Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Software Reliability is also an important factor affecting system reliability. ... The high complexity of software is the major contributing factor of Software Reliability problems.
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Software Reliability is also an important factor affecting system reliability. ... The high complexity of software is the major contributing factor of Software Reliability problems.
Software Reliability Testing Training Crash Course - Tonex TrainingBryan Len
Length: 4 Days
Software reliability testing training course prepares you with the most updated knowledge in testing domain allowing you to grow in your job and career, while helping your organization to make profit and excel.
Learn about:
Fundamentals of software testing
Verification & validation methodology
Various software testing techniques
Test elements usage (rule/scenario/case)
Software test management
Different levels of software testing
General testing principles
Test planning
Static analysis techniques
Test design techniques
Using a risk-based approach to testing
Managing the testing process
Managing a test team
Combining tools and automation to support software testing
Risk analysis methods
Software reliability
Software testing terminology
Levels of software testing
Software Testing techniques
Black Box methods and more.
Course Outline:
Overview
Factors Affecting Software Reliability
Software Reliability Models
Data Required for Models
Software Reliability Prediction Models
Software Reliability Evaluation Models
Software Reliability Metrics
Software Fault Trees
Software FMEAs
System Reliability Software Redundancy
Improving Software Reliability
Managing Software Reliability
How Testing Can Cut Effort & Time
How to Plan Effective Testing?
Master Testing Plan
Detailed Test Planning
White Box (Structural) Testing
Integration/System/Special Test Planning
Maintenance and Regression Testing
Automated Testing Tools
Measuring and Managing Testing
Request for more information. Visit tonex.com for course and workshop detail.
Software Reliability Testing Training Crash Course
https://www.tonex.com/training-courses/software-reliability-testing-training-crash-course/
Comparing Software Quality Assurance Techniques And ActivitiesLemia Algmri
about the different quality assurance (QA) techniques and activities and their effectiveness in dealing with different types of problems , in addition to their cost and their applicability under different environments and development phases.
You can predict software reliability before the code is even finished. Predictions support planning, sensitivity analysis and also help to avoid distressed software projects and defect pile up.
Software Failure Modes Effects Analysis is a method of identifying what can go wrong with the software. Software testing generally focuses on the positive test cases. The SFMEA focuses on analyzing what can go wrong.
Software Reliability Testing Training Crash Course - Tonex TrainingBryan Len
Length: 4 Days
Software reliability testing training course prepares you with the most updated knowledge in testing domain allowing you to grow in your job and career, while helping your organization to make profit and excel.
Learn about:
Fundamentals of software testing
Verification & validation methodology
Various software testing techniques
Test elements usage (rule/scenario/case)
Software test management
Different levels of software testing
General testing principles
Test planning
Static analysis techniques
Test design techniques
Using a risk-based approach to testing
Managing the testing process
Managing a test team
Combining tools and automation to support software testing
Risk analysis methods
Software reliability
Software testing terminology
Levels of software testing
Software Testing techniques
Black Box methods and more.
Course Outline:
Overview
Factors Affecting Software Reliability
Software Reliability Models
Data Required for Models
Software Reliability Prediction Models
Software Reliability Evaluation Models
Software Reliability Metrics
Software Fault Trees
Software FMEAs
System Reliability Software Redundancy
Improving Software Reliability
Managing Software Reliability
How Testing Can Cut Effort & Time
How to Plan Effective Testing?
Master Testing Plan
Detailed Test Planning
White Box (Structural) Testing
Integration/System/Special Test Planning
Maintenance and Regression Testing
Automated Testing Tools
Measuring and Managing Testing
Request for more information. Visit tonex.com for course and workshop detail.
Software Reliability Testing Training Crash Course
https://www.tonex.com/training-courses/software-reliability-testing-training-crash-course/
Comparing Software Quality Assurance Techniques And ActivitiesLemia Algmri
about the different quality assurance (QA) techniques and activities and their effectiveness in dealing with different types of problems , in addition to their cost and their applicability under different environments and development phases.
You can predict software reliability before the code is even finished. Predictions support planning, sensitivity analysis and also help to avoid distressed software projects and defect pile up.
Software Failure Modes Effects Analysis is a method of identifying what can go wrong with the software. Software testing generally focuses on the positive test cases. The SFMEA focuses on analyzing what can go wrong.
