Examining the Code. [Reading assignment: Chapter 6, pp ]

Similar documents
EXAMINING THE CODE. 1. Examining the Design and Code 2. Formal Review: 3. Coding Standards and Guidelines: 4. Generic Code Review Checklist:

C-LANGUAGE CURRICULAM

CS314 Software Engineering Peer Reviews

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Program Correctness and Efficiency. Chapter 2

CS164: Programming Assignment 5 Decaf Semantic Analysis and Code Generation

Lexical Considerations

Part 5. Verification and Validation

Weiss Chapter 1 terminology (parenthesized numbers are page numbers)

Control Flow. COMS W1007 Introduction to Computer Science. Christopher Conway 3 June 2003

ΗΜΥ 317 Τεχνολογία Υπολογισμού

Chapter 9 Quality and Change Management

Computer Programming C++ (wg) CCOs

Pearson Education 2007 Chapter 9 (RASD 3/e)

Programmer s Points to Remember:

1 Lexical Considerations

Examples of Code Roaches. First Draft List Cem Kaner September 11, 2005

Verification and Validation

Software Testing. Software Testing

Topics in Software Testing

[IT6004-SOFTWARE TESTING] UNIT 2

Exercise: Using Numbers

Lexical Considerations

CSI33 Data Structures

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

Static Analysis in C/C++ code with Polyspace

Java Language Basics: Introduction To Java, Basic Features, Java Virtual Machine Concepts, Primitive Data Type And Variables, Java Operators,

Features of C. Portable Procedural / Modular Structured Language Statically typed Middle level language

5. Control Statements

Review of the C Programming Language for Principles of Operating Systems

IECD Institute for Entrepreneurship and Career Development Bharathidasan University, Tiruchirappalli 23.

Data Types, Variables and Arrays. OOC 4 th Sem, B Div Prof. Mouna M. Naravani

Language Basics. /* The NUMBER GAME - User tries to guess a number between 1 and 10 */ /* Generate a random number between 1 and 10 */

Verification and Validation

Chapter 2 Basic Elements of C++

CS Programming In C

CSCI 2010 Principles of Computer Science. Data and Expressions 08/09/2013 CSCI

The ACK Modula-2 Compiler

Important From Last Time

When Brunel s ship the SS Great Britain was launched into the River Thames, it made such a splash that several spectators on the opposite bank were

The PCAT Programming Language Reference Manual

Finding Firmware Defects Class T-18 Sean M. Beatty

18-642: Code Style for Compilers

Practical C++ Programming

Review of the C Programming Language

MC: Meta-level Compilation

C Programming. Course Outline. C Programming. Code: MBD101. Duration: 10 Hours. Prerequisites:

Switching to AQA from OCR

Variables, Constants, and Data Types

The Procedure Abstraction Part I Basics

Objectives. Chapter 4: Control Structures I (Selection) Objectives (cont d.) Control Structures. Control Structures (cont d.) Relational Operators

19 Much that I bound, I could not free; Much that I freed returned to me. Lee Wilson Dodd

Verification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process

Reference Grammar Meta-notation: hfooi means foo is a nonterminal. foo (in bold font) means that foo is a terminal i.e., a token or a part of a token.

Switching to AQA from Edexcel

Motivation was to facilitate development of systems software, especially OS development.

CS313D: ADVANCED PROGRAMMING LANGUAGE

UNIT-4 (COMPILER DESIGN)

Chapter 2: Functions and Control Structures

Hacking in C. Pointers. Radboud University, Nijmegen, The Netherlands. Spring 2019

Review Chapters 1 to 4. Instructor: Scott Kristjanson CMPT 125/125 SFU Burnaby, Fall 2013

MISRA-C. Subset of the C language for critical systems

Static and dynamic Testing

Using Static Code Analysis to Find Bugs Before They Become Failures

Verification Using Static Analysis

Binary representation and data

Checklist for Requirements Specification Reviews

Outline. software testing: search bugs black-box and white-box testing static and dynamic testing

National 5 Computing Science Software Design & Development

Chapter 4: Control Structures I (Selection) Objectives. Objectives (cont d.) Control Structures. Control Structures (cont d.

ECE 122 Engineering Problem Solving with Java

The Procedure Abstraction Part I: Basics

Verification & Validation of Open Source

CODE TIME TECHNOLOGIES. Abassi RTOS MISRA-C:2004. Compliance Report

Learning outcomes. Systems Engineering. Debugging Process. Debugging Process. Review

Language Reference Manual simplicity

Ingegneria del Software II academic year: Course Web-site: [

Input And Output of C++

Page 1. Stuff. Last Time. Today. Safety-Critical Systems MISRA-C. Terminology. Interrupts Inline assembly Intrinsics

CS 424 Software Quality Assurance & Testing LECTURE 3 BASIC CONCEPTS OF SOFTWARE TESTING - I

Motivation was to facilitate development of systems software, especially OS development.

