Project Saboteur

[Also known as... DefectSeeding.]


We all know that we should write tests to automate the checking of the code we write, and some of us even do it. But how do we know the tests are correct? How do we know they would actually catch bugs? How do we get a feel for the percentage of bugs still in the code? And how do we overcome the nagging doubt that having the same person write the test and then code the module is not orthogonal?

A possible approach is to appoint a ProjectSaboteur. Their job is to check out a parallel copy of the source tree, and then introduce bugs on purpose. They deliberately hack the module interfaces: ask for 10 values, for instance, and a hacked module will return 11, or none, or three million. In theory, every bug they introduce should be caught by an existing test. If not, you've found a hole. Categorize the holes, and you may find systematic weaknesses in the tests. Count the holes, as a ratio of overall bugs introduced, and you have a very rough idea of the percentage of bugs your tests are finding.

As a side effect, being a ProjectSaboteur is a good way for a newcomer to gain insight into the structure of a system without doing permanent damage. In a PairProgramming environment, ProjectSaboteur might be a good role for an odd person out.

Playing ProjectSaboteur consciously will also give you a very good feeling of where the code has problems, namely where it seems easy to insert a bug that will slip through. In my experience, LongMethods? are the most obvious candidates, which might be related to the fact that experienced programmers seem to PreferShortMethods? more than novice ones. YMMV, of course. Looking for a good place to seed a bug is very similar to looking for CodeSmells.

Presumably one does not commit the bugs, but instead runs the tests on a modified working copy? Or at the very least, commits to a branch.


I have seen this proposed before, but I find it highly questionable due to the following.

For the above reasons, I would consider defect seeding as a waste of time and effort providing little or no tangible benefit. Without a purpose and understanding of actual error types and densities, there is simply no justification to doing this type of "testing."

--WayneMack

This is like saying "without any plan how to test it is a waste of time provides little benefit" (I exaggerate). Finding incomplete tests is a good thing. As is testing in general. One can overdo it, yes, but you can overdo testing too: Just test every possible combination you can think of.


See ProjectSabotagePatterns


EditText of this page (last edited November 24, 2014) or FindPage with title or text search