Skip to main content

Unit Testing - What to Test

This I wrote to answer a question that came up when we were discussing our software process and I was training developers on how to unit test.

It seems a simple enough question, but I kept pondering it and delving deeper until I realized I needed to write this monograph.

What unit tests should we write? How do we know what to test?


Ideally, unit tests should cover every path through the code. It should be your chance to see every path through your code works as expected and as needed. If you are practicing Test Driven Development then it's implied everything gets a test.

In the real world, you might not be allowed to test everything - for instance, if the testing suite ends up taking a week to run, then the world will have changed by the time it finishes and the test results will be obsolete.

Unit testing at it's basic is testing an object, a method - the smallest unit of your code that it can test independently.

It should test the inputs "goes into" and corresponding outputs "goes out of".  It should test every variant of input that will exercise every code path and even try to get to exit it's code paths entirely - throw an exception, SIGINT, stack overflow, whatever. It's no time to be nice to your code.  Test boundaries - test what happens when you are outside the boundaries - inputs outside what you expect, exceptions from called objects, unexpected types - strings instead of numbers, floats instead of ints.

It should be automated and fast so that whenever that "thing" (your small unit of software)  changes, you can run the test and make sure it still works as expected - as it did prior to the change.

A good and complete suite of unit tests should:
·       Free you to do exploratory testing at a higher level, manually or however
·       Give you confidence to change, refactor fearlessly - if all the same gazinta's produce the same gazouta's for a unit, you're good!

Test code should be treated as well as all the rest of your application code - it's not hack code, junk code, throwaway code because if it is, it doesn't belong in the source tree.

Designing for testability:
  • Adhering to separation of concerns help make code testable - focused functions that do only one thing are easier to test
  • When accessing other objects, try to segregate or wrap the calls so that mocking them becomes easier
  • Segregate validation code so that it can be easily tested
  • Think of patterns that foster testability like the Facade pattern

In our Javascript ecosystem, here are some further specific hints:
  • Look at anonymous functions - very often these can be turned to named functions and makes them testable units. If you have a 10+ line anonymous function, it's probably doing something non-trivial - so it could probably use a test.
  • As you are writing functions, look for ways to make them composable (See https://codewords.recurse.com/issues/four/lazy-composable-and-modular-javascript for more details on concept and techniques).
  • Know what your functions return - or in other words, be explicit about what your functions return. Don't surprise the caller.
  • Try to create functions without side effects - otherwise try to make the side effects singular in purpose and scope for each function.  Test the side effects.
  • Test Failure - make sure a .catch on a .then gets tested.
  •  Perhaps  the use of flogs, such as '__DEV__' will help you segregate test code you want to disappear in production.

References:
xUnit Test Patterns - Website of book by same name. Published by Addison-Wesley - well worth purchasing. Accessed Jan 19, 2018 - an excellent resource on xUnit test patterns - goes over mocks, test doubles, lots of helpful patterns.
Robert Martin of First Class Tests - Accessed Jan 19, 2018 - This article in particular makes a very good case on why you should treat your test code as a 'First Class Citizen' - an equal to the application code it supports. It's a mind shift - an important one.
Collected Wisdom of Martin Fowler - Accessed Jan 19, 2018 - lot's viewpoints on how to get value out of testing - not a one time read, more of an on-going resource.
 
Labels:

Comments

Post a Comment

Popular posts from this blog

Let's Not Mess Around with Security on our Personal Systems Either!

Essential Security Practices for Your Personal Systems Ensuring a minimal level of cybersecurity, privacy, and availability on your personal systems means you need to manage the following essential practices. This is a brief overview of recommendations from sources like CISA, NSA, etc., focused on personal laptop, phone, and other systems' security. Anti-virus  I've found you'll get the best anti-virus protection and usability from a paid product - I've always had good luck with Norton labeled products. If you are looking for current vendor offerings see:  https://www.pcmag.com/picks/the-best-antivirus-protection Regardless of whether you choose to use a commercial product or open-source anti-virus tool, it is absolutely something you need to use. This is the minimally needed level of system security. Once installed, ideally, it should be invisible until there's a security problem it can't prevent or solve.   Backups You need to have at least a minimal level of ...
Post a Comment
Read more

RACI, Cybersecurity and NICE Framework

The NICE framework from a RACI point of view The NICE framework ( NIST SP 800-181 rev. 1) established a standard approach for describing cybersecurity work, in order to help stakeholders share a common language and ideally improve how to identify, recruit, develop and retain talent. It breaks down cybersecurity work role categories into: Oversight and Governance; Design and Development; Implementation and Operation; Protection and Defense; Investigation.  Which is very cybersecurity-centric and not related to common tools for project management within companies. Especially smaller enterprises that do not have dedicated people to mange and coordinate cybersecurity needs. A  RACI chart  is   a project management tool used to define and clarify roles and responsibilities within a project team.   It stands for Responsible, Accountable, Consulted, and Informed, and visually represents who is responsible for what, who is accountable for the outcome, who needs to be c...
Post a Comment
Read more

Typescript - It might not be easier, but but it's surely different

Typescript is a statically typed language, that is a superset of JavaScript. I've had the discussions and debates about that aspect of the language. I am all for static typing. Any way my tools can help me be better is alright by me. So I avoid the ' any ' type designation and make sure I have guards on ' unknown ' types, as much as I can.  Any  does not carry any useful type information, while unknown does, and allows it to enforce type checking.  Anything can be assigned to a variable of type unknown , but an unknown value cannot be assigned to variables of other types without explicit type assertion or narrowing. Similarly, no operations are permitted on an unknown value until its type is refined. This behavior ensures type safety and prevents runtime errors. (Refined with help from google). I bring this up because I was arguing with the compiler recently because I'd assumed both made no use on any type information in any circumstance - because I haven't ...
Post a Comment
Read more