Sujet : Re: "RESET"
De : blockedofcourse (at) *nospam* foo.invalid (Don Y)
Groupes : sci.electronics.designDate : 28. May 2025, 11:23:10
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <1016o6j$36o7q$1@dont-email.me>
References : 1 2 3 4
User-Agent : Mozilla Thunderbird
On 5/28/2025 1:43 AM, Martin Brown wrote:
Exactly. I recall a customer wanting us to verify all possible paths
through a bit of air traffic control radar software, about 100,000
lines of plain C. Roughly one in five executable line was an IF
statement, which is 20,000 IF statements. So there are 2^20000 =
10^6020 such paths.
Executing each path in the code at least once is a much more tractable problem. McCabes CCI metric will tell you how many test vectors it will take for a given complexity of code. And it should be done.
But you don't need to execute each *combination* of paths. All you
have to do is test the code in each branch (and opposing instance).
A sufficiently high CCI index for a routine also means that such code is highly unlikely to be correct.
Yes. You want modules to be small and self-contained. This is the appeal
of OOPS. Procedural implementations tend to meander around the codebase,
as if they are remembering particular issues as they wander. Instead,
focusing on a single, well-defined operation -- on a single object -- gives
you a simpler piece of code that is easier to comprehesively test
I recall one instance on a mainframe (brand withheld to protect the guilty) where a rogue program that ran continuously was slowly using up IO handles repeatedly opening the tracker ball interface each time a new user accessed it (and never letting go).
One day after a particularly long uptime it completely ran out of IO handles. Guess what the first thing the error handler tried to do?
Yup! It tried to obtain a new IO handle to report the error!
Of course! The fault, there, was not taking the handle early on, to be sure
it would be available. E.g., the difference between allocating dynamic
resources AS IF static -- just to avoid the possibility of them not being
available when needed. Ooops!
The testing campaign will have only scratched the surface when the Sun
runs out of hydrogen and goes supernova. Tomorrow's problem.
You can't out test every possible combination of events but you can make sure that the code paths when executed in at least one scenario don't do anything horribly bad. A lot of faults can lurk in the rarely used error recovery code that only gets used after something else has gone wrong.
Ariane 5 was an example of that sort of thing.
Proof that big, well-funded projects doesn't correlate with BETTER
implementations! When a project gets too big, group think muddies
the details of importance.
comp.risks is littered with them.