Huawei software programming specification Learning (9)-quality assurance

Huawei software programming specification Learning (9)-quality assurance

9-1: Build Software Quality in the software design process

9-2: Code Quality Assurance priority

(1) Correctness refers to the function that the program needs to implement the design requirements.

(2) stability and security means that the program is stable, reliable, and secure.

(3) testability means that the program should have good testability.

(4) specification/Readability: The program Writing Style and naming rules must comply with the specifications.

(5) global efficiency refers to the overall efficiency of the software system.

(6) Local Efficiency refers to the efficiency of a module, submodule, or function.

(7) personal expressions/personal convenience refer to personal programming habits.

9-3: only reference your own storage space

Note: If the module is encapsulated well, the space of others will not be illegally referenced.

9-4: Prevent reference of released memory space

Note: In the actual programming process, a memory block (such as the C language pointer) will be released in a module if you do not pay attention to it ), another module used it at a later time. This situation should be prevented.

9-5: Memory allocated in the process/function. It must be released before the process/function exits.

9-6: The file handle applied in the process/function (used to open the file), which must be closed before the process/function exits.

Note: It is a common error that the allocated memory is not released and the file handle is not closed. Such errors often cause serious consequences and are difficult to locate.

Example: The allocated memory is not released before the function exits.

Typedef unsigned char byte; int example_fun (byte gt_len, byte * gt_code) {byte * gt_buf; gt_buf = (byte *) malloc (max_gt_length );... // program code, include check gt_buf if or not null. /* Global title length error */If (gt_len> max_gt_length) {return gt_length_error; // forgot to release gt_buf }... // other program code}

It should be changed as follows.

Int example_fun (byte gt_len, byte * gt_code) {byte * gt_buf; gt_buf = (byte *) malloc (max_gt_length );... // program code, include check gt_buf if or not null. /* Global title length error */If (gt_len> max_gt_length) {free (gt_buf); // release gt_buf return gt_length_error before exiting ;}... // other program code}

9-7: prevent out-of-bounds memory operations

Note: Memory operations mainly refer to operations on arrays, pointers, and memory addresses. Out-of-band memory operations are one of the main errors in the software system, and the consequences are often very serious. Therefore, be careful when performing these operations.

Example: If a software system can be used by a maximum of 10 users and the user number is 1-10, the following program has problems.

#define MAX_USR_NUM 10unsigned char usr_login_flg[MAX_USR_NUM]= "";voidset_usr_login_flg( unsigned char usr_no ){    if(!usr_login_flg[usr_no])    {       usr_login_flg[usr_no]= TRUE;    }}

When usr_no is 10, usr_login_flg is used out of bounds. You can solve the problem as follows.

voidset_usr_login_flg( unsigned char usr_no ){    if(!usr_login_flg[usr_no - 1])    {       usr_login_flg[usr_no - 1]= TRUE;    }}

9-8: handle all kinds of errors encountered by the program

9-9: when the system is running, initialize the relevant variables and runtime environment to prevent uninitialized variables from being referenced.

9-10: check the consistency of the data loaded to the system at the beginning of the system operation.

Note: inconsistent data can easily bring the system into a chaotic and unknown state.

9-11: You are prohibited from arbitrarily changing the settings and configurations of other modules or systems.

Note: During programming, you cannot change settings related to modules that do not belong to you, such as constants and array sizes.

9-12: do not arbitrarily change the interface with other modules

9-13: Use the functions provided by the system after fully understanding the system interfaces

Example: in the module of B and the interface function of the operating system, there is an initialization process to be compiled by each module. After the software system is loaded, scheduled by the initialization message sent by the operating system. Therefore, it involves the initialization of the message type and the order of message sending, especially the message order. If you do not know the message order, you can start programming, which may cause serious consequences. The following example draws from the actual code that has appeared in type B, where fid_fetch_data and fid_initial are used to initialize the message type. Note that the system of type B sends fid_initial before fid_fetch_data.

Mid alarm_module_list [max_alarm_mid]; int farsys_alarm_proc (FID function_id, int handle) {_ UI I, j; Switch (function_id ){... // program code case fid_initail: for (I = 0; I <max_alarm_mid; I ++) {If (alarm_module_list [I] = bam_module //**) | (alarm_module_list [I] = local_module) {for (j = 0; j <alarm_class_sum; j ++) {far_malloc (...);}}}... // program code break; Case fid_fetch_data :... // program code get_alarm_module (); // initialize alarm_module_list break ;... // program code }}

Since fid_initial is executed before fid_fetch_data and alarm_module_list is initialized in fid_fetch_data, It is not initialized when the alarm_module_list variable is referenced in fid_initial. This is a serious error.

