Debugging is the stage in developing a computer program, during which errors are detected, localized, and eliminated. To understand where the error occurred, you have to:
- find out which path the program was running on.
- Find out the current values of variables;
Place Of Debugging In The Program Development Cycle
A typical development cycle, which repeats many times over the lifetime of a program, looks something like this:
- Reproducing the error – Finding out the conditions under which the error occurs. This can be challenging when concurrent programming processes and with some unusual errors known as Heisenbugs.
- Programming – introducing new functionality into the program, correcting existing errors.
- Testing – detection of the fact of an error.
Also, useful tools in the hands of a programmer may be:
- Disassemblers allow you to view the assembler code of an executable file.
- Hardware interface sniffers allow you to see the data exchanged between the system and the device.
- System logs.
- Sniffers will help track network traffic generated by the program.
- Profilers. They will allow you to determine how long a particular piece of code is being executed. Coverage analysis allows you to identify non-executable code sections.
- API loggers allow you to track the interaction between the program and the Windows API by writing Windows messages to the log.
Our personal choice is to try not to use debuggers other than to look at the call stack or the values of a couple of variables. One of the reasons for this is that it is very easy to get lost in the details of complex data structures and program execution paths. We consider stepping through a program. Less productive than reinforced thinking and code that tests itself at critical points.
Clicking on statements takes more time than looking through the messages of debug information placed at critical points. It is faster to decide where to put a debug statement than to step through critical code sections, even assuming we know where such sections are. More importantly, debug statements are saved in the program, and debugger sessions are carried over.
Blind wandering in the debugger is most likely counterproductive. It is more useful to use a debugger to figure out the state of the program in which it makes an error and then thinks about how that state could have arisen. Debuggers can be complex and confusing programs, especially for beginners, who find them more confusing than helpful … “
Instruments Tools That Reduce The Need For Debugging
Another direction is to make sure that debugging is needed as little as possible. To do this, apply:
Contract programming – for the programmer to confirm in another way that he needs exactly this program behavior at the output. In languages that do not have contract programming, self-checking of the program at key points is used.- Unit testing – checking the behavior of a program piece by piece.
- Extensive use of proven external libraries.
- High programming culture, in particular, design patterns, naming conventions, and transparent behavior of individual blocks of code – to declare to yourself and others how a particular function should behave.
- Static code analysis – checking the code for standard errors “inadvertently.”
Code security and debugging
The program code may contain so-called undocumented behavior – serious errors that do not appear during the normal course of program execution but are very dangerous for the entire system’s security in the event of a targeted attack. Most often, this is the result of programmer errors. The most famous examples are SQL injection and buffer overflows. In this case, the debugging task is:
- Identifying undocumented system behavior
- Eliminate unsafe code
There are such methods:
- Fuzzing. This is the process of feeding random or incorrect data to the program input and analyzing the program’s response.
- Static code analysis. In this phase, the scanner program searches for sequences in the source text that correspond to unsafe function calls. The program’s source code is scanned based on a special rule base that contains descriptions of unsafe code samples.
- Reverse engineering Reverse engineering. This case occurs when independent researchers are looking for vulnerabilities and undocumented program features.
