Software Fault Injection
This book is the first to describe the unique benefits and challenges associated with fault injection methods. Instead of focusing on theory and algorithms, the authors explain fault injection methodology by extensive use of applications data and real-world case studies.
Review By: Alan D. Smith
07/21/2003Despite the depth of technical material, this software QA book is hard to put down. The authors begin by discussing Software Assurance. The authors do a great job laying a foundation for the value of fault injection based on the limits of software testing, standards, and software development process improvement.
The authors question why the software industry is preoccupied with quality processes instead of quality products. While software process improvement is one of the driving forces in the software QA world these days, the authors use the analogy that "dirty water can flow from clean pipes.” They make a strong case for the position that "software development processes do not define software quality; software behavior does." Their view is best summed up by a quote they use from Dave Parnas, "It seems clear to me that not only is a 'mature' process not sufficient, it may not even be necessary." Of the eleven chapters in the book, the QA topic is the first, with nine on the topic of actual software fault injection, covering six key areas to apply fault injection: (1) Safety, (2) Failure tolerance, (3) Vulnerability, (4) Timing faults, (5) Maintainability, and (6) Reusability.
The authors define fault injection as the introduction of anomalies into the code and the observation of what impact these have on the program being tested. The purpose is to find what types of outputs the software will produce by interjecting known "bad" inputs. In this manner we can determine where the code will fail and how it will fail. They state that fault injection indirectly assesses the health of the development process, while the primary focus is on software behavior.
Since I don’t have a programmer's background, the majority of the reading on actual fault injection covered new ground for me. My background in QA and software testing did give me a basis to relate to many of the issues discussed. Since they start discussing fault injection in its simplest terms and build upon that, I found the concepts and ideas very easy to follow and understand; however, familiarity with computer programming basics is helpful.
The final chapter is one of the most informative. It describes how to “sell” the idea of fault injection to management. For those technically orientated, the art of working with and getting buy-in from management may be unfamiliar.
I would recommend this book to anyone in the QA field, student or practitioner. Although its focus is on code-input manipulation for the purpose of seeing the effect on output, anyone involved in QA will gain insight into areas they may be performing themselves or areas that affect the product they are working on. While the authors admit that this type of testing is costly, the advantages of seeing how the code responds to faults are valuable in all software applications.