Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defensive Programming

Published byKimberly Warren Modified over 6 years ago

Similar presentations

Presentation on theme: "Defensive Programming"— Presentation transcript:

1 Defensive Programming
SCMP Special Topic: Software Development Spring 2017 James Skon

2 Defensive Programming
What is it?

3 Protecting Your Program from Invalid Inputs
“Garbage in, garbage out.” NEVER output garbage! What to do? Check the values of all data from external sources Check the values of all routine input parameters Decide how to handle bad inputs

4 Assertions An assertion is code that's used during development
usually a routine or macro allows a program to check itself as it runs When true - everything is operating as expected An assertion usually takes two arguments: a boolean expression that describes the assumption that's supposed to be true and a message to display if it isn't

5 C++ Assert Example ASSERT - aborts the program if the parameter passed to the macro does not evaluate to true int g_anArray[10]; // a global array of 10 characters #include <cassert> // for assert() int GetArrayValue(int nIndex){ // we're asserting that nIndex is between 0 and 9 assert(nIndex >= 0 && nIndex <= 9); // check index return g_anArray[nIndex]; }

6 Where to use Assert That an input parameter's value falls within its expected range (or an output parameter's value does) That a file or stream is open (or closed) when a routine begins executing (or when it ends executing) That a file or stream is at the beginning (or end) when a routine begins executing (or when it ends executing) That a file or stream is open for read-only, write-only, or both read and write That the value of an input-only variable is not changed by a routine

7 Where to use Assert That a pointer is non-null
That an array or other container passed into a routine can contain at least X number of data elements That a table has been initialized to contain real values That a container is empty (or full) when a routine begins executing (or when it finishes) That the results from a highly optimized, complicated routine match the results from a slower but clearly written routine

8 Assertions Use error-handling code for conditions you expect to occur; use assertions for conditions that should never occur Use conditional compilation to allow assertions to be “turned off” Avoid putting executable code into assertions # defin my_Debug #ifdef my_Debug Assert( PerformAction() )

9 Assert For highly robust code, assert and then handle the error anyway

10 Assertions Use to both document and check preconditions and postconditions. Private Function Velocity ( int &latitude; int &longitude; int &elevation) As Single /* Preconditions */ Assert ( -90 <= latitude && latitude <= 90 ) Assert ( 0 <= longitude && longitude < 360 ) Assert ( -500 <= elevation && elevation <= ) ... /*Sanitize input data. */ If ( latitude < -90 ) { latitude = -90; } elseif ( latitude > 90 ) { latitude = 90 End If If ( longitude < 0 ) Then longitude = 0 ElseIf ( longitude > 360 ) Then Checking preconditions Checking postconditions

11 Error-Handling Techniques
How do you handle errors that you do expect to occur? Return a neutral value (background color) Substitute the next piece of valid data (database) Return the same answer as the previous time (thermostat) Substitute the closest legal value (velocity) Log a warning message to a file

12 Error-Handling Techniques
How do you handle errors that you do expect to occur? Call an error-processing routine/object (centralized) Display an error message wherever the error is encountered Handle the error in whatever way works best locally Shut down

13 Robustness vs. Correctness
Correctness: never returning an inaccurate result; returning no result is better than returning an inaccurate result. Robustness: always trying to do something that will allow the software to keep operating, even if that leads to results that are inaccurate sometimes.

14 Barricade Barricade Your Program to Contain the Damage Caused by Errors

15 Relationship Between Barricades and Assertions
Barricades – Routines outside the barricade should use error handling because it isn't safe to make any assumptions about the data. Assertions - Routines inside the barricade should use assertions, because the data passed to them is supposed to be sanitized before it's passed across the barricade.

16 Debugging Aids Code may have to “modes”, development and production.
Development – checks for internal errors, provides intermediate results. Production – Streamlines and fast, does’ty show internal state.

17 Debugging Aids A dead program normally does a lot less damage than a crippled one. —Andy Hunt and Dave Thoma

18 Use Offensive Programming
Make sure asserts abort the program. Completely fill any memory allocated so that you can detect memory allocation errors. Completely fill any files or streams allocated to flush out any file-format errors. Be sure the code in each case statement's default or else clause fails hard (aborts the program) or is otherwise impossible to overlook. Fill an object with junk data just before it's deleted. Set up the program to error log files to yourself so that you can see the kinds of errors that are occurring in the released software, if that's appropriate for the kind of software you're developing.

19 Plan to Remove Debugging Aids
Option one: Wrap all debug code in a conditional: Define to include Debug code #define DEBUG ... #if defined( DEBUG ) // debugging code #endif Wrap all debug code in conditional

20 Debug Macro contains conditional
Plan to Remove Debugging Aids Option one: Create special debug Macro. #define DEBUG #if defined( DEBUG ) #define DebugCode( parameters ) { code_fragment } #else #define DebugCode(parameterst ) #endif ... DebugCode( statement 1; statement 2; statement n; ); Debug Macro contains conditional This code is included or excluded, depending on whether DEBUG has been defined.

