-
提高测试范围判定准确度思路__之建立故障、bug与文件函数的雷区地图
2010-02-24 19:29:40
0 采用代码分析工具理顺代码逻辑:如java 用codelogic, c++用codeviz/ algoview。门槛相对比较低。
1 使用标准格式,跟踪svn change反映解决或者新引入的bug id。
A 内部研发的平台提交代码时,记录jira需求id、bug id和对应的代码文件:函数
B svn ci 时,comment包含必要的信息,如bug id、request view 信息
获取到文件或者函数的bug密度。
2 qc 增加字段标识bug对应的文件名:函数, 增加svn 变更号查看代码快照,以便后续分析。
3定期自动化分析qc及svn数据,形成易错函数列表以及模块bug密度; 应用emma度量覆盖数据,确保易错函数被执行
5 综合如上信息维护一张高风险的函数列表、高bug密度文件表,持续扩大雷区.
目前,据了解淘宝广告、google都在应用
-
代码可测性度量工具Testability explorer
2010-01-20 21:58:07
可测性维度包括架构设计、代码2个层面。
架构层面拟从2个角度出发积累 1) 将日常qa碰到可测性及架构建议沉淀下来 2)和架构师探讨sei atam 架构评审方法
代码层面可测性可单独用testability explorer度量,也可使用hudson上testability explorer插件度量。
Google内部广泛使用的testability explorer静态分析java bytecode并按规则计算类的可测性分数,将类划分为优秀、可容忍、需要调整3个等级,默认分数分别为<=50,<=100; >100(见CommandLineConfig.java)。
Testability explorer逐行递归分析判断是否不可注入、全局变量,如果是则分值加1,直到递归深度达到Depth。本质上,testability explorer驱动研发养成符合依赖注入风格的编码习惯。Google内部也组合testability explorer等多个工具一起提升代码质量。
可测性判断用途:
1) 加入到持续集成hudson/continuum内,成为进度度量指示器
2) 研发根据可测性判断是否需要重构
更多参考:http://misko.hevery.com/2008/07/30/top-10-things-which-make-your-code-hard-to-test/
http://misko.hevery.com/category/testability/
可测性和代码高效间需要做平衡,可测性不能做:
1) need work 的类就直接让研发重构代码
2) 直接找bug
很多的事实证明,测试领域没有银弹。测试需要借助工具在合适场合辅助提高测试效率,最核心的还是人的判断力。
部署编译
确认机器已经搭建好maven2的环境。
设置环境变量(本机eclipse路径,更多看http://code.google.com/p/testability-explorer/wiki/HowToContribute):
ECLIPSE_LAUNCHER_JAR=D:\eclipse-java-ganymede-SR1-win32\plugins\org.eclipse.osgi_
(否则提示错误:
Caused by: D:\project\google_testability_explorer\eclipse-plugin\build.xml:13: Java returned: 1
at org.apache.tools.ant.taskdefs.Java.execute(Java.java:108)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288))取出源代码:svn checkout http://testability-explorer.googlecode.com/svn/trunk/ testability-explorer
cd testability-explorer
执行安装部署:mvn install
调整被测工程的pom.xml
在project节内加入:
<reporting>
<plugins>
<plugin>
<groupId>com.google.testability-explorer</groupId>
<artifactId>maven-testability-plugin</artifactId>
<version>
</plugin>
</plugins>
</reporting>
具体的版本号根据:D:\project\google_testability_explorer\maven-testability-plugin\target生成的jar定。
在 C:\Documents and Settings\jianzhao.liangjz\.m2\repository\com\google\testability-explorer\maven-testability-plugin\
从D:\project\google_testability_explorer\maven-testability-plugin\src\main\java\com\google\maven\TestabilityExplorerMojo.java 找到目标testability。
执行maven目标分析代码可测性
D:\project\morgan\trunk\member.service.china> mvn clean install
D:\project\morgan\trunk\member.service.china>mvn com.google.testability-explorer:maven-testability-plugin:
或者看: http://code.google.com/p/testability-explorer/wiki/HowToMakeARelease
在顶级工程上执行上述命令也可,但是site目录会仅生成在各个子工程目录下。
结果如下:
Issues that cause the most untestable classes
Cost: 6,376
Class com.alibaba.china.biz.dal.EncryptPtp is hard to test because:
It is expensive to construct an instance of the class, and every test will need to call a constructor.
These static initializers will need to be run once, when the class is loaded. Why is it bad?