Programming Languages Third Edition. Chapter 7 Basic Semantics

1. Describe History of C++? 2. What is Dev. C++? 3. Why Use Dev. C++ instead of C++ DOS IDE?

Program Elements -- Introduction

Exam 1 Prep. Dr. Demetrios Glinos University of Central Florida. COP3330 Object Oriented Programming

Pearson Education 2005 Chapter 9 (Maciaszek - RASD 2/e) 2

Introduction to C++ Introduction. Structure of a C++ Program. Structure of a C++ Program. C++ widely-used general-purpose programming language

CS 4240: Compilers and Interpreters Project Phase 1: Scanner and Parser Due Date: October 4 th 2015 (11:59 pm) (via T-square)

Type Checking. Chapter 6, Section 6.3, 6.5

The SPL Programming Language Reference Manual

Darshan Institute of Engineering & Technology for Diploma Studies

Sample Exam. Certified Tester Foundation Level

C Language Part 1 Digital Computer Concept and Practice Copyright 2012 by Jaejin Lee

Language Fundamentals

Introduction to C++ with content from

Software Testing Interview Question and Answer

Short Notes of CS201

Fortran Coding Standards and Style

Data and Expressions. Outline. Data and Expressions 12/18/2010. Let's explore some other fundamental programming concepts. Chapter 2 focuses on:

Transcription:

Examining the Code [Reading assignment: Chapter 6, pp. 91-104]

Static white-box testing Static white-box testing is the process of carefully and methodically reviewing the software design, architecture, or code for bugs without executing it. Unfortunately, static white-box testing is rarely done in practice (unlike dynamic black-box testing).

Formal code reviews A formal code review is the process under which static white-box testing is performed. Can be a simple one-on-one meeting or a detailed rigorous code inspection. May be organized by the programming or the testing team.

Essential elements of a formal code review Identify problems: Find problems with the software such as missing items, mistakes, etc. Follow rules: Amount of code to be reviewed, how much time will be spent, etc. Prepare: Each participant should prepare in order to contribute to the review. Write a report: Summarize the results of the review, make report available to the development team.

Informal code inspections Peer reviews: An informal small group of programmers and/or testers act as reviewers. Participants should follow the 4 essential elements even through the review is informal. Walkthroughs: A more formal process in which the author of the code formally presents the code to a small group of programmers and/or testers. The author reads the code line by line explaining what it does, reviewers listen and ask questions. Participants should follow the 4 essential elements.

Formal code inspections Code presenter is not the author of the code. The other participants are the inspectors. There is a moderator to assure that the rules are followed and the meeting runs smoothly. After the inspection a report is composed. The programmer then makes changes and a re-inspection occurs, if necessary. Formal code inspections are effective at finding bugs in code and designs and are gaining in popularity.

Code review checklist: Data reference errors Is an un-initialized variable referenced? Are array subscripts integer values and are they within the array s bounds? Are there off-by-one errors in indexing operations or references to arrays? Is a variable used where a constant would work better? Is a variable assigned a value that s of a different type than the variable? Is memory allocated for referenced pointers? Are data structures that are referenced in different functions defined identically?

Code review checklist: Data declaration errors Are the variables assigned he correct length, type, storage class? E.g. should a variable be declared a string instead of an array of characters? If a variable is initialized at its declaration, is it properly initialized and consistent with its type? Are there any variable with similar names? Are there any variables declared that are never referenced or just referenced once (should be a constant)? Are all variables explicitly declared within a specific module?

Discussion Why is limiting the scope of a variable a good thing for testing? What do you do when you want to share data among many modules of your code? What is your opinion of the programming language feature declaration upon use?

Code review checklist: Computation errors Do any calculations that use variables have different data types? E.g., add a floating-point number to an integer Do any calculations that use variables have the same data type but are different size? E.g., add a long integer to a short integer Are the compiler s conversion rules for variables of inconsistent type or size understood? Is overflow or underflow in the middle of a numeric calculation possible? Is it ever possible for a divisor/modulus to be 0? Can a variable s value go outside its meaningful range? E.g., can a probability be less than 0% or greater than 100%? Are parentheses needed to clarify operator presence rules?

Code review checklist: Comparison errors Are the comparisons correct? E.g., < instead of <= Are there comparisons between floating-point values? E.g., is 1.0000001 close enough to 1.0000002 to be equal? Are the operands of a Boolean operator Boolean? E.g., in C 0 is false and non-0 is true

Code review checklist: Control flow errors Do the loops terminate? If not, is that by design? Does every switch statement have a default clause? Are there switch statements nested in loops? E.g., careful because break statements in switch statements will not exit the loop but break statements not in switch statements will exit the loop. Is it possible that a loop never executes? If it acceptable if it doesn t? Does the compiler support short-circuiting in expression evaluation?

Code review checklist: Subroutine parameter errors If constants are passed to the subroutine as arguments are they accidentally changed in the subroutine? Do the units of each parameter match the units of each corresponding argument? E.g., English versus metric This is especially pertinent for SOA components Do the types and sizes of the parameters received by a subroutine match those sent by the calling code?

Code review checklist: Input/Output errors If the file or peripheral is not ready, is that error condition handled? Does the software handle the situation of the external device being disconnected? Have all error messages been checked for correctness, appropriateness, grammar, and spelling? Are all exceptions handled by some part of the code? Does the software adhere to the specified format of the date being read from or written to the external device?

Code review checklist: Other checks Does your code pass the lint test? E.g., How about gcc compiler warnings? Is your code portable to other OS platforms? Does the code handle ASCII and Unicode? How about internationalization issues? Does your code rely on deprecated APIs? Will your code port to architectures with different byte orderings? E.g., little (increasing numeric significance with increasing memory addresses) versus big (the opposite of little) endian?

Discussion If you had to make a choice whether to use dynamic black-box testing or static white-box testing, which would you choose and why? A common security vulnerability is buffer overflow. What testing strategy would best mitigate this category of vulnerability? Do programmers have a unique style? What would you look for if you were interested in software forensics analysis for code authorship identification?

You now know static white-box testing code reviews informal code inspections formal code inspections code review checklists

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback