program surgery vs. type safety

Alex Martelli aleax at aleax.it
Thu Nov 13 17:47:44 CET 2003


Donn Cave wrote:
   ...
> There's no guarantee that if this program were written in ML
> instead, I'd find every upgrade error, but it would be a hell
> of a lot better than patch.

Yep, but nowhere as good as unit-tests (and acceptance tests
and stress tests and whateveryouwant-tests).  Particularly if
I could run it with DBC-constructs (preconditions, postconditions,
invariants) enabled (but I admit I've never yet done that on
any serious, large Python program -- it's more of a memory of
how we did it with C++ a few years ago -- _tests_, however, I
_am_ deadly serious about, not just "nostalgic"...:-).


> If I were as confident as you that ``it will rapidly all get
> fixed,'' then I guess it would not be an issue.  But my

Having a good battery of tests gives me that confidence --
quite independent of the language.  (Having asserts makes it
a bit better, having systematic pre/post conditions and
invariants better still -- but tests are It, all in all).


> experience is that too much of it won't get fixed until it
> breaks in production, and I hate to mess with it for that
> reason.  I find Haskell and Objective CAML kind of liberating
> in this way - I can go in and really tear it up, and the
> compiler won't let me call it finished until all the boards
> are back, wires and fixtures re-connected - stuff that I can't
> see but it can.

I wish I was still young and optimistic enough to believe that
the compiler's typechecking (even if as strong and clean as in
ML or Haskell) was able to spot "all" the whatevers.  Sure,
"tests can only show the _presence_ of errors, not their
_absence_".  But so can static, compiler-enforced typing -- it
can show the presence of some errors, but never the absence of
others ("oops I meant a+b, not a-b"! and the like...).  In my
experience, the errors that static type-checking reliably catches
are a subset of those caught by systematic tests, particularly
with test-driven design.  But systematic use of tests also
catches quite a few other kinds of errors, so, it gives me MORE
confidence than static type-checking would; and the "added
value" of static type-checking _given_ that I'll have good
batteries of tests anyway is too small for me to yearn to go
back to statically checked languages.

I _know_ I'd feel differently if e.g. management didn't LET
me do TDD and systematic testing because of deadline pressures.
But I don't think I'd stay long in a job managed like that;-).


Alex





More information about the Python-list mailing list