Software Engineering Modern Approaches
Software Engineering Modern Approaches
Prefa C X IV
••
Acknowledgmen ls XVII
Part I Introduction to Software I TI, e Coa ls and T e rm ino logy o f Software Eng ineering I
Engineering 2 Inlroduclio n lO Q uality and Metrics in Software
Engi nee ring 21
Part II Software Process 3 So ftware Process 32
4 Ag il e Software Processes 63
5 Q ualilY in the So ftwa re Process 80
6 So ftware Co nfig uratio n Manageme nt 120
Part 111 Project Management 7 Princi pl es o f So ftware Project Management I 140
8 Princ iples o f Software Projec t Management II 168
9 Q uality and M e trics in Projec t Manageme nt 21 3
Part IV Requirement Analysis 10 Principles of Require me nts Anal ysis 2 30
I I Analyzing Hi gh -Level Requ irements 245
12 Analyzi ng De tail ed Requirements 278
13 Q uality and Metrics in Require me nts Analysis 331
14 Formal and Eme rg ing Me thod in Requireme nts AnalysiS
(O nline chapte r) 349
Part V Software Design 15 Princ iples of So ftware Desig n 350
16 The Uni fie d Model ing Language 36 1
17 Softwa re Desig n Patterns 383
18 Softwa re Arch itecture 438
19 Detai led Design 476
20 Design Q uality a nd Metrics 508
21 Adva nced and Eme rgi ng Me tho ds in Software Design
(O nline c ha pler) 538
PaTt VI Implementation 22 Pri ncip les of Im p leme ntallo n 539
23 Q uality and Metrics in Imple me ntation 58 4
24 Rcfacloring 60 I
~--~-----------------
Part VII Testing and 25 Inlroduc tl o n lO oftware T esting 62 1
Maintenance 26 Unit T e ting 630
27 Mo dule and Integratio n T esting 666
28 T e<llOg a t the y< te m Le vel 694
29 Software Mai nte na nce 730
C lossary 759
Index 767
Contents
..
Acknowledgments . ... _ . _ .. . • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • XVlI
•
• • •
• • • • • • • • • • • •
, ,
,;-
32
33
o(twarc: Pro css Models
a,>~
•
tud y S tud nt Team CUldanLc •
•
•
• •
• •
•
• •
•
•
•
•
• • •
,-
CONTENTS
15 Principles of Software Design .,' ,.,' .... . ... . , . . , .... , " " , . ,.' , . . .., .. ,. 350
15. 1 The Goals of Software Design ,.,., •. " .. ', . .. ' , .. " ... ," , ., .• ', ... ,. 35 1
15.2 Integrating Design Models ... , ... , . .. . . . . . . . . . • . . . . . . . . . . . . . . ' . . ' .•. ' 354
15. 3 Framework.s ... . . . .. . . . . .. .. . . . . . . . . . . . . . . . . . . . . . . . . ........... . .. 357
15.4 IEEE Standards for Expressing Designs . , .. . . ... ' . . , ... . ' .... . ' , . . . . . . . , .. 359
15.5 Summary . ..... , ' . , .... , . .. ' ,. , . , ' . , . , ' , ... , . ' , . , . , .. , . . . . . . . . . , 359
15.6 Exercises ....... __ ... . .. . .. . . . . . ....... . ..... . . . . ... . . . . . . . . . . . " 360
16 The Unified Modeling Language , . . •. ,., . , .. ,., . . , . . ' , ' .. , , .. ' , , , • ' , .. . ... . 36 1
16. 1 Classes in UML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . ....... , ...... . . 362
16 ,2 Class Relation hips in UML , .. " . , . " . , .... , . .• , .•...... . . . •. ' .... , .. ,' 6 1-
16.3 Multiplicity ..... ... ... . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... . .. 364
16.4 Inheritance . . . . . . . . . ....... .... . . ..... .. . . . . . . . . . . . . . . . . . . . . .. . 364
16.5 Seque nce Diagrams ... ......... . . ............. ..... .. . • • • • • • • • • • • • 368
16,6 State Diagrams ..... .. ..... .. ..... . ... . ............. . ........... . 372
16.7 Activity DiaglClm ....... ..... . . . . . . . . . . . . . . . . . . . . .. . .. . . ... ... . 374
16,8 Data Flow Models . . . . . . . . . . . ... .. . ..... . . . . . . . . . . . . . . . . . .. ..,. 376
16.9 A DeSIg n Example with UML . , , , . , ' , . , " .... , .... ' ,., .. , . . . . . . . . . . . 377
16. 10 Summary . . . . . . . . . ,. . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . .. ... ... . 380
16. I I ExerCises . . • • • • • • • • • • • • • • • • • • • • • • • • ••
• •• •••••••••••••••••
• 38 1
BIbliography • •• .
.. ....... . ........,. ....... . , , . . , . . " . .. 382
17.5 Sci c.tcd reall o nal De<ij(n Pa ll ern ~ , , ' " . . .. , , , , , , , '. 400
de ted truclUral J)c,i~n Pall e,"' . . , . .• ... .' . . .•. , , 408
176
CONTENTS
20.7 Degree of pace EfficIency as a Design Quality Measure . . . . . . . . • . . . . . . ... .... 519
20.8 Degree 01 Reliability as a Design Quality Measure . . ... . ... ... ... • . . ....•... 521
20.9 Deg ree 01 Secun' ty as a D eSlg"
' Q ua I'tty M c,asurc .... ... . . ... . . ............... . 523
10. 10 A essing Quality in Architec rurc Selection ... ... •......•.... .. • . .. . . . •. .. 525
10. 1 I As essing the Quality of Detailed Designs . . . . . . . . . . . . . . ..... . . ... . . .... . . 531
20. 12 Sunlmary . . . . . . . .. .. .. .. .. ... . .. . .. . . . . . . . . . ... .... . .... . . . . . . . . . 536
20. 13 Exercises . . . . .... . . ..... . . . . . . . . .. .. . . . . . . . . . . . . . . . . . . . . . .. .... . . 536
Biblio~paphy . . . ...•..... ... ... . . . .. . .. . .. . ..... . ... . ..•... . ...... 537
PART VI Implementation
22. 16 ExerCises . • • •• • ••
.,.,. • • • • • • • • • •••• •• • • • • • 8t
BiblI ograp hy ., , . • • • , ... . .. .
. , ... •• •••• • • •• • • • • •• • 58
Glossary . • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 759
Ind~x ... .. • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 767
preface
Mu h of the mod"rn world nln ' n software As a result , ,oftware e ngineers arc e ntnl ted with signincant
rc<po n<lbd,ty Although It is. biomedical engi neer, for examp lc, who deSig ns hea lth mOnito ring systems, it is
a sohware engi neer who creatc' its a tual contro l functions . A marke ting profess io nal deve lops ways to reach
u, tomcr> o nlme but It IS a software e ngineer who makes the system a reality .
T oday's . oftware eng.netr must be able to partl Ipate In mo rc than o ne kind of software process , work in
agile tea ms, deal with custo mers , expres requirements clearly , crea te modul ar deSigns, utilize legacy and
o pen <ouree projec ts, mo nitor quality , incorpo rate security, and apply many ty pes of tests.
A software application consists of tens, "undreds, even thousa nds of classes. This is very different from
managi ng three o r rou r of them , and resu lts in the dragon of complexity suggested by this book's cover. As
al 0 ugge ted there, however. thiS dragon ca n be subdued. Indeed, to deal with numerous and complex
c1asse , softwa re engi neers ha ve at their di sposal a wide variety of too ls and techniques. These range from the
waterfall process to agile methodologie . from hig hly Integ rated too l suites to refac toring and loosely coupled
rool se ts. Underl ying this variety IS co ntinumg resea rch into reliable approaches, and an acknowledgment of
the fac t that o ne Size docs 110t fit all projects.
The ~rst edition or this book emphasized the object-oriented approach, which ha subsequently
become widespread. It was also designed to help tudent teams cany out hands-on tenn projects through
theory, exampb. case studies, and practical steps O bject-orientation and hands-on continue to be major fearunes
or this edilio n. However, we hav~ widened the scope of the first editio n, especially by including extensive
coverage of aglie methods .nd refactonng, together with deeper coverage of quality and SOrlWare design.
Readers of the first edi tion made extensive usc of the complete video ga me case srud Y-d n example that
they could follow "from soup to nu ts" but which was signiRca ntl y mo re comprehensive than a toy This edition
retains and updates that case study, but it adds the exploration of a simpler example o n one hand (a DVD rental
lore) and large, real, o pen source case stud ies o n the o ther. In parti cular, to provide students a feeling for the
scope and complexity of real -world applicatio n , this book leads them through elected requirements, design,
Implementati on, and mall1tenance or the Ecli pse and Ope nOfAee open souree projects. The ize, complexity,
and transparency o r these projects provide s rude nt~ a wll1dow into <oftware en!!lI1eeri ng o n • reali Ii scale.
Every book o n software engineeri ng races a dilemma, how to reconcile the organ iza tion of the fopi
with the o rga ni zatio n of actu.1 software prOject phas,s An orga l1l zatlo n of chapters into procc project
management/requirements anal ysisldcSlgn/ lmplernentation/te,t/maintenancc i straightfo rward but IS ".ble
(0 be mlSi nterpretl'd as pro motll1!! the waterfall development pro e" at the expense o thel'<. ur approa h has
been to ,,'e th" org. nlzatlo n In the <even part< of the book but to demo n<trate throughout that e. h phase
PREFACE •
lYl.'ica ll y belongs to a cycle rather than t'o a si ngle waterfall sequence, In particular, our approach integrates
agtle methodo lOgies co nsistently.
This e dition also introduces somewhat advance d inAuentia l ideas, including model-driven arc hi.
!ectu~s and aspect ·oriented programmmg . Nowadays, formal methods are mandated by government
agenCies for the hig hest level s of security, and this book aims to educate readers in their possibilities. Due
to print space limitations, some of thiS material is to be found in the online extension of thi s book.
In summary, specifk features of thi s edit ion compared with the first arc as follows :
• A sharpe n ing and standardizatio n of the material from the first edition
• A strong agi le thread throughout, including a chapter o n agility alone and one devoted to refactonng.
• A separate chapter on quality in six of the book's seven pans
• Real -world case studies, taken from the Eclipse and OpenOffice o pen source projects
• Greatly expanded coverage of software desig n and design patterns
• Detail s
• Quality
• Advanced Methods
This book has been designed to accommodate multipl e approaches to the learnin g and teaching of software
engineering . M ost instructors teach the fundamental s of soft,vare process. project management, requirements
analysis, design . testing . implementation , and maintenance Beyond th is comm o n ground, however.
instructors empl oy a wide va riety of styles a nd e mphases. The follOWing are majo r approaches. together
with the sequence of c hapters that support each of them.
D. TlDo-sm,sl" coursr, whi h enables th e in~tructor to cover mo t top I s and a ' I ~n a lib tant lal hand, -o n
project
PREFACE
Df, All of the chapte ~ 111 the book, either in sequence "ro m beginning to e nd
or
E. EmplJa,i, on II I" md,-on projecis " Old caSt ,'udies, which relics mos tly on an active team or individual project as
the vehicle for learning theory and principles
Principles and introduction c hapters : C hapters I, 3, 7, IS, 22, 25 , and 26, and all case study sections in
the remaining chapters
F. Tbtory and principles e,"ph"sis, conce ntrating o n what one can learn about software engineering and its
underpinnings
Principles and introduc tion chapters : Chapters I, 2, 3, 7 , 15, 22 , and 25, followed , as time allows, by
C hapters 14 and 21 (emerging topics)
The web site for this book , including review questions and the Encounter game case study, is
www.wiley.com!coll egeJbraude.
Eric Braude
Michael Bernstein
Boston , MA
January 20 I 0
owl ments
We owe a debt of gratirude to o ur srudents at Bosto n UniversIty's Metropohtan Coll ege. Working in myriad
industries and busi nesses, they have give n us invaluable feedback . The Coll ege itself has provided a model place
fonhe teaching and learning software engi nee ring . Ounha nks go to Dick Bostwick a nd T o m VanCourt, much
of whose work in the first edition carries over to this o ne. We are grateful to the peo ple of Wiley fo r workin g with
us through the painstaking process of writing and publishing th is book. We are particularly appreciative of the
help from our editOrs, Dan Say re and Jonatha n Shipley; from Ceorgia King, Yee Lyn Song, and the indefatigable
staff. We thank the reviewers of o ur manuscript, whose feedback has bee n invaluable :
Arvin Agah , Un iversity of Kansas
Steven C. Sha Her, Pennsylvania State University
Stephen M . Thebaut , University of Florida
Aravinda P. Sistla, Un iversity of Illinois, C hi cago
James P. Purtilo, Unive rsity of Maryland
linda M . O tt, Michigan T echnolog ical Un iverSity
Jianwei Niu, Un iverSity of Texas, San Anto nio
W illiam livel y, Texas A&M University
Chung Lee , Ca li fornia State Un iversity, Pomona
SudiptO Chosh , Colora do State Uni versity
Max I. Fomitc hev, Pennsylvania State Un iversity
Lawrencl" Bernstein, Steve ns Institute of T echnology
John Dalbey, California Poly tec hn iC Un iversity
Len Fisk , C alifornia State Un iversity, C h ico
Ahmed M . Sa le m, Ca lifo rni a Sta te Un ive rSity , Sacramento
Fred Strauss, New York Un iver ity
Kai H . C hang, Auburn Unive rSIty
Andre van de r H ock, UnI versity of Ca lifo rn ia , Irvine
Saeed Monemi , Ca hfo rni a Po ly techn ic Unlver ity
Robert M . C ubert, Un ivers Ity of Florida
Chris T seng, San Jose State UniverSity
Michael Jame Payne, Purdue Un ive rsity
Ca ro l A. Wel lington , h ippensburg Un iversity
¥ifel Dong, UOIvcrSlty o f Ok laho ma
Peter Blanc hfIeld , Nottingham Un iversity
Desmond Creer, Queen'< UnIversi ty Belfast
We IQ , Yan , Que!:n's University Belfa st
bigham Mahmood, Derby Uni vers Ity
~rcl P,cterSo n, H OKcsc hool Van Amsterdam
. book
IS wou
Id
not
h
ave
~ - po'<lblc
""en ,
WlthOllt the onstant lovc, patlen e. and encouragement of Ollr fan"l,c
Th
The Goals and Terminol
•
o So ware En ..• neenn
The Software
• What are its main actMtles?
Development
Ufecycle • What ale the principles of software
engineering?
Figure 1.1 The context and learntng goals for this chapter
Th e goal o f o ftw arc eng ln ee nng , and the theme of thi S book, I th e creati o n of oftware sy tern th at
meet the needs o f cu t o m e r and arc reliable, d fic lent , and ma i ntainable. In addition , the 'y tern h ou l d be
pro duced 10 an eco no mica l fa sh io n, meeting prOject sc hedul es and budge t . ThIS I no ca y task, espeCiali
(o r large , complex applicatio n TIllS c hapt cr Introduces th e fi eld o f oftwarc c ng ln ee fln g and e, pl. IO " h ow
.t addresses th e<e goa ls. We hrst ex pl ., n the term "so ft ware c ngincenn g," sho " ' IOg th at.t on" h of man\'
pan s.
2 CHAPTER 1 THE GOALS AND TERMINOLOGY OF SOFTWARE ENGIN EERING
OJIoI'." ",gln",;n!! b on englOeering dl scip hn~ thot lOvo lves all ospects of deve loplOg ond maintalOlO!! a
software prodo t Enginee nng discl pline< suc h os lvii , I11cchonlca l. and clectricollnvolvc the deSIg n . analysIs,
and con tm tlon of an "tibct for some prac tIca l purpose ' o ftwarc e nginee rin g IS no exce ptI o n to thiss--
>oftware produc ts certainly hav~ pra tica l purposes.
Th~ IEEE deRnes Software Engineering [ I ) as follows ,
I. The app lication of a systematIc. disciplined , quanti Rab ie approach to the development, oper.lt lon and
mainte nance of soft wore, that is, the application of englOeenng to so ftware .
As this deRnition sugge ts, it's not on ly what is produ cd that's important but a lso II011J it is produced
Eng,"eenng disciplines employ an established set of sysln.alic, dis iplin,d, and qlUmlifiab[, approaches to the
development o f anifacts. By thoroughl y applyi ng an analogous set of approaches to the development of software,
we can expect the production of software that is h ighly reliable, is maintainable, and meets speclRed
requirements. A dISciplined approach is panlcularly imponant as the size of a software project grows. With
increased size comes greatl y increased complexity, and applying a systematic and disciplined approach is criticaL
One of the first uses of the phrase "software engi neeri ng" wa in 1968, by a NATO Study Group on
Computer Science [2]. A conference was o rganIzed at that time, motivated by the "rapidly increasing imponance
of computer systems in many actiVIties of society ." The Study Group focused their attention on the problems
with software, and held a working conferen ce o n Software Engineering that turned out to see far into the future.
The foll owing are some quo tes fro m the conference that summarize the cause for their concern:
The basic pro blem IS that ccnain classes of systems arc placing demands o n us which are beyond
our capabilities and o ur theori es and methods of design and production al this time .. It is large
systems that arc encounteri ng great difficulties. We shou ld not expect the production of such
systems to be easy.
Panicularly alarming is the seemingly unavoidable fallibility of large software, since a mal .
function in an advanced hardware-software system can be a matter of life and death .
Programming management will continue to dt-scrve its current poor reputation for cost and schedule
dfectiveness until such time as a more complete understanding of the program desIgn process is achieved.
O ne of the problems that is central to the so ftware produc tion process is to identify the nature of
progress and to find some way of measuring It.
Today we tend to go o n for years. with tremendous investment to And that the sy tem, which wa
not well understood to stan with, docs not work as anticipated. We build system like the Wright
brothers built airplanes build the whole thing . push It off the cliff, le t it crash, and sIan over again.
The Study G roup discussed possible tec hniqucs and me tho ds that mIght lead to solving these problems.
They deliberately and provocatively used the term "software engineering," with an emphasis on engineering,
as they wanted to "i mply the need for software manufacture to be based on the type of theoretICal
foundations and practical disciplines that arc traditto nal in the establi hed branches of englOcering: The
believed that If these foundations ond diSCIpline were applied to bUIlding software s stems, the qualtt of the
resulting systems would be vastly improved.
Today, many of the issues they identified are addre<sed by evolvlllS software engineering techniques
and practices even as the ,cope of applications has incrcosed dramatically . Throughout this book we examIne
these practices and explalll how they con tribute to prodUCing high. qunlity software. 8efor.. doing that,
WHY SOFTWARE ENGINEERING IS CRITICAl ' SOFTWARE DISASI ERS 3
however, it IS instructive to begin cxanllning why softwa re fails in th e first place, and how some fai lures can
tv"" le.d to ca tastrophic results.
Even WIth the best of intentions, a large number of software projects tod.y are unsuccessful, wit h a large
percentage never completed . Worse , quite a few software projects still end in d,saste r, causing a loss of
money, rimc , and tragically , cvc nl ives. \Y/c review some reprcscnta[ivc samples here as cau ti onary ta les. In all
cases, the method employed were inadequate for th e complexi ty of the required application . Failures such as
these motivate us to conti nually ask: How can we: apply softv.1are engi neeri ng methodologies to ensure the
appropriate level of qualoty in software applications)
The FBI's Virtu.11 Case File system was intended to automate the FBI's cumbersome paper· based case system, allow
agents to share invtstigative onfo rmati o n, and replace obsolete systems. Instead, after an expenditure of $ 170
millIon, the result did not accomplish these objectives
•
at all . 111e effect ha been to inhibit the FB I from growing its
crime-fighting mission despite the growth in terrorism and the increased sophistication of many criminal
organizations. All of7oo,ooo lines of code, costing $ 100 million, had to be ahandoned. Poorly defined requirements,
networking plans, and software development plans were cited by investigators as causes for thi disaster.
' O n 4 June 1996, the maiden flight of the Ari..O( 5 launcher e nded in failure . O nl y about 40 seconds after in itiation of
the flight sequence, at an altitude of .bout 3700 m, the launcher veered off its flig ht path, broke up and exploded: [3)
The cost of develo ping Ari..O( during the preceding decade has been estimated at $7 bi llIo n. A significant fraction of
this was wasted on June 4, 1996. Anlm, 5 itself. oneluding its speCific develo pment, has been va lued at $500 million .
The source of the problem was desc ribed in the ofnc ial repo rt [3) as follows (italics added ),
The internal Inertia l Referen ce System software exception was caused during execution of a data
conversion from 64·bit flo. ting point to 16 -bit Signed intege r va lue. The floatong , point number
which was converted had a value !o'Teater t han what could be represented by a 16·bit signed
integer. This resulted in an Operand Erro r. T he data co nversion instru cti o ns (in Ad. code) were
not protected (rom causi ng an Operand Error.. . Tht (rror occurrrd in a pari oj Ibt 5o!fwart that only
performs a lignment of th e strap· down inertial platfo m1 . This software module computes mean·
ingful resu lts on ly before lift ·off. As soo n as the launcher lifts off, this fu nction serves no purpose.
In other words, the data conversIon code itself was ' correct" but was called upo n 10 execute when it should
not have been . The defect lay wit hin controlling code. This ki nd of problem is easy to desc ribe but not ea y to
aVOId because many people ore involved in large projects. Large projects become extraordin.nl>' omplex.
Development efforts like AnaH' ca ll for extensive edu ca tI on and coordinati on w lthon project manage men t, quality
as~rancc, conAguration management, architccture, detai led de i8 n, programmins, and te ling organizations.
Dependmg on how th e project was organized an d designed , anyone of these organizat Io ns could have been
partly responSIble for ,;eem!! to It that the code on qu(,,,ion wa< not called after Ilftofr.
As software co ntrol~ an ever-In rca~inu numher of devi (,S, It, rclmh llily " cominJ.( undt"r in rt:ali;lflgly tOt t-nsc
scrutIny. I" the prOject manaflernent maUaz lnc 13..,lm" DebbIe ,.ge, Jo hn M om1lck, ~ nd Bcna Ramon. wro te
4 CHAPTER 1 THE GOALS ANO TEI1MINOLOGY OF SOFlWARE ENGINEERING
of a la,,,su1I allqjlng "nta,sive overdo,e, 01 gamnt. ray' partly due 10 Ilntitallons of lhe computer program lhat
gUIded l>se or a panicu lar radiallolHherapy machine. TI,ey reponeclth ... following . "The International Atomte
Energy genc saId In May 100 I lhal alleaSl flve of lhe dealhs were probably (rom rodiatlon pO"Ontng (from the
rna hine) "nd al leasl 15 more pallenlS ri,ked devcioping 'serious compltca ltons' from rodial lon • [4 JThe defecl
dId nOl show up unt il a ,ignificanl lIme afler rd ease, and o nl y after cenain scquenCL'S of operator action,.
The fo ll owing des ribes the software defect , and IS quoted (rom [5].
etting the bending magnet tak,:s aboul 8 seco nds Mtl9n" ca lls a ubroutinc called Plim, to
introduce a tIme delay . ince several magnels need to be ,et, Plim, is entered and exited several
time A nag to indicate that bendi ng magnets arc being se t is initia lized upon e ntry to the Mti9n,'
subrOlltlne and cleared at the end of Plim,. Furthe nnore, Plim, c hecks a hared variab le, set by the
ke yboard handler, that indicates the presence of any edi ting requests. If there arc edits, then Plim,
clears th e bending magnet variab le and exits to Mti9"" , whic h the n exits to Dattlll. But lhe edit
change va riabl e IS c hecked by Plim, o nl y if lhe bending magnet flag is set. Since Pllm, clears it
during its first execulion , any edlls performed during each succeeding pass lhro ugh Ptim, will not
be recogntzed. T hus, an edit c hange of th e mode or energy, althoug h reflected on the operator's
scree n and the mode/ energy offset variable, wi ll not be se nsed by Da I", I so il can index the
app ropriate ca libration lables for the mac hine parameters. I
This is a fairly involved explanatio n but no t al all beyond the complexity of man y software systems in
existe nce today . When should th is type of e rror have been fo und] If sound ohware e ngi neering d iscipline
h ad been employed during all phases of the project, there would have been several opportunities in the
development process to detect it.
r
Readers who wish to know about more software disasters, big and small , are referred to Neumann 6), who discusses
risks. problems, defects, and disaslers relati ng to reliability, safety, security vulnerabilities, integrity, and threats to
privacy and well ·bei ng. Another source is the ACM publication Softwar, Engin,rring Nolrs and its Risks Forum [7].
Thankfully , nOl all software projects e nd in the rypcs of disasters described above, but fa r tOO many end in
failure . What docs il mea n for a software project lO be unsuccessful] Simpl y put, an unsuccessful projcct is one
thaI fails to meel expeclations. Mo re specincally, the undesi rable outcomes ma y include the followi ng ,
• Over budget
• Exceeds schedule andlor misses market wi ndow
• Doesn't meet staled customer requirements
I Lc:v(nson . N.ncy , .nd Turner C.S., "An Inve<llg3tion of lhe ne,. · 25 ACCident.: IEEE Comput.r, Vol 26, 0 7,
July 1993 , pp. I~l , co pyrig hl 1993 IEEE
SOFlWARE ENGINEERING AcnvmES 5
Falling to meet j ust one of these objectives can cause a project to be deemed unsuccessful. For example,
if a project is completed under budget, meets all requirements and functionality, has high quality, good
performance and is easy to use , it still may not be successful If the schedule was missed and no customers are
willing to purcha e it as a result .
Charette [8 ) notes that there are many underl yi ng reasons software projects are unsuccessful , including,
• Unmanaged risks
Unsuccessful software projects usually fall victim to several of these . T o reiterate , the goa l of software
engineering, and the theme of this book, is the creation of software systems that are relidble, effiCient,
maintainable, and meet the needs of cuSlOmers. Software engineering provides the tools and metho dologies
necessary to accomplish these goals, resulting in the development of successful softwa re systems.
We'll end this section on a positive note. The authors feel that software engineering has improved greatly,
when measured fairly . Projects of equal ambition can typ icall y get done far more successfully now than 10 years
ago. The issue really is that the ambition and scope of, applications have grown enomlOusly. The Eclipse software
development platform , which this book uses as a ca e study, is an excellent example of a successful application .
This is largely due to its Aexible design , inclusive requirements process, and thoro ugh testing.
The production of software systems can be extremely complex and present many challenges. Sy tltms, especially
large ones, require the coordi nation of many plOpl" ca lled s takeho lders, who mus t be organized into t~am s and
whose primary objective is to build a produ I that meets de ancd requireme nt The entire effort must be org,mud
, C h.",,, , Rober!, ' Why oftwar< Fa ds: IEEE pcc,rum, Vol. 42, No. 9, epl<ll1b.r 2005, pp 42-49, opyright I
2005 IEEE
6 CHAPTER 1 THE GOALS AND TERMINOLOGY OF SOFTWARE ENGINEERING
• People
• ProlCLl .takcholders
• Product
• TI,e software product plu$ a socia ted document>.
• Project
• The J tlville amed Ollt to produce the product.
• Process
• Framework wIthin which the tcam carries o ut the aClivilie necessary to build the product.
into a cohesive proj<c/, WIth a solid plan for success. Finally , to successfully develop the product, the activities of
the people must be organized through u e of an orderly and well ·defined proass. Collectively, these activitIes are
known a the 4 P's of software engineering, people , product , project, and process. Successful software projects
mllst adequately plan for and address all of them . Sometimes, the needs of each of the P's conflict with each other,
and a proper balancc must be achieved for a prOject to be successful. Concentrating on one P without the others
can lead to a project's failure . For example , if people are organized into efncientteams and given the resources
they need to perform their roles, a project can stil l be unsucc~"Ssful if there's no den ned software process to follow,
as chaos an ensue. The 4 P's are summanzed in Figure 1.2 and are discussed in the sections that follow .
1.4.1 People
People are the most Impo nant resource on a software project. It is through their effons that software is
successfully constnlcted and delivered . Competent people must be recmitcd, trained, motivated, and
provided with a growt h path , which is no easy task . They are the lifeblood of any successful project.
Software development is often dictated by tight, market·driven deadlines and demanding lists of required
product features . Because of th is, only well -o rganized groups of engineers, educated and experienced in the
methods of software engineering, are capable of consistently carrying out these activities to everyone's
satisfaction . The alternative is often chaos and, all too fTequently , disaster.
Typicall y, severa l groups of people arc involved with and have a stake in a project's outcome. These are
called its sliJk,hold,rs . TI,ey include business management , project management , the development team,
customers, and end u ers. Although each group is motivated to see the project succeed, given their diverse
roles each has a different pe~pective o n the process. This is discussed next, for each of the gToups cited.
Business Management
These are people responsible for the busi ness side of the company developing the software. They include senior
management (e.g., V.P. Finance), marketing (e.g" Product Manager), and development managers. Their primary
focus is on business issues including pront, cost effectiveness, market competitiveness, and customer satisfaction.
They are typically not panicularly knowledgeable abollt or involved in the technical aspecrs of the project.
Project Management
Project managers are responsible for planning and tracking a project. They arc involved throughout,
managing the people, proce>s, and activities . They continuously monitor progress and proactively implement
necessary changes and improvements to keep the prOject on schedule and within budget.
SOFTWARE ENGINEERING ACTMTlES 7
Development Team
Software engineers are re~ponsible for developing and maintaining the software. Software developme nt
in lud~ many t~ks such as requirement gathering , software architecture and desig n, implementation ,
t~tlng, con Aguration management, and docume ntation . This book will have much to ay about each of these
topi .. oft",are engineers arc motIvated by man y factors including technical innovation, low overhead (e .g.,
a minimum of business· type meetings), and having the time and support to stay involved in technology .
Customers
C ustomers arc responsible for purchasing the software. They may o r may not actually use the software.
Customers may be purchasing it for use by others in their organization . They are primarily interested in
software that is cost-effective, meets speCific busi ness needs, and is of high quality . They are typically
involved in some aspect of specifying requirem enrs, and si nce they arc paying for the project, they have the
ultimate say in defining the requirements.
EndUsers
End users are people who interact with and use software after it is Anished bei ng developed . End users are
motivated by software that's easy to use and helps them pcrfo nn thei r jobs as efficientl y as poss.ible. For
example, once they become accustomed to and are effective using a particular user interface, they are
typically reluctant to accept major changes to it.
1.4.2 Product
The products of a software development effon consist of much more than the source and object code. They
also include project documentation (e.g., requirements d ocument, design spec ification ), test plans and results,
customer documentation (e.g., installation guide, command reference ), and productivity measu rements.
These products are o ften called artifacts, and arc summarized in Figure 1.3. Th is book describes the comp lete
set of ani facts.
Pan 111, o n software manage ment, describes project metrics and how they arc collected and used to
measure productivity.
• Project documentation
Documents produced during software dcR niti o n and deve lo pm e nt.
·Code
Source and object.
I art IV , o n requirement' ,na ly,i>, ex pla in, how to produce requirements that speedy what the product
" ""e nded to be
Part V explaI ns how to 'fleci(y so ftware designs. hapter 20 de,crlbe, software architectures C hapter
2 1 de,crlbes how to specl(y the detaded de,igns. Design patterns, a standard means of com municatI ng
Intelligently with each other about desIgn , arc described In haptcr 19.
Part VI di cusses Implementation (progra mming), Cmph3>IZII11! standards and precIsIon . A major goal IS
to help devel opers to wnte program that arc much easier to verify (or correctness
Part VII describes how to test the part~ o( an app lication, a well as the whole. It includes test procedures
that specify how te ts are onduc ted and the test cases that specIfy the input data for tests. Part VII also
describe. the types o( customer documentaroon artiFacts that are produced and their purpose
1.4.3 Project
A software project deRnes the activities and associated results needed to produce a software product. Every
project involves a SIm ilar set of activities: planning , determining what's required, determining how the
software hould be built to meet the requirements, implementing the softwa re, testing the software, and
maintaining it once delivt·r<·d to customers. These major project activities are summarized in Figure J A .
In addition to these activities, va ri ous development paradigms , techniques, and tools exist and arc
employed on different projec ts. A development paradigm is a way of thinking about the process of producing
software .
An example of a development paradigm , and one that is in wide use today, is the obj,cI-orirnt,d paradigm . It
was invented to make designs and code match the real world . That is, an object as represented in a software
de ign is patterned after a real · world object. For example, suppose that a banking application is to be bu.ilt
that includes support for customers, bank accounts, and transactions on the accounts. In an object·oriented
paradIgm , these real ·word concepts are represented in the desig n and implementation by corresponding
• Planning
• Plan , mo nitor, and control the software project.
• Requ.irements analysis
• Denne what to build.
• Design
• Describe how to build the software.
• Implementation
• Program the software.
• Testing
• Validate that software meets the requirements.
• Maintenance
• Resolve problems, adapt software to meet new requirements.
· I~ '
~-.- II'
\ ' ,.
D/rect correspondence
clas es. This greatly faci litates identifying and applying modi fica li o ns to a d esig n necessi tated by change to
real-world requirements. Fo r exa mple , if the steps executed durin g a particular lra",aclio" need to c hange. the
design can more ea ily accommodate this since there's a corresponding lra",aclio" object in the d eS ign. The
design representation fo r transactio ns is encap ulated within the transacti o n object, and mo di fica tio ns ca n be
applied mo re easily. Th is is illu trated in Figure 1.5. In no n-o bject· oriented langua gcs . the representation of a
real-wo rld concept such as a customer may be spread across man y d isconnccted pieces of source code .
