Static Testing Programs
- Building and Managing an IT Security Operations Program
- [451 Report] Securing open source: Software composition analysis comes into its own
- The State of Cyber Security Incident Response
- Online Malware & Threats: A Profile of Today's Security Posture
- Thinking Like a Cyber Attacker: Strategies for Defense
- Automating Cybersecurity Functions in Your Enterprise
assert macro is useless in production code. In fact, in addition to being valuable for internal documentation, its main purpose is to be evaluated in a testing run. In the same logic, Loki and Boost static assertions are most useful while evaluated in a testing compilation.
But what is a testing compilation? It is a test consisting in compiling a test program written for the sole purpose of determining if the compilation is successful or not.
Let's call such a program, whose syntactic correctness is to be checked, a "static testing program." Furthermore, let's call a traditional program, surely syntactically correct, whose runtime correctness is to be checked, a "dynamic testing program."
A dynamic testing program contains a series of dynamic tests, each one of them declaring the result expected from the evaluation of an expression while running the program. Analogously, a static testing program contains a series of tests, each one of them declaring the result expected from the compilation of an expression; that is, whether the expression is syntactically correct (legal) or incorrect (illegal).
The static testing consists in trying to compile each test and observe if any compilation error is output.
A test is considered failed, meaning that an error in the library (or in the test) has been detected, if a code snippet declared as legal generates some compilation errors, or if a code snippet declared as illegal doesn't generate any compilation errors.
Conversely, a test is considered successful, meaning that the behavior has been the expected one, if a code snippet declared as legal doesn't generate any compilation errors, or if a code snippet declared as illegal does generate some compilation errors.
For exception-specification testing, it is possible to specify that a certain operation should cause the raising of a specific exception. Instead, it is not feasible to specify that the compilation of a certain statement should cause a specific compilation error, as compilation errors are not standardized, and vary even with the versions of the same compiler. Therefore, we will be satisfied in distinguishing between legal code and illegal code.