This post is the sixth in a seven part series covering my seven tenets of software testing.

Test Driven Development (TDD) is great, and it is something that every developer should do. However, like most development techniques, TDD is not a silver bullet. TDD is primarily focused on defining how a class should work, implementing that class, and then verifying the implementation performs as expected. This post isn’t about TDD, however I feel it is important to mention it because it is the “exception to the rule”, where the “rule” that is the true subject of this post.

A couple who are good friends of my wife and I, recently had their first child. The child’s father is an orthopaedic surgeon, who, during his years as an emergency ward doctor, has delivered several babies. Before the birth I asked him, as he is qualified, and experienced, if he wanted to, could he arrange to deliver the baby himself? He answered pretty much as I expected. He would never consider delivering the baby himself, as he had too much emotional investment in the patient, his wife, and the event itself.

What the heck does this have to do with testing I hear you ask? Just as surgeon won’t operate on friends or family unless it is an emergency, a developer shouldn’t test their own code. The reason for this is clear; A developer cannot test their own code, because they simply have too much emotional attachment to it.

Development and testing are two diametrically opposed disciplines. Development is all about construction, and testing is all about demolition. Effective testing requires a specific mindset and approach where you are trying to uncover developer mistakes, find holes in their assumptions, and flaws in their logic. Most people, myself included, are simply unable to place themselves and their own code under such scrutiny and still remain objective.

Let’s say that a developer has to write some code that calculates a sales commission, where the commission is normally 5%, but rises to 7% for sales over ten thousand dollars, and they implement the following code.

if  (SalesAmount < 10000.00)
{
	Commission = SalesAmount  * 0.05;
}
else
{
	Commission = SalesAmount  * 0.07;
}

The developer has made the assumption that a sale of exactly $10,000 should earn 7% commission. If they are testing this code as well they might write tests similar to the following:

[Test]
public void VerifyLowerCommission()
{
    Assert.AreEqual(499.9995,CalculateCommission(9999.99));
}

[Test]
public void VerifyHigherCommission()
{
    Assert.AreEqual(700.0007,CalculateCommission(10000.01));
}

The problem with these tests, is that even though they achieve 100% code coverage, the developer has based them on the same assumptions and thought processes they used when writing the code itself. In this contrived example, let’s assume the actual calculation should have been based on commissions greater than or equal to $10,000. So, even though these test cases would pass, the calculation is actually wrong. This type of bug would probably manifest itself infrequently, as it would require a sale of exactly $10,000 to cause a problem and would otherwise remain dormant.

Having someone impartial write the tests for the code increases the chance of finding that type of issue significantly. This helps because they will have make their own ideas about how things should work, and challenge the developers assumptions.

Via frankarr – an aussie microsoft blogger: Avalon and Indigo March 2005 Community Technology Preview

The WinFX SDK March CTP is now available for MSDN
Subscribers. This SDK is a 445 MB ISO, and contains both Avalon and Indigo in this release.

Thank’s Frank, there goes the weekend …

From Don Box’s Spoutlet: Indigo CTP docs now live

http://winfx.msdn.microsoft.com/library/default.asp?url=/library/en-us/indigo_con/html/503fae4b-014c-44df-a9c7-c76ec4ed4229.asp

Time for some weekend reading methinks.

Via Scobleizer: The MVPs are revolting over VB.NET and
Paul answers the VB 6′ers …

VB6 enters extended support at the end of this month, and there are some Microsoft MVP’s that are unhappy with the decision.

I’m no VB guy, but my take on this issue is that there are two key scenarios that need to be considered: existing VB based applications that are done, and development of new applications.

Most corporations have policies that require them to use technologies that are currently supported by their vendors. I expect that VB6 entering extended support does not change the current situation for most organisations. The critical date for most of them will be March 2008. So do companies need to redevelop applications from scratch just to be on a technology that is supported? In making that decision, I think that a company should simply ask itself the following question. How many support calls have we made to Microsoft for VB6? If that number is zero, then I would only port the applications if there was a genuine business need. Microsoft are not about to descend on businesses like cops on a drug dealer, and confiscate all the machines that have the VB6 dev tools installed on them.

With regards to new developments in VB6, Paul Vick, Technical Lead on the Visual Basic .NET team has responded to the revolt and clearly sets the direction where Microsoft are headed.

“…managed code is the direction that our company’s components and APIs are headed. As such, fostering new development (as opposed to extending support for existing development) in “unmanaged VB” doesn’t just postpone the inevitable, it makes it worse. It encourages people to keep writing a lot more code that, somewhere down the road, they’re going to have to port to .NET. It’s alleviating pain in the short term only to cause greater pain the long term, something that I don’t think it would be responsible for us to do.”

Dan Appleman has some suggestions that would solve the support issue:

1. A longer term commitment to providing support for VB6 and VBA
2. Guaranteed support for VB6/VBA under future OS’s for an extended period (definitely including LongHorn and at least one more beyond).
3. A commitment that once a decision is made to stop support on VB6/VBA, that the entire VB6/VBA code base will be placed into the public domain as an open source project, or perhaps a foundation similar to Mozilla, to assure that interested parties can continue to support and perhaps fork the project in the future.

Unfortunately as I see it, this proposal has two flaws: 1. It gives developers an “out” that will allow them to develop new applications. 2. It makes little sense commercially for Microsoft to allow an open source VB6 compete as a viable alternative to VB.Net.

Breaking changes are always painful, but at some point you just have to accept that change is going to happen. I am already thinking how I can “upgrade” all my VHS tapes and VCR’s well before analogue TV gets turned off in Australia at the end of 2008. (I fully expect to see a petition around that topic in 2008 too!).