1.4.4 Process
A ,oJlrDare process is a framework for carrying out the activities of a project in an o rga nIZed and di sc iplined
manne r. It imposes structure and hel ps guide the man y people and aCllv llies in a co bere nt manner A software
prOject progresses through differe nt ph.,,; , each interrelated and bo unded by tim e. A softwa re process
expresses the interrelationship among the phases by defining their o rder and frequency , as well as defining the
deliverables of th e project. Figure I names the majo r pbases and indicate the o rder ,n which they arc usua lly
perfonTlcd.
SpeCific software process implementatio n are ca ll ed ,oJlwo" prom, mod,i,. The re arc severa l suc h model ,
but most are based on either the u>a'tryall o r il". I,., d,,,riopmCII' models. Each of thcsc IS brieA descn bed below
Part 11 covers the evolutio n of software processes and de tails these plus several o the r of the most Importa nt
process models.
The lDaltrfall proem IS t he simp lest .oftwa rc process mo de l, and fonllS the basis fo r most ot hers. A pure
",atcrfall process dictates tha t phases arc impl emented in seque nce, with nO phasl' starting before the prev Io us
one ha~ almost omp lctcd T hat is , phases arc execu ted In a tri ti y sequential order, uSliall y With mall
overlaps Once a wa te rfall phase is fini shed It'S deemed co mpl ete for the projc t and there IS no need to return
to It. Vanallons of waterfa ll eXist where already <.omple tcd pha. es may be reVISited and min or updates
applied , as a result o f ",ork done o n subseq ue nt pha,cs . Waterfall begi ns with an in "ptl o n phase, wherl' tiw
product is co nceived and buslI1c', objec ti ves de fmed . Next is th e spe Iheation of the rcquiIX'Il1ent , foll o wed
by the d.c:s,sn pha,>c, the Imrl eme ntallon pha,c, thc tt" tln g phase, and Rnally the ma in tc nan (. ph.'e. FI/: ure
, 6 "Iustrates the main pha ses and the ir se'lucnee T hi S mea n, that th e I)fOCes, goes aro und the Ir Ie of
Figure 1. ' Just o nce.
Software development ra rely nce u" In th e ' lriU wa terfall seq uence . I,,,t ead, It SKIp, ba ~ and lort h
somewhat among rcq Ulr(' mcnl ~1 deS ign , Imp lcm nt alw l\ , llnd lC!rIling In praLltL C, lheo, we oflt:n U!JC' drratwt'
10 CHAPTLR 1 THE GOALS AND TERMINOLOGY OF SOFTWARE ENGINEERING
Tlmo
,
Requlremenls
Design
Implemenlation
Phases (ac/lvities)
)...Testing
Maintenance
processes for software deve lopment , in whic h all or some of the waterfa ll process is repeated several times.
Some processes dictate that activities may be carried out in parallel. In the agilt process, programmers
typically view implementation as part of desig n rat he r th an an entirely separate phase . Here. most phases in
the Circle of Figure I. I arc repeated frequently-as often as every two weeks . This book makes frequent
reference to agile methods.
When performed in a di scip lined manner, iterative styles can be highly beneficial. They are especial'ly
u eful when the requirements arc only sketchily known at the start of a project. A subset of the system is
constructed from a partial list of requirements, customer feedback is obtained , and additiona l requirements
are generated . This cycle repea ts until the complete system is built .
Since policy decisions about software process take place at a n organ izational level (company,
department , group , etc.), there is a need to assess the software development capabilities of organizations_
The Capability Maturity Model" (CMM ) is suc h a measu re . T he CMM and its successor, the CMMI ,
were developed by the Software Engineering Institute. The software engineering capability of individual
engineers can be developed and measured by th e Persona l Software Process SM (PSP) created by
Humphrey (9 ). The hi g hli g hts of CMM I and PSP are woven through some chapters of this book. A
third level of softwa re organization is Humphrey' Team Software Process" (TSP) [ 10], which describes
the process by which team s of software engineers get their work done . The Internationa l Standards
Organization (ISO) de~nes quality standards against which many organizations assess their softwa,..,
development processes.
Well thought·out documentation standards make it much easier to produce useho! , ,..,toable artifacts.
Several standards are available. Many companies provide in-house standards. For the most part , this book
applies the IEEE (Institute of Electrical and Electronics Engineers) software engIneering standard~, man of
which arc also sanctioned by ANSI (American National Standards Institute). Standard focu the process by
providing a baseline for engineer, instructor, and students. In pr"ctice, they are modified and tailored to
speciRc projects.
Software process is the subject of Part II of th is book
The Acid of software engineenng has matured greatly since it began ov~r 40 years ago. Throughout thIS tin,e
practitioners have learned valuable le.son that contribute to the best practices of today. Sonte have become
outdated, but many are still very relevant and widely implemented today. In hI< book [ II j, AI.n DaVIS
SOFTWARE ENGINEERING PRINCIPLES 11
6 . '"SpiC' oJ,
. Ptopl, Art ,Ix Kry '0SU CCI'SS
figure 1.7 Major principles of software engineering
gathe red 20 I principles that form th e foundation o f software e ngi nee rin g . Figure 1.7 hig hli g hts some of the
most imponant , and we exp lore eac h of the m .
Inspect Code
nm should be extended 10 read "In pect All Artifacts," where artdacis arc defined as any product of
the software development process including technica l specificati ons , test plans, documentation , and
code. Inspecti ons have been proven 10 Ind errors as early.< possible, increase quality , and decrease overall
prOject co t.
So far, we have discussed the parts, principics, and activities of software engineering . Assuming that thesc
are understood and assembled, we need 10 understand the socielal responsibilities of software engineers.
Reliance o n the ethics of software engineers has become an essentia l part of contemporary culture. To take an
example, it is simply nOI possible for a car driver to verify and validate the code for his car's cruise control or
for a patienl or rad,ologi sl 10 verify the correctness of the code controlling the X·ray machine pOinting at his
head. At some poinl, there is no choice but to assume that Ihe software crealed and installed in these and
other systems has been implemented correctly, and in a manner consistent with the public interest. This is a
matter of ,)hies.
The Mrrri.rn- W,h,'rr [ 12J online dictionary defines ethics as,
I the discipline dealing with what is good and bad and with moral duty and obligation
2_ a set of moral prinCiples
Most disciplines operale under a Hrict set of ethical standards, as published in a cOllcsponding code of
ethics, and software engineering is no exception . The ACM and IEEE have joinlly developed a o/flDarr
E"9i"rffln9 Cod, oj Elhies and ProJ",ion.' Prac)i" [ 131. The ACMIIEEE·CS Joint Task Force on oftware
Engineering Ethics and Professional Practices has recommended the document , and the ACNt and
the IEEE·CS have jointly approved Ihc standard for leaching and practicing oftw.,.., engineerins_ The
code includes a short and long version , with the shon version listed in Figure I.S. The shon versIOn descnbcs
Ihe code at a high level of abstraction . The long version cont.ins a number of clause corresponding to Nch
of the e.ght principles in Ihe short version, wilh each clause providing mo,.., details and examples. 80th
versions arc conlained In [ 131.
ETHICS IN SOFTWARE ENGINEERING 13
PREAMBLE
The short version of the code summari zes aspirations at a high level of the abstraction, the clauses that arc
included in the full version give examples and detail of how these aspirations change the way we act as
software engineerirlg professionals. Widl0U! the aspirations, the details ca n become legalistic and tedious,
without the details, the aspirations can become high sounding but empty; together. the aspirations and the
detatls form a cohesive code.
Som..'are engi neers shall commit them elves to making the analysis , specification, design , development,
testing and maintenance of software a beneficial and respected profession. In accordance with their
commitment to the health , safety and welfare of the public, software engineers shall adhere to the
following Eight PrinCiples,
I. PUBLIC· Software engineers shall act consistently with the public interest.
2. CLIENT AND EMPLOYER· Software engineers shall act in a manner that is in the best interests of
their client and employer consistent with the public interest.
3. PRODUCT· Software engineers shall ensure that their products and related modifications meet the
hig hest professional standards possible.
4. JUDGMENT . Software engineers shall maintain integrity and independence in their professional judgment.
5. MANAGEMENT· Software engineering managers and leaders shall subscribe to and promote an
ethical approach to the management of software development and maintenance .
6. PROFESSION · Software engineers shall advance the integrity and reputation of the profession
consistent with the public interest.
7. COLLEAGUES · Software engineers shall be fair to and supportive of their co lleagues.
8. SELF · Software engineers shall participate in lifelong learning regarding the practice of their profession
and shall promote an ethical approach to the practice of the professio n.
These precepts have practical conseq uence~ and ca n help guide a software e n gi n ~er toward a course of
action when confronted with a difficult si tuation . A few exa mples follow ,
Example I. Suppose Ihat your manager asks you to joi n a tcam at work and assumes you arc suf~ iently
skillcd in J~va . However, you don't know Java , but really want to work o n the project and think you'll be
able to learn it quick ly and learn a valuable ski ll. Do you mention your lock of Java knowledge to your
manager and risk berng pulled from thc project, or do you say nothing, evc n though your inexperience
cou ld Jeopardize the success of the project? Clause 6.05 provides guicance, "Not promote their own
rntcrest at the expense of the profession , clrent or empl oyer." Knowing th is , you could inform your
manager that you do not currently have the necessaty Java knowledge , but present a case at the ame
time for how you will lea rn enough in trnle .
Example 2 . A software engineer workillll on ~cvcra l Rovernme nt contracts is "e n ouraged" b
management w charge time aga "' ~ 1 the onlraCI wrth I'he h il< h e~t number of available h u", ~ hat
do you do? Gurdane (or th rs is provided ny clause 4 04 "Not eng"He rn de cptl"c ~nanc lal Pr.l ti es
such as bribety, doub le billinll, or olher inlproper Anancla l pm tl e< "
14 CHAPTER 1 THE GOALS AND TERMINOLOGY OF SOFlWARE ENGINEERING
Exomple 3 . You are asked to develop a complex, c ritl 31 pie c of softwa re for a commercial product
you're working o n. You di s ove r a publ i do mai n version o f the ' ou ree cod e. You're tempted to use the
source code as It will save mu h ti me and effon and allow you to move o nto the developme nt of another
Important part of the sys tem soone r th.n expc ted However, It's not li censed to be used fo r commercia l
purpo cs . What do you d o] Clause 2.02 provides gu idance: "Not knowingly usc so ftware that IS
o bta ined o r retained ei the r illega lly or unethica ll y."
These arc just a few exa m pic> of how softwarc e ngi neers can be co nfro nted wit h ethica l dilemmas.
H avi ng a se t of guidelines grea tl y as 1st. the e ng ineer in making the ri g ht decision .
Read ing about softwa re engineering concepts alone develo pment of a g roup proJect. As they progress,
is insufficient for gai ning a thorough understanding students will ge nerate project artifacts and working
of the ubjec!. The best way to unify and reinforce co de. Artifac ts gene rated as part of the case studies
the man y topics presen ted in th is boo k is to ( I ) learn can also be used as guidance in developing artifacts
how they are applied to the development of real for the group project.
software ap plicatio ns and (2) gain hands-on experi· There are three cases studies used in the text,
ence devel opi ng a software application as part of a as illustrated in Figure 1.9 . The Eneo."/tr Did,o gam , is
team To mee t the Rrs t objective , case studies have a si ng le·p laye r, stand-alone video game application
been developed o r described and are presented that is completely implemented through the course
thro ugho ut the book . They serve as concrete exam - of this book in conjunction with online compo-
ples of software appl icatio ns, a nd include appropri- nents. In addition , two open source projects are
ate artifacts as they are discussed and presented in used to illustrate h ow open source prOjects are
the text. The case studies arc intro duced in the next devel o ped: the Eclipse integrated development envi -
few sections. T o meet the seco nd o bjective, students ro nm ent and the Op",Offic, office productivity
working in teams arc provided guidance as the y suite . Open source projects arc developed differ-
apply so ftware engineering concepts to the ently from traditional software in that many
Encounter
(created for this book)
1
Case Studies
Eclipse OpenOlfice
(open source) (open source)
difkrent !><,ople, from ariou> orga nIza tIons, de . Ihe Jo"i9" character. C haracter> engage each other
vc\op featun..'S and fun tions and thcn co ntribute when they arc in Ihe same arca atlhe arne time. The
them b. I:. to the ba e ·oftware applicatIon . In this rc ult of an engagement depe nds o n thc values of the
wa an open sourc appli cation grow in fun l ion. haracters' qualilie and on the locatio n where It
ality and all ne," fea tu res arc free ly avai lab le for occurs. O nce an engagement is complete, the play·
o thers to use and budd o n. er's c haracter is moved 10 a random area . Players can
Variou o ther examples arc used in this book , se t the va lues of the lf qual ili es except while engaglOg
includIng a vidco store app \'ca tlo n. a Joreig n character. The new quality values take
cffect o nly aflc r a delay.
•
1.7.1 Encounter Video Game
The En o unter video game is a si ngle.p layer, sta nd . 1.7.2 Eclipse Open Source Project
alone VIdeo game applicatIOn A player is assigned a The seco nd case ludy is Eclipse . Ecl ipse [ 14] is an
main chara ter, and Encounter si mulates all o r part of extensible, highly co nfigurabl e o pen ,ounce IDE
the lifetime of that character Success in playing the (integrated develo pm ent e nviron ment). An IDE pro·
game is measured by attaining a '1, points goa l for the vide an enviro nment and sct of lools fo r the devel ·
playe r or by the ability of the playe r to survI ve fo r a op me nl of softwa re app lications. II provides loo ls to
give n time limit. Figure 1.10 shows a ty pical scree n build , run . and debug app \'cati ons, the abili lY 10
shot: the courtyard area co ntaining a playe r· share arllfacts such a code and object WIth a
contro lled charac ter, Elena. tcam, and suppo rt for and intcgral10 n wi th vcrsion
Came characters beg in wit h a nxed number o f contro l. lkcallse Eclipse is o pe n source, ILS source
points allocated equally amo ng qualities including code and des ign arc fTeely available and readi ly
coneal tration, stamina, inltlligftKt. pali(Jlct. and strnlgtb . extensible by th ird parties thro ugh the use of
The game co nsists of movement among a set of plug · in s. In fa ct, Eclipse is co nsidered a plaifo,," . It
areas. The main characte r moves between them , isn'l a '·flni shed" product, and is intcnded fo r contin o
encountering a game · generated character ca lled uo us and indefi nite exten io n [ 15]. Numerous open
Figure 1.10 SnapShot (rom the Encounter case StuCly video game: Flena In the courtyard
16 CHAPTER 1 THE GOALS AND TERMINOLOGY OF SOFTWARE ENGINEERING
, o ur<:c cx tcn'lons c..a n b fOllnd JI lhe home of lhe ,"cr Interfa e a nd fe atUre set s lInllar to o ther ol~ce
E lip,e ProlC t, www .ceilp ·c org. ,u ll e> suc h a, M lc roso fl II,ce OpcnOlflce org also
Eclipse ha, bee n ,ue (",full y used ~, ~ tool for wo rk, lran'pa re nti y With a Va rtCIY of Ale formats,
wide -ra ng ing app lic ation t pc, ,uch ", J~v~ d evd o[l- Including those o f MI ro solt OlRcc' [ 16 ] A tYPical
Illent, 'I cb services, embedded d cv lcl' programming, O[lc n fr, c' >c reen, hot IS s hown In hgurc I 12
and ga me program ming CO il tes ts. T h e Ecli pse plat - The Orc n frlCc proJc 1 encou rages partlcipa -
(o ml itself provides a programming languagc-agnot\ti lio n by d eve lopers, as ,he tYPical developer-o rie nted
lofTastnlc turc. uppOr! fo r specific lan guages IS pro - Web page ,ho ws in Fig ure 1. 13.
Vided b plug · in s, and ea h plug -In must ad he rt· to th e We w tll dt<cu,s the management of the O pen-
<a me niles as a ll th e o th er plug-ins that u,c th c OfRcc projec t In rart II I. H ere i a summary, quoted
platfo rm [ 15 ]. Su pport fo r the Java prowa mming fro m a n Opc nOm c Web si te .
langua ge IS p rOVided by ,he Java Developme nt T ools
UI T ), w hic h is bui lt on th e Ec ltp e pl. , fo ml a nd There a re three categories 01 ac ti ve proj -
provlde< • fu ll -featured Java IDE. ects in O pe nOlfice.o rg : Acap"d, which
A typ ica l Eclipse scree n hot is s ho wn in IS whe re most tl'chni ca l project art:
Figure I I I loca ted , [ncubalor. w h ic h hou es ex pe ri-
me nta l projects and e nd eavors, a nd
1.7.3 Open Office Project Nalia, -u"'9 , whic h includes proje c ts pro-
Th e third case stud y that we Will u<e in th is book is vi d ing info rmari o n, resources, builds/
Ope nOfRce (ope nofRcc.o rg ), "a multi -p lat form of- and forums in a user's nat ive language.
fice produc ti vity suite . It incl ud es the ke y d es kt o p
applications, such as a wo rd proce sor, spreadsheet, The Accep te d Projects at a POlOt . arc
- .In [fme
presentation manager, and dr2wing program , with a sh o wn in Figures 1.14 and 1.15.
,
• CD hd'1"" ,"01 II I' o:'>'>rpo.f"~U''' ? tar....
'l'!_." " 'A
fe"
• .,. 'I~III~ ~ ""-('YO'\l ,",'I' ", _ 2 _ ""''':' _ '.rla'.
• ..... _ _ _ ,,_,.- ' ''1'' Uo. l _ .. , ~. . ( ....... h<: ~I ..... " " 1. 0
· ",.-1\ _' 1'.'_. l"'. I,.
7 •
· -.
..., . ~
- "
. ".
•• q
, _
q u . ... oJ
rt d o,
.
..........
..
• .
•
...._ ' , '''''''' ••• d " .....
' " '.II: ~ ... _
. rl leV. .. u. l . . oo<.J\. ... _ .
••
• . .,
• C<"'!JI . ~'"
,,·"at _ .
. . - . . . .': 7 " ~ ...
= ..vfI ....".
·
.
• ( .... ~ •• _f , - , , _
·,
..-
. 'L
..
-~
.-s,. _Ib-..., ~. 1 .~...al l .
~
,.... , - . . _ I .......
.
• ~ .....u ../0> .. - 11I..u
,-_ c.. • CI'm ..... , . P - • I
• »~ - -
.
•
..... ~!)
L I'* . ~
;Jl....ul
· _ . 1(-'''''-
• ~UN r 0
.. -""'"
• . . . .:.:0 . .. ""->
"
,..
• Rr+ .,rtf .....
·.-,"
8 ,," ' ,, _ 1' " ....
• 5' , , t ab ' o. "
•
•
•
•
~ .. "'Io ....... 11 ~'..... .
1M If'~ ''a,d,o. ~ .If ~· ' Tr*'
,t. IIfId.I". ,I,.. , ~~ . .... ~ ...... ~. .. 11. ~
" iii
• • le 31 .... . 1
•If
•
Figure 1.12 A typical screenshot of the OpenOffice word processor
•
- d
-
SurnnHomc
Ruourc.~ Mit 1'1 0 LIII,I OOCIIIMMill -1Jn I S!)VfU CCdt
By VI, 1111 of t~, Tho W ~'P IniO 11'1, p.nlClp.ahon IS by tvbscntll1'l910 ont Ot mol' dour nwting ~1t1 !PI''''' !1'I_
Webt"' , tOY :agrtl piCj.Cl(t) ~ fHI you I;iln h.M • cOl'llnbuJ lon 10
10 ~ bound by
Ihn. Po tNt:
•
IT)(I 8t1ow otl. 5OfI'\f of our m*'9 1m. that nvgl'll bt fA V'dtfHl F 01 • MI ~lI\g plU M -cit the MI,t'"'
firm' Qf Un US" pag. on OpnQk. R'q "b ...
I. 1
" p rlC ?, t nt . . . .
-
....... . .. ; LIl . . . . . . 01 2 oOIl1ee org ..... (rd art i)1
9' ' ytJI" 'om,... yG,I,.... ,...,., ...... ......,
...
~ '5 "em (ramewcrt Mllbecs "",,[, ".arne.crt
,ml'O
Dotsn.r
Atrir!tgg!sand M@!l" tOOls
fnylRM\tO l HoBmICbcl
frW db,
Scboenhft!!.
DO. RPbll!;[
Dos:ument,uQD scopn Ctq documt,.,tttion End·UHr docu.... "t.t"'" (fK t~ V¥IOVS c:onlpOittnu ~
Up ap.nOfficu"V·
k lrml! MiOia 'ICtemal This pr'CIJ.ct will ho,t .. lh. __ tem. C:(IIM aIow~
Honms,hr!
(K Il09)
11'11 Ahrrn, .
Chosl,.!)
MartetllQ ,Nwhtng The POJKt I\.nt. '''0 ow 9uwth -.d use 01 0) lilCimc. oPt
tK~" . errc.u iI'K'tudIt: dItv,' ,.- .. eol'teroll. ':If1I,
pot'r: outt...ch.
PonWig to ,..... ~t1'oii'iS .
I.U: 10'''''0 .
-- LAII.JiWIIIM:
uti
••• ...
.. $ 12 • ~.
-: ... _-_ ...
or 1M PIrIIjICt.
i TIl.
Pet!',
- .. 11= wad ... C~
Developing complex software systems in a successful mann~ r has historically been very difficuh. The goal of
software engineering IS to define a fra mework for creating software systems that are reliable, efficient, and
maintainable, and meet the needs of customers. As illustrated in Section 1.2 on software disasters, producing
software that is unrel iable ca n have catastrophic consequences Although most software does not end in
disaster, care mu t be take n to avoid the many commo n pitfa lls and mistakes that can plague a software project .
The 4 P's of software engi neeri ng-people, product , project, and process encompass the different
aspects of defining, building, and mana gi ng software. The people arc the mo t important part , as they not
only create the software but also are the customer for who the work is bei ng do ne. The work products
include not only source and object code , but also a complete set of artifacts descri bing the system. A software
process model dennes a framework for ca rrying ou t the di ffe rent phases of a software project. It imposes order
and stnlCNrc to a project.
Underlying software engi neering is a set of time- tested principies. KnOWing these prinCiples helps to
understand the mo tiva tio n for the softwa re engineering methodology presen ted in this book
Software engineering is a profession that carries with it certain ethical respon ibilitles. The ACM and
IEEE have jointly publi hed a code of ethics to he lp gUide software prolessionals in their work .
This book uses three main case studi es throughou t as realistic examples of software project
1_9 EXERCISES
1. Besides those listed in this chapter, what additionai expectations do you think oft-ware products
may fail to meet?
2. Research a rece nt real-world "software di aster." In you r own words, describe the underlYing cause
of the problem . What could have been done to avoid itl
3. What ar~ the four P's of software engineenngl (Reca ll them without consulting the book .) BneAy
describe each .
4. In a paragraph , name at least two of the most impo rtant deficiencies you can think of In the rrporil"g
of project progress that co ntribute to an unsuccessfu l projec t outcome.
5. Expla in myour own words why people arc invariabl y the most important resource o n a project.
6. For the stakeh older groups listed in the text, give an example of a project mOllvatio n fo r each_
7. You arc developing a second-generation custom order entry application fo r a particular customer
Explain and give examples of at least two types of problems that can arise if the customer is nOt
involved in defi ning the new applicati on, and their first use of the application i after it i com pleted
8. Why does the use of standards make it eaSier to ge nera te usefu l, re liable docum entsl Wh y isn't
their use a gua,".'t< that hi gh-qual ity docume nts "ill be produc<:dl
9. Expla in the di ffe re nce between a oftware process and a so ftware process model.
10 . Figure 8 lists the ACMlIEEE Sojlwart E"gi"rrri"g oJ, oj Elhics .IId P,ojtS5IoII.1 P,ac';Ct. Drawing eit her
fro m your own expe ricn c~ or from a hypothetica l Si tuati on , aescribe a sce nano that adhere to one
of the e ight pnnclples. Now describe a sce naroo th at Violates o ne of the pnnClple<>
Metrics in Software
Engineering
o.Ign
Figure 2.1 The context and learning goals for this chapter
Budding sofTwa re that ex hlblt< a lu gh level of qua li ty" one of the majo r themes of till book and !< J
c rll lea I faClor in the produ t,on of ,"cce"fu l <oftwarc,y tem s However, a h,cvlIlg a 11I gh qllallty level I< no
easy task Qua lity must be Int c~ra ted '"to project' fro m the bell lnn lll"; and dunng every pha. c f produ t
develOJlmenl This IS why qua lllY!< d"clMed throllgholltthe hoo k and" be ing Intrud uced at Ih" carl <lage
Throughout the Ide of a software proJe I, data o r mcaSllrcmcnt<- are o ll eLlcd t aseen,," the
elf cllven s. of the: processes emp loyed and the , oftwarc helng CO " 1/11 tcd S" h lat. arc ailed '""n"
22 HAPTER 2 INTRODUCTION TO QUAUTY AND METRICS IN SOFTWARE ENGINEERING
Planning Maintenance
Integration and
Phaaes Requiring -
System Testing
Quality and Metrics
Requirements /
Anal is J
IDesign I Implementation
and Unn TesUng
These mea<urc various a pects of a prOject sllch a the qua lity level of the software itself, and also the degree
of the proJect's adherence to its schedule and o ther measurables suc h as the productiVIty of e ngi neers. This
c hapter provides an overvIew of software metrics and an explanation of how they relate to software quality
Each of the major parts of thIS book contains a c hapter relating how quality is practIced and metrics
collected and applied to the development phase covered in that part. Figure 2.2 depicts the d ifferent pha~s
reqUiring quality practices and metrics collection.
So fa r, we have used the teml "software quality" quite freely _ Now we'll provide a concrete definition.
Everyone wants "qua lity," but what exactl y does software quality mean] There are varying views o n this. Some
measure qua lity in terms of categories such as reliability, portability, and so o n. H owever, if one of these-
portability, for exampl e-is not a requireme nt o f the product in any fOffil , then it is not releva n t. Some feel
that the mo re an application c han ges the wo rld for the better, the mo re quality it possesses. Others defi ne
oftware quality in temlS of how well a development process is followed , or how ex:ensively the emerging
product is tested . Ultimately, it is hest for a n o rganization to defi ne fo r itself and its cu.stomers what it means
by "quality ." Above all, it is importa nt that "software quality" has a consistent mea ning within the project's
stakeholders. A definition fo llows that will be used throug hout th is book.
To give some background, let us first co nsider a "quality" plain old -fashioned lead ~ n ci l (frequently
yellow). All would agree that such a pencil mu t first sa tisfy its requirements, typically including that it ·shall
be solid wood; shall have a lead core with designated hardness; shall have an era er that can erase most of
what the lead has deposited o n plain pape r, shall have the required leng th; etc." To be a 4uality o ld-style
penci l, however, we expect additional attributes suc h as that it is "harder than usual to break, lasts twice as
lo ng as average pencils, has a very cf/cctive eraser, etc." To summarize, a quality co"vrnlio"al item has attriootes
beyond its requirements. In software engi neeri ng , however, this is "01 the typical definition of quality.
What is different about software appli cations is that they inevitably contain defects. Every defect is a
deviation fTo m requi re ments, regardless of whether the requirements are carefully written down . Hence we
cannot think about the quality of software the same way we think about the quality of a lead pencil. Instead, a
good deR nition of software quality IS the follOWing:
The more closely a software product meets Its requII'ements, the hig her its quality .
0%
\
~
,
\
I
I
I
Typical quality focus I
Figure 2.3 The meaning of software quality: the degree to which the actual requirements are met
.$Otft'e. Q~ucs reoroctuced Wtth Dell 'us.s.'on from COfel
We have not yet di cussed how requirement are gathered and generated . For now, let us as ume that
requirements arc generated with the be t kno wledge available during requirements analysis . Even in this case,
after the software has been developed and the product has been shipped to custome rs. it may be discovered
that some requirements are in fact incorrect or missing . In these cases the software is co nstructed usi ng the
requirements as documented, and we would say the software meets all its ncplicirly specified requireme ntS but .t
may not fully satisfy its customers. There are a number o f di ffe rent ways thi s can happen .
As an example, if customers are not consulted during requirements den nit. o n the system i constructed
without their input. When they eventually usc the so ftware they may nnd it does no t function as they wish and
are dissati fleet Even if customers are consulted and provide input, it is possible they will sti ll be di ssatisfied o n
using the software. For example, suppose that a software system implements a user interface, with scree n
layouts and menus specified in a requirements document . If customers are not given an o pportuni ty to use the
interface before the product is released , they may nnd that what appears to work well o n paper is actually
cumbersome to use. In these scenarios and others, we would say the product docs nOt exhibit high quality
because it does not satisfy the customer. Therefore a mo re compl"te definition of quality \~ould be,
The mo re closely a software product mee ts its specined requirem ents, and those reql11rcments mee t the
wants and needs of its customers, the higher its quality .
T echni ques for gathering requirements and ensuring customer . atisfaction arc covered in Part IV an
requirements ana lys.s.
Besides the benent of custome r satisfaction, producing high.quality software provide · other adva ntages It
has often been shown that a correlation exist betwee n products with the least number of defects and the honest
schedules. There .s also a corrclaiion between poor quality and chedulc overruns, and hetwee n poor quality and
increa<cd project costs. The mo re defects there arc in software, the mo re tllne cngineers spend fiXing them,
taklll8 time from other imponant project tasks. Also, the more defects that exist, the more likely that software
changes necessitated by fI.lIlg these defects wi ll themselves result in mo re defe tS For all these reasons and more,
quaJ.ty .s one 0(- the most .mportant atlnbutcs .n <oft ware and a key co ntrihutor to it, uccess.
Idellllf InR and remov ln ~ a, malty ddc t<as I>o\<;blc, a. ea rl y as pos"ble, throughout produc t development, eithcr
b ' ,nspccho n 0 1art lfa ts or te,'lng of the system For examp le, II ,oftware 15 ,n the ImplementatIon phase, the code
Illa d viatc fro mthe>ofiW'lre de,,!!n f> roduced In the preVlou deSIgn phase, o rot may be coded in soc h a way as to
produ c an incorrect out put n,e Ie<ult o f either a<c ISco ns.dered a defec t In thIS partl cular casc, an.n pec llo n of
the ode prior to testing 1< conducted, wIth. go. 1o f .dent, fy ,ng as many defects.s posSIble O nce the software IS
full y lI11cgra ted into a sy\tcm, testing is co ndu ted to e nsure that It conforms to the specIfied requIre me nts.
Defec ts arc the cleare t man ifestatio n o f a qua lity . ho nf.11. The latcr in the deve lo pment cycle they are
d i. overed the morc they cost 10 rcp ai r. n,erefo re two qualoty goa ls of software devciopme nt processes arc as
fo llow ( 11:
I. T o remove a< man y dcfe ts as is reasonabl y possi ble before the produc t is de love red to the c usto mcr.
T o the A,,; t pOint , defec ts discovered and «'paired durin g softwa re development will no t be found by
custome,,;, of cou,,;c. The more defec ts that ca n be removed , the higher the quality of software is likely to be,
and the mo re the cu tomer will be sati sAed .
T o the seco nd pOllll , as softwa re is developed a nd defects are introduced (which is, in practice,
Inev.table ). the earlier they arc discovered the less they cost to repair.
Acco rd.n g to Boehm [2J and o the,,;, the cost of defect repair after software is released to custome,,; can be
100 times greate r as compared to Axing the same defect early in the devciopment cycle. Various studies show
various cost esca lat.o n factO";, but they all rep ort a dramatic rise in the cost of detection and repair. Figure 2.4
shows o ne est. mate of the relative cost of defect repair during each stage of development . Fo rc xample, if a defect
is Int roduced dUring the require ments phase, assume that itcosts $1 to detect and repair if done during that same
phase. If it slips through to the implementation phase, the same defect will cost $20 to rcpair. If it falls all the way
throu gh to mai nte nance, which is when custo m",,; arc using the software, the cost can be $100 to repair.
The reason for this .nc rease in repai r cost in subsequent phases can be illustrated with an example ( I ].
Suppose you have an application that perform s a large number of Alc reads and writes . As part of your
devclo pment process, at the e nd of the design phase you conduct an inspection of the design and discov"r
two defects: o ne in the algorithm that performs file reads and writes; the other in the allocation of memory to
ho ld the file records. Assume that the work required to fix these defects after the inspection takes two days to
complete, and the steps take n arc as fo llows:
Requirements ~ ~ Malnr-nee
filii" 2.4 Cost of detecting and repairing a defect during maintenance, depending on the phase in 1/1ieCled
VERIFICATION AND VAliDATION 25
Suppose, ,"stead, that the defects went undetected and pas~ed through to the implementation phase.
The dcf«ts would be: harder to detect and could now affect several hundred lines of code. If the defect5 are
detected during a code inspection, the work required to Ax them could take a week to complete. The step
required would be: as follows :
4. Conduct an inspection of the reworked code to verify it is correct and co nform s to the re wo rked design.
Suppose now that the defects went undetected and pas cd through to the te n ng phase. The defects
would be even harder to detect and now take more time to fix . In addition to the o nc week reqUired If found
during code inspection , the following additional work would be requ ired :
These activities can take an additional week to a month , dependin g o n ho \" dlrflcult it is to isolate and
repair the defect. This example Illustrates the cost of not detecting and re pairing defects as close to thei r
injection as possible and wh y every eHort must be made to detect and repair defects as earl y as possible .
