Software

Quality and Dependability

2016-2017

Questions to help students in the preparation for the written exams1

The following exercises are meant to help students in the preparation for the written exams.
About half of the questions are intended to serve as guide to study, and do not represent the
kind of questions that may appear in the written exams. The topic of model checking has just a
few questions, as there is already a collection of exercises on that topic.

1) Explain why availability is an attribute of security. Give examples.

2) Explain the difference between software verification and software validation.

3) If a web service crashes when called with a give combination of valid inputs, can you
claim that the web service is not robust? Explain.

4) Explain the difference between the notion of defect in the context of software
inspections (e.g., requirement inspection) and error, as defined by the software reliability
terminology.

5) Explain the differences among fault prevention, fault tolerance, fault removal and fault
forecasting and list the four techniques by order of frequency of utilization by the software
industry (put in first place the one that is used more intensively).

6) In your opinion, the concept of permanent and transient fault use for hardware faults can
be also applied to software bugs?

7) Consider you have a program to calculate the list of occurrences of Fridays on the 13th day
of the month (these days are considered days of bad luck by superstitious people) for the
next 20 years. Give four examples of failure modes that may happen when running that
program.

8) If a given web interface allows causing intentional malicious faults, is that a functional or a
non-functional problem? Do you think such problem can be corrected/avoided?

9) If a program performs correct calculations (i.e., the result is correct), can you still claim
that such result represents a failure? If your answer is yes, give two examples.

10) In your opinion, NVersion programming is based on error detection or error masking
techniques?

11) If you decide to execute the same program with the same input parameters several times,
using the same hardware, and vote for majority the results obtained in the different runs,
what kind of redundancy are you using? Is that different from NVersion programming?

12) Choose the sentence that, in your opinion, is more correct and explain your choice:
a) Test cases can be used to perform system diagnosis after a failure
b) Diagnosis procedures can be used for testing purposes

1 Sources:
Some of these questions come (or have been adapted) from the following sources:
http://istqbexamcertification.com/istqb-dumps-download-mock-tests-and-sample-question-papers-from-2012-to-2014/
https://courses.cs.ut.ee/MTAT.03.159/2015_spring/uploads/Main/SWT-exam-2014.pdf
http://agile.csc.ncsu.edu/SEMaterials/WhiteBox.pdf
1
13) Do you think the concept of external fault also applies to software faults? Explain.

14) Does the code used to validate inputs represent a form of software redundancy or it is just a
robustness testing technique? Explain.

15) A timeout, if implemented by an external hardware clock, can be considered a structural

error detection mechanism? Explain.

16) Suppose you are the moderator of a software inspection intended to review the
requirements of a given module. If one inspector declares at the beginning of the meeting
that he did not analyze the requirements before the review meeting, what should you do as
moderator?

17) The same situation as the previous question, but this time the inspector claims that he has
analyzed the requirements but he forgot to fill the inspection log. What should the
moderator do in this case?

18) In a code inspection, what are the main points to take into account to define the criteria
used to determine the need for re-inspection and how is responsible for that decision.

19) When should regression testing be performed?

20) What is the importance of regression testing and explain the key alternatives concerning
regression testing decisions?

21) Do you thing that the evaluation of testability of the requirements is useful to help defining
test cases in white box or in black box testing? Explain your answer.

22) Which of the following will be the best definition for testing:
a) The goal / purpose of testing is to demonstrate that the program works.
b) The purpose of testing is to demonstrate that the program is defect free.
c) The purpose of testing is to demonstrate that the program does what it is supposed to
do.
d) Testing is executing software for the purpose of finding defects.

