Professional Documents
Culture Documents
Unit 5
Unit 5
SYLLABUS:
Quality issues-Non execution based testing- execution based testing- cost benefit analysis- risk
analysis-Improving the process- Metrics-CPM/PERT- Choice of programming language-Reuse
case studies- Portability-planning and estimating duration and cost-testing the project
management plan-maintenance and the object oriented paradigm-CASE Tools for maintenance.
INTRODUCTION
1
5.1 QUALITY ISSUES
The quality of an information system is the extent to which it satisfies its specifications
The term quality does not imply “excellence” in the information systems context
o Excellence is generally an order of magnitude more than what is possible with our
technology today
The task of every information technology professional is to ensure a high-quality
information system at all times
o However, the information system quality assurance group has additional
responsibilities with regard to information system quality
A fault is the standard IEEE terminology for what is popularly called a “bug”
A failure is the observed incorrect behavior of the information system as a consequence
of the fault
An error is the mistake made by the programmer
In other words,
o A programmer makes an error that results in a fault in the information system that
is observed as a failure
o
5.2.3. Managerial Independence
2
5.2 NON EXECUTION BASED TESTING
3
o However, the majority of faults at an inspection are spontaneously detected by the
presenter
The primary task of the inspection leader is
o To encourage questions about the artifact being inspected and promote discussion
It is absolutely essential that the inspection not be used as a means of evaluating the
participants
If that happens
o The inspection degenerates into a point-scoring session
o Faults are not detected
The sole aim of an inspection is to highlight faults
o Performance evaluations of participants should not be based on the quality of the
artifact being inspected
o If this happens, the participant will try to prevent any faults coming to light
The manager who is responsible for the artifact being reviewed should be a member of
the inspection team
o This manager should not be responsible for evaluating members of the inspection
team (and particularly the presenter)
o If this happens, the fault detection capabilities of the team will be fatally
weakened.
4
5.2.3 Use of Fault Statistics
The number of faults observed can be compared with averages of faults detected in
those same artifact types in comparable information systems
o This gives management an early warning that something is wrong, and
o Allows timely corrective action to be taken
If a disproportionate number of faults of one type are observed, management can take
corrective action
If the detailed design of a module reveals far more faults than in any other module
o That module should be redesigned from scratch
Information regarding the number and types of faults detected at a detailed design
inspection will aid the team performing the code inspection of that module at a later stage
The first Unified Process workflow is the Requirements workflow. The artifacts of this
workflow are diagrams and documents. Accordingly the requirement artifact have to
undergo non execution based testing.
Next comes the Analysis workflow. Again the artifacts of this workflow are diagrams and
documents and again non execution based testing is the only alternative.
Next workflow is Design workflow
o The artifacts of these workflow are diagrams and documents
o Testing has to be non execution-based
Why then do systems analysts need to know about execution-based testing?
Claim:
o Testing is a demonstration that faults are not present
Fact:
o Execution-based testing can be used to show the presence of faults
o It can never be used to show the absence of faults
Run an information system with a specific set of test data
o If the output is wrong then the information system definitely contains a fault, but
o If the output is correct, then there still may be a fault in the information system
All that is known from that test is that the information system runs
correctly on that specific set of test data
If test data are chosen cleverly
o Faults will be highlighted
If test data are chosen poorly
o Nothing will be learned about the information system
5
5.3.3 The Two Basic Types of Test Cases
Utility is the measure of the extent to which an information system meets the user’s needs
o Is it easy to use?
o Does it perform useful functions?
o Is it cost effective?
Reliability is a measure of the frequency and criticality of information system failure
o How often does the information system fail?
(Mean time between failures)
o How bad are the effects of that failure?
o How long does it take to repair the system?
(Mean time to repair)
o How long does it take to repair the results of the failure?
Robustness is a measure of a number of factors including
o The range of operating conditions
o The possibility of unacceptable results with valid input, and
o The acceptability of effects when the information system is given invalid input
Performance constraints must be met
o Are average response times met?
(Hard real-time constraints rarely apply to information systems Correctness- An
information system is correct if it satisfies its specifications
Every information system has to be correct
But in addition, it must pass execution-based testing of
o Utility
o Reliability
o Robustness, and
o Performance
6
5.4 COST BENEFIT ANALYSIS
An information system will be constructed only if it is cost-effective to do so
A popular technique for determining this
o Compare estimated future benefits against projected future costs
o This is termed cost–benefit analysis
Tangible benefits are easy to measure, but
o Intangible benefits can be hard to quantify directly
A way of assigning a dollar value to intangible benefits is to make assumptions
o In the absence of data, this is the best that can be done
o Better assumptions mean better data and more accurate calculation of intangible
benefits
The same technique can be used for intangible costs
Cost–benefit analysis is a fundamental technique for deciding
o Whether a client should computerize his or her business and, if so
o In what way
For each strategy, costs and benefits are computed
o Select the strategy for which the difference between benefits and costs is the
largest
A risk is an event or condition that can cause the delivery of an information system
to be
o Canceled
o Delayed
o Over budget, or
o Not to meet its requirements
Risks include:
o The project may not meet its time constraints
o The moving target problem can result in time and cost overruns
o The delivered information system may not meet the client’s real needs
o The developers may not have the needed expertise
o The hardware may not be delivered in time
o The CASE tools may not be available, or may not have all the needed
functionality
o A COTS package with the same functionality may be put on the market while the
project is underway
The first step
o List the risks in a project
Risk management is the process of
o Determining what the risks are, and then
o Attempting to mitigate them
Minimize their impact
Example 1:
o To mitigate the risk that part of a proposed information system will not work
Build a proof-of-concept prototype
Example 2:
o To mitigate the risk that the development team will not have the necessary skills
Provide training
7
Risks are like diseases
o Sometimes they go away spontaneously
o They often get better or worse without intervention
o Minor ones merely need to be watched, but
o Major ones need to be cured (mitigated)
A risk list must therefore be maintained
For each item on the list, the following items are recorded:
o A description of the risk
o The priority of the risk (critical, significant, or routine)
The priority can change, in either direction
o The way the project is impacted by the risk
o The name of the person responsible for monitoring the risk
o The action to be taken if the risk materializes
Risk analysis is integral to the Unified Process
During the inception phase
o The risk list is drawn up
o Attempts are made to mitigate the critical risks
o The use cases are prioritized according to their risks
During the elaboration phase
o The risks are monitored
o The risk list is updated
Particularly with regard to priorities
During the construction phase
o The risk list is again updated
During the transition phase
o Attempts are made to find any previously unidentified risks
Risk analysis does not terminate when the product is delivered to the client
o The risk list must be maintained through the entire life cycle of the product
8
o Software (SW–CMM)
o Management of human resources (P–CMM; the P is for “people”)
o For systems engineering (SE–CMM)
o For integrated product development (IPD–CMM), and
o For software acquisition (SA–CMM)
In 1997 it was decided to develop a single integrated framework for maturity models
o Capability maturity model integration (CMMI)
9
Continual efforts are made to improve the process
At this level, it makes sense to introduce new technology such as CASE
o In contrast, “high tech” only makes the crisis-driven level 1 process even more
chaotic
A number of organizations have attained maturity levels 2 and 3
o Not many have reached levels 4 or 5
For most companies the two highest levels are targets for the future
A level 4 organization sets quality and productivity goals for each project
o These two quantities are measured continually
o Action is taken if there are deviations from the goals
10
o Quality assurance
o Project planning
o Project tracking
o Requirements management
These areas cover the basic elements of information system management:
o Determine the client’s needs (requirements management)
o Draw up a plan (project planning)
o Monitor deviations from that plan (project tracking)
o Control the pieces that make up the information system (configuration
management), and
o Ensure that the information system is fault free (quality assurance)
A level 5 organization is far more advanced than a level 2 organization
Example:
o A level 2 organization is concerned with quality assurance, that is, with detecting
and correcting faults
o The process of a level 5 organization incorporates fault prevention, that is,
ensuring there are no faults in the first place
An original goal of the CMM program was to raise the quality of defense software
o By awarding contracts to only those defense contractors who demonstrate a
mature process
The U.S. Air Force stipulated conformance to SW–CMM level 3 by 1998
o The Department of Defense as a whole subsequently issued a similar directive
Today, the SW–CMM program is being implemented by development organizations
worldwide
5.7 METRICS
Measurements (or metrics) are essential to detect problems early in the information
system process
O before they get out of hand
Metrics serve as an early warning system for potential problems
A wide variety of metrics can be used, such as
O loc measurements
O mean time between failures
O effort in person-months
O personnel turnover
O cost
O efficiency of fault detection
Gathering metrics data costs money
O even when data gathering is automated, the case tool that accumulates the
information is not free
O interpreting the output from the tool consumes human resources
Numerous different metrics have been put forward
O which metrics should an information system organization measure?