Software verification and validation (V&V) is a process implemented througho ut the software li fe cycle to
ensure rhe 101i0wlOg.
I. Each step in the development process is carried o ut co rrectly . Thi s is ailed v"ijica lio .. .
2. Each artifact produced meets its requirements as speci fi ed in pri o r phases. Th is IS ca ll ed va/ldalion .
Verification: 'The process 0 1 evaluanng a system o r co mpo nent to detennll1e whe ther the
produc ts o f a give n devel o pme nt phase allS fy th e conditio ns impo cd at Ihe start of th at phase."
Forc xampl e, is the soltware design sufficient 10 impl ement Ihe preVIO usly speCifi ed requirements
Does the code full y and correc tl y Imple ment the d esi g n ~
Validation : "T'he process o f evaluating a sys tem o r compo nent durms o r at the end of the
develo pme nt process to determine whether It sa ti fi e pecifi ed reqUirements." In o ther wo rds,
does the Imple me nted system meel the spe Ined user requ ireml'l\lsl
Vcr;fira llon .. om parable to keeping your balance current 111 your he kbook based o n vour dall actl It '
As you Wrtlc c hecks and make deposit , you c nt erthe amount In the c heckbook register MI d upda te the balan c
26 CHAPTER 2 INTRODUCTION TO QUAUTY AND METRICS IN SOFTWARE ENGINEERINQ
1:..
h time u make an entry you heck that your anthmetlc " correct and your new balance I~ right Thi, IS
anJlogou to e n,uring that each phase ,n the ,ofiwarc devclol>ment procesS is camcd out correctly
ValidallD" I omparab lc to balanein!! yo ur he kbook when the bank's statement amves. You match all
the tr," ". lion in thc monthly ,tatcment wuh those In your rC!!'ster, ensuring that nonc have been omitted
or entered in orre tl y and that the tran action amounts In your regi ster mat h those in the s tatement. In
addition, you vahdate that the ending balance in your regl ter matches that in the statcment. Even thoogh
you kept your balan c up-to -date, ml~takcs may have been made. Validallon cat hes those mIStakes a nd
ensureS the correCtness of yo ur balance. This IS analogous to testi ng of a software system .
The twO l11alO activities invo lved durin g V & V are inspection a·nd software testing. Inspections, and
also review"' . arc verification actlvitic and involve peer examination or projc t artifacts ( requirement s. deSIgn ,
code, etc.) to discover clefc ts. The idea is to And as man y defects as pOSSible as ea rl y as possible. Inspections
arc covered in greater detail In C hapter 5. Testing is the principal part of validation .
oftware testing IS primarily a validation actiVity, occumng at the e nd of a development cycle to ensure
that sofrware satisnes its user requ ireme nts. Testing involves providing the system with a sct of inputs, and
validating that the system behavior and output matc h what is expected. Any deviation from an expected
outcome i, considered a defect. Te ting is covered in detail in Part VII.
ote that it is a combination of verinca tio n-primarily in the form of inspections and validation-
primarily," the form of testing-that consistently produces high-quality software. Testing alone is not
ufncient. No matter how talented software engineers are at fixing defects, if the quality level is low
entering validation , as measured by latent defects (tho e present but not necessarily known ), there IS a high
probability that va lidati o n will take sig nificantly longer than expected and the quality level will remain
lower than desired . As many defects as possi ble must be removed from the artifacts before validation
begins.
V&V and quality practices, as they relate to each major software phase and activity , is included in the
quality chapter ncar the e nd of each part of this book . Figure 2.5 summarizes these V&V concepts.
To reinforce the verlncatio n/ validation distinction , let us perform V&V on a simple example. Suppose
that the customer wants an application that "solves linea r equations of the form ox + b = c: We translate this
into user requirements such as ;
1. The user shall be able to input numbers a, b, and c up to 10 digits each, with up to four places following
the deC imal point.
2. The application shall produce a soluti o n to the eq uation ax + b= c that is within 1/ 1000 of the
mathematically exact answer.
It i our respon ibtiity to ensure that we have butit the application correctly by checkinll that we
proceeded appropriately (rom the begInning of the process to the end , Th,s is the IJtriji,alio" process. For
convenience, we will number the development ph ..es as follows .
I. Do the requirements express what the customer really wants and needs, Some verification issues here arc
as follows , Is ax + b = , the correct torml What are the precision requirements] What i( 0 is entered for al
2. Are we carrying out the process o( obtaini ng the customer's approval in an appropriate manner) Some
verification issues here arc as (ollows, Are we allowing the customer adequate time] Are we exp laining all
needed terms to the customer)
3. Does the code implement the written requirements in every respect ] Thi s requires an inspection o( the
code itself, in which the requirements are considered o ne at a time and the matching code is perused.
This could include a mathematica l proof. (Strictly speaking, verincation does not cal l for executing the
code.)
4. Do the proposed tests adequate ly cover the application ] For an application o( realistic Ize, this would
include an inspection of the test plans, test cases, and te t procedures . Th,s is se parate from te ting itself,
a validation Slep discussed below .
Val idatio n of, this product consists of obtaining the customer's approval o( the wrillen , completed
requirements and executing a set of tests on the comp leted code . For example, we enter a = I , b = I, and
c = I , and validate that the program produces x = O.
To summarize our diSCUSSIOn of the VII< V process , at any given mom(:t.ll a oftware engllletr is eIther
creating an artifact , verifying it as he does so, or va lidating a completed artifact . nlis is illustrated in
Flsure 2.6.
SlIlee quality practices arc implemented throug hout the software life cycle , it " Important to expre s qualit
app ro. he~ and goa ls in writing ea rl y in a project- in other words , w~ 1I hdore thc goals arc used in tracklll!!
the prOJect's quality.
Agile projec ts emphasize the allalllme nt of qualtty through o nt inual intcra tl o n wllh tlw ell,t omer III
person, -arly ImplementatIon , and conllnual , cumulattve te tlng. Tlte IEEE has published several <tandards t
help meet thIS objective. These, and <l.ndard, lIke thClIl , tend to be emp loyed In larller project< that are not
"gile or that emp loy a~ilc m~lhod s on ly partIa ll y
The Software ualtly A"uran Plan ( QAI' ) (lEE td 73 0· 2002 ) i. a do um enl for c, press Ill!; an
overall approa~n to qualtty Ihat IS ~ondu t -d tnrnuu it oul the en ttre ,oftw.r. Itl. cy Ie Major top I ,
28 CHAPTER 2 INTRODUCTION TO QUAUTY AND METRICS IN SOFiWAR ENGINEERING
k l
Artllect PartiAlly
Compleled
undor comploled
artifact
construction arlilaci
Process Process
'1 ,,
A, , " ,, , ,
,, ,, I
I ,
,
,,
,
, , I /
Creation Venfication Validation
• ,, ,
,, ,, /
,, ,,
,
"
Software engineer
Figure 2.6 verification and vahdation of an artifact: before completion vs. after
SOUrc" Graphics reproduced with permission from Corel
included ,n th e pla n arc listed below . Details of the SQAP are covered in Chapter 5. The plan includes the
following ,
• A list of documentation to be crea ted governing the development , verification and validation , usc and
maintenance of the software (e.g., software requirements speCificatio n, verification and validation plan,
so ftwa re deSign pecification, etc.)
• The defi nit ion and schedule of inspections to be conducted and how they are to be conducted
• The metrics to be coll ected, monitored, and analyzed
• Reference to software test plans
• H ow problem reporting is to be managed and conducted
The V&V Plan is t he manner in which the So ftware Quality A'5urance Plan is supported by verification
and validation . The IEEE has published a Software Verification and Validation Plan (SWP) framework (IEEE
Std 10 12- 2004 ) to assist in documenting the speCific V&V practices to be implemented. The contents and
application of the SVVP are covered in C hapter 9.
2.5 METRICS
Metrics arc numerical measures that quantify the degree to which oftware or a proces possesses a given
attribute Examples of metries are "defects pcr thousand lines of code" and "average software module sizl':
Metrics are collec ted and anal yzed throughout the software life cycle, and help with the following ,
• o.,teml1ning proJecl co I
Improvemen l
When gools such as software qualily level and project cost are not expressed specifically enough, they
m. be subje t to differing interprelalions . The,e difference can ause confusion and conAiet . For example, a
goal stated as 'The application should crash vcry seldom" is not specific. How do you measure "very seldom"? Is
it once per day? Per week? Per year? A more preci e goal would be 'l1,e application should crash no more
than 3 time per year: Stated this way, the goal is not open to interpretation and is measurable.
Without quantifiable, objective measures to provide visibility into a project it is difficult to measure a
project's progress in terms of wh"'ther it is on schedule, whether it is meeting its quality goals, and whether it
is ready to ship to customers. In addition, "you can't improve what you don't measure." Continuous
improvement of an organization's processes and software is predicated on collecting metrics and selling
quantitative improvement goals for future project .
To be uccessfully utilized , metric collection commences at the onset of J project and continues
throughout the entire hfe cycle , through maintenance . Metnc collection and analysis can take a significant
amount of managerial and engineering effort , but the payoff is well worth it.
Software metrics can be classified into two broad categories, prodlici metrics and proms metrics. Product
metrics measure characteristics of the software product , o r system , including its size, complexlry, perform.
ance, and qualiry level For example, size can be expre sed in the number of lines of code, p"jormancc as the
number of transaction per second , and qua lily I,vel as number of defects per thousand lines of code, which is
commonly referred to as defect density .
Process merrics measure attributes of the software processes, methods, and tools employed during
software development and maintenance of a software sy tem . Process metrics include project effort, schedu le
adherence, defe I repair rate, and productivity . For example, proj,el 4Jorl can be expressed as the number of
person months of development , and d,Jrcl "pair ral' as the number of defects repaired per week. Many other
metrics can be collected, and they arc di scussed in grea ter detail in the quality and metrics chaplers later in
the book . Chapter 9 describes metrics collection and utilization in more detail. The next section discusses
metrics and their use in measuring quality
• Defect den i ty
• Mean time to failure
• CuslOmer problems
D4,,' 4tHsily IS Ihe number of defects relative to the so ftware ,izc _ 12 C is tYllicall y "xpre <cd ill Ihou<Gnds
of lines of code IKL ), so d Ie I den\lty i, expressed as defcc tslKL , Remember that a defe t IS defined
as a rlt.'Vlatlon from u,er reqUirements, 50 ddc t dcn\lly " une of the most ha, 1 metl'iL, u<cd IC measure
30 CHAPTER 2 INTRODUCTION TO QUAUTY AND METRICS IN SOFTWARE ENGINEERING
qu~ill . III gcncral. lhe hill her lhc defe I den-Ily , lhe lower lhe qual,lY OrgnnizallcJI" tYPIc.,lIy characterize
defe "h I ' pc or hy ,everily, 10 distlnl(liish lhelr relative Importance n,c followlnK I< an example of how a
11IgIl-<eveni defc t would be dcllned and of a quailty goa l based on the definition.
NOle lhat lhi< deRilltion and goa l arc very specinc and measurable. Again , when goa ls are not expressed
in a quanliRable foml , they ma y be subjecl to differing inlerpretalions. For exa mple, consider an alternative
defi nillon to lh(' o ne above· "lhere should be very fcw class I defec ls reported in the first few months of
opera ll o n " n,ere is no way 10 measure "V(' ry few" and lhcrdore 10 va lidate compilance .
A commo n indica lo r of oftware quallry i lhe reliability of a system , as measured by its availability or
lhe froquen y of <ySlem crashes over a period of time. The lypica l metric used is mu," lim, 10 fai'u" (M I I F) and
is lhe amounl of elapsed time between SYSlem crashes. n,e MTTF metric is often used wilh safety . related
ySlem< such as the ai rline trafRc conlrol syslems, avionics, and weapons. For instance, the U .S. government
mandates lhat ItS air traffic co ntrol SYSlcm ca nnol be unavailable for more than lhree seconds per year [4 J.
Another example an be seen in many telecommunicalions switches, such as those used in cellular networks.
Large network proViders mandate that lhis equipment must have "five 9's" availability, which is an uptime of
99 .999% per yea r, This lranslates to a tOlal yea rly downlime of 5 minutes, 15 seconds . The reader may well
ask. 'Why nOI make the required MTTF 100%1" The answer is thai lhis is generally not allainable. and so no
developmenl o rganizatio n would sign up to do the job.
GIS/om" prahl"", are classified as the lotal number of problems encountered by customers while using the
product. Some of the problems may be caused by valid defects in the softwa re. Others may be caused by non ·
dde ts, such as a confUSing user interface, poorly written documentation, or duplicate defects (i.e ., defects that
were already reponed andlnxed bUI not known by lhe reponing party). Duplicates can be an imponant indica lor
as to how widespread a defect is, based on the number of times lhe same defect is reponed by different users. In
all these cases, whether a problem is cau cd by a defect or not, customers arc encountering perceived "sability
problems and as a resull ma y not be salisfied wilh lhe software . This makes the OI,'omtr prohltms metric an
important indicalor of quality. This metric IS typically expressed as problems/user/ month . It and olher metries
collected after a software product IS released are discussed in Pan VII on testing, rdea e. and maintenance.
Cuslom" Stlli,faclio" metrics arc com mo nl y collecled lhrough the administration of customer satisfactlOn
surveys. Companies such as Cisco Systems (5) collect feedback from lheir customers, with satisfaction
measured o n a 5,polOt scale (5 = Very Satisfied; I = Very Dissatisfied ). IBM includes the CUPRJMDSO
calegories (Capabi lity/functionality . Usability, Performance, Reliability, Insta llabiilty, Maintainability,
Documentation/informati o n. Service, and Overall ). Hewlett· Packard uses the FURPS categories (Function.
alilY . Usabi lity, Reliability . Performance, and Service) [41 . Results of these surveys are used to dnve
Improvem ent initiatives in their respective organizations.
2.6 SUMMARY
Quality o;oftware is a major theme of lhis book . Quality can be defined as "the more closely a software product
meets the wants and needs of liS cuslomers." There are many advanta/!es to produong quality software ",ciud",g
Increased customer satisfaction, reduced developmenl hedules, and reduced project OSL Quality practttt< are
implemented at the beginn",!! of the software life cycle and last through product release into maintenance.
Defects in software a.re deviatIOns from requirements As many defects as possible hould be removed
during product dL"Veiopmcnt, so these defect will not be delivered to C\I tomers. The earlier in lh" life
BIBUOGRAPHY 31
cycl~ dckcrs are d~tc tcd, the casler they are to repair and the less they cost to flx . Studies have shown that
ddc:crs d ll'Cted and n:paln,"d after software IS released to customers can cost up to I 00 times as much as if the
same defects were repaired shortly after they were introduced.
Verin ation and valldallon (V&V) is a process lor verilying that artifacts produced dunng the life cycle
contain a few defec ts.s po sible and validating that software satisAes its requirements. Verincation answers
the question. "Are we build,ng the product righo" Validation answers the questIon , "Arc we bUilding the
right product ·
Metrics are numerical measures collected throughout the software lile cycle, and quantify the degt'ec to
which software and processe possess certain allributes. They help with determining quality level , estimating
schedules, tracking chedu le progress, detcmlining software size and complexity , determining project cost,
and improving processes. Metrics related to quality include defect denSity, mean time to failure , customer
problems, and customer sa tislaction.
2.7 EXERCISES
I. In addition to the reasons stated in this chapter, name at least two other advantages to producing
quality software.
2. It has been noted that the later in the lile cycle defects go undetected, the harder they are to
discover and repair. In your own words, describe two reasons why this is true.
3. (a) Describe in your own words the difference between verificntion and validation .
(b ) What are the advantages and disadva ntages 01 speCifyi ng a V&V plan before a plan for
conducting your specific project?
4. (a) What are metTics?
(b) Give a reason why you understand metrics to be important.
5. (a) In your own words, describe the difference between product and procm mCtncs.
(b ) For each of the following objectives, state a mctric you would use to help in achieving Ihe
objective, state whether it is a product or process metric, and exp lain how it would be applied.
i. Avoid project schedule delays.
ii . Measure continuous quality improvement from one project to the next.
iii . Identify software parts that are exhibiting quality problems.
iv. Establish a baseline for improvi ng schedule accuracy .
BIBUOGRAPHY
J WhJllcn, NC.iI, "Mu""~1119 SoJllDUrt DCOf/oPMOlI ProJteb," John Wiley b ons, p 195 , 1995
1 Both-m. Barry, '"S4Iwart EI191n''''"9 EC01101f1IC1," PrenllcC'·I-bll, 198 1
1 "JE.EE S~ndatd lo,,~ry of So(IW'tuC' E"f'(InCCnnH TcrmlnoloK)'." IEEF. td 6 10 12· 1990, D ece mber 1990, pp 80·S1
4 K.in, Stephen N . 2003, "Mtlfln "rId MoJtls '" fllmlfr Ouo/rly EI19""rrrtfg, $ccond Edi llon, Acld,\.on.W C'... IC'y, Pt"Jl"'Son Edu .)1101'1 In .
pp 86- 100
S GiGO SylU:nIS, G.u:tomer S,un.f"cllon Metric", hllp IIwwlII f.. 1~() com/wC'blibouva 501<1 208laoou l.ISCO_ClpproJ l\..to_ Quilhtv_
CU)Wmcf,Jal_ wrvcy html l .. <xclIi\oCd Noy 4, 200C>J
Software Process
Figure 3.1 The context and learning goals for this chapter
A software project progresses through a se ries of activities, sta rti ng at it conception and con tinuifl8
even beyo nd its reicllsc to customers. There are numerous ways (or individual and team s to organize these
activities. T ypically, a prOject is organized into pba,es, each wllh a prescribed se t of activities conducted
during that phase. A ",flu/art proces, prescribes the interrelatio nship among the phase byexpre sing their order
and frequency , a well as defi ning the deliverables of th" project. It also speciRes criteria for moving from one
phase to the next. Specific software processes, called software process ",odd, or life cycle modds are
described. Th is chapter is o rga nized to first des ribe the individual activitie of ofrware proce ses, and thcn
to describe process modds the variou ways in which these aCtl vi lieS can be pursued
In addition to the activities prescribed by proce s models, there is a et of ge neri actiVities, called
"mbrdla acIIV";es , that are implemen ted throughout the life of a proJect. For instance, projec ts contain certain
THE ACTIVITIES OF SOFTWARE PROCESS 33
risks th at if the cume 10 pass ca n affec t the uccessful outcome o f the so ftware. Risks need to be identiAed ,
mo Ol tored , and ma naged thro ugh out the life of a project. Th is is an umbrella ac tivity known as risk
management Ot her umbrella activities include projc t man age me nt, con Agu ratio n ma nageme nt, and quality
manage me nt. Project ma nageme n t is covered in Part III , con Rgu rat ion ma nageme nt in C h apter 6, and quality
man.geme nt t h ro ug ho ut, but especia ll y in Pa rt VI1.
People someti mes associa te process with overhead, unnecessary pape rwork, lo nge r schedul es, and so
on. In other words , they fee l that process d oesn't add v.lue, o r wor e, tha t it adversely affects the success of a
projec t. Whe n imp le me nted incorrectl y, sofrware processes ca n indeed lead to undesirable results. H owever,
as " 'e explain in th is c hapte r, if p rocesses are applied with a degree of flexi bil ity and ada ptab ili ty , they are o f
grea t be ncAt a nd invaluabl e to the successful o utcome o f projects.
In certai n situat ions, a versio n 01 working softw are contain ing a subset of th e overall pro duc t
func tio nal ity is req uired earl y in the overall schedule. This versio n of the emerg in g pro duc t, called a
prototypt, typ ica lly impl eme.nts fu nc ti o nal ity th at is deemed a risk to the project. T y pica l rcaso ns to bu ild
prototypes include provi ng tec hnical feas ibil ity and validating the usab ili ty of a user interface. Pro totypes are
covered III de tail in Secti o n 3.2.3. I.
T o rei n fo rce the contents of th is c hapte r a nd to provi de gui dance to snlde nts at the sa me ti me, thi s
c hapler e nds with a sectio n devo ted to getting stude nt teams started with a te ml projec t.
Most software process mo dels prescribe a similar set 01 phases and ac tiv ities. The differe nce between models
is the orde r and freque ncy o f the phases. Some process models, suc h as the wate rfa ll , exec ute each ph ase o nl y
o nce. O the rs, suc h as ite rative mod els, cycl e throug h multiple times . This section desc ribes th e phases that
are prevale nt in most softwa re process model s, and is summarized in Figure 3.2. Th e ph ases in Fi gure 3. 1 and
Figure 3.2 are ide ntical , except that Fi gure 3. 1 co mbines ince pti o n and planning . The partS are explained
bel ow. SpeCific process mo dels a nd h ow they impleme nt the phases are covered In Section 3.2.
1. Inception
Software produc t is co nceived a nd d eA ned.
2. Planning
In itia l schedule, resources a nd cost arc dete rmined .
3. Requirements Analysis
Spcc ify w h a t the ap pl ica ti o n must do , answcrs "what7"
4. Desig n
Specify th e parts and how they fi t; a nswer< "how7"
5. Imple me ntation
Wri te the code .
6 T esting
Exe.::ute the app il atio n with In put test data
7 . Mainte na nce
Re palf d feets and add capabi lity.
Figure 3.2 The main phases of a software project, showing Inception as a separate phase
CHAPTER 3 SOFTWARE PROCESS
Inception ( . d Wh h
Th, Is the phase where illlti31produ t Idca, arc formulat ed and a Vl<lo n o f the <0 tware , o ncclve . et er
it is il brand new produ lor an .lI11pr vcrn c nt to cx'~tm
. g so (tWlJrc, every PrOlcct start, wilh an ,dea of what ,s to
be built. Malor hlllctio naloty and project cope is deAned . Target customers and market segm~nts are
idcntlAed . Customers and takeholders may be con,ulted (o r hl gh . level Input Into software functlonaloty.
However, stakeholder involvement at LillS stage ,s doffere nl from that during the subsequent requirements
analy is phase. Dunng Inception, the goal i to galher very high level feedback. As an example, suppose a
company is considering budd ing a video store applicatio n. A market ana lysis may be conducted to determIne
the existe nce of competing video store applications. A summary of their features and an analysIS of their
tre ngths and weaknessc is compi led. The commercia l uceess o( the propo cd application is determined by
identifying potential new customers and contacting them for Info rmation concemlng,
As an example , suppose that a currenrly deployed ystem requires custom hardware, but potential
customers would prefer using standard Windows PCs. Based on this analysis and feedback , the need for and
Viability of the proposed applocation is determined. If· it is deemed prom iSing, high . level functionality for the
application is deAned based on the feedback received, and the project proceeds to the planning phase.
Planning
Once a high . level idea for the application is developed , a plan is formulated to produce it. Since this is still
very early in the overall life cycle and detailed infom,ation is not yet available, the plan will be a rough
estimale. However, some plan must be in place to understaAd the scope and cost of the project . A project plan
that ide ntifies the high.level activities, work ilems, schedule, and resources IS developed. From this
informatio n a cost estimate can be developed. This ste p is very important to determine the feasibility of
a project . For example, if the cost is deemed to be too high , a reduction in features may necessaty. If the
product release date is too late, more resources may be added It is critica l that the e types of problems be
identified as early as possib le so corrective action can be taken .
The results of this phase arc typically captured in a oftware Project Management Plan (SPMP). The
SPMP and project management are covered in Part IV. Because the plan is only a rough one at thi stage, it is
necessary to modify and adapt it throughout the lofe of the project. For example, suppose that during
subsequent requirements analysis potential new customers arc identiAed and additional functionality is
requested. Using the video store application as an example , suppose a request is received to add additional
workstations to stores so customers can retrieve detailed movie information, such as release date, movie
studio, cast, director, producer, genre, and so on. This new fun ctionality may require additional proj«t
resources and changes to the schedule. The SPMP would be updated as a result . Some life cycle models, such
as the spiral model described below, prescribe speciAc points in Ihe process where planning information is
revisited and updated when required . Agile projects, as will be seen , keep planning to a minimum.
In addition to the activities described above , a plan is developed for managing project artifact such as
technical specifica tions and source code . This is known as to.HfiouCQtlOH ""'""Q(D!",t, and mcludes tasks such as
tracking changes to artifacts and handling multiple versions. Configuration man.gement is pl.nned .t th.l
early project stage, before the first project artifacts are generated. Configuration management is cove~d .n
detail in Chapter 6.
THE ACTIVITIES OF SOFTWARE PROCESS 35
Requirements Analysis
During this phase . detail~d infolmation regarding customer wants and needs. and problems the software is
Intended to solve are gathered . Info mlatlo n ga thered and documented is in much greater d~tail than it was in
the inception phase. During inceptio n. only e nough information is required to start planning the project.
During ~quiremcnts analysis, speciAc product functions and features are denned along with requirements
such as performance, reliability. and u ability. Requirements are ge nerated in a form that is completely
readable and understa ndable by customers. Hi gh-level requirements in particular are typically expressed in
ordinary English (or the loca l language) . Various techOlques arc used to o btain this information, including
customer interviews and brainstorming sessIo ns. Requirements describe what the application is intended to
accomplish . They are specified in sumcient detail 50 they can be used as input for the subseq uent design
phase, which defines how the software will be buill. The resul ts of the analysis arc typically captured in a
formal Software Requirements Specification (SRS ), which serves as input to the next phase.
Software Design
The purpose of software design is to deAne how the software will be constructed to sa tisfy the requirements.
That is. the internal struCture of the so ftware is deAned . The two main levels of software design are software
architecture and detailed design . Software architecture is analogous to the overall blueprints of a hou e as a
whole. Blueprints specify the number of rooms and their layo ut . door and window locations, number of Aoors,
and so on. Software architecture speCifics how the software is broken into subsystems o r modules and the
software interfaces between them . For example. the architecture for a video store application may consist of
components such as a user interface module, a problem domain module. and a database module . Agile
projects general1y perform design . implementation , and much testing in an intcrweaved fashion rather than
cal1ing OUt design as a separate phase.
The detailed design is analogous to the details contained in a house blueprint. In house plans. details
such electrical wiring and plumbing are specified . In software . details such as al gorithms and data structures
are speCified. Other aspects of software design include user interface design and database desig n. The output
of software de ign is specified in a SofJware Design Document (SOD) and is used as input to the
implementation phase. Software design is covered in detail in Part V.
Implementation
This phase consists of programming. which is the translation of the software design develo ped in th e previous
phase to a programm ing language. It also involves integration . the a sembly of the so ftware parts. The outPUt
consists of program code that is ready to be tested for correCtness. For agile techniques. desig n implementa-
tion and muc h test 109 arc performed in tandem .
Testing
In this phasc . the code produced durin g the implementat io n phase IS testcd fo r correctne s. Testing is
performed at three Icvels. First . Individual modules are tes ted by develo pers. econd. modules are integrated
and lested to e nsure that they interface properly . Third . once all the modules have been integrated, the e ntire
~ystcm is tested to e nsure that it meets the user req uirements. ystem testing is typical1y co nducted by an
indepe nde nt quality assura nce (QA ) tea m. Rcca l1 from hapter 2 that this testIn g proccs, IS called ""I,dalloll .
Once system testing has been comple ted, severa llevc1< of uSlOmer tcstin!! are co nducted . During brill Ir li"9
the software is as 10<" to the final rciea,e as possible. and i given to part o f the e ll ta mer community with th e
understanding lhat they report any defec ts the y And . The goa l is to uncover a set of problem, that could o nl '
be ruscovcred wllh lhi s type of "rcal -world" tes tlnl!. O nce beta testing is comple te, at' ,plalll( If 11'''9 IS
36 CHAPTER 3 SOFTWARE PROCESS
condu Icd o nlhc "fi nal" release of <u hwarc. AccCplan~('lcS(S arc omprised of a ~ubsel of <y<u:m le<ls, and aTC
condu Icd b e ither the cuStomer or a represcnlalivc of Ihe CUSlOmer lO ensure Ihal II mee ts the customers
nlena for relea e. o m lilli e a round of acceptance tcstong is cond uc ted prior to beta testing, to make sure
that the system mcets ert"i n e ntcria before it is given to cu,to me rs for beta testing.
Maintenance
Aher the sohware IS released to u tomers, the ma on le nance phase commences. During mainte-
nance, modiAcations arc made 10 the sohware that "rbe Ihrough one of the fo ll owi ng :
• The repair of software ddecls Ihal a rc dIscovered durin g no m,,1 customer use of the system
• A desire to imp rove at tributes of the system suc h a pcrformance o r reli abil ity
Mod, fica t, o ns to the . oftware arc bundled togethe r, and new versio ns of th e software with these
mo di ficati o ns arc re leased . Maintenance is discussed in detail in C hapter 29.
Figure 3.3 shows examples of artifacts produced durin g each phase fur our example video store appl ication.
• Inception
" . . . The project will take 12 months, require 10 people and cost $2M ... "
" ... The clerk shall e nter video title, re ntcr name and date rented . The system shall . .. ..
" . . . Ran test case: Rrnl "Th, Ma ln'x" 001 OcI J , ro,l "Stoll'seui'" 001 Oct 4I return -T/',
.
tn' ·" 0" O~
Ma.x 1..1 f
0 • •
Result : "Stalli"uil" du, Oct " 200. balancc of $8. (comrt) .. "
Defect repair, "ApplicatIon crashes when balance is $10 a nd attempt IS made to "G W'tb tbt
W.
,n d" ," rent 0"' I
ftwan:: proces model deAne the order and freque ncy of phases in a project. The following sections
describe the most important process models, starting with the classical waterfall process .
One of the oldest oftware process models was deAned by Royce [ I] and is called the wa t,rjall proms. Despite
its many weaknesse (described later in the section), the waterfall process is still in Widespread use today and
is the basis for many other more effective processes.
FIgure 1.6 in Chapter I illu trates the phases of the waterfall process . Note that Royce's mode l begi ns
with the requirements phase he did not include inception and planning phases. In practice, o rganizations
implementing a wa terfall process wou ld typicall y start with these phases. The waterfall executes in a
~cwentiaJ manner through each phase, conclud ing with maintenance. n,e
output from o ne phase is used as
input for the next, implying that a phase is not tarted until the previous o ne has completed . It is accepted in
waterfall processes that there is a small overlap between adjacent phases. As an example , some personnel wi ll
be performing the last part of requirements analysis while others will have already started the design phase .
The waterfall process is c haracterized by documents generated by the time each phase is completed.
These include requirements specification and design specification, for example . Also, there are usual ly
entrance and exit criteria between phases to e nsure that a phase is completed successfull y before moving on .
In practice, an iterative re lationship between successive phases is usually inevitable. For example , after
the requirements are comple ted, unforeseen design d ifficult ies may arise. Some of these issues may resu lt in
the modiAcation or removal of co nflicti ng o r no n. implementable req uirements. Thi s may happen everal
times, resulting in looping between requirements and desig n. Another example of feedback is between
maintenance and testing. Defects a re discovered by custo mers after the software is released. Based on the
nature of the problems, it may be determined there is inadequate test coverage in a particular area of the
software. Additiona l tests may be added to ca tc h these types of defects in future sohwa re releases. A genera l
guIdeline, often accepted to sti ll bewithin the wa.terfa ll framework , is that feedback loops should be restricted
to adjacent phases . This min imize potent ially expe nsive rework if the feedback were to spa n multiple phases.
An modified model ill ustrati ng this iterative relationship i sh ow n in Figure 3.4 .
time
•
ReQuiremenls
Design
Implementallon
Phases (aerlvilles)
Tesllng
Malnlenance
Figure 3..4 The waterfaU software development process In pracllce: fcedMck Is IneVitable
38 CHAPTER 3 SOFlWARE PROCESS
A n,.lor limitati o n of the waterfa ll pro.:e>, i~ th at the tC\ling phase DC ur~ at the end of the development
c de th e f,rs t time the ,y,te m is tes ted a a w ho le. Maj or Issue< <u h as timing, performance, storage, a nd ~
on an be discovered o nl y then . Even With thorough up-fro nt a naly,, ~, these kinds of factors arc difficult to
predi t until en ountcred during te' ting. o lutJo ns may require either complex de'ign c hanges or modiAc~
tions to the req Uirements that the de Ig n 15 based o n, necessita ting Ite ration beyond adjacent phases
Discovering and repairing the e types o f ddect, <0 late in the developm e nt cycle ca n Jeopardize the project
schedule.
Major adva ntages and d isadvantages of the waterfa ll process are summanzed below.
Advantages
• S".plt 'llid tasy fo uSt: Phases arc executed and compl e ted senall y, with speCIfic e ntrance a nd exit criteria for
movinS between phases. O rde rly execu ti on of phases is easy to comprehe nd .
• Pracfiad for many yta~ and ptOplr I,aat milch txptritna ",iii, i~ The process is well understood , a nd many people
are com fortab le with its execution .
• Easy fo manag' du, fo fb , rigidi fy of fh, mod,l: Each phase has speciAc deliverables and a review process.
• Facililales al/ocahon of rrsourcrs (due to sequential nature of phases): Distinct phases fac il itate allocation of
perso nnel With distinct skills.
• Works "" II for smallcr proj,cls ",hm rrqui,rmcnls arr D'ry w,lI undt~ food : It isn't necessa ry to add complexity of
iteration if requirement arc well known up fTo nt.
Disadvantages
• R,qui"mcnls mu,1 bt h,o",n up fron l: It's di ffic ult to imagi ne every detail in advance. Most projects start out with
some uncertai nty, a nd mo re de tails are learned as the prOject prog resses.