On line 30,
static void generateCipher(String) is declared
contributing 20% of total class cost
Instead of initializing this state statically, try initializing a fresh copy in each instance. Creating new objects in Java is cheap, and this static state can't be cleaned up between tests.
Cost: 6,254
Class com.alibaba.china.biz.common.security.BlowfishEncrypter is hard to test because:
It is expensive to construct an instance of the class, and every test will need to call a constructor.
These static initializers will need to be run once, when the class is loaded. Why is it bad?
On line 29,
static BlowfishEncrypter() is declared
contributing 20% of total class cost
Instead of initializing this state statically, try initializing a fresh copy in each instance. Creating new objects in Java is cheap, and this static state can't be cleaned up between tests.
Cost: 4,982
Class com.alibaba.china.member.internal.security.Authentication is hard to test because:
It is expensive to construct an instance of the class, and every test will need to call a constructor
-
2010所关注领域
2009-12-31 23:22:37
2009很快从指缝溜走,2010拟在业余时间重点关注以下领域。
一 互联网产品生命周期管理
二 软件架构设计评审方法论及原则
如sei atam,kiss,dry等
三 代码静态分析技术,如java pathfinder;以及软件度量实施,如testability explorer;及findbugs扩展
四 java/linux c++开源测试框架及工具,重点:性能,自动化,profile...。参见sourceforge.net,infoq.com/cn
五 大型互联网公司敏捷实践及测试实践
六 了解互联网技术架构及核心原理,如google 工具,memcached,mysql,apache开源框架及性能优化
大方向是不断影响软件工程上游质量,在测试准入准出环节做适当的权衡取舍,数字化方式展现整体研发和测试效率,在高附加值环节突出贡献提升影响力。
可参考:http://www.51testing.com/index.php?uid-13997-action-viewspace-itemid-193779
http://www.51testing.com/index.php?uid-13997-action-viewspace-itemid-173035
http://www.51testing.com/?uid-170805-action-viewspace-itemid-99226
-
内存调试库-ElectricFence
2009-12-14 20:13:49
参考 http://mylxiaoyi.javaeye.com/blog/383918
原理
采用Linux的虚拟内存机制来保护malloc与free所使用的内存,这个哨兵页在越界读写时直接core dump。
试验环境:
[liangjz@b2b_plat_1367 ~]$ uname -a
Linux b2b_plat_1367
[liangjz@b2b_plat_1367 ~]$ gcc -v
下载:
http://perens.com/FreeSoftware/ElectricFence/
安装部署
make &&make install 。 安装过程的waring可以暂不理会。
试验过程
[liangjz@b2b_plat_1367 ~]$ cat efence.c
#include <stdio.h>
#include <stdlib.h>
int main()
{
char *ptr = (char *) malloc(1024);
ptr[0] = 0;
/* Now write beyond the block */
ptr[1024] = 0;
exit(0);
}
确认可以打开core dump.
[liangjz@b2b_plat_1367 ~]$ ulimit -a
core file size (blocks, -c) unlimited
[liangjz@b2b_plat_1367 ~]$ gcc -g -o efence efence.c -lefence -lpthread
/usr/lib/libefence.a(page.o)(.text+0x29): In function `stringErrorReport':
/home/liangjz/electric-fence-
/usr/lib/libefence.a(page.o)(.text+0x19):/home/liangjz/electric-fence-
[liangjz@b2b_plat_1367 ~]$ ./efence
Electric Fence 2.1 Copyright (C) 1987-1998 Bruce Perens.
