Profile picture
, 29 tweets, 6 min read
My Authors
Read all threads
1) @jamesmarcusbach and I have recently been working on our notion of deep testing. In the Rapid Software Testing namespace, we define “deep testing” as: *testing that maximizes the probability of finding every elusive bug that matters*.
2) By contrast, shallow testing is not intended to maximize the probability of finding every elusive bug that matters. But that doesn’t mean that “deep” is necessarily good, nor that “shallow” is an insult; far from it. For one thing, we *always* start with shallow testing.
3) Deep testing must be bootstrapped by shallow testing. One crucial outcome of shallow testing is that we get a sense of where it might be important to go deep on the one hand, or unnecessary—or unnecessarily expensive—to go deep on the other. Shallow testing might suffice.
4) Except by luck, finding elusive bugs tends to be expensive in one dimension or another. A bug might be elusive because it depends on a very limited set of conditions, or a set of conditions that line up infrequently or intermittently. A bug might be elusive through emergence.
5) An emergent bug is one that doesn’t exist in any single part of a system; it results from system dynamics, interactions between parts that are fine on their own. Such bugs tend to be subtle, not apparent by looking at units or sub-systems in isolation.
6) A bug might be elusive because our models of *potential problems in the product* often lag behind our models of *the product*. That is, a bug may become easier to anticipate or to observe as we gain experience with the product; as we develop ideas about coverage and oracles.
7) Although though we can prepare for them, we can’t very well schedule invention, insight, or discovery. Deep testing, therefore, tends to take time. It takes determination. It tends to take some degree of experience with the product, its domain, technology, and testing itself.
8) Deep testing demands *requisite variety* (cf. Ross Ashby) to trigger conditions that help to reveal elusive bugs. That includes variety in testing activities; quality criteria; models of coverage; (data, timing/sequencing, user actions, platforms/environments...); oracles...
9) Managers can foster deep testing by providing time, resources, and other aspects of project- and value-related testability. Designers and developers can help by providing intrinsic testability. Testers can develop subjective testability. (cf. satisfice.com/download/heuri…)
10) Now: deep testing takes time, determination, and resources. When might you NOT want to do it? One: you might not want to do it YET, or ALL THE TIME. You might want to do shallow testing now to learn about the product and attendant risks; to learn how and where to go deep.
11) You might prefer shallow testing now to maintain appropriate discipline and control in building the product, while avoiding the effort, expense, and interruptions associated with deep testing; then do deep testing when you’ve built something that’s ready for it.
12) In other words, you probably don’t want to do deep testing before you and the system you’re building are ready for it. You also probably don’t want to to deep testing when you reasonably believe there are no elusive bugs, or that any elusive bugs that exist won’t matter.
13) Let’s return to the business of “shallow” being a potential insult. We insist that it isn’t an insult, though it is an assessment of the thoroughness of testing. Assessment of depth informs an assessment of the quality of the testing relative to assumptions about the product.
14) If your assumptions about the state of the product are *reckless*, then shallow testing will help to reveal that quickly and inexpensively, even powerfully. Yay shallow testing! Deep testing isn’t needed in that case; it would be expensive and probably wasteful.
15) Assumptions can be *risky*—that is, there’s a possibility that they’re incorrect. That’s where testing likely needs to be appropriately deep—to help manage risk and uncover instances where assumptions turn out to be wrong.
16) Assumptions can be *safe*—that is, they’re likely to be correct, and unlikely to be incorrect. One of the things that makes skilled testers different is this: we question assumptions that other people consider to be safe. We anticipate and hunt problems with safe assumptions.
17) There’s a natural tension and a certain amount of social awkwardness in this: testers often advocate for deeper testing when others believe that shallow testing suffices. Two approaches will reveal problems with safe assumptions: deep testing now; problems in the field later.
18) There’s another kind of assumption; we’re arguing over the label for it. James likes “required”, in the sense of *socially* required; assumptions so safe that if you try to manage or even mention them, your social group will think you to be crazy, or rude, or at best joking.
19) In this case, the deeper your testing, the more others will believe you to be obsessive-compulsive, or naïve; poorly calibrated towards important risk. For super-safe assumptions, even shallow testing may be too much—like testing Windows or Chrome before your new product.
20) It’s part of our mission as testers to perform deep testing where it’s necessary, and avoid it where it isn’t. It’s also part of our mission to advocate for shallow testing—not deep—where it’s sufficient, or where it helps us in going deep.
21) Deep testing can be way easier with skilled use of tools, and way harder without it. The key word here is *skilled*, which includes expertise in the extents and limits of tools, and in testing. Tools can afford lots of that variation I referred to earlier, when you want it.
22) Got a suite of automated checks that are designed to support quick, disciplined development and building? They often provide shallow data coverage—entirely appropriate to the task in that context. You can tweak and (re)use them in deep testing by perturbing and varying data.
23) Got a set of use cases that are covered by automated checks? Yay! Now, to do deep testing, periodically gain interactive experience with the product, performing variations within those use cases. In particular, question assumptions that inform the use case. Consider MISuse.
24) Notice how use cases assume well-trained, relaxed, undisturbed users. That’s fine for shallow testing by automated checks. Now unbury, examine, and systematically overturn assumptions about how people will use the product, or about the normal states and sequences of events.
25) Remember that the goal of deep testing is to maximize the probability of finding *elusive* bugs that matter. Ponder what makes a bug elusive: subtlety and rarity, each to some degree. The breadth and power of your oracles attacks subtlety; your coverage confronts rarity.
26) (That’s a simplification, but not an outrageous one.) Some of the approaches for investigating intermittent bugs are useful for finding them in the first place. (cf. satisfice.com/blog/archives/…) And developing and broadening your oracles can help make your testing deeper.
(On oracles, cf. developsense.com/blog/2012/07/f… and developsense.com/blog/2015/09/o…). For some examples of shallow versus deep oracles, consider a check-engine light compared to a skilled mechanic’s evaluation; a smoke detector compared to an alert, observant person’s perception of danger.
28) Note that no one advocates eliminating smoke detectors or check-engine lights (“alerts”); they’re useful—so useful that having them is socially required in the face of risk. Note that the success of alerts depends on the explicit, and on already known, foreseeable problems.
29) Note that even when good instrumentation is available, awareness of subtle, hidden, surprising, rare, intermittent, emergent problems depends not (only) on explicit knowledge, but on tacit knowledge (too). To go appropriately deep, we need skilled, socially aware humans. -end
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Michael Bolton

