From: Jesper Louis Andersen <jesper.louis.andersen@gmail.com>
To: Gabriel Scherer <gabriel.scherer@gmail.com>
Cc: David MENTRE <dmentre@linux-france.org>, caml users <caml-list@inria.fr>
Subject: Re: [Caml-list] About "precise (formal) things that can be said about properties of certain interfaces"
Date: Tue, 21 Jun 2016 22:06:32 +0200 [thread overview]
Message-ID: <CAGrdgiWyeZa4xtFq4m7oBTebDP+rxOF6wJ_QzKvM-cW1bmYs6Q@mail.gmail.com> (raw)
In-Reply-To: <CAPFanBExRbRmmCXf7sYCJ6NxzpauOyR63c_27CWAfU0gfUACqQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2168 bytes --]
On Tue, Jun 21, 2016 at 9:11 PM, Gabriel Scherer <gabriel.scherer@gmail.com>
wrote:
> In my experience, this is an excellent mindset in which to put code
> authors at the moment they are designing and implementing the function (so
> these tests should come simultaneously, not after the implementation
> effort), because it makes you think about the properties the function
> should have, and this is a very effective way to make the right choices on
> corner cases: most choices will *not* respect nice properties, and those
> that do are the right ones.
Elaborating with an insight I once learned from John Hughes.
When a QuickCheck test case fails, one out of three things are wrong. They
are wrong with about the same frequency:
1. The system-under-test has a failure
2. The property/test specification has a failure
3. The generator, producing random inputs has a failure.
If the 1st happens, it is a genuine bug which can be fixed. If the 2nd
happens, it forces you to think about and strengthen the property, which
after a couple of rounds of strenghtening often results in the 1st case.
The 3rd case is peculiar since it tells you something about the (input)
domain, which often is as important as the property themselves.
A war story was a circuit breaker system I wrote for Erlang. In this
system, there was a specific configuration parameter which could be any
natural number (including 0). But it turned out there were lots of failures
when the configuration parameter was 0. This forced me to think, and I soon
realized that a parameter of 0 did not make any sense, so I changed the
validity domain to be 1 or greater, and added a test which made sure that 0
or less would return an error on system setup.
But then, the code coverage showed a lot of dead code. It turned out my
code had two code paths through it: the 0 case, and everything else. And
the 0 case didn't work. I ended up deleting about half of that module as a
result. QuickCheck systems are really good at testing your boundary and
edge cases for correctness. A really good QC implementation could perhaps
even find that OCaml's default List.map is not tail recursive :)
--
J.
[-- Attachment #2: Type: text/html, Size: 2948 bytes --]
next prev parent reply other threads:[~2016-06-21 20:07 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-21 11:56 [Caml-list] About contributions to the Standard Library Damien Doligez
2016-06-21 15:48 ` Gabriel Scherer
2016-06-21 15:54 ` [Caml-list] About "precise (formal) things that can be said about properties of certain interfaces" David MENTRE
2016-06-21 19:11 ` Gabriel Scherer
2016-06-21 20:06 ` Jesper Louis Andersen [this message]
2016-06-22 15:33 ` [Caml-list] About contributions to the Standard Library Junsong Li
2016-06-22 21:31 ` Alain Frisch
2016-07-07 10:26 ` Daniel Bünzli
2016-07-08 14:01 ` Alain Frisch
2016-07-08 14:37 ` Daniel Bünzli
2016-07-11 8:55 ` Goswin von Brederlow
2016-07-11 9:43 ` Daniel Bünzli
2016-07-11 9:48 ` Adrien Nader
2016-07-11 10:28 ` Daniel Bünzli
2016-07-11 18:34 ` Adrien Nader
2016-07-11 20:36 ` Daniel Bünzli
2016-07-11 9:49 ` Goswin von Brederlow
2016-07-12 18:32 ` Ian Zimmerman
2016-07-12 19:01 ` Gabriel Scherer
2016-07-12 21:26 ` Ian Zimmerman
2016-07-12 22:35 ` Gabriel Scherer
2016-07-12 23:20 ` Ian Zimmerman
2016-06-27 9:09 ` Goswin von Brederlow
2016-06-27 11:19 ` Gerd Stolpmann
2016-06-27 13:21 ` Gabriel Scherer
2016-06-30 11:08 ` Goswin von Brederlow
2016-06-30 15:52 ` Gabriel Scherer
2016-06-30 10:59 ` Goswin von Brederlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGrdgiWyeZa4xtFq4m7oBTebDP+rxOF6wJ_QzKvM-cW1bmYs6Q@mail.gmail.com \
--to=jesper.louis.andersen@gmail.com \
--cc=caml-list@inria.fr \
--cc=dmentre@linux-france.org \
--cc=gabriel.scherer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).