Reliability Maintenance Engineering 2 - 1 Concepts and SoftwareAccendo Reliability
Reliability Maintenance Engineering Day 2 session 1 Concepts and Software
Three day live course focused on reliability engineering for maintenance programs. Introductory material and discussion ranging from basic tools and techniques for data analysis to considerations when building or improving a program.
Accelerated life testing (ALT) is widely used to expedite failures of a product in a short time period for predicting the product’s reliability under normal operating conditions. The resulting ALT data are often characterized by a probability distribution, such as Weibull, Lognormal, Gamma distribution, along with a life-stress relationship. However, if the selected failure time distribution is not adequate in describing the ALT data, the resulting reliability prediction would be misleading. In this talk, we provide a generic method for modeling ALT data which will assist engineers in dealing with a variety of failure time distributions. The method uses Erlang-Coxian (EC) distributions, which belong to a particular subset of phase-type (PH) distributions, to approximate the underlying failure time distributions arbitrarily closely. To estimate the parameters of such an EC-based ALT model, two statistical inference approaches are proposed. First, a mathematical programming approach is formulated to simultaneously match the moments of the EC-based ALT model to the ALT data collected at all test stress levels. This approach resolves the feasibility issue of the method of moments. In addition, the maximum likelihood estimation (MLE) approach is proposed to handle ALT data with type-I censoring. Numerical examples are provided to illustrate the capability of the generic method in modeling ALT data.
How To Improve Quality With Static Code Analysis Perforce
Programmers aren’t perfect. Testing and manual code reviews can’t find every problem in code. So, bugs persist. And it’s only going to get worse as your systems grow larger and more complex.
How can you find critical problems in your code? And still release a quality product on time?
Static code analysis might be the answer you’re looking for.
Find out why:
-Bug-free software is hard to achieve.
-Automated tools are the way to go.
-Safe, secure, and reliable software can be achieved at lower costs.
Plus, you’ll see examples of bugs easily missed by manual code reviews. And you’ll learn how static code analysis and manual code reviews work together.
Using language workbenches and domain-specific languages for safety-critical ...Markus Voelter
Language workbenches support the efficient creation, integration, and use of domain-specific languages. Typically, they execute models by code generation to programming language code. This can lead to increased productivity and higher quality. However, in safety-/mission-critical environments, generated code may not be considered trustworthy, because of the lack of trust in the generation mechanisms. This makes it harder to justify the use of language workbenches in such an environment. In this paper, we demonstrate an approach to use such tools in critical environments. We argue that models created with domain-specific languages are easier to validate and that the additional risk resulting from the transformation to code can be mitigated by a suitably designed transformation and verification architecture. We validate the approach with an industrial case study from the healthcare domain. We also discuss the degree to which the approach is appropriate for critical software in space, automotive, and robotics systems.
Complexity is Outside the Code - Craft Conferencejessitron
Opening Keynote by Jessica Kerr @jessitron and Dan North @tastapod, at Craft Conference in Budapest, 23 April 2015.
On architecture, learning, uncertainty, and working together.
Windows Offender: Reverse Engineering Windows Defender's Antivirus EmulatorPriyanka Aash
This Presentation is A deeply technical look at Windows Defender Antivirus’ binary emulator internals and reverse engineering it.
Speakers:
Alexei Bulazel, Security researcher at ForAllSecure, Firmware RE & cyber policy at River Loop, Security RPI / RPISEC alumnus
Using DevOps to Improve Software Quality in the CloudTechWell
DevOps is gaining popularity as a way to quickly and successfully deploy new software. With all the emphasis on deployment, software quality can sometimes be overlooked. In order to understand how DevOps and software testing mesh, Jeff Payne demonstrates a fully implemented continuous integration/continuous delivery (CI/CD) stack. After describing the internals of how CI/CD works, Jeff identifies the touch points in the stack that are important for testing organizations. With the now accelerated ability to deliver software, the testing groups need to know how this technology works and what to do with it because swarms of manual testers will not be able to keep up. Jeff demonstrates where and how to use automated testing, how to collect and make sense of the massive amount of test results that can be generated from CI/CD, and how to usefully apply manual testing.
Enhancing Your Test Automation Scenario Coverage with Selenium - QA or the Hi...Perfecto by Perforce
Success in cross-browser test automation relies on many variables. Today’s reality forces practitioners within DevOps/Agile teams to join effort in assuring quality, removing risks, and releasing fast. To meet these goals, business testers, developers, and test automation engineers need to work together with the proper technology stack that matches their skillset. Join Perfecto’s Chief Evangelist and author, Eran Kinsbruner, in this session as he provides recommendations for high coverage, high reliability, and maintainability of cross-browser test automation. In this session, Eran will walk through the following topics:
- Trends in cross-browser test automation.
