CS605 Final Term Comprehensive Notes by Muhammad Saeed
CS605 Final Term Comprehensive Notes by Muhammad Saeed
CS605 Final Term Comprehensive Notes by Muhammad Saeed
www.VUAnswer.com
Task Network
Since it is a concept development project, the applicability is not certain but it appears to be useful
and hence needs to be explored. Major tasks include:
• Concept scoping
• Preliminary concept planning
• Technology risk assessment
• Proof of concept
• Concept implementation
• Customer reaction to concept
Scheduling
Once we have the task network, we are now ready to prepare a schedule for the project. For this
we use two techniques known as:
1. Program evaluation and review techniques (PERT)
2. Critical Path Method (CPM)
These are quantitative tools that allow the software planner to determine the critical path – the
chain of tasks that determines the duration of the project and establish most likely time estimates
for individual tasks by applying statistical models. They also help the planner to calculate boundary
times that define a time window for a particular task.
The boundary time defines the following parameters for a project:
• The earliest time that a task can begin when all preceding tasks are completed in the shortest
possible time
www.VUAnswer.com
Timeline Chart
To develop the schedule for a project, time required for each activity in the Task Network is
estimated. This analysis and decomposition leads to the development of a Timeline or Gantt Chart
for the project which portrays the schedule for the project.
Concept Scoping (the first task in the above list) is further subdivided into the following sub-tasks
1. Identification of needs and benefits (3 days)
2. Definition of desired output/control/input (7 days)
3. Definition of the function/behaviour (6 days)
4. Isolation of software elements (1 day)
5. Researching availability of existing software (2 days)
6. Definition technical feasibility (4 days)
7. Making quick estimate of size (1 day)
8. Creating scope definition (2 days)
Project Tracking
Tracking methods include:
• Periodic project status meetings
• Evaluating the results of all reviews
• Determine whether project milestones have been accomplished by the scheduled date
• Comparing actual start date to planned start date
• Informal meetings with the practitioners
• Using earned value analysis
• Error tracking
Time Boxing
Time-boxing is used in severe deadline pressure. It is a use incremental strategy where tasks
associated with each increment are time-boxed in the following manner:
• Schedule for each task is adjusted by working backward from the delivery date.
• A box is put around each task
• When a task hits the boundary of the box, work stops and next task begins
The principle behind time-boxing is the 90-10 rule (similar to Pareto Principle) –
Rather than becoming stuck on the 10% of a task, the product proceeds towards the delivery date
in 90% of the cases.
Quality has measurable characteristic such as cyclomatic complexity, cohesion, and coupling.
Quality of design tries to determine the quality of design related documents including
requirements, specifications, and design.
Quality of conformance looks at the implementation and if it follows the design then the resulting
system meets its goals then conformance quality is high.
Glass defines quality as a measure of user satisfaction which is defined by compliant product +
good quality + delivery within budget and schedule
DeMarco defines product quality as a function of how much it changes the world for the better.
Goal of quality assurance is to provide the management with the necessary data to be informed
about product quality. It consists of auditing and reporting functions of management. If data
provided through QA identifies problems, the management deploys the necessary resources to fix
it and hence achieves desired quality control.
Cost of quality
Quality has a direct and indirect cost in the form of cost of prevention, appraisal, and failure. If we
try to prevent problems, obviously we will have to incur cost. This cost includes:
1. Quality planning
2. Formal technical reviews
3. Test equipment For More Visit
4. Training
www.VUAnswer.com
The cost of appraisal includes activities to gain insight into the product condition. It involves in-
process and inter-process inspection and testing.
Failure cost has two components: internal failure cost and external failure cost.
Internal failure cost requires rework, repair, and failure mode analysis.
External failure cost involves cost for complaint resolution, product return and replacement, help-
line support, warranty work, and law suits.
SQA Activities
There are two different groups involved in SQA related activities:
1. Software engineers who do the technical work
2. SQA group who is responsible for QA planning, oversight, record keeping, analysis, and
reporting
SQA Group Activities
There are many types of reviews. In general they can be categorized into two main categories
namely informal and formal technical reviews.