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @michaelbolton see all

Profile picture
Michael Bolton
@michaelbolton
1) Here's your periodic reminder that data is time-bound and goes out of date; that much of it was suspect in the first place; that crowdsourced data is even more unreliable; that data is often poorly curated; that you can easily verify all this by moving about in the real world.
2) Data is often uncontextualized. What looks like a traffic jam right now might be a few cars stopped at a red light. What looks like a through road on a generated map might have "no exit" signs all over it. A recommended store in your mapping app may be been closed for months.
3) I've encountered all of these things in the last week, and in no case did I bother to correct them. It takes *unrewarded* time and effort to do that. Let's remember all this as we consider how much of what we do with software of all kinds depends on really solid, timely data.
Read 5 tweets
Profile picture
Michael Bolton
@michaelbolton
1) I just had a conversation with Mitsuku, "a record breaking five-time winner of the Loebner Prize Turing Test, [...] the world's best conversational chatbot." Five times? How could this fool anyone ONCE? This is what happens when you don't try to *test* something.
2) By contrast, THIS is what happens when you actually try to *test* it.
3) Is AI a threat to testers? It's could eventually be a threat to testers who see their jobs as demonstrating that something works. It could be a threat to testers who are not prepared to look for problems, or to testers who don't consider what statistical analysis misses.
Read 10 tweets
Profile picture
Michael Bolton
@michaelbolton
Move fast and stop breaking things.
Move fast and learn things.
Move fast and learn where things might break.
Read 7 tweets

Related threads

Profile picture
Jason Turner
@lefticus
For 2020 I'm doing a 1 C++ Best Practice per retweet thread!

I wrote my first blog article about C++ best practices in 2007. In many ways I've been repeating myself over and over again for the last 13ish years.

And very little of what I say is novel.

Thread follows:
Even though I've been repeating many of the same best practices for a while, I think my style is relatively unique.

One client told me "I like how you don't just give us a rule, you tell us why. <other guy> never gives us reasons."
My goal as a trainer and a contractor (seems to be) to work myself out of a job.

I want everyone to:

1. Learn how to experiment for themselves
2. Not just believe me, but test it
3. Learn how the language works
4. Stop making the same mistakes of the last generation
Read 63 tweets
Profile picture
Detritivore Biome
@noahsussman
#testing concepts thread.
What is deduction?

What is induction?

What are the differences between deductive and inductive investigation of anomalies?
What is an anomaly?

How do anomalous events differ from “normal,” non-anomalous events?
Read 27 tweets
Profile picture
Detritivore Biome
@noahsussman
@alanpage It's very telling that manual testing is seen as cheap.

IME this perception exists because (as I have repeatedly seen at clients) the absolute most junior people are hired as testers in order to keep costs down. Because they’re so junior they don’t contribute very much. 1/2
@alanpage 2/3 They stay junior because they have no mentorship (because mentorship is expensive).

The “5x to 15x” cost of automation proposed by the OP fits with this model: median developer pay is around $150k US. A team of five devs then costs ~$750k annually (considering TC only here)
@alanpage 3/4 Glassdoor lists “QA Analyst” roles as starting at $18k US. I’m in NYC so this is lower than I’ve ever seen. Let’s assume QA roles start around $25k, which is just enough to rent a room and live paycheck to paycheck in NYC.

The cheapest QA analyst costs 17% of a dev salary.
Read 33 tweets
Profile picture
Detritivore Biome
@noahsussman
Interaction Resiliency (iXR) is the practice of Software QA (aka #testing) as applied to "devops" or more properly Safety-II software delivery (aka continuous delivery & continuous deployment).
I put a name to "testing in devops" or "agile testing in continuous delivery" because a) those phrases are clumsy 😀 and b) the current discourse in #testing constantly collapses back on itself as big-A Agile + CDT are conflated time-and-time-again with Safety-II + Kaizen #iXR
#iXRE Interaction Resiliency Engineering
Read 37 tweets

Trending hashtags

#OrgulloArteContemporáneo #iRXE #Annexe #Software #software #networkeffect #TeamAbstrocho #lolilol #Deep #testing #agile #SpiritualCoinOffering #Garbo #advice #define #iXR #include #solutions #o11y #ShitcoinWisdom #iXRE #Founders #globalisation #CouchéPasBouger #webdevelopment
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!