Software Engineering for Students A Programming Approach
Software Engineering for Students A Programming Approach Software Engineering for Students A Programming Approach
Summary Faults in computer systems are caused by hardware failure, software bugs and user error. Software fault tolerance is concerned with: ■ detecting faults ■ assessing damage ■ repairing the damage ■ continuing. Exercises 255 Of these, faults can be detected by both hardware and software. One hardware mechanism for fault detection is protection mechanisms, which have two roles: 1. they limit the spread of damage, thus easing the job of fault tolerance 2. they help find the cause of faults. Faults can be classified in two categories – anticipated and unanticipated. Recovery mechanisms are of two types: ■ backward – the system returns to an earlier, safe state ■ forward – the system continues onwards from the error. Anticipated faults can be dealt with by means of forward error recovery. Exception handlers are a convenient programming language facility for coping with these faults. Unanticipated faults – such as software design faults – can be handled using either of: ■ recovery blocks, a backward error recovery mechanism ■ n-programming, a forward error recovery mechanism. Assertions are a way of stating assumptions that should be valid when software executes. Automatic checking of assertions can assist debugging. • Exercises 17.1 For each of the computer systems detailed in Appendix A, list the faults that can arise, categorizing them into user errors, hardware faults and software faults. Decide whether each of the faults is anticipated or unanticipated. Suggest how the faults could be dealt with. 17.2 Explain the following terms, giving an example of each to illustrate your answer: fault tolerance, software fault tolerance, reliability, robustness, graceful degradation.
256 Chapter 17 ■ Software robustness 17.3 Consider a programming language with which you are familiar. In what ways can you deliberately (or inadvertently) write a program that will: 1. crash 2. access main memory in an undisciplined way 3. access a file protected from you. What damage is caused by these actions? How much damage is possible? Assuming you didn’t already know it, is it easy to diagnose the cause of the problem? Contemplate that if it is possible deliberately to penetrate a system, then it is certainly possible to do it by accident, thus jeopardizing the reliability and security of the system. 17.4 “Compile-time checking is better than run-time checking.” Discuss. 17.5 Compare and contrast exception handling with assertions. 17.6 The Java system throws an IndexOutOfBoundsException exception if a program attempts to access elements of an array that lie outside the valid range of subscripts. Write a method that calculates the total weekly rainfall, given an array of floating point numbers (values of the rainfall for each of seven days of the week) as its single parameter. The method should throw an exception of the same type if an array is too short. Write code to catch the exception. 17.7 Outline the structure of recovery block software to cope with the following situation. A fly-by-wire aircraft is controlled by software. A normal algorithm calculates the optimal speed and the appropriate control surface and engine settings. A safety module checks that the calculated values are within safe limits. If they are not, it invokes an alternative module that calculates some safe values for the settings. If, again, this module fails to suggest safe values, the pilots are alerted and the aircraft reverts to manual control. 17.8 Compare and contrast the recovery block scheme with the n-programming scheme for fault tolerance. Include in your review an assessment of the development times and performance overheads associated with each scheme. 17.9 Searching a table for a desired object is a simple example of a situation in which it can be tempting to use a goto to escape from an unusual situation. Write a piece of program to search a table three ways: 1. using goto 2. using exceptions 3. avoiding both of these. Compare and contrast the three solutions.
