[SystemSafety] Fwd: Re: CbyC and unit testing

Olwen Morgan olwen at phaedsys.com
Sat Jul 4 15:29:45 CEST 2020


On 03/07/2020 22:23, Peter Bernard Ladkin wrote:
> Olwen,
>
> you have misrepresented my views enough that I am retiring from this discussion, although I may
> respond to others.
>
If I have misrepresented your views, it has been because I sought to 
elicit, by deliberately risky paraphrase, a clear statement of what they 
actually are.

Modal logic can obscure as often as it clarifies. After all, it is 
undoubtedly true that:

(¬Use-CbyC -> <>Avoid-UT)

... if only because any fool can hack together a program and put it into 
production without testing it. But then, I am here using an everyday, 
epistemic notion of possibility that may have differed from the notion 
of possibility that you were using - and that was possibly (no irony 
intended) at the core of the dialectic.

Fortunately, David Crocker has now given what, IMHO, is an eminently 
sound view of the role of UT in CbyC development. The UT provides the 
first empirical check that the toolchain is working OK - at least in 
respect of those aspects of behaviour for which CbyC might, possibly, 
make certain parts of UT redundant - other parts of UT can test things 
that are below the level of abstraction at which formal specification 
and verification work and are useful as tests in their own right.

Apart from my off-list excursus into the epistemic status of 
mathematical proof (on which my views seem to have made you think I'm a 
nutcase :-)), most of what I have said has addressed the question, "What 
could go wrong?" in relation to the process and toolchain. I posed these 
questions seeking to elicit from you a few answers - but you have given 
none.

So, I leave the question with you:


What could go wrong that might bring into question the proposition that 
CbyC makes UT unnecessary?


Your call,

Olwen






More information about the systemsafety mailing list