Re: Revisiting: RE: Certifiable code

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Wed Sep 01 2004 - 12:41:57 CDT

On Sep 1, 2004, at 12:48 PM, Karl Auerbach wrote:
> My question kinda got tangential answers. So let me try again with
> more pure question:
> Can we write code in Python that not only passes regulatory
> certification but also could pass a more rigerous level (a level that
> would give most of us here reasonable, although not absolute,
> confidence in the code) of certification?

A very similar question came up some months ago on this list. Then as
now, I argued that Python is indeed very suitable to meet relatively
rigorous code standards.

 From what I can tell of the FEC rules, there's no reason why Python
should be excluded. It is certainly:

> ...a high level programming language, such as: Pascal, Visual Basic,
> Java, C and C++.

Albeit, a better one than any of those. Some people get fixated on
static typing, but I find that a complete canard. Python, in fact, has
much better type-safety than VB, Java, or C/C++. It's just dynamically
typed, but still strongly typed. And you sure don't get buffer
overruns in Python (albeit, you -can- blow the recursion stack... but
that just crashes, it can't run malicious code).

It's certainly true that we should enforce some coding standards in any
elections code. Many of the arcana of extreme dynamism should be
prohibited from our standards. Metaclasses and operator overloading
can be dangerous. And so on. But specifying things not to do in
coding standards is NOT particularly difficult, nor is checking for
compliance. The closest are demo code comes to "magic" is probably in
my custom EBI-to-REBI comparison; I think my approach is elegant, but
I'd be happy to move the same comparison to a plain old (non-magic)
function 'compareEBIs()' instead of overloading the '==' operator.

The key, in my mind, is rigorous and extensive unit tests. I'm not
sure that pre- and post-assertions are necessary, though I'm not
necessarily opposed to judicious use of them. But you really can't
assert *everything* you want to unit test--so we're better off relying
on high-quality regression suites, particularly unit tests of
individual functions, for the bulk of behavioral guarantees.

Lucky for us, Python comes standard with quite nice modules 'unittest'
and 'doctest'. And even luckier, I have myself written wonderfully
clear articles on their usage :-).
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Thu Sep 30 23:17:01 2004

This archive was generated by hypermail 2.1.8 : Thu Sep 30 2004 - 23:17:11 CDT