• Hard 10 rs limalt reliably , T o ga in conAde nce in an estimate, there may be the need to design and implement
parts, especia lly riskier o nes. Estimates become mo re preCise as the project progresses.
• No f"dback of ,y,fem by ' Iakrholdm unlil afltr l" ling phaSt: The process does not facilitate intermediate versions.
Stakeholders often need reassurance of progress and confirmation that what is being develo ped meets
requirements.
• Major problem, ",ill, system artn·1 discolXfld unlil lal, in proms : The testi ng phase is where these problems are
found , but it leaves very little time for correctio n, resulting in potentially d isastrous effects on projec t
schedule and cost.
• LAck of par.Ilt/lSm : Each phase is executed to completion . Disjointed parts of the system could otherwise be
completed in parallel.
• inrfficitnl USt of mourers : T eam members can be idle while waiting for o thers to complete their dependent tasks
or for phases to complete. Also, someone good at requireme nts analy is is not neee sarily good at
programming.
Ikcause of fac tors like these, alternative (but related) proce ses are often emplo ed , and these are
covered in subsequent sections.
SOFTWARE PROCESS MODELS 39
The wa",rfall process is c harac terized by a seque ntial executio n through the phases. It is generally agreed that
the order of the phases d ictated by the waterfall i fundamental : ga the r requirements. c reate a sohware desig n
to realize the requireme nts. imple me nt the design, and test the implementation. The problem arises.
however. when this is caled up to gather all the requirement . d o all of the design. implement all of the code.
and test all of the system in a linear fashion [2]. Except for rhl' emallce' o( projects this is imP'1'ctical. As the
system is developed and renned , more i lea rned and a need arises to revisit each of the phases. That is,
software is mo re naturally developed in a cyclica l manner. where a part o f the system is deve lo ped and tested.
feedback is ga thered . and based o n the feedback more of the system is developed. This reAects the fact that
not everything is unders tood at the start of a proj~ct. Ilrraliv( processes accept thi s cyclica l nature and are
discussed in the rest of th is section . Figure 3. 1 is drawn in a way that reflects this.
~n ilcraliv< process is typined by reDba ted executi o n of tbe walerfall pbases. in whole o r in part. resulting
in a ren nement of th e req uire me nts, design. and implementation . An iterative process is incrm", lol if each
iteration is relativel y small. At the conclusion of SlI c h an iteration . a piece of operat io nal code is p roduced that
suppo rts a subset of the nna l produc t functionality and (eatures. Project artifacts suc h as plans, speci flcatio ns.
and code evolve during eac h phase and ove r the life of the project. Artifacts are co nsi de red comple te only
when the software is released .
As defined by Cockburn (3). incremental development is "a sch eduling a nd staging strategy that allows
pieces of the system to be devel o ped at different times o r rates and integrated as they are completed: This
implies that iterations need no t be executed serially, but can be develo ped in parallel by separa te teams of
people . Successive increments implement an inc reasi ng set o f functionality and features until the nnal
iteration . which produces the nnal product. Figure 3.5 illu.s trates this concept for a project with three
iterations. Note that the output of each testing phase is a working subset of the nnal p roduc t that
incrementally contains more functionality .
An iteration other than an incremental one is sometimes defined as "a self-contai ned m ini -project. with a
well-denned outcome: a stable. integrated and tested release" [2]. That is, each itera ti on is a self-contained
lime
1 •• •• • • • • • • • • ••• I •
• MIL EST 0 N E S:
First iteration completed X ,,, •
•
•
• Product released X
• • •
• • • ,• • •
SCHEDULE •
•• ,
•
•• • • ••
Iteralion' ~ 1 2 a
. - ••• _.•• •
.,_.- •
,
,• ._.,• •
••
•
,•
•
• -
Requlrements
•
• •
•
•• • ,•
analysls
1
•• ,
•
,• ,•
•
2
, •
•
•
• •, •
•
• ••
•
••
•
•
•
•
- .,•
• •
• -•
••
•• •
•
•
• •
• f-
Design td•
,
,
•
•
m
, ,•
•
•
0
•
:
• ,
,•
••
-
•
•
••
•
• •
•
•
•
•
• •
•• - •
• •
f-
co:
•
•
Cod Ing •• CD: •
CD: ••
- •, •
-• •
•
•
•
•
•,
_.•
•
•
• •
~
•
• , , •
•
• --
T...tlng
• •
•• 1 •• •• I 2 •• •
• [' I
,• • • • •
SottwarL-l SottwarL-l Final --1
Sub"t Subset Version
Flgure 3.5 The IteratiVe software development process: an example with three Itera tions
Sourc:t COCt:btxn, AI'R eit " UN&..e!I"K loocmofH.8I OoYelopment,'· JDnuatY 1993. hup'/lahstnl1 COCkburn USlUnravoUnx r!ncremontal ~ dCve.lQpn'lent.
.0 CHAPTER 3 SOFTWARE PROCESS
pro) t with It- ow n set of actlvitlc>, plan , o bjective , and tnea~urablc eva luation Crlterl. , The ' re lea<e" is a
workln~ vCrlilo n of <oftware that Is clther u>cd internall y by the project team or externa lly by stakeholders
and cu,t merli. Type of rel eases an be [2J
• A proof of Oil 'p I, or f,lISibi lily ' IIIdy, that Is used to demonstra te or invest igate feasibi lity of a particular aspect
of the software . Thi includes producing software or simulations These are covered in Section 3.2.32
• A prolotyp, that is a workmg verliion of software demo n trating a parti cular capabi lity that is deemed high
risk . Prototypes are covered in Section 3 2 3, t ,
• An "internal" release that is o nl y used by the devel o pment tea m and is used to ensure tha t develo pment is on
track, elicit feedback, and provide a basis fo r further devcio pment and addi tiona l capabili ties.
Trea ting each iterati o n as a self·contained project allows clear and manageable objectives to be set, and
reduces overall projec t complexity by breaking it down into small er pieces. By produci ng working software at
the end of each Iteratio n, project progress can mo re easily be mOnito red and planned, and feedback can be
ci ici ted to ensure that its capabi lities arc meeting stakeho lder requireme nts. Typically, early iterations
ge nerate softwa re releases that address aspects of the project with the highest risk . In this way, as the project
progresse the overall proJec t risk level is reduced.
An example o f an iterative and incremental process that is used within parts of Microso ft is reported by
Cusumano and Selby [4]. to wh ic h the y give the name "synch·and·stabilize: Product features are defined at a
high level during the initial phase of a project, with the idea that many Will evolve as product development
proceeds. The product is divided into parts, each co nsisting of a set of features , with small teams aSSigned to
each part. The project is also diVided into parts, o r iteratio ns. each with its own completion milestone. Each
iteration includes several features . Feature teams employ incremental synchronizati o n by combining their
work and stabili zi ng the resulting system o n a daily or weekly basis In this way the evolving software
application is continually kept in a "working" state .
Prototypes and feasibility studies are impo rtant techniques in software development, and are explicitly
included as formal steps, o r phases, in several process models. We discuss them now in more detail.
3.2.3.1 Prototyping
On begi nning a software projec t, we are usuall y faced with factorli that we do no t yet fully underlitand . The
look and feel o f gra phical user interfaces (CU ls) that will sati fy the custo mer is o ne common example.
T iming is ano ther. For example, suppose that we plan to build a Java application to control an airplane. A
critical issue to pm down very early would be; Will the Java Virtu.1 Machine be fast e noughl Each unknown
factor o r risk is best confronted as oon as possible so that its severity can be assessed and a plan developed to
deal with it. Risk management is dealt with in detail in C hapter 8. ProlotyPi"9 is an important risk management
tec hnique. It is a partial implementation o f the target appl ication useful in identi fyi ng and retiring ri ky p.lrtS
of a project. Prototyping can also be a way to obtain ideas abollt the customer's requirements. An inc,. a,e in
o nc's underlitanding of what is to come can save expensive rework and remove future roadblocks before they
occur. Agile processes contain some of the beneAts of proto typi ng because they deal at all times with worlt,ng
code, However, they do not have all of the beneAts, since prototypes proceed in parallel with the main threod
of the project, whether agile o r not.
SOFlWARE PROCESS MODELS .1
•• , ••••• ·0_ •°
••••••••••••••••••
....
•
••
risky parts of this ~, ••
•
Prototype activity lirsl
Project
beginning Main project timeline time
As Figure 3.6 hows , work on a prototype typically progresses in parallel with regular work o n the
project. The risks are prioritized and the prototype is geared towa rd as many of the mosi imporrant ones as
time allows. In the example shown in Figure 3.6, the prototype ignores the large risk near Ihe beginning of the
project because it will be dealt with early in the ordinary course of the project in any c ase.
Large programs, such as billion dollar defense projects, utilize extenSive prototyping to retire risks and
to guide the requirements and design of the real thing . For example , before the U.s. Navy built the Aegis
generation of shipboard systems, it built an entire scaled -back version , complete with software and hardware ,
installed o n a s hip for the purpose. Thi s prototype served to indicate to the Navy what the main problems
might be with the eventual systems . It also helped the Navy to deve lop the requireme nts and design of the
eventual system.
Simple gra phics showing curs usi ng paint · type too ls may be s uf~cient if the prototype's goa l i to
envision the interfaces. The more extensive the prototype, the mo re risks can be retired with it and the more
easily a customer's requirements can be understood . O n the o ther hand, protorypes are themselves software
applications , so extensive prototypes arc expensive . A rou gh assessment as to whether or nOt to build a
prototype is shown in Figure 3.7. Th e table in the figure illustrates, for example , that a re latively inexpensive
prototype with high va lue s hould probably be built. "High value" means that building the protorype helps th e
Calculate payoff
In detail
no
Calculate payoff
In detail
t
Payoff from building
prototype ($'s saved
per $1 spent) optlllUll full
expenditure project
on expenditure
prototype
Figure 3.8 Concept of when It is worthwhile to build a prototype (near the beginning)
cu tomer understand better what kind of product is likely to emerge , helps the e ngi neers understand better
what kind of product shou ld emerge, andlo r retires a development risk .
Many cases fa ll into the "maybe" ca tegory of the table in Figure 3.7, and more detailed analysis is
required to assess the value of protorypi ng. \'l/e are seekin g an optimal level of effort to be spent on a
prototype, as sugge ted by Figure 3 8. As the expe nditure o n a protorype increases, its usefu lness increases,
but so docs Its drain on the project's budget As a resuil , there is a point at which the payoff is optimal (the
maxImum point for the curve ), and some point beyond which funds are ac tually being squandered (w here the
curve drops be low the horizo ntal axis).
As an exa mple, consider an e -commerce application in which a clothing company wants to sell goods
on line, retain customer pronles, and allow customers to obtai n pictures of themselves wearing clothing from
the ca tolog . A typical calculati o n about prototypes factors the cos t of protoryping features and the potenti.1
for using prototype code in th e nnal product . Figure 3.9 gives nnancial estIma tes fo r prototyping four parts of
the clothing ve ndo r application ,
I . CUI screenshots
2. T ransaclioll security
3. Complete transaction
4 . Customer tri es o n clothing
For each of the fo ur app licat io n features consi de red fo r the prototype, severa l estimates can made,
the cost of building the feature , the percentage of the feature's implementation that will be reused in the
applicatIOn itself (i.e., not di scarded ), and the "gross benefit" from the effort. The gro benefit here
estimates the gain from prototypin g the feature , excludin g reuse of th e code and excluding all e · ~nses .
For example, as show n in Figure 3.9, we have estimated that if the "Customer trie on clothing" feature
were to be prototypcd, it would save a minimum $20,000 in development co fS Thi estimate I based on
factors suc h as the fo llow ing,
SOFTWARE PROCESS MODELS
Cross IkneRI
Perccn~g.
<xcluding code
of prolOtyP<'
Estimated reu.., Net P.yoH
code reuscod
cost min max In appliation •
mm mOl( .~
Figure 3.9 Payoff calculation example for building a prototype for a clothing application
LI , 'J"" v
• Preventing lime wasted o n proposed requirements that the prototype shows are not reall y needed (e.g .,
mi nimum of th ree un needed requirements out of 100, $300,000 budgeted for the requirements phase =
$9000 saved)
• Im p le me n ti ng a sohware desig n for the "trying o n clot hes" feature, thereby retiring some development risks
(e.g ., esti mate that t h is wi ll save a minimum of one pe~on - week of design time = $2000)
• Rewo rk th at would have resulted fTOm the customer cha nging requirements only after seeing the developed
product (e .g ., rework minimum of three requirements at $3000 each = $9000)
The minimum savings therefore is $9000 + $2000 + $9000 = $20 , 000. Estimating the cost of building
the prototype ca n usc approximation techniques like those described in Chapter 8. An estimation of code
reuse can be performed by identifying the classes of the prototype and determining which are likely to be
usable in th e actua l app lication.
This type of estimation often consists of adding up the estimation of sma ller parrs, which is often more
feasib le . Bracketing each estimate between a minimum and a max-imum can help to make this process a little
easier for the estimator.
Once these estimates are made, the best· and worst ·case scenarios for each feature can be computed.
This is shown in Figure 3.9. The minimum payoff value is obtained by taking the most pessimistic
combination : the highest costs, the lowest g ross benefits , and the lowe t reuse percentages. The maximum
payoff is calculated correspondingly. For example, the maxImum payoff (the most optimistic alternative) for
the ' CUI screenshot" prototype feature is as fo ll ows:
[ma xi mum estimated benefit ] - [ minimum estimated com 1
= $80 , 000 - [(minimum estimated cost) x (percent not reusable )]
= $80 , 000 - [ $10 , 000 x 50% ] = $75,000
U CHAPTER 3 SOFTWARE PROCESS
v rJ~illB is o ne way to deal with the >pread bel ween bcsl and worst ca'c, The result ~ugke<!s a
[lO'lIIVC payoff for all propo 'cd prolotypc fcalures ex ep l fo r the "tryIn g o n clothes· (eature, whIch prOjects
- $4000, an ovcrall wastc of $4000. The latter negatI ve resu lt IS due to relatively low payoff, high
devciopment cOSt, and low rell<C,
It may be adVIsa ble for the prototy pe to evolve InIO the appl ication ilself, but thi' sho uld be planned for,
no t accidenlal. By their nature, prolotypcs arc rapidly co n,lructed and rarel y documen ted They can be
imp!cmented uSIn g langua ges that get re ult, quickl y but may be unsuitable for th e applicallon itself.
One of the earliest and best known iterative proces es is Barry Boehm's Spiral Model [5). It is called a spiral
because Boehm concept1Jalized development iterating as an outward spIral, as shown in Figure 3. 10.
Boehm's spiral model is a risk· driven process in which iterations have the specified goals shown in
Figure 3. 10. (Recall that risks are potential events or situations that can adversely affect the success of a projcct.)
A project starts at the cenler, as it were , and each cycle of the spiral represents one iteration. The goal of each
cycle is to increase the degree of system definition and implementation , while decreaSing the deglee of risk. Risk
management is built into the process in that very early in each iteration , project risks are identified and analyzed
and a plan for the iteration is created that includes mitigati ng some or all of the risks. As an example, suppose that
at the beginning of a cycle a risk is identified with the screen layout of a portion of the user interface. Software
could be developed to implement pan of the user interface so feedback can be eliCIted from takeholders. Doing
this mitigates risk early in a project and leaves ample time to implement necessary changes. Thu the ov...11
project risk reduces the funher along you arc in the process. After the major risks arc addressed and mitigated,
the project transitions to a waterfall model , as shown in the outer spiral of Figure 3. 10
Each iteration in Boehm's spiral model consists of the follOWing steps,
COST
Dele,uutE ntROUCH
EVALUATE
oe,Ec11V£l. 8108
AL i EJdU.l1VEI
A1.. ftRNATIV£S, 1DE>m'Y,
CONsntAJNTI RE SOLVE R.tSKS
RISK ANALYSIS
,
RISK NtAl. Y&lS
-- - -- BEHCHMAR KS
-
OPERA nON
PLAN SOflWARE
"an:
SOFlWARE OETA.D.. ED
DEVELOP·
MEHT PLAN
ReQUIREMENTS
VALIDATION
PRODUCT
OESI CH ... ... ...
DESlCN
" CODE
INTECRATION
OESK;H VALIDAnON '"
"HOttST AND VER'FICAl1OH UNIT "-
PLAN NEXT PLAN
" TEST
PHAS£S INTECRA·'
, nONAHO ,
\ ACCEPT. ' lEST
IMPLEMEH. \ ANtE TEST
TAllON D£VELOP. VER IFY
NEXT LEVEL PRODUCT
6. Pla nni ng for next an d fu ture cycles-the overa ll project plan is updated , including sc hedul e, cost, and
numbe r of remaini ng iterations.
7. Stakeholder review of iteration de hve rables and their commitme nt' to proceed based o n thei r objective
being mel.
Each traversa l o f the spira l resu lts in in remental deliverable<. Ea rl y Itera tio ns produce eithe r model ,
emulatio ns, be nc hmarks, or pro totypes, a nd later Itera tio ns fo llo w a more waterfa ll· like process and
increme ntall y pro du " more complete versio ns of the softwa re Th is implies that ea rl y Iterations may
exclude srcp 5, and late r ite rat io ns may exclude <tep 4. Altho ugh Figure 3. 10 shows four Itera tion , the proces
doc:. not presc ribe a et numbe r of cycles, The numbe r IS die ta led by the <ize of a projc t, the number of nsks
id"nrified , and the ir rate of retire me nt ,
CHAPTER 3 SOF1WARE PROCESS
Ith ug h Boehm" ori!! inal conception wa, risk. drtven , the piral Model ca n also be driven by a
,eque n c f fun tlonallty sets For example, Iteratlnn I for an o nline video .on · demand appileatlon could be to
Implement the database of video, and it API , Itera tion 2 could be to implement the CU ls, and so on
Key advantases and disadvantages of the spiral model are li sted next.
• PIn,,.irr9 is b,,," 111'0 iI" procrss : Each cycle in ludes a planning tep to help mon itor and keep a project on track
• Mtry b, oo"kill jor ,mall projrclS: The complication may not be necessary for smaller projects. It does AOt make
sense if the cost of risk analysis is a major part of the overa ll project cost.
Boehm's spira l model has been very influential in giving ri e to many styles of iterative development
model , including, we believe, the unified process, discussed next.
The Unified Software Development Process (U SDP) was first described by Jacobson , Boach, and
Rumbaug h in 1999 [6 J and is an outgrowth of earlier methodologies developed by these three
authors-namely, Jacob on's "Objectory methodology ," the "Booch methodology" [7]. and Rumbaugh
et al : s Object Modeling Technrque [8]. The USDP is generically referred to as the U.ifird Proem (UP).
IB M's Rational Software division has developed a detailed refinement to the UP called the Ratio•• l Ulliflrd
Proms (RUP ), which is a commercial product providing a set of process guidelines and tools to help
automate the process.
The UP is a "use·case driven, architecture·centric, iterative and incremental" software process [6J.
Iterations are grouped into fou r "phases," shown on the horizontal axis of Figure 3. 1 I , lllcrpllcm, Elaboralimr.
COlls'ruelioll, and Tra.silloll . The UP's lise of the term "phase" is different from the common usc of the term.
In fact , referring to the figure , the term "discipline" is the same as the common use of · phasc" that we use in
thiS book.
Each UP "phase" consists of one or more iteration , shown across the bottom of Figure 3. 11.
Iterations are relatively short (e.g., threc weeks), the outcome of which is a tested , integrated, and
executable partial ystem . Iteration are built on the work of previous itera~ions, and thus the Anal product
is constructed incrementally . Each iteration cycles through a set of nine diSciplines, whi hare hown on
the vertic.1 axis of Figure 3. 11 : business modeling , requirements, design , implementation and test
activities, plus supporting activities slIch as configuration management , project manag menl , and environ-
ment [9J . Fur examp le , during an iteration some requirements may be cho. en , the desilln enhanced to
support those requirements, and the requirement. implemented and te ted . The hOri zon tal "hump ' next
to each discipline show the relative effort expended on each diScipline during iterations. For example, the
•
Phases
Oil..: lpllne.
II II T.-n. I
Business Modeling •,
,,
Requirements ,
Implemenlation
Tesl
Deploymenl
,,
Configuration ,
,,
& Change Mgml ,, :,
Project Management
Iterations
Figure 3.11 The unified softwa re development process: its " phases" vs. traditIOnal phases
SOUrce' Adapted from Ambler. S. w.. "A Manager's Intfoductlon to the Rational undlea Process (RUP)." AmbySoft (OeCember 4, 2OOS) , http://Www ambysoh..COOV
do't'mlOaclSlmanagerslntTOToRUP.pdr.
largest requ ire me nts effort is expend ed du ri ng Inception a nd Elaborati o n, and the large ' t Implementation
effort during Constructio n.
Th e fo ll owing arc desc riptio ns oi the work conducted during each of the UP "phase ",
Inception
• Establish feasibility
Elabora tion
• DeAne metrics
• ReAne project plan , Including detailed plan for brg lnlllng onstn.1 t lo n lIerallo n<
48 CHAP 1ER 3 SOFlWARE PROCESS
T r.nsition
• orrect defects
Ea h UP phase concludes with a well -defined milestone , where key deciSions are made and specific
goals defined Figure 3. 12 shows these milestones and where they are fulfilled in the process .
The typical amount of time spe nt in each UP phase is shown in Figure 3. 13 ( IOj. However, this varies
depending on the type o( project. For example, projects that contain o nl y mino r enhancements with known
requirement may spend morc time in the Construction phase, while projects for which very little is known
about requirements may spend more time in the Inceptio n and Elaboration UP phases .
The advantages and disadvantages of the unified rocess are summarized below.
• Mosl asptcls of a prOllel art accolm lrd Jar: The UP is very inc1usivI=, covering most work related to a software
developme nt project such as establishing a business case.
• Tht UP IS malur< , The process has existed for several years and has bee n quite Widely used .
............ 1
I - CGnIIru-..Ibl ,.,...."
Transition Inception
10% 10%
Elaboration
25%
Construclton
55%
Figure 3.13 lYPical time distribution of the rational unified process's "phases"
SOurce: Adapted from Ambler. S. W . "A Manager'Slntrodoctlon [0 the Ra !MJoaI unified Process CRUPI "~ Ambysoft (DeceOlDef 4, 2005}" nttPJtwww.amoysoft.conv
dovJnkwk!managet"SfFltrOToRUP pdf,
Practitioners and vendors of the unified process have modified It to be morc like an agi le proccs ,
discussed next.
This sectio n Introduces agile processcs. C hapter 4 is dcvotcd entirel y to agi le methods, and agi lity is
referenced and compared throu ghout this book
In 2001 . a group of industry cxpcrt~ , disillusioned with some ommo nly held software engi neeri ng
beltefs and practices. met to discus way to Improve softwa re development. Thei r goa l was to produce a et of
values and princ ipl es to help spced up development and effectively re~ po nd to change . The group ca lled
themselves the Agile Alliance, in cssence to capture th elf goa l or produ Ing a mcthodology that wa< efficient
and adaptable . The resu lt of their work was the MmllJrsloJor Agi/t SoJlu)(I(( D".,lopmtlll [ 1 11. . 1 0 knO\~n as the
Ag,k ManiJ,slo , which co ntains the va lues and pron iples they defi ned. All agil, software pro c< is o nc that
embrace~ and co n/o rm s to the Agile Manifesto. whi ch i, umm arized In Figure . 14 .
Ag"e processes are hrghly Itera tive and incremental They comm only cmpl oy the foll owing:
• A code-centric approach, docu mentation nn an a' · needed bnSl< (e,g . h, gh·level reqlllrcment' statement<
only)
50 CHAPTER 3 SOFlWARE PROCESS
• . . . wo rkin g software
• .. , customer collaboration
ove r ontra cl nego tiati on
• The use of use r sto ries as the ba sis fo r requirements end -to-end accounts of ho w uscrs need :0 acco mpl ish
indivi dua l tasks
• Rerncto ring, a kind o f d isciplined code Improvement explalOed full "" C hapter 24
• Pair programm ing, In whi ch tw o programmers work at a single wo rkstati o n
• Con ti nual un it· ccs ting, and acceptance tests as means o f setting customer ex pectations
Figure 3. 15 shows how the repeated iterati o ns o f an agile process arc executed over time. "Sto ry" is a task
required of th e application as th e eu tomer co nceives it.
Demonstrate
fulfillment Accumulating
of previous functionality J
stories
,,
,, Identity stories for th is iteration
,,
,,
,, • Interact with customer
,,
,,
, • Cement mutual undersranding
,,
,,
,, Implement stori es
,,
,, • Work incrementally
,
,,
, , • Develop test bank In parallel
------
,,
,,
---- --
----
,, Typical
,,
" ," Iteratio'l, _- --
• n.. praitel alw"Y' ha, d,,"o"'lrabl, ","/r" The end product o( each iteration is working software .
• DnJtlo/ltrS tn.d 10 b, mort •• o/illnl,d, Developers prefer to produce working art.lacts and tend not to like creating
documentation .
• C.'lamm a" abl, 10 /lrollld, b,u" ",/""""",1, b, a"St Ihry cnll s" II" ,"ol"i"g proJllc/,
• Probl""aric.1 for lnrg, appli alia" , Agile methods are more readil y used for smaller projects. There is debale
about their utility for large projects.
• Docum",lallon outpul is qutSliOHabl" Since documentation takes second place, there i a question a. to whether
necessary documentat.on will ever be produced.
Open·source software is developed and maintained by people on a volunteer basis. All project artifacts, from
requirements documents through sourCe code, are available 10 anyone . The re are several open -source
software development Web sites on the Internel Ihat aggregale and reference open source projects, including
SourceForge.net and Freshmeat.ne!. As of 2009, SourceForge.nel hosted more than 100,000 projects and had
over 1,000,000 registered users. Hosting sites provide source code reposi tories and utilities for projecl
management, issues discussion , and source control. The case studies in this book dlustratc two well known
open source projects, Eclipse and Open Office .
Open-source projects typically get started when someone develops an applicat.on and posts it to a host
Web site V.rtually anyone ca n propose new requirements, and since the source code is freely ava.lable,
anyone can implement requirements that arc not part of the o(ficial baseline. There is a process by which
proposals and implementations arc elevated in priority and a process for accepting new code and capabdity
into the basehne. If defects arc (ound, they are reponed and others may work on fix ing them . This process is
repeated, and the application grows .n capabdity and $tability . In this wa y, open -source projects arc
developed in an .terative manner. In addition, by exercising aA appltc.tion many times, the open - o urce
communtty affects a huge testi ng process.
Some reasons why an individual o r company makes a project open source arc listed .n F.gure 3. 16 and
3.17, a,n d reasons why they may nOI arc listed in Figure 3. 18. A pnmary reaso n to make a proj" t ope n ,ource
is to leverage a large number of resources that might not otherwi<e be avadable A principal reason to no t
make ,o(tware open source., to keep artifacts h.dden from current and prospc live competitors. o me (e .g.,
Ferguson [ 12] and Kapor) believe that o pen <ource may become the do minanl pro es lor produci ng
wltwarc
An ,nlerestlng art.cle wntten by Alall Jo~h dillstrates how Ihe ba nk Dresdner Kleim_on Wla sers leln
(DrKW) turned .t~ .nternally developed b.ck-c ndJa va integrallon too l, pe nAdap lcr, Into open <ollr C and
how It beneftted (rom the deci,lon . The (ollowinu "an 'XCC rpl (rom thaI Mil Ie
Samolades el.1 [ 1~ J studied ope n ' Iource d evelopme nl and compared .t w.th dOled s ure ..
>oftw.re Us.ng common me ln s, O code Qualtty was lound roug hl y equal to Ihat 01 _ , nnd 101lnd
to be supe-rior for mainta.nabd.ty . or at wo"t equa l n me o ( Ih el r result, nre Ih wn In F.gurn 3 19
and 3 lO .
52 CHAPTER 3 SOFTWARE PROCESS
• •
ompanies mI x and match opcn·source and proprietary processes according to buslncs nttds
F.gu re 3.2 1 suggests Ihal the pro porti on of o pen·source o r pro pnelary sofrware used. a bll IIle deci ion
ta ke n .n Ihe eonlex l of ex penses and revenues over t.me. An important factor is the expense of tn. lo ring and
• ••
malnta lnill g open SOurce
SOFTWARE PROCESS MODELS 53
•
,, Opel.tins 13 OSS project that ga""
I 'Y'km appliatlon I birth to a CSS project
while still evolvi"8 a OSS
Figure 3,19 Maintainability index comparing ass and CSS for the same application, 1 of 2
Scx.vQr ~, toanrVs, I SIbmC'IOS. L Artgclls, and A. Ofltonomoo " open source softwaro dOYOk>prnCOl shol.dd str ive ~ even greater cooe RlIlntAtnotlilaty "
~dons of tn..t Ae M. Vol 47. NO, 10. OCtober 2004, copyrlgh l (" 2004 ASsocIaOOn lor computing MachInery. Inc. Rop'Ii"Ued by pbll'rtsOO
5' CHAPTER 3 SOFTWARE PROCESS
Figure 3.20 Maintaina bility Index comparing OSS and CSS for the same application. 2 of 2
Source SamoLadas. monls. I Stametos. L Angel.S. and A. Qlkonomou. "open source SOftware oevelopment ShOUld strive for even greater code rnamtalnabIJty ..
CommunlCatloos 01 the ACM, VOl 47, NO 10, October 2004, copyright, 2004 , As.soclallon for COmputIng MaChinery. Inc Reprtnted by PeHI''ViM.
Various tools and e nviro nments are available to faci litate open -source development. Figure 3.22 shows a
sche matic diagram of o ne sllc h tool. Collabnet. "Subversion" is an o pen -source version control system used
for many open·source prOjec ts
Key adva ntages and disadvantages of o pen -source processes are summarized below.
• TI" work oj mauy moy b, obloiudj"" For projects that mo tivate o thers. work can be o btained from motivated
o utSiders.
• Dn"lopm I",d 10 b, mort moliva l,d. because they choose to work o n it.
• Op",-sollrcr applieoliolls art v'ry w,lI ltSl,d, because they arc continuall y exercised by many and usually have
efficient testin g processes .
.. ..
-=..:-
I 'we&. AI'IJI' ICb
Pp'e;rtt
, i I
u...-.p.'I O'. +
t ...- ... " ' . . . . . .
_rapEl. ~
M. 'I' "tOl'I/to.w
..,tfkU MId t ooh
b, p la~
(,,,"",.0-0_
eo
• 'i ,
prw. •
,.,,' ,--
..., 7,="
v, ..., ' 'ns
-- - " •
•
-- • ...
- ."' __ .0.111 I.
- C La
lOCI .. ~1101 In •
• Tbry art flIlflilablt 10 Oil' m.d all : Th. is part of the barga.n
• DOCunlrntlliio Pl 15 qucstio"ablr: Developers are not cont;islc m In what they produ e
• DtSi9" dorum(1,'alioll '(lids '0 b, poor. It seems that the ope n·source proce"
has espcc .ally great trouble keep.ng
designs and code sy nc h ronized, a nd so dcsign docum e nts are ofte n poor or even no nex.sten t
To ,einfo rce th e concepts o n pro esses de> ribed '" thl< chapter, we continue w.th ca e stud.c
T o re",force the many softwa re c ng",cen ng o ncepts and practice 'n trodu cd in th" book , .t's best,f ou are
develop.ng a oftwan: project .n parallel You will ga lll the mo,t If the prOject .s a tea m dfort a< th.s I> ho\,
most real . world ,oft ware project arc exc lItcd At the e nd of most major parl< of the book a 'C lion ( lIch a'
th. s one) enti tl ed Ttam Gu.da" (ca n be found . gu .d .ng 'o u throllg h th e different pha,,,, of o llr group proJe t
56 CHAPTER 3 SOFlWARE PROCESS
Y u will he a,ked to ~c nera te speciO artd act<, and exa mple, WIll bc provIded , howi ng how real and
h i at hetl ca l tea m, 1(0 about develo pIng apD" atlOI1, We WIll o ft'cn USc the Encou nter VIdeo game case: study
a, all exa mple to dlu,trate team gUIdance
1any students look back o n the lf tcam proce,' as a Slgn lncant learnIng adve nture If the team
aVO Id, a few co mm o n i)lli all , th e adve nture an be a most enlI g htenin g and useful experience From
o ur i,ast experie nce , the bes t size for stude nt g roup, IS (our Or five . Any less and the workload fo r each
<tudent is toO great. More th a~ !lve doesn't afford all team members the opportu nity to contribute in a
mea nln g(ul way
T,p di tnbutcd th roughe ut th e te-xt arc desig ned to help groups maximize the benefit of group work. In
add,ti o n, cxerelseS at the e nd o ( th e chapter assign peclAc art ifacts to be developed as the prOject progresses
through the o ftware Ide cycle.
T he fo llo,"ing sectIo ns provide gui dance for hnld ing an initial team meetIng , developing a team
com muOIc;ltion plan. and exercisi ng the commun ica tion plan
T o start 0(1 ,he project , the team shou ld have an inItial meetlO g and make the decision sho wn in Figure 3.23.
Agenda
All meet lOgs should have a wnnen age nda and specific start and end times.
Team Leader
Decide who your Ars t team leader wi ll be (being a tcam leader provides yo u with valuable experience but puts
additional demands o n your time and communication skills) . To distribute the beneAt of team leadership
practice . It can be beneAClal to swa p team leadership about halfway through the projec t. Both team leaders
can be chose n up front , and they ca n back each other up in case of emergency.