- Introduction to test automation using codeless and BDD Selenium tools.
- The material differences between the three approaches: code-based Selenium, BDD, and codeless. Including a live demo of the various approaches.
Are Your Continuous Tests Too Fragile for Agile?Parasoft
With a fragile test suite, the Continuous Testing that's vital to Agile just isn't feasible. If you truly want to automate the execution of a broad test suite—embracing unit, component, integration, functional, performance, and security testing—during continuous integration, you need to ensure that your test suite is up to the task. How do you achieve this? This presentation provides tips on ensuring that your tests are up to the task.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Globus Compute wth IRI Workflows - GlobusWorld 2024
Software reliability
1. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Software Reliability
Journ´ee des Technologies de l’Information et de la
Communication
Baptiste Wicht
EIA-FR
June 3, 2014
Baptiste Wicht EIA-FR Software Reliability
5. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Definitions
Examples
Facts
Solutions
Definitions
Definition
Probability that a software will work properly in a specified
environment for a given amount of time.
What makes a program reliable ?
No bug
Must work under any possible condition
Must comply to the specifications
Baptiste Wicht EIA-FR Software Reliability
6. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Definitions
Examples
Facts
Solutions
Difficulties
properly, specified environment, given amount of time
No specification is perfect
Specifications can change
Software is complex
Baptiste Wicht EIA-FR Software Reliability
7. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Definitions
Examples
Facts
Solutions
Measuring reliability
Difficult problem
Hard to specify
Software is complicated to quantify
Models are available
More than 200 models exist
No single model completely represent reliability
Basic idea: Reliability is function of the number of defects
Baptiste Wicht EIA-FR Software Reliability
8. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Definitions
Examples
Facts
Solutions
Examples
1991: Telephone outage in California
Three lines of code changed
several-million lines of code program
⇒ ≈ 200’000 phone calls lost
Baptiste Wicht EIA-FR Software Reliability
9. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Definitions
Examples
Facts
Solutions
Examples
1991: Telephone outage in California
Three lines of code changed
several-million lines of code program
⇒ ≈ 200’000 phone calls lost
1991: Patriot Missile fails to intercept Scud Missile
Time stored in tenths of a second, multiplied by 1/10 to get
seconds
24 bit fixed-point register, 1/10 has 0.000000095 error
After 100 hours, error of 0.34 seconds
=> 28 dead
Baptiste Wicht EIA-FR Software Reliability
10. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Definitions
Examples
Facts
Solutions
Examples (cont.d)
1996: Ariane 5 explodes after 37 seconds of flight
16bit integer overflow
Overflow detected ⇒ useless corrections ⇒ other
malfunctions ⇒ self-destruction
System taken from Ariane 4, not used in Ariane 5
⇒ 500M $ lost
Baptiste Wicht EIA-FR Software Reliability
11. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Definitions
Examples
Facts
Solutions
Examples (cont.d)
1996: Ariane 5 explodes after 37 seconds of flight
16bit integer overflow
Overflow detected ⇒ useless corrections ⇒ other
malfunctions ⇒ self-destruction
System taken from Ariane 4, not used in Ariane 5
⇒ 500M $ lost
2014: Heartbleed (OpenSSL)
Missing bound check
Allows more data to be read than should be allowed
Introduced in 2011
⇒ Millions of website vulnerable
Baptiste Wicht EIA-FR Software Reliability
12. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Definitions
Examples
Facts
Solutions
Facts
Perfect software does not exist
The bigger the program ⇒ the more bugs
working today = working tomorrow
small change may have big impact
Baptiste Wicht EIA-FR Software Reliability
15. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Unit Testing
Integration Testing
Software Validation
Conclusion
Unit Testing
Definition
Set of tests to verify that a small unit of code is correct
Automated tests
Should be run after each change to the program and under
production-like environment
Monitor code coverage
Baptiste Wicht EIA-FR Software Reliability
16. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Unit Testing
Integration Testing
Software Validation
Conclusion
Integration Testing
Definition
Set of tests to verify that a set of units forming a component is
correct
Can be automated or performed by human
If human-performed, can be very costly
Should be performed as much as possible
Baptiste Wicht EIA-FR Software Reliability
17. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Unit Testing
Integration Testing
Software Validation
Conclusion
Software Validation
Definition
Tests to ensure that the complete system meets its specifications
Was the right software built ?
