The Iterator Design Pattern

Today I learned more about the Iterator Design Pattern and how it specifically applies to Java. The reason for choosing this topic is that during my project and talking with others the Iterator has come up a number of times throughout this semester. Now, I already knew about the Iterator in Java from taking Data Structures, but I never realized it was a design pattern before this course. The Iterator is actually a Gang of Four design pattern and it is classified as a behavioral pattern with object as the scope (GoF 257). The article gives a short summary of the iterator pattern and the reason it is used in Java. It is basically a way of accessing elements in a collection in order without having to know about the internal representation of the structure, a nice way of using abstraction. The author then gives a nice simple example in Java of how to use the Iterator pattern to access a collection of elements. He does this by creating a basic shape POJO with an id int and String name and stores them in another class that is an array of shapes. He then creates an Iterator class that defines the next element and if there is another element after the current one. This may be my favorite design pattern I’ve seen yet. It is simple to implement, but yet effective at its purpose, especially the way this article showed its implementation. I really like that once you’ve created an iterator for a type, all you need to do is pass in a collection of elements to it in order to process it. When I was working on the backend for my project I realized the need for something like an Iterator, especially with all the endpoints that were looping through the whole database. I wish I had implemented this so that I did not have to keep rewriting conditions to check that the data wasn’t out of bounds. In the future when I create my own programs with collections of elements I will make sure to implement an Iterator so that I can easily cycle through the data without having to worry about how to do it or constantly bounds checking the collection.

Source: https://www.javacodegeeks.com/2015/09/iterator-design-pattern.html

From the blog CS@Worcester – Chris' Computer Science Blog by cradkowski and used with permission of the author. All other rights reserved by the author.

Spring Framework

When Spring came out, it was a simpler, a light-weight alternative to J2EE, to make J2EE development easier. Enterprise Java refers to Java enterprise software. It’s a computer software used to satisfy the needs of an organization rather than individual users. Examples can include: accounting software, billing Management, business process management, CMS, CRM, ERP, etc. … Continue reading Spring Framework

From the blog cs-wsu – Kristi Pina's Blog by kpina23 and used with permission of the author. All other rights reserved by the author.

Test Coverage

Raw Coverage vs. Meaningful Tests If you’re shooting for a high-coverage number at the expense of a solid, meaningful, clean test suite, you lose value. A well-maintained suite of tests gives you confidence in your code and is even the basis for quickly and safely refactoring. Noisy and/or meaningless tests mean that you can’t rely … Continue reading Test Coverage

From the blog cs-wsu – Kristi Pina's Blog by kpina23 and used with permission of the author. All other rights reserved by the author.

Mutation – Testing your tests

In this post I will be looking at mutation testing. This is aimed at people who are not familiar with mutation testing. I will give an introduction to what mutation testing is; show some examples of what it can do; consider its limitations and look at how mutation testing can be added to a Java … Continue reading Mutation – Testing your tests

From the blog cs-wsu – Kristi Pina's Blog by kpina23 and used with permission of the author. All other rights reserved by the author.

Angular vs. React

When Should You Use React? React shines when you have lots of dynamic content changing within the view. Most client-side solutions on the web today struggle with rendering large lists of items within a single view. This “struggle” may be on the order of milliseconds, but in this increasingly digital world, a half a second … Continue reading Angular vs. React

From the blog cs-wsu – Kristi Pina's Blog by kpina23 and used with permission of the author. All other rights reserved by the author.

Web Developer Roadmap

Anyone interested in getting into front- or backend development (or DevOps) should take a look at this learning roadmap from medium.com. It gives a complete chronological outline of what someone getting into these fields should be learning and how to connect them together. They lay out a path of topics to learn in order to build up a robust and marketable skill set for modern web development.

To me these step by step roadmaps are something I never realized I needed. I’ve always looked things up and learned new pieces of the web dev puzzle as I needed them, and never really had a direction to go in. There are holes in my abilities that I didn’t necessarily know were there, and areas I knew I was lacking in but never knew how to work my way into them. These roadmaps give me direction to fill in these gaps in my knowledge.

In addition to giving a step by step list of topics to learn and explore, many steps give the reader choices in what to learn. For example, for the backend developer roadmap, it starts the reader with picking a language to learn and gives examples of different scripting and functional languages to learn. For relational databases it recommends at least learning MySQL and PostgreSQL but gives additional options for someone looking to learn more in that area.

