1
Q
What is the definition of No Silver Bullet and what causes it?
A
- There is no single development in technology or management technique which by itself promises improvement in productivity, reliability or simplicity by 10fold
- Hardware progress is too fast
2
Q
Describe the Essence difficulties and give examples
A
- Inherent difficulties
- Includes complexity (computational), conformability (must follow certain rules), changeablity (software changes consistently), invisibility (abstract and conceptual)
3
Q
Describe the Accident difficulties and give examples
A
- Difficulties that arise but are not inherent
- Includes high-level languages, time-sharing, unified programming environments
4
Q
Give and describe 2 solutions to No Silver Bullet
A
- Buy vs build: buying existing sofwtares can help efficiency
- Requirments refinement and rapid prototyping: find what client exactly wants
- Growing and developing software instead of building: making systems runn them applying subprograms
5
Q
Give and explain the two main purposes of testing
A
- Verification: if the system was built right- conforms to spec against expected results
- Validation: whether we built the right system- whether it meets the user and stakeholder needs (requires contextual understanding)
6
Q
Give and explain the 4 levels of testing
A
- Unit testing: (Verification) isolates modules- does not mean complete correctness
- Integration testing: (Validation) examines how components interact and detects fault at boundaries
- System testing: treats program as black box and verifies the whole system against spec
- Type checking: static like MyPy detects type-related inconsistencies
7
Q
Describe and explain the principle needed to build effective test cases
A
- AAA principle
- Arrange: set up test conditions
- Act: execute behaivour under test
- Assert: compare outcomes to expected results
8
Q
Name and explain briefly 4 practical testing considerations
A
- Degenerate cases: can we test the full system?
- Stochastic systems: randomness complicates verification- may need pseudorandom
- Bizarre bugs: some bugs may depend on very specific/ unrealistic scenarios
- Stopping criteria: infinite inputs are impossible- decide risk
9
Q
Give and explain the 5 types of coverage
A
- Unit coverage: checks every function or component has at least one test
- Line coverage: ensures each executable line runs during testing
- Branch coverage: ensures every decision outcome is taken at least once
- Path coverage: extends to all possible execution paths
- Input coverage: focusses on variety and representiveness of input data
10
Q
Explain how input testing is done
A
- Inputs are grouped into equivalence partitions
- For each partition one representative value is tested
- Need to indentify conditions and boundaries to design partitions
11
Q
What 4 things do we need to consider for representative inputs
A
- Domain: type and range
- Distribution: which ones are most common
- Distinctiveness: can certain inputs trigger unique behaviour
- Riskiness: how likely in input is to cause a defect
12
Q
How does pyTest work?
A
- Single parameterised test
- Executes the same logic over multiple inputs and tests different values
- Verify the output remains correct
13
Q
Explain propety-based testing with Hypothesis
A
- Automatically generates inputs with domains
- Uncovers edge cases and checks certain properties hold
- Low reproducibility as uses different sample
14
Q
What 3 things should good test suites have?
A
- Unit, integration and system tests
- Manual and automatic input selection
- Boundary, typical and edge cases
15
Q
How is the mini-wc tested?
A
- Test plan must check its output matches official definitions
- Check empty files, newlines, tabs, spaces, unicode
- System tests verify counts, and unit tests confirm each function operates correctly
16
Q
What is the difference between quality assurance and quality control?
A
- Quality assurance is process-oriented: prevents defects
- Quality control is product-oriented: evaluates product to identfiy defects
17
Q
What does Novice Software Developers All Over Again talk about?
A
- 2 month case tudy on software developers in their first 6 months at Microsoft
- Educational pedagogy leaves them inadequately prepared for hierarchal software development jobs
18
Q
Explain Information Foraging Theory
A
- How people gather information based on a cost-benefit model
- How to hunt for information effectively
19
Q
How does Crowdsourced software engineering relate to IFT?
A
- We can use IFT to highlight principles for crowdsourced software engineering tools and processes
20
Q
What are the 5 functional qualities?
A
- Functionality
- Correctness
- Accuracy
- Adaptability
- Flexibility
21
Q
What are the 7 non-functional qualities?
A
- Efficiency
- Usability
- Reliability
- Integrity
- Robustness
- Testability
- Security
22
Q
What are the different modes for mini wc?
A
- -c: prints byte counts
- -m: prints character counts
- -l: prints newline counts
- -L: prints the word counts
- -w: prints the word counts
23
Q
What is functional equivalence?
A
- Two programs are functionally equivalent if they implement the exact same functionality
- Refers to input-output behaivour only and doesn’t care about internal structures or performances
24
Q
What is sufficiently functional equivalence?
A
- S1 is sufficiently functionally equivalent to S2 if F1 and F2 have enough overlap in Functionality
25
What are the 4 types of software transformation?
- Construction
- Debugging
- Refactoring
- Optimisation
26
# In system transformation:
What is construction of a software system?
- When the new function has **added or altered** functionality
- No functional equivalence
27
# In system transformation:
What is debugging of a software system?
- Repairing a system's functionality by removing bugs and making it correct
- **Sufficiently** functionally equivalent
28
# In system transformation:
What is refactoring of a software system?