¶Î´íÎó (core dumped)
[liangjz@b2b_plat_1367 ~]$ gdb efence core.4
core.4588 core.4594 core.4606 core.4618
[liangjz@b2b_plat_1367 ~]$ gdb efence core.4618
GNU gdb Red Hat Linux (
Core was generated by `./efence'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /lib/libcwait.so
Loaded symbols for /lib/i686/libpthread.so.0
Loaded symbols for /lib/i686/libc.so.6
Loaded symbols for /lib/ld-linux.so.2
#0 0x080488d
9 ptr[1024] = 0;
-
建立低成本的代码质量度量体系
2009-12-11 18:19:36
拟把静态分析数据、可测性度量数据、依赖关系、代码复杂度等维度捏合成一个指标,冒烟测试前扫描完成。以后每次产品测试准入时不断提高指标值。
同时把项目完成后把每千行代码发现的缺陷个数及严重等级、生产环境上发现的故障分,甚至单元测试代码覆盖率、项目持续集成成功率等数据捏合成一个指标。
针对测试准入时度量系数,java工程已有部份开源工具:
1)静态分析:findbugs
2) 可测性度量:testability explorer
3) 依赖关系:jdepend
4) 代码复杂度:javancss
5) 代码行统计:sloccount
6)代码覆盖率:emma/cobertura
linux c++工程相应开源工具:
1) 静态分析:cppcheck
2) 代码复杂度:cccc
3) 代码行统计:sloccount
4) 代码覆盖率:gcov/lcov
但上述工具输出并不一致,为了获得一个更有价值的指标,需要对工具做二次开发。
对于项目测试完成后的几个指标,每千行代码发现缺陷、生产环境故障分可手工录入,单元测试代码覆盖率及持续集成数据可考虑用自动化方式录入。
以上2个指标整合入现有web平台形成portal 以观察代码质量指标变化趋势。
-
C++代码度量工具-cccc
2009-12-09 00:27:53
软件度量多个指标依赖于代码行统计,如每千行代码发现bug等,所以代码行是一个基础数据。
Cccc 开源工具, 从http://cccc.sourceforge.net/ 下载,支持linux ,win
在linux 上执行./build_posixgcc.sh && make install 部署cccc.
[liangjz@b2b_plat_1367 src]$ cccc --help
Usage:
cccc [options] file1.c ...
Process files listed on command line.
If the filenames include '-', read a list of files from standard input.
Command Line Options: (default arguments/behaviour specified in braces)
--help * generate this help message
--outdir=<dname> * directory for generated files {.cccc}
--html_outfile=<fname> * name of main HTML report {<outdir>/cccc.html}
--xml_outfile=<fname> * name of main XML report {<outdir>/cccc.xml}
--db_infile=<fname> * preload internal database from named file
{empty file}
--db_outfile=<fname> * save internal database to file {<outdir>/cccc.db}
--opt_infile=<fname> * load options from named file {hard coded, see below}
--opt_outfile=<fname> * save options to named file {<outdir>/cccc.opt}
--lang=<string> * use language specified for files specified
after this option (c,c++,ada,java, no default)
--report_mask=<hex> * control report content
--debug_mask=<hex> * control debug output content
(refer to ccccmain.cc for mask values)
Refer to ccccmain.cc for usage of --report_mask and --debug_mask.
Refer to cccc_opt.cc for hard coded default option values, including default
extension/language mapping and metric treatment thresholds.
Cccc不能对一个目录下的文件做递归式的扫描。
[liangjz@b2b_plat_1367 client]$ cccc *.*
...
Primary HTML output is in .cccc/cccc.html
Detailed HTML reports on modules and source are in .cccc
Primary XML output is in .cccc/cccc.xml
Detailed XML reports on modules are in .cccc
Database dump is in .cccc/cccc.db
[liangjz@b2b_plat_1367 .cccc]$ ll .cccc
可以看到生成的文件不同于源代码类。
将结果都下载都本地可看到
Procedural Metrics,Object Oriented Design,Structural Metrics Summary 等不同维度的数据。
Html 格式的报告有很好的注释,黄色的可能需要再深入分析。
CCCC度量数据可结合测试风险完善测试计划。
-
c/c++代码静态扫描安全编程工具flawfinder
2009-12-01 20:10:31
http://sourceforge.net/projects/flawfinder/
是一个用python编写的检查c/c++源代码的潜在安全编程风险,基于安全编程模式匹配。
工作原理参考: http://www.dwheeler.com/flawfinder/ How does Flawfinder Work? 章。
Linux 环境python2.5 上对 linux c++工程上试验。
1 设置环境变量
export PATH=$PATH:~/flawfinder-1.27/
2
[liangjz@b2b_plat_1367 hummock_trunk]$ flawfinder --minlevel=4 --html --followdotdir . > flawfinder.html
3 报告(摘录部份)
Flawfinder Results
Here are the security scan results from Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160
Examining ./src/common/Application.hpp
./src/common/Utility.c:255: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach.
./src/common/Utility.c:413: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach.
./src/client/Client.cpp:117: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused).
./src/client/mod_hummock.c:11: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf.
./src/common/Output.cpp:44: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
./src/common/Output.hpp:33: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
./src/common/ProcessHandler.cpp:209: [4] (shell) execv: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
./src/server/AreaConf.hpp:393: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate. Use a constant for the format specification.
