Blog Home RSS Kelvin Jackson

Ordering Lizards


A software tester walks into a bar and orders a beer, orders three beers, orders nine billion beers, orders -1 beers, orders a lizard, orders a lkasjfdlkajfd ai ds;flak jfd;lkas;oifdau ;ofdiaj flka dslfkadsf.

Then a real customer walks in and knocks over a barstool, and the building catches on fire.

(— a programmer joke; origin unknown)

When did you last order a lizard at your product's metaphorical bar?

Remember that users will always do stranger things than you expect. They will put values in the wrong fields, try to type out numbers as words, let their cats walk across the keyboard, and so on. You cannot ever count on your program receiving only input that it can work with. This should be something that every programmer already knows, but there is enough lousy software out there to suggest that they likely do not.

This means that if you need a number, it is on you the programmer to ensure that the user sees a clear error message if they try to enter anything other than a number. The same is true if they enter too large or small of a number, or if they use a decimal point when you expected an integer. You also need to make sure that the back and forward buttons of a web browser behave as expected, and that the app does not crash on Sundays. All of these things need to be tested, with the strangest and least correct inputs you can come up with.

There are of course some cases where any arbitrary input should be accepted as is, such as names (and sometimes you have to be even more open-minded than just accepting any string, as detailed in the List of Falsehoods Programmers believe about names). This does not, however, exonerate you from ordering a lizard — it just means that the system has to be able to appropriately store any species of lizard it receives, without returning garbage or opening the door to SQL injection attacks.

Sometimes, your metaphorical lizard will look like the output of monkeys pounding away on a typewriter. Other times, it will need to be carefully crafted code that could be used to exploit a security vulnerability. Unfortunately, there is no formula for generating perfect lizards — you as a developer need to think about how your program works and then come up with the best test inputs you can, and even then you will not get it right on the first try. Lizards eat bugs, but each species of lizard only eats certain types of bugs. And no program survives contact with actual users, no matter how many lizards you throw at it.