Was the software built right ?
Generally performed by Q/A specialists
Baptiste Wicht EIA-FR Software Reliability
18. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Unit Testing
Integration Testing
Software Validation
Conclusion
Conclusion
No part of the code should be neglected
No change should be neglected
Small modules easily covered by a unit test should always be
unit tested
Unit/Integration tests should always be used to avoid
regression
Unit testing should be done as part of Continuous Integration
Automated tests are less costly that human-performed tests
Baptiste Wicht EIA-FR Software Reliability
20. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Language Features
Contract Programming
Conclusion
Defensive Programming
Definition
Make a program more reliable by ensuring that code is used in the
correct way and it does what it is supposed to do.
Protection against failures and fault
Written as code
Accurate information to the source of the error
Verified at compile-time or runtime
Baptiste Wicht EIA-FR Software Reliability
21. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Language Features
Contract Programming
Conclusion
Language Features
Different languages provide different level of security
int array [100];
int b = array [100]; // What should happen ?
Baptiste Wicht EIA-FR Software Reliability
22. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Language Features
Contract Programming
Conclusion
Language Features
Different languages provide different level of security
int array [100];
int b = array [100]; // What should happen ?
C/C++: Undefined
Java/Python: Runtime error
Generally: lower level ⇒ harder to debug
Baptiste Wicht EIA-FR Software Reliability
23. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Language Features
Contract Programming
Conclusion
Assertions
Definition
Predicates (true-false statements) inserted into code indicating
what the developer thinks should be true at a certain point.
Indicates that a certain condition must be true
Typically aborts execution if condition not met
May be replaced by exceptions
Is generally disabled in production
Should not have any side effect
Baptiste Wicht EIA-FR Software Reliability
25. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Language Features
Contract Programming
Conclusion
Assertions (cont.d)
Pros
Available in almost every languages
Very simple
Generally useful to check input parameters
Baptiste Wicht EIA-FR Software Reliability
26. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Language Features
Contract Programming
Conclusion
Assertions (cont.d)
Pros
Available in almost every languages
Very simple
Generally useful to check input parameters
Cons
Only verified at runtime
Some languages supports compile-time assertions
Only local to a function
Can make the code more complex
Can be disabled
Baptiste Wicht EIA-FR Software Reliability
27. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Language Features
Contract Programming
Conclusion
Contract Programming
Contract of the code specified into the program
Pre/postconditions, Invariants, ...
Can be implemented with assertions
Coupled with powerful static analysis, some errors can be
found without running the program
Baptiste Wicht EIA-FR Software Reliability
28. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Language Features
Contract Programming
Conclusion
Conclusion
Pros
Catch errors with nice error messages
Stored with the code
Cons
Make the code more complex
May introduce new errors
May incur a runtime cost
Dependent on the developer
Baptiste Wicht EIA-FR Software Reliability
31. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Compilers
Every modern compiler produces warnings
Only when asked
May produce too much warnings
Often forgotten
Recommendation
New project: As much as possible and -Werror
Existing project: Fix existing warnings and enable warnings one
by one
CLang/GCC: -Wall -Wextra
Baptiste Wicht EIA-FR Software Reliability
32. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
cppcheck
Static Analysis for C/C++ programs
Free software, GPL license
Cross-platform
Active project, latest stable release 10 May 2014
Available on every mainline distribution
Contains a large set of checkers
Integrated in several IDE (Eclipse, Visual Studio,
Code::Blocks, CodeLite...)
