Friday, May 29, 2015

Flushing Out the Bugs

First, let me say that all of May has been a very difficult month weather-wise for those of us in Oklahoma, then later in May, for folks in Texas. Thankfully, all the tornadoes and flooding did not affect us personally, but we have friends and neighbors who were impacted and some of the stories are just tragic. So, I ask that if you are able to send a relief gift to the Red Cross designated for these disasters, please do so. It would really help those in need.

Here in Oklahoma we have had two years of extreme drought. One of the major lakes was over 31 feet below normal levels. Now, it has risen to 99% capacity. We have some lakes that are 33 feet above normal. Just in the month of May we have had 27.5 inches of rain, which shatters the record for the wettest month in history 
--> (May 2013 with 14.52 inches and the all time monthly record was 14.66 in June of 1989). Texas has also seen similar records broken. In short, we’ve had all the rain we need, thank you. California, we would be happy for you to get some of this for your drought.

The image above is of the main street of my hometown, Chickasha, OK.

Then, there are the tornadoes that make everything even more exciting. One night this month, we had to take shelter twice but no damage, thankfully. Then yesterday morning I was awakened at 5:30 a.m. to the sounds of tornado sirens. That is freaky because you have to act fast to see what is really happening. In this case, the tornado was 40 miles away, heading the opposite direction. I question the decision to sound the alarm in that situation.

Anyway…with that context…

About a week ago, I started noticing ants everywhere in and around our house. I mean parades of them everywhere. Ironically, I even found one crawling on my MacBook Pro!

Then, came the spiders, a plethora of other bugs, snakes and even fish in some peoples’ years. A friend reported seeing a solid white opossum near his house, which is very unusual.

And you perhaps heard that in one tornado event nearby on May 6, a wild animal preserve was hit and it was reported for a while that lions, bears, tigers, etc. were loose. Turns out that was a false report, too. But it did make for some juicy Facebook pictures for “Tigernado” movies.

Other weird things have happened as well, such as storm shelters and entire swimming pools popping out of the ground due to the high water table (and poor installation in some cases)!

But back to the ants and bugs and why they are everywhere. Turns out that we have had so much rain, their nests and colonies were destroyed and they are now looking for other habitats. The same has occurred with spiders, snakes, mice and rats.

In fact, my wife and I are finding bugs we have never seen before. I had to look some of them up on the Internet just to know what kind of bug I was killing.

That caused me to think about a new testing analogy to reinforce a really great testing technique. To flush out the bugs in something, change the environment.

Of course, the difference here in this analogy is that software bugs are not like actual bugs in many regards. However, there are some similarities:

·      Both have taxonomies
·      Both can be studied
·      Both can mutate
·      Both can travel
·      Both can destroy the structure of something
·      Both can be identified and removed
·      Both can be prevented
·      Both can be hidden from plain view

The main differences are:

·      Bugs have somewhat predictable behavior – not all software defects do
·      Bugs can inhabit a place on their own initiative – software defects are created by people due to errors

(Although I have wondered how squash bugs know how just to infest squash plants and nothing else…)

In the recent onslaught of ants, it is the flooding that has caused them to appear in masses. In software, perhaps if you flooded the application with excessive amounts of data such as long data strings in fields, you might see some new bugs. Or, you could flood a website with concurrent transaction load to see new and odd behavior.

Perhaps you could do the opposite and starve the environment of memory, CPU availability, disk space, etc. to also cause bugs to manifest as failures.

This is not a new idea by any means. Fault injection has been used for many years to force environmental conditions that might reveal failures and defects. Other forms of fault injection directly manipulate code.

Another technique is to test in a variety of valid operational environments that have different operating systems, hardware capacities and so forth. This is a great technique for testing mobile devices and applications. It’s also a great technique for web-based testing and security testing.

The main principle here is that if you can get the application to fail in a way that causes it to change state (such as from “normal state” to “failure state”, then it is possible to use that failure as a point of vulnerability. Once the defect has been isolated and fixed, not only has a defect been found and fixed, but also another security vulnerability has been eliminated.

Remember, as testers we are actually trying to cause failures that might reveal the presence of defects. Failure is not an option – it is an objective!

Although, we commonly say that testers are looking for defects (bugs), the bugs are actually out of our view many times. They are in the code, the integration, APIs, requirements, and so forth. Yes, sometimes we see the obvious external bug, like an error message with confusing wording, or no message at all.

However, in the external functional view of an application or system, testers mainly see the indicators of defects. These can then be investigated for a final determination of really what is going on.

As testers, we can dig for the bugs (which can also be productive), or we can force the bugs to manifest themselves by flushing them out with environmental changes.

There is one more aspect to this situation. With all the standing water and moisture, the next phase will be mosquitoes and ticks. The tick invasion has already started.  Instead of being flushed out my the flooding, these parasites are attracted to it. What attracts the bugs in your software?

And let’s be real here. In some software, the bugs are not at all hard to find!

Me? I’ll continue to both dig and flush to find those defects. Even better, I’ll go upstream where the bugs often originate (in requirements, user stories, etc.) and try to find them there!

No comments: