CIS 314

Chapter 1 - Software Management

References

Why do we need Software Engineering?

Problems

  1. Increase in hardware speed has outpaced software development speed.
  2. Cannot keep up with the demand from programs
  3. Poor design, outdated documentation, unmanageable coding affects the difficulty in maintenance.

Crisis

Software makes News

A US $125M Hiccup

System: CONFIRM

Background of CONFIRM

Partnership Formed

Rosy Promises

Ambitious Goals

Development Plan

Shaky Development

Chaotic Begin

Morale Drop to the Lowest Level

Final Chance

Death Sentence

Epilogue

No Phone?

What Went Wrong?

Life After

ISDN glitch in Hamburg

What's happened?

Complexity

The London Ambulance Service

Current Ambulance Dispatch System

To computerize it -- LAS Compuer-Aided Dispatch (CAD) System.

An Ideal Case to Study

Collapse of CAD

System done by Systems Options Ltd. with an attractive-priced bid.

Life After

Semi-manual operation before Oct 26

Nov 24, 2am

Total manual operation afterwards.

What went Wrong?

Software went life

Staff in CAC room

SW Design

General Imperfections

Common reason
Commerical pressure to get job done for the lowest price, and as quickly as possible.

Software Development Tech

Industry Perspectives

High failure rate in delivery

Management's Myths

Customer's Myths

Practitioner's Myths

Software Poses Challenges

What is Software Engineering?

A discipline for design, development and maintenance of software products.

Software Products

Aspects of Software Products

Software Products Size Categories

Sample systems

No. of progammers Duration Size
Trivial 1 1-4 wks 500 LOC
Small 1 1-6 mos 1-2 KLOC
Medium 2-5 1-2 yrs 5-50 KLOC
Large 5-20 2-3 yrs 50-100 KLOC
Very large 100-1000 4-5 yrs 1 MLOC+

Hardware/Software Differences

Design Once, harder to change All, easy to change
Component failures down many still be running
Modification hard easy
Maintenance men and material information
System failures design, mechanical, ... design

Classic Problems of Software Designs

Quality Software

High qulaity if

Distribution of Computing Costs

Year Size $M HW% SW%
1980 4100 35 65
1985 13920 20 80
1990 37990 15 85

A Real Example

Complexity of the DMS switch

Lines of code 24 million
Modules 18,819
Subsystems 5378
Areas 134
Archids 118
Memory 50 Mbytes

Code Architecture

Data Size

DMS Data
Lines of code 2.3 million
Modules 1905
Subsystems 1780
Areas 29605
Archids 100 M(2x code)

Data Architecture

The GAMMA Paradigm

Other paradigms

Chapter 2 - Process Modelling

References

A Product Life-Cycle

  1. Concept and feasibility study
  2. Requirement definition
  3. High level design
  4. Low level design
  5. Construuct and test a prototype
  6. Manufacture
  7. Maintenance
  8. Obsolescence and decommissioning

The Ideal Software Life-Cycle

  1. Concept and feasibility
  2. Requirements capture
  3. Requirements specification
  4. High level design
  5. Low level design
  6. Implementation
  7. Testing
  8. Trial
  9. Shipment
  10. Operation and maintenance
  11. Obsolescence

Software development process as any description of software development that contains the stages above.

The Real Software Life-Cycle

  1. Concept and feasibility
  2. Coding
  3. More coding
  4. Test and trial
  5. User documentation
  6. Design
  7. Functional specification
  8. Requirements defintion
  9. Shipment
  10. Operation and maintenance
  11. Obsolescence

Verification and Validation

They are used in

Software Life-Cycle Models

Waterfall Model

Key aspects of Waterfall

Key Activities

Phase 1: System Requirement Specification

Phase 2: Software Requirement Specification

Phase 3: High Level Design

Phase 4: Detail Design

Phase 5: Coding

Phase 6: Testing

Phase 7: Maintenance

Focus of Waterfall

Modified Waterfall

An error may force one to backtrack to an earlier stage of development (Royce, 1970).

The V Model

The Prototype Model

The Evolutionary-Prototype Model

Incremental Delivery

Spiral Model

What are Requirements?

Software requirement specification (SRS) is a document containing a complete description of WHAT the software will do without describing HOW it will do it.

Requirements Specification

Why are requirement specification important?

Stage relative code of repair
requirement 0.1-0.2
design 0.5
coding 1
unit test 2
accceptance test 5
maintenance 20

Many erros detected after coding and testing are attributed to requirements.

Errors made in requirement specifications are typically incorrect facts, omissions, inconsistencies, and ambiguities.

Incorrect facts 49%
Omission 31%
Inconsistency 13%
Ambiguity 5%
Misplaced requirment 2%

Requirement errors can be detected.
Myth: it is useless to analyse non-executable forms of software

Conclusion

Chapter 3 - Software Measurement

References

Measurement is the process by which numbers or symbols are assigned to attributes of entities in the real world in such a way as to describe them according to clearly defined rules.

Purposes of Measurements

  1. Assessment and certification of the product
  2. Maintenance cost estimation
  3. Improvement of the development process
  4. Control of the project
  5. Estimation of future projects

Principles of Measurements

Entities and attributes

Scales of Measurement

  1. Nominal: arbitrarily labelled categories, e.g. logic error, uninitialized variables
  2. Ordinal: an ordering is introduced, e.g. critical, major, minor
  3. Interval: defined on real numbers, but gradation and origin are arbitrary, e.g. days.
  4. Ratio: fixed origin, e.g. CPU seconds.
  5. Absolute: counting, e.g. number of errors.

Hard Data

Hard data are facts. You can measure such data with little subjectivity

The resolution of hard data varies widely. Measuring hard data by software engineering task is not difficult, but rarely done. Hard data can also be referred as raw data.

Soft Data

Soft data are subjective: different people might have different opinios when such data are evaluated.

Normalized data are used to evaluate the process and the product (but never individual people).

Size-Oriented Metrics

This is a direct measures of software and the process by which it is developed.

Productivity = KLOC/person-month

Duality = defects/KLOC

Cost = $/LOC

Documentation = pages of doc/KLOC

Problems of using size-oriented metrics?

Function-Oriented Metrics

Chapter 4 - Project Planning and Estimation

References

Purposes of Planning

A Project Plan Should Have

Planning Activities and Tasks

  1. Set goals and objectives
  2. Develop project strategy
  3. Develop policies for the project
  4. Determine possible courses of action
  5. Make planning decisions
  6. Set procedures and rules for the project
  7. Develop a software project plan. It should specify
  8. Prepare a budget
  9. Conduct a risk assessment and prepare contingency plans
  10. Docuement the software project plan

Organizing a Software Engineering Project

Major issues

Organizing activities

  1. Identify and group required tasks
  2. Select an organizational structure

Clean Room

Harlan Mills - developing a large system for the New York Times

Chief Programmer Teams

Brooks 1975, Hog-butchering vs. surgery

Possible Risks

Project Roles

Chapter 5 - Cost and Schedule Estimation

References

Scheduling

The purpose is to determine that the deadline is feasible.

Project Scheduling

Scheduling

Creating a Task Network

Subtasks

Design is a major software engineering task. To adequately schedule a design, the following subtasks might be specified

Project Scheduling Technique

PERT charts

Construction of PERT chart

Critical Path Analysis

Given a PERT chart

  1. What's the minimum time it will take to complete the project?
  2. What activitiies are critical so that the project can be completed in the minimum time?

Critical path: the path between the start and finish node which is the lingest path through the network in terms of total duration of activities.

Critical Path Procedure

  1. Label the start node (0,0).
  2. For all unlabeled nodes N whose predecessors are all labeled nodes, compute the earliest possible start time as the latest finishing time of all its predecessor nodes. I.e.
    SN = max (Fi) where i belongs to P(N)
    which is the set of predecessor nodes of N.
  3. Compute the corresponding finish time
    FN = SN + DN
    where DN is the duration of activity N. Label the node N as (SN,FN).
  4. Repeat step 2 and 3 until no unlabeled nodes remain.

If N1N2 ... Nk is the cirtical path, then Fi = Si+1 for i=1,...,k-1. The earliest finishing time of node i is equal to the earliest start time of node i+1.

Late-Start and Slack Time

After the critical path has been determined, then

  1. What's the latest time that each activity can start without delaying the overall project finsih time?
  2. How much slack is there in the completion time for each activity?

Latest-Start Procedure

  1. Underlabel the Finish node F with its start and finish times as determined from the critical-path procedure.
    (SF', FF') = (SF, FF)
  2. For all non-underlabeled nodes N whose successors are all underlabeled nodes, compute the latest possible finish time as the earliest starting time of all its successor nodes.
    FN' = min [Si'] for i belongs to S(N) which
    is the set of predecessor nodes of N.
  3. Compute the corresponding latest-start time
    SN' = FN' - DN where DN is the duration of activity N. Underlabel the node N as (SN', FN').
  4. Compute the slack time for the activity as
    LN = SN' - SN.
  5. Repeat steps 2-4 until no non-underlabeled nodes remain.

Planning and Control Implications

Aspects of Cost

Cost Estimation

Classification - Size-based Estimation

Expert Judgement

Computer-Aided Design System

Estimation Table(LOC)
Function Opt M. likely Pess Expected $/line lines/month Cost Months
UICF 1800 2400 2650 2340 14 315 32760 7.4
2DGA 4100 5200 7400 5380 20 220 107600 24.4
3DGA 4600 6900 8600 6800 20 220 136000 30.9
DBM 2950 3400 3600 3350 18 240 60300 13.9
CGDF 4050 4900 6200 4950 22 200 108900 24.7
PC 2000 2100 2450 2140 28 140 59920 15.2
DAM 6600 8500 9800 8400 18 300 151200 28.0
Total 33360 656680 144.5

Analogy (B)

Paramteric Cost Models (C)

COCOMO - COnstructive COst MOdel

Basic COCOMO Model

Example

Du Bridge Chemical is planning to develop a new system to keep track of raw materials. It will be developed by an in-house team with several years of similar experience. This is a good example of an organic-mode software project.

Overall Project Profile

Standard size and effort for projects in organic mode.

Product Size Effort Productivity Schedule(months) Avg. staffing
Small 2KDSI 5.0MM 400 DSI/MM 4.6 1.1 FSP
Intermediate 8KDSI 21.3MM 376 DSI/MM 8.0 2.7 FSP
Medium 32KDSI 91.0MM 352 DSI/MM 14.0 6.5 FSP
Large 128KDSI 392.0MM 327 DSI/MM 24.0 16.0 FSP

Phase Distribution

Effort

Phase Small Intermediate Medium Large
Plans and requriements 6% 6% 6% 6%
Product design 16% 16% 16% 16%
Programming - detailed design 26% 25 24% 23%
Programming - code and unit test 42% 40% 38% 36%
Integration and test 16% 19% 22% 25%

Schedule

Phase Small Intermediate Medium Large
Plans and requriements 10% 11% 12% 13%
Product design 19% 19% 19% 19%
Programming 63% 59% 55% 51%
Integration and test 18% 22% 26% 30%

Nominal Project Profiles

Interpolation

How to find out the percentage of effort or schedule for different phase given the size of a software product.

Maintenance Effort Estimation

Use basic COCOMO estimate for annual sofwtare maintenance

Annual charge traffic (ACT): the fraction of the software product's source instructions which undergo change during a (typical) year, either through addition or modification.

Suppose the 32 KDSI software system for Du bridge had 4000 DSI added and 2400 DSI modified during its first year.

Three COCOMO Modes of Software Development

Basic Effort and Schedule Equations for Different Modes

COCOMO Database

Boehm introduced the COCOMO equations by analyzing a sample of 63 software project data points. He claimed that the database have some representative points from all major sectors.

Phase Distribution of EFFORT and SCHEDULE

Size - 32 KDSI

Phase Distribution for all Modes

Basic Project Profile: Medium Size Project (32K)

Intermediate COCOMO

Nominal Scaling Equations

Intermediate COCOMO NOminal Effort Estimating Equations

Second Example

Norminal effort = 3.0 (32)1.12 = 146 MM

Phase and Activity Distribution of Effort and Schedul
for Intermediate COCOMO

Sensitivity Analysis - Example

To develop a 10 KDSI embedded-mode communication product on a microprocessor. need to determine the effect of various features on the overall development effort and cost.

Communication software generally is very complicate with high complexity. Planning to use high capability analyst and programmers.

Can the project cost be reduced by using less expensive personnel which would cost $5000 per month only?

$10,000 could buy 96K memory to replace the 64K. Is it cost effective?

The Intermediate Effort Equation

The equation is determined through a 4-step process.

Large variation between the Basic COCOMO estimates and the actuals are mostly eliminated by the use of the cost driver factors in the Intermediate COCOMO.

The Intermediate COCOMO estimates are within 20% of the actuals 68% of the time.

Putnam Estimation Model (1978)

It was developed to fit the ``Rayleigh curve" to data extracted from a large project.

It is a dynamic multivariable model that assumes a specific distribution of effort over the life a software development project.

K = L3/ (Ck3 td4)
where

The mathematics is fairly complex and is not needed for this subject.

Three different types of curves

Chapter 6 - Comparison and Critique of Cost Models

References

Brooks 1982
Cost does not indeed vary as the product of the number of men and the number of months. Progress does not.

Hence the man-month as a unit for measuring the size of a job is a dangerous and decptive myth.

McNicholos'Law 1986
The utility of a model is inversely proportional to the number of its parameters.

Many models were derived from an examination of the empiral statistical relationships between size, effort, schedule, using multivariate model to come up with

estimate = constant * variateexponent

The two fundamental agreements betwen people so far are

The choice of fundamental measures and parameters are often criticised

No good way now to solve the problem. The advice is

Chapter 7 - Function Points

References

A model is most useful for prediction at the beginning of product development, well before the exact number of lines of code can be known.

Albrecht's Method

A framework that relies on the functionality of software as derived from the requirement. I.e. The model is based on an evluation of several measures of the domain for which a software project is defined.
Domain Item Count Simple (wt) Avg ComplexFi
Distinct input data items - 3 4 6 -
Output screens or reports - 4 5 7 -
Files - 3 4 6 -
Interfaces to other systems - 7 10 15 -
Types of online queries - 5 7 10 -

Function Points

  1. Analyze information domain of the application and develop counts
  2. Weight each count by assessing complexity
  3. Assess influence of global factors that affect the application
  4. Compute function points

Forteen Factors

  1. Reliable backup and recovery
  2. Data communication
  3. Distributed processing function
  4. Performace critical
  5. Run in heavily utilized environment
  6. Online data enrty
  7. Multiple screens or operations
  8. Master file online update
  9. Complex input, output, files or inquires
  10. Complex internal processing
  11. Designing re-usable code
  12. Design including conversion and installation
  13. Design for multiple installation in different organization
  14. Design to facilitate change and ease of use

Weights
Value Stage
0 no influence
1 incidental
2 moderate
3 average
4 significant
5 essential

Defining an Algorithm

For the purposes of feature point computation, an algorithm

Mark II function Points (Symons 1988)

Advantages pf FP Models

Disadvantages pf FP Models

Function Point - Example

Spelling chcker specification: the chcker accepts as input a document file and an optional personal directory file. The checker lists all words not contained in either the dictionary or personal dictionary files. The user can query the number of words processed and the number of spelling errors found at any stage during the processing.

Size-Functionality: UFC (unadjusted function count)


UFS = Sum Itemi * Weighti

Item Simple (wt) Avg Complex
A 3 4 6
B 4 5 7
C 3 4 6
D 7 10 15
E 5 7 10

\ \
Technical complexity factor
TCF = 0.65 + 0.01 Sum Fi FP = UFC x TCF

Assume average weights,
UFC = 4A + 5B + 4C + 10D + 7E = 58

Assume dict. file and misspelt word report are considered complex,
UFC = 4A + (5x2 + 7x1) + 4C + 10D + 10 E = 63

Say

TCF = 0.65 + 0.01 (18 + 10) = 0.678

FP = 63 * 0.678 = 59

If each FP is about 2 person-days ==> this project needs 118 days.

Chapter 8 - Quality Measurement

References

Quality == conformance to Requiremnts (Crossby)

Axiom of software development
``Good internal structure" ==> Good external quality

Quality Measurement

Internal attributes

Measurement Metrics

  1. Size
  2. Modularity and information flow
  3. Control-flow structure
  4. Data structure

Size

  1. There is some consenus view on measuring length of programs but not of specifications or design
  2. There is some work on measuring functionality of specifications
  3. There is very little work on measuring problem complexity other than some under the subject of computational complexity

Size - Length

A line of code is any line of program text that is not a comment or blank line, regardless of the number of statements or fragments of statements on the line. This sepcifically includes all lines containing program headers, declarations and executable and non-executable statements.

