Software Engineering for Students A Programming Approach
Software Engineering for Students A Programming Approach Software Engineering for Students A Programming Approach
CHAPTER 17 This chapter explains: ■ how to categorize faults ■ how faults can be detected ■ how recovery can be made from faults ■ exception handling ■ recovery blocks ■ how to use n-version programming ■ how to use assertions. 17.1 ● Introduction Robust software is software that tolerates faults. Computer faults are often classified according to who or what causes them: ■ user errors ■ software faults (bugs) ■ hardware faults. Software robustness An example of a user error is entering alphabetic data when numeric data is expected. An example of a software fault is any of the many bugs that inhabit most software systems. An example of a hardware fault is a disk failure or a telecommunication line that fails to respond. In fault tolerance, the hardware and software collaborate in a kind of symbiosis. Sometimes the hardware detects a software fault; sometimes the software detects a hardware fault. In some designs, when a hardware fault occurs, the hardware copes with the situation, but often it is the role of the software to deal with the problem. When a software fault occurs, it is usually the job of the software to deal with the problem. In
238 Chapter 17 ■ Software robustness some systems, when a user error arises, again it is the role of the software to cope. In many situations, of course, when a fault arises nothing is done to cope with it and the system crashes. This chapter explores measures that can be taken to detect and deal with all types of computer fault, with emphasis on remedial measures that are implemented by software. We will see in Chapter 19 on testing that eradicating every bug from a program is almost impossible. Even when formal mathematical methods for program development are used to improve the reliability of software, human error creeps in so that even mathematical proofs can contain errors. As we have seen, in striving to make a piece of software as reliable as possible, we have to use a whole range of techniques Software fault tolerance is concerned with trying to keep a system going in the face of faults. The term intolerance is sometimes used to describe software that is written with the assumption that the system will always work correctly. By contrast, fault tolerance recognizes that faults are inevitable and that therefore it is necessary to cope with them. Moreover, in a well-designed system, we strive to cope with faults in an organized, systematic manner. We will distinguish between two types of faults – anticipated and unanticipated. Anticipated faults are unusual situations, but we can fairly easily foresee that they will occasionally arise. Examples are: ■ division by zero ■ floating point overflow ■ numeric data that contains letters ■ attempting to open a file that does not exist. What are unanticipated faults? The name suggests that we cannot even identify, predict or give a name to any of them. (Logically, if we can identify them, they are anticipated faults.) In reality this category is used to describe very unusual situations. Examples are: ■ hardware faults (e.g. an input-output device error or a main memory fault) ■ a software design fault (i.e. a bug) ■ an array subscript that is outside its allowed range ■ the detection of a violation by the computer’s memory protection mechanism. Take the last example of a memory protection fault. Languages like C++ allow the programmer to use memory addresses to refer to parameters and to data structures. Access to pointers is very free and the programmer can, for example, actually carry out arithmetic on pointers. This sort of freedom is a common source of errors in C++ programs. Worse still, errors of this type can be very difficult to eradicate (debug) and may persist unseen until the software has been in use for some time. Of course this type of error is a mistake made by a programmer, designer or tester – a type of error sometimes known as a logic error. The hardware memory protection system can help with the detection of errors of this type because often the erroneous use of a pointer will eventually often lead to an attempt to use an illegal address.
- Page 209 and 210: 186 Chapter 14 ■ The basics > } }
- Page 211 and 212: 188 Chapter 14 ■ The basics Unfor
- Page 213 and 214: 190 Chapter 14 ■ The basics Ada d
- Page 215 and 216: 192 Chapter 14 ■ The basics The w
- Page 217 and 218: 194 Chapter 14 ■ The basics In a
- Page 219 and 220: 196 Chapter 14 ■ The basics > str
- Page 221 and 222: 198 Chapter 14 ■ The basics Answe
- Page 223 and 224: CHAPTER 15 Object-oriented programm
- Page 225 and 226: 202 Chapter 15 ■ Object-oriented
- Page 227 and 228: 204 Chapter 15 ■ Object-oriented
- Page 229 and 230: 206 Chapter 15 ■ Object-oriented
- Page 231 and 232: 208 Chapter 15 ■ Object-oriented
- Page 233 and 234: 210 Chapter 15 ■ Object-oriented
- Page 235 and 236: 212 Chapter 15 ■ Object-oriented
- Page 237 and 238: 214 Chapter 15 ■ Object-oriented