Correct the following: either put the get_alarm_module function before fid_initial (**), or consider whether the judgment statement at (**) can be used (without the alarm_module_list variable) other methods, or whether this judgment statement can be canceled.

9-14: Avoid 1 error during programming

Note: This type of error is generally caused by Miswriting "<=" as "<" or "> =" as ">" by mistake, in many cases, it is very serious, so be careful when programming. After the program is compiled, these operators should be thoroughly checked.

9-15: always pay attention to confusing operators. After the program is compiled, check the operators from the beginning to the end to prevent spelling errors.

Note: operators with similar forms are the most likely to cause misuse, for example, if the spelling of "=", "=", "|", "|", "&", and "&" in C/C ++ is incorrect, the compiler may not be able to check it out.

Example: write "&" as "&", or vice versa.

ret_flg = (pmsg->ret_flg & RETURN_MASK); 

Written:

ret_flg = (pmsg->ret_flg && RETURN_MASK);

rpt_flg = (VALID_TASK_NO( taskno ) && DATA_NOT_ZERO( stat_data ));

Written:

rpt_flg = (VALID_TASK_NO( taskno ) & DATA_NOT_ZERO( stat_data ));

9-16: if possible, add the else branch as much as possible. Be careful with the statements without the else branch. The switch statement must have the default branch.

9-17: in UNIX, the sub-thread in multiple threads Must exit actively, that is, the sub-thread should return to exit.

 9-18: do not abuse the GOTO statement.

Note: The GOTO statement will damage the structure of the program. Therefore, it is best not to use the GOTO statement unless necessary.

Others

9-1: Do not use statements that are closely related to hardware or operating systems, but use recommended standard statements to improve software portability and reusability.

9-2: Avoid using Embedded Assembly unless it meets SPECIAL REQUIREMENTS

Note: Embedded Assembly in the program generally has a great impact on portability.

9-3: carefully construct and drag sub-modules, and properly organize sub-modules according to the "interface" and "kernel, to improve the portability and reusability of the "kernel" part

Note: If the kernel of a module with the same functions of different products can be completely or basically the same, test and maintain the product, it will also be of great help for future product upgrades.

9-4: carefully construct algorithms and test their performance and efficiency

9-5: it is best to use other algorithms to confirm the key algorithms.

9-6: always pay attention to whether the expression will overflow or overflow

Example: The following program causes variable overflow.

Unsigned char size;

While (size --> = 0) // overflow will occur {.../program code}

When the size is equal to 0, the subtraction of 1 is not less than 0, but 0xff, so the program is an endless loop. The following changes should be made.

Char size; // change from unsigned char to charwhile (size --> = 0) {... // program code}

9-7: Pay attention to the boundary value when using a variable

Example: for example, in C language, the valid value range is-128 to 127. Therefore, the calculation of the following expressions is risky.

Char CHR = 127; int sum = 200; CHR + = 1; // 127 is the Boundary Value of CHR, and 1 will overflow the CHR to-128 instead of 128. Sum + = CHR; // The result of sum is not 328, but 72. If the CHR and sum are of the same type, or the expression is written as follows, it may be better. Sum = sum + CHR + 1;

9-8: Check whether the machine code size (such as the command space, data space, and stack space) of the program exceeds the system restrictions.

9-9: provides a good interface for users to fully understand the internal running status of the system and related system errors

9-10: the system should have a certain degree of fault tolerance capability, and can automatically remedy some error events (such as user misoperations)

9-11: some risky operation code (such as hard disk writing and data deletion) should be carefully considered to prevent the security of data and hardware, so as to improve the security of the system.

9-12: pay attention to the following points when using third-party software development kits or controls:

(1) fully understand the application interface, use environment, and precautions during use.

(2) do not trust its correctness too much.

(3) do not use unfamiliar third-party toolkit and controls unless necessary.

Note: Using toolkit and controls can speed up program development and save time, but you must have a good understanding of it before use. At the same time, third-party toolkit and controls may also have problems.

9-13: resource file (supported in multiple languages). If the resource is language-sensitive, the resource should be separated from the source code file. The specific methods are as follows: use a separate resource file, DLL file, or other separate description file (such as database format)