On the criteria to be used in decomposing systems into modules
Communications of the ACM
| Hi-index | 0.00 |
The best that can be expected from traditional debugging and testing techniques is that the number of bugs will be reduced to a tolerable level. However, programs that either implement or relate to protection in an operating system are examples of programs for which: 1) the number of residual bugs that can be tolerated is zero; 2) it is necessary to know, or at least have convincing objective evidence, that the number of bugs is indeed zero; and 3) the concern extends to bugs which would not arise under normal circumstances and which may be very difficult to find either by testing or by normal use.