robust programming
play

Robust Programming Style of programming that prevents abnormal - PowerPoint PPT Presentation

May 03, 2023 •391 likes •833 views

Robust Programming Style of programming that prevents abnormal termination and unexpected actions Code handles bad inputs reasonably Code assumes errors will occur and takes appropriate action Also called bomb-proof programming

  1. Robust Programming • Style of programming that prevents abnormal termination and unexpected actions – Code handles bad inputs reasonably – Code assumes errors will occur and takes appropriate action – Also called bomb-proof programming April 5, 2005 ECS 153 Spring Quarter 2005 Slide #1

  2. Principles • Paranoia – Don’t trust anything you don’t generate • Stupidity – Assume caller or user will make mistakes calling or using the routine or program • Dangerous implements – Hide anything your routines expect to remain consistent across calls • Can’t happen – Handle impossible cases; they may be(come) possible April 5, 2005 ECS 153 Spring Quarter 2005 Slide #2

  3. Fragile Library • fqlib.h /* the queue structure */ typedef struct queue { int *que; /* the actual array of queue elements */ int head; /* head index in que of the queue */ int count; /* number of elements in queue */ int size; /* max number of elements in queue */ } QUEUE; /* the library functions */ void qmanage(QUEUE **, int, int); /* manage queue */ void put_on_queue(QUEUE *, int); /* add to queue */ void take_off_queue(QUEUE *, int *); /* pull off queue */ April 5, 2005 ECS 153 Spring Quarter 2005 Slide #3

  4. Problem • Callers have access to internal elements of queue structure – Note pointer given so user can reference queue contents directly – User sets: qptr->count = 755 This says queue now has 755 elements, regardless of how many it actually has! April 5, 2005 ECS 153 Spring Quarter 2005 Slide #4

  5. Managing Queues /* create or delete a queue */ void qmanage(QUEUE **qptr, int flag, int size) { if (flag){ /* allocate a new queue */ *qptr = malloc(sizeof(QUEUE)); (*qptr)->head = (*qptr)->count = 0; (*qptr)->que = malloc(size * sizeof(int)); (*qptr)->size = size; } else{ /* delete the current queue */ (void) free((*qptr)->que); (void) free(*qptr); } } April 5, 2005 ECS 153 Spring Quarter 2005 Slide #5

  6. Problems • Order of elements in parameter list is not checked – Is it flag, size or size, flag? • Value of flag is arbitrary – Why is 1 create, 0 delete? What if it’s 2? • Pointers to pointers causes problems – Is it a singly indirect or doubly indirect reference? April 5, 2005 ECS 153 Spring Quarter 2005 Slide #6

  7. Problems • Parameter values not sanity checked – Error, or may not be possible (pointers) • Delete unallocated queue, or previously deleted queue qmanage(&qptr, 1, 100); qmanage(&qptr, 0, 1); qmanage(&qptr, 0, 1); • Return values not checked – What happens if malloc returns NULL ? April 5, 2005 ECS 153 Spring Quarter 2005 Slide #7

  8. Problems • What about integer overflow? – Say size is 2 31 and integers are 4 bytes – Argument to malloc is 2 31 × 4 or … 2 33 April 5, 2005 ECS 153 Spring Quarter 2005 Slide #8

  9. Adding to a Queue /* add an element to an existing queue */ void put_on_queue(QUEUE *qptr, int n) { /* add new element to tail of queue */ qptr->que[(qptr->head + qptr->count) % qptr->size] = n; qptr->count++; } April 5, 2005 ECS 153 Spring Quarter 2005 Slide #9

  10. Problems • Parameters not checked – What if qptr is NULL , or refers to a deleted queue? • Values in structures not checked – What if qptr is valid but qptr- > que is not? • Array overflow not checked – What if queue is full when this is called? April 5, 2005 ECS 153 Spring Quarter 2005 Slide #10

