Team Unknown ]
Total Page:16
File Type:pdf, Size:1020Kb
[ Team Unknown ] Code Quality: The Open Source Perspective By Diomidis Spinellis ............................................... Publisher: Addison Wesley Professional Pub Date: April 03, 2006 Print ISBN-10: 0-321-16607-8 Print ISBN-13: 978-0-321-16607-4 Pages: 608 Slots: 2.0 Table of Contents | Index | Author Index Copyright Effective Software Development Series: Scott Meyers, Consulting Editor List of Tables List of Figures Foreword Preface Chapter 1. Introduction Section 1.1. Software Quality Section 1.2. How to Read This Book Further Reading Chapter 2. Reliability Section 2.1. Input Problems Section 2.2. Output Problems Section 2.3. Logic Problems Section 2.4. Computation Problems Section 2.5. Concurrency and Timing Problems Section 2.6. Interface Problems Section 2.7. Data-Handling Problems Section 2.8. Fault Tolerance Advice to Take Home Further Reading Chapter 3. Security Section 3.1. Vulnerable Code Section 3.2. The Buffer Overflow Section 3.3. Race Conditions Section 3.4. Problematic APIs Section 3.5. Untrusted Input Section 3.6. Result Verification Section 3.7. Data and Privilege Leakage Section 3.8. Trojan Horse Section 3.9. Tools Advice to Take Home Further Reading Chapter 4. Time Performance Section 4.1. Measurement Techniques Section 4.2. Algorithm Complexity Section 4.3. Stand-Alone Code Section 4.4. Interacting with the Operating System Section 4.5. Interacting with Peripherals Section 4.6. Involuntary Interactions Section 4.7. Caching Advice to Take Home Further Reading Chapter 5. Space Performance Section 5.1. Data Section 5.2. Memory Organization Section 5.3. Memory Hierarchies Section 5.4. The Process/Operating System Interface Section 5.5. Heap Memory Management Section 5.6. Stack Memory Management Section 5.7. Code Advice to Take Home Further Reading Chapter 6. Portability Section 6.1. Operating Systems Section 6.2. Hardware and Processor Architectures Section 6.3. Compilers and Language Extensions Section 6.4. Graphical User Interfaces Section 6.5. Internationalization and Localization Advice to Take Home Further Reading Chapter 7. Maintainability Section 7.1. Measuring Maintainability Section 7.2. Analyzability Section 7.3. Changeability Section 7.4. Stability Section 7.5. Testability Section 7.6. Effects of the Development Environment Advice to Take Home Further Reading Chapter 8. Floating-Point Arithmetic Section 8.1. Floating-Point Representation Section 8.2. Rounding Section 8.3. Overflow Section 8.4. Underflow Section 8.5. Cancellation Section 8.6. Absorption Section 8.7. Invalid Operations Advice to Take Home Further Reading Appendix A. Source Code Credits Bibliography Epigraph Credits Colophon Index Author Index [ Team Unknown ] Process Methodologies Software Engineering Software Engineering Diomidis Spinellis Addison Wesley Professional Code Quality: The Open Source Perspective Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests. For more information, please contact: U. S. Corporate and Government Sales (800) 382-3419 [email protected] For sales outside the U. S., please contact: International Sales [email protected] Visit us on the Web: www.awprofessional.com Library of Congress Cataloging-in-Publication Data Spinellis, Diomidis. Code quality : the open source perspective / Diomidis Spinellis. p. cm. Includes bibliographical references and index. ISBN 0-321-16607-8 (pbk. : alk. paper) 1. Computer software—Development. 2. Coding theory. 3. Open source software. I. Title. QA76.76.D47S692 2006 005.1—dc22 2006000985 Copyright © 2006 Pearson Education, Inc. All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, write to: Pearson Education, Inc. Rights and Contracts Department 75 Arlington Street, Suite 300 Boston, MA 02116 Fax: (617) 848-7047 Text printed in the United States on recycled paper at Courier in Stoughton, Massachusetts. First printing, March 2006 Dedication To my family [ Team Unknown ] Process Methodologies Software Engineering Software Engineering Diomidis Spinellis Addison Wesley Professional Code Quality: The Open Source Perspective Effective Software Development Series: Scott Meyers, Consulting Editor The Effective Software Development Series