- Page 239 and 240: 216 Chapter 15 ■ Object-oriented
- Page 241 and 242: 218 Chapter 15 ■ Object-oriented
- Page 243 and 244: 220 Chapter 15 ■ Object-oriented
- Page 245 and 246: 222 Chapter 16 ■ Programming in t
- Page 247 and 248: 224 Chapter 16 ■ Programming in t
- Page 249 and 250: 226 Chapter 16 ■ Programming in t
- Page 251 and 252: 228 Chapter 16 ■ Programming in t
- Page 253 and 254: 230 Chapter 16 ■ Programming in t
- Page 255 and 256: 232 Chapter 16 ■ Programming in t
- Page 257 and 258: 234 Chapter 16 ■ Programming in t
- Page 259: 236 Chapter 16 ■ Programming in t
- Page 263 and 264: 240 Chapter 17 ■ Software robustn
- Page 265 and 266: 242 Chapter 17 ■ Software robustn
- Page 267 and 268: 244 Chapter 17 ■ Software robustn
- Page 269 and 270: 246 Chapter 17 ■ Software robustn
- Page 271 and 272: 248 Chapter 17 ■ Software robustn
- Page 273 and 274: 250 Chapter 17 ■ Software robustn
- Page 275 and 276: 252 Chapter 17 ■ Software robustn
- Page 277 and 278: 254 Chapter 17 ■ Software robustn
- Page 279 and 280: 256 Chapter 17 ■ Software robustn
- Page 281 and 282: 258 Chapter 17 ■ Software robustn
- Page 283 and 284: 260 Chapter 18 ■ Scripting GNU/Li
- Page 285 and 286: 262 Chapter 18 ■ Scripting In sum
- Page 288: PART D VERIFICATION
- Page 291 and 292: 268 Chapter 19 ■ Testing We begin
- Page 293 and 294: 270 Chapter 19 ■ Testing within a
- Page 295 and 296: 272 Chapter 19 ■ Testing Test num
- Page 297 and 298: 274 Chapter 19 ■ Testing if (a >=
- Page 299 and 300: 276 Chapter 19 ■ Testing 3. apply
- Page 301 and 302: 278 Chapter 19 ■ Testing made con
- Page 303 and 304: 280 Chapter 19 ■ Testing 19.3 Dev
- Page 305 and 306: 282 Chapter 19 ■ Testing 19.2 The
- Page 307 and 308: 284 Chapter 20 ■ Groups The term
- Page 309 and 310: 286 Chapter 20 ■ Groups Of course
238 Chapter 17 ■ <strong>Software</strong> robustness<br />
some systems, when a user error arises, again it is the role of the software to cope. In many<br />
situations, of course, when a fault arises nothing is done to cope with it and the system<br />
crashes. This chapter explores measures that can be taken to detect and deal with all types<br />
of computer fault, with emphasis on remedial measures that are implemented by software.<br />
We will see in Chapter 19 on testing that eradicating every bug from a program is<br />
almost impossible. Even when <strong>for</strong>mal mathematical methods <strong>for</strong> program development<br />
are used to improve the reliability of software, human error creeps in so that even mathematical<br />
proofs can contain errors. As we have seen, in striving to make a piece of software<br />
as reliable as possible, we have to use a whole range of techniques<br />
<strong>Software</strong> fault tolerance is concerned with trying to keep a system going in the face<br />
of faults. The term intolerance is sometimes used to describe software that is written<br />
with the assumption that the system will always work correctly. By contrast, fault tolerance<br />
recognizes that faults are inevitable and that there<strong>for</strong>e it is necessary to cope with<br />
them. Moreover, in a well-designed system, we strive to cope with faults in an organized,<br />
systematic manner.<br />
We will distinguish between two types of faults – anticipated and unanticipated.<br />
Anticipated faults are unusual situations, but we can fairly easily <strong>for</strong>esee that they will<br />
occasionally arise. Examples are:<br />
■ division by zero<br />
■ floating point overflow<br />
■ numeric data that contains letters<br />
■ attempting to open a file that does not exist.<br />
What are unanticipated faults? The name suggests that we cannot even identify, predict<br />
or give a name to any of them. (Logically, if we can identify them, they are anticipated<br />
faults.) In reality this category is used to describe very unusual situations.<br />
Examples are:<br />
■ hardware faults (e.g. an input-output device error or a main memory fault)<br />
■ a software design fault (i.e. a bug)<br />
■ an array subscript that is outside its allowed range<br />
■ the detection of a violation by the computer’s memory protection mechanism.<br />
Take the last example of a memory protection fault. Languages like C++ allow the<br />
programmer to use memory addresses to refer to parameters and to data structures.<br />
Access to pointers is very free and the programmer can, <strong>for</strong> example, actually carry out<br />
arithmetic on pointers. This sort of freedom is a common source of errors in C++ programs.<br />
Worse still, errors of this type can be very difficult to eradicate (debug) and may<br />
persist unseen until the software has been in use <strong>for</strong> some time. Of course this type of<br />
error is a mistake made by a programmer, designer or tester – a type of error sometimes<br />
known as a logic error. The hardware memory protection system can help with the<br />
detection of errors of this type because often the erroneous use of a pointer will eventually<br />
often lead to an attempt to use an illegal address.