  11. Removing From a Queue /* take element off the front of existing queue */ void take_off_queue(QUEUE *qptr, int *n) { /* return the element at the head of the queue */ *n = qptr->que[qptr->head++]; qptr->count—; qptr->head %= qptr->size; } April 5, 2005 ECS 153 Spring Quarter 2005 Slide #11

  12. Problems • Parameters not checked – What if qptr is NULL , or refers to a deleted queue? – What if n is invalid pointer? • Values in structures not checked – What if qptr is valid but qptr- > que is not? • Array underflow not checked – What if queue is empty when this is called? April 5, 2005 ECS 153 Spring Quarter 2005 Slide #12

  13. Summary: Problems with fqlib • The callers have access to the internal elements of the queue structure. • The order of elements in parameter lists is not checked. • The value of command parameters (which tell the function what operation to perform) is arbitrary. • Using pointers to pointers causes errors in function calls. • The parameter values are not sanity checked. April 5, 2005 ECS 153 Spring Quarter 2005 Slide #13

  14. Summary: Problems with fqlib • The user can delete an unallocated queue, or a previously deleted queue. • Return values from library functions are not checked. • Integer (or floating point) overflow (and underflow, when appropriate) is ignored. • The values in structures and variables are not sanity checked. • Neither array underflow nor overflow is checked for. April 5, 2005 ECS 153 Spring Quarter 2005 Slide #14

  15. Robust Library • Hide queue structure – Internally: array of queues • Interface: a token – Integer derived from index of queue • Make sure 0 is not a valid token! • Problem: dangling references – Use a nonce (or generation number ) • Result: token is function of index, nonce April 5, 2005 ECS 153 Spring Quarter 2005 Slide #15

  16. Why a Nonce? • Suppose queue A generated with index 7, used, deleted • Now queue B generated with index 7, used • Caller refers to queue A – Without nonce: token of A and B are f (7) – With nonce: token of A is f (7, 124) and token of B is f (7, 125), which are different April 5, 2005 ECS 153 Spring Quarter 2005 Slide #16

  17. Token Generation f ( i , n ) = (( i + 0x1221)<<16)|( n +0x0502) • Type of ticket: typedef long int QTICKET; • Use tokens, which are QTICKETs, rather than integers, to refer to queues – Prevents direct references to queues by callers – Enables detecting references to defunct queues April 5, 2005 ECS 153 Spring Quarter 2005 Slide #17

  18. Error Handling • Print error messages – Can mess up interfaces of callers • Return error results only – Allows callers to handle error appropriately for its own purposes – Important: handle errors consistently April 5, 2005 ECS 153 Spring Quarter 2005 Slide #18

  19. Error Handling Interface • Return value indicates whether error: #define QE_ISERROR(x) ((x) < 0) /* true if x is error code */ #define QE_NONE 0 /* no errors */ /* … various other QE_ error codes defined throughout … */ • Error message in buffer: extern char qe_errbuf[256]; • Error manipulation functions (in qlib.c): #define ERRBUF(str) (void) strncpy(qe_errbuf, str, sizeof(qe_errbuf)) #define ERRBUF2(str,n) (void) sprintf(qe_errbuf, str, n) #define ERRBUF3(str,n,m) (void) sprintf(qe_errbuf, str, n, m) April 5, 2005 ECS 153 Spring Quarter 2005 Slide #19

  20. Function Interfaces Goal: eliminate low cohesion of qmanage : QTICKET create_queue(void); /* create a queue */ int delete_queue(QTICKET); /* delete a queue */ /* put number on end of queue */ int put_on_queue(QTICKET, int); /* pull number off front of queue */ int take_off_queue(QTICKET); April 5, 2005 ECS 153 Spring Quarter 2005 Slide #20

  21. Internal Structures • Offsets: #define IOFFSET 0x1221 /* hides index number */ #define NOFFSET 0x0502 /* hides nonce in ticket */ • Queue structure: typedef int QELT; /* type of element being queued */ typedef struct queue { QTICKET ticket; /* contains unique queue ID */ QELT que[MAXELT]; /* the actual queue */ int head; /* head iundex in que of the queue */ int count; /* number of elements in queue */ } QUEUE; • Shared variables: static QUEUE *queues[MAXQ]; /* the queues */ static unsigned int noncectr = 1; /* the nonce */ April 5, 2005 ECS 153 Spring Quarter 2005 Slide #21