•
CASE STUDY: STUDENT TEAM GUIDANCE 57
Time Commitment
A big source of frustratIon in tudent teams is a lack of commItment of some team members. It is far better to
d, cuss commitment at the beginning than to try to fix a problem after the project is under way. To reduce
~he rc entment that follows when some team members feci they arc contributing much more than others, set
In advance an expected number of hours of commitment per week . This al,o helps to make members work
more efficiently .
Team Skills
For tudent projects there is often a trade ·off between producing an impressive · looking product and learning
new skill . To produce the most impressive product , team members would speciahze along the hnes of their
greatest strengths. This is a typical industrial mode . They may al 0 be tempted to sk ,mp on document.tion In
order to demonstrate more features . T o learn the most, however, team members need to try actiVIties '"ith
which they are inexperienced (e .g., team leade rs hIp). They also need to do thing rig ht. Teams deCIde how
and when to trade off between goals by speCifying when they WIll specia hze and whe n they wi.ll try new role
Instructors try to establi sh evaluation criteria that encourage learning.
Vision
All projects start out with a vision for the software to be developed In industry thIS is tYPI call y initiated by the
marketing department, which develop bUSIness req uirements fo r the product For ,tudent projec ts, the
product vision includes the purpo e of the application , major (u nctionality and operatio ns, and major ",puts
and outputs .
Communication Plan
Decisions need to be made as early as possible as to how the team will handle commUnicatIon . The next
section covers this in detail.
Meeting Minutes
During team mcetings, a member is de ignated to write the meet ing minute The purpose of meeting minute
is twofold. First, al l important decisions or agreements that are reached are recorded , ' 0 they are not forgotten
and can be referred back 10 if necessary . As an example, during the meeting it rna)' be decided that Coogle
Docs will be used for storing all project speciRcation . This decision is recorded in the meeting mInutes. The
second purpose of meeting minutes is 10 record unresolved issues that require follow up action. These arc
referred to as achon itrm s. Each action Item is assigned to one or more team members with a target date for
completion . An example action item might be that Joe is to investigate and recommend a sourCe o ntrollOol
for managing the project's source code, and is to complete his actIon In one week. It is a good Idea to revie,"
open action items at the start of each team meeting.
When a softwa re prOjec t IS IOltiated in IOdustry, a set of project gUIdelines, 1001s, and commUOlcatlon
procedures IS tYPIcally established 10 ensure that the project IS cxecllled a effiCIently as pOSSIble ThIS hould
also be done for you r f(roup proje t.
Many team problem ari,<." (rom a failure to 01l1tnunicatc fully ThI S problem i nOt Itm ited to ,tudent
prOjcct,_ Real -world teams suffer from 11 as well. Errecl1ve verbal com01uOl ation means maklOl: sure our
thoughts are fully understood and I, steninll 10 what o thers arc ,ay'ng Th, " ntl al (or team' to be
58 CHAPTER 3 SOFTWARE PROCESS
• Don't pre-judl!e
uccesshll. The pre epts shown in Figure 3.24 will h e lp you avoid ma ny communication problems. They
sound simple but ca n be hard to follow , especially during times of stress.
C reate pol,ei" for commun ica ting and sharin g informatio n with each other, oncludi ng gUi delines for
g roup ed'li llg and merging of documents, setti ng up a nd agreei ng to meeti ng times, sharing project artifacts,
and so o n
DeCide on procedures lor how yo u will ge nerate docume nts for the projec t. You pro bably ha ve to deal
wi th di ussing the scope and co nte nts of a document , writing initial dra fts, ed iting th e drafts, gettong group
agree me nt on edi ts, merging drafts and producin g the final document
Many teams-i ncludin g some stude nt learn s-a rc widely di stributed geogra phically, and the means of
commun ication becomes especi all y important. Large projects arc often developed by multiple groups at
mul tiple si tes, someti mes in multiple countries. Mergers, acquiSitions , "ollshoring," dis persed speCialists, and
joi nt ve ntures ofte n ro ult on people at multipl e si tes working together on projects.
An increasi ng number 01 products are available to lacilitate group work, including groupware, video
conferencing, and in tant messagi ng . Each com municatio n medium has speCific stren gths. In an y case, well-
run face -to -Iace meetings are very hard to beat. II possible, schedule re gular face -to-face meetings at least
once a week lor a n hour. It is hard to conve ne an unscheduled meetin g but easy to cancel a scheduled
meeting . You can make It a goa l to limit actual meetings to less time. However, il the committed time is
short-say a hall hour -you will ~nd It very difficult to make lo nge r meetings because people will build the
sho rt time Iomit in to their schedul es. If you think that your tcam may need to meet additionally, it is advisable
to agree o n when that would be each week. Set aside the time and aim to aVOid a meeting. This provides a
posi tive goal and it avoi ds the problem 01 repeatedl y trying to find a common time when meetings are
nee ded. When you set meeti ng times, specify an end time . Meetings typically expand to fill the allotted time.
You should always have an agenda for your meetings, otherwise your meetings will be less organized and not
as productive as they could be_
E-mail is an essential tool, but can be pro bl ematic due to unpredictable delays. Messages can become
unsynchro nized , damagi ng the threads of d ia logs. This is e pecially senous near the end 01 a project when
communica ti on is (TC:quent and of immediate importance
Use a shared Web Site, wiki , o r chat -ty pe faCility . For example, at the time 01 thiS writin!! , a number of
frec collaboration too ls arc available fTOm Coogle.
Do not merely state that you will use a particular tool such as Microsoh Word lor word processin,_
Specify a version number, and exchange a lew documen ts to be sure everyone c an read and edit them. Don't
c hange versions during the project without ensuring compatibility first ,
Document your decisions in a team (om... ". iratio. Pin. , as outloned in Figure 3.25.
SUMMARY 59
tllHal do Plot rtpln ( In('(~lo -fa t nltttlt19 wtlh rt'"ott II1t(/II'9s u,lIns (('molt mttlh1gs arc
de.lr/Y .JJtt"hve.
2. Meeting alternative : Team members should keep Fndays open from .. to .. In case an additional
meetlng is required
It is important to test the methods speciRed in you r Com munica ti on Plan so you can make necessary
adjustments as early as possible in the project. This will avoid scra mbling for alternatives a the project
workload increases .
Search the Web for the latest information o n a topic determined by the instnlctor. Note at least four of
Its baSIC goals and at least five of the techniques it uses. Have everyone in the group contribute ome
information. Create a document containing your group's results, and practice how you 'vIII utd ize your
procedures for group editing and reviews. How 'viII yo u o rganize thi random activity] H ow can you obtai n a
useful result instead of a conglomerallon of unco nnected text
3.4 SUMMARY
A software project progresses through a ~erles of activities, staning .t Its conccl>ti on .nd conllmllng all the
way through its release Project arc orga nized into phase , each with a set of aC!IVllies conducted during that
phase. A soflw.rt process preSCribes the interrelationship among the ph.,es by expressing their order and
frequency, as well as defining the deliverable of the proJect. SpeC ific sofrwdre processes arc called ,of'"'ar,
prow, ,"odd, or 11ft <yel, modd"
Most software process models prescribc a slmd ar se t of phaSe< and actlvitle< The difference b~twee"
models I< the order and frequency of the phases. The ph. es in lude planning , reqUirements anal SIS, deSign ,
Implementation , te ling , and maintenance
The walery.1I procc.s is one of the oldest and best known so ftw.re proces. modcl~ . Prole ts fo ll oWII1!; the
waterfall process progress sequentially through a senes of pho<es. \'(Iork tr.n ition< to a phase when work o n
the prevIous ph ase IS compl cted
/1".,,", and ,"cr""<tII"/ processes are c hara ten zed by repcatl'd exe ulion of the waterfall phosl's . "" ho le
Or ,n part, re>u ltlng in a reflncl11e nt of the reqUirement , de"gn , o"d Implementation . AI the on IU 51O " 01 an
Iteration, operational ode IS produLcd that uppom a ,ub~el of the nnal pr du t' lun 1I0 nolit)' Project
artifacts such a~ plans, > p ~Clh atlon<, and ode evol ve durinl! ca h pha~e and owr the Id e 01 tlw pr Ie t
Examples of lterallve Pfl)CC" s melude the <p lral model , the unlhed pro C" , and agi le pro C"t·<
60 CHAPTER 3 SOFTWARE PROCESS
A~,/, pro e"e< arc 1"8 hl itl'raII ve , and elllphas,ze workln~ ode Ih roughout, as wel l as frequent
,ntcra tinn.; with th e U\lOIlU.:r.
A PllllolyPt ' a partia l lI11pl emcnlallon of the largel app licali o n u clu l ,n ,dent"'}'ing and re llring rISky
part> of a projc 1. 11 can <o mel,m es be a way 10 ob lOln ,dea; aboullhe customer's reqUlremenls. An ,ncrease ,n
understandi ng whal. 10 come ca n ,ave expon ivc rework and rem ove htlure roa dbl o ks before they OCcur
lany tlcra ll c I>roce , lIIodel. inco rpo rale prolo lypes ,n o ne or more o f Ihelr Iterallons
omC lImes, it " unclear whe lh er certa,n requiremenls ca n be ,mplemenled In pract,ce, plac,ng the
enl.re prOject at " k. In su h cases, !((I"bd, ly " lIdits may hc advisable, wh.c h are partIal Im plementations or
si mula lions of the app hCJ lio n.
In o pen· ource proces <s, so ftw are is developed and malnlained by peo ple o n a volunteer basis. Sou rce
code 's open 10 all , and th ere Is a process for virtua lly anyolle to susgest and Impl eme nt e nhancements and
. ubmil and repalfddccts This process is re pea ted and the app hcat .o n grows in ca pabili ty and stabIli ty. In thIs
wa , ope n· source proje ts are developed ,n an iterat,ve manner. In addit,o n, by exercising an application
many tim es, th e ope n-course community rtlnctlons as a huge test ing process.
3.S EXERCISES
1. During whi ch process phaseCs) would each of the fo ll owi ng aClivities occur;>
a. Creating a project schedule
b. De leml irlin g Ihe need for a bar code reader
c. Req uestin g the additio n o f a fi le backup ca pability
d. Performi ng a feasibility ana lysis
e. Documenting the software interface to an SQL database
f. Acceptance of the softwa re applicallon by the customer
2. G ive an example of a software project that wou ld beneAt much mo re hom usi ng the waterfall
process than fro m using most of the alternative processes. Explain your reasoning.
3. Describe the d ifference between iftr.,i., and incrt",,,,,., development. Describe the ways in which
they arc related.
4. Give an example of a software project that would beneht mo re fro m usi ng an iterative and
.ncremenlal process than fro m using most of the alternati ve processes. Explain your reasoning.
5. a In your own words, explain hmv the spiral model utilizes risk anal ysis and risk mitigation.
b. Exp lain why Ihe o uter spiral of the spiral mode l utilizes Ihe waterfall process , and how the
spiral model miligates the inherent disadvantages of the waterfall process.
6. Give an example of a software project that would beneR t much mo re from usi ng the spiral process
than from usi ng most of the alternalive processes. \'(frite a paragraph explain ing yo ur answer.
7. How do the phases of the unified proce .. (UP) differ from the pha es usually deRned for oftware
processes'
8. Describe Ihe pros and cons of each va lue listed in the Agi le Manife<to (sec F,gure 3 14).
EXERCISES 61
Communication
For the following exercises, consider as a group how you will perform them , check the hints below,
then carry out the assignments .
TI . Decide who your team leader{s) will be . Note that being team leader provides you with
practice that may be hard to get otherwise.
T2 . Decide how your team will communicate, specify your communication tools and methods,
and test your communication methods. Be specific: YOll may change the specifks later.
T3 . Search the Web for the latest mfomlation on a topic determined by the instructor (e .g., the
TSP). Note at least four of its basic goals and at least five of the techniques it uses. Post the
references to the course forum or \'(feb site If there is one. and annotate your posting with the name
of your group . State individual or gTOUp opi nio n of the topic or issue.
Your team respo nse should be 4-7 pages long .
I. Schedule regular face-to-face meetings at least once a week, if possible It is hard to convene an
unscheduled meeting but easy to cancel a scheduled o ne .
2. E-mail is an essential tool. but can be problematiC due to unpredictable delay . Messages can
become unsynchronized, damaging the threads (subjects) of dialog . This is espeCially senous
near the end of a proiect when communication is frequent and of immediate Importance .
3. Use a shared Web si te or chat.type facility . Free services are available at hnp://groups.yahoo.
com!, for example .
4. Do not merely state, 'We will use Superword for word processing ." Specify a version number,
and exchange a few messages to be sure. Don't c hange versions dunng the project without
ensuring compatibility Rrst.
5 Try out all the standards and methods you have chosen .
Throughout this program of study, validate your plans and inte"tions with practical tests
whenever possible. Try to u e at I~ast two independent tests. In genera l, assume that your project
Will be much more demanding In the future than it is at the beginning .
T3 hints: Usc th is activity to strc ~ your communication system . Forexample , you may want to set
up a Web site to which team members are to add new TSP mformation How will you orllaniu thi
random actlvlty7 How can you obtain a useful rc. ult In tcad of a conglomeration of unconne ted
text7
62 CHAPTER 3 SOFTWARE PROCESS
BIBLIOGRAPHY
I. Ro "O c, \: " ·M~n"t4lng the DC'v(lopmcnt o r Large Sohw3 rc YS It'lm o ncc:pts 3nd Tt'chnlquc'l: IEEE WESCON "70 , Aul\Kt
1970. pp 1- 9
2 BluMer, Kurt , .lnd Spence', I • 2007, "Mmt4~t"g hffolljW So/tuum DwdopMmf P,o), 's:' Addjson -Wc~IC)" , Peirson EduC1tlon, Inc.
kbum. Alistair · Unr.wdlllM I nc ~m('nl<ll Develo pment : )Jnuolry 1993 http://a ll~talr cockburn uYUnnvtilng+l ncre-mentll
.. devci opment l ;) cct~sc d November .s, 2()()<l j
... uSUnlano, MichJd, Olnd R. W dby "How Microsoft Builds SOhWolrt' ~ ( o",,"w,,.cotiopu: oj fJH ACM, Vol. 40, No 6( 1997), pp.53-6'
s. Boc:hm, B W "A Splroll M.1dd of Sohwan: Dcvc/opment and EnhJncemc:nl: IEfE (o",,,,,'n, Vol 21 . No. S (MayI988). pp 61-n
6 Jacobson. IV3r, J Rumbaugh , olnd C . Hooc h The lI" iflrJ SOfhj'fJrr Dmt/opl'flntl PHKnJ , Add,son . Weslc:y, 1999.
7. Sooch. CrJ dy Ob)trl-Onnttcd A"jll)'~ ' f (fltil [)cs.glf wit" AptJlir(,lIons, Addlson . W~Ic:y , I 99" .
8 Rumhaugh , James, M 8131111, W !'remcrlanl, F Eddy, and W , Lorenson , "Objut.OrindllJ Mode/mg m,J DtS'9"," Prenttce: Hall, 1990
9. LumJn, rol l S , Appl)'1"9 UMl Qlta Pallrm, Art ["'rodllC'l/olt to OU)tC'I-OrimItJ Aml/yr,s oJmI ON'9rt IInJ [krait"" Dt1J(U,,,rMtl," Prenlice t-UII ,
M
lOOS.
10 Ambkr, S. W " "A ,\iafttJ9rr, , .. ,roJIlCllo" 10 Ji)( Ral/oftal UK'fled Procm (RUPJ .. Ambyso (t (Dtccmber 4,2005) hnp:!/www.Jmbysoh.com/
unl flcdproccs ruplntrodu tio n.html (accessed November S, 2009 ].
1 I Beck, Kent , Mike Beedle , Ane VOln Bcnnekum , OInd AlistaIr Cockbum , · Man l rc~t o (or Agile Sohw;u't' Development,· feb 2001 . http://
a~plemani(est o org/ [accessed November S, 2009J
12 Ferguson, Charles, · Ho..... Lmux Cou ld Overthrow Microsoft ," T«lm ology Rrou1D Uun(2005 ). httpllwww.tcchnologyrevkw.coml
computmgl l4504! [acccssed November 5, 2009).
13 Samol .. das, loa nnls, I Stamdos, L Angel.s, ilnd A. O.konomou, "Open sourcc software devdopmcnl shou ld strive for t'Vcn grU(Cf
code mainliltnilbiluy: Co,"mUI'"cnlrolfs of tbe ACM, Vol. 47, No. 10, October 2004
Agile Software Processes
Design
Figure 4.1 The context and learning goals for this chapter
In the t9905, agile softwa re development came In lO being as an a ltern ",ve to the existing classl al
approa hes to ofrware engineering that were percelvt·d to be too · pro ess·heavy · TI,e e claSSical
approaches emphasize the need to plan projects In advJncc, cxpn:s, requirements In writing, provide:
"""tten deSign sa ti sfYi ng the reqUIrement , wrlle odc ba ed o n these de\lgn' an,fying the written
requiremcnts, and fina ll y 10 test the results A we ulstll<>ed in hapt er I and 3. how<'Vcr, Illany prOjects
(ollowlng the e steps exh ibit major prol lem, A primary rea,on I< that >takeholders do not ~ uallv kn w at the
mCeptlon of a proJeu entirely ,,,hat they reqUire Ag"e process!:, addre" thl< shan oOllng Thl' hapter
dc(,n~s w hat" meant by as"e dewlopment, des nbe< ,evera l peclfic softwa re proce"e. that adhere to allile
pnnclples and arc thus ons ldered .B"eprocc"e" and d"Lu ses h ow all " e and non -ag ile pr c'>es can be
coOlhtncd
6. CHAPTER 4 AGILE SOFlWARE PROCESSES
gro up of II1du, try ex perl, me t "' 200 I to d l cuss way' o f Improv in g on the the n wrrent <onwa re
d e c lo pm e nt pro",St. that th ey o mplnined were d o umenta tion dri ve n a nd pro css heavy. Their goal was
to produce a ,el of va lues and pnn ipks to help speed up development and effect ively respond to c han g~
ailing the mselves the AgIle All,ance , the g ro up's goa l was, In esse n c, to pro duce a d evelopme nt framework
:hal was dAcie nt and adaptable . Durin g th e 1990 , variou, Iterative so ftwa re mNhodologies were begi nn ing
to s"i n popularity. o mc we re used as the baSIS for the agi le fram ework These methodologies had dJffercnt
combinatio ns of o ld and new Ideas, but all shared th e fo ll owIn g c haracte ri sti c [ I)
• Clo<e co lla boration betwee n prog ramm ers and busi ness experts
• Metho ds to c raft the code and the team so that th e Inevitable require ments churn was not a crisis
As a resu lt of t hei r mccting , th e Agile Alliance pro duced th e Agi le Manifesto [ I ) to ca pture th~ir
th o ug hts and id eas , and it is summari zed in Figure 4.2.
N o te that the Agi le Man ifesto IS not anti -metho do logy. Instead, its auth ors inte nded to resto re balanc~ .
For example , they embrace d esig n mo deling as a mea ns to belter understand ho w the software will be built,
but not prod uci ng dia gra ms that arc Rled away and seldom used. They embrace documentation, but not
hundre ds of pages th at cann o t practically be maintained and updated to reflec t c han ge [2J.
The fo ur PO Ints of the Agi le Manifesto form th e basIS of agile developme nt . The Rrst part of each
stateme nt speCifies a preference. The second part speCifies so meth ing that, alth o ugh important, is of lower
priority . Each of the four poi nts is described next .
We are uncovering better ways of develop ing software by do ing it and helping others do it Through this
work we have come to value:
That is, while there is value in the items on the right, we value the it~ms o n the left mo~ .
adapt the proce5 and modify the tools as appropriate to ge t their job done as efficiently as possible. As
suggested III [ 3J. agile ",ethods offer generative values rather than prescriptive rules, a nllnimum set of values.
observed in all IllIation , that generate appropriate practices tor specia l situations . Individuals and teams usc
these rulC'S when problems ari c a a basis for ge nerating soluti o ns that are appropria·te for the projecl.
ereali iry IS emphasized as a major means for problem solving. Thi s is in contrast to more rigid sofrware
proce e , whi h pre cribe a set of predetermined rules and force teams to adapt themselves to these rules.
Agile practices uggest that the laner approach is not effective and actually adds to the risk of project failure .
In addItion to the va lues dcscnbed in Figure 4.2, Ihe aUlhors of th e Agile Mani!e to oU llined a se t of ~uidi n g
prlllcipies that ,upport the manifesto. The,,, arc quoted from [ I) (bold added ).
• "Our nIghest priority .. to sa tisfy the custo mer through early and con tlnuo u. deltvcry f valuable suftware
• Welcome changin g requi remen ts, even lale In development. Ajlilc pro esses harness hange for the
OJstomer's competitive advanta~e .
66 CHAPTER 4 AGILE SOFTWARE PROCESSES
• Deliv~r working software frequently , from a couple of weeks to a o uple o f mo nth •. with a prefer nce to
tI,. shaner timesca le.
• BU5mess p~op l e and developer must work together dally throughout the prOject
• Build projects around motivated ind ivid uals. C,VC them the e nvironment and support they need, and trust
them to get the job done.
• The most effiCient and effective method of conveying Infonnation to and With," a development team IS
face-to-face conversation .
• Agile process. promote sustainable developme nt. The sponsors, developers, and users should be able to
maintain a constant pace indefinitely.
• Simplicity-the art oJ maXi mizing the amount of work not do ne-i s essential.
• The best architectures, requirements, and designs e merge from self-organizi ng teams.
• At regular interva ls, the team reflects o n how to become more effective , then tunes and adjusts its behavior
accordingly."
Many of these principles are implemented in prac tice by the agile methods de cribed in the next
section .
This section describes some of the methods by which many agile processes practice the principles in the
Agile Manifesto.
Figure 4.3 shows the manner in wh ich agi le methods implement the Agi le Manifesto, a. fo ll ows. Agile
processes common ly employ small . close-knit teams; periodic customer requirements meetings; a code-
ce ntric approach ; documentation on an as-needed basis (e.g ., high-level requirements statements o nl y);
customer representatives working withi n the rcam ; rcfactoring; pair programming; continual unit-testi ng" and
acceptance tests as a means of setting customer expectations .
We next e laborate on the topics not already explai ned above.
Pa" programming is a fo nn of continua l inspection by one team member of the work of a teammate.
Typically, while one programs, the other inspects and devises tests. These roles are reversed for periods 0
time that the pair detennines.
Documenling 0" an a5-ntcd,d basi, usually ,"valves writing some high -level reqUirements but not detailed
requireme nts. These arc freque ntl y collected in the fonn of '"'' 5/0ries . A user story is a Slgn ltkant task that the
user wants to accomplish wit h the applicatio n. According to Cohn (4), every II er story consists of the
follOWing;
• A written description
• Conversations with the customer that establish a mutual understanding of It purpo e and content
• T eslS intendcd to validatc that the user story has been implemented
- - --
1. Individuals and interactions over and
tools
RESPONSES :
4. Respond ing to change over fOllowing
a plan
c. Code-centric y y
e. Document as needed y y
i. Unit-test-intensive; Acceptance-test-driven y y
j. Automate testing y y
• 'The user can establi sh a n acco unt tha t re me mbe rs all tra n ac tions wit h the c ustomer ·
• 'The u. e r can view all ava ilable in fo rmatio n o n any DVD "
o"lI"unl i"llractlo" a nd contac t With the cu to me r is ac hi eved In twa wa ys. Fi rs t, the wo rk periods ( 1- 6
wee ks, usually ) in whic h the each batc h o f reqUire me n t arc to be flll Rlled are speciRed With a tea m that
Involves the custo me r ('co nd, a cUSto me r re presenta tive I< e ncouraged to be part of the tea m.
TI,e e mphaS IS o n worki ng soflwart is rea lized by mea ns o f coding versio n o f the applica tio n a nd sho '"lng
them to the custo me r. These arc usually clo el y tied to corres po nding test< Indeed , Icsl-dnvOi drvclop",mt an
allile a pproach , actua lly has devel o pers wfIte test< even before devel opi ng the code
68 CHAPTER 4 AGILE SOFTWARE PROCESSES
Relactor to
Relector to accommodate
clean up new
requ irements
Rcfa 1011"9 is a process of altering the fonm of a code base while retainin g the same functionality . The
usual goa l of a rdacto rln g is to make the design amenable to the addition of functionality , thereby satisfying
the agile deSIre 10 respo nd "'CillO c hange. The very fact that the discipline of rcfactoring has been developed
IS a majo r f.clO r mak ing agile methods possible This book covers rdacto ring in Chapt.er 24 . Although
refactorin g is discussed latcr in the book , much of it will be useful before then and can be referred to
throughout the book.
Agile metho d. employ the developmen.t cycle shown in Figure 4 .4 . T y picall y , the requirements
are expressed in terms of lIser stories . Past experience in the project allows the team to assess its
_docily , an assessment of the relati ve diCficulty of tories and the rate at which it is able to implement
them
The schedule effects of agile me thods can be seen in Fib>tJre 4.5 . Planning is attenuated because there is
less to plan . Requirements analysis, design, and testing are often conRned to high levels. The emphasis is
mostly code ce ntered .
"Agi le developmen t" isn't itself a spe iRe process or methodology Instead , it refer.; to any software proc('Ss
that captures and embraces the fundamental va lues and principles espoused in the Agile Ma.nifesto. The
following sectio ns illustrate and describe three agile processes as repre cntative examples.
• C rystal
• Serum
AGILE PROCESSES 69
•
Time line
Plan lor agile methods
In 1996, Kent Beck and co lleagues bega n a project at DaimlerC hrysler [51 using an approach to software
development that appeared to make marters muc h simpler and more efficie nt. The methodology he
developed and used became know n as Exl""" Prograrnrni>lg (XP) [6].
Beck [6] cites fo ur "values" gUidi ng extreme programmi ng, communication , sImplicity, feedback , and
courage. These are summarized in Fig,,"'s 4 .6 and 4 ,7. XP programmers communi cate continuall y with their
customers and fc ll ow programmers. TI,ey keep their design simple and clean , They obta in feedback by
testing their software, starting on day o ne. They deliver parts of the system to the customers as early as
possible and Impleme nt changes as suggested , With this foundation , XP programmers are able to
·courageously· respo nd to c hangi ng requi rements and techno logy [5].
XP was created to deal effectively with projects in wh ich requirements c han ge . In fact , XP expects
requirements to be modified and added , O n man y projects, custo mers start with o nl y a vague idea of what
they want. As a prOject progTesses and a customer sees working software , specifks of what they want become
progressively firm .
I. Communication
• Customer on site
• Pair programm Ing
• CodIn g st.1ndards
2, Simplicity
2 Courage
XP projecls are divided inlO ilerations lasting from one to three weeks . Each iteratio n produc~s
soft ware that is fu lly tesled . Al the beginning of each , a planning mecli ng is held to determine the COQ t~nts
of the iteration . Th is is "just · in . time" planning, and it facilitates th e mcorpora ti o n of changing
requirement s.
As code is devel o ped , XP rel ies o n continual integrati o n ralhe r that assembling large, s~ parately
developed mo dules. In the same spint , releases are modest in added ca pability . The idea is to bite off a small
amount of new ca pability, integrate and lesl it thoroughl y, and the n re peal Ihe process.
EXITeme prog ramming recog nizes Ihe all . loo . frequent breakdown in c usto me r devel o per reiation-
sh ips, w h e r~ eac h pa rry de velops a scpa ralc concep l of what's need ed and also h ow much th~ features
will cost to devel o p. Th e resull of Ihis mi smatc h is , all too often , a mad dash for deadlines, including
lo ng workin g ho urs and a n un suslainable pace. In respon se, eXlreme progTamming promot~s a modus
vive ndi thaI's susta mable in the lo ng term . In addition , it requires every developer to acknowledge up
front Ihat all code is everyo ne's commo n property , to be worked on a the project's needs require . In
o lhe r words, no code "belo ngs" to a prog rammer. This is in keeping wilh engineering practice , where a
bridge blueprint , fo r exampl e, is the product of an o rga nizalio n and nOI the personal property of
o ne desig ner.
XP is unique in usin g twelve practices Ihat dicta le how programmers should carry out their daily jobs.
These twel ve practices arc summarized next (7).
I. Planning Process . Req uirements, usuall y in Ihe form of user stories, are deR ned by cuslomers and given a
relative priority based o n cost esti mates provided by the XP team . Slories arc assigned to reieases, and Ihe
team breaks each slory into a set of tasks to imp le ment. \Y/e described user stories in Section 4.3.
2. Small Releases. A si mple system is buill and pUl inlo produclion early Ihat includes a minimal set or
useful reatures. The syslem is updated frequentl y and incrementally thro ughout the deveiopmenl
process.
3. Test-Driven Development. Un il tests are wrinen 10 leSI funclionality, before the code to implement
thaI functionalllY is aClually wrilten .
4 Refactorlng . Code is regularly modi fie d or rew ritte n 10 keep It simple and mainlainable Chang~.~
Incorporated as soo n as de Acie ncies are idenlified. We ,"troduced rdoc toring in S~tion 4.3 and cover It
in delail in C hapter 24
5. Design Simplicity. Desig ns are created 10 solve the known reqUirements, not 10 solve future rcqui~
ments. If necessary, code will b~ refa lored to implemenl fulure dcsisn needs.
AGILE PROCESSES 71
7. Collective Code Ownership. All the code for the system is owned by the entire team. Programmers can
mod,fy any pan of the ystem necessary to complete a feature they're working o n. Th ey ca n also improve
an part of the system .
S. Coding Standard. For a team to effectively hare ownership of all the code, a common cod,ng standard
must be fo llowed. 11,is e nsures that no matter who writes a piece of code, it will be easi ly understood by
the entire team .
9. Continuous Integration . Code is checked into the system as soon as it's comple ted and tested. Thi s can
b" as freq uent as severa l tim e per da y. In this way the system is as close to production quality as possi ble.
10. On-Site Customer. A customer re prese ntative is available full · tim e to determine requirements, sct
priorities , and answer questions as the programmers have the m. The effect of being there is that
commun ication improves, with less hard -copy docume ntati on-ofte n o ne of the most expensive parts of
a software project.
I I . Sustainable Pace. XP tea ms are more productive and make fewer mi stakes if they're not burned out and
tired. Their aim is not to work excessive overtime, and to keep themse lves fresh , healthy, and effective.
12. Metaphor. XP teams share a common visio n of the system by deR ning and using a commo n system of
describing the art ifacts in the project.
4.4.2 Serum
Serum is an agile methodo logy deve lo ped in the early 1990s . It is named after the part of a rugby ga me that , in
U.s. foot ball terms, is a cross between the kickoff and a quarterback snap . As deRned by the Merriam Webster
dictionary, a scrum is "a rugby play in which th e fo".ards of each si de come together in a tight fo rmat ion and
struggle to gai n possessio n of th e ball using thei r fect when it is tossed in among them ." In o ther words, scrum
is a process that follows "o rganized c haos." It is based o n the no tio n that the developme nt process is
unpredic table and complicated, and can only be deRncd by a loose set of activities . Within this framework ,
the development team is empowered to de Rne and execute the necessary tasks to succes fully develop
software.
The flow of a ty pica l sc rum project is show n in Figure 4.8.
A project is broken ,ntO teams, or scn,ms, of no more than 6-9 members. Each team focuses o n a e lf-
contai ned area of work . A scrum master is appoi nted and is responsi ble for conducti ng the daily se rum
meeti ngs, mea uring progress, mak ong decisions, and clearing ob tacle that get in the way of team progress.
The daily scru m meetings shou ld last no more than 15 minutes . During the mee ting the Scrum master,
allowed to ask team memb"r< o nly three questio ns [8]:
I. What ,tem< have been comp leted since the last serum meeting:
2. What issue< have been di covered that need to be reso lved)
3. What new assignments make sense for the team to complete untol the nex t scrum mee ting)
At the begonning of a projec l, a lost of cu<tomcr wantS and needs ,s created , wh. h IS referred to J the
"backlog," The" rum methodology proceeds by mea ns of aili le 30·day y les ca ll ed ' sprints.' En h spn nt
takes on a t of featu res from (he back log (or deve lop mcn!. Whole in a <print , the tea m is given cllmplett>
72 CHAPTER 4 AGILE SOFTWARE PROCESSES
every 24
hours
New Functionality
Demonstrated
Product Backlog at end of sprint
Prioritized product features desired by
customer .
control of how they are to successfull y complete the spnnt. At the e nd of a sprint a customer demonstration is
conducted for the cuStomer. It serves several purposes, including [8],
At the co nclusion of the dem o nstration, the leftover and new tasks are gathered, a new backlog is
created r and a new spri nt commences.
4.4.3 Crystal
Crystal is a family of agile methods devel oped by Alistair Cockburn . Each Crystal method shares common
characteristics of "frequent delivery, close communication, and reRective improvement" (9 ). ot .11 projects
are the same , so differe nt Crystal methodologies were crea ted to address differences," project size and
critica lity. Figure 4.9 shows the different methodologies and the size project they are best suited to. Crystal
methods are characterized by a color, starting at clcar for smaIJ teams and progressing through to or""9'. mi.
and so on as the number of people increa ·os. For example, Crystal lear IS geared for smaIJ teams of
approxima tely 6 people, YeIJow for toams of t 0-20 people; Orange for teams of 20-40 people , and so o n, The
other axis deRnes the critica lity of a project, where L IS loss of life, E IS loss of es enllal monies. D IS loss of
discretionary monies, and C is loss of comfort . Note that the row for los of life" nOt shaded in Figure 4.9.
