[SystemSafety] Fwd: Re: CbyC and unit testing
Olwen Morgan
olwen at phaedsys.com
Sat Jul 4 15:29:45 CEST 2020
On 03/07/2020 22:23, Peter Bernard Ladkin wrote:
> Olwen,
>
> you have misrepresented my views enough that I am retiring from this discussion, although I may
> respond to others.
>
If I have misrepresented your views, it has been because I sought to
elicit, by deliberately risky paraphrase, a clear statement of what they
actually are.
Modal logic can obscure as often as it clarifies. After all, it is
undoubtedly true that:
(¬Use-CbyC -> <>Avoid-UT)
... if only because any fool can hack together a program and put it into
production without testing it. But then, I am here using an everyday,
epistemic notion of possibility that may have differed from the notion
of possibility that you were using - and that was possibly (no irony
intended) at the core of the dialectic.
Fortunately, David Crocker has now given what, IMHO, is an eminently
sound view of the role of UT in CbyC development. The UT provides the
first empirical check that the toolchain is working OK - at least in
respect of those aspects of behaviour for which CbyC might, possibly,
make certain parts of UT redundant - other parts of UT can test things
that are below the level of abstraction at which formal specification
and verification work and are useful as tests in their own right.
Apart from my off-list excursus into the epistemic status of
mathematical proof (on which my views seem to have made you think I'm a
nutcase :-)), most of what I have said has addressed the question, "What
could go wrong?" in relation to the process and toolchain. I posed these
questions seeking to elicit from you a few answers - but you have given
none.
So, I leave the question with you:
What could go wrong that might bring into question the proposition that
CbyC makes UT unnecessary?
Your call,
Olwen
More information about the systemsafety
mailing list