  22. Token Creation static QTICKET qtktref(unsigned int index) { unsigned int high; /* high 16 bits of ticket (index) */ unsigned int low; /* low 16 bits of ticket (nonce) */ /* sanity check argument; called internally ... */ if (index > MAXQ){ ERRBUF3("qtktref: index %u too large (assumed less than %d)", index, MAXQ); return(QE_INTINCON); } /* get the high part of the ticket */ high = (index + IOFFSET)&0x7fff; if (high != index + IOFFSET){ ERRBUF3("qtktref: index %u too large (assumed less than %u)", index, 0x7fff – IOFFSET); return(QE_INTINCON); } April 5, 2005 ECS 153 Spring Quarter 2005 Slide #22

  23. More Token Creation /* * get the low part of the ticket (nonce) * SANITY CHECK: be sure nonce fits into 16 bits */ low = (noncectr + NOFFSET) & 0xffff; if (low != (noncectr++ + NOFFSET) || low == 0){ ERRBUF2("qtktref: generation number too large (max %u)\n", 0xffff – NOFFSET); return(QE_INTINCON); } /* construct and return the ticket */ return((QTICKET) ((high << 16) | low)); } April 5, 2005 ECS 153 Spring Quarter 2005 Slide #23

  24. Points • Only internal functions can reference it • Return token as value, not via parameter list – Keep interfaces simple, even when internal • Check parameters – Checks index for validity • Error values, messages must be informative – Error code identifies precise problem – Error message gives details of problem April 5, 2005 ECS 153 Spring Quarter 2005 Slide #24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What Is Robust Code? Robust code A style of programming that

What Is Robust Code? Robust code A style of programming that

What Is Robust Code? Robust code A style of programming that prevents abnormal termina8on or unexpected ac8ons Handles bad input gracefully Detects

433 views • 12 slides
Robust Interconnect Robust Interconnect Communication Capacity Algorithm Communication Capacity

Robust Interconnect Robust Interconnect Communication Capacity Algorithm Communication Capacity

Robust Interconnect Robust Interconnect Communication Capacity Algorithm Communication Capacity Algorithm by Geometric Programming by Geometric Programming Jifeng Chen, Jin Sun and Janet Wang Department of Electrical and Computer Engineering

413 views • 25 slides
Robust Camera Location Estimation by Convex Programming sil and Amit Singer Onur

Robust Camera Location Estimation by Convex Programming sil and Amit Singer Onur

Robust Camera Location Estimation by Convex Programming sil and Amit Singer Onur Ozye INTECH Investment Management LLC 1 PACM and Department of Mathematics, Princeton University DIMACS Workshop on Distance Geometry

872 views • 40 slides
Robust Programming Basic Principles Paranoia: dont trust what you dont

Robust Programming Basic Principles Paranoia: dont trust what you dont

Robust Programming Basic Principles Paranoia: dont trust what you dont generate Stupidity: if it can be called (invoked) incorrectly, it will be Dangerous implements: if something is

802 views • 31 slides
Robust code R Functions What do these calls do? &gt; df[, vars] &gt; subset(df, x == y) &gt;

Robust code R Functions What do these calls do? &gt; df[, vars] &gt; subset(df, x == y) &gt;

R Functions Robust code R Functions What do these calls do? &gt; df[, vars] &gt; subset(df, x == y) &gt; data.frame(x = &quot;a&quot;) R Functions Interactive analysis Helpful Programming Strict R Functions Three main problems

728 views • 35 slides
Outlier Outlier Outlier- Outlier - -robust - robust robust robust identification

