Quality Testing

Quality is delighting customers

<mock test doubt>Unreachable code would best be found using..?

29) Unreachable code would best be found using..?
a) code reviews
b) code inspections
c) a coverage tool
d) a test management tool
e) a static analysis tool

Views: 9078

Reply to This

Replies to This Discussion

I guess it should be Code Reviews.Below is explanation

 

As for as "Unreachable code is concerned,whcih the basic aim of

Review, and it is achieved by Code Reviews.
In case Reviews, code is reviewed to find,
a.Unreachable code
b.Memory leakages
c.Declared but unused variables and
d. Used but not deleted variables.
hope it will give enough idea,

@ Mohan, so according to you correct answer is option E. Can you provide some explanation or reference to your answer so it will be easy for us to understand. 

Typical defects discovered by static analysis tools include: •Referencing a variable with an undefined value •Inconsistent interface between modules and components
•Variables that are never used
•Unreachable (dead) code
•Programming standards violations
•Security vulnerabilities
•Syntax violations of code and software models


The answer is E.plz read the following topic

 

Types of Errors Static Analysis Tools Discover:


Security flaws

  • Buffer overruns - Buffer overruns occur when copying, moving, or concatenating information from one buffer to another. If the destination buffer is too small for the incoming data then an overrun will occur and unrelated bits of memory will become overwritten with bits of memory from the source buffer.
  • Access Problems – errors concerning accessing resources.
    • Least privileges – A process should always run with least privileges, this will ensure that if the code is exploited the undesirable code is given limited power.
    • Time of Check vs. Time of Use – Many system resources within a multi-user environment are used by many different processes and threads and therefore it cannot be assumed to be in the same state from the time of declaration to the time of use
  • Dangerous Functions – Some system functions may open your application to possible security flaws, these should be examined and replaced with more secure functions.
  • DACL Problems - A NULL DACL gives no protection and is a warning sign that an object being used by the application is not as secure as it should be. Other DACL problems may occur if a developer is not careful to use least privileges.
  • Encoding Problems - There are many different ways to represent a file, URL or device. A hacker may be able to gain access to a protected file by using alternate representations of the filename.
  • Exception Handling - If an exception handler is not present the application's exception can cause the application to terminate or to be left in an unpredictable state.
  • Format String Problems – Functions such as printf, scanf, sprintf and others may open an application up for problems in which user input is interpreted as the format string.
  • Input Validation - A hacker may be able to cause complete system compromise if improper input exposes a buffer overrun or format string bug.
  • Ignored Return Values - Ignoring return values can result in a variety of reliability and security bugs that can be quite hard to debug and reproduce.
  • Memory Leaks - Memory leaks are well known as the cause of reliability and robustness problems, but can also cause security bugs.
  • Package Insertion – Package insertion can allow un-trusted code to run in the context of a trusted Java application and may therefore spoof or otherwise attack the user.
  • SQL Injection - SQL injection is a technique used by hackers to probe databases, bypass authorization, execute multiple SQL statements and call built-in stored procedures.
  • Unchecked Value Used for Buffer Access – If the value of the buffer access is not checked an attacker may be able to use it to peek at arbitrary memory values.
  • Unchecked Value Used for Memory Allocation - If the size of a memory allocation can be controlled by data outside the running application process it is possible for an attacker to force a memory allocation bug.

Functional Flaws

  • Dependency walker - Reports missing libraries or other dependencies needed by the application.
  • Cyclomatic complexity – This metric can show how complex an application is, this may show where complex functional bugs may be hidden.
  • Coding standards – Coding standards help code to be easily updated and read by other developers.
  • Interdependency – Interdependency can show the relationship of how each source file is dependent on others.
  • Array out of bounds – If arrays are not properly checked they can cause both functional bugs and possible security bugs. Arbitrary memory locations may be read.
  • Uninitialized variables – Uninitialized variables can cause many problems within the application including crashing and unnoticed bugs that my surface later as intermittent instability or miscalculations.
  • Unused variables – Unused variables lessen the readability of the code and should be removed.
  • Dead code - Dead code is orphaned and unreachable so it remains untested throughout the product cycle.
  • Rounding errors – Rounding errors can cause mathematical errors as well as functional bugs resulting in crashes.

RSS

TTWT Magazine


Advertisement

Advertisement

Advertisement

Advertisement

© 2020   Created by Quality Testing.   Powered by

Badges  |  Report an Issue  |  Terms of Service