/src/server/Calc.cpp:265: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused).
./src/server/Hummock.cpp:113: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused).
Hits = 31
Lines analyzed =
Physical Source Lines of Code (SLOC) = 16115
Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 29 [5] 2
Hits@level+ = [0+] 31 [1+] 31 [2+] 31 [3+] 31 [4+] 31 [5+] 2
Hits/KSLOC@level+ = [0+] 1.92367 [1+] 1.92367 [2+] 1.92367 [3+] 1.92367 [4+] 1.92367 [5+] 0.124108
Minimum risk level = 4
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
含意是
Hits表示找到31个潜在的攻击
Hits@level 是各个级别找到的攻击个数
Hits@level+是各个级别或者以上找到的攻击个数
Minimum risk level 风险起点
-
google开源工具列表(与测试相关)
2009-11-26 00:15:25
google公司对开源社区贡献了蛮多好用的工具,另外google code上也有一些不错的工程。
部份工具我们已经在应用或者试用。简单梳理下。
Java静态分析可测性工具 http://code.google.com/p/testability-explorer/
profile工具 google-perftools
http://code.google.com/p/google-perftools/
http://code.google.com/p/gperftools-httpd/
Google c++ test 框架 http://code.google.com/p/googletest/wiki/GoogleTestSamples
Google mock 框架 http://code.google.com/p/googlemock/downloads/list
c 语言单元测试框架 http://code.google.com/p/cmockery/
web安全审计工具 http://code.google.com/p/ratproxy/
代码规范 http://code.google.com/p/google-styleguide/
Firefox firebug页面速度测试插件 http://code.google.com/p/page-speed/
Google Singleton Detector http://code.google.com/p/google-singleton-detector/
Selective testing tool for Java
http://code.google.com/p/google-testar/
http://code.google.com/p/google-coredumper/
fuzzing http://code.google.com/p/bunny-the-fuzzer/
http://code.google.com/p/stressapptest/wiki/Introduction
http://code.google.com/p/google-collections/
http://code.google.com/p/powermock/
protobuf网络数据传输格式http://code.google.com/p/protobuf/
http://googletesting.blogspot.com/
http://googleonlinesecurity.blogspot.com
-
Findbugs和parasoft jtest8.4试验对比
2009-11-21 00:11:09
Findbugs是著名的开源java 静态代码分析工具,基于bytecode扫描,具备数据流分析能力.操作很简单,可以下载单独的swing图形化工具也可下载eclipse 插件运行. 原理请参考A Comparison of Bug Finding Tools for Java
也发现jtest存在几个还可改良的点
1) 可能为空值的对象传参入 jdk 原生的函数时,也提示Avoid NullPointerException. 如hashset.add(obj)
2) 对于一些非直接判断空值,存在误报. 如
Static final <I,O> List <O> map( List <? Extends O> iList)
{
…
Validate.notnull(iList);
ListIterator <? Extends I> iter=iList.listIterator;
}
初步了解到要在扫描前定制如上2规则有难度.也期待有jtest使用经验的朋友说说jtest能带来的独到价值及其他商业工具的价值
-
linux 多线程误用memory leak 检测
2009-11-17 00:24:36
linux多线程代码memory leak ,采用cpplint及cppcheck均无法静态分析到. 样例程序:
[liangjz@b2b_plat_1367 ~]$ cat mythread.cpp
#include <pthread.h>
#include <stdio.h>
#include <unistd.h>
void *testthread(void * arg)
{
printf("I am working.\n");
char *szP=NULL;
szP=new char[1024*1024*100];
delete []szP;
printf("I am stopping.\n");
//pthread_detach(pthread_self());
//or
//pthread_exit(0);
}
int main(int argc,char *argv[])
{
int i=0;
pthread_t pid;
char *szP=NULL;
while(i<1000){
i++;
pthread_create(&pid,NULL,testthread,&i);
printf("ok%d,pid=%d\n",i,pid);
sleep(5);
}
}
编译及链接
[liangjz@b2b_plat_1367 ~]$ g++ -g -o mythread mythread.cpp -lpthread
运行
[liangjz@b2b_plat_1367 ~]$./mythread
…
terminate called after throwing an instance of 'std::bad_alloc'
what(): St9bad_alloc
运行最后结果是分配内存失败. 在执行过程vmstat 输出也看到有si/so频繁发生, 确实是有内存泄露发生.
