Prefer Complete over Partial Verification

Many highly encapsulated systems hide internal state that they prefer not to let their client code manipulate. If such state is transient or implementation specific, that is probably the right decision. Sometimes developers hide these attributes as a matter of security instead. Security creates a compelling reason to hide, but should it be done at the expense of verification of relevant consequences? Getter-only access and cloned returns are two ways to provide visibility without weakening many security motivations, allowing more complete verification.

Another common category of incomplete verification is the use of substrings, collection membership, and other subsetting techniques to verify results. Containment is a relatively weak form of verification. Techniques for complete verification provide for much stronger tests. We will discuss these techniques in later chapters.