Skip navigation.
Home » blogs » Charlie Audritsh's blog

The conundrum of testability modifications

Submitted by Charlie Audritsh on Sun, 04/02/2007 - 22:51. testability
In my current role I'm lucky enough to get a lot of support from development. They really care about the performance of the application and want to help me test it. So when I run into certain kinds of application related stumbling blocks -- a generated hash key that expires in 3 days as a security measure, after which that part of the app won't work with the old key by design, or a page with really a lot of IDs generated each time, that the server won't accept any that don't match upon submit, another security measure -- just to give two examples, developers often offer to take them out for me so I can test. "We can take that out so you can test, and we'll just put it back in before we ship." Woah. Red flag here. Wait. Stop.

Admittedly this is the kind of thing that tends to break automated tests, performance or otherwise, so it seems I can't test with it as it is, yes. But if this is taken out, then the functional test team is not testing the code that will actually be shipped/deployed/put into prod later. Then we're talking about making a special build just for me, which opens the door for version control issues, and then I'm not testing what will ship, though it seems I may not really have that choice anyway.

So what to do here? The way it works is very incompatible with testing it in an automated way, but changing that for testability means we're testing a version that customers will never see, or more to the point we won't be testing what they will see. The only option I see at this point is that if it's really important to test, is to put this risk on the table and raise awareness of it. If the risk is accepted, make the testability code change, do the special build and test, with everyone being aware that what we're testing is, in this one respect, not the code the customers will get.

I don't know though. This is a gray area that I, as a tester, am not comfortable with. I need to think this through some more. Does anyone here at testing reflections have any thoughts on this, or know of anything that's been written that explores these questions further?
» Charlie Audritsh's blog | login or register to post comments

Avoid modified revisions for testing... there are alternatives

Submitted by Antony Marcano on Mon, 05/02/2007 - 09:33.
[textile]I always prefer to look for alternatives to using modified versions.

A single hash in the page shouldn't be a big deal. Simply collecting that value, populating a variable and using in the post-back should resolve it. You can do that relatively easily in Visual Studio 2005 (are you still using that?).

The problem is much harder when there are a lot of IDs in the page. Look for an opportunity to generalise the solution. See if you can query the page (e.g. using XPath) to collect all instances of these IDs and populate a Collection. Then query that Collection to populate the post-back...

You could contact Tech Support for some other way of solving this problem... since your company pays enough money for the licenses, that's exactly what they are there for. There may be a feature in Visual Studio that I've forgotten about that deals with that for you.

Is the fact that there are a lot of IDs part of the security deterrent? If not, then see if the developers can store them in session state and use a Hash in the page instead.

Finally, if none of the above are feasible, see if the developers can implement a configuration option that allows you to tell the application to use a stubbed concrete implementation of the code that populates the IDs. The page payload then stays about the same but the ID is made to be easily predictable by your scripts. This can be a simple configuration parameter that the application uses to determine context and determine whether to use the default ID Class implementation or the stubbed version. If it is more than just the ID and the configuration varies and you want to be in control of those variations then consider something like the "Plugin Design Pattern":http://www.martinfowler.com/eaaCatalog/plugin.html. Using this either approach will put you in control of when the stub is used and when it isn't.

Ensure that the implementation of the solution is thoroughly tested (functionally) and that it is configurable from a .config file (.properties in Java). The deployed version of the code should use the default ID generator plugin. On your test-environment, you simply edit the config file and add the override setting in the config file to use the stubbed ID code instead ("it's not a mock, it's a stub":http://www.testingreflections.com/node/view/3842). This will help to reduce some of the risks that you're concerned about.

Stubbing the ID code, however, may affect your performance stats. See if the developers can work with you to benchmark the ID code vs. the stubbed code and if necessary introduce an artificial delay in the stub that matches the benchmarked ID code. How thorough the benchmarking is (multi threaded; machine characteristics; database server) depends on how concerned you are.

My suggestions
So, there are some options. Based on my (rusty) knowledge of Visual Studio 2005 Load Testing capabilities, you should be able to solve the problem in your web-test and shouldn't need to change the application.

Check your support agreement and if possible, contact Visual Studio tech support for assistance in solving the problem in your load-test. You may need some C# programming skills to implement the page parsers that collect and populate your variables for each post-back. I'd seek the assistance of the developers in solving the problem of parsing the page and re-using values in the web-test first before I ask them to change the application.

If you do ask the developers to change the application, then avoid using different versions of the deployed code. Use a configuration file that allows you to modify the concrete implementation of the relevant class in the application. Alternatively, use a property to allow the application to understand that it is operating under a different context and thus use a different class to populate the IDs. This approach means that the revision of the code you test is the same revision that would then go into production. It still means that at run-time, you are testing a different 'configuration' but the risks are lower than taking a completely different revision of the code that then needs to be altered and recompiled before going into production.

Good luck and let us know what you decide to do and what you learn from it.

Antony Marcano
» login or register to post comments

Comment viewing options

Select your preferred way to display the comments and click 'Save settings' to activate your changes.