Sorry, that's a common misconception but it's not true.
A program can work most of the time (be reliable), be extensively tested,
and yet be unsafe:
-
Reliability does not imply safety.
For example, if there were only a one in a million chance per hour that
a program would do the wrong thing, but that wrong thing would kill
a million people, most would agree that the software is "unsafe".
It is notoriously difficult to quantify the probability of a piece of
software doing the wrong thing, since such quantification usually leaves
out important possibilities, so even when someone says "only one in a million"
the actual probabilities are usually much greater.
-
"Extensive testing" is always an illusion -
it's impossible to test most real programs for all possible circumstances,
so testing only handles a very small subset of the actual situations the program
will encounter.
Trivial programs that have only ten 16-bit integers have 2^160 different
possible states; such a trivial program couldn't be totally
tested in the lifetime of the universe.
You
may go back to the question
You may also:
David A. Wheeler (dwheeler@dwheeler.com)
The master copy of this file is at
"http://www.adahome.com/Tutorials/Lovelace/s17s4r1.htm".
Skip to the next section.
Go up to the outline of lesson 17