Soft audit Checklist・No21: In-house software design/implementation technology (2/2)
Introducing development technology, design and implementation items in the software development audit checklist
Software development auditing is an auditing method that Gutara’s father arbitrarily named to determine the capabilities of software development contractors. Overview of software development audit and pre-preparation of the audit at the time and the work of the audit on the day for, have been introduced in other articles. Also, please refer to another article for the points when using the audit checklist used in software development audits .
In the articles before and after this, following the previous article, I will introduce the rest of the check items related to the in-house software regarding the design and implementation in the checklist of development technology.
[Item number: IS-06]
Timers and counters are often used after being incremented or decremented. As a result of increment or decrement operation, when the maximum or minimum value that the timer or counter can hold is reached and further increment or decrement is performed, a roll-up phenomenon occurs in which the value of the timer or counter becomes zero .
Timers and counters often compare large and small values with some value, but if you do not write code so that the size comparison can maintain its original meaning even when it becomes zero due to rollup . At that point, the program behaves strangely. Therefore, pay attention to whether there is a software development mechanism that properly designs and implements such roll-up processing.
[Item number: IS-07]
For the roll-up process of timers and counters, it is important to check by testing as well as checking by design and implementation . The point is whether the software development mechanism incorporates confirmation that the rollup process is executed correctly by actually setting the values of the variables that make up the timer and counter to the values immediately before the rollup and executing the program. Please check carefully.
[Item number: IS-08]
Next to timers and counters, memory leaks have the highest risk of time bomb bugs . It was working without problems at startup, but the memory leak progressed little by little, and 10 months after startup, the free memory was exhausted and the system hung , which is a scary memory leak bug. By the way.
In-house testing makes it difficult to find potential bugs unless you are aware of memory leak conditions . It is the type of memory called dynamic memory that can be dynamically acquired and released that causes this memory leak, but first of all, whether such dynamic memory is managed as something that needs attention. Confirm that.
[Item number: IS-09]
If you’re using dynamic memory, it’s best not to have a memory leak, but unfortunately it 's hard to find all the memory leaks in advance . For example, if there is a memory leak in the code that is executed only when some error handling is executed, the problem can even be reproduced without a test to check for leaks while accelerating the error handling. can not.
Since it is difficult to find all memory leaks in this way, one countermeasure is to incorporate a process to detect a memory leak in the unlikely event that it occurs as a minimum countermeasure . We will pay attention to whether it is designed and implemented with such a thing in mind.
[Item number: IS-10]
If you detect that a memory leak is occurring in the dynamic memory, there are several countermeasures . The operation of the program is set to the degenerate operation mode and waits for operator intervention, or the system is restarted to solve the memory leak state, but in any case, the function originally provided by the software is temporarily interrupted. The impact is great because it becomes. Still, it’s a little better than a memory leak causing the system to hang and stop responding, so keep an eye out for such designs and implementations.
[Item number: IS-11]
Memory leaks are a fairly well-known problem in the software world, so many people in charge of design and implementation are also paying attention to them. By the way, is it only memory that leaks? In fact , if a resource is dynamically acquired and developed, and if the release process of that resource is omitted, a resource leak will occur there.
Specifically, sockets provided by the OS and table entries that can be registered; / deleted provided by application software are dynamic resources, so leaks can occur. Since there is a risk of leakage for such dynamic resources other than memory, make sure that they are managed as things that require attention, just like dynamic memory.
[Item number: IS-12]
For dynamic resources other than memory, a mechanism to detect when a resource leaks is effective as a countermeasure , just like memory . Carefully check whether such measures are being considered in design and implementation.
[Item number: IS-13]
As with memory, when dynamic resources other than memory are leaked and exhausted, it is often better to perform recovery processing and continue operation if possible, rather than hanging without doing anything. .. We will check whether such design and implementation are done, paying attention to the last point.
[Item number: IS-14]
In the case of software that operates in cooperation with other devices or other software functions, it is necessary to incorporate a timeout process to escape from waiting for a response from the other party if the cooperation process is not completed within a certain time. it is normal. In this timeout process, it is quite important how much extra time is factored in when setting the timeout time .
If the margin time is too long, the detection of the timeout will be delayed, and if it is too short, the timeout processing will run with a slight fluctuation in the processing time. If a certain standardized method is decided as to what kind of thinking and calculation method should be used to determine the time- out margin time , the same level of timeout processing can be created no matter who designs it. We will check whether such things are built into the development process.
[Item number: IS-15]
The timeout time until the timeout process is executed depends on the response time of the linked function, the processing time of itself, and the communication time for linking. Of these, your own processing time may change due to software changes such as adding functions or fixing bugs . In such a case, it is necessary to change the setting value of the timeout time according to the change of the processing time, but pay attention to whether such a confirmation mechanism is built in the development process. I will continue to do.
[Item number: IS-16]
Embedded software often uses state transition design . Since state transition design is a design method for designing problems with complicated control conditions as easily as possible, designing state transitions means that it is a difficult problem to control .
So in what cases is state design necessary? Anyone can design a state transition without hesitation if there are some criteria for judging how difficult it is to use the state transition design. We will check whether such a confirmation mechanism is built into the development process.
[Item number: IS-17]
In the design of state transitions, we proceed with the design using state transition diagrams and state transition tables , but if we are not accustomed to it, the design will not proceed well. In addition, other designers and development leaders review the design contents of the state transitions that the designers have considered, and confirm that there are no mistakes. In such a case, if the state transition design method is not unified, design omissions may occur, and the omissions and mistakes may be overlooked in the review.
In order to prevent such a thing from happening , it is effective to decide the method of designing and reviewing the state transition to some extent. We will check whether such things are built into the development process.
[Item number: IS-18]
The review is also important for the design of state transitions. In addition to the usual design review, it is necessary to review the design contents that are characteristic of the state design. We will check carefully what points should be noted when reviewing the state design, and whether such things are built into the development process. ..
There are some duplications in the contents of the check sheet, but don’t worry about it …
In an article up to this point, four of the check list ① to use in software development audit development process of the check list ② check list of required specifications of development technology ③ check list of test development technology ④ checklist of design and implementation of development technology order for I introduced it to you, but how was it?
Software development auditing is a task that Gutara’s father arbitrarily named, so I think there are some things that I don’t understand, but please think of it as such. In the limited time of 1 to 3 days, the work of roughly grasping the good or bad of the software development ability of the audited organization, identifying any improvement points and requesting improvement is done. It’s okay if you think that the worksheet for efficient progress is a checklist.
However, since there are a lot of items, it may be difficult to understand at first glance, but you don’t have to worry about it. I think it’s okay if you change it so that you can easily understand it. If this article is of any use to you, it is worth the effort as a Gutara father.