LOC = NCLOC (non-comment) + CLOC (comment)

Density of comment = CLOC/LOC

Size of Specification and Design

DeMarco 1982
View Diagram Atomic object
Functional Data-flow diagram Bubbles
Data dictionary Data elements
Data Entity relation diagram objects, relations
State State transition diagram states, transitions

Modularity and Information Flow

A module is a contiguous sequence of program statements, bounded by boundary elements, having an aggregate identifier. (Yourdon 1979)

Module Call Graph A module calls another module

Module Call Graph: dependencies between data

Initialize
If (x<y)
then A = B
else A = C
D = A

Related Metrics

  1. Views of modularity
  2. Morphology
  3. Tree impurity

  4. Reuse
  5. Coupling
  6. Cohesion
  7. Information Flow

Coupling

For a pair of modules, x and y, we have

BadContent, R5(x,y)x refers to the inside of y
Common, R4(x,y)x,y refer to some global data
Control, R3(x,y)x passes a parameter to y in order to control its behavior
Stamp, R2(x,y)x,y accept the same record type as a paramter
Data, R1(x,y)x,y communicate by parameters
GoodData, R0(x,y)x,y no communication

A Coupling-Model Graph

Cohesion

Good6, functionperforms a single function
5, sequentialperforms sequential functions
4, communicational> 1 function, but these are all on the same body of data
3, procedural> 1 function, and these are only related to a general procedure
2, temporal> 1 function, and these are only by the fact that they must occur within the same time span
1, logical> 1 function, and these are only related logically
Bad 0, coincidental> 1 function, and these are unrelated

Cohesion ratio = no. of modules having functional cohesion/ total no. of modules

Information Flow

Henry-Kafura, 1981
CM = Length(M) x [fan-in(M) x fan-out(M)]2

where length is the size of the module M.

Shepperd 1990

CM = [fan-in(M) x fan-out(M)]2

Word Processor

ModuleFIFO(FI x FO)2Length CM
WC221630480
FD233611396
CW442564010240
DR200230
GDN020140
RD31928252
FWS12446184
PW21429156

Control-Flow Structure

Direct graphs (flow graphs)

Flow graphs

Hierarchical Measures

Recursive measure: number of simple paths through F for each prime F (Fenton chapter 10.3)

Data Structures

DATAMultiplier
Low (D/P < 10)0.94
Nominal (10 <= D/P < 100)1.00
High (100 <= D/P < 1000)1.08
Very high (D/P >= 1000)1.16

Complexity

A term to captuure the totality of all internal attributes.

Chapter 9 - Fagan Inspection

References

Fagan in 1970's

He noticed that no inspection of designs was routinely practised during software development ==>

He developed a set of procedures for inspection of software designs, source code, test plans and test cases.

He argued that software development should

Types of Inspection

  1. I0, Initial design
  2. I1, Detail design
  3. I2, Coding
  4. IT1, Test plan preparation
  5. IT2, Test case preparation

Testing

Testing and Debugging

Purpose of Testing

The Testing Team

Necessary Condition for Testing

Exit Criteria

To judge whether a given development phase is complete. It is usually defined locally by individual organization. Some examples here

Test Design and Test Execution

When are tests designed

Level of Testing in Software Development

Check Lists

Sets of questions which the testers will ask, and which will prompt them to look for certain types of defect

  1. I0, Is the design consistent with the program requirements? External specifications
  2. I1, Are all constants defined? Logic
  3. I2, Is each field initialized properly before its first use? storage, usage

Defect Recording and Classification

Management of Testing

What test metrics are being used?

More Test Metrics

Management of Testing - continue

What testing policies are used?

Cost of testing

Inspection rates in NCSS/hour

Inspection StepT0I1I2
Overview 500500-
Preparation 200100125
Inspection/testing 250130150
Rework -5060

Effective Testing

Management of Testing - continue

How much testing is enough?

Personnel assessment - Must not be DONE

Who makes the best tester?

Test Documentation

Test Management Pitfalls

Test Quality

How to ensure testing quality?

Static Testing

Black Box (Functional) Test

Equivalence Partitioning

Boundary Value Analysis

Other techniques

White Box (Structural) Test

Code Structure Coverage

It is found (Open Univ.'84) that a good set of functional tests often achieve only 60%-80% code coverage

Branch or Decision Coverage

Testing in Maintenance

Audit of Testing Activities

What should be looked at if you want to audit the testing activities of the vendor/contractor???

Testing Audit

Critique of Testings

The final number of defects is only known at the end of the product life-cycle, when we assume that any remaining defects can be regarded as causes of failure.

