


I have implemented FIFO semaphores but now I need a way to test/prove that they are working properly. A simple test would be to create some threads that try to wait on a semaphore and then print a message with a number and if the numbers are in order it should be FIFO, but this is not good enough to prove it because that order could have occurred by chance. Thus, I need a better way of testing it.
If necessary locks or condition variables can be used too.



What you describe with your sentence "but this is not good enough to prove it because that order could have occurred by chance" is somehow a known dilema.

1)即使您具有规范,也不能确保该规范符合您的意图.为了说明这一点,我将以正确性限制" 为例.让我们考虑一下分解函数的规范:

1) Even if you have a specification, you can not ensure that the specification match your intention. To illustrate this I will take an example from "the limit of correctness". Let's consider a specification for a factorization function that is:

但是这还不够,因为您可以实现一个返回A=1B=C的实现.添加A,B != 1仍会导致A=-1B=-C,因此唯一正确的规范必须注明A,B>1.这只是为了说明编写符合真实意图的规范可能有多么复杂.

But it's not enough as you could have an implementation that returns A=1 and B=C. Adding A,B != 1 can still lead to A=-1 and B=-C, so the only correct specification must state A,B>1. That's just to illustrate how complicated it can be to write a specification that match the real intention.

2)即使已经证明算法,也并不意味着实现在实践中是正确的.最好用Donald Knuth的此报价来说明:

2) Even having proved an algorithm, still doesn't mean the implementation is correct in practice. This is best illustrated with this quote from Donald Knuth:

3)测试只能显示错误的存在,不能显示错误的存在.该引用可以追溯到 Dijkstra :

3) Testing can only reveal the presence of bug, not their absence. This quote goes back to Dijkstra:


Conclusion: you are doomed and you will never be 100% sure that your code is correct according to its intent! But stuff aren't that bad. Having a high confidence about the code is usually enough. For instance, if using multiple threads is still not enough for you, you can decide to use fuzzing as well so as to randomize the test execution even more. If your tests always pass, well, you can be pretty confident that your code is good.


07-29 19:28