• Keine Ergebnisse gefunden

Defensive Programming

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2022

Aktie "Defensive Programming"

Copied!
23
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 23 Seite )

Volltext

(1)

Defensive Programming

Defensive Programming

Nikolaus Embgen

(2)

Topics

1. Motivation 2. The concept

3. What can we do?

4. How to use this?

5. What else can we do?

6. The conclusion

(3)

Motivation

•Protection from invalid input

•Checking for buggy code

•Error prevention

•Crash prevention

(4)

The concept

Derived from defensive driving:

•Don‘t trust people

•Don‘t assume ability

•„Keep your guard up“

(5)

The concept

Conveyed to computer science:

Don‘t trust foreign sources

Don‘t assume ability of flawless code

(6)

What can we do?

(7)

What can we do?

•Assert conditions

•Handle errors

•Build something correct

•Build something robust

(8)

Assertions

•Primarily for preventable errors

•Checkpoints inside the program

•Usually preconditions and postconditions are asserted

��������������  !=0: Variable is unexpectedly equal ¿ 0 ;

(9)

Pre- and Postconditions

Function A Precondition

s Function B Postconditio

ns

(10)

Error handling

•Primarily for unpreventable errors

•Designed to handle errors gracefully

•Don‘t make errors easily dismissable for yourself

E.g. missing files, corrupted files, invalid input characters

(11)

Assertions vs Error Handling

•Assertions make your program correct

•Error handling makes it robust

(12)

How do we use this?

(13)

Correctness

•The program is optimized to weed out wrong outputs

•Wrong output is considered a critical failure

(14)

Robustness

•Makes the program very stable

•Keeps user annoyance to a minimum

•Wrong output is not very severe

(15)

Correctness vs. Robustness

•Correctness: Safety critical applications need to be correct (e.g X-Ray)

•Robustness: Reliability critical applications (e.g. Mediaplayer)

(16)

What else can we do?

(17)

Containment

•Partition your code into zones

•Build validation doors

•Create „dirty“ and „safe“ zones

(18)

Containment

Foreign file

(Dirty zone) Validity Check

Input can be considered

safe

(Safe zone)

(19)

Exceptions

•Function „throws up its hands“

•Use where necessary, not everywhere

•Don‘t call exceptions in Constructors and Destructors

(20)

Conclusion

•Assert your mistakes and handle foreign mistakes

•Choose correctness OR robustness

•Also keep security in mind

(21)

What to watch out for

•Don‘t check every thing: fat and slow

•Added complexity (especially with exceptions)

•Defensive code is not immune to errors

(22)

Let defensive programming make

your life easier not harder.

(23)

Thank you for your

attention!

Referenzen

Jetzt herunterladen ( PPTX - 23 Seite - 137.75 KB )

ÄHNLICHE DOKUMENTE

Defensive Programming

Regardless of what method or form of defensive programming you choose for your code, beware of making your program transparent through error messages.. Hackers can use error messages

Soil erosion assessment in alpine grasslands using fallout radionuclides: critical points, solutions and applications

Based on the comparison between the soils FRN depth profile at the reference site and the total FRN inventory at the sampling site, MODERN returns soil erosion and deposition rates

Lightweight contracts for safety-critical automotive systems

The overall task described by the system requirement is decomposed into sub-tasks annotated to the components (e.g. “Switch off power-stage when motor current gets higher than x

Sequential constructiveness, sccharts for safety-critical applications

[vHDM + 14] Reinhard von Hanxleden, Bj¨orn Duderstadt, Christian Motika, Steven Smyth, Michael Mendler, Joaqu´ın Aguado, Stephen Mercer, and Owen O’Brien. SCCha- rts:

Applications of Bilinear Programming

This approach applies to the general L stage assignment problem as long as the inter-stage dependence is Markovian, i.e., if the outcome of a particular assignment at stage t

Reliability Assessment for Cloud Applications

Based on the above research questions, the goals of this thesis are as follows: 1) to design a model of cloud applications and assess the reliability of cloud applications

We Need to be Honest

The results show that with regard to the overall carbon footprint we need to focus on an intelligent mix of powertrains that meets indi- vidual requirements and includes

Applications of matching theory in constraint programming

The weighted alternating breadth-first search algorithm can also be viewed as a method which successively looks for lightest alternating cycles and paths with respect to a