View
215
Download
0
Category
Preview:
Citation preview
C++Test from Parasoft
Unit-Test & Code-Compliance
By: Ori Arad
2/43
C++Test - General
� Static Code-Review
� Unit-Test Generator
� Coverage Analysis
3/43
C++Test - Resources
� Herb Sutter, Andrei Alexandrescu, "C++ Coding Standards," Addison-Wesley
� Scott Meyers – ECPP & MECPP
� Ellemtel Coding Standards (1990)
� MISRA-C 2004, MISRA-C++ 2008
� Motorola Coding Standards
� Meyers-Klaus Rules
� JSF Coding Standards (2005)
4/43
Rules Categories
� Coding Convention Rules
� Comments Rules
� Exceptions Rules
� Formatting Rules
� Initialization Rules
� Metrics Rules
� MISRA 2004 Rules
� Memory and Resource Management Rules
� Naming Convention Rules
� OOP Rules
� Optimization Rules
� Portability Rules
� Possible Bugs Rules
� Physical File Org. Rules
� Qt Best Practices Rules
� Security Rules
� STL Best-Practices Rules
� Templates Rules
� Bug Detective (*)
5/43
Coding Conventions
� For example:
� Magic numbers
� Default in Switch-case
� Const � non-const conversion
6/43
Coding Conventions
� Always provide a default branch for switch statements
� [preferred – throw an exception… or Error msg]
switch (EMyEnum)
{
case VALUE_1:
// bla bla
break;
case VALUE_2:
// yada yada
break;
}
switch (EMyEnum)
{
case VALUE_1:
// bla bla
break;
case VALUE_2:
// yada yada
break;
}
7/43
Coding Conventions
� Will the if’s body be executed?...
� Use only Boolean expressions in ifs…
int i = 1;
int j = 2;
if (i = j) {
……
}
int i = 1;
int j = 2;
if (i = j) {
……
}
8/43
Coding Conventions
� One more…
� Will the if’s body be executed?...
int small = 20000;
int big = small * 2; // 40000
if (small < big) {
……
}
int small = 20000;
int big = small * 2; // 40000
if (small < big) {
……
}
9/43
Coding Conventions
� Q: Will the if’s body be executed?...
� A: Depends… /-:
� Rule: Use: UINT8, INT16, UINT32 etc…
int small = 20000;
int big = small * 2; // 40000 or -25536?
if (small < big) {
……
}
int small = 20000;
int big = small * 2; // 40000 or -25536?
if (small < big) {
……
}
10/43
Coding ConventionsWrong…
void foo()
{
int array[2];
*(array+1) = 0; // Violation
*array = 0; // Violation
}
Right…
void foo()
{
int array[2];
array[1] = 0; // OK
}
Wrong…
void foo()
{
int array[2];
*(array+1) = 0; // Violation
*array = 0; // Violation
}
Right…
void foo()
{
int array[2];
array[1] = 0; // OK
}
Array elements shall
be accessed by the
array operator
11/43
Coding Conventions C++
� (not OOP – mostly syntax)
� Declare reference parameters as const references whenever possible
� Constructors allowing for conversion should be made explicit
� CPP casts instead of C-Cast
12/43
CPP casts instead of C-Cast
� Hard to find in code.
� (int)i Vs. static_cast<int>(i)
� Constness…
� const_cast<…>(…)
� Ugly?... Good… (-:
13/43
Coding Conventions C++
class CLocation {
public:
CLocation(double lat = 0.0, double long = 0.0);
double m_lat;
double m_long;
// more methods and other declarations…
class CLocation {
public:
CLocation(double lat = 0.0, double long = 0.0);
double m_lat;
double m_long;
// more methods and other declarations…
14/43
Coding Conventions C++
foo.cpp
CLocation.h
CLocation(double lat = 0.0, double long = 0.0);
double m_lat; double m_long;
CLocation(double lat = 0.0, double long = 0.0);
double m_lat; double m_long;
explicit CLocation(double lat = 0.0, double long = 0.0);explicit CLocation(double lat = 0.0, double long = 0.0);
CLocation myLoc;
myLoc.m_lat = 2.0;
myLoc = 3.0; // Oops… should be: myLoc.m_long = 3.0;
CLocation myLoc;
myLoc.m_lat = 2.0;
myLoc = 3.0; // Oops… should be: myLoc.m_long = 3.0;
15/43
More…
� Exception rules� Not from DTOR… (prevent stack unwinding)
� Initialization rules� Globals, static, member in CTOR etc
� Memory and Resource management� Delete (e.g. new in C’tor, no delte in D’tor)� Copy CTOR and operator=� Memcpy for copy vars… etc
� Preprocessor Rules� Macros, #define…
16/43
Initialization rules
� Popular problem… hard to detect:
� Debug-version OK, release – fails
� PC - OK, target – fails
� Lab – OK, Customer – fails…
� January – OK, February – fails
� Stack-variables… (no auto initialization)
� Static initialization order fiasco
17/43
Metrics
� Public methods per class
� Lines per file
� Cyclomatic Complexity
� Deep nesting
� Comments to code ratio…
18/43
More (2)…
� Formatting
� Spacing, {}, tabs, indentation etc.
