Have you ever come across the term "be bugging"? What does it mean, and what is the relevance of the term in software testing?
Well, be bugging can be interchangeably used for fault or error seeding, it is the injection of known defects into the software application for the purpose of checking the occurrence of bug and devise a removal strategy.
The very purpose of introducing known bugs is to enhance the quality of the product. No new test suites are prepared but new defects are introduced to check the reliability of test suite. The aim is to improve test coverage and monitor response to those faults.
Techniques of Fault Seeding :
- Compile Time injections -In this technique a fault is introduced within the source code itself.
- Run Time injections -These are the faults that are triggered by a software into another software system during runtime. There are various tools used for be bugging/ fault injection.
- Bstorm : It is a software security testing tool, a product by Beyond Security, is used as a framework for dynamic security testing of products. QA professionals and network administrators can perform testing. It allows network administrators to ensure security of networked applications before they are ready to be deployed.
It is popular due to its robust and easy to use interface. Business organisations, be it any size can integrate beStorm into their software QA process. It is considered as a black box testing tool known to be used commercially, does not use source code and simply performs checks beginning with common failure issues and gradually moving onto the next.
- Holodeck : It is a testing tool by Security Innovation. It uses fault simulation techniques to duplicate real-world application and system errors. Testers and developers can work in a controlled environment to analyse and debug error handling code. It thus helps to monitor the reliability of an application. It creates real-world scenarios like memory leaking, bad registry data, corrupt files or corrupted network packets.
Holodeck logs and monitors the system calls. This in turn helps to introspect into even low level machine interactions, which allows one to track bug- generating events.
- Xception : This project emphasises on the advanced debugging and performance monitoring features that are present in modern processors, to check how the system reacts to fault injections.
This tool is widely used in various platforms - Online Transaction Processing System(OLTP), COTS(Commercial - off-the-shelf) system. Xception supports processors ranging from PowerPC, Intel Pentium, and SPARC(scalable processor architecture) based platforms that run on Windows/NT 2000, Linux OS, and a collection of real-time systems- LynxOS, SMX, RTLinux, ORK.
There are many breakpoint registers in a processor. When a fault is injected, the processor executes the fault trigger related to manipulation of data. The processor runs at its own pace even at the injection of the fault, that is, the fault injection is treated as a small exception routine.
By performance monitoring we intend to check the behaviour of the system in terms of number of clock and memory read and write cycles, and the instructions executed. This process continues until an error is caught.
- The Mu Service Analyser : Mu Security is a tool intended to track the network traffic and attack patterns. The Internet world is prone to attacks, hence Mu-4000 offers a range of testing options like mutated traffic, published vulnerabilities, Dos attacks. It has the option to choose any protocols from - TCP, UDP, ICMP to launch Dos attacks. It has the facility to record the system's progress and records the response time during an attack. When a fault is traced, the Mu analyser facilitates tracking the traffic and the packets to determine what caused the issue.
- Exhaustif : It is a SWIFI injection tool that checks for fault occurrence by injecting faults into the system, in a distributed environment. It is a fault tolerance verification and validation tool for embedded software systems.
Exhaustif has two parts : EEM (Exhaustif Executive Manager) and FIK (Fault Injector Kernels).
EEM - It helps to perform data analysis, post fault injection. It is a GUI based Java application that uses a SQL database to record the test results thus obtained from the System Under Test. It basically performs memory corruptions using temporary triggers and uses optimized routine interceptions, with minimum time.
FIK - This comes under EEM and checks fault injections in applications that run on different operating systems.
Bebugging primarily aims to refine the quality of an application by deliberately introducing new defects into it. The reason for performing such an activity is to enhance the robustness of the application and to also ensure that our system performs efficiently under stressful conditions.
The entire concept of fault injection or be bugging can be classified under a common term SWIFI (Software Implemented Fault Injection).