INF 115 Final Review & INF 115 Midterm Review Questions With Correct Answers

fuzz testing - Answer a method of finding software holes by feeding purposely invalid data as input to a program (generally automated; finds many problems related to reliability; many of which are potential security holes) def-use pair coverage - Answer Def-use pair coverage requires executing all possible pairs of nodes where a variable is first defined and then used, without any intervening re-definitions When do quality activities happen in software development? How has our view of this changed over time? - Answer Quality activities (validation & verification) happen iteratively throughout the software development process over time, more regular and constant checks of the software were encouraged. for example, the trash waterfall model didn't really allow for quality activities throughout the process but only really the end. the opposite of this would be a processes like spiral and agile chaos monkey/simian army - Answer Netflix infrastructure testing system; "Malicious" programs randomly trample on components, network, datacenters, AWS instances; Force failure of components to make sure that the system architecture is resilient to unplanned/random outages. validation vs verification - Answer - Validation: "Are we building the right product?" - Verification: "Are we building the product right?" tip: a comes before e, validation comes before verification. you check to see if you're building the right product first, before checking if you're building the product right the big fixing cost ________ as the software is developed - Answer grows fault vs error vs failure - Answer - fault: static flaw in a program (a "bug") - error: a bad program state that results from a fault (not every fault produces an error) - failure: an observable incorrect behavior of a program a program as a result of an error (not every error ever becomes visible) static bug detection and advantages & disadvantages - Answer an approach for quality assurance advantages: - ez to do, can guarantee freedom from certain types of bugs (nullpointers, infinite loops, division by zero), no need for debugging disadvantages: - only works for certain types of bugs, not scalable, can generate false positives how to expose a fault with testing (remember: rip) - Answer - reachability: the test much *reach* the fault - infection: the fault must actually *corrupt* the program state and cause an error - propagation: the error must persist and cause an incorrect output (a failure) static bug detection: specifications - Answer needed for static bug detection; three main types - value: values of variables must satisfy a certain constraint; ex: Final Exam Score <= 100 http_sWith("http") - temporal: two events (or a series of events) must happen in a certain order; ex: lock() -> unlock() () -> () and () -> () - data flow: data from a certain source must / must not flow to a certain sink; mainly used for internet security; ex; ! Contact Info -> Internet Password -> encryption -> Internet differential testing - Answer comparing the output of the software with existing software with the same or similar functionality static analysis tool findbugs, how does it work - Answer Based on existing concrete code patterns Check code patterns locally: only do inner-procedure analysis Perform bug ranking according to the probability and potential severity of bugs (this solves issue of false positives!!) Probability: the bug is likely to be true Severity: the bug may cause severe consequence if not fixed test case - Answer One execution of the program, that may expose a bug debugging - Answer hella hard, can take up to like 50% of a software project's time, locating the fault is the most time-consuming part test suite - Answer a set of executions (test cases) of a program, grouped together software peer review - Answer one study shows that it had a 50% bug detection rate compared to other methods like unit testing, function testing, and integration testing