provides expert advice on all aspects of modern software development. Books in the series are well written, technically sound, of lasting value, and tractable length. Each describes the critical things the experts almost always do—or almost always avoid doing—to produce outstanding software. Scott Meyers (author of the Effective C++ books and CD) conceived of the series and acts as its consulting editor. Authors in the series work with Meyers and with Addison-Wesley Professional's editorial staff to create essential reading for software developers of every stripe. Titles in the Series Elliotte Rusty Harold, Effective XML: 50 Specific Ways to Improve Your XML 0321150406 Ted Neward, Effective Enterprise Java 0321130006 Diomidis Spinellis, Code Reading: The Open Source Perspective 0201799405 Diomidis Spinellis, Code Quality: The Open Source Perspective 0321166078 Bill Wagner, Effective C#: 50 Specific Ways to Improve Your C# 0321245660 [ Team Unknown ] Process Methodologies Software Engineering Software Engineering Diomidis Spinellis Addison Wesley Professional Code Quality: The Open Source Perspective List of Tables 2.1 Testing Extreme Conditions 28 2.2 Example Values for Testing an End-Exclusive Asymmetric Range 28 2.3 Ranges of Integer Quantities 49 2.4 Argument Type Checking at Different Stages of a Program's Lifetime 58 2.5 Enforcing a Class's Usage in C++ 68 3.1 A List of Open Network Ports on a Unix Server 105 3.2 A List of Open Network Ports on a Windows Workstation 106 3.3 The Stack During the ftpd Buffer Exploitation Attack 109 3.4 Unwinding the Stack (default case) 110 3.5 Unwinding the Stack During the Exploit 111 3.6 Unsafe C Functions and their Safer Alternatives 116 3.7 The Java 2 Platform SE 5.0 Permissions 142 4.1 Timing Profile Characterization, Diagnostic Tools, and Resolution Options 158 4.2 Overhead Introduced by Context Switching and Interprocess Communication 183 4.3 Overhead Introduced by Slower Peripherals 191 5.1 Representation of Primitive Types Under Different Architectures 210 5.2 Structure Element Alignment on the AMD64 Architecture 216 5.3 Memory Layout of a Small Program under Different Architectures and Operating 230 Systems 5.4 Successive Address Space Limitations and their Interim Solutions 237 5.5 Effects of Build Options on Program Size 280 6.1 Portability Issues Under Different Development Platforms 290 6.2 Java Platform Standard Character Encodings 312 6.3 Locale-Specific Fields 314 7.1 Maintenance Index Parameters 327 7.2 WebServerConnection Methods and the Fields They Use 340 7.3 Similar (Cohesive) and Dissimilar Methods in the WebServerConnection Class 341 7.4 Methods that Can Access a Class Member for Different Types of Access Control 421 8.1 Examples of the Different Rounding Modes 470 8.2 Key Properties of the Different Floating-Point Formats 473 8.3 Operations and Operands that Can Result in Exceptions 496 [ Team Unknown ] Process Methodologies Software Engineering Software Engineering Diomidis Spinellis Addison Wesley Professional Code Quality: The Open Source Perspective List of Figures [Pages xviii - xxii] 1.1 Examples of the various software quality views: in use, external, internal, process 3 1.2 Book map: elements of software quality 6 1.3 Conflicts between quality characteristics 8 1.4 Example of an annotated listing 10 1.5 UML-based diagram notation 12 2.1 Reflective implementation of toString, using annotations 23 2.2 Associating code with data, using the Strategy pattern 32 2.3 Establishing handlers through interface implementation 34 2.4 Explicit management of an object's private resource 36 2.5 Debugging code in the sendmail MTA daemon 38 2.6 Detecting null pointer references through static analysis 45 2.7 Managing the use of a resource with wait and notify 53 2.8 Use of the flawed double-checking locking pattern 54 2.9 The relationship between memory and resource leaks 65 2.10 Allocating and freeing file descriptors in the NetBSD kernel 66 2.11 Definition of a font's glyphs in automatically generated source code 70 2.12 Locations of global variable definitions (left) and references (right) in the NetBSD 72 source code 2.13 Use of types by the NetBSD kernel global variables 73 2.14 Encoding a string