[SystemSafety] CbyC and unit testing

Martyn Thomas martyn at thomas-associates.co.uk
Mon Jul 6 19:37:33 CEST 2020


On 05/07/2020 12:47, Olwen Morgan wrote:
> Does anyone here honestly believe that you could successfully defend
> omitting UT in an action for negligence if a system developed using
> CbyC failed and killed someone as a result of a defect that could have
> been detected by UT?

Can you guarantee that your UT will detect all the errors that any
possible UT would have detected? If so, how?

Are you using successful tests as the axioms on which you can develop a
rigorous inductive proof of correctness, which (if I recall correctly)
Tony Hoare said was how testing should be used?

If not, in your hypothetical example, how are you going to defend having
omitted the unit tests that would have detected the errors that caused
the failure that killed someone?

I think you are doing what the opponents of FMs often do and assuming
that the proponent of C-by-C is claiming they can deliver perfection.
I'm certainly not - I'm saying that software engineering seeks to make
software that is as fit as is reasonably practicable for it's intended
purpose and that in my experience, being as rigorous as reasonably
practicable is tautologically how to achieve that.

In my experience, most software teams don't even try to be rigorous. At
best they are skilled craftspeople, not professional engineers.
Sometimes that's good enough. Sometimes it may even be what you need.
Caveat emptor.

Martyn




More information about the systemsafety mailing list