This is because Cockburn had no experience applying Crystal to the e types of projects when he .... ated th...
AGILE PROCESSES 73
L6
............. ,
,,,
E6
Clear
L; loss 01 life
E ; loss of essential monies
D ; loss of discretionary monies
C ; loss of comfon
chart. Crystal Clear doesn't explici tl y suppo rt the E6 box, although Cockburn no tes that teams may be able to
adapt the process to accommodate such projec ts. Ano ther restrictio n of Crysta l is that it is al'plic2ble o nl y to
colocated teams.
Cockburn believes that deve lo pers do no t read ily accept the demands of fl"Y process (docu mentatio n,
sta ndards, e tc ). H e strongly recomme nds accepting thi s by Introduci ng the most limited amou nt of process
needed to get the job do ne successfull y, ma xi mizing the likelih ood that team members will actua ll y fo llow the
process.
All Crysta l methodo logies arc built around three commo n pri o rities (9}
2. EffiCiency in development.
3. Habitability of the conventio ns (I.e ., the ability of devel o pers to abide by the pro es itself) .
I Frequent delivery .
2 Reflective Improvement.
3 lose commun ication
4. P -"ona l safety.
5 Fow,
6 Easy a"ccss to exp rt use rs
7 Technical ~nvlronm""nt With au to mated t('''tln~ , con If.:ura ti on manage men t, and Ircqllcnt In H:..:ratl n.
74 CHAPTER 4 AGILE SOFlWARE PRO ESSES
n,e I1r,t three p,opertl '~rc commo n to the ry\tallJmlly The others Cdn be ad ded ,n any order to
III rc."c the I'Ke llhood o f 1)l'o)ec t ,afety and SULtesS.
Th e advantage. 0 1 agile meth ods in lude the abll,ty to adjust eas ily to emcrlling and c hangi ng rC'Iu".ment'
n,c d,sadvantage in lude awkward ro le for de iBn and dowmentat, o n ockburn's Crystal fam,ly 01
meth dologies alrcady acknowledges that different k,nds of appllcallons must be treated d,fferently . L"Ven
when the metho ds are ag de .
oft",.re pro e. s, after all , oncerns the order in which we perform act,vities' Fo r example, deSigning
Ars t and then coding from the des'gn One extreme IS the waterfall process. As we have seen, there are many
IIm,talions in our ab d,ty to thorough ly perform the waterfall sequence:' o nce, or even a few times, 'terat,vely.
hangea ble and unknown requirements are a principal rea on Regardless of the development process we use,
we must make trade ·offs in deciding ho w ex tens,vely to pursue a phase befo re movlO8 to ano ther phase.
o nSider, for examp le . the issue of how much effort to spend on planning a software enterprise.
One extreme project situation is when we are certain of obtaining all of the requirements of the end
date , of the high ·level deSign , and of who wi ll be working on the job. In that case, we can and probably should
devel op a de tailed plan .
The other extreme prOject ,tuation is when ,_e have little idea of any of these factors , believing that
they wdl beco me clear only after the project is under way . In that ca e, planning at a detailed level would be a
wa te o f time at best becau e it could not be even nearl y accurate, and would probably even be misleading.
We ha ve no choice in this case but to begin the process , and revi sit the plan as required. The extremes are
Illustrated In Fi gure 4. 10.
Agile methods provide beneAts bur also costs, and these depend o n several factors . Some are shown in
Figure 4. 1 I.
In order to gain the advantages of both agi le and non·a gile' processes, we try to integrate them . The
means by wh,ch this can be performed depend on several !actors, but particularly on the size of the job. As of
100%
----------------------
• Can obtain all require",sntSr •
• Certain of end dale
• Certain of hlglHe.el design - "
..,
' .'
Some: authors c haracterize n n 'JKilc processes For C'x.lmplc. one practice j, to 311 them "plan ~based ." The- autho~
I
do not believe ,n a I\lOglc Ch"fiJcteri zatlon like thi~ of non-agile proc~s~C's; hence thc= blankf!'l tenn -non.oglle ·
•
2009, the conventional wisdom concerning the agile/non .agile split is shown roughly in Figure 4. I 2, The
larger the job , the more non-agile process is required.
Agile processes empha ize code first, whereas non.agile ones advocate coding on ly from well·
documented designs and designing o nl y from well·documented requirements. These approaches appear
to be almost contradictory, so combining (hem requires substantial ski ll and care . We will co ncentrate on
methods for doing this in large jobs, where th e c hallenges are greatest. We will ca ll the two options "oll-agile-
drivrn and agile-driu<II and will compare them .
A common non·agile-driven approach is to initiall y approach the job without agility , then fit agile methods
Into the process after sufficient work has been done to define the agile ro les and portions. We develop a plan ,
create a ca rehll high. level design, and decompose the work into portions that can be implemented by teams
In the agile manner. One can superimpose upon each agile team a process by whic h the accumulating
Percent
agile vs.
non'agile
t
100%
.,-
-
C>
,
'c"
0
Z
..
i
I
SmaJ/ Large Job slzo
Figure ' .12 conceptual agJle/non-aglle combination options: some conventional wisdom, circa 2009
76 CHAPTER 4 AGILE SOFTWARE PROCESSES
- - - - - - - ; : : : : : - - - - - - -•• rima
I
Requirements
documentation
Design
2
documentation
System testing 6
• High level
Figure 4.13 Integrating agile with non-agile methods, : time line for a single iteration
requirements are gat hered . and placed wit h in a master requirem e nts document. The sa me can be do ne with
the accu mulati ng design . Domg thi with design is mo re d ifficult because design parts may actually be
replaced a nd mo dified as rd.ctoring takes place. Requirements tend to accu mulate as much as they change.
The seque nce of eve nts is as fo ll ows,
I. Hi gh . level requi re ments are developed for the first iterat ion .
2. A I" gh .level design is develo ped based o n the h igh .level req uirements.
3. Agile develo pment by tcams begins. based o n these hi gh · level docume nts.
4 . Full require ments documentatio n is ga the red fro m the wo rk do ne by the agile tea ms as it progresses
5. The design documentation i ga thered from the agile teams at regular interva ls to update the design
document.
6. System testi ng not covered by the ag il e process is performed at the end . if necessary.
This is illustrated for o ne watcrfailiteration in Figure 4 . 13. Figure 4 . 14 shows thiS for multiple iterations.
For an agile .driven approach to large jobs. a (small ) agile team can be set to work o n signincant a p«ts of the
project until the o utline of an architecture appear. At that point . non ·agile methods are used. This ma
invo lve reintegrating agile programming again as described in the no n·agi le ·driven approach above. This has
muc h In common with building a prototy pe . H owever. the differe n e IS that the initial work i performed
larl!cly to develop an architecture rather than retire flSks . In add itio n. the work I no t planned a throw.away
cod e. One agile -drive n approach is shown in Figure 4 . 15 .
SUMMARY 77
Time
M I L E S T 0 N E S
First /teralion' completed X Product released X
SCHEDULE
Iteration number 1 2 3
• _. ' .
• w_._.
Requlrements
d ocumentatlon • • •
l' "Tf _.
• '- - --- - .
- .- - ---
oeslgn •I • • -t-
d ocumentallon '--
_ _ _N _
.- -- ._._- --t- .. • -- -'
Coding and ....i.
t estlng
- -.---- -- • - -, -- -
s ystem testing , I 2 I 3
'High level
Figure 4.14 Integrating agile with non·agile methods 2: time line for multiple iterations
Initial agile
development I I--~
I \
/~ \
f \
Requirements
documentation
'i : I
\
\
\
Design
' ''iL_ _.....J1
documentation
The case sludy sectio ns fo r Ihis part o f the book (wh ich ap pear in Ch apters 5 and 6) ca n lai n two case
studies thaI combine agil e and no n·agile methods.
4.6 SUMMARY
Agi le software develo pm e nt was crea ted as an allernative 10 exi ling plan. based approaches thaI were
perceived 10 be too process heavy and ngid. A gmu p o f industry ex perts mel in 200 1 to share the. r v. io n fo r
an alternative to these types o f pro esses. They crea ted the Agi le Mani fes to to ca pture their Ih ollghls fo r a
process th aI wa~ ada p ta ble, lea n, and as d".
78 CHAPTER 4 AGILE SOFTWARE PROCESSES
Any process that embraces Ihe fundamental values of the ag ile manifesto is considered an agile process.
Examples include extreme programmll1g , scrum , and Crys lal.
E '\Teme programmIng is ba ed o n four prin iples : communicat Ion . feedback , simphclty, and courage. It
promotes practices such a lest-driven development, refactorl ng, pair· programming , collective code owner·
ship. continuous integration, and on·sitc customer.
Serum deAnes a framework , o r a loose set of activIties Ihal arc employed by the crum team . At the
beginning of a project , a btl klog of work. or requirements, is identified . Deve/opers work on a subset of
reqUIrements in the backlog in 30-day Sprill!S . Once a spri nt begins, the team is gIven the freedom to employ
any methods deemed necessary to complete their work sucLessfull y. A customer demo occurs al the end of
each sprint. A new set of work is defined from the backlog fo r the next spri nt and the cycle continues.
Crystal is a fam ily of methodologies that address projects of differe nt size and crit icality . Crystal
methods share the following characteristics: frequent delivery, reAective improvement, close communication,
personal safety, focus , and easy access to expert users, and a lechn ica l e nvironment with automated teSling,
configuration management, and frequent integrati o n.
Agile and non· agile process ca n be integrated o n projects in order to gain the advantages of both . The
means by which this ca n be performed depend o n severa l factors but particularly on the size of the project. One
approach IS to Initiate a job without agility, then incorporate agile methods into the process after enough work
has been accomplished in defining agile roles and responsibi lities. Another approach is to initiate a job with an
agile approach until the outlines of an architec!l;re appear. At that poinl , non ·agile methods are used_This may
involve reintegrating agile programming again as described in the no n.agi le-drive n approach above.
4.7 EXERCISES
I. The Agile Manifesto favors working software over exte nsive documentation . Under what
circumstances can thi s calise problems if taken to an extre me]
2. . . In your own words, explain how agile processes adapt to and embrace cha nging requirements.
b. Describe a scenario in which this mi ght be counterproductive
3. Name three benefit of the XP practice of testi ng oftware from "day one," always having working
software available.
4. During the daily IS -minute scrum meeti ng, the leader is only allowed 10 a k the same thlee
questions . What two additional questions mig ht you want to ask] For each , explain lIS benefit
toward achieving the goals of the meeting.
5. In your own words, explain how Crystal adapts to various types 01 projCCts.
79
I Bcd. K<o~ /'.I,ke ~I<, An. VOIn Iknnckum, .nd AU"." Cocklxom, "MA.;J,,'" lor Aglk Sol'."", Dno<kop,... ( ·· Feb 200 I. hUpJI
OII'k" .. n,b,o.orW [>cee,sed November S. 2009}.
2. HicMlilllh, Jim , -H131ory Agik /\It4_iftsJd," 2001. httpJlwww ~&II~miln.fC:Slo.orglhlsIOry. htmllaccC\scd Novcmha S, 2009]
1 HQJh~nlth. JIm.. ~nd A Cock.bum, -Agile Sortware Dcvclopnlcnt~ 11" Uusjn~s of Innovallon: IEEE C~,..ftr, Vol. 34, No 9,
$q>'<mber 2001 , pp. nO-ll2 .
• . Cohn. M.rt. -Usn IOn" AppIJ,J For Agik Sol'..." Dno<iop"",,': Add;son·Wcsky. 2004.
S. Wells, Oon, -Ext" t Pr09'''.... '''f A c;..,.tlt ,,,,roJUfhOJl - hupJlwww (xlfcmcprogr.lmmln8 .0 rg/ racc~~d Novm1bcr IS , 2009].
6 Ike Kent, ooExtrtU P~'~.i"9 Ex,,"'iMd. .e..brder C'b.l~t." Addlson · W~ley . 2000.
7. }effriC'S, Ron. ~r~.cOffl: A.. Agilt SoJI1N~ I)n,dopmcn' Rncwrct " hup://xprogramming .com [accC'Ss.c:d November IS , 20091.
Ii. 8c:cdJe, Mike. M.. nlnc ()n.os, Yonal Sharon, and Ken Schwillx:r, -SeRUM, All atmsioll ~11r", """gtulg( fen ~roJlldioc roJfvNm
I ......~ iM' " http://jeff9.nhc:rland.comlscrumlscl'Wll...,plop.pdf [accc:ssed November 15, 2009]'
9. Cockburn, Alastair, "Cryswl Ctt.u,. A H"rfI,Q"-PDvxml MclboJology for S...all Tw",s." Addison.Wesley, 2005.
uality in the Software
Process
Figure 5.1 The context and learning goals for this chapter
This chapter discusses the manner in which we integrate and manage quality throughout the software
development process. ThIS is an integral part of project planning. and it affects every phase of development.
As part of planning, documents are produced detailing the quality approach to be taken, including specinc
quality goals. techniques 10 be employed, melrics 10 be collected, tc~ts to be run , and t he manner i n which
PRINCIPLES OF MANAGING QUAUTY 81
• Quail! princIples
--<ovcrarchinll qualtty Iluidelines
• uality planning
--<Quality plan deAnes overall approach to Quality
• In peetlon
-peer processes focused on Quality
• Reviews and audits
-~extcmal Quality as essment
• Defeet manage me nt
-identiRcatlon , tracking, and resolution of defec ts
• Process improvement
--<continuous upgrading of process effectiveness
• Organizational quality
~engineering competence levels (e.g ., CMM I)
defeets are to be handled. All of these contribute to an effective development process with a focus o n qual ity,
result ing in the development of a high .quality oftware product. The integration of Quality in the software
process is summarized in Figure 5.2. Each topic mentioned in the figure is described in thi s chapte r.
An overall approach to quality is guided by several principles . The planning and practIces described In thIS
chapter are implemented WIth these principles in mind, as follows .
F,rst and foremost , quality IS something the entire devel o pment team is responsible for . not ju<t the
quality assurance team . Thi i the meaning of the Rrst point in Figure 5.3, fOCUSing "con tinuously on Quality."
It IS thus an integral part of the development pro css, and each phase mu t incorporate qualtty practices. For
example, peer inspecti on arc carried out for each art if-act when it IS ge nerated . Dt' pending o n the artlfa t
under review, stakeh o lders from different hlnetions su h as market ing , cu tomer serv lcc, <oft ware develop ·
ment, customers , and so on participate in the inspection . Inspectio ns arc di, cusscd In detail in ectlon 5.4.
Another exam ple is test · drl ve n development (TDD ). which is I,revalent in various agile processes . It dictates
I
If defect found . . .
Reason (by one estimate): ... soon after creatIon . . . at IntegratJon time
Hours to ..
Figure 5.4 Cost to repair a defect. depending on time elapsed since injection
that developers write tests befo re co d ing, and then write code to pass their test . roo is discussed in more
detai l In C hapter 27
Q ualit y assuran ce (QA ) refers to actions taken to assure that a product under construction attains
reqlllred levels o f quali ty . The second and th ird principles listed in Figure 5.3 state that a QA process must
be defi ned and fo ll o wed. Thi s IS ho w so much quality has been encouraged by the International Standards
O rga nI za tIo n (ISO ) standard 900 I "Quality Systems-Mode l for quality assurance in d esign , develop·
ment , productIOn . in talla ll o n, and servici ng." Many compani e have c reated documents describing their
offiCIal Q A process. ISO In SIS ts o n the exi stence of such documents for companies seeking its certification.
H oweve r, I 0 recog ni zed that a do cumented procedure is only a part of quality assurance. In practice,
do um ented quaht y procedures are often ig nored wit h impunIty; hen ce ISO's second principle, which
e nsures that empl oyees actua ll y fo llOWIn g qua lity procedures. Quality planning is discussed in mo re detail
in Secti o n 5 3.
The fourth softw are quality principle listed in Figure 5.4 is to find and fix defects as early as possible: i.e ..
to prevent them from persisting for more than a sing le phase . Figure 5,4 provides dara fro m one of the author's
clients o n the relative cost o f allo wing a defect to persist. Many organizations have rried to measure the
difference in cost. and It is always found to be very large . A rule of thumb sometimes used is that a defcet
costIng a do llar to fi nd and repair soon afte r its creation costs a hundred do ll ars to fi nd and repair if del ivered
to the customer The main consequence of this principle is that it most often pay to spend significant
resources findin g and fi xing defects as earl y as possible rather than allOWing them to remain undetected and
active.
,
Agile and non ·aglle projects arc equa lly concerned with producing quality products. but agile methods go
about this in different ways . In particular, agile response to t he prinCIples of Section 5. 1 are as follows:
We begin planning for qualoty early in the development Iofe cycle . Documents arc written that denne an
overall approach, including quality goa ls and techniques for every deve lopment phase (the Software
Quality Assurance Plan ), how the product will be verified and va lidated (the Software Verincation and
Validatoon Plan ), and how testing is planned , specined , and reported (the Software Test Documents ). Th e
Software Quality Assurance Plan (SQAP) is desc ribed below, the Software Verification and Validation
Plan (SVYP) is described in C hapte r 9, and the Software Test Documents (STD ) arc descri bed In the
testing chapters of Part VII .
The Software Quality Assurance Plan (SQAP) specines the overa ll quality plan , policies, and procedures that
will be followed by the team It provides guidelines so that quality aClions are nOt an afterthought but
something conSCiously and deliberately stnven for and practiced throughout the development proce s. It
orients the project toward prevention denning procedures for proactively mo nitorong and improving
processes and quality, ensuring that qualoty practices are defi ned and implemented, and ensunng that
problems are identified and resolved as early as possib le. T o do this, the QAt> answers the questions posed .n
F.gure 5.5
The rest of this section addro<se< these question in turn .
2 ~ hat doc umentalion will be ge nerated to guide developme nt, venRcation and va lidat ion, usc and
malOtcOJn (' of the o ftwilrc7
(SOD), Software VeriRcatlon and Validation Plan (SVVP), User Documentation, and the Sohware
Co nRguration Management Plan (SCMP). The SRS deRncs the requirements (or the software, and the
SOD describes how the software is designed to meet the requirements. The SRS and requirements are
covered in Part IV. The SOD and software design are covered in Part V.
The SVVP describes methods used to verify that the requirements speciRed in the SRS are the right set
of requirements, that the requirements arc correctly implemented by the SOD , and thai the design in the
SOD is correc tl y implemented by the code. VeriRcati o n methods include inspection , analysis, and testing.
Inspecti o n is described in detail in Section 5.4 . User documentation describes how the sohwarc shall be
successfully and correctly used . It also describes error messages and corrective action to take as a result. The
SCMP detai ls how changes to software and documents are managed , and is described in greater detail in
Chapter 7.
These documents relate to the software developme nt pha es as hown '" Figure 5.7.
Figures 5 II and 5.9 summarize the contents of IEEE Standard 730 ·2002 Standard for oftware Qualit
Assurance Plans. The case study se tion ncar the end of thl< c hapter con!>ins a ample QAP r r the
Encounter Video game.
86 CHAPTER S QUAUTY IN THE SOFTWARE PROCESS
Projoct Management
.....---_--, I I \
~v.v PIIn 1cn2~ I '
t-- - Design
II
Explains verification
•
,
and validation procedures ......... __
........
--
---
_.
Implementallon
.........
-- ---- -1L _ li
_....
_....:
.. =--_.......J1
Explains plans, procedunts,
and test cases
I. Purpose 6. Reviews
6.I Purpose
2. Referenced documents
6 .2 Minimum requirements
3. Management
6. 2 . I Software speci ficatio ns review
3. 1 O rga nization
6.2 .2 Architecture design rcvie,,'
3 .2 Tasks
6 .2 . 3 Detailed design review
3.3 Responsibilities
6 .2.4 V&V plan review
3.4 QA estimated resources
6 .2.5 Functional audit
4 . Documentation 6 .2 .6 Physical audit
4. I Purpose 6 .2 .7 In -process audits
4 .2 Minimum d.ocumentation requirements
6 .2 .8 Managerial review
4 .3 Other 6.2 .9 SCMP review
5. Standards, practices, conventions, and 6 .2 . 10 Post-implementation review
metrics
6.3 Other reviews and audits
5. I Purpose
5 .2 o ntent 7 .- 15. See next figure
7 . T est
may rde re n e Softw are Test Documentation.
I I. Supplier control
14 . Risk management
15. Glossary
5.4 INSPECTIONS
An i"Sp,elicm is a quality technique that locuses o n review ing the details of a project art ilact (requ irements,
designs, code, etc .) in an organized and th orough manner. Inspectio ns arc perlormed pen odi call y duri ng all
software e ngineering phases by the artifac t's autho r and by o ther e ngineers. The purpose is to assure the
artifact's correctness by seeking delects. A meeting 01 inspectors is held at wh ic h ddects arc ident ified . The
repair 01 defect is the author's respo nsibility .
The Inspectio n concept was develo ped by Michael Fagan [ I Jwhile he was at IBM He obse rved that the
author o f a wo rk IS usuall y able to repair a deiect o nce he recognizes its prese nce. Thus, a process is needed
whereby the delec ts in a wo rk arc ca lled to the author's attenti on as ea rly as possi ble. Thi implie that
inspections should be a peer process beca use inspec tions arc perfo rmed o n work in process rather than on
fin ished product.
ince inspectio ns we re o riginally introduced to improve code, the y arc often referred to as ·code
inspections," but thei r value has bee n shown 10 bc grea test whe n used earl y in thc process , lo ng be fo re code is
produced . They arc used proA tabl y a< soon a~ the firs t project documents are produced. For example,
requirements speCIfica tio ns, project management, and configuratIo n rlans should all be inspected.
GuIding prinCIples lor conducti ng inspectIo ns arc It . ted below. The <cClIo ns that lollow dl'Scrilx ~a h
01 th se,
CHAPITR 5 QUAliTY IN TIlE SOFTWARE PROCESS
2. pe IRed rob
3 Delcc t dete tio n i" lead of defee l repair
4 U se of heck!'sts
5 Arlif" t readiness
6 . Adequate preparallon
8. Time limll
1. Peer Process
Inspecli o ns arc co nduc lcd by a group of individual; who are familiar with the artifact under reView They may
be software engineers, members of other departments such as softwa re quality assurance, marketing, sales, or
cu tomers. The inspec tion is a peer process with an overriding goal of discovering defects The work ,n
progress is under inspection , not the performance of the author, and therefore it is not a supervisor·
subordinate process. An author is responsible mainly for the product he or she submits aJttr inspection, not
before. The work brought 10 the inspection should be the author's best effort, not a draft .
2. Specified Roles
Inspections work bcst whcn speCific roles arc assigned to each participant .
The moJrralor is responsible for leading the inspection and seeing that it is conducted in a productive and
ef~cie nt manner. The moderator schedules the meeting and ensure that it starts and ends on time. with the
latter bems accomplished by maintaining an appropriate pace throughout. It is very easy for participant.s to
get bogged down in details and to try to solve problems during the meeting. It is the job of the moderator to
prevent this from happe ning and to keep Ihe meeling moving along . However, the moderator must 31so
ensure that the pace is not 100 fast as to miss defects. When defects are identified, the moderator is
responsible for e nsuring that there is consensus from the team . Thu , to be effective a moderator should be:
technically competent The modera tor is also an inspector. TI,e job can sometimes involve sensitive issues,
such as having to moderate among hostile participants wilh differing opinions. As de robed by Wiegers,
"Moderators hould be trained in how to conduct inspections, including how to keep p3rticipan~ with strong
technical ski lls but low socia l skills from killing each other." [2J
The a""hor is the person responsib le for the work product itself, and repairs all ddects found (offline).
The author is also an inspector, looking for defects along with other inspectors. In order to avoid bias, the
author should not serve in any other role. Authors must remain objective throug hout the inspection and not
become defensive. This ca n be hard as others arc ~nding "faults" with their work.
The record" is responsible for writing down descriptio ns and classifications of th~ defec~ found,
and for recording the action items. If the inspection team is very smali, the moderator could also take on
this role, but it usually is best to have someone else assume this responsibility . The recorder is also an
inspector.
A "aJ" is responsible for leading the team through the work In an appropriate and thorough ",anner.
This person selects the most effective sequence for presenting the work product and answer qu~stions ~
by the in<peetion team. The reader i also an inspector. In many cases, the role of the reader is handled by the
moderator or author.
An i"sp, lor is a participant who attempts to identify dcfe ts in the artifact under review.
INSPECTIONS 89
All particIpants on an Inspectio n act as inspecto~, In addition to any other rcsp'onsibil,ties they may
have. It i important to invite people who can make a significant contribution and have the expertise to
identify defect to the in pection. Examples of people who should attend arc other prOject membe~, those
responsible for testing o r maintaining the product, and depending on what artifact is being develo ped,
customer and busi ness repre,entatives. Depending on the artifact being inspected, there may be a
requirement for specia lized inspectors. For example, a Joc""d ,"spec/or inspects for a specific criterion
(e.g., rellabiliry). A sprcial;z,d ;IIspec/or is a specialist in the area covered by the artifact under onspection
(e.g., a radar expert for a radar contro l applicatio n).
4. Checklists
A checklist can be very useful in providing gui dance to inspectors, describing specific areas to pay attention
to. Each rype of artIfact such as project plan , requirements peci~cation , design peclncatlon , configuratio n
management plan , source code, and so o n should have its own check lost, as each requires dIfferent areas of
focus . Example questions to ask when examining a requirement speci fica tIo n mig ht be as follows : Is each
requirement verinable by testi ng] Is each requirement uniquely identified] For code inspecti o ns, ques tI ons to
ask might be: Are there any variables that are unused or rcdundanols the code adequately commented] Good
examples of checkl ists can be found In (3).
5. Artifact Readiness
The artifact under review should be in the best sta te of readiness that the author IS capable of. For document
there shou ld not be many , if any , sections with "to be determined : Code should compi le cleanly \'(fhen a
group of people takes ti me to ide nt ify a defect that the author would have fou nd wi!h reasonable effort , a
significa nt amount of time is wasted .
6, Adequate Preparation
Inspections are not the sa me as reviews, manage ment overviews, or education sessions Inspectors have to
work. at the same level of detail as the author. (This is what make, inspections time ·consumong and thus
expensive.) The artifact under review is distributed several days before the meeting, all owi ng inspectors
adequate time to study the maten al, identify defec ts, and prepare questions to ask at the in pectlo n
Inspection.aidi ng software can save time by allowing inspectors to enter de criptions of defect they discover
while preparing The recorder accesses and ed Its these at inspection meetongs
7. Metrics COllection
During inspectIons, metrics arc collected and analyzed Examples of metries to colic t arc a fo ll ows:
For , everi ty , a Impl e lo,,,f,ca ll o n su h 0' l' IIIWI , ",,"or, and lev'" ~o n be used For Iy pe , ca tc/jo " es such as
1l11 '3,m g uncti on, Inco rrect JlInctl o n, pcrrorrn ancc , il nd usabil ity an be used Thl ~ class ificat ion tOpIC IS
d,sc u,sed In e tl o n 5,6. 1
The me trl , w ll ec te d fro lll in pc li o n, arc analy zed and th e resu lts used lo r seveml purposes First, they
arc use d to pred, t th e dnc,e n y of future review If a company h., ", formatIon o n th e rate 01 rev,cw lor a
part ,cul ar am /oc t, ,t can u'e th at to predl t ho w lo ng to , hedul e lor a luture review of a SI mIlar art ,/a t
e o nd , co untin g the number 01 defec ts discove red dUrin !! each sto ge o f deve lo pment is useful ,n pred,c ting
th number 01 defe t, rn hllurt proJectS Even Illo rc spec d, c , o untln!! th e number 01 defects d,scovered by a
.r
p,rrhC'lllnrslnkrholdtr «- .g ., marke tIn g , cuSto lller, QA ) is also usefu l. For exam ple, dunn g a req uire me nts revIew
lewe r than ex pc ted ddc t are d, scovered by the customer represe ntative , ,t could rnd,ca te e Ither a lack 01
preparation o r 1111 und ers tandrn g 01 requirements by that perso n . In ei ther ca e , this would mise a red Aag and
a lollow-up Ill eeti ng WIth the custome r wo uld e n ue to und ersta nd the cause lor the discrepan cy .
8. Time Limit
InspectIO ns sho uld not be Illorath o n 'cssions, wh ,c h ca n occur if the mo de rn to r docs not keep th e meeting
mov ing along. After a certain am o unl of lime , participants will nOt be as foc used a needed_ Each sesSIon
shQuld be kept to a ma xi mum 0 two ho urs, and il it is no t completed by then a follow -up session should be
rescheduled
The inspecti o n process loll ows an o rde rl y flow 01 steps, each adhering to th e princi ple described above. The
steps are ummanzed in F' gure 5. 10 .
1. PLANNING - - - .j Overview I
}
Non-nominal
/
process
2_ PREPARATION ....... _-- - -
--
Causal
- Analysis
Nominal
process
4. REWORK "- - - --
5.
Figure 5.10 The parts of the Inspection process, emphasizing the main sequence of actMtles
INSPECTIONS 91
1. Planning. The process begins w.th planning . Th.s oneludes decidong which inspecrion mttries to collect ,
identifying tool to be used in recording and analyzing these dara, dec.ding who will part.cipate on
in pect.ons and wh"n they w.1I take place, and distributing the materoals s~veral days prior to the
meeting . Typically, the moderatOT is re ponsoble for thcse tasks.
LA. Overview meeting . If necessary , an overview meeting can be organized to explain the artifact
under Inspection. Since meetings are expensive, this should be avoided unless obviously necessary .
2. Preparation . The next step for each inspection con ISts of preparation. Here, in pectors review the work
in compl ete detail al their ow n workstallons (e .g., c he king that the code under inspccl.on correctly
implements the detailed design ), pos ibly using checklisl provided for guidance Whal makes the
.nspection process valuable, but also expenSIve , is the fact that this lime' co nsuming process is performed
by several people in complele detail. The process .s not a "review," because inspectors work at the same
level of derail as the author In pectors frequenlly enter the defects they And intO a database (e g., Web·
accessible) together with descriptions and c1assiAcations. ThIS help to prevent duplo ca tio n, and it
minimizes unnecessary meeting time . Some prefer to u e paper to record their defects. and orne conSIder
the number of inspec(Qrs who recognize a given defe t to be a useful metric.
3. Inspection meeting. When every participant is prepared , the inspection meetin g takes place . Durong th.s
meeting , the participants honor their deSignated roles. Of I>articular importance is (Q not cry and solo,
problems that arc raised, but instead to ensure that they are recogn.zed as defects, to record lhem as
action items on ly, and to move o n.
4. Rework. Normally , the author is able to repair all defeclS, working alo ne. This.s the rework phase. If the
inspection meeting deCides, however, that the defects are so pervasive that a reinspecti o n ' 5 required,
then the item is recycled through the process.
4A. Causal analysis . If the defects are due to a mi su nderstandi ng or Widespread mISco nception , It may
be necessary to ca ll a separate mecling at which these causes are analyzed and discussed Again ,
since meetings are expensive, these should not be scheduled casually,
5. Follow-up. Aher the author repairs the defects identified during the inspectio n meet.ng, a brief follow· up
meeting is conducted at which the moderatOr and the author con Arm that the defects have Indeed been
repaired. This is not intended to bea detailed review by the moderator. Theonus forrepairison the author, who
is responsible for the work. If the number of defects repaired is high , a follo\~-up inspection may be required
6. Improve process. Organizations shou ld always analyze the efAcacy of their pro e ses and strive to
improve them . For Inspection , the group meets from lime to time to review the inspection process itself,
and decides how it can be improved . They exa mine the metric collected, including the Ii t of defec ts ,
and decide how the development process can be improved to reduce and/or prevent the same types of
defectS in the future .
Fi8ure 5. 1 I shows the average relative times for each inspection process step, u cd as reference data b
one of the .uthor's c1.ents
The Inspec ti o n meeting t.me in Figure 5. 1 I is shown as o ne hour for the sake of reference Ind ividual
compan.es or developme nt 8roups record .n'pection times and quanti lies in pected, and lhey e tllnatt' future
inspections based o n these historical data . The IIme< ,hown in Figure 5. 1 I may d.sturb the uninitlaled , wh
may wonder whether it rea lly does take that Io n!! to check code. Producong profe Slonal.qualoty produ t
~s .ndeed lake a substantial 'mounl of time, and a~y fa. lure 10 recog n.ze lhe true co t end. lip o n,um.ng
f.r more t.me in the end , Inspect. on, have bee n esti mated by .chan. and Mc e un k [4 J to o n'Ulne a, onu h
is 10· 15 percent of the development budgel.
92 CHAPT£R 5 QUALITY IN THE SOFTWARE PROCESS
The QA organizallon works wi th th e project leadership to defi ne the manner in w h ich external quality
assessment will be perfonned , specifies this in th e SQAP, and execute it during the course of the proj~.ct .
External QA activities are either rrol(WS (sometimes called walk-throughs ), which are scheduled in advanc~ , or
a"dllS, which are not so scheduled_ A project can expect both types of activities. Figures 5 . 12 and 5 . 13 show th~
range of options for QA involvement in reviews and audits, starting fro m the most invasive to the least.
