[ros-users] [Discourse.ros.org] [Quality Assurance] Input validation as a metric for quality

[tyagikunal]

I feel that a package with the correct checks on input and output would increase the robustness of any system it's used in. I really like knowing that none of my nodes can seg fault or show undefined behavior, no matter what you throw at them. This is hard and time consuming. In order to incentivize such practices in the community, we need to reward the packages which aspire for a higher standard for stability as well as inform the wider community about them.

The `Build: Passing` tag in the README of a repository gives me a little more confidence in a foreign codebase. A `Coverage: 90%` tag increases my confidence but a `Coverage: 30%` doesn't. A well-documented README (or similar file) ensures me that the developer wants other to use the package and has documented it's correct usage and failings. These anecdotal feelings without any fact make me think that a score for robustness is reasonable. 

Robustness is an abstract concept, but is influenced by a lot of factors. Resilience to random inputs (fuzzing) is one of them. Lack of seg-faults is another. There are a variety of factors, each with a different weight to a different segment of user. First step in increasing robustness is always ensuring you only accept the correct input and deliver the correct output. As a result, the first step towards a badge of robustness would be to have a badge related to Input and Output validation. It can be a simple **Uses contracts: Yes/No** sticker or a **Seg-faults: Yes/No** sticker or something a more complicated than that (if that's possible).





---
[Visit Topic](https://discourse.ros.org/t/input-validation-as-a-metric-for-quality/3732/9) or reply to this email to respond.