2); } else { … }
  • 14. Test generation cont. if ( b != 3 ) { double a = 1 / ( b – 3); } else { … } Reminder: testing is ... A set of activities aimed to prove that the system under test behaves as expected.
  • 15. Test generation - conclusion Generated tests do not verify conformance of the core to the requirements. * Hence … Generated tests code coverage should not be mixed with regular functional tests code coverage. 15 (*) Same is true for all static analysis techniques
  • 16. Who watches the watchmen? • Test logic gotta be right • No way to verify the logic • No metrics • No approaches • No techniques • Code review – the only way • Sole responsibility of test developer
  • 17. <Insert Picture Here> Mis-usages What does 100% coverage mean?
  • 22. 100% sequence coverage (-1,-1)1 (1,1) (0,0) 1 NaN b (-1,1) (1,-1) -1 -1 But … isPositive(float) has a defect!
  • 23. 100% sequence coverage • Has conceptual problems • Code semantics • Loops • One of the two • Assume libraries has no errors • Done in depth – with the libraries • Very expensive • A lot of sequences: 2# branches , generally speaking • Very hard to analyze data
  • 24. 100% coverage - conclusion 100% block/line/branch/path coverage, even if reachable, does not prove much. Hence … No need to try to get there unless ... 24
  • 25. 100% coverage - conclusion Most importantly ... A code coverage only measures coverage of a code which has been written. 25
  • 28. 100% coverage - conclusion 100% block/line/branch/path coverage, even if reachable, does not prove much. Hence … No need to try to get there unless … 100% is the target value. Which could happen if cost of a bug is really big and/or the product is really small. 31
  • 29. Target value - conclusion True target value for block/line/branch/path comes from ROI, which is really hard to calculate and justify. 32
  • 31. • Test base improvement. 34 • Dead code. • Metric • Control over code development CC – how to use Right. How to select which tests to develop first Barely an artifact Better have a good metric. • Control flow analysis
  • 33. What makes a good metric Simple to explain Simple to work towards Has a clear goal So that you could explain your boss why is that important to spend resources on So that you know what to do to improve So you could tell how far are you.
  • 34. Is CC a good metric? Simple to explain Simple to work towards Has a clear goal Is a metric of quality of testing. (Relatively) easy to map uncovered code to missed tests. Nope. ROI – too complicated. + + -
  • 35. Filter code coverage … to only leave code which should be covered completely Examples • Public API coverage • UI coverage • Controller code coverage • “Important code” coverage
  • 36. Public API* Is a set of program elements suggested for usage by public documentation. For example: all functions and variables which are described in documentation. For a Java library: all public and protected methods and fields mentioned in the library javadoc. For Java SDK: … of all public classes in java and javax packages. (*) Only applicable for a library or a SDK
  • 38. True Public API (c) Is a set of program elements which could be accessed directly by a library user Public API + all extensions of public API in non-public classes
  • 39. True public API example ArrayList.java My code
  • 41. UI coverage In a way, equivalent to public API but for a UI product • %% of UI elements shown – display coverage • %% user actions performed – action coverage Only “action coverage” could be obtained from CC data (*). (*) For UI toolkits which the presenter is familiar with.
  • 43. “Controller” code coverage Model Contains the domain logic View Implements user interaction Controller Maps the two. Only contains code which is called as a result of view actions and model feedbacks. Controller has very little boilerplate code. A good candidate for 100% block coverage.
  • 44. “Important” code • Development/SQE marks class/method as important • We use an annotation @CriticalForCoverage • List of methods is obtained which are marked as important • We do that by an annotation processor right while main compilation • CC data is filtered by the method list • Goal is 100%
  • 45. Examples of non-generic metrics • BPEL elements • JavaFX properties • A property in JavaFX is something you could set, get and bind • Project type coverage in NetBeans • Insert your own
  • 46. CC as a metric - conclusion There are multiple ways to filter CC data to a set of code which needed to be covered in full. There are generic metrics and there is a possibility to introduce product specific metric. Such metrics are easy to use, although not always so straightforward to obtain. 51
  • 47. <Insert Picture Here> Test prioritization
  • 48. Test prioritization 100500 uncovered lines of code! Metric • Pick a metric • Develop tests “Metrics for managers. Me no manager! Me write code!” Consider mapping CC data to few other source code characteristics. “OMG! Where do I start?”
  • 49. Age of the code New code is better be tested before getting to customer. (Improves bug escape rate, BTW) Old code is more likely to be tested by users or Not used by users.
  • 50. What's a bug escape metric? Ratio of defects sneaked out unnoticed # defects not found before release # defects in the product In theory: # defects found after + # defects found before Practical: # defects found after release
  • 51. Number of changes More times a piece of code was changed, more atomic improvements/bugfixes were implemented in it. Hence … Higher risk of introducing a regression.
  • 52. Number of lines changed More lines changed – more testing it needs. Better all – number of uncovered lines which were changed in the last release.
  • 53. Bug density Assuming all the pieces were tested equally well … Many bugs means there are, probably, even more • Hidden behind the known ones • Fixing existing ones may introduce yet more as regressions
  • 54. Code complexity Assuming the same engineering talent and the same technology … More complex the code is – more bugs likely to be there. Any complexity metric would work: from class size to cyclomatic complexity
  • 55. Putting it together A formula (1 – cc) * (a1 *x1 + a2 *x2 + a3 *x3 + ...) Where cc – code coverage (0 - 1) xi – a risk of bug discovery in a piece of code ai – a coefficient
  • 56. Putting it together (1 – cc) * (a1 *x1 + a2 *x2 + a3 *x3 + ...) The ones with higher value are first to cover • Fix the coefficients • Develop tests • Collect statistics on bug escape • Fix the coefficient • Continue
  • 57. Test prioritization - conclusion CC alone may not give enough information. Need to accompany it with other characteristics of test code to make a decision. Could use a few of other characteristics simultaneously. 62
  • 58. <Insert Picture Here> Test prioritization Execution
  • 59. Decrease test execution time Exclude tests which do not add coverage (*). But, be careful! Remember that CC is not everything and even 100% coverage does not mean a lot. While excluding tests get some orthogonal measurement as well, such as specification coverage. (*) Requires “test scales”
  • 60. Control flow analysis Study the coverage report, see what test code exercises which code. (*). Recommended for developers. (*) Also requires “test scales”
  • 61. Controlled code changes Do not allow commits unless all the new/changed code is covered. Requires simultaneous commits of tests and the changes.
  • 62. Code coverage - conclusion 100% CC does not guarantee that the code is working right 100% CC may not be needed It is possible to build good metrics with CC CC helps with prioritization of test development Other source code characteristics could be used with CC 67
  • 63. Coverage data is not free • Do just as much as you can consume * • Requires infrastructure work • Requires some development • Requires some analysis (*) The rule of thumb
  • 64. Coverage data is not free • Do just as much as you can consume • Requires infrastructure work • Requires some development • Requires some analysis • Do just a little bit more than you can consume * • Otherwise how do you know how much you can consume? (*) The rule of thumb
  • 65. <Insert Picture Here> Code coverage. The pragmatic approach. Александр Ильин Java Quality architect alexandre.iline@oracle.com