Formal Technical Reviews
Formal Technical Reviews are conducted by software engineers. The primary objective is to find
errors during the process so that they do not become defects after release of software as they
uncover errors in function, logic design, or implementation. The idea is to have early discovery of
errors so they do not propagate to the next step in the process.
FTRs include walkthroughs, inspections, and other small group technical assessments of software.
Review Meetings
Review Guidelines
The basic principle is that the review should focus on the product and not the producer so that it
does not become personal. Remember to be sensitive to personal egos. Errors should be pointed
out gently and the tone should be loose and constructive.
This can be achieved by setting an agenda and maintaining it. In order to do so, the review team
should:
Avoid drift
• Limit debate and rebuttal
• Enunciate problem areas but don’t try to solve all problems
• Take written notes
• Limit the number of participants and insist upon advanced preparation
• Develop a checklist for each product that is likely to be reviewed
• Allocate resources and schedule time for FTRs
• Conduct meaningful training for all reviewers
• Review your early reviews
• Determine what approach works best for you
Statistical Software Quality Assurance
CS605 SOFTWARE ENG FINAL TERM COMPREHENSIVE NOTES
CONTACT:03345818234
BY MUHAMMAD SAEED
Statistical SQA is a technique that measures the quality in a quantitative fashion. It implies that
information about defects is collected and categorized and an attempt is made to trace each defect
to underlying cause. It uses Pareto Principle to identify vital causes (80% of defects can be traced
to 20% of causes) and moves to correct the problems that have caused the defects.
Software Reliability
Software reliability is another very important quality factor and is defined as probability of failure
free operation of a computer program in a specified environment for a specified time. For example,
a program X can be estimated to have a reliability of 0.96 over 8 elapsed hours. Software reliability
can be measured, directed, and estimated using historical and development data. The key to this
measurement is the meaning of term failure.
Failure is defined as non-conformance to software requirements. It can be graded in many different
ways as shown below:
1. From annoying to catastrophic
2. Time to fix from minutes to months
3. Ripples from fixing
It is also pertinent to understand the difference between hardware and software reliability.
Hardware reliability is predicted on failure due to wear rather than failure due to design. In the
case of software, there is no wear and tear. The reliability of software is determined by Mean time
between failure (MTBF). MTBF is calculated as:
MTBF = MTTF + MTTR
Where MTTF is the Mean Time to Failure and MTTR is the Mean time required to Repair.
Software Safety
Software Safety is a software SQA activity that focuses on identification of potential hazards that
may affect software negatively and cause an entire system to fail. Modeling and analysis process
is conducted as part of software safety and hazards are identified and categorized by criticality and
risk.
Once system-level hazards are identified, analysis techniques are used to assign severity, and
probability of occurrence. This technique is similar to risk analysis. To be effective, software must
be analyzed in the context of the entire system.
Reliability and safety are closely related. Software reliability uses statistical techniques to
determine the likelihood that a software failure will occur. Occurrence of a software failure does
CS605 SOFTWARE ENG FINAL TERM COMPREHENSIVE NOTES
CONTACT:03345818234
BY MUHAMMAD SAEED
not necessarily result in a hazard or mishap. On the other hand, software safety examines the ways
in which failures result in conditions that can lead to a mishap.
Poka-Yoke (Mistake-Proofing)
Poka-yoke is a QA technique developed by Shingo at Toyota in 1960’s. Poka-yoke devices are
mechanisms that lead to prevention of potential quality problem before it occurs or the rapid
detection of quality problems if they are introduced.
• Examples:
– Light on if the car door is not properly closed
– Warning beep if the engine is turned-off when lights are on For More Visit
Characteristic of a Poka-yoke device www.VUAnswer.com
• It is simple and cheap
• It is part of the process
• It is located near the process task where the mistake occurs
Software Configuration Management (SCM)
You may recall that software configuration management (SCM) is one of the five KPA required
for an organization to be at CMM level 2. The basic idea behind SCM is to manage and control
change. As defined by CMM, the purpose of SCM is to establish and maintain the integrity or
software products through the project’s life cycle. SCM involves the development and application
of procedures and standards to manage an evolving software product and is part of a more general
quality management process.