• No audi ting
Frequ~nt intervention by QA has the advantage of provIdin g QA personnel with greatly improved
understanding of the health of the project. but it may disrupt the project by frequently calling for documents
or for engineers' time. This trade·off is summarized in Figure 5. 14.
Projects encourage the submission of defect repOrlS by all team members. Usually, a screening process that
~nsures def~ct reports are valid and accurate is put in place . To manage defects, QA standardizes on the
manner in which defects are defi ned and tracked . These data can then be compared between different
projects so that estimates can be made rega rding new projects . We explain this standardization next.
Teams classify each defect by its stv"ily (how serious it is), priority (i ndicati ng when it will be handled), It s type
( th~ kmd of problem ) and its soure< (the phase during which it was injected). These classification arc
illustrated in Figure 5. 15.
• Severity
How serious is the defect?
• Priority
?•
In which order will defects be repaired?
? " ~
• Type
What kind of problem is involved?
- - -- L" '"
• Source
During which phase 1
was it injected?
1""'- 1
fl&ure 5.15 Defect classification
9. CHAP I ER S QUAUTY IN THE SOFlWARE PROCESS
"I
v
Figure S.16 The triage decision metl10d applied to defect severity classification
A Si ngle severity classlncation scheme can be used for all artifacts. It is possible 10 be very discriminating
among levels of severity, but this consumes time. The results should be worth the time. One of the authors has
frequently e ncountered teams using diSCriminating classincation schemes that consume significant decision ·
making time and yet the data that they produce are not utilized by the organization .
Deciding the severity level of a defect fa lls into can sometimes be difficult. Triage is a useful and simple
decision -making technique when confronted with a large number of possibilities, a situation occurri ng often
in software engineeri ng. Utdl zi ng triage for defect classincation has the advantage of being fast to perform
because eaeh classification requires answering just one or two questions as shown in Figure 5. 16. Once a list of
defects develops, the team approaches the major ones first (they can be placed in order with the ' major'
category if necessary). Once they have becn attended to, the medium severity defects can be handled. The
team gelS to the trivial o nes o nly after this, if time allows.
A simple way to classify the severity of defects when using triage is shown in Figure 5. 17.
Although triage is fast, the three·category classincation lumps together all defects that fail requirements,
whether serious o r not. Thus, "name neld is not purple, as required" and "system crashes every minute' Ca
"shows lopper" si nce its effects are catastrophic for the applicatio n) are given the sa me severity, which is rather
extreme. Shows toppers usually need to be separa ted . To address this, the IEEE has deAned a more refined
classification of defect severity as shown in Figure 5. 18. The "None" category is added to collect unprioritized
defects.
• Major
Causes a requirement to be unsatisfied.
• Medium
Neither major nor Irioial.
• Trivial
Defect doesn't affect opera tion or maintenance.
• Urgent
Failure causes system crash , unrecoverable data loss, or jeopardizes personnel.
• High
Causes impairment of critical system functions, and no workaround solution exists.
• Medium
Causes impairment of critical system functions, though a workaround solution docs ex.ist.
• Low
Causes inconvenience or annoyance.
• None
None of the above.
A defect's Priority is the order in which the team plans to address .t. This is somewhat aligned with the
defect's severity but is not identical. For example, a defect can be classified as "urge nt" but it may not be
necessary to repair it immediately. For the sake of project effiCiency, fo r example , its repair may be batched
with a set of repairs to the same part of the product.
Different phases use different defect type classificatioll' . For example. a defect in the requirements may
concern ambiguity but "ambiguity" docs not apply very well to code. On the other hand, code may have a
logic defect but "logic" does no t apply to requirements in the same way. Some types of defects an common to
all artifacts, as listed in Figure 5. 19.
The 'OUret of a defect is the phase in which it was introduced (or '''jecred ). For example, you ma y d iscover
while testing a video store application that it does not-but should-accept the video /(, A Mad. Mad. Mad,
Mad World because the requirements document stated that no word rn a title should be repeated more than
once (supposedly to prevent bad data entry). Even though the defect may have been discovered during the
testing phase, its ,ourer phase was requirements analysis.
Table 5. 1 shows a typical way to track known defect.s . The information is u.s ed to manage ongoing work and
to record defect history for postmortem and estimation purpos~s .
• Omission
Something is missi ng.
• Unnecessary
The part in questio n can be omitted .
• Inconsistency
The pan in question contradicts other part(s).
• UnciassiRed
None 01 the above.
Man bug. tracking program, a.,<: indispensable 111 tra king "nd managing defects. Bugzil/a i< an cxample
of an o pen , o uree defect·tracking sy<tem. It was originally written by T e rry Weissman Bugz tlla fearures
in lude the foll OWing .
inter· bug depende ncies, dependency graphing, advanced repo rting capabilities ex te nsivc con·
Agllrability, a very well · under<tood and well . thought ·out natural bug resolution protocol, email,
XML, console, and H I I P APls. (It i ) available integrated with automated software conAguration
management systems, including CVS (6J.
Appendi x B of the case .rudy contains an example of the way in which defects can be reported, and
Appendix A contains an example of the way in which they can be tracked .
Even a very good process has to adapt to changes such as new technology and new kinds of requirements. For
these reasons, very effective software development organizations include a mtla·proass with every software
process: a process for improving the process itself. This usually takes the form of meetings at the end of phases
to review the effectiveness of the process used with a view to improving it for furure projects. A meta·process
is outlined in Figure 5.20.
To measure the dfectiveness of a process, an organization has to use it for several projects and then
compare the project metrics. Table 5.2 gives an example.
These results suggest that process U is the most effective, since it produces the best results in every
category. Process V is the worst for the opposite reasons. Matters are not often so simple, however. For
example, suppose that we had to choose between Waterfall and "Waterfall + Incremental." The latter process
is superior in defect count, developer cost, and customer satisfaction, but it scores worse in the other
categories. Making the call depends on the relative importance of the factors to the organization .
Figure 5.21 lists a sequence of actions that can be taken throughout the life of a project in order to
continually improve the process.
Figure 5.22 is an example of the kind of data that can be collected about the process. It is applied to the
process of collecting detailed requirements, which is covered in Part IV , but the table is applicable to most
phases. The numbers are illustrative only, and should not be regarded as industry standards. A comparison
with the organization's normative (typical ) data reveals deAciencies in the team's meeting process and in their
individual execution (i .e., the actual writing process). This exposes problems in meetmgs . for example, which
were subjectivc:1y evaluated 2 out of 10 by the team . It was determined (though not visible in the data) that the
meeting process would improve if the straw man proposal brought to the meeting was more complete i.e. an
explicit proposal that can be used as a basis for discussion .
The other problem observed in the example shown In Figure 5.22 seems to occur during the execution
step, where the actual work of writing the requirements is performed . The defect rate is higher than normal
(5 versus 3) and the self·assessed quality is a little below average (4). Comp.red with company norms, there
appears to be room to spend more time executing the work (i.e ., as individuals ), thereby redUcing the defect
count and improving the subjective self·assessment. You can observe from this process that a tandard for
counting the parts of the phase is fundamental to our ability to measure it. In this case, we are counl1ng
"detailed reqUirements," a concept that will be explained in Chapter 4.
Even in the absence of historical data , the team predicts what the values of the metrics should and will
be. With these advance predictions, teams tend to work better, and they tend to remember results. ll>e dat..
collected become the basis for furure historical darn. Man.ging all of this is not technically d.ffkult, but it Ns
Table 5.1 A typical way to track known defects
Defect Tracking
Discovering Responsible Date
NO. Name Description engineer engineer opened Source Severity Type Status
1 Checkout flicker Checkout screen 4 Kent Bain Fannie Croft 1/4/04 Integration Med GUI Being worked;
nickers when old begun V1 0/04
DVDs are checked
out by hitting the
Checkout button.
-t
2 Bad fine Fine not correct for Fannie Croft April Breen 1/4/06 Requirements High Math Not worked yet
first·nun DVDs
checked out for 2
weeks, as
displayed on
screen 7.
•
•
•
•
:s
91 CHAPTER 5 QUALITY IN THE SOFTWARE PROCESS
Inpul QVlpul
Prac1lces to
discard
Metrlc data
on multiple
projects Pract ices to
using the
retain
process
Practices to
Introduce
Waterfall +
Process -" Waterfall Incremental Process U Process V
Major defects identified w ithin first 3 months per 1000SLOC 1.3 0.9 0.7 2.1
in delivered product
% of total time: norm for the 15% 15% 30% 15% 25%
organization
Self-assessed quality 1- 10 2 8 5 4 6
- - -
Defects per 100 N/A N/A N/A 5
· o/tWJ'" development orga ni za tio ns pcrlCldKally as,e S and upgrade their overa ll capabi llly . ln the 1980sthe
nonproht o ftwa ..: Engineeri ng Institute ( EI) establl<hed a classifi ca tion of capabihlle~ for contractors On
behalf of the U .. DcpJrtm e nt of Defen e (000). The DoD's plan was to restric t bidding o n government
<oft"'are developme nt o nt ra ts to contractors With ,pc ified capabi lity level s. The SEl's syste m, now
expa nded into the "pnb,I"y Mntllri'y Mod,1 1"" 9,"/ioll ( MM I), , ucceeded In providing concre te softwa re
~nginceri n l! competence goa l for orga ni za tio ns. Actually, the scope of CMM I IS la rger than software
e nglncerl ng , but we wi ll restric t our a tte ntio n to the latter, te rm ed CM.M I- W. Many o rganizations, defense
and commerC ial alike, ha ve used the C MM I and its predecesso r, the CMM , to as~ess the quality of thei r
devel opmc nt process.
Softwa re developme nt o rga ni za ti o ns are assessed at a CMM I leve l between I (worst ) and 5 (best)
TI,e CMM I di sti ngUi sh es two kinds of assess me nts: .'ag,d a nd (on ',n"o"' . Th e sta ged assessment consists
of Identl Rab le steps We Will no t dis uss the co ntinuo us ki nd here . Th e CMM I classifies staged
o rgan izati o nal capabi lity with th e steps shown in Figure 5.23 (fro m [7 )) . These are e labo rated on in
Table 5.3.
•
The "In itial" CMM I level is the mos t primitive status that a so ftware o rganization can have. Organizations
at level I ca n be sai d o nl y to be capable o f pro dUCin g software (i .e ., "someth ing") . The o rga nization has no
recognized process for software pro duction . and th e quality of products and projects depends entirely on
the indi vidual s pe rfo rm ing th e design a nd implementation . T ea ms de pend o n metho ds prOVided by
membe rs of the gro up w h o take initiative o n the process to be fo ll owed. Fro m project to project, these
could be very good o r very poor. The success of o ne projec t has little relatio n to the success of another
unless they are sim ilar and e mploy the sa me so ftware engineers. W h en a project is completed, noth ing
is kno wn o r reco rded abo ut its cost, schedule, o r qua lity. Ne w projects are as uncertain of success as
past o nes .
For rn a t organi za ti ons, th is is unacceptable.
• IncreaSing LevelS
OPTlMIZfNQ
maturity 'r
Level 4
QU4NTTTAnvUY
MAHAOEO
Level 3
DEfINED
,
Level 2
MANAGED
Level 1
INITIAL
Table 5.3 SEI specifications of capabilities required for each level (see [7J for a full description)
level. Title. and Summary Expected Outcome Characteristics
1.INITIAl.
Measurement and control Project outcomes are qualitatively Respect organizational policies
predictable Follow established plans
Provide adeQuate resources
EStablish responsibility and authority
Provide training
Establish configuration management
Monitor and control: Take corrective
action
• •
Evaluate process and product relatIVe
to plans: address deviations
Processes measured Metrics available on process; set quantitative goals for key
quantitatively predictable subprocesses
Control key subprocesses with
statistical techniques
Identify and remedy variants
11,c "Managed" MM I level applies to o rga ni zatio n, apab le of trackin g projec ts as they unfold Such
organizations make plans, manage co nfiguratio ns, and maintain records of project costs and schedules They
al 0 descnbe the functionality of ea h produ t in writing. It i. therefore pOSS ible to predict the cost and
sch edule of very si mil ar projects pcrfonllcd by a very Similar team .
Although level 2 orga ni za tions track projec ts, no tandard development process for the o rga nizat ion is
8ll arantced.
The "Defined" CMM I level applies to o rga ni zations that do ument and enforce a standard process. Suc h a
process I typica lly o ne of those described in the previous c hap te rs (waterfall, spiral , etc.). Some o rganiza ·
tio ns adopt existi ng sta ndards suc h as IEEE's, while o thers de fi ne their own . Ro ug hl y speakin g, as long as
manageme nt enforces coordi nated , professional standards, and e ngi neers imple me nt them unifOnll!y, the
orga nization is at level 3. Training is typically required for an o rganization to reach level 3. Teams are allowed
Aexibility to tai lo r the o rga nizatio n's sta ndards fo r speCia l c ircumstances. Level 3 includes o rga niza tion-wide
standards for project manageme nt, complete configuratio n ma nageme nt, inspections, design notation, and
testing.
Level 3 o rga nizatio ns lack ge neral predictive capabi lity. They arc able to make predictions only for
projects that arc very si milar to o nes perf'Onlled in the past.
The "Qua ntitatively Managed" CMM Ilevei applies to o rga nizati o ns that can predict the cost and schedule of
jobs. A commo n way to do this is to usc statistical techniques and hi storical data. Such an organization
c1assilles jobs and their compo ne nts; it measures and reco rds the cost and time to design and implement these;
the n it uses these me tric data to predict the cost and schedule of subseque nt jobs. As Humphrey has pninted
out, this is no t "rocket science," but it does require a significa nt amou nt of orga ni zation , as well as an ability to
analyze the data . Level 4 requires a complete, metric·oriente d quality plan .
Even though level 4 is a hi gh level o f capability, it is no t the highest. Software engineering c hanges rapidly.
Forexample, the object-oriented paradigm made rapid inroads in the 1990s, reuse and new component concepts
are having a growi ng impact. Future improvements and paradigms are unp",dictable. Thus, the ca pabilities of.
level 4 orga ni zatio n that does not adapt and Improve may actuall y decline over time.
Rather than trying to predict future c hanges, it is preferable to institute pem1ane nt proe,JurtS fo r ""king and
exploiting new and improved meth ods and tools. Level 5 organizations, at the · Opti mizing" CMMI level
build in prace 5 improveme nt. In other words, their process (actually a meta -process) includes a systematic
way of evaluatin g the o rb'<lnizatio n's process itself, investigating new methods and technologies, and the n
improving the organization's process. Many o rga ni zatio ns aspire to this imp ressive capability.
As we have seen, the C MMI is a measure of ca pability at the orga nizationa Vcorporatc level Wall~ Humphn:
and the Software Engtnceri ng Institute have also deA ned coord inated proce<s models a t the learn levcl.nd at
CASE STUDY: SOFTWARE QUAlITY ASSURANCE PlAN FOR 103
the indiv.dual engineer level. These are called the Tea .. Softwa,. Process (TSP) and the PtrSO,,,t/ SoftlDa" Procn,
(PSP), respectivciy. The PSP, TSP, and CMMI frameworks fonn a relatively coordinated set of capabilities
and procedures at the indiVidual, team, and organizational levels, respectively. We will describe the TSP in
the project management chapters and the PSP in the implementation chapters.
CMMI appears to be almost contradictory to agility because it is process heavy . However, CMMI and agility
are at different levels. CMMI is used to assess the capability of organizations as a whole to produce good
applications. Those that use agi le methods are just as interested in such an assessment as those that are not,
and it is reasonable to assume that CMMI will evolve to assess devc10pment organizations of all kinds.
The Software Quality Assurance Plan (SQAP ) for The table o f contents of this SQAP follows that
Encounter is based on IEEE Sid 730-2002 Slandard for of IEEE standard 730·2002 in most esse ntial s.
Soflware Qua[ilyAs,uran« Plan,. The table of contents
was outlined in Figures 5.8 and 5.9. Revision History
Approvals,
Version 2
3 M~l1 all~ m e nt
will be designated who will be responsible to the • Carryi ng out the reviews and inspections spcciAed
manager of QA. The QA leader will take the lead for rn Section 6 of this document
project-wide quality Issues QA tasks will be referred
to 3S "" temal : • Unit lesting as per eCI manual 023 .2
3.4 QA Estimated Resources • oftwa rc Vc ri flcallon and Val idallon Plan (SVVP)
11,,, e,nmated n ',our es reqUired fo r A un Encoun · • oftwarc VenAc.tlo n and Validation Report
( VVR) (No/t Th " book does nOt cover the
ter are as fo llows,
VVR )
• ne engineer working halftime for the Arst tI",d • Maintenance Plan
of the proje t
In addit io n to the<e documents, the Java <ource
• One engi neer work inS fu ll time for the ccond
code wi ll utilize Jnaadoc to ge nerate package., class-,
th ird of the project
and hlO ti o n· level docu mentatio n, (See httpi/java.
• One engi nter work ing full time for the last third of sun .com/)2 eI)avadod fo r Javadoc speCifications.)
the project
• An additional engi neer working half tllne for the 4.3 Other
last third of the prOJec t
- i ntenti onally left blank
4. Documentation
2. GCI lnc.'s policy is that the QA department 2. Number of defects per unit (e .g .. lines of code),
provides independent, external testing. The QA classified per Section 8 of this document.
department at GCI also has a role in educat ing
3. Quality se lf·assess me nt 01 the QA process and
engineers in the practice of internal quality and
performance on a sca le of 1 through 10, ap·
working with project mangers to ensure that it
proximately in a bell·shaped distribution; se ll·
takes place .
assessment scores wi II not be used fo r the
3. All project artifacts are inspected and are made evaluation of personnel by manage ment; failure
easily avail.ble to the tea m o nce released by the to produce them, however. may negativel y af·
developer. fect the evaluatio n of an engi neer by manage·
ment, however.
4. All project artifacts are placed under conflgura .
tion management, where the co ntents can be
~en by anyone in the team at any time ( ee the We would specify all metrics to be collected
Software ConAguration Management Plan for on this project. Possible metrics are described
details). in Chapter 6.
• known " rili al" or \ enous" defects rcmalll III one responSIble Lu,tom 'r representative. They w,1I
,lI\ delivered artifa t be led by the requtrement, leader, who WIll deter.
mine their frequency and scope
In additIon .
• Reql1lT1:mcnts. No morc than one "medium ," and 6.2.1A software Requirements Inspections
no more than three "trivIal " defectIve detailed After they have been revIewed, all requ irement, will
requirements per 100 be inspe ted in ac o rdance with GCI , Inc 's docu-
ment G I 345678 "Inspections and Review proce-
• Design : No mo re than o ne "mcdlllm" defect pcr
dures at GCI." Requtrements sections must be
nve diagrams. A "dtagram" is any Agure that uses
about a page of easily legible parts completed and sig ned within a week of beginning
the desig n
• P eudocodo No more than two "medium" defects per
1000 lines pseudocode is described In C hapter 19. 6.2.2 Architecture Design Reviews
• Code: No more than two "medium" defects per Th,s I a review of alternative architectures with the
KLoC ( 1000 lines of non ·commented code) entire team . The review will be led by the design
leader in accordance with GCI 345678 on a fre-
The data from thIS project are to be reported as que ncy to be determined . The team will provide
Appendix 1 to this document. feedback , which will be reAected in the final design.
QA l..ader, who WIll detemlin~ their f~quency and exceptions arc at the discretion of the VP for Engi .
scope. The t t plan will be de o mpo cd into pans, neering . It is the project leader's re ponsibility to
and these will undergo separate reviews. schedule this review and provide the appropriate
documentatio n and software demonstrations.
6.2.3A Test Plan Inspections
Aft~r the>' have been reviewed, test plans will be 6.2.9 SCMP Review
in peeted in accordance with CO , Inc.'s inspection The QA leader shall review the status of configura.
process ma nual , document CCI 345678. Test pl.n tion management o n a monthly basis in a manner
sections must be completed and sig ned off within a indepe ndent of the procedures speCified in the
week of beginning testing . SCMP.
The team will us,," the lJugzilla defect manage . The code nnd ps,udocod, defects tyP"S arc a~
mcnt system . [oilows,
• Syntax
Instead of describing 8ugzllla, we will de·
scribe a hypothetical manual ddect system • Logic
for the sake of clarity, even though a soft· • Data (I e ., allows a wrong variable value)
ware-based system is common practice and
• Insecure (allows unacceptable security breach)
far preferable. Such sysu,ms also allow for a
dialog thread involving, typically, testers and
The workflow of a defect status is:
devciopers.
I . Open: defect found by tester
The Problem Reporting Form to be usrd by the 2. Assigned: defect assigned to an engineer
Encounter development team in response to a soft-
3. Corrected: defect nxed by engi neer
ware problem report generated by QA is shown in
Appendix B. 4 . Closed : defect closed by tester
To use this form , engineers should retrieve the
form from www .a.b .c .d . The defect number will If the defect is reopened, the defect will move
appear automatically , and the site will ensure that from the Corrected state to an Open state.
the appropriate fie lds are fi lled in. The QA leader will create and the QA team will
The values for s"miry arc as follows , maintain a database of problem reports that describe
the defiCiencies, discrepancies, and anomalies for
• Crilieal, Causes the application to crash with sig· Encounter. They will ensure that defects are con-
nincant frequency Siste ntly recorded on this form and that they are
routed and repaired in a consistent manner. Problem
• S,rious, Causes at least o ne documented require·
reports shall be routed in accordance with the
ment to be unmet
SCMP. Full traceability as to their effects and status
• T rioial , Could be allowed to stand ad infin itum shall be maintained, including after they are repaired.
without impeding the user from exercising a re- After iteration three, when a problem is
quired feature encountered, the QA manager will distribute the
problem report to the members of the Change
• Mtdium : Is neither serious nor trivial
Control Board (CCB). For the first three releases,
the configuration specialist will carry out the func-
The documentation defect types are as follows :
tions of the QA team, and the projcct leader will
perform all of the CCB functions in accordance with
• Incorrect
the SPMP. The CCB evaluates the problem report
• Missing material and then assigns a priority to the report of either
j",,,,,dinl,, 10 b, do"" or oplio"nl. The problem report is
• Unclear
then assigned by the CCB to the Encounter devd-
• Ambiguous opment team , QA, or CM for resolution. The CCB
determines the schedule for problem report .(solu·
• Incomplete
tion based on problem report priority and analysis
• Redundant (within or between documents) report results . After the problem in the report is
corrccted, the QA team review thc results .nd the
• Contradictory
QA manager reports on the review to the cca If
• Obsolete nccessary, the process i repeated .
CASE STUDY. SOFTWARE QUAlITY ASSURANCE PLAN FOR ENCOUPlTER 111
9. Tools, Techniques, and Methodologies addillon, the QA team verofles that the so ftware
media arc duplocated using only the procedures
QA re hnlquc~ Include the aud,ting of standards,
identified in the CMP. SQA acceptance Is indicated
rt:qu iremen~ rra ing, de" gn venncatlon . software
by an SQA stamp on the media label. The SQA audIt
In'l'«l1ons, and the verin atl on 01 1 mlal methods. report for media co ntrol are intended as fllrther
The QA tool, o n.i t of software verincation pro- evi dence that QA procedures have been foll owed
gTams. checklIsts, med,a labels, and ac eptance All backup medIa WIll be stored olfsite as described in
stamp . Checklo ts ",ill be obtai ned fTO m the com- the SCMP.
pan 's software engoneering laboratory, and tailo red
for En ounter. These arc augmented by NASA
11. Supplier Control
checklists at [9). C heckl ists include the following :
Describe the meaM by which d,sks, tapes, and Th e SQA record< colle ted and ar hIved ,hall
so on will be managed on lude the fo ll ow on g,
• T •• k reports
TI,e SQA team verifies that the ,,,ftware mcdi a
are bwlt and co nfigured per the CM P and th3t • AnOll1aly report, not handl ed 1» l t he rCB"lar problem.
authorized chanRes have hee n ," ~ ra ll ed and te,tcd In rcrortinli oncehan l 111
CASE STUDY: SOFlWARE QUALITY ASSURANCE PLAN FOR ENCOUNTER 113
preparation Review
Defects Time Time
Defect Expected Actual Expected Actual Expected Actual
Product Unit Rate Rate Time Time Time Time
-t-
SCMP Section 1 minor defect
per section
+
SPMP Section 1 minor defect
per section
SQAP Section 1 minor defect
per section
SRS Section 1 minor defect
per section
SOD Section 1 minor defect
per section
Code Defects
A frcc online tool ca lled "Refa to rl t" fTom hup j/www re f. tont. om s hallll~cd b , the Projc t 1"nol:cl to
estimate LOC. N 1..0 • and LO .
112 CHAPTER 5 QUALITY IN THE SOFTWARE PROCESS
• lem a",. including rc:conlmcndl1tion" 10 rl"SpOnSI · record,n/! mctfl es QA Will also conduct monthly
ble partlc, three-hour cla>'es for development team members 10
keep them Informed of qua lity goa ls, lools, and
o Logbook of QA" tivl tics
tec hl1lque< T tJm members ca n waive atlendance
o Audit report at the,c meellnt;( by sco flng perfectly on a muiliple.
hOlce qUIz available al GCllmomhly/SQAlquiz.
o igl1ed-off checklist< from reviews Jnd audits
Ea h team member is reqUIred to attend a
o Mlllutes of inspections three -hour course on wntll18 slyies and conventions
conducted by QA .
o Metrics for the QA process itself
13. Training
15. Glossary
• • • •
lOde lllumhcr:_ _ _ _ _ _ _ _ __
2 Pro po«d by · _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __
b. L1nclear
c Ambiguous
d. Incompl etc
f. Contradicto ry
g. O bsolete
5. Packa ge(s) _ _ _ _ _ __
6 . 0.ss(es)'_ _ __ _ _ __ _
7 . Met hod(s)_ __ _ _ _ __
8. Severi ty :
a. High
b. Med ium
c. Low
a. Syntax
b. Logic
a. Requirements
b. Architecture
c. DetaIled design
d Code
e. Implementatio n
II . Detailed descriptio n: _ _ _ _ _ _ _ _ _ _ __
I . Change number: _ __
2. Proposed by: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __
3. Documenlslsections affected: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __ __
5. Enhancenlent:_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __
• • •
6. Decails:
• • •
Signatures:
Descroption and plan inspected (QA tcam leader) _ _ __
Resolution code and test plan inspected (QA team leader) _ __ _
hang" approved for incorpor.Jtlo n (Team leader) _ __
116 CHAPTER 5 QUAUTY IN THE SOFlWARE PROCESS
A ompl cl cd I", pc li on " kC lin g Report must be ,.,el uded at the end of each document. Only the latest report
i rcqlllrcd .
PROJECT:
PRODUCED BY:
BRIEF DESCRIPTION:
MATERIALS PRODUCED
Moderator
Recorder
Inspector
Inspector
Inspector
Inspector
Inspector
CASE STUDY: SOFTWARE QUAUTY ASSURANCE PLAN FOR ENCOUNTER 117
2. etc.
Issue Re~onse
1.
2. etc.
0 All comments accepted via Word's Track Changes. Track changes feature
then turned off.
5.10 SUMMARY
Quaht practi es arc IIllcgrJ ted throughout Ihe devciopment process Thcy 'tart wIth planning, when
, pc If, documents u h a the Sohware Quality A\Surance PI.n (SQAP) and the Software VenAcalion and
ValIdatIon Plan (SVVP ) are produced , describing the qua lity policie" procedures. and practIces to be
Implemented.
The QAP is the m.,t er qu. hty plan and specifies the people and o rganizati o n, rcspon,ible for quality.
the proJe t documentallon to be produ cd , the metric, to be co llec ted , the procedures to be practIced. and
the techniques to be IInplement ed . It IS an impo rtant document as it sets the expectatIons regarding quality
early in a project and helps guide its implementation .
In pections are an important qllality technique that involve peer reVlcw of all project artIfacts including
documents, test plans, and code . Their goa l is to identi fy defects as close to their mtroduction as possible so
that they can be repaired quickly. Co nsiderable research has shown that the cost to repair a defect increase
dramatically the longer It i all owed to per;ist in the software.
Quality reviews and audits by a quality assurance (QA) orga nization are benencial. An external QA
group IS mdependent of the people developing the softwa re and o ther artifacts and can objectIvely assess
quality. Again , a sess ing quality and addressing it throughout the devel o pm ent process helps identify
problems as earl y as possible.
Problems arc identi fied by team members throug hout the development process and are submitted as
d4rcls. A scrcelll ng process is implemented to ensure that the defects are accurate and va ltd. A classilkation
system is employed to understand the severi ty of each defect and priority fo r its repair. In addi1ion,
maintaining metrics such as number of defects, time to repair, and so o n is useful for comparison with other
projects and in making estimates for future projects.
Improvi ng the effective ness 01 the overall software process is accomplished throug h implementation 01
a meta · process. Th is inc ludes the co ll ection of pl ocess merrics, and meetings at the end of projects phases to
analyze the metrics. In additIon , lesso ns· learned meetings are co nducted at the end of a project to analyze
project successes and identify areas of improve ment.
The Software Engi neeri ng Institute has deve loped a comprehensive meta·process for assessi ng an
o rganization's overa ll capabi lity . The process is ca lled the Capabil ity MatUrity Model IntegratIon (CMMI),
and it de Rnes several leve ls of ca pabil ity and maturity an organization can measure itself against. The levds
range from the lowest, Levell Initial , to the hi ghest, Levell Optimizing . At the Initial level an organization
can produce so.ftware but has no recognized process. At the Optimizing leve l, an organization implements a
meta · process for process improvement
5.11 EXERCISES
5. Your instructor will pair up student project teams. Conduct an inspection of an ani fact produced
by the other team, such as a SCMP or SPMP. Use an inspection checklist, such as one found in [3].
to guide your in pection.
6. Give an example of a delecr that might be clossiAed with a hi gh severity but a low priority. Be
spcciAc with your answer.
7. (a) In your Own words, describe each of the CMMI levels.
(b) How does applying the CMMI levels promote organizationaJ quality7 Explain this •
In a
paragraph or two, using your own words .
BIBLIOGRAPHY
t. Figan, M. "Design and Cod~ Inspections 10 Reduce Erro~ 10 Progr.sm Devdopmrnt " flL\.1 SYJ/.nII) J01Inwi. Vol IS, 0 3, 1976,
pp. 182-21 1.
2. Wiegers, Kilrl. "-Improvlng QUJ hty lluough Soft ..... a~ Inspections: Procm 1.. ~C1, 1995. http llww\Ol' procc5SImP3ct c.omlanlclesl
inspects hIm! [accessed November 15. 2009}.
3. Wiegers. Karl, "Goodies for Peer Revie.....s... PrOC'rf$ Impacl, 1utp 11W\tt"'W prOCCSSUT\polCl com/pr....,good,,:, [olccosed ()'.'cmw 15
2009)
.. Gchani , Naronn, and A. McUunck, "SojtWtJr, SptCIji. af/(7PI Ttd""qulS. " InternatIonal Computer Science ~nes, Addlwn -Wesley. 1985
5 Cllb, T., and D Cr.aham. " Softuu~rt 'nJPtrIlO"." Addl~n · Wes ley, 1993
6. Bugzil1~ . hnp:llbugzi lla orglaOOu t html [accessed December 10, 2009 ]
7. upability Maturity Model )!': lotegr.nion (a 'MIS:-" J, Version I I, hup Jlwww !!oC' emu cdulpubldocumenl oz·reportv pdfl
02 ln0I2 .pdf [,cc..sed December 8. 2009 J.
8, Humphrey. Watts 5., -A D'SClpli"( for 5<lfrID4r( E"9It,(rn"g:' SE I ~ ru:s In So hwarc Englnccnng, Addt~n · Wc-slc'Y . 1995
9. NASA Goddard Space Flight Center Software Assurance Web Stte-. hItP:llsw·as5Unncc gsfc.na5a.gov/dl sctpltncSlqua ltty/ tndcx php
(2006) [,ecessed November I 5, 2009]
Software Configuration
Management
Figure 6.1 The context and learning goals for this chapter
Many artifacts are produced in the course of developing a software product, uch as specIfications (e.g.,
requirements, design), source and executable code, test plans ond test data, user documentation, and
supporting software (e.g., compilers, editors) Each undergoes numerous reVISions, and keepIng tTack of the
vanous versions needs to be managed in a reliable and con istent manner. Soffware Configuralion 1\ InnagC!lloll
(SCM) IS the process of identifying, tTacking, and storing all the artIfacts on a project. In the context of SCM,
each 01 these artifacts is referred to as a ConAguration item (0 ).
SCM ACIIVmES 121
1 conrnbut to overall software quality in that it supportS a reliable way to control a project's
arti~ ts For c ample, the (]vI proces ensure that the proper source mes are included when building the
softw,re, tern and that the orrcct project documentatIon IS retrieved when required .
1any , tlvitie contribute to configura tIo n management . including identiAcalton of artifacts as
configuration items, storage of artifucts In a repository, managing changes to artifacts, tracking and reporting
these changes, auditing the CM proces to ensure it's being implemented correctly , and managing software
builds and relea cs. Many of these activitIes arc labor intensive, and SCM systems help automate the process.
We first define the overall goal of software configuratIon management: b.,,/i"t .-Itly, outrwrilr .-Irfy. 'tumio",
Q.d disasltr rtCoorry.
Baseli n" safety is a process of accepting new or changed Cis fo r Ihe current version of the developing
product (the baseline), and safely storing them in a common repository so that they ca n be retrieved when
needed later in a proJect.
