������ �������� 1
��������������� ������������������ Validation Purpose is to uncover probl problems and increase confidence Combination of reasoning a ning and test Debugging Finding out why a program Finding out why a program gram is not functioning as intended gram is not functioning as intended Defensive programming Programming with validatio lidation and debugging in mind Testing ≠ debugging test: reveals existence tence of problem debug: pinpoint location+ ation+cause of problem 2
������� ������ ���������������� 3
������� �������� � Defect – mistake committed itted by a human Error – incorrect computation utation Failure – visible error: progr program violates its specification Debugging starts when a fail a failure is observed Unit testing Unit testing Integration testing In the field 4
�� ������� ������������ Make errors impossible 1. Java makes memory overwrite bugs bugs impossible Don’t introduce defects 2. Correctness: get things right the first he first time Make errors immediately visible 3. Local visibility of errors: best to fail Local visibility of errors: best to fail to fail immediately to fail immediately Example: checkRep() routine to che to check representation invariants Last resort is debugging 4. Needed when effect of bug is distant distant from cause Design experiments to gain informat formation about bug ! Fairly easy in a program with good good modularity, representation hiding, specs, unit tests etc. ! Much harder and more painstaking aking with a poor design, e.g., with rampant rep exposure 5
"������� ����#�$��� �$�������%����������� In the language Java makes memory overwrite b rite bugs impossible In the protocols/libraries/mod es/modules TCP/IP will guarantee that data i t data is not reordered BigInteger will guarantee that th BigInteger will guarantee that th that there will be no overflow that there will be no overflow In self7imposed conventions ntions Hierarchical locking makes dead s deadlock bugs impossible Banning the use of recursion wil on will make infinite recursion/insufficient stack bugs go away Immutable data structures will g will guarantee behavioral equality Caution: You must maintain the ain the discipline 6
��������� ���� ����#������������ Get things right the first time Don’t code before you think! Th nk! Think before you code. If you're making lots of easy7to to7find bugs, you're also making hard7 to7find bugs – don't use compile mpiler as crutch Especially true, when debugging ugging is going to be hard Concurrency Difficult test and instrument env Difficult test and instrument env nt environments nt environments Program must meet timing deadl deadlines Simplicity is key Modularity ! Divide program into chunks tha nks that are easy to understand ! Use abstract data types with we ith well7defined interfaces ! Use defensive programming; av ing; avoid rep exposure Specification ! Write specs for all modules, so les, so that an explicit, well7defined contract exists between each module and ule and its clients 7
&������� ����#���� �#�����������'�����%��� If we can't prevent bugs, we s, we can try to localize them to a small part of the program Assertions: catch bugs early s early, before failure has a chance to contaminate (and be obsc e obscured by) further computation Unit testing: when you test u test a module in isolation, you can be confident that any bug yo be confident that any bug yo bug you find is in that unit (unless bug you find is in that unit (unless it's in the test driver) Regression testing: run tests n tests as often as possible when changing code. If there is a re is a failure, chances are there's a mistake in the code you just ou just changed When localized to a single m gle method or small module, bugs can be found simply by study studying the program text 8
���� ����� ����� �����������'�����%��� Key difficulty of debugging i gging is to find the code fragment responsible for an observed p rved problem A method may return an err an erroneous result, but be itself error free, if there is prior co rior corruption of representation The earlier a problem is obse The earlier a problem is obse s observed, the easier it is to fix s observed, the easier it is to fix For example, frequently che tly checking the rep invariant helps the above problem General approach: fail7fast Check invariants, don't just 't just assume them Don't try to recover from bu om bugs – this just obscures them 9
(�)���������� ������������%�� Program Multiple passes Each operate on a complex IR ex IR Front End Lot of information passing Very complex Rep Invariant Intermediate Representation Code generation at the end Code generation at the end Optimization Bugs Compiler crashes ☺ Intermediate Representation Generated program is buggy � � Optimization Intermediate Representation ��� �� Code Generation Executable 10
���*������ *����������� ��������������������� �������������������� ��� ��� �� ����� �������� �� ��������� ����� �� � ���� � rches an array � for a value � . This code fragment searches Value is guaranteed to be in o be in the array. If that guarantee is broken ( oken (by a bug), the code throws an exception and dies. Temptation: make code more e more “robust” by not failing 11
���*������ *����������� ��������������������� �������������������� ��� ��� �� ����� �������������� �� ��������� ����� �� � ���� � Now at least the loop will alw ill always terminate teed that ������� But no longer guaranteed th If rest of code relies on this, n this, then problems arise later ���������������������������� ������������������������������������� �������������������������� ����������������������� 12
���*������ *����������� ��������������������� �������������������� ��� ��� �� ����� �������������� �� ��������� ����� �� � ���� � ��������������������� ��!�����"���� � Assertions let us document a ent and check invariants Abort program as soon as p n as problem is detected 13
$���������+ ������+���,� Insert checks galore with an ith an intelligent checking strategy Precondition checks Consistency checks Bug7specific checks Goal: stop the program as clo Goal: stop the program as clo as close to bug as possible as close to bug as possible Use debugger to see where here you are, explore program a bit 14
+���,����"���- �"���-������������ ������������������������ ���������������� ��� ��� �� ����� ����������� ����� �� ��������� �� ����� � ���� ���� � ����������������� ������ ��!�����"���� � Precondition violated? Get ? Get an assertion! 15
��)������� �� ���� ����������� ���������� ��#�$����������%�&���� ���$������'�����(��� ����������� ��� �������(��� ������ �������������%�)*��+� +���������,�������-��� �������������� �������������� �� ������ �� �� Assertion not checked until we use the use the data Fault occurs when bad index inserted erted into list May be a long distance between fault n fault activation and error detection 16
Recommend
More recommend
