drewp for 2005 February

[link] 2005-02-13T16:18:07 Why isn't everyone using automated tests?:

I've been trying http://docs.python.org/lib/module-unittest.html, http://docs.python.org/lib/module-doctest.html, and http://www.nedbatchelder.com/code/modules/coverage.html lately.

While there's plenty of discussion elsewhere about how automated testing helps program quality, it's not mentioned enough how personally rewarding automated tests are. There's a difference between playing with your program to see if the new feature appears to work and running a good set of tests to get a correct report about the quality of your program. You'll feel better after seeing the automated report.

Also, the automated tests free your brain from dealing with memorizing the steps to reproduce and remembering past outcomes to diff with the current outcome. Manual testing is really slow and mentally taxing compared to running automated tests. Writing the automated tests might be slow and taxing, but at least that work is saved forever. Needless to say, you'll write a test far fewer times than you'll get benefits from running it.

Another advantage I'm not hearing often enough is that tests distributed with code make it easier for other programmers to work on the code. Perhaps you've played with bad open-source code and decided that you should write yours more clearly. Test cases also help other people understand your code, and they help other people work on your code without breaking it.

So, with all these advantages, why isn't everyone using automated testing? Why wasn't I, until a few very recent projects? Here are some choices:

• it's not worthwhile- even when you're pretty good at writing tests, it still takes longer than skipping them, and the lost time is not gained back in the end

• it takes a little while to get the hang of writing tests productively

I suspect the latter, and I've tried to devise an experiment that might help choose between those two possibilities (there may be others, of course).

Think about programs you've worked on that were run by other people (i.e. the code was distributed or handed-off). Consider the first project on which you chose to use automated testing. Is there a later project on which you chose not to use automated testing? If so, please comment and say why you decided not to use tests after you presumably had some experience with them.

[link] (1) 2005-02-15T23:22:26 Expression evaluator:

People are using Python's eval() to operate on very very simple things. Examples from #python IRC:

<Peaker> I never used eval except for simple arithmetic stuff and
then I'd prefer to use something specific for that

<PenguinOfDoom> I have a file with several adjacent C strings. How do
I get Python to grab this as one big string without writing my own
parser?
[...]
<PenguinOfDoom> "\x53\x93\x23" "\x95\x01\x59\xf4"
<PenguinOfDoom> I used eval on text read from the file :)
<PenguinOfDoom> I like eval.

<daaavid@efnet> is there a way to turn a str() representation of a
list back into the list?

<troy> exarkun: the string (containing a tuple) is coming in via a
socket -- I need to know the contents of the tuple...

<boomah> can anybody point me to a simple libary, that i can use to
calculate mathematical expressions from a string...
<Erwin> safely?
<boomah> yeah

<nyc-gangster> when i do eval() on long string it, it says stack
overflow.  is there anyway to increase that stack?
[...]
<nyc-gangster> [(0, 'FF', 4, 'GM', 1, 'SZ', 19), (1, 'B', 'aa'), (2,
'W', 'bb'), [(3, 'B', 'cc'

<mac_> is there a reverse of repr()?  i.e., to convert that
representation easily back to a python object/tuple/etc...
<mac_> is it just eval()?

<TTimo> how can I use a python file to store configuration
information? like a .cfg, but written in python?
<TTimo> with shell scripts, I use source .. is there an equivalent ?
<Aether> TTimo: you could just "import" the file

(hackeron pastes some code)
<drewp> hackeron: seeing as you accept only factors consisting of
"var" or "var > number" (or ==, <, etc); i think you should dump the
eval

What we need is a different evaluator that processes tiny subsets of python. This is not rexec-- this is an impoverished parser that can barely execute math and assignments, and its abilities should be easily configurable.

This evaluator is not Just Another Math Expression Evaluator. Think about the features of eval (and exec) that programmers like:

• assignments

• string and number literals

• list/tuple/dict displays

• line-wrap backslashes, etc.

• comments

Some demos:

e1 = ImpoverishedExec(arith=True,math_module=True)
e1.eval("sin(2.5)*3")
e1.eval("sin(2.5)*__import__('os').system('format disk')") # FAIL

e2 = ImpoverishedExec(math=True,assign=True,strings=True,composite_types=True)
e2.eval("log_file_location = '/tmp/app.log'")
e2.eval("allowed_users = ['drewp','kelsi'] # not 'dmcc', he's a crax0r")
e2.eval("import os; os.system('cat /dev/zero | nc victim 80')") # FAIL
print e2.vars.log_file_location

http://www.berningeronline.net/projects.php#ConstructParser has some of these features. I'm sure math evaluators are everywhere. What I haven't seen is a lib with all these abilities, such that we could all use it in many places, and it would become the library to reach for whenever you have an eval-ish requirement.

Unless otherwise noted, all content licensed by Drew Perttula under a Creative Commons License.