Instead of learning whatever I need for a project or picking up whatever is trendy at the moment, I have a list of things to learn that lead up to that topic and provide a better foundation of understanding to connect each topic together. Not only do these roadmaps give lists of topics to learn, but they offer some guidance on how to explore them and apply these newly learned skills, like contributing to open source projects in various capacities. I think I’m now able to better understand why each topic is important and how it connects to each other piece of the puzzle, and where to take my web development education given my current skills.

From the blog CS@Worcester – Adventures in Computer Science by zachstevens2808 and used with permission of the author. All other rights reserved by the author.

What’s the Buzz about Fuzz Testing?

Whenever I’m testing any of my programs that allow users to input data, I usually try to remember to enter invalid values to ensure that the program does not function when such values are put into the system. Then, in one of my lectures, we briefly covered fuzz testing, which does this process for you! So, I wanted to know more about it and why it is very important to include as part of testing. I found this information from the following tutorial: https://www.guru99.com/fuzz-testing.html.

Fuzz testing, or fuzzing, is used in the context of security testing, where loopholes or vulnerabilities are exposed. It can be a form of black-box testing, so that even without source code, the tester can still determine faults that come up.

The steps that fuzz testing takes to perform are as follows:

  1. Identify inputs taken by the system to be tested
  2. Generate random input or data
  3. Executing tests using this data
  4. Monitoring behavior of the system and its accompanying tests

There are multiple ways that fuzzed data can be created for use, including the 3 listed:

  • Mutation-based fuzzing – alters already-provided, valid data samples to create new test data
  • Generation-based fuzzing – creates new input data based on the type of input needed for the system
  • Protocol-based fuzzing – based on the protocol format specified by the program, invalid data or packets are sent to the program being tested

Through fuzz testing, several different kinds of bugs can be uncovered, which go beyond simply finding invalid input. Some bugs may severely affect the security of an application, like causing memory leaks. Other bugs, called correctness bugs, may come up, which are errors in the overall function of the program. Because it can become time-consuming to come up with many fuzzing inputs, there are various tools that automate and speed up this process.

Fuzz testing provides crucial advantages. It can expose serious security threats and holes in the program which may not have already been covered. If there are other, possibly less significant bugs in the program that may have been overlooked, fuzz testing is a great way to find these as well. However, while fuzz testing is incredibly useful, it cannot be used alone. Rather, it can be a supplement for other testing strategies that may be used to enhance security testing or discover other bugs. Fuzz testing only really looks for simple errors that may arise from invalid input, but there can easily be other, more complex bugs in the program as well.

This post concludes my blogging for the fall semester! Thanks for reading, and I’ll be back next semester!

 

From the blog CS@Worcester – Hi, I'm Kat. by Kat Law and used with permission of the author. All other rights reserved by the author.

Code “Smells” – They Stink!

This post will discuss more bad practices when coding that focus less on design patterns (post about anti-patterns here: https://kathleenmlaw.com/2018/12/03/some-software-development-anti-patterns/) but more so on problems in source code that may cause a bigger problem in the program, called code smells (reference found here: https://sourcemaking.com/refactoring/smells).

The most common code smells can be grouped into several categories. I have included 3 examples of each code smell that can arise, though there are other

  • Bloaters – code (like classes or methods) that grows so large that it is difficult to work with
    • Long methods – methods longer than 10 lines are probably too long
    • Primitive obsession – use of lots of primitives in code rather than creating smaller objects, or many different constants
    • Long parameter list – more than 3 or 4 parameters used when calling a method
  • Object-orientation abusers – code that incorrectly implements object-oriented concepts
    • Switch statements – switch statement has many cases, or conditional has multiple “if” branches in a row
    • Temporary field – only have a value when needed by objects in the program, and are otherwise empty
    • Alternative classes with different interfaces – two classes with the same function but only differ in method names
  • Change preventers – code that, when changed in one spot, requires change in other parts of the code as well
    • Divergent change – changing many methods that are unrelated when making change to a class
    • Shotgun surgery – when making any changes to code, the developer has to make many other modifications to different classes
    • Parallel inheritance hierarchies – when creating subclasses, the developer has to create subclasses for other classes at the same time
  • Dispensables – unnecessary code that would increase readability when removed from the program
    • Comments – when code is full of comments that it is difficult to even read the program
    • Lazy class – a class that doesn’t really have much function in the overall program
    • Data class – a class that only has fields and accessor/mutator methods and serves as a data collector for other classes to use
  • Coupling – code that contributes to coupling (where one section of code may depend heavily on another section, and changes in the former results in forced changes in the latter)
    • Feature envy – when a method accesses data of another object more than its own
    • Inappropriate intimacy – when one class uses internal fields of another class
    • Message chains – when one method calls another, which calls another….