There are five essential, fundamental metrics:
O size (in lines of code, or better)
O cost (in dollars)
O duration (in months)
11
O effort (in person-months), and
O quality (number of faults detected)
Each metric must be measured by phase or workflow
Data from these fundamental metrics can highlight problems such as
O high fault rates during the design workflow
O code output that is well below the industry average
A strategy to correct these problems is then put into place
To monitor the success of this strategy, more detailed metrics can be introduced
5.8 CPM/PERT
12
There are 12 activities and 9 milestones
O a milestone is an event used to measure progress, such as the completion of an
activity or set of activities
Starting with milestone a, activities ab, ac, and ad can be started in parallel
Activity fj cannot start until both bf and cf are finished
The project as a whole is complete when activities hj, fj, and gj are all complete
Completing the whole project will take at least 25 days
The critical path is acgj
O if any one of the critical activities
ac, cg, or gj s delayed in any way, the project as a whole will be delayed
However, if activity ad is delayed by up to 15 days, the project as a whole will not be
delayed
O there is a slack of 15 days associated with activity ad
Now suppose that activity ad is delayed by 15 days
The situation at day 17
O actual durations of completed activities are underlined
13
5.9 CHOICE OF PROGRAMMING LANGUAGE
14
o Managers therefore often assume that a C programmer can quickly pick up the
rest
o Conceptually C++ is quite different from C
o C is for the traditional paradigm
o C++ is for the object-oriented paradigm
o Before an organization adopts C+
o Training in the object-oriented paradigm must be given
Java is a pure object-oriented programming language
Education and training are even more important with Java than a hybrid object-oriented
language
o Like C++ or OO-COBOL
What of the future?
Existing information systems
o COBOL will remain the most widely used language
New information systems
o Will be written in object-oriented languages like
C++
Java
C#
Instead of utilizing previously developed programs, organizations all over the world
develop their own programs from scratch
o Why do information technology professionals continually reinvent the wheel?
Reuse
o Using artifacts of one information system when developing a different
information system with different functionality
Reusable artifacts include
o Modules
o Code fragments
o Design artifacts
o Part of manuals
o Sets of test data
o Duration and cost estimates
Two types of reuse
o Accidental reuse (or opportunistic reuse)
First, the information system is built
Then, artifacts are put into the artifact database for reuse
o Planned reuse
First, reusable artifacts are constructed
Then, information systems are built using these artifacts
A strength of deliberate reuse
o A artifacts specially constructed for reuse are likely to be
Easy and safe to reuse
Robust
15
Well documented
Thoroughly tested
Uniform in style
A weakness of deliberate reuse
o There can be no guarantee that such an artifact will ever be reused
Reasons for reuse
o It is expensive to design, implement, test, and document software
o On average, only 15% of new code serves an original purpose
o Reuse of parts saves
Design costs
Implementation costs
Testing costs
Documentation costs
So why do so few organizations employ reuse?