Maybe we need to start an “Adopt a classic VB developer” program, to help them experience and migrate to .net . To do my part, I included an evaluation DVD for VS 2003 in my brother’s Christmas present last year.

Update (Sat, 12 March 2005)
Rob Copeland Product Unit Manager of the RAD “rapid application development.” Team at Microsoft added some additional information during the day.

“The VB6 runtime ships with Windows XP. This means that the VB6 runtime is covered by the Windows XP support timeline. This means that support for the VB6 runtime will last much longer than that of the development environment. Mainstream support for Windows XP will end 2 years after Longhorn launches and extended support will last for 5 years after that. (check out http://support.microsoft.com/gp/lifewin)”

According to the support lifecycle dates, VB6 runtime extended support ends on December 31, 2011. That gives another 6 years to plan an exit strategy, and probably migrate straight to Avalon v3.0 on Longhorn SP3.

From Microsoft PressPass

In its continuing effort to provide enterprise software teams with process guidance for life-cycle development, Microsoft Corp. today announced at the Software Engineering Process Group (SEPG) conference its collaboration with the Carnegie Mellon® Software Engineering Institute (SEI), a federally funded research center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. SEI’s Capability Maturity Model® Integration (CMMI) process guidance will be available to Visual Studio 2005 Team System developers through the Microsoft Solutions Framework (MSF).

Cool, as a self acknowledged MSF addict. I can’t wait to get my hands on this.

This post is the fifth in a seven part series covering my seven tenets of software testing.

Let’s say that you are a modern, test-driven developer. You run your tests and the tests all pass. Great, your code must be bug free, let’s ship! Umm, not quite. Are you sitting down? Good, I need to tell you something. Your software has bugs.

It doesn’t matter if you are a graduate fresh out of college, Don Box or Anders Hejlsberg. If you are writing a program that does anything remotely useful, it will have bugs. In Code Complete, Steve McConnell presents some statistics of exactly how many bugs you should expect to find.

Setting the benchmark is the CMM poster child, the NASA team that writes the software for the space shuttle. The NASA team has achieved the impressive statistic of zero bugs for every 500,000 lines of released code.

For all the negative criticism about buggy software that Microsoft have received over they years, they do a pretty good job with 1 defect per 2000 lines of released code. By comparison the rest of the software industry achieve between 15 and 50 errors per 1000 lines of released code. ¹
It is Important to note that these statistics are for bugs in released code, i.e. after testing has been completed. Even the impressive NASA numbers don’t mean that there isn’t any bugs in their code, especially before it is released. A much higher number of bugs will have been found and resolved before the code went out the door.
So, if your code is say 10,000 lines lines long, you should expect, at a minimum, to have between 150 and 500 defects. So, if the bugs are there, how do I find them?

Good testers will generally (sometimes subconsciously), use a technique known as error guessing. Error guessing is all about trying to throw something at the application that the developers haven’t thought of, otherwise known as a negative test.

Negative tests are basically trying to come up with permutations of data that the application has not been designed to handle. For example, an int32 in .net can handle numbers from -2,147,483,647 to 2,147,483,647. What is the behaviour of an application when an integer is set to 2,147,483,647 and then 1 is added to it?

Negative tests are effective at finding bugs because they do things that the developer may have never considered when they are coding the application. They also represent the types of things that real users may do to a system, sometimes bringing it to it’s knees. Ideally we don’t want our users to do that on a regular basis, or they won’t be users for long. We need to find the bugs, that we know are there, before our end users do. The best way to find the bugs is to do our damnedest to try an break the application, in parallel to construction, starting the day that the compiler produces some output.

Breaking the application as it is being built is important. It’s important because the longer a bug sits undiscovered the more it will cost to remove. You want to find those bugs as early as possible. when they are the cheapest to fix.

The best analogy to this technique is the development of a formula one engine. Whilst the exact techniques are closely guarded secrets, the engine developers will probably push the engine and its components to the absolute limit, identify the cause of failure, resolve the problem and then repeat the process. The alternative is to destroy engines race after race as the limits of the engine are discovered.

I’m sure Mark Webber doesn’t expect to have to be an engine test guinea pig during a race. Similarly, your users shouldn’t be expected to find your bugs for you either.

References

¹ Steve McConnell 1993, Code Complete, Microsoft Press, pg. 612-613.

From Joe Schmetzer’s weblog: JUnit AntiPatterns.

Joe Schmetzer, a good friend who now lives in the UK, has written an article on anti-patterns for Junit. Joe’s anti-patterns apply equally well for tests written in nUnit, and is worth a read. If Joe gives me permission I may even port the his article over to nUnit and C#.

I definitely agree with Joe that one of the the biggest challenges is getting developers to write the unit tests in the first place.

March from Microsoft
From The Unofficial Microsoft Weblog: No patches due in March from Microsoft

According to the March 2005 Microsoft Security Response Center Bulletin sent out today, there will be no updates
released on March 8, the “Patch Tuesday” for this month. Following last month’s epic release of more than a dozen
patches, this will undoubtedly be welcome news to system administrators as well as end users.

Hopefully this will become the norm rather than the exception to the rule. It looks like, with the Trustworthy Computing initiative, Sir Bill has turned the supertanker again, just like he did when it missed the rise of the internet. It looks like the turning circle has grown, though, and it doesn’t fit on a dime anymore .

Mark Miller, the author of CodeRush had a winge a while ago that:

“… available software metrics out there are pretty weak at quickly calculating the complexity, and hence, the cost of maintenance, of the software we create …”

Not one to sit on his laurels, Mark has invented a new metric, maintenance complexity. In addition he has implemented a free metrics plug-in for DXCore, which is available on Source
Forge. For more details about his Maintenance Complexity metric, you should go to Marks post, here.