23) Which of the following test cases designing alternatives assures the highest level of
independence:
a) Designed by persons who write the software under test
b) Designed by a person from a different section
c) Designed by a person from a different organization
d) Designed by another person

24) Deciding how much testing is enough should take into account:
i. Level of risk related to the product and/or project
ii. Project constraints such as time and budget
iii. Size of testing team
iv. Size of the development team
a) i,ii,iii are true and iv is false
b) i,,iv are true and ii is false

2
 c) i,ii are true and iii,iv are false
d) ii,iii,iv are true and i is false

25) When what is visible to end-users is a deviation from the specific or expected behavior,
this is called:
a) an error
b) a fault
c) a failure
d) a defect
e) a mistake

26) Testing should be stopped when:

a) all the planned tests have been run
b) time has run out
c) all faults have been fixed correctly
d) both a) and c)
e) it depends on the risks for the system being tested

27) Non-functional system testing includes:

a) testing to see where the system does not function properly
b) testing quality attributes of the system such as performance, usability, security, and
robustness.
c) testing a system feature using only the software required for that action
d) testing a system feature using only the software required for that function
e) testing for functions that should not exist

28) What is the purpose of test completion criteria in a test plan:

a) to know when a specific test has finished its execution
b) to ensure that the test case specification is complete
c) to set the criteria used in generating test inputs
d) to know when test planning is complete
e) to plan when to stop testing

29) Consider the method speedingfine

1 public static int speedingfine (int age, int overspeed; int
licencemark) {
2 int fine = 0;
3 if ((age >= 25) && (overspeed < 30) && (licencemark < 3))
4 fine = fine + 100 * overspeed;
5 else {
6 if ((age < 25) || (licencemark >= 3))
7 fine = fine + (200 * overspeed);
8 if (overspeed >= 30)
9 fine = fine + 5000;
10 }
11 return fine;
12
3
 a) Draw the control flow graph and calculate the McCabe Cyclomatic number (i.e., the
number of linearly independent paths)
b) Write down the basic path sets (maximum number of independent paths) of the method.
c) Propose a test case for each independent path.

30) Consider the following pseudo code:

if (input is in AllowedCharacterSet)
if (input is a number)
if (input >= 0)
put input into positiveNumberList
else
put input into negativeNumberList
else
if (input is an alphabet)
put input into alphabetList
else
put input into symbolList
else
exception(Illegal character

a) Draw a flow diagram that depicts the pseudo code. Label each node in the diagram with a
unique alphabet.
b) What is the cyclomatic number of the program?
c) Identify each independent execution path in this program.

31) When a teacher inserts the grades of a student in Nonio, the field in the form accepts grades
from 10 (minimum) to 20 (maximum), as the final grade. If the grade inserted is greater than
or equal to 0 and lower than 10, the grade is accepted but the system replaces it by NRC
(short of No Reune as Condies). Any other value (i.e., greater than 20, lower than 0, real
numbers, characters, etc.) should not be accepted by the system. Identify the equivalence
classes to test this specific functional feature of Nonio (considering both valid and invalid).

32) For the field to insert the grades of a student in Nonio, and considering what is mentioned in
the previous questions, define the test cases for the boundary values.

33) Consider the following implementation of the bubble sort algorithm:

void bubblesort (int array[], int size)
{
int tmp ,i, j;
for (i = 0; i <size; i++)
for (j=0; j < size; j++)
If (array[i] < array[j])
{
tmp = array[i];
array[i] = array[j];
array[j] = tmp;
}
}
a) Draw the control flow graph and calculate the McCabe Cyclomatic number.
b) Write down the basic path sets (independent paths).
c) Propose test cases for the function bubblesort, taking into account that the function has
loops.

4
34) The application that calculates the IRS (the annual taxation over the income of families) has
two fields, Income and NPeople, with the following features:
Income: to insert the total amount of income (salary and other types of payments)
received by the members of the family during the year.
NPeople: to enter the number of people in the family for taxation purposes.