Outlier Outlier Outlier- Outlier - -robust - robust robust robust identification

GESG seminar, 16 October 2015, UFM Outlier Outlier Outlier- Outlier - -robust - robust robust robust identification identification identification of identification of of of switching regimes: switching regimes: switching regimes:

582 views • 27 slides
How Robust are Thresholds for Community Detection? Ankur Moitra (MIT) Robust Statistics Summer

How Robust are Thresholds for Community Detection? Ankur Moitra (MIT) Robust Statistics Summer

How Robust are Thresholds for Community Detection? Ankur Moitra (MIT) Robust Statistics Summer School Let me tell you a story about the success of belief propagation and statistical physics THE STOCHASTIC BLOCK MODEL Introduced by Holland,

1.65k views • 119 slides
1 Related Work Related Work State-based Specifications Timed Formal Modeling Visual

1 Related Work Related Work State-based Specifications Timed Formal Modeling Visual

Motivation Deep space exploration: Mars Polar Lander (NASA) highly uncertain environment Timed Model-based Programming: require highly robust system Executable Specifications for Mission-critical sequences: Robust Critical Sequences

422 views • 17 slides
Introduction to Programming Systems CS 217 Fall 2001 1 Goals Master the art of

Introduction to Programming Systems CS 217 Fall 2001 1 Goals Master the art of

Introduction to Programming Systems CS 217 Fall 2001 1 Goals Master the art of programming exploit abstraction, modularity, interfaces write efficient programs write robust programs Learn C and the

714 views • 6 slides
Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised

Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised

Robust Optimization &amp; Machine Learning 6. Robust Optimization Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised Learning Motivations Examples Thresholding and robustness Boolean data

724 views • 48 slides
for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik

for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik

Dynamic Covariance Scaling for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik Agarwal , Gian Diego Tipaldi, Luciano Spinello, Cyrill Stachniss and Wolfram Burgard University of Freiburg, Germany Maps

840 views • 45 slides
Robust Aggregation in Sensor Robust Aggregation in Sensor Networks Networks Jie Gao Computer

Robust Aggregation in Sensor Robust Aggregation in Sensor Networks Networks Jie Gao Computer

Robust Aggregation in Sensor Robust Aggregation in Sensor Networks Networks Jie Gao Computer Science Department Stony Brook University 1 Papers Papers [Nath04] Suman Nath, Phillip B. Gibbons, Zachary Anderson, and Srinivasan Seshan,

616 views • 43 slides
? P12 2 Getting Started/Lab Programming Lab Programming Program of Requirements PRELIMINARY

? P12 2 Getting Started/Lab Programming Lab Programming Program of Requirements PRELIMINARY

2 Getting Started/Lab Programming MODULE 2 LAB PROGRAMMING October 2013 2 Getting Started/Lab Programming 1. Getting Started 2. Scoping the Project 3. Lab Programming What is programming? Information gathering Organizing and

526 views • 36 slides
Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust

IIT-H and RIKEN-AIP Joint Workshop on March 15, 2019 Machine Learning and Applications, Hyderabad, India Weakly Supervised Classification Weakly Supervised Classification and Robust Learning and Robust Learning --- Overview of Our Recent

1.06k views • 25 slides
Robust Linear Quantum Systems Robust Linear Quantum Systems Theory Theory Ian R. Petersen

Robust Linear Quantum Systems Robust Linear Quantum Systems Theory Theory Ian R. Petersen

Workshop On Uncertain Dynamical Systems Udine 2011 1 Robust Linear Quantum Systems Robust Linear Quantum Systems Theory Theory Ian R. Petersen School of Engineering and Information Technology, University of New South Wales @ the

814 views • 40 slides
Robust Configuration Management &lt;draft-cole-netconf-robust-config-00.txt&gt; Robert G. Cole 1

Robust Configuration Management &lt;draft-cole-netconf-robust-config-00.txt&gt; Robert G. Cole 1

