Reliable Programming
Software Quality
Talk draws heavily on textbook
Some quality attributes
- Reliability
- User Experience
- Maintainability
Some more
- Validity
- Transparency
- Size (smaller is better)
There are probably others
Reliability vs Security
Reliability: Resistance against mistakes and the unexpected
Security: Resistance against active attempts to exploit mistakes and create the unexpected
Security is much harder: will cover later
Secure programs tend to be reliable, but… may fail to avoid a security risk
Reliability vs Correctness
Reliability: Software will behave predictably
Correctness: Software will behave as specified and desired
Correctness is much harder
Correct programs are reliable
Three Techniques For More Reliable Software
"Fault avoidance"
Input validation
Failure Management
Fault Avoidance: Minimizing Complexity
Avoid premature optimization — do the simplest thing that "obviously" works
Use structured programming
- Eliminate copy-paste code
- Use generalized for loops
- Use built-in data structures; use best datatypes
Use named values (but book example is sketchy)
Fault Avoidance: Structural Complexity
- Functions should do exactly one thing
- Functions should never have side effects
- Avoid deep nesting
- Every class should have a single responsibility
- Minimize the depth of inheritance hierarchies
- Avoid multiple inheritance
- Avoid threads / parallelism unless absolutely necessary
Fault Avoidance: Data Complexity
- Define interfaces for all abstractions
- Define abstract data types
- Avoid using floating point numbers (?)
- Never use data aliases
Input Validation
- Buffer / capacity overflows
- Whitelist / blacklist
- Regexes for strings
- Check numeric ranges
Failure Management
Program crashes: Need to prevent if needed, mitigate effects
Data corruption: Need to catch early, losing data often better than keeping corrupt data
Timing failures: Realtime is hard, avoid managing timing if possible, hard QA otherwise