Page 52 - SOFTWARE TESTING & QUALITY ASSURANCE
P. 52
Unit 4: White Box Testing
The three reasons for adhering to standards and guidelines are:
1. Reliability: It has been observed that a code which is being written for a particular standard with
formal guidelines is more reliable and secure than the ones that are not.
2. Readability or Maintainability: Codes which have been written based on standards and
guidelines are easier to understand and maintain, when compared to the ones which are not.
3. Portability: Codes written by programmers must be portable enough to run on different
hardware and also different compilers. When standards and guidelines are followed, it becomes
easier for people to access the code. Sometimes, project requirements may demand to meet the
international standards and guidelines.
Hence, it is necessary to have a standard and set of guidelines for programming and ensuring
verification in a formal review. Improper usage of statements can result with lot of bugs in a system.
4.1.4 Code Review Checklist
Code reviews are performed in addition to the general process of comparing the code against the
standards and guidelines. This ensures that the design requirements of the software project are met. To
conduct code reviews in detail, some amount of programming experience is required. The following
example shows some of the code review questions.
Does the code do what it has been specified in the design specifications?
Does the software module have another similar existing module, so that it
could be reused?
Does the module have a single entry point and single exit point (As multiple
entry and exit points can be tedious to test)
We will now discuss the various errors that are discovered while testing. They are:
1. Data Reference Errors: Data reference errors relate to the errors which are caused due the usage
of variables, constants, arrays, strings, or records which are not properly declared or initialized to
use and refer them.
Some of the points which you need to remember while looking for data declaration errors are:
(a) Check if any un-initialized variables are referenced
(b) Check if the arrays and the string subscripts integer values are within the array’s bounds or
string dimension
(c) Check if there are any “off-by-one” errors in indexing operations or references to arrays
(d) Check if a variable is used where a constant would work better
(e) Check if a variable is assigned a value that’s of a different type than the variable
(f) Check if memory is allocated for referenced pointers
(g) Check if the data structures are referenced in different functions defined identically
Data reference errors are the primary cause for buffer overruns - the main bug
concerned with security issues.
Consider a scenario, where you have been assigned the task of checking the security of
logging into a Gmail account. Prepare a set of security code review questions for this
scenario.
LOVELY PROFESSIONAL UNIVERSITY 45