As mentioned by Bersoff, no matter where you are in the system life cycle, the system will change,
and the desire to change it will persist throughout the life cycle. It is therefore essential that we
manage and control it in a fashion that this continuous change does not convert into chaos.
Change Chaos
This frequent change, if not managed properly, results in chaos. First of all there would be
problems of identification and tracking which would result in questions like the following:
“This program worked yesterday. What happened?”
“I fixed this error last week. Why is it back?”
“Where are all my changes from last week?”
Then there are problems of version selection. The typical problems faced are:
e/faulty change?”
This is not all. There may be more chaos in the following shapes and forms:
Configuration management
Configuration management is concerned with managing evolving software systems. It
acknowledges that system change is a team activity and thus it aims to control the costs and effort
involved in making changes to a system.
SCM involves the development and application of procedures and standards to manage an evolving
software product and is part of a more general quality management process.
Baseline
When released to CM, software systems are called baselines and serve as the starting point for
further development. A baseline is a software configuration management concept that helps us to
control change without seriously impeding justifiable change. It is defined by IEEE as:
A specification or a product that has been formally reviewed and agreed upon, that thereafter
serves as the basis for further development, and that can be changed only through formal change
control procedures.
Release Numbering
Release numbering is a mechanism to identify the product’s functionality state. Each release will
have a different product state and hence will have a different release number. Although there is no
industry standard, typically, a three field compound number of the format “X.Y.Z” is used. The
different fields communicate functionality information about the product release.
The first digit, X, is used for the major release number which is used to identify a major increase
in the product functionality. The major release number is usually incremented to indicate a
significant change in the product functionality or a new product base-line.
The second digit, Y, stands for feature release number. The feature release number is iterated to
identify when a set of product features have been added or significantly modified from their
originally documented behaviour.
The third digit, Z, is called the defect repair number and is incremented when a set of defects is
repaired. Defect repair/maintenance is considered to be any activity that supports the release
functionality specification and it may a fix for some bugs or some maintenance to enhance the
performance of the application.
Internal Release Numbering
A special type of release is internal release. Internal releases are used by the development
organization as a staging mechanism for functionality. The most common internal releases are the
regular builds. A common way to number internal builds is to use the same release number that
Change control
James Back points out the difficulties related to change control as follows:
Change control is vital. But the forces that make it necessary also make it annoying. We worry
about change because a tiny perturbation in the code can cause a big failure in the product. But
it can also fix a big failure or enable wonderful new capabilities. We worry about change because
a single rogue developer could sink the project; yet brilliant ideas originate in the minds of those
rogues, and a burdensome change control process could discourage them from doing creative
work.
That is, like all engineering activities, change control is the name of a balancing act. Too much or
too little change control creates different types of problems as uncontrolled change rapidly leads
to chaos.
Change Control Process
The first component of the change control process is the Change Control Authority (CCA) or a
Change Control Board (CCB).
Whenever a change is required, the CCB decides whether to allow this change to happen or deny
it. If it is decided that a change is needed, an Engineering Change Order or ECO is generated. An
ECO defines the change to be made, the constraints that must be respected, and the criteria for
review and audit.
Configuration Audit
Configuration audit ensures that a change has been properly implemented. It involves formal
technical reviews and software configuration audit. Configuration audit assess a configuration
object for characteristics that are generally not considered during audit.
It looks into the following aspects of the change:
Has the change specified in the ECO been made? Have any additional modifications
been incorporated?
Has a FTR been conducted to assess technical correctness?
Has the software process been followed?
Requirement Traceability
It is important to trace requirements both ways. That is from origin of a requirement to how it is
implemented. This is a continuous process. It is also important that the rationale of requirements
must also be traced. Traceability is important for the purposes of certification, change impact
analysis, maintenance, project tracking, reengineering, reuse, risk reduction, and testing. That is it
plays an important role in almost every aspect of the project and its life cycle.
