Questions for the course "Advanced Softwrae Engineering Methodologies (ASEM)" with focus on Module A, with the topic: "Software Quality Assurance".
Click the button to start the quiz
What does Software quality assurance consist of?
Reviews
Audits
Software analysis
Testing
Security management
Safety management
Risk management
What is software analysis?
Important part of the more genereal activities of software quality assurance
Techniques
Methods
Tools
What does software quality assurance entail?
Define software quality for the project
Define policies and processesto achieve quality
Asses quality and find bugs/defects
Improve quality
In software analysis, what does techniques refer to?
Notations and algorithms
In software analysis, what are some examples of techniques?
First-order logic
Dataflow
Deductive verifications
In software analysis, what does methods refer to?
Principled ways of applying techniques
In software analysis, what are some examples of methods?
Design by contract
Security by design
Invariant methods
B method
In software analysis, what does tools refer to?
Implenting and supporting the application of techniques and methods
In software analysis, what are some examples of tools?
Model checkers
Theorem provers
In software analysis, what are techniques, methods and tools usefull for?
Establish that software behaves according to some properties
In software analysis, what are some properties that we are interested in?
Method m always terminates
If the input is positive, the program returns its inverse
The program crashes with input 3
In software analysis, what are some properties that we are not interested in?
There are no loops in method m
If code is indented using tabs
Every class has 3 subclasses
There are 3 lines of comments per class
What are some of the key properties that software should have?
As listed in the slides
Correctness
When talking about correctness, what is important to understand?
Correctness is relative to the specification
Correctness is that implementation and specification are consistent
Specification may be implicit or explicit
What are some implicit specifications?
Code: int proc(int x) { return x + 1; }
Type correctness
Termination
No overflows
No memory leaks
No race conditions
What are some explicit specifications?
Code: int proc(int x) { return x + 1; }
Restriction on input
Guarantees on output
Effects on the state
Non-functional properties: timeliness, memory usage, etc.
What does an error mean?
Sometimes also reffered to as a "mistake"
Human action that produces an incorrect result
any programming mistake
What does a fault mean?
manifestation of an error
the incorrect value is computed
a variable is not initialized
What does a defect mean?
an imperfection or deficiency in a program
this function should always return a positive value, but returns a negative value in this case
What does a failure mean?
Event were program execution cannot continue
uncaught exception
divide by zero
How can quality be defined?
Absence of bugs or defects
What produces a failure?
fault
What does a fault produce?
failure
What does a fault reveal?
defect
What causes a fault?
error
mistake
What introduces defects?
mistake
error
What are some well-known bugs?
Apple goto fail
Heartbleed
Missing sanitization
Why is 100% test coverage often not done?
It is not cost effective
Infeasible on large systems
What is a reason, that 100% test coverage, does not guarantee absence of bugs?
Tests may be incorrect
Tests may be incomplete
Tests may be inconsistent
Bugs may only be reproducable under certain conditions
What are some typical questions that can be asked, to help ensure quality?
Does this program deadlock?
Will this program thwo a null pointer exception?
Will this program crash on any input?
Are variables initialized before they are read?
Will the value of variable x affect the value of variable y?
Will this piece of code ever be executed?
What is static program analysis?
Analysis of behavor of a program without executing it?
What are static program analysis used for?
Compiler optimization
Program correctness
Automated debugging
Security analysis
When faced with undecidability, what is presented to be the safest way to handle it?
Over-appoximation
What are the types of properties, that are checked by static program analysis?
Safety properties
The general safety properties analysed with static program analysis, states the absence of what?
Integer variables do not overflow
There are no type errors
There are no null-pointer dereferencing
There are no race conditions
What are some examples of static analysis in practice?
Infer by Facebook
Uber
Synopsys
IBM Rational AppScan
AbsInt
Cppcheck
What is a dataflow analysis
Analysis of how data flows through a program
Represented as a directed graph
Can create a Control Flow Graph (DFG)
In dataflow analysis, what is a node?
Statements
Predicates
In dataflow analysis, what is an edge?
Control flow
What is program slicing?
Reduced part of the program, where irrelevant statements are removed
Extracted program, that only contains statements that potentially influence the execution of a given statement
What are some definition for a program Slice (S)?