Generate text, XML and HTML reports
Baptiste Wicht EIA-FR Software Reliability
33. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
CLang Static Analyzer
Static Analysis for C/C++ and Objective-C programs
Free software, MIT license
Developed as part of the LLVM/CLang project
Slower than compilation
Still young project
Several checkers implemented
Can be extended with checker plugins
Generate text and HTML reports
Baptiste Wicht EIA-FR Software Reliability
34. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Valgrind
Framework for dynamic analysis tools
Free Software, GPL License
Work on Linux and Mac OS X
Most known for Memcheck tool
Runs the program into a virtual machine
Program runs slower (4-5 times slower with None tool)
Generate text reports
Baptiste Wicht EIA-FR Software Reliability
35. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Tools
Memcheck: Memory debugger
Default and most used tool
Very large performance lost (20 to 40 times slower)
Massif: Heap profiler
Helgrind: Detect race conditions
Cachegrind: Cache profiler
Callgrind: Call-graph analyzer
exp-sgcheck: Experimental tool for memory overruns
Baptiste Wicht EIA-FR Software Reliability
37. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Memory Leak
int main (){
int* a = new int (4);
// Something
a = new int (5);
// Something else
delete a;
}
> g++ leak.cpp
> valgrind ./a.out
Baptiste Wicht EIA-FR Software Reliability
38. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Memory Leak
==15386== HEAP SUMMARY:
==15386== in use at exit: 4 bytes in 1 blocks
==15386== total heap usage: 2 allocs, 1 frees, 8 bytes allocated
==15386==
==15386== LEAK SUMMARY:
==15386== definitely lost: 4 bytes in 1 blocks
==15386== indirectly lost: 0 bytes in 0 blocks
==15386== possibly lost: 0 bytes in 0 blocks
==15386== still reachable: 0 bytes in 0 blocks
==15386== suppressed: 0 bytes in 0 block
4 bytes have been lost
No information on location
> valgrind --leak -check=full ./a.out
Baptiste Wicht EIA-FR Software Reliability
39. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Memory Leak
==6434== 4 bytes in 1 blocks are definitely lost in loss record 1 of 1
==6434== at 0x4028812: operator new(unsigned long) (vg_replace_malloc.c:319)
==6434== by 0x400641: main (in /home/wichtounet/dev/analysis-examples/a.out)
The source of the allocation is now shown
Only binary location, no source location
> g++ -g leak.cpp
> valgrind --leak -check=full ./a.out
Baptiste Wicht EIA-FR Software Reliability
40. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Memory Leak
==9604== 4 bytes in 1 blocks are definitely lost in loss record 1 of 1
==9604== at 0x4028812: operator new(unsigned long) (vg_replace_malloc.c:319)
==9604== by 0x400641: main (leak.cpp:2)
Source location (leak.cpp:2) is now complete
Valgrind will only show the sources of allocated leaked memory
Sometimes it may still be complicated to find why not freed
Baptiste Wicht EIA-FR Software Reliability
47. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Stack Overrun 2
==28007== exp-sgcheck, a stack and global array overrun detector
==28007== NOTE: This is an Experimental-Class Valgrind Tool
==28007== Copyright (C) 2003-2013, and GNU GPL’d, by OpenWorks Ltd et al.
==28007== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==28007== Command: ./a.out
==28007==
==28007==
==28007== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0
Overrun not detected!
Need a valid access before the invalid one
> cppcheck stack_overrun_2 .cpp
Baptiste Wicht EIA-FR Software Reliability
48. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Stack Overrun 2
Checking stack_overrun_2.cpp...
[stack_overrun_2.cpp:4]: (error) Array ’stack[5]’ accessed at index 5, which is out of bounds.
Overrun detected!
Tools put together are very powerful
Baptiste Wicht EIA-FR Software Reliability
49. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Complex Memory Leak
int main (){
int* array [42];
for(int i = 0; i < 42; ++i){
array[i] = new int;
}
// Something
for(int i = 0; i < 41; ++i){
delete array[i];
}
}
> cppcheck --enable=all leak_2.cpp
Baptiste Wicht EIA-FR Software Reliability
50. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Compilers
Tools
Exercises
SonarQube
Conclusion
Complex Memory Leak
Checking leak_2.cpp...
Checking usage of global functions..
cppcheck static analysis not powerful enough
> g++ -g leak_2.cpp
> valgrind --leak -check=full ./a.out
==12868== 4 bytes in 1 blocks are definitely lost in loss record 1 of 1
==12868== at 0x4C2C167: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-li
==12868== by 0x400739: main (leak_2.cpp:7)
Baptiste Wicht EIA-FR Software Reliability
59. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Conclusion
Build reliable software is hard
Software testing is very important
Numerous tools are available
No tool will ever find all bugs
Some tools are overlapping
Baptiste Wicht EIA-FR Software Reliability
60. Software Reliability
Software Validation
Defensive Programming
Software Analysis Tools
Conclusion
Recommendations
No change should be ignored when testing
Tests should be run in production-like environment
Continuous Integration and Testing
Make use of the existing analysis features at each level
No tool is perfect ⇒ Several tools can be used together
Baptiste Wicht EIA-FR Software Reliability