Environment Assessment
The legacy system also needs to be assessed from an environment’s perspective. This involves
looking at the supplier, failure rate, age, performance, support requirements, maintenance cost, and
interoperability.
These angles are elaborated in the following paragraph:
Software Reengineering
Software solutions often automate the business by implementing business rules and business
processes. In many cases, the software makes the business processes. As these rules and processes
change, the software must also change. A time comes when these changes become very difficult
to handle. So reengineering is re-implementing legacy systems to make them more maintainable.
It is a long term activity.
Software Reengineering Process Model
The software reengineering is a non-trivial activity. Just like legacy migration, careful analysis
must be carried out before a decision for reengineering is taken. The following process model can
be used to reengineer a legacy system.
Reverse engineering
Reverse engineering for software is a process for analyzing a program in an effort to create a
representation of the program at a higher level of abstraction than the source code.Reverse
engineering is the process of design recovery. At this stage, documentation of the overall
functionality of the system that is not there is created. The overall functionality of the entire system
must be understood before more detailed analysis can be carried out.
Reverse engineering activities include:
Reverse engineering to understand processing
Reverse engineering to understand data
– Internal data structures
– Database structures
Reverse engineering user interfaces
Program Restructuring
In this case we modify source code and data in order to make it amenable to future changes. This
includes code as well as data restructuring. Code restructuring requires redesign with same
www.VUAnswer.com
Continuous Representation
Continuous representation allows you to select the order of improvement that best meets your
organization’s business objectives and mitigates your organization’s areas of risk. It enables
comparisons across and among organizations on a process-area-by-process-area basis and provides
an easy migration from EIA 731 (and other models with a continuous representation) to CMMI.
Capability Levels
A capability level is a well-defined evolutionary plateau describing the organization’s capability
relative to a process area. There are six capability levels. For capability levels 1-5, there is an
associated generic goal. Each level is a layer in the foundation for continuous process
improvement. Thus, capability levels are cumulative, i.e., a higher capability level includes the
attributes of the lower levels. The five (actually six) capability levels (starting from 0) are
enumerated below in the reverse order, 5 being the highest and 0 being the lowest.
5 Optimizing
4 Quantitatively Managed
3 Defined
2 Managed
CS605 SOFTWARE ENG FINAL TERM COMPREHENSIVE NOTES
CONTACT:03345818234
BY MUHAMMAD SAEED
1 Performed
0 Incomplete
Comparison of Representations
Staged
Process improvement is measured using maturity levels.
Maturity level is the degree of process improvement across a predefined set of process areas.
Organizational maturity pertains to the “maturity” of a set of processes across an organization
Continuous
Process improvement is measured using capability levels.
Capability level is the achievement of process improvement within an individual process area.
Process area capability pertains to the “maturity” of a particular process across an organization.
Advantages of Each Representation
Staged provides a roadmap for implementing groups of process areas and sequencing of
implementation. It has a familiar structure for those transitioning from the Software
CMM.
Continuous provides maximum flexibility for focusing on specific process areas according to
business goals and objectives and has a familiar structure for those transitioning from EIA 731.
As the staged representation requires all KPAs to be addressed at a particular level before a
company can move to the next maturity level, it may not be easy for small companies to implement
this model. There may be a number of activities that may not be relevant to their type of work but
they would still have to do them in order to be at a certain level. On the other hand, organization
can focus on their own areas of expertise and may be able to achieve high capability levels in some
areas without bothering about the rest. This is a great advantage for small organization and hence
this model is believed to be more suitable for small Pakistani organizations than the staged one.
CMM Overview
CMM Maturity Levels
There are five levels defined along the continuum of the CMM and, according to the SEI:
"Predictability, effectiveness, and control of an organization's software processes are believed to
improve as the organization moves up these five levels. While not rigorous, the empirical evidence
to date supports this belief."
www.VUAnswer.com