- 浏览: 849744 次
- 性别:
- 来自: lanzhou
文章分类
最新评论
-
liu346435400:
楼主讲了实话啊,中国程序员的现状,也是只见中国程序员拼死拼活的 ...
中国的程序员为什么这么辛苦 -
qw8226718:
国内ASP.NET下功能比较完善,优化比较好的Spacebui ...
国内外开源sns源码大全 -
dotjar:
敢问兰州的大哥,Prism 现在在12.04LTS上可用么?我 ...
最佳 Ubuntu 下 WebQQ 聊天体验 -
coralsea:
兄弟,卫星通信不是这么简单的,单向接收卫星广播信号不需要太大的 ...
Google 上网 -
txin0814:
我成功安装chrome frame后 在IE地址栏前加上cf: ...
IE中使用Google Chrome Frame运行HTML 5
This is a letter that I would not show to a programmer in a real-life situation. I've often thought of bits of it at a time, and those bits come up in conversation occasionally, but not all at once.
This is based on an observation of the chat window in Skype 4.0.0.226.
Dear Programmer,
I discovered a bug today. I'll tell you how I found it. It's pretty easy to reproduce. There's this input field in our program. I didn't know what the intended limit was. It was documented somewhere, but that part of the spec got deleted when the CM system went down last week. I could have asked you, but you were downstairs getting another latte.
Plus, it's really quick and easy to find out empirically; quicker than looking it up, quicker than asking you, even if you were here. There's this tool called PerlClip that allows me to create strings that look like this
*3*5*7*9*12*15*18*21*24*27*30*33*36*39*42*45*48*51*54*57*60*...
As you'll notice, the string itself tells you about its own length. The number to the left of each asterisk tells you the offset position of that asterisk in the string. (You can use whatever character you like for a delimiter, including letters and numbers, so that you can test fields that filter unwanted characters.)
It takes a handful of keystrokes to generate a string of tremendous length, millions of characters. The tool automatically copies it to the Windows clipboard, whereupon you can paste it into an input field. Right away, you get to see the apparent limit of the field; find an asterisk, and you can figure out in a moment exactly how many characters it accepts. It makes it easy to produce all kinds of strings using Perl syntax, which saves you having to write a line of Perl script to do it and another few lines to get it into the clipboard. In fact, you can give PerlClip to a less-experienced tester that doesn't know Perl syntax at all (yet), show them a few examples and the online help, and they can get plenty of bang for the buck. They get to learn something about Perl, too. This little tool is like a keychain version of a Swiss Army knife for data generation. It's dead handy for analyzing input constraints. It allows you to create all kinds of cool patterns, or data that describes itself, and you can store the output wherever you can paste from the clipboard. Oh, and it's free.
You can get a copy of PerlCliphere, by the way. It was written byJames BachandDanny Faught. The idea started with a Perl one-liner by Danny, and they build on each other's ideas for it. I don't think it took them very long to write it. Once you've had the idea, it's a pretty trivial program to implement. But still, kind of a cool idea, don't you think?
So anyway, I created a string a million characters long, and I pasted it into the chat window input field. I saw that the input field apparently accepted 32768 characters before it truncated the rest of the input. So I guess your limit is 32768 characters.
Then I pressed "Send", and the text appeared in the output field. Well, not all of it. I saw the first 29996 characters, and then two periods, and then nothing else. The rest of the text had vanished.
That's weird. It doesn't seem like a big deal, does it? Yet there's this thing calledrepresentativeness bias. It's a critical thinking error, the phenomenon that causes us to believe that a big problem always looks big from every angle, and that an observation of a problem with little manifestations always has little consequences.
Our biases are influenced by our world views. For example, last week when that tester found that crash in that critical routine, everyone else panicked, but you realized that it was only a one-byte fix and we were back in business within a few minutes. It also goes the other way, though: something that looks trivial or harmless can have dire and shocking consequences, made all the more risky because of the trivial nature of the symptom. If we think symptoms and problems and fixes are all alike in terms of significance, when we see a trivialsymptom, no one bothers to investigate theproblem.It's only a little rounding error, and it only happens on one transaction in ten, and it only costs half a cent at most.When that rounding error is multiplied over hundreds of transactions a minute, tens of thousands an hour... well you get the point.
I'm well aware that, as a test, this is a toy. It's like a security check where you rattle the doorknob. It's like testing a car by kicking the tires. And the result that I'm seeing is like the doorknob falling off, or the door opening, or a tire suddenly hissing. For a tester, this is a mere bagatelle. It's atrivialtest. Yet when a trivial test reveals something that we can't explain immediately, it might be good idea to seek an explanation.
A few things occurred to me as possibilities.
For any one of the cases above, since it's so easy to test and check for these things, I would think that if you or anyone else knew about this problem, your sense of professionalism and craftsmanship would tell you to do some testing, write some checks, and fix it. After all, as Uncle Bob Martin said, you guys don't want us to findanybugs, right?