We want to retrospectively estimate the ``defect removal efficiency" of testings at each step of development ==>

To predict the quality of the current product by analogy with past products and psat tests.

Remus and Zilles 1979

A note from the authors: n is not measurable during the development process but it can be measured for products that have expended their useful life already. These values of n can be used to estimate other quantities ..... and to manage the defect removal process.

Problems with Defect Density Estimates

Testing Standard

Chapter 10 - Dependability Measurement

References

Failure of Complex Systems

Physical: A hardware component develops a fault. The cause if physical and the fault appears at a certain time during operation. Repair consists of replacement of the faulty component to restore the system to its previous good state.

Design: A fault in the design of the system is activated under certain trigger conditions. The fault may have been present for some time, but latent. Repair consists of a corrective change to remove the fault.

Dependability

The extend to which the user can justifiably depend on the service delivered by a system (Laprie 1992)

Dependability is not a single attribute, but is consisted of ``RAMURSES"

  1. Reliability
  2. Availability item Maintainability
  3. Usability
  4. Recoverability
  5. Safety
  6. Extendability
  7. Security

Dependability - Indirect Measures

The probability that the system will deliver a required service, under given conditions of use, for a given time interval, without relevant incident.

Dependability - Direct Measures

Two types

Software Quality Assurance

What is SQA?

Software Quality Assurance

Current Practices

Emphasis on defects removing. Passing methods:

Emphasis on defects removing. Active methods:

SQA role:

SQA - besides defect removal

SQA also has effect on:

SQA - also a TQM issue

Also a technology-people-management combination.

TQM: A quality system is the agreed on, companywide and plantwide operation work structure, documented in effective, integrated technical and managerial procedures, for guiding the coordinated actions of the people, the machines, and the information of the company and plant in the best and most practical ways to assure customer quality satisfaction and economical costs of quality.

SQA Quality Program

SQA Techniques

SQA Organization

SQA Costs

Quality Factors

It provides

Definitions of Quality Factors

SQA Plan

Each project should have a software quality assurance plan (SQAP). The IEEE Std for SQAP (84)

SQA Considerations

SQA Staffing

Good people is hard to find without paying enough $$$ !!!

Chapter 11

References

Software Reliability

Software Reliability Engineering (Musa): apply a statistical approach to measuring, managing, and containing the risk of software failure, which never goes to zero.

Ref. Musa, Iannino, Okumoto, Software Reliability, Measurement, Prediction, Application

The Fundamental Modelling Problem

A prediction system which will allow us to predict the future (Ti, Ti+1, ...) from the past (t0, t1, ..., ti-1) comprises:

  1. The probabilistic model which specifies the distribution of any subset of the Tj's conditional on an unknown parameter p.
  2. A statistical inference procedure for p involving use of available data (realization of Tj's)
  3. A prediction procedure combining (1) and (2) to allow us to make probability statements about future Tj's.

Basic Concepts

Fault density: faults removed (after system test) per thousand lines of delivered source code.

Wrong and misleading: faults removed has no correlation with reliability. Removal of a large number of faults can indicate either high quality testing or low quality coding

Customer-oriented approach

Failure Behaviour

Affected by two principal factors:

  1. The number of faults in the software
  2. The operational profile of execution
Inverse relationship between reliability and fault density: through testing and defect removal, FI tends to decrease and reliability get increased.

Mean Time to Failure

Mean time to failure (MTTF) - average of the next failure interval

In hardware, with respect to repair and replacement, there is Mean Time Between Failure
MTBF = MTTF + MTTR (mean time to repair)

Classification of Models

Models can be classified by their mathematical structure, assumptions, parameter estimation method, ...

  1. Time domain
  2. Stochastic/deterministic
  3. Failure modeling
  4. Repair modeling
  5. Additional features
  6. Inclusion of considering structure of program
  7. Parameters
  8. Data types
  9. Functional form of the derived measures

Reliability Modelling

Geol-Okumoto Model

Duane's Learning Curve

It was originally to model the trend of the increasing familiarity of a user with a machine ==> After a fault once found is removed, it will not be repeated. No assumption about the repair mechanism

Jelinski-Moranda

It models failure as manifestation of a fault, and assumes perfect immediate repair

Problems with Early Models

All faults cause failure at the same rate

Wrong assumption (Adams 1984)
Two lessons to learn

The Bayesian Approach

A measure of our subjective degree of belief about an event

Littlewood-Verrall Model

It represents the inter-failure times directly as random variables

Littlewood Stochastic Reliability Growth Model

It takes account of the difference in fault manifestation rates by modeling the individual rates Zi as independent identically distributed random variables with a gamma, gamd(z,h,s), distribution

Most Common Models

Tools Basic Time Execution Model The failure intensity function decreases at a constant rate.

