about summary refs log tree commit diff
path: root/usth/ICT2.7/P4L1 General Concepts Subtitles/11 - Pros and Cons of Approaches - lang_en_vs4.srt
diff options
context:
space:
mode:
Diffstat (limited to 'usth/ICT2.7/P4L1 General Concepts Subtitles/11 - Pros and Cons of Approaches - lang_en_vs4.srt')
-rw-r--r--usth/ICT2.7/P4L1 General Concepts Subtitles/11 - Pros and Cons of Approaches - lang_en_vs4.srt195
1 files changed, 195 insertions, 0 deletions
diff --git a/usth/ICT2.7/P4L1 General Concepts Subtitles/11 - Pros and Cons of Approaches - lang_en_vs4.srt b/usth/ICT2.7/P4L1 General Concepts Subtitles/11 - Pros and Cons of Approaches - lang_en_vs4.srt
new file mode 100644
index 0000000..36a58ee
--- /dev/null
+++ b/usth/ICT2.7/P4L1 General Concepts Subtitles/11 - Pros and Cons of Approaches - lang_en_vs4.srt
@@ -0,0 +1,195 @@
+1

+00:00:00,230 --> 00:00:02,870

+The four different techniques that we just discussed have

+

+2

+00:00:02,870 --> 00:00:06,120

+a number of pros and cons. So next we

+

+3

+00:00:06,120 --> 00:00:08,780

+are going to discuss the main pros and cons

+

+4

+00:00:08,780 --> 00:00:11,140

+for these techniques, so as to be able to compare

+

+5

+00:00:11,140 --> 00:00:14,330

+them. When testing is concerned the main positive about

+

+6

+00:00:14,330 --> 00:00:17,600

+this technique is that it does not generate false

+

+7

+00:00:17,600 --> 00:00:21,740

+alarms. In other words, it doesn't generate false positives.

+

+8

+00:00:21,740 --> 00:00:25,180

+What that means, is that when testing generates a failure,

+

+9

+00:00:25,180 --> 00:00:27,230

+that means that there is an actual problem in the

+

+10

+00:00:27,230 --> 00:00:30,060

+code. The main limitation of testing, however, is that it

+

+11

+00:00:30,060 --> 00:00:33,680

+is highly incomplete. Consider again the picture that we drew

+

+12

+00:00:33,680 --> 00:00:36,430

+a little earlier. The one representing the input domain of

+

+13

+00:00:36,430 --> 00:00:39,430

+the program being tested. Even in the best scenario, testing

+

+14

+00:00:39,430 --> 00:00:44,050

+can consider only a tiny fraction of the problem domain,

+

+15

+00:00:44,050 --> 00:00:47,430

+and therefor a tiny fraction of the program's behavior, and

+

+16

+00:00:47,430 --> 00:00:50,308

+we'll say a lot more about that in the following lessons.

+

+17

+00:00:50,308 --> 00:00:53,780

+Static verification, unlike testing, has the main advantage

+

+18

+00:00:53,780 --> 00:00:57,320

+that it considers all program behaviors. If we

+

+19

+00:00:57,320 --> 00:01:00,370

+look back at our diagram, whereas testing will

+

+20

+00:01:00,370 --> 00:01:04,010

+select only a few of those inputs, static verification

+

+21

+00:01:04,010 --> 00:01:07,120

+will consider them all. Unfortunately, however, this comes

+

+22

+00:01:07,120 --> 00:01:08,990

+with a price. Due to limitation of this

+

+23

+00:01:08,990 --> 00:01:11,490

+kind of analysis and due to infeasibility issues,

+

+24

+00:01:11,490 --> 00:01:15,260

+static verifiation considers not only all the possible behaviours,

+

+25

+00:01:15,260 --> 00:01:18,870

+but also some impossible behaviors. And what that means is

+

+26

+00:01:18,870 --> 00:01:22,472

+that static gratificaition can generate false positives. And this is,

+

+27

+00:01:22,472 --> 00:01:24,590

+in fact, the main issue with static verification techniques. As

+

+28

+00:01:24,590 --> 00:01:28,550

+we will further discuss later in the class, static verification can

+

+29

+00:01:28,550 --> 00:01:31,280

+generate results that are not true. For example, it might

+

+30

+00:01:31,280 --> 00:01:33,970

+report a possible no point of the refernce that cannot

+

+31

+00:01:33,970 --> 00:01:37,590

+actually occur in practice. The strongest point about inspections is

+

+32

+00:01:37,590 --> 00:01:40,950

+that, when they're done in a rigorous way, they're systematic and

+

+33

+00:01:40,950 --> 00:01:43,420

+they result in a thorough analysis of the code.

+

+34

+00:01:43,420 --> 00:01:46,840

+They are nevertheless a manual process, a human process.

+

+35

+00:01:46,840 --> 00:01:49,890

+So they're not formal and their effectiveness may depend

+

+36

+00:01:49,890 --> 00:01:53,560

+on the specific people performing the inspection. So its results

+

+37

+00:01:53,560 --> 00:01:57,150

+can be subjective. Finally, the main pro about formal

+

+38

+00:01:57,150 --> 00:02:01,090

+proofs of correctness is that they provide strong guarantees.

+

+39

+00:02:01,090 --> 00:02:03,740

+They can guarantee that the program is correct, which

+

+40

+00:02:03,740 --> 00:02:06,280

+is not something that any of the other approaches can

+

+41

+00:02:06,280 --> 00:02:09,505

+do, including study verification. But the main limitation of

+

+42

+00:02:09,505 --> 00:02:12,680

+formal proofs is that they need a form of specification,

+

+43

+00:02:12,680 --> 00:02:15,750

+a complete mathematical description of the expected behavior of

+

+44

+00:02:15,750 --> 00:02:19,060

+the whole program, and unfortunately such a specification is rarely

+

+45

+00:02:19,060 --> 00:02:21,920

+available, and it is very complex to build one.

+

+46

+00:02:21,920 --> 00:02:25,170

+In addition, it is also very complex, and possibly expensive,

+

+47

+00:02:25,170 --> 00:02:27,720

+to prove that the program corresponds to a specification.

+

+48

+00:02:27,720 --> 00:02:30,990

+That is a process that requires strong mathematical skills and,

+

+49

+00:02:30,990 --> 00:02:32,551

+therefore, a very specialized personnel.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-18 08:42:21 +0000