- No change in external behaivour
- Improves readability, maintainability, testability and structure
- Must be **exactly functionally equivalent**
29
# In system transformation:
What is optimisation of a software system?
- Has **same functionality** but better non-functional properties
- Performance, memory usage and scalability
30
What are the 2 indicators of successful debugging and refactoring?
| In terms of functionality
- **Quality based**:
- Debugging: transformation with repaired functionality
- Refactoring: improved internal quality
- **Test based**:
- Debugging: new system passes a test it would have failed before
- Refactoring: same test results
31
What is a defect?
A defect is a software system where the level or quality is not sufficient
32
What are the 4 steps of quality assurance?
- **Prevention**
- **Appraisal**: detection, triaging
- **Internal rectificatio**n: mitigation before shipping
- **External rectification**: fixing after shipping
33
What are the 7 steps of debugging?
- Indication
- Stabilise (make bug repeatable)
- Isolate
- Explain
- Repair
- Test
- Post-fix checks
34
How can we describe the indication of a defect?
- A tangible record of a behaivour that contradicts functional spec in designated situation
35
What is code optimisation?
- The transformation of code into some sufficiently functionally equivalent code which has better resource utilisation
36
What is the difference between optimisation and tuning?
- **Optimisation** is general transformation
- **Tuning** is specific to application and environment (manual process such as more efficient instructions)
37
What 2 key properties does intellectual property have?
- **Alientation**: you can sell it
- **Exclusion**: you can keep people from using it
38
What is the difference between copyright and patents?
- Copyrights **control the expression of an idea** but patents **control the idea**
- Copyrights exist at **moment of tangible fixation** but patents exist using **liscence**
- Copyrights **limit derivate works** but patents **struggle to defend against them**
39
What is security and what can threat models determine?
- Security is protection against intentional damage
- Threat models determine **assumptions**, **actors** and **who can attack**
40
Which principle determined the expectations of secure systems?
- CIA principle:
- **Confidentiality**: attackers do not learn users secrets
- **Integrity**: attacker does not undetectably correup a systems function
- **Availability**: attacker does not keep system from being useful
41
What are security failures and vunerabilities?
- **Security failure**: scenario when software system does not achieve security objective
- **Vunerability**: underlying cause of security failure
42
What is the main source of security problems?
- Awareness of programmers
43
What is an implementation vunerability/ security bug?
- A bug that makes it possible for an attacker to violate a security objective
44
What are the 5 most common vunerabilities?
- **Memory corruption** (eg null ptr dereference, double free etc)
- **SQL injection** (when attackers interfere with db queries)
- **Cross-site scripting XSS** (injection of malicious scripts into trusted websites)
- **Denial of Service DoS** (makes machine or network resource unavailable to intended users)
- **Supply chain attacks** (uses third party services to gain access to target system or network)
45
What is the difference between static and dynamic analysis?
- **Static**: looking at code
- **Dynamic**: finding vunerabilities by running code
46
What is the difference between traditional testing and security testing?
- **Traditional testing**: checks functionalities of sensible inputs
- **Security testing**: requires looking for unwaned behaivour for uncommon inputs
47
What 2 things do we need to test a software system?
- **Test suite**: collection of input data
- **Test oracle**: decides if a test succeeded or led to an error
48
What is fuzzing?
- Generating random inputs to check whether an application crashes
## Footnote
Usually uses long inputs to try and trigger a buffer overflow
49
What are the advantages and disadvantages of fuzzing?
- **Advantages**: minimal effort and can quickly gives a good picture of robustness
- **Disadvantages**: won't find any bugs, might be hard to have good code coverage
50
What is black box fuzzing?
- Generating values based on input/output behaivour and not internal structures
51
What are 3 types of black box fuzzing?
- Random testing
- Grammar-based
- Mutation-based
52
What is white box fuzzing?
- Internal structure of program is analysed to assisst in generation of appropriate input values
53
What is dynamic symbolic execution?
- Main white-box fuzzing technique
- Executes program while tracking input constraints
- Builds path condition describing which inputs follow the current path
- Generates inputs that will take different paths
54
What is a package?
- A way to organise python code
- Common way to distribute python software
- Group several modules together
55
What are the 2 types of packages?
- Source distribution: contains only source code, user builds locally
- Binary distribution: source code and pre-compiled extensions
56
What are TOML files?
- Give information for project to be built
- Combined w front end to create back end
57
What is the difference between quality assurance and quality control?
- Quality assurance: **define processes** that will get quality product
- Quality control: **apply processes** to remove bad quality products
58
What is quality management?
- Ensures software is fit for its purpose
- Vital for long-lifetime products
59
What is the difference between product and process standards?
- **Product standards**: document and coding standards
- **Process standards**: good development practice and validation
60
What is technical debt?
- Choosing a design or construction that increases complexity, and is more costly in the long term
61
What are the 2 types of technical debt and why do they arise?
- Unintention: arise from people doing a poor job
- Intentional: optimising for the present rather than the future
Year 2
flashcards
Decks in class (7)
# Cards
