[SystemSafety] Fwd: Re: CbyC and unit testing
Olwen Morgan
olwen at phaedsys.com
Fri Jul 3 22:27:55 CEST 2020
On 03/07/2020 15:45, Martyn Thomas wrote:
> On 03/07/2020 15:20, Olwen Morgan wrote:
>
>> UT is the earliest point in the life cycle at which problems not
>> detectable by CbyC can be detected by other means. Does one really
>> wish, by fiat, to throw this detection opportunity away?
> Human review comes even earlier.
>
> As I said before, engineers have to take VfM decisions. The decision
> about whether and what to unit test is a matter for engineering
> judgement, not fiat. IMO, the decision should be clearly documented,
> with the reasons for it, and reviewed as part of project QA.
Here I agree with you. Engineering considerations such as VfM - as well
as fitness-for-purpose - dominate all others in this context AFAI am
concerned.
PBL has now clarified to me some aspects of his view that using CbyC
makes it possible to avoid unit-testing. Yet, this is a strong claim and
needs strong evidential support if it is not to be regarded as a
judgement by fiat. My beef with this view is that in my judgement, there
are several possible objections to it. I've set out some of them in a
recent long posting to the list which PBL has perhaps not had time to
answer.
I grant that I have used some extreme hypothetical cases (e.g. a
compiler implementing iteration as recursion) to tease out issues of
principle, and I grant that the quantitative risk represented by any of
my qualitative objections must be subject to evaluation. But that does
not detract from the fact that in using the signifier "Use-CbyC", PBL is
saying a lot that he has not made explicit and that without explicit
articulation renders his position open to very serious question.
I refuse silently to accede to what I regard as incautious,
own-arse-exploding statements that risk inviting ridicule of the use of
formal methods by making what appears to me to be an overstatement of
their capabilities.
Olwen
More information about the systemsafety
mailing list