Root cause 分析见http://hong106525654.blog.163.com/blog/static/60218882006102222658633/.
规避便是将 pthread_detach(pthread_self()); 注释去掉.
如朋友知道哪款工具可以静态分析到如上的错误,呵呵,请不吝指教J
-
静态代码分析工具Cppcheck实践
2009-11-10 21:26:01
Cppcheck是一款开源c++静态代码分析工具,在检测源码时可根据规则就能挖掘出疑似缺陷, 帮开源项目发现的bug有:
http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Found_bugs
功能比较强大, 使用很简单
下载安装cppcheck:
http://sourceforge.net/projects/cppcheck/files/
root安装
make & make install
试验环境
在32位linux , gcc 版本为
[liangjz@b2b_plat_1367 ~]$ cppcheck hummock
cppcheck: /usr/lib/libstdc++.so.6: version `GLIBCXX_
转移到如下环境:
[root@b2b_plat_1363 ~]# uname -a
Linux b2b_plat_1363
[root@b2b_plat_1363 ~]# gcc --version
gcc (GCC) 3.4.6 20060404 (Red Hat
可正常运行.
工程实践
cppcheck扫描3个工程发现的潜在问题,并抽部份简单解析,确认有几个bug
388 CDirectoryScan::~CDirectoryScan ()
389 {
390 if(m_findHandle != INVALID_HANDLE_VALUE) {
391 FindClose(m_findHandle);
393 }
394
395 if (m_pSearch != NULL) {
396 delete(m_pSearch);
}
}
402 void CDirectoryScan::generateSearchPath(void)
403 {
402 void CDirectoryScan::generateSearchPath(void)
403 {
generateSearchPath 函数m_pSearch 是new数组, 析构函数为 delete(m_pSearch),
可判断为缺陷.
二
39 bool CMasterHA::amIMaster()
40 {
41 char cmd[255];
42 sprintf(cmd, "/sbin/ifconfig | grep %s", m_serviceIP);
43 FILE *fp = popen(cmd, "r");
44 if (fp != NULL)
45 {
46 int len = fread(cmd, 1, 255, fp);
47 fclose(fp);
48 if (len == 0)
49 return false;
50 if (strstr(cmd, m_serviceIP) != NULL)
51 return true;
52 }
53 return false;
54 }
可看到fp是popen打开,但是关闭并不是采用pclose.
-
开源多语言代码分析插件框架YASCA
2009-11-09 00:53:34
参考http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
本质上yasca是一个开源静态代码分析工具插件框架, 集成流行的多语言静态分析工具如findbugs/pmd/jlint/rats/cppcheck, 由于插件本身多样故可支持java ,c++等语言静态分析.
从 http://sourceforge.net/projects/yasca/files/ 下载yasca-2.1.zip以及其插件的压缩包.
解压yasca-2.1.zip放到 D:\tools\yasca-2.1, 各个插件解压到当前目录. 更详细的目录布局可见D:\tools\yasca-2.1\install.txt文件.
执行yasca自带的样例输出非php文件level=1的报告
D:\tools\yasca-2.1>yasca -i php -l 1 resources/test/
Yasca 2.1 - http://www.yasca.org/ - Michael V. Scovetta
Commercial support is now available for Yasca. Contact scovetta@users.sourceforge.net for more information.
Initializing components...
Using Static Analyzers located at [d:\tools\yasca-2.1\]
Starting scan. This may take a few minutes to complete...
Forking external process (antiC)...
External process completed...
Plugin "ClamAV" not installed. Download it at yasca.org.
Plugin "cppcheck" not installed. Download it at yasca.org.
Forking external process (FindBugs)...
External process completed...
Forking external process (FxCop)...
[E_WARNING] [ D:\tools\yasca-2.1\plugins\FxCop.php:68 ] DOMDocument::loadXML(): Start tag expected, '<' not fo
und in Entity, line: 1
FxCop did not return a valid XML document. Ignoring.
Plugin "javascriptlint" not installed. Download it at yasca.org.
Forking external process (JLint)...
External process completed...
Forking external process (PMD) for ./plugins/default/pmd/yasca-rules.xml...
External process completed...
Forking external process (PMD) for ./plugins/default/pmd/yasca.xml...
External process completed...
Forking external process (RATS)...
[E_WARNING] [ D:\tools\yasca-2.1\plugins\Rats.php:51 ] DOMDocument::loadXML(): Empty string supplied as input
RATS did not return a valid XML document. Ignoring.
