Geek Answers Handbook

What is software injection really used for?

My basic understanding of software injection is as follows:

It is not possible to run all possible tests for software testing. Thus, one of the ways to make changes to the code and analyze the degree of errors that arise from it.

But how is this useful?

As we had:

function foo(a, b) { return a/b; }

and we changed it to

 function foo(a, b) { return Math.floor(a/b); }

So what is it?

How was that useful at all?

EDIT

@Leo, Let's say I wrote software that finds Fibonacci numbers. I am writing a test that looks like this: assert(fib(1) == 1);

assert(fib(0) == 0);

assert(fib(3) == 2);

I maintain that 100% coverage since all lines of code are executed here.

My client runs these tests and they all pass. Therefore, he thinks: "Perhaps the tests themselves are wrong, let me make some changes to them."

Therefore, he changes one of them to assert(fib(1) == 5);

and the test fails. What can he make of it?

+6
source share
3 answers

Suppose you hired a company to provide you with some kind of software, and they promised that they unit test have their code with 90% coverage, which seems to be a lot.

So, you decided to insert errors into these tests, so you expect to see a much lower coverage of passing tests, but, well, after inserting errors you will find that it still covers 90% :-)

How useful are these tests?

for example, is this test correct?

 @Test public void testAdd() { int result = 0; Claszz c = new Claszz(); int result2 = c.add(-1, 1); assertEquals(result,0); }
+4
source

Malicious software errors are mainly used to test the coverage of code performed using tests. If a set of test data is started in the code and all of them are transmitted, this definitely does not mean that the code is a 100% error. One reason may be that, given the data, some of the code is not available. In this case, the code is modified to see if it still works as expected.

This is primarily used to check for exceptions or handle errors that are rare.

For example, if there is a field that accepts only a positive number, and there is a requirement that an error is displayed when entering negative values.

In this case, the field property can be set so that the user cannot enter it. Thus, the condition of a negative value cannot be verified.

Here, the code will be changed so that the user can enter the value -ve and check the error message.

+1
source

Well, this is an old question, but Google made me here, so I’ll just add my views.

Software inclusion and associated ratings are related to testing coverage, but I would say more than just a percentage of the code. This is an indicator of how good your tests are in troubleshooting. So you enter 100 errors and your tests find 60 of them. You missed 40% of the errors. Perhaps you had 100% code coverage in the tests and still missed these errors. If you had a set of tests that said to state (1 == 1), you would have missed 100% of your errors.

Of course, then the question arises about the quality of the injections (i.e., they cause observable errors, it is an error that is important enough to check, the code is available, etc.). But that is another matter.

Finally, another aspect is reliability testing, with tools like Chaos Monkey, which kills VM instances from your live system to evaluate how your system handles failures, recovery, etc. But this is a slightly different point of view, as you introduce errors at the system level, and I assume that this question was at the / unit test code level.

+1
source

More articles:


All Articles