this post was submitted on 09 Jul 2023
84 points (97.7% liked)

Programming

17375 readers
159 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 1 year ago
MODERATORS
 

Is there some formal way(s) of quantifying potential flaws, or risk, and ensuring there's sufficient spread of tests to cover them? Perhaps using some kind of complexity measure? Or a risk assessment of some kind?

Experience tells me I need to be extra careful around certain things - user input, code generation, anything with a publicly exposed surface, third-party libraries/services, financial data, personal information (especially of minors), batch data manipulation/migration, and so on.

But is there any accepted means of formally measuring a system and ensuring that some level of test quality exists?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 1 year ago (1 children)

But is there any accepted means of formally measuring a system and ensuring that some level of test quality exists?

Formally? No, this is basically impossible by Rice's Theorem. There is not even a guarantee that if you have 100% test coverage, the program is good (the tests could be flawed).

This is just a natural limitation of turing completeness. You can't decide these properties while also having full computational power. In order to decide such things, you need a less powerful mode of computation (something not turing complete) that can be analyzed more thoroughly and with more guarantees.

[–] [email protected] 2 points 1 year ago (1 children)

That makes sense, thank you. Yes, it's specifically "test quality" I'm looking to measure, as 100% coverage is effectively meaningless if the tests are poor.

[–] [email protected] 7 points 1 year ago

Yea I'm afraid the only real way to "measure" that is to read through the tests and the code and make a good ol human value judgement on the state of the code and tests. But it won't give you a number.