Creating report...
Results have been written to C:\DOCUME~1\JIANZH~1.LIA\LOCALS~1\Temp\Yasca-Report-20091108110623.html
以上可以看到采用JLint,PMD,RATS分析代码. 比较遗憾rats出现windows异常.
检查结果可看到检测到SQL Injection, Cross-Site Scripting, Code Quality: Functions, Authentication价值较高的建议
-
Google的c++代码规则检查及静态分析工具Cpplint
2009-11-07 09:09:38
参考 http://blog.oolanguage.com/erpingwu/google-style-guide-%E4%B9%8B-cpplint/
下载 http://google-styleguide.googlecode.com/svn/trunk/cpplint/ cpplint.py
[liangjz@b2b_plat_1367 erosa_cap]$ python ~/cpplint.py --filter=
可以查看到filter的内容.
以下采用cpplint忽略空格,可读性,legal方面的规则扫描工程代码(结果有删节).输出结果上有较多的建设性建议. 具体含义可看: http://www.cppblog.com/Fox/category/6273.html?Show=All
[liangjz@b2b_plat_1367 erosa_cap]$ python ~/cpplint.py --filter=-whitespace,-readability,-legal *.*
.
CapNetManager.cpp:2: Include the directory when naming .h files [build/include] [4]
CapNetManager.cpp:54: Use int16/int64/etc, rather than the C type short [runtime/int] [4]
CapNetManager.h:1: #ifndef header guard has wrong style, please use: EROSA_EROSA_CAP_CAPNETMANAGER_H_ [build/header_guard] [5]
CapNetManager.h:41: #endif line should be "#endif // EROSA_EROSA_CAP_CAPNETMANAGER_H_" [build/header_guard] [5]
CapNetManager.h:15: Do not use namespace using-directives. Use using-declarations instead. [build/namespaces] [5]
Erosa_cap.cpp:4: Found C system header after C++ system header. Should be: Erosa_cap.h, c system, c++ system, other. [build/include_order] [4]
Erosa_cap.cpp:265: If you can, use sizeof(szTmp) instead of 128 as the 2nd arg to snprintf. [runtime/printf] [3]
Erosa_cap.cpp:262: Add #include <string> for string [build/include_what_you_use] [4]
Parse.cpp:58: Use int16/int64/etc, rather than the C type short [runtime/int] [4]
Parse.cpp:2241: Is this a non-const reference? If so, make const or use a pointer. [runtime/references] [2]
Parse.cpp:451: Add #include <algorithm> for min [build/include_what_you_use] [4]
Parse.h:7: Do not use namespace using-directives. Use using-declarations instead. [build/namespaces] [5]
RedoFileScan.cpp:238: Almost always, snprintf is better than strcat [runtime/printf] [4]
RedoFileScan.cpp:387: sscanf can be ok, but is slow and can overflow buffers. [runtime/printf] [1]
RedoManager.cpp:231: Consider using localtime_r(...) instead of localtime(...) for improved thread safety. [runtime/threadsafe_fn] [2]
…
Total errors found: 230
-
Linux Cpu 及内存基准测试工具 ubench
2009-11-05 21:19:54
从http://www.phystech.com/?/download/下载ubench.
安装部署
./configure
Make; Make install
在
cpubench.c: In function 'cpuload':
cpubench.c:93: error: 'CLK_TCK' undeclared (first use in this function)
cpubench.c:93: error: (Each undeclared identifier is reported only once
cpubench.c:93: error: for each function it appears in.)
cpubench.c: In function 'cpubench':参考
http://www.extmail.org/forum/thread-7882-1-4.html打patch,编译成功.
在运行时,可以用top /vmstat/iostat检查负载情况.当做cpu 基准测试时,每一颗cpu usr%高达99%;运行内存基准测试时,system%偏高.
综上可以看到ubench支持多core CPU.
硬件环境
CPU: 8*model name : Intel(R) Xeon(R) CPU E5410 @ 2.33GHz
stepping : 6
cpu MHz : 2327.508
cache size : 6144 KB
内存: MemTotal: 3670016 kB
的HVMdomU
运行结果如下:
[root@rhel53-64-5410-v1 ubench-0.32]# ./ubench
Unix Benchmark Utility v.0.3
Copyright (C) July, 1999 PhysTech, Inc.