5.11 PORTABILITY
An information system that runs under Windows will not run under
16
o Linux
o Mac OS, or
o OS/370
Problems can arise even when upgrading the same operating system
o Example: Windows
5.12.1 Planning
Ideally, the plan for the entire information system project would be drawn up at the very
beginning of the life cycle
This is impossible
o There is insufficient information that early
There is not enough information available at the end of the requirements workflow to
plan the system
o At that stage, the developers at best have an informal understanding of what the
client needs
Planning has to wait until the end of the analysis workflow
o At that stage, the developers have a detailed appreciation of most aspects of the
target information system
o This is the earliest point in the life cycle at which accurate duration and cost
estimates can be determined
Suppose that the delivered cost of an information system is found to be $1 million
17
o The range of likely estimates would have shrunk to ($1 million / 2, $1
million 2), or ($0.5 million, $2 million)
– At the end of the analysis workflow, the relative range at this point was 1.5
o The estimate was probably in the still relatively wide range of ($1 million
/ 1.5, $1 million 1.5) or ($0.67 million, $1.5 million)
Before development commences, the client wants to know how much the information
system will cost
– If the development team underestimates, the development organization will lose
money on the project
– If the development team overestimates, then the client may decide against
proceeding, or
– The client may give the job to another development organization whose estimate
is more reasonable
Accurate cost estimation is critical
Internal cost
– The cost to the developers, including
o Salaries of the development teams, managers, and support personnel
o The cost of the hardware and software
o The cost of overhead such as rent, utilities, and salaries of senior
management
External cost
– The cost to the client
18
Sometimes
– External cost = internal cost + profit margin
However, economic and psychological factors can affect this
– If the developers desperately need work they may charge the client the internal
cost or less
– When a contract is awarded on the basis of bids, a team may try to come up with a
bid that will be slightly lower than what they believe will be their competitors’
bids
19
– Not all the code written is delivered to the client
o Half the code may be for tools
– What if thousands of lines are generated by
o A report generator
o A screen generator, or
o A graphical user interface (GUI) generator
Some metrics estimate size on the basis of the estimated number of lines of code
This is doubly dangerous
It is an uncertain input to an uncertain formula
Alternatives to lines of code
– So-called software science
o Anything but science!
What is required is a metric that can be computed from quantities available early in the
life cycle
– FFP metric
o Size = Number of Files + Number of Flows + Number of Processes
o Validated for medium-scale information systems
o Never extended to databases
– Function points
– Function points
o Based on the number of input items, output items, inquiries, master files,
and interfaces
o The metric also incorporates the effects of 14 technical factors
Function points and the FFP metric have the same disadvantage
– Maintenance often is inaccurately measured
– Major changes can be made without changing
» The number of files, flows, and processes or
» The number of inputs, outputs, inquiries, master files, and interfaces
» (Lines of code is no better in this respect)
20
5.12.4 Techniques of Cost Estimation
5.12.4.1 COCOMO
21
– Annual maintenance costs
COCOMO is a complete algorithmic cost estimation model
– It gives the user virtually every conceivable assistance in project planning
COCOMO has proved to be the most reliable estimation method
– Actual values come within 20 percent of the predicted values about two thirds of
the time
The major problem with COCOMO
– Its most important input is the number of lines of code in the target information
system
– If this estimate is incorrect, then every single prediction of the model may be
incorrect
Management must monitor all predictions throughout information system development
5.12.4.2 COCOMO II
22
This must be done irrespective of the metrics used
5.14.1 MAINTENANCE—DEFINITION
Maintenance is the process that occurs when an information system artifact is modified
o Either because of a problem, or
o Because of a need for improvement or adaptation
(International Standards Organization and International Electro technical
Commission, 1995)
That is, maintenance occurs whenever an information system is modified
o Regardless of whether this takes place before or after installation
23
In theory, it is easy to maintain a class
o Independence ensures it will be easy to determine which part of an information
system must be changed
o Information hiding ensures that a change made to a class will have no impact
outside that class
o This reduces regression faults
In practice, there are obstacles specific to the maintenance of object-oriented information
systems
Inheritance is the cause of some problems
If new features is added to a class with no subclasses, there is no effect on any other
class, but
If a class with subclasses is changed, all its subclasses are changed in the same way
Inheritance hierarchy
A new attribute added to class Bottom Class cannot affect any other class in any way
A new attribute added to class Top Class applies to all the classes in the diagram
o This is termed the fragile class problem
Inheritance can have
o A positive influence on development, but
o A negative impact on maintenance
A second problem arises as a consequence of polymorphism and dynamic binding
Create new subclass via inheritance
o Does not affect super class
o Does not affect any other subclass
Modify this new subclass
o Again, no affect
Modify a super class
o All descendent subclasses are affected
Inheritance can have
o A positive effect on development
o A negative effect on maintenance
24
Key point
o Maintainers must not merely be skilled in a broad variety of areas, they must be
highly skilled in all those areas
o Specialization is impossible for the maintainer
Maintenance is the same as development, only more so
25