Every now and then, I see someone say they’ve stopped caring about coverage metrics or that “50% coverage is good enough” (or other arbitrary number).
But I think a major point is being missed.
Coverage isn’t just a number. It’s a way to understand how much of your software’s behavior you actually know.
If your coverage is 50%, it doesn’t mean your tests are “half decent”. It means that half of your code has never been executed while testing: its logic and behavior are unknown. And if we take that idea one step further, in safety-critical applications, that’s unacceptable.
This is where Modified Condition / Decision Coverage (MC/DC) comes in. It ensures that every individual condition within a decision can independently affect the outcome. It’s not just about hitting lines or branches, it’s about proving that each logical factor has influence and is verified on its own. Whenever you stack conditions, combine flags or write complex if statements, you’re dealing with logic that can hide high-impact bugs.
Code coverage itself includes several levels of criteria, while statement coverage and MC/DC (together with brute force) are on the opposite sides of the scale. In between, each level gives you a different depth of assurance:
1. Statement Coverage: ensures every line of code executes at least once. Good for catching dead code, but blind to logic paths.
2. Decision (or Branch) Coverage: checks that every branch (if, else, switch) is taken both true and false. Reveals untested decision outcomes, but still misses compound logic.
3. Condition Coverage: verifies that each Boolean condition inside a decision is evaluated both true and false. Tests the individual pieces, but not their combinations.
4. Decision/Condition Coverage: merges both: every decision outcome and each individual condition must be tested true and false. Better visibility, but doesn’t guarantee that each condition’s influence is isolated.
5. Modified Condition / Decision Coverage (MC/DC): goes one step further by requiring proof that each condition can independently change the decision’s outcome. This is the level demanded, for example, in avionics and other critical systems because it provides meaningful assurance of logical completeness.
You can see a full article that walks through different coverage methods, practical examples, why MC/DC is needed and how it ties into requirements coverage here:
MC/DC and the Logic of Safer Software
Top comments (0)