# Random testing

Random testing is a black-box software testing technique where programs are tested by generating random, independent inputs. Results of the output are compared against software specifications to verify that the test output is pass or fail.[1] In case of absence of specifications the exceptions of the language are used which means if an exception arises during test execution then it means there is a fault in the program, it is also used as a way to avoid biased testing.

## History of random testing

Random testing for hardware was first examined by Melvin Breuer in 1971 and initial effort to evaluate its effectiveness was done by Pratima and Vishwani Agrawal in 1975.[2]

In software, Duran and Ntafos had examined random testing in 1984.[3]

The use of hypothesis testing as a theoretical basis for random testing was described by Howden in Functional Testing and Analysis. The book also contained the development of a simple formula for estimating the number of tests n that are needed to have confidence at least 1-1/n in a failure rate of no larger than 1/n. The formula is the lower bound nlogn, which indicates the large number of failure-free tests needed to have even modest confidence in a modest failure rate bound.[4]

## Overview

Consider the following C++ function:

```int myAbs(int x) {
if (x > 0) {
return x;
}
else {
return x; // bug: should be '-x'
}
}
```

Now the random tests for this function could be {123, 36, -35, 48, 0}. Only the value '-35' triggers the bug. If there is no reference implementation to check the result, the bug still could go unnoticed. However, an assertion could be added to check the results, like:

```void testAbs(int n) {
for (int i=0; i<n; i++) {
int x = getRandomInput();
int result = myAbs(x);
assert(result >= 0);
}
}
```

The reference implementation is sometimes available, e.g. when implementing a simple algorithm in a much more complex way for better performance. For example, to test an implementation of the Schönhage–Strassen algorithm, the standard "*" operation on integers can be used:

```int getRandomInput() {
// …
}

void testFastMultiplication(int n) {
for (int i=0; i<n; i++) {
long x = getRandomInput();
long y = getRandomInput();
long result = fastMultiplication(x, y);
assert(x * y == result);
}
}
```

While this example is limited to simple types (for which a simple random generator can be used), tools targeting object-oriented languages typically explore the program to test and find generators (constructors or methods returning objects of that type) and call them using random inputs (either themselves generated the same way or generated using a pseudo-random generator if possible). Such approaches then maintain a pool of randomly generated objects and use a probability for either reusing a generated object or creating a new one.[5]

## On randomness

According to the seminal paper on random testing by D. Hamlet

[..] the technical, mathematical meaning of "random testing" refers to an explicit lack of "system" in the choice of test data, so that there is no correlation among different tests.[1]

## Strengths and weaknesses

Random testing is praised for the following strengths:

• It is cheap to use: it does not need to be smart about the program under test.
• It does not have any bias: unlike manual testing, it does not overlook bugs because there is misplaced trust in some code.
• It is quick to find bug candidates: it typically takes a couple of minutes to perform a testing session.
• If software is properly specified: it finds real bugs.

The following weaknesses have been described :

• It only finds basic bugs (e.g. null pointer dereferencing).
• It is only as precise as the specification and specifications are typically imprecise.
• It compares poorly with other techniques to find bugs (e.g. static program analysis).
• If different inputs are randomly selected on each test run, this can create problems for continuous integration because the same tests will pass or fail randomly.[6]
• Some argue that it would be better to thoughtfully cover all relevant cases with manually constructed tests in a white-box fashion, than to rely on randomness.[6]
• It may require a very large number of tests for modest levels of confidence in modest failure rates. For example, it will require 459 failure-free tests to have at least 99% confidence that the probability of failure is less than 1/100.[4]

## Types of random testing

### With respect to the input

• Random input sequence generation (i.e. a sequence of method calls)
• Random sequence of data inputs (sometimes called stochastic testing) - e.g. a random sequence of method calls
• Random data selection from existing database

### Guided vs. unguided

• undirected random test generation - with no heuristics to guide its search
• directed random test generation - e.g. "feedback-directed random test generation"[7] and "adaptive random testing" [8]

## Implementations

Some tools implementing random testing:

• QuickCheck - a famous test tool, originally developed for Haskell but ported to many other languages, that generates random sequences of API calls based on a model and verifies system properties that should hold true after each run.
• Randoop - generates sequences of methods and constructor invocations for the classes under test and creates JUnit tests from these
• Simulant - a Clojure tool that runs simulations of various agents (e.g. users with different behavioral profiles) based on a statistical model of their behavior, recording all the actions and results into a database for later exploration and verification
• AutoTest - a tool integrated to EiffelStudio testing automatically Eiffel code with contracts based on the eponymous research prototype.[5]·
• York Extensible Testing Infrastructure (YETI) - a language agnostic tool which targets various programming languages (Java, JML, CoFoJa, .NET, C, Kermeta).
• GramTest - a grammar based random testing tool written in Java, it uses BNF notation to specify input grammars.

## Critique

Random testing has only a specialized niche in practice, mostly because an effective oracle is seldom available, but also because of difficulties with the operational profile and with generation of pseudorandom input values.[1]

A test oracle is an instrument for verifying whether the outcomes match the program specification or not. An operation profile is knowledge about usage patterns of the program and thus which parts are more important.

For programming languages and platforms which have contracts (e.g. Eiffel. .NET or various extensions of Java like JML, CoFoJa...) contracts act as natural oracles and the approach has been applied successfully.[5] In particular, random testing finds more bugs than manual inspections or user reports (albeit different ones).[9]

## References

1. ^ a b c Richard Hamlet (1994). "Random Testing". In John J. Marciniak (ed.). Encyclopedia of Software Engineering (1st ed.). John Wiley and Sons. ISBN 978-0471540021.
2. ^ Agrawal, P.; Agrawal, V. D. (1 July 1975). "Probabilistic Analysis of Random Test Generation Method for Irredundant Combinational Logic Networks". IEEE Transactions on Computers. C-24 (7): 691–695. doi:10.1109/T-C.1975.224289.
3. ^ Duran, J. W.; Ntafos, S. C. (1 July 1984). "An Evaluation of Random Testing". IEEE Transactions on Software Engineering. SE-10 (4): 438–444. doi:10.1109/TSE.1984.5010257.
4. ^ a b Howden, William (1987). Functional Program Testing and Analysis. New York: McGraw Hill. pp. 51–53. ISBN 0-07-030550-1.
5. ^ a b c "AutoTest - Chair of Software Engineering". se.inf.ethz.ch. Retrieved 15 November 2017.
6. ^ a b "Is it a bad practice to randomly-generate test data?". stackoverflow.com. Retrieved 15 November 2017.
7. ^ Pacheco, Carlos; Shuvendu K. Lahiri; Michael D. Ernst; Thomas Ball (May 2007). "Feedback-directed random test generation" (PDF). ICSE '07: Proceedings of the 29th International Conference on Software Engineering: 75–84. ISSN 0270-5257.
8. ^ T.Y. Chen; F.-C. Kuo; R.G. Merkel; T.H. Tse (2010), "Adaptive random testing: The ART of test case diversity", Journal of Systems and Software, 83 (1): 60–66, doi:10.1016/j.jss.2009.02.022, hdl:10722/89054
9. ^ Ilinca Ciupa; Alexander Pretschner; Manuel Oriol; Andreas Leitner; Bertrand Meyer (2009). "On the number and nature of faults found by random testing". Software Testing, Verification and Reliability. 21: 3–28. doi:10.1002/stvr.415.