The percentage of tax is calculated taking into account the values entered in both fields.
For annual income values below 7280 euros, the tax is 0%, no matter the number of people
in the family. For income values greater or equal to 7280 and lower than 12048 euros, the
tax is 6% when the number of people in the family is 1, and the tax is reduced 1.5% for
each member of the family (for example, for a family of 3 people, the tax is 3%). The tax
cannot be a negative, thus if the number of people is high enough the tax may reach 0%,
but remains at 0% for even higher number of people in the family. For income values
greater or equal to 12048 and lower than 30065 euros, the tax is 30% when the number of
people in the family is 1, and the tax is reduced 1.2% for each member of the family. For
income values greater or equal to 30065, the tax is 40% when the number of people in the
family is 1, and the tax is reduced 0.8% for each member of the family.
a) Propose the set of equivalence classes you would use to test this functional feature of the
IRS application. Consider the two fields.
b) Define the test cases for the boundary values, considering the two fields.

35) Consider the following function to check if a given positive number is prime:
int check_prime(int a)
{
int c;
if (a <= 3)
return 1;
else
{
for ( c = 2 ; c <= a - 1 ; c++ )
{
if ( a%c == 0 )
return 0;
}
if ( c == a )
return 1;
}
}

a) Draw the data flow graph.

b) Show the definition-use (du) paths.

36) Provide a concise yet precise answer to the following questions:

a) Consider the path P1 = (0,1,2,3,4,5,7,8,9,10,7,11,12) in the control flow graph of a given
program. Is the path P2 = (0,1,2,3,4,5,7,11,12) independent from P1. Explain.
b) If a web service crashes when called with a given combination of valid inputs, can you
claim that the web service is not robust? Explain.
c) When what is visible to end-users is a deviation from the specific or expected behavior,
this is called, an error, a fault, a failure, a defect, or a mistake?

37) The Promela code below describes a system composed of two processes (N=2) and attempts
to verify a certain property.

5
 #define N 2
bool want[N];
byte turn;
byte mx = 0;

active [N] proctype P() {

do
:: want[_pid] = true;
turn = (_pid+1)%N;
( !( want[(_pid+1)%N] && turn == (_pid+1)%N ) );
mx++;
assert(mx <= 1);
mx--;
want[_pid] = false
od
}
a) Which property does the above code attempt to verify? How?
b) If you verify this exact code using Spin, you will get no errors. What can you conclude for
a system with N=3? Justify.
c) Is it exactly the same to verify the above code if we replace the line containing the
statement ( !( want[(_pid+1)%N] && turn == (_pid+1)%N ) ) with a busy wait like the one
below? Explain.
do
:: !( want[(_pid+1)%N] && turn == (_pid+1)%N ) -> break
:: else -> skip
od;

38) The Promela code below describes a system composed of several processes, including the init
process, and attempts to verify a certain property.

byte semaphore = 0;
byte critical = 0;

inline wait(sem) {
atomic {
(sem > 0);
sem--
}
}

inline signal(sem) {
sem++
}
proctype P() {
wait(semaphore);
critical++;
assert(critical <= 1);
critical--;
signal(semaphore)
}
init {
run P();
run P();
run P();
wait(semaphore);
semaphore++;
signal(semaphore);
}
6
 a) State, and justify, whether the following sentence is true or false: An assertion like the
one shown in the code is intended to verify that variable critical is always, at any point of
the execution, less than or equal to one.
b) If you verify this exact code using Spin, you will get an invalid end state. What does that
mean for the code in question?
c) What is the purpose of the atomic sequence in the declaration of wait()?.

39) Consider the following implementation of a C function to reverse an array:

a) Draw the control flow graph and calculate the McCabe Cyclomatic number.
b) Propose test cases for the function reverse_array and justify your proposal. Pay attention
to the type of input parameters received by the function.
c) Explain how you can define and execute a test case that verifies that the function leaves
with exit(EXIT_FAILURE).