The failure intensity for the basic model as a function of failures is

Logarithmic Possion Execution Model

The decrement of failure intensity per failure is not constant, it becomes smaller as more failures are being experienced.

The failure intensity for the logarithmic possion model is

Parameter Determination

By estimation: e.g. use maximum likelihood estimation based on the data set collected in the testing

Incorporate Reliability in Life Cycle

Chapter 12 - Safety-Critical Software

References

Criticisms of Models

  1. Lack of independence of failures
  2. Usage effects
  3. Imperfect observation and diagnosis of faults
  4. Imperfect repair
  5. Delay in reporting, diagnosis and repair
  6. Update
  7. Discrete data

Software Safety

A software quality assurance activity that focuses on the identification and assessment of potential hazards that may impact software negatively and cause an entire system to fail

E.g. A computer-based cruise control for an automobile

Software Ultra-Reliability

Hazard Analysis

All hazards are identified: features of the system with a potential for leading to an accident

Hazard Assessment

  1. Hazard can be viewed as falling along a continuum in terms of severity
  2. Assessing their likelihood

Hazard Control

Fault-tree Analysis

Patient Monitoring System Fault Tree

Process Certification

Faced with the impossibility of achieving and assuring ultra-dependability

Chapter 13 - Data Collection

References

Guiding Principle of Data Collection

Data should be collected with a clear purpose and a clear idea as to the precise way in which they will be analyzed so as to yield the desired information (Moroney 1951)

Six Crieria for Data Collection

  1. The data must contain information permitting identification of the types of faults and changes made
  2. The data must include the cost of making changes and correcting faults
  3. Data to be collected must be defined as a result of clear specification of the goals of the study
  4. Data should include studies of projects from production environments, involving teams of programmers
  5. Data analysis should be historical, but data must be collected and validated concurrently with development
  6. Data classification schemes to be used must be carefully specified for the sake of repeatability of the study in the same and different environments

Some Observations

Data Requirement for Reliability Modeling

Mellor 1986

Common Problems

Particular problems

  1. Lack of running time records
  2. Mission of occurrence time from failure report
  3. Suppression of failure reports
  4. Use of inappropriate classification

Need for Automatic Recording

To overcome the problems, automate collection systems are developed

Chapter 14 - Process Maturity Framework

Reference

Process Improvement Movement and CMM

Process Improvement program (Denning)

  1. Understand the current status of the process
  2. Develop a vision of the desired process
  3. Establish a list of required process-improvement actions in priority order
  4. Produce a plan to accomplish these actions
  5. Commit the resources and execute the plan
  6. Start over at step 1

Some Principles

Capability Maturity Model

History

Inmature Software Organization

Mature Software Organization

Five Mature Levels

Level 1: Initial

Behavior characterization:

Level 1: Key Challenges

Level 2: Repeatable

Behavior characterization:

Level 2: Key Process Areas

Key: to establish basic project management

Level 3: Defined

Behavior characterization:

Level 3: Key Process Areas

Need to establish an infrastructure to institutionalizes effective software engineering and management process:

Level 4: Managed

Behavior characterization:

Level 4: Key Process Areas

To establish a quantitative understanding of both the software process:

Level 5: Optimizing

Behavior characterization:

Level 5: Key Process Areas

To implement continuous and measurable process improvement:

Software Indicators

CMM has a set of software indicators which is consistent with the key practices (key processing areas) in CMM

SEI Process Assessment

Chapter 15 - Maintenance Cost Estimation

References

Any reasonably large software product is bound to need maintenance, and the bear of maintenance cost is lumbering up on all vendors

Two Main Aspects to Modelling Maintenance Cost

  1. The flow of failure reports from the whole field
  2. The distribution of cost over failure reports

Maintenance Cost

An Example - Belady 1972

Total effort expended on maintenance

A Second Example - COCOMO

General Problems

Maintainability Metrics

Gilb 1979