Robust Configuration Management &lt;draft-cole-netconf-robust-config-00.txt&gt; Robert G. Cole 1 Dan Romascanu 2 1 Johns Hopkins University robert.cole@jhuapl.edu 2 Avaya dromasca@avaya.com 24 March 2009 / IETF-San Francisco Objectives and

129 views • 10 slides
Evaluating and Extending the Coverage of HPSG Grammars: A Case Study for German Jeremy Nicholson,

Evaluating and Extending the Coverage of HPSG Grammars: A Case Study for German Jeremy Nicholson,

Evaluating and Extending the Coverage of HPSG Grammars: A Case Study for German Jeremy Nicholson, Valia Kordoni, Yi Zhang, Timothy Baldwin, Rebecca Dridan Department of Computational Linguistics Saarland University &amp; DFKI GmbH Department

501 views • 12 slides
Lecture 15: Machine Translation Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center

Lecture 15: Machine Translation Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center

CS447: Natural Language Processing http://courses.engr.illinois.edu/cs447 Lecture 15: Machine Translation Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Machine Translation in 2012 Google Translate translate.google.com 2 CS447

667 views • 37 slides
A User's experience with the Installation, Configuration, and Features of DTS's Space Recovery

A User's experience with the Installation, Configuration, and Features of DTS's Space Recovery

A User's experience with the Installation, Configuration, and Features of DTS's Space Recovery System (SRS) David Astemborski - FirstBank David.Astemborski@EFirstBank.com Mona Hassan - DTS Software Mona@DTSSoftware.com Tuesday August 7, 2012

870 views • 43 slides
Learnability-based Syntactic Annotation Design Roy Schwartz, Omri Abend and Ari Rappoport The

Learnability-based Syntactic Annotation Design Roy Schwartz, Omri Abend and Ari Rappoport The

Learnability-based Syntactic Annotation Design Roy Schwartz, Omri Abend and Ari Rappoport The Hebrew University In proceedings of COLING 2012 Overview In many cases, there is more than one plausible way to annotate syntactic structures

727 views • 60 slides
Systeme hoher Sicherheit und Qualitt Wintersemester 2013-14 Christoph Lth MZH 3100,

Systeme hoher Sicherheit und Qualitt Wintersemester 2013-14 Christoph Lth MZH 3100,

Systeme hoher Sicherheit und Qualitt Wintersemester 2013-14 Christoph Lth MZH 3100, christoph.lueth@dfki.de, cxl@informatik.uni-bremen.de Christian Liguda MZH 3180, christian.liguda@dfki.de Deutsches Forschungszentrum fr Knstliche

417 views • 41 slides
Universal Dependencies are hard to parse or are they? Ines Rehbein , Julius Steen ,

Universal Dependencies are hard to parse or are they? Ines Rehbein , Julius Steen ,

Universal Dependencies are hard to parse or are they? Ines Rehbein , Julius Steen , Bich-Ngoc Do , Anette Frank Leibniz ScienceCampus ur Deutsche Sprache Mannheim Institut f Universit at Heidelberg Germany {

280 views • 11 slides
Welcome and Introduction Thank you for coming to Hamburg! Main goal of the meeting - try to find

Welcome and Introduction Thank you for coming to Hamburg! Main goal of the meeting - try to find

Welcome and Introduction Thank you for coming to Hamburg! Main goal of the meeting - try to find a viable solution for SVD layer 3 discussion on possible new ideas started already at last B2GM, but more thorough investigations are needed

566 views • 12 slides
Schnen Abend Dresden! Leo Wolf &amp; Walter Palmetshofer https://pad.okfn.de/p/Dresden Was

Schnen Abend Dresden! Leo Wolf &amp; Walter Palmetshofer https://pad.okfn.de/p/Dresden Was

Schnen Abend Dresden! Leo Wolf &amp; Walter Palmetshofer https://pad.okfn.de/p/Dresden Was unmglich scheint, mu man versuchen, mglich zu machen. - Konrad Adenauer Open Data - Rechenschaftspflicht - Beteiligung -Transparenz

915 views • 62 slides

More recommend