Author: Sergei Viznyuk <sv@phystech.com>
http://www.phystech.com/download/ubench.html
Linux
Ubench CPU: 2575372
Ubench MEM: 496375
--------------------
Ubench AVG: 1535873
在硬件环境如下:
model name :8* Intel(R) Xeon(R) CPU E5410 @ 2.33GHz
stepping : 10
cpu MHz : 2327.610
cache size : 6144 KB
MemTotal: 4144696 Kb 的PowerEdge 1950
运行结果如下:
[liangjz@b2b_plat_1367 ubench-0.32]$ ./ubench
Unix Benchmark Utility v.0.3
Copyright (C) July, 1999 PhysTech, Inc.
Author: Sergei Viznyuk <sv@phystech.com>
http://www.phystech.com/download/ubench.html
Linux
Ubench CPU: 1900088
Ubench MEM: 615346
--------------------
Ubench AVG: 1257717
-
国内测试专业blog(部份),欢迎一起完善
2009-10-29 01:40:15
偶对平常访问较多or有意思的专业测试blog做一个简单的分类,或许有错,也肯定有很多遗漏.呵呵,欢迎大家一起完善,给大家提供一些便利.
Webx朱少民—质量管理
陈绍英--- 性能测试
http://blog.csdn.net/chenshaoying段念---性能测试:
http://www.guanhe.cn/
http://guanhe.cnblogs.com/深圳oracle 朱波 –oracle测试,性能/自动化测试
http://www.rickyzhu.com/陈雷-- 性能,管理 :
http://jackei.cnblogs.com/柳胜(性能+自动化):
http://www.cesoo.com/
http://blog.csdn.net/namesliu/category/236043.aspx文斯(白盒):
http://blog.csdn.net/vincetest/
http://blog.csdn.net/wayne_chan/category/241332.aspx微软余正洋:
http://blog.csdn.net/rogeryu/jack-测试架构:
http://www.51testing.com/?uid-293557广东赛宝陈能技-自动化:
http://blog.csdn.net/Testing_is_believing刘艳会—c++工具:
http://www.51testing.com/?uid-10851于涌—性能测试:
http://tester2test.cnblogs.com/深圳金蝶杨学明:
http://mikeyond.cnblogs.com/秋阳-综合:
http://www.cnitblog.com/qiuyangzh/category/375.html
阳光:
http://blog.csdn.net/Test_sunny微软李和恒:
http://blog.csdn.net/papercrane
微软安全测试:
http://blog.csdn.net/goldcattle/楷子狐:
http://hi.baidu.com/higkoozee ---性能测试:
http://www.7dtest.com/
http://blog.csdn.net/zeeslo
http://blog.csdn.net/zeeslo/category/215291.aspx
盛大龚X—性能测试:
http://blog.csdn.net/jacky8024
http://blog.csai.cn/user1/37626/index.html成都四方辛凯:
http://blog.csdn.net/nilxin/category/144266.aspx安全测试:
http://www.51testing.com/?uid/5994351testing云层—性能测试
http://www.51testing.com/?uid-104
崔启亮---本地化:
http://blog.csdn.net/giltworld/mayingbao—测试管理:
http://mayingbao.cnblogs.com/贺炘:
http://blog.csdn.net/hxcat小布播客---性能:
http://wilson66.cublog.cn/
阿里云刘新宇:
http://blog.csdn.net/omomo/
阿里巴巴 SQA :
http://hi.baidu.com/jacob/blog/index/0阿里巴巴QA:
http://www.51testing.com/index.php?uid-159438
阿里云陈洪:
http://hi.csdn.net/linkyou淘宝QA:
http://www.51testing.com/?uid-84753阿里之家:
http://fafeng.blogbus.com/
陈卫俊:
http://www.51testing.com/?uid/553451testing朴春龙---LR:
http://blog.csdn.net/piaocl宋峰---QTP自动化:
http://www.51testing.com/?uid-35-action-spacelist-type-blog苏州风过无息---QTP自动化:
http://www.51testing.com/?uid-3528 -
java监控工具
2009-10-23 23:40:40
以下基于jdk5+版本,大部分工具都可同时支持linux/windows
一sun 公司自带工具
jstat
jconsole
jmap
jstack
jinfo另外有:
The Java Heap Analysis Tool
jvisulavm (http://java.sun.com/javase/6/docs/technotes/tools/share/jvisualvm.html)二 特定JVM厂家的产品包
bea jRockit
ibm公司有自主研发的diagnostics tools三 第三方公司profile工具
jprofiler
Borland Optimizeit Suite
yourkit可用于profile性能热点, 甚至检测thread deadlock
四 监控gc活动可用java参数 -Xloggc:<file>打印gc, gcviewer查看
也可用Visual Garbage Collection Monitoring Tool五 监控内存泄露
eclipse memory analyzer
六 thread dump
windows上: ctrl+break
linux : kill -3 java进程id甚至可简单用linux 命令strace,lstrace,pstack命令看进程情况
工具是辅助人的. 最大的难点在如何判断数据是否有性能问题及如何解决问题. 这块需要靠JVM知识和java性能优化知识积累了.
