Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Testing Isn't Enough: Fighting Bugs with Hacks

Paul Gross
November 17, 2014
Programming
5
340

Testing Isn't Enough: Fighting Bugs with Hacks

This talk was given at RubyConf 2014.

Paul Gross

November 17, 2014
Tweet

More Decks by Paul Gross

See All by Paul Gross
High Availability at Braintree
pgr0ss
4
750

Other Decks in Programming

See All in Programming
SwiftUIで使いやすいToastの作り方 / How to build a Toast system which is easy to use in SwiftUI
lovee
3
150
Fragment Composition of GraphQL
quramy
7
1k
MicrosoftのPlatform Engineeringガイドを読んで実際になにかやってみた
ymd65536
1
340
MetricKitで予期せぬ終了を検知する話 / Detect unexpected termination with MetricKit
nekowen
1
190
ADRを一年運用してみた/adr_after_a_year
hanhan1978
7
2.4k
ゆるい個人開発のススメ
kuroppe1819
10
990
0→1と1→10の狭間で Javaという技術選定を振り返る/Reflecting on the Decision to Choose Java Between Scaling from 0 to 1 and 1 to 10
jaguar_imo
2
380
Amazon SQSコンシューマー疎結合への旅 - 出張! #DevelopersIO IT技術ブログの中の人が語る勉強会 #3
quiver
0
270
『Railsオワコン』と言われる時代に、なぜブルーモ証券はRailsを選ぶのか
free_world21
0
250
Apache Hive 4 on Treasure Data
ryukobayashi
0
340
Prepare for Jakarta EE 11 - Performance and Developer Productivity
ivargrimstad
0
810
Rubyでたのしむクリエイティブコーディング/Enjoy Creative coding with Ruby
chobishiba
1
180

Featured

See All Featured
KATA
mclloyd
15
12k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
The Art of Programming - Codeland 2020
erikaheidi
42
12k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Bash Introduction
62gerente
604
210k
Writing Fast Ruby
sferik
621
60k
Producing Creativity
orderedlist
PRO
337
39k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
20
1.9k
The Pragmatic Product Professional
lauravandoore
25
5.8k
GitHub's CSS Performance
jonrohan
1025
450k
How GitHub (no longer) Works
holman
304
140k
The Mythical Team-Month
searls
216
42k

Transcript

  1. Testing Isn't Enough: Fighting Bugs with Hacks Paul Gross [email protected]

    @pgr0ss

  2. Bugs are a serious problem in software

  3. Mars Climate Orbiter September 23, 1999: Bug in calculation units

    caused the spacecraft to burn up in Mars atmosphere

  4. World of Warcraft Plague September 13, 2005: Bug in a

    spell caused a pandemic through the virtual world

  5. Knight Capital August 1, 2012: Bug in trading software lost

    $440 million

  6. What's our strategy for dealing with bugs today?

  7. Testing • Tests are great

  8. Testing • Tests are great • Regardless of philosophy or

    strategy

  9. Testing is not enough • Well tested software is not

    bug free

  10. If debugging is the process of removing bugs, then programming

    must be the process of putting them in. — Edsger W. Dijkstra Program testing can be a very effective way to show the presence of bugs, but it is hopelessly inadequate for showing their absence. — Edsger W. Dijkstra

  11. Mitigation • Fail fast when we know there is a

    problem

  12. Mitigation • Fail fast when we know there is a

    problem • Structure our systems to reduce the severity of bugs

  13. Real world example Operating rooms

  14. None

  15. Example Hospital management system

  16. class ClinicalNoteController < ApplicationController def show @note = ClinicalNote.find_by!(id: params[:id])

    end end

  17. class ClinicalNoteController < ApplicationController def show @note = ClinicalNote.find_by!(id: params[:id],

    patient_id: params[:patient_id]) end end

  18. class ClinicalNoteController < ApplicationController def show @note = ClinicalNoteService.find(params[:id], params[:patient_id])

    end end

  19. class ClinicalNoteController < ApplicationController def show @note = ClinicalNoteService.find(params[:patient_id], params[:id])

    raise "incorrect patient" unless @note.patient_id == params[:patient_id] end end

  20. Strategy • Figure out the invariants of a system

  21. Strategy • Figure out the invariants of a system •

    Add runtime checks for these invariants

  22. Strategy • Figure out the invariants of a system •

    Add runtime checks for these invariants • Raise and alert so the issue can be investigated and fixed

  23. Example Braintree payment gateway

  24. class CustomerController < ApplicationController def show @customer = Customer.find_by!(token: params[:token])

    end end

  25. @customer = @merchant.customers.find_by!(token: params[:token])

  26. How can we prevent simple mistakes?

  27. >> Customer.where(:token => 'Paul') RuntimeError: #finds must be scoped on

    Customer

  28. >> Customer.where(:token => 'Paul') RuntimeError: #finds must be scoped on

    Customer >> merchant = Merchant.find(1) >> merchant.customers.where(:token => 'Paul') [#<Customer id: 1 ...