� Naming Conventions
� MY_CONST, myFunction, myVar
� Comments rules
� // instead of /* */
� Comment every file, every method etc.
19/43
OOP Rules
� Multiple inheritance (diamond inheritance)
� Avoid calling virtual-methods/global-data from CTOR/DTOR
� Avoid public data members
� Avoid down-casting
� If a class has virtual functions it shall have a virtual destructor
20/43
Optimization Rules
� Unused variables
� Pass object by reference instead of by-value
� ++i instead of i++
21/43
Optimization Rules
class A
{ // Violation
char c1;
int i1;
short s;
int i2;
char c2;
};
class A
{ // OK
int i1;
int i2;
short s;
char c1;
char c2;
};
22/43
Portability Rules
� The type char shall always be declared as unsigned char or signed char
� Casting int to pointer and vice-versa
� Casting long to int and vice-versa
23/43
Possible Bugs Rules
� Don't treat arrays polymorphically
� Avoid assigning out-of-range value to char type
� TInt8 i1 = 150;
� TUInt16 i2 = -30;
� Don’t return a reference to local vars
24/43
Physical file Organization Rules
� Use multiple include guards
� #ifndef FILENAME_H #define FILENAME_H // code #endif
� An include file should not contain more than one class definition
25/43
Security Rules
� Use of printf, scanf, get() etc.
� getenv(),
� strncpy(), strcmp(), strlen() etc.
� Thread-safe, buffer-overrun etc.
26/43
Rules Categories
� Coding Convention Rules� Comments Rules� Exceptions Rules� Formatting Rules� Initialization Rules� Metrics Rules� MISRA 2004 Rules� Memory and Resource Management Rules
� Naming Convention Rules
� OOP Rules� Optimization Rules� Portability Rules� Possible Bugs Rules� Physical File Org. Rules
� Qt Best Practices Rules� Security Rules� STL Best-Practices Rules� Templates Rules� Bug Detective (*)
27/43
Disadvantages…
� Slow…
� Compilation-Unit limitation.
� Not Open-Source
� No “Quick-Fix”
� Not certified
� Expensive…
28/43
Bug Detective
� Resource Leaks –� Allocation misuse of memory, pipes, file descriptors, and other system resources.
� Bugs –� Runtime errors such as division by zero, array bounding and indexing flaws, NULL pointer dereferencing, and data initialization errors.
� Security Vulnerabilities –� Detect read, write or indexing of potentially tainted data.
29/43
Bug Detective (cont.)
1 void example(int src[100], int dest[100])
2 {
3 int size;
4 scanf("%d", &size);
5 memcpy(dest, src, size); // VIOLATION ("size"
is an arbitrary value possibly < 0 or > 100)
6 }
1 void example(int src[100], int dest[100])
2 {
3 int size;
4 scanf("%d", &size);
5 memcpy(dest, src, size); // VIOLATION ("size"
is an arbitrary value possibly < 0 or > 100)
6 }
� Buffer Overflow Security example
30/43
Bug Detective (cont.)
1 int main(int argc, char* argv[])
2 {
3 Point* point = 0;
4 if (argc > 3) {
5 point = new Point(atoi(argv[1]), atoi(argv[2]));
6 }
7 point->reflectAcrossX();
8
9 return 0;
10 }
1 int main(int argc, char* argv[])
2 {
3 Point* point = 0;
4 if (argc > 3) {
5 point = new Point(atoi(argv[1]), atoi(argv[2]));
6 }
7 point->reflectAcrossX();
8
9 return 0;
10 }
� Dereferencing a NULL Pointer
31/43
C++Test Plug-in to VS8
32/43
C++Test Plug-in to VS8 (cont)
33/43
RuleWizard
34/43
Rule-Wizard
� Basic – Regular-Expressions
� Semantic rules
� Python scripts
35/43
Popular bugs in code…
� Initialization
� Buffer-overruns
� Casting
� signed-unsigned
� Implicit/explicit
� Const to non-const
36/43
Unit-Tests
� Automatic Unit-Test Generation
� CppUnit compatible
� Stub, harnesses/drivers generating…
� Test-Cases
� Automatic execution and collect the results
� Coverage Analysis
37/43
Coverage
38/43
Coverage
� Function coverage –
� Has each function in the program been executed?
� Statement coverage –
� Has each line of the source code been executed?
� Decision coverage (also known as Branch coverage) –
� Has each control structure (such as an if statement) evaluated both to true and false?
39/43
Coverage
� Condition coverage –
� Has each Boolean sub-expression evaluated both to true and false (this does not necessarily imply decision coverage)?
� Path coverage –
� Has every possible route through a given part of the code been executed?
� Entry/exit coverage –
� Has every possible call and return of the function been executed?
40/43
More Features
� Various Operating-Systems
� Windows, Linux, VxWorks, Integrity and more
� Various compilers
� Team work
� Code-Review
� Rule and Configuration sharing
� Synchronized with Source-Control tool
41/43
Other Tools in Market
� QAC
� Lint
� LDRA� PolySpace
� C++Test� Klocwork
42/43
Questions?...
DEMO…
Recommended