Any of the above explanations could be in play, many of them simultaneously. No matter what, though, all your unit tests could pass, and you'd never know about the problem until we took out all the mocks and hooked everything up in the real system. Or deployed into the field. (Actually, by now they're notunit tests; they're just unit checks, since it's a while since this part of the code was last looked at and we've been seeing green bars for the last few months.)
But it's not my place to say that. All that stuff is up to you. I don't tell you how to do your work; I tell you what I observe, in this case entirely from the outside. Plus it's only one test. I'll have to do a few more tests to find out if there's a more general problem. Maybe this is an aberration.
Now, I know you're fond of saying, "No user would ever do that." I think what you really mean is no userthat you've thought of, andthat you like, would do thaton purpose. But it might be a thought to consider users that you haven't thought of, however unlikely they and their task might be to you. It could be a good idea to think of users that neither one of us like, such as hackers or identity thieves. It could also be important to think of users that youdolike who would do thingsby accident. People make mistakes all the time. In fact, by accident, I pasted the text of this message into another program, just a second ago.
So far, I've only talked about the source of the problem and the trigger for it. I haven't talked much about possible consequences, or risks. Let's consider some of those.
NASA calls this last problem "the normalization of deviance". In fact, this tiny little inconsistency reminds me of the Challenger problem. Remember that? There were these O-rings that were supposed to keep two chambers of highly-pressurized gases separate from each other. It turns out that on seven of the shuttle flights that preceded the Challenger, these O-rings burned through a bit and some gases leaked (they called this "erosion" and "blow-by". Various managers managed to convince themselves that it wasn't a problem, because it only happened on about a third of the flights, and the rings, at most, only burned a third of the way through. Because these "little" problems didn't result in catastrophe the first seven times, NASA managers used this as evidence for safety. Every successful flight that had the problem was taken as reassurance that NASA could get away with it. In that sense, it was like Nassim Nicholas Taleb's turkey, who increases his belief in the benevolence of the farmer every day... until some time in the week before Thanksgiving.
Richard Feynman, in hisAppendix to the Rogers Commission Report on the Space Shuttle Challenger Accident, nailed the issue:
The phenomenon of accepting for flight, seals that had shown erosion and blow-by in previous flights, is very clear. The Challenger flight is an excellent example. There are several references to flights that had gone before. The acceptance and success of these flights is taken as evidence of safety. But erosion and blow-by are not what the design expected. They are warnings that something is wrong. The equipment is not operating as expected, and therefore there is a danger that it can operate with even wider deviations in this unexpected and not thoroughly understood way. The fact that this danger did not lead to a catastrophe before is no guarantee that it will not the next time, unless it is completely understood.When playing Russian roulette the fact that the first shot got off safely is little comfort for the next.
That's the problem with any evidence of any bug, at first observation; we only know about asymptom, not thecause, and not theconsequences. When the system is in an unpredicted state, it's in anunpredictablestate.
Software is wonderfully deterministic, in that it does exactly what we tell it to do. But, as you know, there's sometimes a big difference between what we tell it to do and what wemeantto tell it to do. When software does what we tell it to do instead of what we meant, we find ourselves off the map that we drew for ourselves. And once we're off the map, we don't know where we are.
According to Wikipedia,Feynman's investigations also revealed that there had been many serious doubts raised about the O-ring seals by engineers at Morton Thiokol, which made the solid fuel boosters, but communication failures had led to their concerns being ignored by NASA management. He found similar failures in procedure in many other areas at NASA, but singled out its software development for praise due to its rigorous and highly effective quality control procedures - then under threat from NASA management, which wished to reduce testing to save money given that the tests had always been passed.
At NASA, back then, the software people realized that just because their checks were passing, it didn't mean that they should relax their diligence. They realized that what really reduced risk on the project was appropriate testing, lots of tests, and paying attention to seemingly inconsequential failures.
I know we're not sending people to the moon here. Even though we don't know the consequences of this inconsistency, it's hard to conceive of anyone dying because of it. So let's make it clear: I'm not saying that the sky is falling, and I'm not making a value judgment as to whether we should fix it. That stuff is for you and the project managers to decide upon. It's simply my role to observe it and report it.
I think it might be important, though, for us to understandwhythe problem is there in the first place. That's because I don't know whether the problem that I'm seeing is a big deal. And the thing is, until you've looked at the code,neither do you.
As always, it's your call. And as usual, I'm happy to assist you in running whatever tests you'd like me to run on your behalf. I'll also poke around and see if I can find any other surprises.