21 How Much Defensive Programming should be left in Production Code?
Leave in code that checks for important errors: Is the result significant or not (invalid answer vs. formatting error) Remove code that checks for trivial errors Remove code that results in hard crashes Leave in code that helps the program crash gracefully Log errors for your technical support personnel Make sure that the error messages you leave in are friendly

22 Review – General checklist
Does the routine protect itself from bad input data? Have you used assertions to document assumptions, including preconditions and postconditions? Have assertions been used only to document conditions that should never occur? Does the architecture or high-level design specify a specific set of error-handling techniques? Does the architecture or high-level design specify whether error handling should favor robustness or correctness? Have barricades been created to contain the damaging effect of errors and reduce the amount of code that has to be concerned about error processing? Have debugging aids been used in the code? Have debugging aids been installed in such a way that they can be activated or deactivated without a great deal of fuss? Is the amount of defensive programming code appropriate—neither too much nor too little? Have you used offensive-programming techniques to make errors difficult to overlook during development?

23 Review - Exceptions Has your project defined a standardized approach to exception handling? Have you considered alternatives to using an exception? Is the error handled locally rather than throwing a nonlocal exception, if possible? Does the code avoid throwing exceptions in constructors and destructors? Are all exceptions at the appropriate levels of abstraction for the routines that throw them? Does each exception include all relevant exception background information? Is the code free of empty catch blocks? (Or if an empty catch block truly is appropriate, is it documented?)

24 Review - Security Issues
Does the code that checks for bad input data check for attempted buffer overflows, SQL injection, HTML injection, integer overflows, and other malicious inputs? Are all error-return codes checked? Are all exceptions caught? Do error messages avoid providing information that would help an attacker break into the system?

Download ppt "Defensive Programming"

Similar presentations

CS 11 C track: lecture 7 Last week: structs, typedef, linked lists This week: hash tables more on the C preprocessor extern const.

CS 11 C track: lecture 7 Last week: structs, typedef, linked lists This week: hash tables more on the C preprocessor extern const.
 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.

 Both System.out and System.err are streams—a sequence of bytes.  System.out (the standard output stream) displays output  System.err (the standard.
CSCE 121:509-512 Introduction to Program Design and Concepts Dr. J. Michael Moore Spring 2015 Set 7: Errors 1 Based on slides created by Bjarne Stroustrup.

CSCE 121: Introduction to Program Design and Concepts Dr. J. Michael Moore Spring 2015 Set 7: Errors 1 Based on slides created by Bjarne Stroustrup.
Software Construction 1 (0721385) First Semester 2014-2015 Dr. Samer Odeh Hanna (PhD) Office: IT 327.

Software Construction 1 ( ) First Semester Dr. Samer Odeh Hanna (PhD) Office: IT 327.
11-Jun-15 Exceptions. 2 Errors and Exceptions An error is a bug in your program dividing by zero going outside the bounds of an array trying to use a.

11-Jun-15 Exceptions. 2 Errors and Exceptions An error is a bug in your program dividing by zero going outside the bounds of an array trying to use a.
Computer Science 340 Software Design & Testing Design By Contract.

Computer Science 340 Software Design & Testing Design By Contract.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.

Unit Testing & Defensive Programming. F-22 Raptor Fighter.
Code Complete Steve McConnell.

Code Complete Steve McConnell.
June 14, 2001Exception Handling in Java1 Richard S. Huntrods June 14, 2001 University of Calgary.

June 14, 2001Exception Handling in Java1 Richard S. Huntrods June 14, 2001 University of Calgary.
CPSC 252 Exception Handling Page 1 Exceptions and exception handling Client programmers can make errors using a class attempting to dequeue an item from.

CPSC 252 Exception Handling Page 1 Exceptions and exception handling Client programmers can make errors using a class attempting to dequeue an item from.
1 Defensive Programming and Debugging (Chapters 8 and 23 of Code Complete) Tori Bowman CSSE 375, Rose-Hulman September 21, 2007.

1 Defensive Programming and Debugging (Chapters 8 and 23 of Code Complete) Tori Bowman CSSE 375, Rose-Hulman September 21, 2007.
Chapter 12: Exception Handling

Chapter 12: Exception Handling
Software Construction and Evolution - CSSE 375 Defensive Programming & Error Handling Shawn & Steve Above – As you see behind me on the shelf, there are.

Software Construction and Evolution - CSSE 375 Defensive Programming & Error Handling Shawn & Steve Above – As you see behind me on the shelf, there are.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.

1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
Errors And How to Handle Them. GIGO There is a saying in computer science: “Garbage in, garbage out.” Is this true, or is it just an excuse for bad programming?

Errors And How to Handle Them. GIGO There is a saying in computer science: “Garbage in, garbage out.” Is this true, or is it just an excuse for bad programming?
How to Design Error Steady Code Ivaylo Bratoev Telerik Corporation www.telerik.com.

How to Design Error Steady Code Ivaylo Bratoev Telerik Corporation
Introduction to Exception Handling and Defensive Programming.

Introduction to Exception Handling and Defensive Programming.
Defensive Programming, Assertions and Exceptions Designing Fault-Resistant Code SoftUni Team Technical Trainers Software University

Defensive Programming, Assertions and Exceptions Designing Fault-Resistant Code SoftUni Team Technical Trainers Software University
Defensive Programming, Assertions and Exceptions Designing Error Steady Code SoftUni Team Technical Trainers Software University

Defensive Programming, Assertions and Exceptions Designing Error Steady Code SoftUni Team Technical Trainers Software University
CSE 332: C++ Statements C++ Statements In C++ statements are basic units of execution –Each ends with ; (can use expressions to compute values) –Statements.

CSE 332: C++ Statements C++ Statements In C++ statements are basic units of execution –Each ends with ; (can use expressions to compute values) –Statements.

Similar presentations

Ads by Google