-
部署ajaxterm,web based远程操作linux
2009-10-22 23:08:25
下载部署:
http://antony.lesuisse.org/software/ajaxterm/
Wget http://antony.lesuisse.org/software/ajaxterm/files/ajaxterm-0.10.tar.gz
cd Ajaxterm-0.10./ajaxterm.py默认只能locahost 访问8022端口.
可以发起telnet localhost 8022 测试:
GET /ajaxterm/ HTTP/1.1下载apache httpd-安装激活mod_proxy../configure --prefix=/home/liangjz/apache2 --enable-so --enable-proxymake;make install修改conf/httpd.conf,加入:Listen 4080ProxyRequests Off<proxy *>Order allow,denyAllow from all</proxy>ProxyPass /ajaxterm/ http://localhost:8022/ProxyPassReverse /ajaxterm/ http://localhost:8022/再通过浏览器http://localhost:8022/ajaxterm/ 即可远程操作linux OS.
这种方式可绕过防火墙,也可实现web方式统一管理服务器.
-
进一步凸显测试工程师价值的一点思考
2009-10-01 10:59:58
测试团队发展到一定阶段,对目标有了更高追求,对于进一步彰显价值有了更迫切的愿望.
回头看看我们测试 可以做的输出
1) 产品road map建议
2) 具体某一个产品的需求评审
3) 架构评估与选型,设计评审建议
4) 代码code review
5) 单元与集成测试代码编写及review
6) 编写自动化框架及代码
7) 实施测试 (功能,性能,安全, api, 高可用性….)的输出, 如计划/方案/用例/报告
8) 系统性能优化
9) 生产环境性能数据闭环反馈指导性能建模
10) ...用代码覆盖率及漏测bug , 每千行代码发现bug,每人日完成的代码行,测试工具的效率提升数据等可量化指标, 加上项目组相对客观的评价,多维度展现测试的输出. 凸显价值可从上述输出及指标逆推.
只有全面提高研发和测试的技能,及职业化的做事方式方法才能更进一步提高价值.
-
分布式应用程序测试分析关键点
2009-09-15 01:11:56
大型分布式应用程序测试,可考虑从本机及跨网络实施测试分析.本机考虑测试点:
¡多网卡下获取ip¡¡Ipc 核对资源消耗¡异常信号处理¡多进程/线程死锁¡检测资源泄露 lsof¡应用日志,如access_log¡系统日志,如/var/log/message¡…分布式考虑的点:¡网络正常/异常. Ifconfig or iptables¡跨机型影响字节序, intel Little Endian ßà sun sparc, Big Endian¡跨机器位长 32bit ßà 64 bit, 影响字节对齐,如long及指针¡跨os: linux ->aix¡跨os 内核,如 linux2.6 ßà 2.4 高级特性不支持 -
wikipedia.org带来的测试解决方案
2009-09-15 01:03:14
长久浸泡在测试领域,了解到很多朋友可能只接触了测试领域冰山一角, 有很多的风光尚未领略.
在http://en.wikipedia.org/wiki/Software_testing提供了很多开源及商业的测试工具,大家选择合适工具去实践. 挑一些page link供大家参考. http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
http://en.wikipedia.org/wiki/Dynamic_program_analysis
http://en.wikipedia.org/wiki/Fuzz_testing
http://en.wikipedia.org/wiki/Benchmark_(computing)
http://en.wikipedia.org/wiki/Fault_injection
http://en.wikipedia.org/wiki/Acceptance_testing
可以考虑挑一些工具在某些项目试点,尤其是关键性系统. 一般而言,需要多个工具组合才构成整体解决方案
我的栏目
标题搜索
我的存档
数据统计
- 访问量: 391036
- 日志数: 186
- 图片数: 1
- 建立时间: 2007-03-16
- 更新时间: 2017-12-06
