Debug中的推理:假設,預測,試驗,觀察,結論
1.觀察錯誤
2.大膽假設
3.小心求證
4.假設成立則修正錯誤
假設推翻則重新假設
例如
1.如發現內存泄漏
2.假設A處創建的對象沒有釋放
3.屏蔽掉A處代碼,重新編譯,觀察內存使用情況
4.相同條件下內存已經不再泄漏了, 則添加代碼來釋放A處創建的對象
反之,相同條件下內存還再泄漏,則內存泄漏仍有其他原因,重新假設
(不排除A處有錯誤,只有還存在錯誤)
推理的四種方法
1.演繹(零運行過程)
2.觀察(一次運行過程)
3.歸納(多次運行過程)
4.試驗(多次可控制的運行過程)
假設的依據
1.問題描述
2.程序代碼
3.故障運行過程
4.參照運行過程
5.之前的假設
記錄每一個假設和每一次的試驗,防止遺忘,浪費精力做重復的事
在試驗時注意簡化,不一定要運行整個龐大的應用程序,針對自己的想法,
剝離出一小段代碼單獨運行,偽造假定的輸出,觀察是否有假定的輸出
How to debug a program
# Track the problem
# Reproduce the failure
# Automate and simplify
# Find infection origins
# Focus on likely origins
# Isolate the infection chain
# Correct the defect.
==Links==
*Why program fail
http://books.google.com/books?vid=ISBN1558608664&printsec=frontcover#PPR13,M1
==Summary==
Chp1 How Failure Comes to Be
In general, a failure comes about in the four stages discussed in the following.
1.The programmer creates a defect
2.The defect causes an infection.
3.The infection propagates.
4.The infection causes a failure
Notevery defect results in an infection, and not every infection resultsin a failure. Hence, having no failures does not imply having nodefects. This is the curse of testing, as pointed out by Dijkstra. Testing can only show the presence of defects, but never their absence.
indeed, debugging is largely a search problem.
Chp 2 Tracking Problems
one of the key issues of software configuration management: to be able to recreate any given configuration any time
To separate fixes and features, use a version control system to keep fixes in branches and features in the main trunk.
Unless you have a problem-tracking system that neatly integrates withyour test suite, I recommend keeping test outcomes separate fromproblem reports.
problem-trackingsystems “should be usedexclusively as a place to store feedback whenyou cannot immediately modify the code.” Otherwise, you should create areproducible test case.
Six Stages of Debugging:
1. That can’t happen.
2. That doesn’t happen on my machine.
3. That shouldn’t happen.
4. Why does that happen?
5. Oh, I see.
6. How did that ever work?
Chp 3 Making Program Fail
A program can be typically decomposed into three layers:presentation layer,functionality layer,unit layer
The rule of thumb for testing :the friendlier an interface is to humans, the less friendly it is to automated test.
the big advantage of testing at the functionality layers is that theresults can be easily accessed and evaluated.Of course, this requiresthe program with a clear separation between presentation andfunctionality.
Whereas units are amongthe eldest concepts of programming, the concept of automated testing atthe unit level has seen a burst of interest only in the last few years.
Overall, the general principle of breaking a dependence is known as the dependence inversion principle, which can be summarized as depending on abstractions rather on details.
Test early,Test first, Test often ,Test enough
developers are unsuited to testing their own code
Chp 4 Reproducing the problem
Regarding problem reproduction, data as stored in files and/or databases is seldom an issue.
To make the test reusable, one should at least aim to automate input at the higher level
STRACE basicallyworks by diverting the calls to the operating system to wrapperfunctions that log the incoming and outgoing data.On a Linux system,all system calls use one single functionality—a specific interruptroutine that transfers control from the program to the system kernel.STRACE diverts this interrupt routine to do the logging.
Nondeterminism introduced by thread or process schedules is among the worst problems to face in debugging.
Some languages are more prone to Heisenbugs effect than others (inparticular, languages, where undefined behavior is part of thesemantics, such as C and C++).
Executing on a virtual machine gives the best possibilities for recording and replaying interaction.
Chp 5 Simplifing problem
Oncewe have reproduce a problem, we must simplify it—that is, we must findout which circumstances are not relevant for the problem and can thusbe omitted.
Our aim is to find a minimal set of circumstances to minimize a failure-inducing configuration.
ddmin is an instance of delta debugging—a general approach to isolate failure causes by narrowing down differences (deltas) between runs.
Delta debugging again is an instance of adaptive testing—a series oftests in which each test depends on the results of earlier tests.
Chp 6 Scientic Debugging
Being explicit is an important means toward understanding the problem at hand, starting with the problem statement.
Just stating the problem in whateverway makes you rethink your assumptions—and often reveals the essential clues
to the solution.
The idea of algorithmic debugging (also called declarative debugging) is to have a tool that guides the user along the debugging process interactively.
algorithmic debugging works best for functional and logical programming languages
within each iteration of the scientific method we must come up with a new hypothesis. This is the creative part of debugging: thinking about the many ways a failure could have come to be.
Deductionis reasoning from the general to the particular. It lies at the core ofall reasoning techniques. In program analysis, deduction is used forreasoning from the program code (or other abstractions) to concrete runs
In this book, we call any technique static analysis if it infers findings without executing the program—that is, the technique is based on deduction alone. In contrast, dynamic analysis techniques use actual executions.
As Nethercote (2004) points out, this distinction of whether a programis executed or not may be misleading. In particular, this raises theissue of what exactly is meant by “execution.” Instead, he suggeststhat static techniques
predict approximations of a program’s future; dynamic analysis remembersapproximations of a program’s past. Because in debugging we aretypically concerned about the past, most interesting debuggingtechniques fall into
the “dynamic” categories.
Inductionis reasoning from the particular to the general. In program analysis,induction is used to summarize multiple program runs (e.g.,a test suiteor random testing) to some abstraction that holds for all consideredprogram runs.
Chp 8 Observing Facts
When observing state, do not interfere. Know what and when to observe, and proceed systematically.
The"do . . . while" loop makes the macro body a single statement, forhaving code such as "if (debug) LOG(var);" work the intended way.
Watchpoints areexpensive. Because the debugger must verify the value of the watchedexpression after each instruction, a watchpoint implies a switchbetween the debugged processes and the debugger process for eachinstruction step. This slows down program execution by a factor of1,000 or more.
Chp 9 Tracking Origins
A common issue with observation tools(such as debuggers) is that theyexecute the program forward in time, whereas the programmer must reasonbackward in time.
Rather than accessing the program while itis running, an omniscient debuggerfirst executes the program and records its. Once the run is complete,the omniscient debugger loads the recording and makes it available forobservation
On average, dynamic slices are far more precise than static slices.
Chp 10 Assesrting Expectations
The basic idea of assertions is to have the computer do the observation
Overall,few techniques are as helpful for debugging as assertions, and no other technique has as many additional benefits.
Using the GNU C runtime library (default on Linux systems), one canavoid common errors related to heap use simply by setting anenvironment variable called MALLOC_CHECK_.
VALGRINDis built around an interpreter for x86 machinecode instructions. Itinterprets the machine instructions of the program to be debugged, andkeeps track of the used memory in so-called shadow memory.
an assertion is not the best way of checking critical results, in that an assertion can be turned off
an assertion is not the right way to check external conditions.
the current trend in software development is to trade performance for runtime safety wherever possible.
Chp 11 Detecting anomalies
code that is executed only in failing runs is more likely to contain the defect than code that is always executed.
Anomalies are neither defects nor failure causes but can strongly correlate with either.