Examining the Code [Reading assignment: Chapter 6, pp. 91-104]

Slides:

Advertisements

Similar presentations

Intermediate Code Generation

Advertisements

Programming Languages and Paradigms The C Programming Language.

Chapter 8 High-Level Programming Languages. 8-2 Chapter Goals Describe the translation process and distinguish between assembly, compilation, interpretation,

Programming Logic and Design Sixth Edition

Elementary Data Types Prof. Alamdeep Singh. Scalar Data Types Scalar data types represent a single object, i.e. only one value can be derived. In general,

Chapter 10 Introduction to Arrays

JavaScript Part for Repetition Statement for statement Cpecifies each of the items needed for counter-controlled repetition with a control variable.

Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.

Chapter 4 Control Structures I. Objectives ► Examine relational and logical operators ► Explore how to form and evaluate logical (Boolean) expressions.

VBA Modules, Functions, Variables, and Constants

1 Chapter 4 Language Fundamentals. 2 Identifiers Program parts such as packages, classes, and class members have names, which are formally known as identifiers.

 2006 Pearson Education, Inc. All rights reserved Control Statements: Part 2.

Introduction to Computers and Programming Lecture 15: Arrays Professor: Evan Korth New York University.

Program Design and Development

Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Java Software Solutions Foundations of Program Design Sixth Edition by Lewis.

Elementary Data Types Scalar Data Types Numerical Data Types Other

Testing an individual module

1 Type Type system for a programming language = –set of types AND – rules that specify how a typed program is allowed to behave Why? –to generate better.

Chapter 2 Data Types, Declarations, and Displays

An Object-Oriented Approach to Programming Logic and Design Chapter 7 Arrays.

Guide To UNIX Using Linux Third Edition

VB .NET Programming Fundamentals

Chapter 24 - Quality Management Lecture 1 1Chapter 24 Quality management.

CSCI 5801: Software Engineering

Chapter 6Java: an Introduction to Computer Science & Programming - Walter Savitch 1 l Array Basics l Arrays in Classes and Methods l Programming with Arrays.

Introduction to Java Appendix A. Appendix A: Introduction to Java2 Chapter Objectives To understand the essentials of object-oriented programming in Java.

Project Quality Management

C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 13: Pointers, Classes, Virtual Functions, and Abstract Classes.

C++ Programming: From Problem Analysis to Program Design, Fourth Edition Chapter 14: Pointers, Classes, Virtual Functions, and Abstract Classes.

Modular Programming Chapter Value and Reference Parameters t Function declaration: void computesumave(float num1, float num2, float& sum, float&

Imperative Programming

The Data Element. 2 Data type: A description of the set of values and the basic set of operations that can be applied to values of the type. Strong typing:

CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.

Operator Precedence First the contents of all parentheses are evaluated beginning with the innermost set of parenthesis. Second all multiplications, divisions,

 2006 Pearson Education, Inc. All rights reserved Arrays.

CSC3315 (Spring 2009)1 CSC 3315 Programming Languages Hamid Harroud School of Science and Engineering, Akhawayn University

C++ for Engineers and Scientists Second Edition Chapter 6 Modularity Using Functions.

DEPARTMENT OF COMPUTER SCIENCE & TECHNOLOGY FACULTY OF SCIENCE & TECHNOLOGY UNIVERSITY OF UWA WELLASSA 1 CST 221 OBJECT ORIENTED PROGRAMMING(OOP) ( 2 CREDITS.

ISBN Chapter 7 Expressions and Assignment Statements.

CPS120: Introduction to Computer Science

Chapter 8 High-Level Programming Languages. 8-2 Chapter Goals Describe the translation process and distinguish between assembly, compilation, interpretation,

Hello.java Program Output 1 public class Hello { 2 public static void main( String [] args ) 3 { 4 System.out.println( “Hello!" ); 5 } // end method main.

Flow of Control Part 1: Selection

Object-Oriented Program Development Using Java: A Class-Centered Approach, Enhanced Edition.

Chapter 12: Pointers, Classes, Virtual Functions, and Abstract Classes.

Chapter 15 Introduction to PL/SQL. Chapter Objectives  Explain the benefits of using PL/SQL blocks versus several SQL statements  Identify the sections.

©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. Selection Statements Selection Switch Conditional.

Chapter 3 Functions, Events, and Control Structures JavaScript, Third Edition.

Chapter 7 Selection Dept of Computer Engineering Khon Kaen University.

Chapter 3 Syntax, Errors, and Debugging Fundamentals of Java.

Programming Logic and Design Fourth Edition, Comprehensive Chapter 8 Arrays.

8-1 Compilers Compiler A program that translates a high-level language program into machine code High-level languages provide a richer set of instructions.

Sections © Copyright by Pearson Education, Inc. All Rights Reserved.

CSI 3125, Preliminaries, page 1 Data Type, Variables.

CPS120: Introduction to Computer Science Variables and Constants.

Variables and Expressions Programming Right from the Start with Visual Basic.NET 1/e 7.

 2006 Pearson Education, Inc. All rights reserved Control Statements: Part 2.

Programming Logic and Design Fifth Edition, Comprehensive Chapter 6 Arrays.

4 - Conditional Control Structures CHAPTER 4. Introduction A Program is usually not limited to a linear sequence of instructions. In real life, a programme.

SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.

Data Structures & Algorithms CHAPTER 2 Arrays Ms. Manal Al-Asmari.

Unit 2 Technology Systems

Information and Computer Sciences University of Hawaii, Manoa

The Machine Model Memory

The System.exit() Method

Programming Logic and Design Fifth Edition, Comprehensive

Programming Languages and Paradigms

Testing & Security Dr. X.

Controlling Program Flow

Presentation transcript:

Examining the Code [Reading assignment: Chapter 6, pp ]

Static white-box testing Static white-box testing is the process of carefully and methodically reviewing the software design, architecture, or code for bugs without executing it. Unfortunately, static white-box testing is rarely done in practice (unlike dynamic black-box testing).

A formal code review is the process under which static white-box testing is performed. –Can be a simple one-on-one meeting or a detailed rigorous code inspection. –May be organized by the programming or the testing team. Formal code reviews

Essential elements of a formal code review Identify problems: –Find problems with the software such as missing items, mistakes, etc. Follow rules: –Amount of code to be reviewed, how much time will be spent, etc. Prepare: –Each participant should prepare in order to contribute to the review. Write a report: –Summarize the results of the review, make report available to the development team.

Informal code inspections Peer reviews: –An informal small group of programmers and/or testers act as reviewers. –Participants should follow the 4 essential elements even through the review is informal. Walkthroughs: –A more formal process in which the author of the code formally presents the code to a small group of programmers and/or testers. –The author reads the code line by line explaining what it does, reviewers listen and ask questions. –Participants should follow the 4 essential elements.

Formal code inspections Code presenter is not the author of the code. The other participants are the inspectors. There is a moderator to assure that the rules are followed and the meeting runs smoothly. After the inspection a report is composed. The programmer then makes changes and a re-inspection occurs, if necessary. Formal code inspections are effective at finding bugs in code and designs and are gaining in popularity.

Code review checklist: Data reference errors Is an un-initialized variable referenced? Are array subscripts integer values and are they within the array’s bounds? Are there off-by-one errors in indexing operations or references to arrays? Is a variable used where a constant would work better? Is a variable assigned a value that’s of a different type than the variable? Is memory allocated for referenced pointers? Are data structures that are referenced in different functions defined identically?

Code review checklist: Data declaration errors Are the variables assigned he correct length, type, storage class? –E.g. should a variable be declared a string instead of an array of characters? If a variable is initialized at its declaration, is it properly initialized and consistent with its type? Are there any variable with similar names? Are there any variables declared that are never referenced or just referenced once (should be a constant)? Are all variables explicitly declared within a specific module?

Discussion Why is limiting the scope of a variable a good thing for testing? What do you do when you want to share data among many modules of your code? What is your opinion of the programming language feature ‘declaration upon use’?

Code review checklist: Computation errors Do any calculations that use variables have different data types? –E.g., add a floating-point number to an integer Do any calculations that use variables have the same data type but are different size? –E.g., add a long integer to a short integer Are the compiler’s conversion rules for variables of inconsistent type or size understood? Is overflow or underflow in the middle of a numeric calculation possible? Is it ever possible for a divisor/modulus to be 0? Can a variable’s value go outside its meaningful range? –E.g., can a probability be less than 0% or greater than 100%? Are parentheses needed to clarify operator presence rules?

Code review checklist: Comparison errors Are the comparisons correct? –E.g., < instead of <= Are there comparisons between floating-point values? –E.g., is close enough to to be equal? Are the operands of a Boolean operator Boolean? –E.g., in C 0 is false and non-0 is true

Code review checklist: Control flow errors Do the loops terminate? If not, is that by design? Does every switch statement have a default clause? Are there switch statements nested in loops? –E.g., careful because break statements in switch statements will not exit the loop … but break statements not in switch statements will exit the loop. Is it possible that a loop never executes? If it acceptable if it doesn’t? Does the compiler support short-circuiting in expression evaluation?

Code review checklist: Subroutine parameter errors If constants are passed to the subroutine as arguments are they accidentally changed in the subroutine? Do the units of each parameter match the units of each corresponding argument? –E.g., English versus metric –This is especially pertinent for SOA components Do the types and sizes of the parameters received by a subroutine match those sent by the calling code?

Code review checklist: Input/Output errors If the file or peripheral is not ready, is that error condition handled? Does the software handle the situation of the external device being disconnected? Have all error messages been checked for correctness, appropriateness, grammar, and spelling? Are all exceptions handled by some part of the code? Does the software adhere to the specified format of the date being read from or written to the external device?

Code review checklist: Other checks Does your code pass the lint test? –E.g., How about gcc compiler warnings? Is your code portable to other OS platforms? Does the code handle ASCII and Unicode? How about internationalization issues? Does your code rely on deprecated APIs? Will your code port to architectures with different byte orderings? –E.g., little (increasing numeric significance with increasing memory addresses) versus big (the opposite of little) endian?

Discussion … If you had to make a choice whether to use dynamic black-box testing or static white-box testing, which would you choose and why? A common security vulnerability is buffer overflow. What testing strategy would best mitigate this category of vulnerability? Do programmers have a unique style? What would you look for if you were interested in software forensics analysis for code authorship identification?

You now know … … static white-box testing … code reviews … informal code inspections … formal code inspections … code review checklists