[trustable-software] Evidence Relationships in SDLC

Paul Sherwood paul.sherwood at codethink.co.uk
Thu Mar 29 08:34:09 BST 2018 

Hi Edmund

please see my comments inline...

TL; DR i think you've taken some liberties with your definitions :-)

On 2018-03-28 16:26, trustable at panic.fluff.org wrote:
>       I wonder if you might be able to address this problem for me.
> I'm sort of stuck. I've been using the 'trustable' discussion to help
> get to something which I can implement.
>  https://gitlab.com/trustable/workflow/blob/master/markdown/basics.md
> 
> we discuss these relationships
> 
> So I believe the following to be the case
> 
>  	* each t.test MUST be associated with one or more t.requirement
> 	* t.function is a unit of execution of t.software
> 	* each t.function MUST be associated with one or more t.requirement
> 	* each t.function MUST be validated by t.test
> 	* each t.requirement MUST be unitary/cohesive
> 	* each t.requirement MUST have one or more t.test

This is currently still at the hypothesis stage, with various thought 
experiments and incomplete empirical evidence.

> So let's agree what a requirement is
> 
>   https://en.wikipedia.org/wiki/Requirement

I'm surprised at you - we don't agree something just because it's 
claimed on wikipedia :)

> And such a requirement should be Unitary and Cohesive. That is to say
> that it should address one and only one behavior.

I'm afraid I no longer agree with that, hence there is no such assertion 
in the basics.md file you mentioned above.

Dan Firth on this list provided a logic argument which appeared to nail 
it last year:

https://lists.trustable.io/pipermail/trustable-software/2018-January/000284.html

> Thus if you need to
> validate more than one behavior you require more than one requirement.
> I'm going to use this definition for t.requirement

No, based on the above.

> Now let's define what a function is. That is to say a callable unit of
> executable instruction.
> 
>     https://en.wikipedia.org/wiki/Subroutine
> 
> I'm going to use this definition for t.function

There's already a definition of t.function in the document, by all means 
propose an improvement there, but again wikipedia may or may not be 
helpful.

> Now let's define what a test is.
> 
>    https://en.wikipedia.org/wiki/Test_method
> 
> That is to say a definitive procedure that determines one or more
> characteristics of a given process execution. I'm going to use this as 
> a
> definition of t.test

Same criticisms as above - we already have some first-pass logic 
describing t.tests.

Can you propose improvements to that, or refute it?

> So what relationships are we trying to record
> 
>  	* t.requirement has one or more t.test

Yes, ok

> 	* t.requirement has one or more t.function

No: 'has' is the wrong verb, for sure. 'provided by' perhaps.

> 	* t.function has one or more t.test

Again, not 'has'. Currently we have "Each t.function MUST be validated 
by t.tests"

> 	* t.function has one or more t.requirement

Maybe s/has/contributes to/

> 	* t.test has one or more t.function

s/has/MAY validate some or all of/

> 	* t.test has one or more t.requirement

s/has/MAY validate some or all of/

> 	* t.test may exercise one or more t.requirement which in turn 
> exercises
> one or more t.function

possibly :)

> So here is the problem.
> 
>     We two requirements t.requirement[a] and t.requirement[b]
> 
>     We have a t.function[1] which is used in the implementation of
> t.requirement[a] & t.requirement[b]
> 
>     We have a t.function[2] which used in the implementation of
> t.requirement[a] & t.requirement[b]
> 
>     We have a t.test[1] for t.function[1]
> 
>     We have a t.test[2] for t.function[2]
> 
>     We gain a new requirement t.requirement[c]
> 
>     We have a  t.function[3] which is used in the implementation of
> r.requirement[c]
> 
>     We have a t.test[3] for t.function[3]
> 
>     We now discover that t.test[1] fails with the addition of
> t.function[3]
> 
>     We now discover that the root cause of t.test[1] failure is the
> interaction between t.function[3] and t.function[1]

The above seems plausible, even for the t.* definitions in basics.md

> Problem Constraints
> 
>    At any moment, we must be able to validate the relationship between
> t.requirement, t.function, t.test and the t.change. Ideally this
> relationship should not depend on the developer populating the metadata
> most likely incorrectly. Ideally this meta data should reside in the
> SCM tool perhaps in things like Commit Messages or Notes (git notes).
> 
> Here is the question ?
> 
>    How do we manage the linkage between these things without loosing 
> the
> relationship between the t.function[1] and t.requirement[a] ?
> 
>    Why is this a problem ? During the implementation of 
> t.requirement[c]
> we have to refactor the t.function[1] and t.test[1] from
> t.requirement[a]

Strictly 'refactor' is not the word to use, but I take your point, and I 
think it's unavoidable.

All this boils down to is that introducing any new code can expose 
previously unseen problems in existing code.

It is well understood that changing a single line of code can totally 
change the behaviour of a whole system.

What I'm not sure about is whether you are considering some shortcut to 
resolve the exposed problem(s) in this scenario? If you are, I'd really 
like to understand it.

>          Really value your opinion on this
>           Edmund
> 
> 
> ps I believe I have a horrid HACK to do this but was looking for
> something more beautiful

Would be great if you could share the hack? Maybe others can beautify...

br
Paul

More information about the trustable-software mailing list