  29. Allow bypassing >> Customer.allow_unscoped_find.where(:token => 'Paul')

  30. What about code like this? Customer.find_by_sql(["SELECT * FROM customers WHERE

    token = ?", "Paul"])

  31. URLs are scoped by merchant /merchants/<merchant_id>/customers/<token>

  32. class ApplicationController < ActionController::Base around_filter :ensure_merchant_consistency def ensure_merchant_consistency(&block) @merchant =

    Merchant.find_by!(:public_id => params["merchant_id"]) MerchantConsistencyCheck.with_merchant(@merchant, &block) end end

  33. class ApplicationController < ActionController::Base around_filter :ensure_merchant_consistency def ensure_merchant_consistency(&block) @merchant =

    Merchant.find_by!(:public_id => params["merchant_id"]) MerchantConsistencyCheck.with_merchant(@merchant, &block) end end ... Customer.find_by_sql(["SELECT * FROM customers WHERE token = ?", "Paul"]) ScopedFindHook::ScopeError: Customer cannot return objects scoped by the incorrect merchant. Got 6, expected 1.

  34. Strategy • Focus on the validity of the data

  35. Strategy • Focus on the validity of the data •

    Code can be fixed more easily than data

  36. Example Recurring billing

  37. Check data consistency if billing_period_start_date > billing_period_end_date raise "Subscription internal

    state is inconsistent -- " + "billing_period_start_date vs billing_period_end_date: #{inspect}" end

  38. Check data consistency if billing_period_start_date > billing_period_end_date raise "Subscription internal

    state is inconsistent -- " + "billing_period_start_date vs billing_period_end_date: #{inspect}" end if _correct_next_billing_date != next_billing_date raise "Subscription internal state is inconsistent -- " + "next_billing_date incorrect: #{inspect}" end

  39. Strategy • Write checks outside of the normal flow

  40. Strategy • Write checks outside of the normal flow •

    Keep checking code simpler than real code

  41. Example Settlement

  42. Nagios check SELECT COUNT(*) FROM transactions WHERE status = 'submitted_for_settlement'

    AND updated_at < NOW() - INTERVAL '1 DAY'

  43. Hacks for development

  44. Example Safe migrations

  45. def self.up add_index :transactions, :customer_last_name end

  46. def self.up add_index :transactions, :customer_last_name end ActiveRecord::SafeSchemaStatements::UnsafeMigrationError: :add_index is NOT

    SAFE! Use safe_add_concurrent_index instead

  47. def self.up safe_add_concurrent_index :transactions, :customer_last_name end

  48. Allow bypassing def self.up unsafe_remove_column :transactions, :old_column end

  49. Example Sanity specs

  50. require 'spec_helper' describe 'Sanity Specs' do it "has a unique

    index on every public_id column" do indexes = ActiveRecord::Base.connection.select_values(<<-SQL) SELECT relname FROM pg_class WHERE relkind = 'i'" SQL ActiveRecord::Base.connection.tables.each do |table| indexes.grep(/index_#{table}_on.*public_id/).size.should eql(1), "#{table} does not have an index on public_id" end end end

  51. Summary • Check for invariants

  52. Summary • Check for invariants • Focus on data validity

  53. Summary • Check for invariants • Focus on data validity

    • Write checks outside of the normal flow

  54. Summary • Check for invariants • Focus on data validity

    • Write checks outside of the normal flow • Find your own examples

  55. Questions? [email protected] @pgr0ss

  56. Photo Credits Mars Climate Orbiter: Courtesy NASA/JPL-Caltech World of Warcraft:

    ©2004 Blizzard Entertainment, Inc. Bugs: flickr.com/photos/editor/11341534765 (CC BY 2.0) NYSE: flickr.com/photos/ilamont/5538510845 (CC BY 2.0) Testing: flickr.com/photos/sidelong/246816211 (CC BY 2.0) Kids don't float: flickr.com/photos/iluvcocacola/535258842 (CC BY-NC-ND 2.0) Pillars: flickr.com/photos/tom-carden/80262 (CC BY-NC-SA 2.0)

  57. Photo Credits CDs: flickr.com/photos/swanksalot/2704017177 (CC BY-SA 2.0) Fence: flickr.com/photos/clonedmilkmen/2971765601 (CC

    BY- SA 2.0) Hacking: flickr.com/photos/adulau/9464930917 (CC BY-SA 2.0) Safety First: flickr.com/photos/krossbow/434064539 (CC BY 2.0)