David Cummings has written an article for the Los Angeles Times about his experiences with testing on the Mars Pathfinder project, and how that might relate to Toyota’s recent problems:

If Toyota has indeed tested its software as thoroughly as it says without finding any bugs, my response is simple: Keep trying. Find new ways to instrument the software, and come up with more creative tests. The odds are that there are still bugs in the code, which may or may not be related to unintended acceleration. Until these bugs are identified, how can you be certain they are not related to sudden acceleration?

This brings us back, as ever, to the question of “when do you stop testing?”.  How do you answer that question when safety is involved?  At some point, you have to ship your product.  With software, we are often afforded the luxury of updating it afterwards, but it isn’t always possible (problems with installation programs usually fit into this category, as do many embedded systems).  We can never prove the absence of errors.

Here’s a fun take on unit testing achievements (in the XBox 360 sense of the word “achievement”): http://exogen.github.com/nose-achievements/