Your friend,
The Tester
P.S. Ididrun a second test. This time, I used PerlClip to craft a string of 100000 instances of :). That pair of characters, in normal circumstances, results in a smiley-face emoticon. It seemed as though the input field accepted the characters literally, and then converted them to the graphical smiley face. It took a long, long time for the input field to render this. I thought that my chat window had crashed, but it hadn't. Eventually it finished processing, and displayed what it had parsed from this odd input. I didn't see 32768 smileys, nor 29996, nor 16384, nor 14998. I saw exactly two dots. Weird, huh?
Read more:http://www.developsense.com/2009/09/letter-to-programmer.html#ixzz0SXqgDOP3
发表评论
-
为什么中国出不了扎克伯格
2010-03-12 08:01 1115他们已基本失去成为互 ... -
不会编程的程序员
2010-03-06 12:39 920我想这让人难以置信, ... -
让代码更美:10大编程字体
2010-01-21 13:36 1735日复一日的编写代码, ... -
Everything you need to know about Android 2.0
2009-11-07 21:03 1079Android 2.0 (formerly codenamed ... -
Linux: still better for coding
2009-11-05 08:01 825Something like one year ago I s ... -
Top 10 Programming Fonts
2009-11-01 09:20 1582I’m a typeface geek, and when i ... -
Speed Up and Back Up Your Rooted Android Phone
2009-10-31 15:16 1065If you've rooted your Android p ... -
Five Favorite Web Applications of Designers
2009-10-18 08:36 929Webapps –compared to their des ... -
The Best Programming Language for a Lean Startup
2009-10-18 08:31 1196Think arguments between religio ... -
5 Excuses Bad Programmers Make
2009-10-16 16:51 708It’s a common problem, there’s ... -
How to Create a Twitter Feed on Your Web Site
2009-10-08 08:50 1008Twitter has quickly become one ... -
How NOT to test that mysqld is alive
2009-10-06 09:35 884I had a call from a new custo ... -
CodeThatDocumentsItselfSoWellItDoesNotNeedComments
2009-10-06 07:56 709“When I first met the lead de ... -
The Evolution of a Programmer
2009-10-06 07:54 700High School/Jr.High 10 PRI ... -
将Web入侵消灭在萌芽之中——预防SQL注入
2009-10-05 08:38 1059国家互联网应急中心CN-S ... -
阿里要走102年 阿里的工程师能走多远?
2009-10-04 08:46 672很高兴看到阿里云的 ... -
支持云应用程序服务的PHP API
2009-10-03 08:14 1014自称“PHP公司”的Zend Technologies发起 ... -
Java is dead, but you'll learn to love it
2009-10-02 08:32 1068A favorite hobby-hors ... -
程序员需要知道的97件事
2009-10-02 08:24 1434继架构师需要知道的97件事(参看InfoQ此前的报道)之后,该 ... -
Google Wave: There Will Be Backlash
2009-10-01 08:11 741Have you gotten your Google W ...
相关推荐
But it is really child's play compared to everything else that a good programmer must do to make a software system that succeeds for both the customer and myriad colleagues for whom he or she is ...
Straight from the programming trenches, The Pragmatic Programmer cuts through the increasing specialization and technicalities of modern software development to examine the core process--taking a ...
Apache Thrift is an open source cross ... You’ll see how the Apache Thrift framework fits into various communications schemes and also get a high level picture of the overall Apache Thrift architecture.
It offers an invitation to look at a prograrnuhing language that is different from the everyday ones, and can save you an awful lot of time and programming effort. You probably want to get on and ...
The Healthy Programmer gives you a daily plan of action that’s incremental and iterative just like the software development processes you’re used to. Every tip, trick, and best practice is backed ...
how-to-be-a-programmer-zh
The Pragmatic Programmer 是我转的 txt的
A Programmer's Introduction to CSharpA Programmer's Introduction to CSharpA Programmer's Introduction to CSharpA Programmer's Introduction to CSharpA Programmer's Introduction to CSharp
After a couple of introductory chapters, the book progresses from the simpler C# features to the more complex ones. You can read the chapters in order, working your way through the entire language. ...
Python Playground: Geeky Projects for the Curious Programmer Python is a powerful programming language that’s easy to learn and fun to play with. But once you’ve gotten a handle on the basics, what...
The Pragmatic Programmer cuts through the increasing specialization and technicalities of modern software development to examine the core process--taking a requirement and producing working, ...
Think Like a Programmer-An Introduction to Creative Problem Solving Think Like a Programmer-An Introduction to Creative Problem Solving
Your access to the information in this Cortex-A Series Programmer’s Guide is conditional upon your acceptance that you will not use or permit others to use the information for the purposes of ...
《A Programmer's Introduction to C#》是一本由Eric Gunnerson所著,旨在向有经验的C程序员介绍微软全新的C#语言的图书。本书详细涵盖了C#从基础到高级的各个方面,同时也深入探讨了与C++、Visual Basic和Java等...
Spanning across computer science themes such as hardware architecture, the operating system, and systems software, the Third Edition serves as a comprehensive introduction to programming. This book ...