40) Consider the web service method backgroundInsulinDoseX with the following description:
Goal: calculates the total number of units of insulin needed between
meals.
Returns: BID - Background insulin dose.
Inputs:
W - Weight in kilograms (decimal values with two decimal places
between 6.00kg and 180.00kg, including these values).
S Sex of the patient (F or M)
A Age of the patient (integer values between 3 and 110,
including these values).
The general approach is to calculate BID using the following rules:
BID = 0.55 * W when S = M and A > 21
BID = 0.50 * W when S = F and A > 21
BID = 0.45 * W when A 21 and A > 10, no matter the value of S
BID = 0.40 * W when A 10, no matter the value of S

a) Propose the set of equivalence classes you would use to test the backgroundInsulinDoseX
method.

7
 b) Considering the backgroundInsulinDoseX method, explain the differences between test
cases defined considering boundary values and test cases defined to test the robustness
to the web service backgroundInsulinDoseX method.

41) Provide a concise yet precise answer to the following questions related to software testing
(important: the goal is to provide precise answers):
a) What is the purpose of exit criteria in software testing?
b) What is functional system testing?
c) Why are static testing and dynamic testing techniques described as complementary?
d) What is the difference between re-testing and regression testing?
e) Could software reviews or inspections be considered part of testing?
f) What is test coverage?

42) Consider the following C program to check whether a number can be expressed as sum of two
prime numbers:
#include <stdio.h>
int prime(int n);
int main()
{
int n, i, flag=0;
printf("Enter a positive integer: ");
scanf("%d",&n);
for(i=2; i<=n/2; ++i)
{
if (prime(i)!=0)
{
if ( prime(n-i)!=0)
{
printf("%d = %d + %d\n", n, i, n-i);
flag=1;
}
}
}
if (flag==0)
printf("%d can't be expressed as sum of two prime numbers.",n);
return 0;
}

int prime(int n) /* Function to check prime number */

{
int i, flag=1;
for(i=2; i<=n/2; ++i)
if(n%i==0)
flag=0;
return flag;
}

a) Draw the control flow graph and calculate the McCabe Cyclomatic number. Explain the
meaning of the McCabe Cyclomatic number.
b) Propose unit test cases for the entire program and justify your proposals.

43) Indicate your choice for the following questions:

a) Which of the following statements are TRUE (could be more than one)?
A. Regression testing and re-testing are the same.

8
 B. Regression tests show if all failures have been resolved.
C. Regression tests are good candidates for test automation.
D. Regression tests are performed to uncover defects as a result of changes in the
program.
E. Re-testing is needed to confirm that bugs have been corrected.
b) Which of the following statements are TRUE (could be more than one)?
A. Regression testing and re-testing are the same.
F. Regression tests show if all failures have been resolved.
G. Regression tests are good candidates for test automation.
H. Regression tests are performed to uncover defects as a result of changes in the
program.
I. Re-testing is needed to confirm that bugs have been corrected.
c) Which of the review types below is the BEST option to choose for reviewing safety critical
components in a software project?
A. Informal Review
B. Peer Review
C. Inspection
D. Walkthrough
d) Which of the following statements for the equivalence partitioning test technique are
TRUE? Equivalence partition testing ...
A. Divides possible inputs into classes where all elements are expected to cause the
same behavior.
E. Uses both valid and invalid partitions.
F. Must include at least two values from every equivalence partition.
G. Can be used only for testing equivalence partition inputs from a Graphical User
Interface.

44) A given web service method calculates the bonus each employee receives at the end of the
year based on two input parameters: the duration of the employment and the salary. The
employees bonus is calculated as a percentage of the salary, but such percentage depends on
the duration of the employment. The categories are: less than or equal to 2 years, more than 2
years but less than 5 years, 5 or more years, but less than10 years, 10 years or longer.
Propose the set of equivalence classes you would use to test the method. Obviously, both
inputs should be considered. Justify your choices.

45) Suppose you are the project manager responsible for a new software product of your
software house. Indicate three aspects (i.e., features of the software) that should be taken into
account in the design and development of the software in order to improve maintainability as
much as possible.