Buglyst
Start Debugging
Testing8 min read

Testing Error Handling Code Paths: A Practical Approach

Error handling code is often the least tested and most brittle. Here's how to cover those paths with fault injection, mocks, and chaos engineering.

error handlingtestingfault injectionmockingchaos engineering

I've lost count of how many postmortems I've read where the root cause was 'error handling code never tested.' The happy path gets all the love — unit tests, integration tests, even performance tests. But the code that runs when a database connection drops, a file write fails, or an API returns a 503? That's the code that actually determines whether your system crashes or recovers gracefully.

Testing error paths is hard because errors are non-deterministic by nature. You can't just 'reproduce the race condition' on demand. But you can systematically inject faults, mock at boundaries, and use chaos engineering to validate that your error handling actually works. Here's how I approach it.

Fault Injection at Every Layer

The most direct way to test error handling is to make the error happen on purpose. For unit tests, that means mocking dependencies to throw exceptions at specific points. Python's unittest.mock and pytest's monkeypatch make this straightforward.

Using side_effect to inject a transient failure and verify retry logic.
# test_error_handling.py
from unittest.mock import patch
import my_service

def test_retry_on_connection_error():
    with patch('my_service.database.connect') as mock_connect:
        mock_connect.side_effect = ConnectionError("timeout")
        result = my_service.get_data("key")
        assert result == fallback_value
        assert mock_connect.call_count == 3  # retries

But mocking alone isn't enough. You need to test that the error handling code itself doesn't introduce new bugs. For example, a retry loop that doesn't back off exponentially can hammer a downed database and make recovery harder. Test that too.

Integration-Level Fault Injection

When mocking isn't realistic enough — say you're testing a service that writes to S3 — use tools like minio to simulate S3 failures, or use a proxy like Toxiproxy to inject latency, timeouts, and connection resets. I once spent two days debugging a file upload service that silently corrupted data when the disk was full. The fix? A test that filled up a tmpfs mount and verified the error was propagated to the user.

Creating a small loop device to simulate disk-full conditions.
# Test with a limited-size filesystem
mkdir -p /tmp/testmount
dd if=/dev/zero of=/tmp/test.img bs=1M count=10
mkfs.ext4 /tmp/test.img
mount -o loop /tmp/test.img /tmp/testmount
# Run your test writing files until disk full
# Then verify proper error handling

Chaos Engineering for Error Paths

Unit and integration tests cover specific faults. But they miss emergent behavior when multiple things fail at once. For that, you need chaos experiments. Tools like Chaos Monkey or Gremlin let you inject failures into staging environments — kill a pod, drop network packets, corrupt disk writes — and observe how your system responds.

info

Pro tip: Start with a game day scenario. Schedule a 30-minute session where the team deliberately breaks parts of the system and observes what happens. Record everything. Then fix the gaps.

The Silent Fallback

  1. 14:00Chaos experiment: block all traffic to payment gateway in staging.
  2. 14:02System falls back to cache — orders appear to go through.
  3. 14:05Alert: cache TTL expired, fallback returns empty response.
  4. 14:06Users see 'order confirmed' but orders never reach fulfillment.
  5. 14:10Experiment stopped. Root cause: fallback handler didn't log or alert on failure.

Lesson

Always instrument fallback paths with metrics and alerts. A silent fallback is worse than a hard failure.

Property-Based Testing for Error Recovery

Stateful error recovery — like reconnecting after a network blip — is hard to test with examples. Property-based testing (e.g., Hypothesis in Python, QuickCheck in Haskell) generates random sequences of operations and failures. You specify invariants that should always hold (e.g., 'after any number of disconnects, the system eventually becomes consistent').

Hypothesis test that random sequences of operations and disconnections don't break consistency.
from hypothesis import given, strategies as st
import my_service

@given(st.lists(st.one_of(st.just("read"), st.just("write"), st.just("disconnect"))))
def test_eventual_consistency(operations):
    system = my_service.System()
    for op in operations:
        if op == "read":
            system.read()
        elif op == "write":
            system.write("data")
        elif op == "disconnect":
            system.simulate_disconnect()
    # After any sequence, the system should be able to recover
    system.reconnect()
    assert system.is_consistent()

Observability is the Safety Net

No matter how many error paths you test in pre-production, some will slip through. That's where observability comes in. Instrument every error path with a structured log line, a metric increment, and a trace span (even if it's a 'dead end' span). You want to know, in production, how often each error path is hit and how the system responds.

Set up alerts on error path metrics: if the fallback cache is hit more than 5 times per minute, that's a warning. If a retry loop exceeds 10 attempts, that's a pager. Use dashboards to track error path health over time.

73%

of production incidents involving error handling were preceded by a gap in test coverage of that specific error path (from a 2023 study of 100 postmortems).

Making It a Habit

Testing error paths shouldn't be a separate activity. Add it to your definition of done: every new feature must include tests for at least two error scenarios. Code review checklists should include 'error handling is tested.' And run chaos experiments on a regular cadence — not just when something breaks.

The goal isn't 100% coverage of all possible errors. That's impossible. The goal is to know that the most critical error paths — the ones that could cause data loss, silent corruption, or extended downtime — are exercised and verified. Start with the ones that hurt the most.

The code that runs when things go wrong is the code that determines whether your system fails gracefully or catastrophically.

Frequently asked questions

How do I test error handling without actually causing failures in production?

Use fault injection in unit/integration tests (e.g., mock objects that raise exceptions at specific points). For integration tests, inject failures via network proxies or filesystem manipulation. In staging, run chaos experiments that deliberately cause failures while monitoring system behavior.

What's the difference between mocking and fault injection for testing error paths?

Mocking replaces a dependency entirely with a test double that can be programmed to raise errors. Fault injection alters the actual dependency's behavior (e.g., making a network call timeout) to trigger error handling. Mocks are faster and more deterministic; fault injection is more realistic but slower.

Should I test every possible error path?

No — prioritize paths that are critical for correctness, data integrity, or user experience. Use risk-based testing: focus on errors from external dependencies (network, disk), input validation, and resource exhaustion. Property-based testing can help cover combinatorial error states.

How do I ensure error handling code doesn't mask bugs?

Instrument error paths with structured logging and metrics. Write tests that assert not only that the error was handled, but that the system entered the expected degraded state (e.g., retry count, fallback behavior). Use code reviews to check that error handling isn't swallowing exceptions.