- Page 227 and 228: 204 Chapter 15 ■ Object-oriented
- Page 229 and 230: 206 Chapter 15 ■ Object-oriented
- Page 231 and 232: 208 Chapter 15 ■ Object-oriented
- Page 233 and 234: 210 Chapter 15 ■ Object-oriented
- Page 235 and 236: 212 Chapter 15 ■ Object-oriented
- Page 237 and 238: 214 Chapter 15 ■ Object-oriented
- Page 239 and 240: 216 Chapter 15 ■ Object-oriented
- Page 241 and 242: 218 Chapter 15 ■ Object-oriented
- Page 243 and 244: 220 Chapter 15 ■ Object-oriented
- Page 245 and 246: 222 Chapter 16 ■ Programming in t
- Page 247 and 248: 224 Chapter 16 ■ Programming in t
- Page 249 and 250: 226 Chapter 16 ■ Programming in t
- Page 251 and 252: 228 Chapter 16 ■ Programming in t
- Page 253 and 254: 230 Chapter 16 ■ Programming in t
- Page 255 and 256: 232 Chapter 16 ■ Programming in t
- Page 257 and 258: 234 Chapter 16 ■ Programming in t
- Page 259 and 260: 236 Chapter 16 ■ Programming in t
- Page 261 and 262: 238 Chapter 17 ■ Software robustn
- Page 263 and 264: 240 Chapter 17 ■ Software robustn
- Page 265 and 266: 242 Chapter 17 ■ Software robustn
- Page 267 and 268: 244 Chapter 17 ■ Software robustn
- Page 269 and 270: 246 Chapter 17 ■ Software robustn
- Page 271 and 272: 248 Chapter 17 ■ Software robustn
- Page 273 and 274: 250 Chapter 17 ■ Software robustn
- Page 275 and 276: 252 Chapter 17 ■ Software robustn
- Page 277: 254 Chapter 17 ■ Software robustn
- Page 281 and 282: 258 Chapter 17 ■ Software robustn
- Page 283 and 284: 260 Chapter 18 ■ Scripting GNU/Li
- Page 285 and 286: 262 Chapter 18 ■ Scripting In sum
- Page 288: PART D VERIFICATION
- Page 291 and 292: 268 Chapter 19 ■ Testing We begin
- Page 293 and 294: 270 Chapter 19 ■ Testing within a
- Page 295 and 296: 272 Chapter 19 ■ Testing Test num
- Page 297 and 298: 274 Chapter 19 ■ Testing if (a >=
- Page 299 and 300: 276 Chapter 19 ■ Testing 3. apply
- Page 301 and 302: 278 Chapter 19 ■ Testing made con
- Page 303 and 304: 280 Chapter 19 ■ Testing 19.3 Dev
- Page 305 and 306: 282 Chapter 19 ■ Testing 19.2 The
- Page 307 and 308: 284 Chapter 20 ■ Groups The term
- Page 309 and 310: 286 Chapter 20 ■ Groups Of course
- Page 311 and 312: 288 Chapter 20 ■ Groups • Exerc
- Page 314 and 315: CHAPTER 21 This chapter explains: 2
- Page 316 and 317: Stage Input Output 21.3 Feedback be
- Page 318 and 319: Summary The essence and the strengt
- Page 320 and 321: CHAPTER 22 This chapter: 22.1 ● I
- Page 322 and 323: 22.2 The spiral model 299 to try to
- Page 324 and 325: 22.4 ● Discussion Exercises 301 A
- Page 326 and 327: CHAPTER 23 Prototyping This chapter
256 Chapter 17 ■ <strong>Software</strong> robustness<br />
17.3 Consider a programming language with which you are familiar. In what ways can you<br />
deliberately (or inadvertently) write a program that will:<br />
1. crash<br />
2. access main memory in an undisciplined way<br />
3. access a file protected from you.<br />
What damage is caused by these actions? How much damage is possible?<br />
Assuming you didn’t already know it, is it easy to diagnose the cause of the problem?<br />
Contemplate that if it is possible deliberately to penetrate a system, then it is<br />
certainly possible to do it by accident, thus jeopardizing the reliability and security<br />
of the system.<br />
17.4 “Compile-time checking is better than run-time checking.” Discuss.<br />
17.5 Compare and contrast exception handling with assertions.<br />
17.6 The Java system throws an IndexOutOfBoundsException exception if a program<br />
attempts to access elements of an array that lie outside the valid range of<br />
subscripts. Write a method that calculates the total weekly rainfall, given an array<br />
of floating point numbers (values of the rainfall <strong>for</strong> each of seven days of the<br />
week) as its single parameter. The method should throw an exception of the same<br />
type if an array is too short. Write code to catch the exception.<br />
17.7 Outline the structure of recovery block software to cope with the following situation.<br />
A fly-by-wire aircraft is controlled by software. A normal algorithm calculates the optimal<br />
speed and the appropriate control surface and engine settings. A safety module<br />
checks that the calculated values are within safe limits. If they are not, it invokes an<br />
alternative module that calculates some safe values <strong>for</strong> the settings. If, again, this<br />
module fails to suggest safe values, the pilots are alerted and the aircraft reverts to<br />
manual control.<br />
17.8 Compare and contrast the recovery block scheme with the n-programming scheme<br />
<strong>for</strong> fault tolerance. Include in your review an assessment of the development times<br />
and per<strong>for</strong>mance overheads associated with each scheme.<br />
17.9 Searching a table <strong>for</strong> a desired object is a simple example of a situation in which it<br />
can be tempting to use a goto to escape from an unusual situation. Write a piece<br />
of program to search a table three ways:<br />
1. using goto<br />
2. using exceptions<br />
3. avoiding both of these.<br />
Compare and contrast the three solutions.