 

I have absolutely made several of these mistakes in my programs, so I’ll be sure to keep a look-out when coding in the future.

 

From the blog CS@Worcester – Hi, I'm Kat. by Kat Law and used with permission of the author. All other rights reserved by the author.

What are Mutations, and How Do They Help Testing?

When I thought of the word “mutation,” I tend to think of it with negative connotation as something that changes internal structure and can potentially cause problems with the structure later on. However, in software testing, mutations have a positive function. This post will go over how mutation testing works, and some advantages and disadvantages of using it. My reference can be found here: https://www.guru99.com/mutation-testing.html. When going over mutation testing during lecture, I found the subject very interesting, and this website provided great further information about it.

Mutation testing takes a program and changes around various statements (introducing faults) in the source code, so that when running unit testing or other testing suites on the program, the tests written for the original program should fail, if they had already passed before. So, when the mutant program fails the test case, then the mutation is “killed.” If the mutant program still passes the test case, then the mutant “survives,” and the tests should be written differently so that they not only pass the code that is originally written, but they also fail other possible scenarios, whether or not those other scenarios were explicitly written in the program.

There are many different kinds of mutations that can be created and used, and they fall under 3 categories: operand replacement operators (which replaces operands in an expression with another operand or with a constant value, like changing x > y to x > 5), expression modification operators (which modifies an operator in an expression, like changing x > y to x <= y), and statement modification operators (which modifies the logic of the program by changing or deleting different statements, like removing an “else” branch of an if-else conditional).

This method of testing provides several advantages. It can uncover missing test cases that weren’t already included in the test suite. It also points out the different places in source code which may be vulnerable to error. It looks beyond simply statement and branch coverage to find any faults which may be overlooked. This enhances the quality of software testing taking place on the program.

However, there are still some disadvantages of using this testing strategy. Because there are many places in source code where these mutations may take place, it would be tedious to manually insert the faults, and automation is a necessity. Time may also become an issue, because each mutation requires a run through the test suite. Finally, this method would not be appropriate for black-box testing, as it involves directly examining the source code.

From the blog CS@Worcester – Hi, I&#039;m Kat. by Kat Law and used with permission of the author. All other rights reserved by the author.

“Full-Stack” Developers

In his blog post titled The Myth of the Full-stack Developer Andy Shora, a front end web developer from London, explains how he feels about web developers that claim to be “full stack” developers. Many web-based applications used to be built on a relatively simple “LAMP” (Linux, Apache, MySQL, PHP) stack, but in recent years the number of frameworks and architectures and frameworks available to web developers has grown enormously. Shora believes that with the modern abundance of software layers and architectures, developers can’t have enough of a mastery of each to really consider themselves full-stack.

It’s easy to become disillusioned with your own skill level in a field. While interviewing junior web developers, they were asked to rank their mastery of six different areas of development (UX, HTML, CSS, JavaScript, SQL, and a back end scripting language) on a scale from 1 to 10. They tended to rate their skill level in each area between 5 and 8, considering themselves full-stack developers with a moderate level of understanding in each area. When given 30 points to distribute between the six areas, instead of maintaining the same ratio between the skills they tended to highly rate some and rate others far lower. While they considered themselves full-stack developers it’s clear that they all understood that they had their strong skills and they had their “good enough” skills.

If you create some app that a lot of people end up using, it’s easy to get an inflated sense of your skills. While you might have created something that works in the end, it’s highly unlikely that you did so with full mastery of every single layer of your application. It’s possible to only have a minimal enough understanding of every piece of an application to put them together in a way that, at the very least, works.

I think it’s only becoming more and more difficult to really be a “full-stack” developer on today’s web. As more frameworks and architectures and layers are continually added, it’s almost impossible for one person developing every layer of an application to have a full mastery of all of them. I don’t think this is a bad thing, and I think this article has helped me realize that. While it’s important to be able to understand how different parts and layers of an application work together, I think that’s best left as its own role on a team. Everyone is able to specialize in their own area and someone else’s specialty is to coordinate how they come together.

From the blog CS@Worcester – Adventures in Computer Science by zachstevens2808 and used with permission of the author. All other rights reserved by the author.