What are false positives in programming?

Asked

Viewed 415 times

12

Now and then I see this term related to programming and, in order to understand it better, I went to Google but only found issues related to health and computer antivirus.

In programming I have a very superficial notion about the subject, which is where a code returns an X result (when it should return Y) making the programmer think that the code is working as expected or as it stifle that should.

The example below would be a case of false positive, or just inexperience?

$("button").click(function(){
   var usuario = $("input").val();
   if(usuario){
      console.log("Usuário válido");
   }else{
      console.log("Usuário não pode ser vazio");
   }
});
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
Digite um nome de usuário e clique OK:
<br>
<input name="usuario">
<br>
<button>OK</button>

In the above case, an empty username is not allowed, but if it is typed only SPACE (spaces) the name is accepted as valid, because space is also a character like any other. But I believe that no programmer wants an "invisible" username only with spaces.

Finally, what would be the technical definition of false-positive in the framework of programming and what are its main causes?

  • A condition that has been wrongly assessed and, on account of that, issued an improper warning.

  • I’ve never heard the term used in programming, beyond antivirus software or medicine. To me, a false positive is to get a false result, wrong, I don’t need it. A machine in theory will never give a false positive of its code, which sometimes happens is bugs and bad implementations of frameworks. For example PHP in several versions contained portions of code that generated "unexpected" results. This could be a candidate for false positives. Your example, in my opinion, would be a lack of knowledge of how javascript works.

  • 1

    In the example of the blank name you used is a false negative.

  • I usually use "false positive" informally (and knowing that I may not be technically correct) in situations where an invalid condition (is a username that should not be accepted, or any other data that should not be passed) is considered valid. But deep down, it’s all wrong, either programming (wrong logic), or requirement (someone didn’t think of all cases).

  • 1

    The term is used in static code analysis. To identify errors/warnings, linters depend on the context provided by the source files they navigate through. When this context is incomplete they may erroneously conclude that there is an error/Warning where none actually exists. These are called false-positives.

  • Can apply to Data Mining for example , a model is generated , say predicting if a customer will be defaulting , there will be cases that the model will predict the default of payment and the customer pays (false negative) and the contrary provides for payment and the customer does not pay (false positive) , if the rate is too high the model is not very adherent to reality. It does not cost to remember that as nothing is 100% certain it is acceptable in general these rates at certain levels.

Show 1 more comment

1 answer

12

In fact, as far as I know, it doesn’t have a specific definition for the term in computing, the term is used in science itself, and we don’t stop doing some kind of science. Probably not inventing new things, but applying the science already invented, what we call more engineering.

Because I am not an expert in science and I do not have mastery of the use of the term I do not know if the cited example can be characterized as false positive, for me it is a mistake, but I will not guarantee. I think it is a mistake because the requirement is to determine the invalidity of the data if it does not contain any useful information, having a space is useless information in most cases and seems to be useless in this case. So either it’s a misplaced requirement or it’s an implementation that doesn’t consider the requirement correctly.

False positive is a characteristic of statistics, specifically the part that deals with inferences. It occurs when it is possible to misdetect a problem. If you misrepresent the false positive as wrong then it becomes an error. The same goes for the false negative. It only remains a false result when it is an acceptable position at some level of analysis. I don’t think it’s possible to use the term if we’re not making one statistical inference.

In the Soen there is a question on the subject with a context and this seems valid for the term. There is possible a Warning of the compiler being mistaken. And for that very reason he is a Warning and not a mistake. Usually that is not desirable, but it is acceptable, so the compiler does his best to give you correct information, but it is known that he cannot always get it right, so he sends out an alert with a probability of being wrong.

The same occurs with detection of spam and countless other domains that depend on statistics, including all artificial intelligence. So we use this more in third-party domains that we’re working on than in our domain, unless we’re doing something for our domain, which is the case of compiler.

We usually adopt this possibility when having a false positive generates more benefit than having zero reliable information. The alternative to eliminating the false positive is to consider everything negative. When we work with statistics and not math accurate everything can be false negative or false positive, may even be accurate, and some problems it is possible to tell whether it is accurate or not.

Has a data structure used in indexes called Bloom filter that you can guarantee if a key is not in a database, but cannot guarantee that it is. There’s something around, I don’t know, 95% to 99.9% chance of being right, so in cases he can’t guarantee you have to do another search with another less efficient method. As most of the cases he hits and ensures this, the gain can be huge since few searches require the second algorithm. And it takes up very little space.

For all this I call the cited problem a flaw in software development. With more information I could be more specific and who knows call programming error.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.