S is a valid program
whenever P halts for a given input, S also halts for that input and computes the same values for the variables in V whenever the statement n is executed
May remove non-termination
Slice may no longer contain infinite loops
Slice terminates, while original program may not
May not preserve program semantics
What is slicing in program dependance graphs (PDG)?
Slicing focusing on reachability
Slice is statements that (in-)directly affect slicing criterion
Nodes are identical to Control Flow Graph (CFG)
Edges are data and control dependence
What is control dependence?
One statement directly control the exectuion of another
In structured program equivalence to "indentation level"
Examples of this, is statements in a while loop, that are control dependent on the while predicate
What are some key factors in data dependance?
Known from optimizing compilers
For slicing only "flow dependance" is relevant
, means node x computes a value that may be used at node y in some feasible execution
In the following element, what is needed for it to be true
A node y is data dependent on node x (), if:
there exists a variable v which is defined at x and used at y
In the Control flow graph (CFG), there is a path from x to y, where v is not redefined and can still affect y (killed)
What is asked in backward slicing?
What statements can influence the slicing criterion?
Finding all statements that may affect the slicing criterion
What is a slicing criterion?
A node v in a the dependance graph
What does the following statement represent?
BS(v) = {x ∈ PDG | x →∗ v}
Backward slice of v
x is a node in the program dependance graph (PDG)
There exist a path from x to v (x →∗ v)
The path may be multiple steps (→∗)
What is interprocedual slicing?
generating a slice of an entire program, where the slice crosses the boundaries of procedure calls
What is context-insensitive program slicing
Slicing that does not take into account the context of the slicing criterion
Treats every call to a procedure as if it was the same
May lead to inclusion of spurious (imprecise, not needed) nodes
What is Two-Phase Slicing?
First phase: Do not descend into called methods, instead traverse summary edges
Second phase: Go into omitted methods and repeat the process in the first phase
How can slicing with Program Dependence Graphs (PDG) be used?
Debugging
Fault localization
Security analysis
Information flow control
Program understanding
Aid the test case generation
What are a key asbect of fault localization (FL)?
Deals with locating the faulty operation, that causes a bug
Bug-observed sites often do not reflect the real fault location
What is the most common and traditional approach to fault localization?
Print statements
Break points
Assertions
What are some of the shortcoming of the traditional approach to fault localization?
Manual
Time consuming
What are some newer Fault localization (FL) techniques?
Metric-Based
Program dependence-based
Artificial intelligence-based
Statistics-based
Mutation-based
What is metric-based Fault Localization (FL)?
Each program statement outputs a suspiciousness score
Program elements executed in failing test-cases are likely to be faulty
What are some well-known models for metric-based Fault Localization (FL)?
Tarantula
Ochiai
Op2
Barinel
Star
What is the suspiciousness score calculation for Tarantula?
Suspiciousness =
What is the suspiciousness score calculation for Op2?
Suspiciousness =
What is the suspiciousness score calculation for Occhia?
Suspiciousness =
What is the suspiciousness score calculation for Barinel?
Suspiciousness =
What is the suspiciousness score calculation for Dstar?
Suspiciousness =
What are some limitations on metric-based Fault Localization (FL)?
Relies (and biased) on the quality of the test suite
May contain too many suspicious statements
What is Program dependence-based Fault Localization (FL)?
Extract semantic information from the bug/crash site
Find program locations that may affect the bug/crash site
Derive some matrices to prioritize these locations
What is dynamic slicing?
Slicing based on a particular execution of the program
Can dynamic slicing always be used for fault localization (FL)?
No
It may miss effect of unexecuted code
It is important to extend slicing to include relevent elements, using potential dependence
What are some existing Program dependenc graph (PDG) FL tools?
LLVM
Soot/Wala
What is AutoFL?
LLM-based FL Technique
Explainable FL technique
What are some key aspects of AutoFL?
Must have the whole software repo available
Automatically retrieves information for relevant areas
Performance is closely matched with raw LLM performance
Uses a two stage process
Uses multiple runs, to increase accuracy
What does the first stage in AutoFL do?
Generate the root cause explanation
What does the second stage in AutoFL do?
Predict the culprit methods