100% code coverage is near-meaningless - but is there a good measure to use?
Is there some formal way(s) of quantifying potential flaws, or risk, and ensuring there's sufficient spread of tests to cover them? Perhaps using some kind of complexity measure? Or a risk assessment of some kind?
Experience tells me I need to be extra careful around certain things - user input, code generation, anything with a publicly exposed surface, third-party libraries/services, financial data, personal information (especially of minors), batch data manipulation/migration, and so on.
But is there any accepted means of formally measuring a system and ensuring that some level of test quality exists?
You are viewing a single comment
I think this is a good rule-of-thumb in general. But I think the best way to decide on the correct coverage is to go through uncovered code and make a conscious decision about it. In some classes it may be OK to have 30%, in others one wants to go all the way up to 100%. That's why I'm against having a coverage percentage as a build/deployment gate.
Bingo, exactly this. I said 80 because that's typically what I see our projects get to after writing actually useful tests. But if your coverage is 80% and it's all just tests verifying that a constant is still set to whatever value, then yeah, thats a useless metric.
God I fucking wish my projects were like this