Overwrite salety means that team members can safely work on Cis simu llancously , and changes can be
applied so they do not overwrite each other. Overwrite safery is needed when the follOWing kInd of sequence
occurs.
2. Alan make changes to X and puts the moddled X back in the repository.
3. Brenda also makes changes to X and wants to replace the version of X in the com mo n repository WIth the
•
new versIOn .
Overwrite safery assures that Brenda's changes don't si mpl y replace Alan's, bUI Instead are added
correctly to Alan's.
Reversion occurs when a team needs to revert to an earlier version of a CI. This IS typically reqUired
when mistakes transition a project to a bad state-for exa mple, when it is found that a new version of a CI
turns ou( to cau.se so many problems that it is preferable to revert to a prevlou verSIon . ReversIon requIres
knowing wh,ch version of each C1 makes up a previous version of the project
Disaster recovery is a stronger form of rcversion-it is thc process of retainIng oldcr versions of an
applicatIon for f\Jture use in case a disaster wipes out a newer version .
These four goals, fundamental for configuratio n manage me nt , arc summari zed in F,gure .2.
I . ConfIguration Idenltficalton .
2. Saseltne control
3 Chan!!e control
4. Version contm/
' 22 CHAPTER 6 SOFTWARE CONFtGURA liON MANAGEMENT
• B.seline S.fety
n<ure that new or c hangcd Is arc .fely storcd In a repository and can he retrieved when neussary
• Overwrite Safcty
En ure that engineer, hanges to the 'arne I arc applied corre tiy
• Reversion
• Disaster Recovery
Retain backup copy In case of disaster
5 Configuration auditing.
The first step in configuration mana gement is to ident ify a project's artifacts , o r configuration items (CIl, that
are to be controll ed for the proJect. As deSCribed in the introduction , candi date C is include source and object
code, project speCifications, user documentation, te t plans and data, and supporting softwarc such as
compilers , editors, and so on . Any artifact that wi ll undergo modification or need to be rerrieved at some time
aher its creat ion is a candidate for becoming a CI. Individual fi les and documents arc usually C is and so are
classes. Individual method may also be C is, but thIS not usually the case . A CI may consist of other Cis.
C is are too large when we can't keep track of individua l Items that we need to and we are forced to
continually lump them wit h other items. Cis are too small when the size forces us to keep track of ite ms whose
history is not relevant enough to record separately .
Once selected, a C I is attached with identifying information that stays with it for its lifetime. A
unique identifier, name , date, author, revision history , and st.tus are typical pieces of information
associated wit h a CI.
6.2.2 Baselines
While an artifact uch a source code or a document is under development , it undergoes frequent and ", formal
changes. Once It has been formally reviewed and approved, it forms the basis for further development, and
subsequent changes come under con tro l of configuration management poli ies. uch an approved artifact is
called a bas"i", . IEEE Std 1042 defines a baseline as a " pecificatlon or produ t that ha been formally rcviewrd
and agreed to by re ponsi blc management, th.tthereafter serves as the basis for further development , and can
be changed on ly through fo rmal change control pro cdure "
Baseline, not only rerer to individual C I< but also to collection of Cis .t kc proje t milestones. The
are created by recording the ver>lo n nllmber of all the Is at that time and .ppl ins a Version I.belto uniqud
identify .t. Milc>lones can occur when ,oft ware is internally rdca<ed to a testing organization, or when a
SCM ACTIVITIES 123
A1
E3 05
version of software IS packaged for release to a customer. For example, a new software version is created and a
set of source files and documentation that constitute software release 1.0 are grouped together, given a unIque
label such as "version 1.0," and are recorded as belonging to the same baseline. This allows all the fi les
constituting software release 1.0 , and their correct versions, to always be correctl y idenllfied and g rouped
together. If files belonging to a baseline are added . deleted , or modiAcd , an updated baseline is crea ted with a
new version number. Figure 6.3 illustrates ,his concept.
Once baseline are created and labeled, they are utilized in a proJect for three primary reasons ( I],
I. Reproducibility
2. Traceability
3. Reporti ng
I . Reproducibility means that you can reproduce a panicular software version o r set of do umentatio n
when necessary . This i required during product development as well as during ma intenance . For
example, software is shipped to customers, and different cu tomer ma y usc different vcr ions In thc
meantime, the project tcam is developing a new software release, and as a result is updating many of the
Cis u.s ed in previous software releases If a problem is reported by a customer nonn ing an o lder software
verSion, because It was saved as a baseline the o lder versio n can by resurrected by the projc t team and
used to identify and repaor the source of th e problem .
2. Traceability means that relations hips between various project artifacts can be e tabllShcd and re og ·
nized. For exa mple, test cases can be ti ed to requirements, and requ irement> to deSIg n.
3 Reporting mea ns that aJ) lhe cleme nt o f ~ ba c line an DC dctennlned and the o ntenlS of various
ba e1,ne~ can be com pared Th,s apab,loty ca n be ulllozcd when trying to Identify problem I l l ' n,''''
relea<e of software. Instead of performong a length y debuBgi ng effort , diffcrcn e< In , ource file, bet\ ee n
the previous and current o ftware verSIons ca n be analyzed Th,s may be enotlgh to Ide ntl! the wlIrce 01
the problem If no t, knowing exactly what c hange< occurred ca n pOInt to rOlential rOOl callSC', 'reed,ng
up the debuggIng effort a nd leading to faslcr and ca<ier problem resoilltlon B. ,dllle, arc al 0 ,,,dlll to
ensu re: lhatthe corr t fIles arc <-on talned in the exe lItable me o f a software ve"ion. Th" IS tI < d thllin/-:
Cl)n~gunHlon aud,ts, and " covered in c tio n 62 .5.
124 CHAPTER 6 SOFTWARE CONFIGURATION MANAGEMENT
onfiS\lratio n items undergo han!!" throughout the course of development and ma intenance:, as a result of
error con'cctio n and enhancemenl. Defects d iscovered by rest lnll o rgan Izations and customers ne~esSltatc
repair Rel ease of software in lude e nhancements to eXIsting fu nctio nailty or the addition of new
hlnctionality . 1'"119' cOl1 lrol, . 1 0 known a co nAguration control , includes a tivltl e. to request. evaluate ,
approve o r disapprove, and implement these changes to baselined I [2].
The formality of these activitIes varies g reatl y from prOject to project For example, requesting a change
ca n ran ge fro m the most informal no d irect oversight for changi ng a C I- to a fo rmal process filling out a
(om, or request lI,dic"ung th e I and reason for change, and ha vi ng the request approved by an independent
group of people before it ca n be released . Regardl ess of the formality of the process, c hange contro l involves
Identification, documentation , analysis , evaluation , approval , verificatio n, impl eme ntatioIl , and release as
described next (2).
• Name of requester
• Description and extent of the change
• Reason fo r the chan ge (e .g., defects fixe d )
• Urgency
• Amount of time required to complete change
• Impac t o n o ther Cis or impact on the system
• Reason for the change (e.g., bug flx , performance improvement , cosmetic)
• Complexity
• Other sou rce flies affected
• Amou nt of independent testing req uired to validate the c hange
C hanges are ei ther accepted Into the current release. rejec ted o utrI ght, or deferred to a ubsequent
release .
SCM ACTIVITIES 125
Approval or disapproval
Once a change request is evaluated , a decisIon is made to eIther approve or djsa pprove the requesl- Changes
that arc technically sound may still be disapproved or deferred. For example, if software IS very close to being
rele~sed to a customer, and a proposed change to a source file reqUIres many complex modificatIons, a
deC! Ion to defer repair may be in order so as to not destabilize the software base. The change may be
scheduled for a h'Nre relea,e .
Version control supports the management and storage of Cis as they arc created and modI fied throughou t the
software development life cycle. It SllPPOrtS the ability to reproduce the precise sta te of a CI at any point in
time. A configuration management SYSlem (al 0 known as a version control system) automates much of this
process and provides a repository for SlOIing versioned Cis. It also allows team membe rs to work on artifacts
concurrently, Aagging potential conflicts and applying updates correctly.
A good version con trol system supports the following capabilities,
1. Repository
2. Checkout/Checkin
3. Branching and mergi ng
4. Builds
5. Version labeling
File A
Projects are Illos t ofte n developed by teams of people . Version co ntro l syste ms provide mechanisms to allow
team members to work on the same se t of files concurre ntl y (branching ) and correctl y apply changes to
common files 0 that no ne are lost or overwritten (mtrging ). This is also known as overwri te safery
Figure 6.4 depicts an example, in which Jo hn creates a branel, by checking out versio n 1.2 of file A. A
branch is a private work area in a version control system that allows you to make changes to baselined files
without conflicting with other team members. John maintains a private copy of the fi le o n his branch and
makes his changes. Concurrently , Sall y also needs to work on file A. so she creates he r own branch and checks
out versio n 1.2 H er copy starts out the sa me as John's si nce he has not yet checked in his updates. O nce)ohn
finishes his changes, he c hecks in his mes to the reposi tory, and the file is given a new version number 1.3.
Later, Sally finishes her modifications to A and wants to check in the file . If the version contro l system allowed
her to just replace the current copy of file A (versio n 1.3, which now includes John's changes) with her copy,
John's changes would be lost. Instead , the versio n control system supports mrrgl"g , which intell igently applies
Sally's changes to version 1.3 and creates a new version 1.4 with both of their cha nges applied cor reetly. If the
set of c hanges are made to various parts of the same fi le , the system ca n usually perform the merge operation
automa tica ll y. If the ::hanges conflict wi th each other, as when the same lines of code are c hanged, the system
Wi ll ask the u or to merge the c hanges manuall y. In this case the system will sh ow the user which lines overlap
so that person can apply the changes correctl y.
6.2.4.4 Builds
Version contro l systems provide support so as to reliably and reproducibly compile and build the latest
version of software fi les into an executable , usable file . A user ca n specify which branch of code to build from ,
all OWing concurrent development. In addition to the executable Ric, builds produce logs containing lhe Rle
versions comprising the build .
SCM ACTIVITIES 127
<rsion are rea ted by applying a label to all fi les olllprismg a software build. The label is u ually a version
number su h as ' version 1.0". This allows software vers,ons to easil}, be referenced and reco nstructed if
n essary, and supports the onsrruction of baselines.
As defined by IEEE 1028 · 2008 (3]. a software audit is "an independent exami nation of a software product ,
software proce , o r Set of software processes performed by a th ird party to a sess compliance with
specifications, sta ndards. contractual agreements, or other cri teria." In the contex t of co nfi guratio n manage ·
ment, the goals of a configuration audit are to accompl,sh the following :
• Verify that proper procedure arc being followed , such as formal technica l reviews.
• Verify that SCM policies, uch as those defined by change control , are followed .
• Deterrnine whether a oftware baseline is comprised of the correct configuratio n item . For example, arc
there extra items includcd 7 Are there items missing7 Are the versions of ind,vidual ,tems correct(
Configuration sta tus reporting supports the development process by providing the necessary ,nformation
concerning the softwa re configuration . Ot her parts of the configuration process, such as change and version
control, provi de the raw data . Configuration statu reportin g includes the extraction , arrangement, and
formation of reports according to the requests of users (4 J. Configuration repo rts include such infomlat'On as
the following·
Figure 6.5 IEEE 828·2005 Software configuration Management Plan table of contents
SOUrce IEEE Std 828-2005
T o speci fy how the softwa re co nfiguratio n is to be managed o n a project, it is not suffici ent me rel y to poi nt to
the co nfi gura tt o n manageme nt tool that will be used. There is mo re to the process, suc h as what activities are
to be do ne, how they arc to be im plemented, who is respo nsible fo r implem enting them, when they will be
completed. and what resource are req uired- both human and mac hine [2]. The IEEE has developed a
standard for oftwa re config uratio n managemer,t plans. IEEE 82 8· 2005. Th is ca n be very useful in maki ng sure
that all bases have bee n covered In the process of C M. Figure 6.5 shows the re leva nt conte nts of th is standard,
whI ch arc Included in C hapter 3 of the plan.
The topics to be pecificd in Sectio n 3.3 of the SCMP arc largely covered in Section 6.2 of th is chapter.
Sectio n 3.3.3 of the SCM P doc-uments the mea ns by whi ch the st"tus of SCM i to be communicated (e.g., in
writing. o nce a week). Sectio n 3.3.6 applies if a C M tool is used o r if configuratio n management is handled by
a ubcontractor The IEEE sta ndard describes the purpose of each section of the above outline in detail. IEEE
828 · 2005 ,s used in the Encoun te r case stud y later in th is chapter.
Fo r all but the most tri vial applicatio n. a co nfig uration management system (also known as a version control
system) is indispensable fo r mana8m8 all the artifacts o n a project. Microsoft's SourceSafe™ i in commo n
use. VS is a commo n enviro nment. as well as Subversio n and others.
The Concurrent Version System (CVS) is a commonly used, frec, o pen ource configura tio n management
system. C VS Implements a client-server architecture, With users running client V softw3l'e o n their
CASE STUDY: ENCOUNTER VIDEO GAME 129
• Up-Lo·dare
File has been edited but has not replaced latest revision .
• N""ds a Patch
om~one else has committed a newer revision to the repository .
• Needs Merge
You have modified the nle but someo ne else has committed a newer revision to the reposi tory.
• Unknown
Is a temporary fi le or never added .
machines, and a CVS seTVer storing a repository of project fi les. Users check out projects (using the chtekoul
command); make changes; check in (usi ng the com mil command); and merge with the changes of others who
checked out at the sa me time (using th e updQI' command ). C VS automatically increments the version number
of fi les or directories (e.g., fro m 2.3.6 to 2.3.7). The status possibilit ies for a fi le are shown in Figure 6.6.
I 1.1 E. Braude. Expanded 3.2 1/ 18199 A , pc ifl ~ engine r, prOVided by the A or~a .
nlz.llon, woll be d e"~ n ate d "s the "conAguratlon
1.20 E Braude· Reviewed for re lcasc5/ 18199
!eadcr" fo r Ihe durati o n of the pro) ·ct
1.2. 1 E. Braude, r-inal edltong4/ 30/99
3.2.2 SCM ReSponsibilities
Version 2
tatc the tasks that each role must carry out If
2.0 .0 E. Braude: Significant edit of section xx thi is not tated, essential actiVitieS will not be
S/2/99 done, and ome activities will be done by more
2.0 I E. Braude: edits S/ 13/04 than one team member Include backup reo
sponSlbilitie~ In case the main individual is
3.1. Introduction
3.2.2.1 Configuration Leader
This Software Co nfiguration Management Plan
(SCMP) describes how the artifacts for the Encoun ·
"Responsible" does not necessarily imply that
ter video game project arc to be managed .
the individual does all of the work merely
that he or she organizes the work and sees to it
3. 1. 1 Definitions that the work is done.
Approved Cis: Cis signed off by project management
Artifact: A Anal or interim product of the
project (e.g., a document , source code, object The configuration leader shall be responsible
code, test result) for organizing and managing configuration manage·
Master Ale: A particular designated Ale for this ment (CM ). Whenever possible, the configuration
project, defined in Section 3.3. 1.2 leader shall discuss CM plans with th~ devdopment
team prior to implem entation. He or she will main ·
3.1.2 Acronyms tain this document (the SCMP). The configuration
CI: configuration item-an item tracked by the Ieadcr is responsible for the installation and main ·
configuration system tenance of the conRguration management tool(s)
CM: configuration manageme nt-the process of speciRed in Section 3.2.3. Archiving is to be per·
maintaining the relevant versions of the project formed in accordance with department policies
SCMP: the Software Configuration Management 1234S .
Plan (this document) The SCM leader shall be responsible for ac·
quiring, maintaining, and backing up the configura·
tion tools used He or she shall also develop a plan of
3.2. SCM Management action if tools become unsupported (e.g., by dis·
continuance of the vendor). Additional respon Ibili ·
3.2.1 Organization ties of the configuration leader are stated in Section
3. 1-3 .6.
3.2.2.3 Engineers It is the responsib ility of eac h 6. The prOject leader and department manager are
engineer to abide by the CM rules that the configu. to have complete access to all documents under
ration leader publi shes. Engineers are also referred to co nfiguration at all times. Access verificatio n
' Standard Engi neering Respo nsibilities," docu ment form www.ultracorp .division3 .accessVeriRcati on
56789. is to be subm'tled evety two weeks by the project
leader to his or he.r manager.
Additional responsibilities of the engineers arc
stated in Section 3.3 below . 7 . The Encounter project will u e SuperCMTool
release 3 4, a configuration management product
3.2.3 Applicable Policies, Directives, and b), SuperCMT001.
Procedures
These are fictitious names.
Activities such as CM are generally conducted
in accordance with group or corporate guide-
8. Arch iving is to be perfonned in accordance with
lines. Student teams should identofy and li st
de partment policies 12 3456.
their policies in this sectioa . Policy 3 should
be included .
labellOg all Is T he file co n vc nll O Il~ shall be a, o ntrol th rough upcr MTool A read·only version
fo ll ow, of th e I IS ava .l ablc to all englnce r~ Under no
cirwm<tance, maya n enSIOcer transfer a I directly
Root directory , Encount er to anyone
ubd, rcc tory R or DD or ..
3.3.2 Configuration Control
File N· N· N xxx correspond",!; to ve""on N.N.N
For example, vc r Io n 2 'I 8 of the SR will be o n This section spells out the procen whereby
me Encounle r/S RS/2_ 4_8.0<1. configurallon Items are changed. This prDCeH
should be Aexible enough to allow Quick
The texl m~ Master 10 Ihe root directory states changes, but controlled enough to keep
Ihe versions of the Is that compri e Ihe current and changes very orderly so that they improve
prior tates of th e prOjeCt For exa mple, Master could the application, not damage it.
melude mfo rmati on such as:
The current versio n of Encounter is 3.7. 1. It 3.3.2.1 Requesting Changes As specified in the
compn everSio n 2.4.8 of the SRS, verSion 1 4 Software Project Management Plan (see Part III ). the
of the SOD. team will designate an "inspector engineer who is
allocated to each team member. Before requesting a
The previous version of Encounter was 3.6. 11 .
change, engineers must obtain an inspection of the
It comprised version 2.4.8 of the SRS, version
proposed change from an inspection team or, if this
1.3 of the SOD.
is not pos ible. from their inspector engineer. To
Thi s Informatio n shall be maintained in a table request the incorporation of a changed Cf into the
of the followi ng form . baseline, form www.ultracorp.division3 .Encounter
.submitCi must be submitted to the configuration
Encounter SRS verSio n SDD version....
leader and the project leader, along with the changed
Release CI and the original CI.
In specifying this section , imagine the most For larger proj~ts , a group of people, often
stressful part of the project, which is the called the Change Control Board, evaluatrs
implementation phase, involving several peo- and approves changes. SlUdent teams must
ple in parallel. The process has to be very make this process reasonably simple.
orderly, but it also has to allow engineers
reasonable access to the parts of the project
so that they can start work Quickly. The project leader or designee will evaluate
all proposed changes. The project leader must
also specify the required Quality standards for
Engineers requiring Cis for modification shall incorporation .
check them out using SuperCMTool's checkout
procedure. Note that SupcrCMTool prompts the 3.3.2.3 Approving or Disapproving Changes
user with a form requesting an estimate of how The project leader must approve proposed changes.
long the checkout is anticipated , and store this If the project leader is unavailable for thn:e business
mformation for all requesters of the CI. Anyone days follOWing the submission of a proposed change,
requiring a CI that is currently checked out should the configuration leader shall have the authority to
nellOtiate with the current owner of the CI to transfer approve chan!!es.
CASE STUDY: ENCOUNTER VIDEO GAME 133
Due to the Importa n c~ of a stable SCM plan , all difrerent so urce code access requirements. Most are
changes to this document mllst be ap proved by the de velopi ng their own plug " ns, which are exten ·
entire Ctvl team sions to existing Eclipse code and fu nctio nal ity,
In vic w of the soft\\fare de velopment o rganiza · and o nl y require access to Ecl ipse source code
tlon' goal to anain CMM level 5. the conR ll urati o n for debu gg in g their work. Others may want to
leader will do the following for the CM process change existi ng Eclipse sou rce code if they are
improvem ent se sions: Rxing a bu g, o r add code if the y are develop ing
a feature . Th ese develo pe rs require write·access to
• Review the effective ness of this plan Eci ipse code .
Source code is managed in Eclipse using CVS
• Qua ntify 10 se due to defects In this plan
(Concurrent Versioning System ), which is the de
• Re view the effectiveness of Super CMT 001 facto version co ntrol system fo r open source proj·
ects. Eclipse integrates a built ·i n CVS CUI, making
• In vestigate the literature fo r new CM meth ods;
version control very easy to use . CVS implements a
q uanti fy the costs and beneRts of improveme nts
c lient· server architec ture, with the Eclipse repository
• Investigate new CM tools housed o n a ce ntral server at dev.eclipse.org that
stores all the Eclipse source code.
• Sugges t speciRc improvements to this CM process
In ge neral there arc two classes of Eclipse users
• list the beneRts of improvements as follows ,
Open o urce projects such as Eclipse arc developed The fo llOWing IS quoted from [7) and d~cri~
by geographical ly dispersed e ngineers who have these t'Wo classes of lI<ers .
Anonymous CVS
For pc::opl~ who actually want to change Ecllp e code but who do not have the required commit rights
In that area, all clements of the Ecl,pse proje t arc available via anonymous access to the development
repo itory. U 108 anonymous acce> you can checkout code, modify it locally, but cannot write it
bad. to the repository. Th,s is handy if you would like to fix a bug or add a feature . eet the code via
anonymous access, do your work. and then pass the work on to a commilter for inclusion in the
reposi tory. ..
All committers mu t use SH (Secure SHeil ) to acce the CVS repOsitory if they wish to use their
u er id and password (o.e. , If they want to write to the repository).
Full CVS
Developc::rs WIth commit right have individual user ids and password, in the Ecl,pse prOject
development reposItory. As a committer you can use SSH (Secure SHeil ) to connect to the CVS
rcpository as follows . .... Once your information is authenticated , you can browse the repository and
add projects to your workspace. If you do some changes that you'd like to contribute, after testing and
enswing that you have followed the contribution guideline~ , you are free to release your changes to the
rcpository . Of course, you can only release changes to projects for which you have commit rights.
Note that you can use the SSH protocol and your Eclipse user id to access projects for which you
arc not a committer, but you will not be able to release changes.
These points arc summarized in Figure 6.8. • Major- thi s numb('r i incrcmcnlcd each time
there is a breakage in the API
VERSION NUMBERING • Minor-this number i increme nted for "extemally
visible" changes
Eclipse plug·ins use a versio n·numb""ng scheme
that captures the nature of the c hanges implemented • Service-this indicate a bug Ax or ot her change
by the plug.in . Versi on numbers are co mposed of not visible through the API
four parts as follows : • QualiAer-thls indicates a partIcular build
Major. minor. service , and qualifer. Major. mitior.
and suvir! are Integers, and qualifltr IS a stn ng.
OHiclal
Eclipse
Code Write access
Base with password
(CVS)
General
User
Com miller
I 0.0
I. I. I
The exa mple shown In Figure 6.9 and 6 10, applicatio n programming Interfaces, and shipping to
take n fro m hnp j/wiki .ec ilpse .o rg, s ho ws ho w the the community are rcAected in the numbering in
versio n numbe r c h anges as a result of plug· in devel - partic ular ways.
o pment. The descripti o n sh o ws that bug fixcs , new
Student tea ms sho uld create a Software Configuratio n Management Plan (SG\1 P) for their projcct using IEEE
Std 828· 2005 as a template and the Encou nter SCMP in Section 6.5 guidance . The rest of this section
descnbes how to o rga nize fo r this task.
co
'"'CI>"
-
"
II:
First dey stream
-
Second dev stream
Malntenonco 51'~m ef'tef
Figure 6. 1 1 shows how teams can go about deci ding their configuration manage me nt met hods.
When there is insufficient time to learn a CM environment, teams have succeeded reasonably well with
simple Web sites, such as www.yahoogroup •.com . thatalio wdocument sto rage. Asimple checkout system is
needed, one of which is to change the document type. Fo r example, when the SQAP is checked out to Joe,
the file is changed from sqap.txl to sqap.jor . Alth ough configuration management applies to both documents
and source code, the file-naming convention usually has to be planned separately For example, we canno t
change ",yClass.java to myClass.jor without disrupting compilation . Some groups maintai n twO directo ri es. O ne
contains the current baseline, wh ich cannot be changed witho ut a formal process. The other directory
contains versions that arc currently being worked on .
Trial CM tools or free ones such as CVS and Subversion are available. Coogle supports frce docum ent
hosting with Coogle Docs and has support fo r versio n control. Be sure that your process does not rely on
excessive manual intervention , and that it does not result in a bottleneck where o nc person is overl oaded. If
you are co nsidering usin g a tool, be sure that the le ngth of th e learnin g curve ju tifies its use. There are many
other software e ngineering aspects to learn besi des usi ng a particular CM too l. Whatever system yo u select ,
try it out first o n an imagined implementation . Makc sure that the process is smooth. You do not wallt to
worry about your CM process durin g the impleme ntati o n phase , when time is limited. In the work world ,
however, professional CM tools arc a neces ity .
6,8 SUMMARY
Software configuration manage ment (SCM ) is a process fo r managi ng all th e artifacts produced o n a oft'ware
project, including source code, specifications, and suppo rt ing software. Planning for SCt", stans earl y in a
project, starting with the Softwa re o nfiguratio n Management Pl an. It specifics the SCM activitie to be
implemented throughout development and so ftware ma inte nance, such as Iden tification, change conn'ol,
v."ion co ntrol , audits, status reporting, and rel ease management.
Ea rl y in a projec t, artil-acts arc ide nti fied a5 config uratio n items ( I) to be stO red in a repo Itory and
managed . After a C I IS reVIewed and approved It become part of a basehne and i< offiCIally managed by M
pohcies. ArtdaclS go throug h ineV Itable change, being newly crea ted or modified due to ei ther error
correc tion or enhancement. S M denne, actIv Ities to request, eva luate, approve o r disapprove, and
implement changc, \0 basdi ncd Cis.
138 CHAPTER 6 SOFTWARE CONFIGURATION MANAGEMENT
A ~c l'equIJ-cmCIll of ,1, the abdllY to reproclu e Ihe precIse "alc of all I, 01 any POlf11 In lIme A VCI';lon
Iltra l , '>tem (al,o kn own ", a cOllfigurallo n manaK me nl sy,tcm) au to mal ,mu h c,r th IS proce,s and provide< a
rcP<"' t )ry for to nng ver<loned Is It also allows team mcmlx:" to work on artlfac" concurren tl y. flagging
pote ntial (",Oi" and appl 1118 updates o rrcctly. Vor<lon cOlltrol 'y,tcm, In lude hlnclionality for c hecking In
alld c he kin g out Ale , bran hing and l11erlli nK. building Ihe sohwa re, and crcaClng softwa re vc rslo ns.
o ntlgllratlo n audIt<. wh,ch arc tYPIcall y co nduc ted by the qua l"y as urance g roup, arc used to en'IUre
that agrced upo n M pro edures and po l, c,es arc bei ng fo ll owed , and tha I ,oftwa re being produced"
o rnprised of Ihe carre t co mpo ne nt,.
onflguratl o n <latus reports support th e aud,t proces by proVIding a detailed h,story for each CI
including wh e n it was reatcd Jnd mo dified . how It was modi fied . and by whom .
6.9 EXERCISES
I. In your own wo rds , deA ne the term cOHfigliralion il,," and desc ribe Its purpose .
3 Describe the four goal of configuratio n l11anageme" t in your own wo rds. and explain why each is
important.
4 . If you are devel o ping a software app lication usi ng an incremental process, at what points would
you minima ll y c rea te baselines)
6 . Agile processes pro mote conti nuo us integration. which results in branching and merging at very
frequent in tcrval (as ofte n as every few hours). Describe one advantage and disadvantage of
branching and mergi ng so freq uentl y. Describe one advantage and disadvantage of branching and
merging less frequentl y.
7 . As mentioned in the T eam Guidance sectio n (Sectio n 6.6), forsmaliteams it may not be necessary
to utilize a n aut omated conRguration management syste m. Describe the process you would follow
to perfo rm branch ing and merging wit h out such a sy tem .
TEAM EXERCISE
For the team exercise. consi der as a group how you wil l perform it, check the hints below, and then
carry out the assignment.
eM Plan
Produce a software configuration manaBeme nt plan for your team project using IEEE tandard 828·
1990. The case >tudy should guide your team. but your document will be mo~ SPCCIOC, I't'Rectlng t~
BIBUOGRAPHY 139
panicular resources avaIlable to you. Do not include material unless it contributes to the document's
goals. Avoid bottlenecks and unnecessary procedures. Include procedures for what to do if people
cannot be reached and deadlines loom.
Bdore you begin . estimate the number of defects per page the team thinks it will discover during
the fi nal review. Keep track of and report the time spent on this eHort by individual members and by
total team effort . State the actual defect denSity (average number of defects per page). Assess your
team's effectiveness in each stage on a scale of 0 to 10. Summarize the results using the numerical
results, and state how the tcam's process could have been improved.
Criteria,
I . Practica lity , H ow well does the plan ensure that docum ents and their versions will be secure,
coordinated, and available7 (A = plan very likely to ensure coordination and availability)
2. Specifics, H ow specific is the plan in terms of suitably naming places and participants7 (A = no
doubt as to what engi neers must do)
3. Process as essment and improvement, To what degree did the team understand the strengths and
weaknesses of its process, and how speCific are its plans for improvement7 (A = full , quantitative
understandin g, with plans for improvement very speCific and realistic )
Do not fi ll in sections that arc as yet unknow n; add only parts that you are confi de nt of being able to
implement within the semester. Make your plan realistic. For example, don't state that "all other team
members will review each contributor's work" unless you are reaso nably sure that this ca n be done
within the probable constraints oi your project. It is too earl y to make any assu mptions about the
architecture and des ign of the application .
BIBLIOGRAPHY
1 8cllagio, David, and T Mliligon. "Softwa re Co nRguratlon Management Strategies Jond IBM Rational C lea rnsC' A Practical
Introductio n,· IBM Prcss/PcMson pic, 2005, p 7
2 "IEEE Standard for Sortware Conflguralio n Manogcmcnt Plans: fill Srd 8 28 - 2005 . August 2005 .
3 "IEEE StJndard for Software RcvlC' ....·s and Audits," JEEE Std lo n - l OOS, August 1008
4 Ha~~, Anne M J, "ConMJlt'tJ llon Mand91'n1(r1' Prr"cipl,I and PractICc," Addlso n.Wesley, 2003, p. 25
S "Systems and so hwau: cn8tnt't'nn~-So ft''A'art' Ide cycle procc'ic;;cc;;,· IEEE Sid 1220 7·1008 Second edItion. January 2008 , p 69
6 Eclt psc, http}I""",,'W ecl Ipse 018 (acC('sscd AuA'U'i' 13, 2009 ]
7 Echpsc-. hup Jlwww eclipse org/eci lpsc/ [Jccc ..scd Augllst 13, 2009 )
principles of Software project
Management I: Organization,
Tools, and Risk Management
Figure 7.1 The context and learning goals for this chapter
SoltlDa" project ""'H"9c""Ht is the process of planni ng . organIzing. and monlto nng the development of a
oftware prOject from its Inception to its completion . It incorporates a set of tool s and technique practIced b
the person or people responsible for a project during every phase of develo pment. The person respon ible I
the proJcct ",aHa9" (a tenn usually u cd for larger projects) or tca", lcad" (a tcnn typically u cd for smalkr
PRINCIPLES OF PROJECT MANAGEMENT I: ORGANIZAnON, TOOLS, AND RISK MANAGEMENT 141
• It.s hard to coordinate the many requirements , the design elements corresponding to each requirement ,
and the correspondi ng code.
• It is not easy to maintain constructive interpersonal team dynamics . Time pressures cause stress, and [earn
members have differing opi nions.
projects or teams). Sometimes the perso n responsible is called the project manager and has o ne or more
subordinate team leaders. In all cases, these people practice project management. C ritical to the success of a
project is the organization of the project team . Many different organizational structures are possible . each
with a set of strengths and weaknesses.
It is very difficult to deliver a quality, full y accepted softwa re application o n time and within budget.
Figure 7.2 gives some of the main reasons . Software project management addresses these issues by
incorporating a range of activities and structure into a project , including project orga nizati on, {ools, and
support, management of project risks, project estimation and scheduling, project docume ntatio n and
tracking. These are summarized in Figure 7.3 and explained in this chapter.
• Organization
o How is the project team structured?
• RJsk Management
o H ow arc risks to the project's success identified and mitigated ?
• Estimation
o How long will the projec t take to o mplete and how many resources are reqUIred ?
• Scheduling
o What are the different parts of the project , in what order will the y be completed , ,nd who will work
on each part]
T he rest ot Ih" ch"p ter foeu,,,s o n the o rga nizatio nal stru ture" too ls, and rISk management that
support proJ Ct managc ment T he next hapt er, whl~h ompletes our d,scuS<lOn o( prOject managcment
pri nCiple" cover meth ods that an be employed, Includln~ cst unatlon , sc hedu llnl(, and planning
The way," whic h a compan y is o rga nized has a direct bearing on how proJeu, are executed, Some
ompanlcs rganlze around th c lf proJec ts. In these companu.:s pro)cl.l managers have t(rcat autonomy, with
team member di rec tl y reporti ng to tht'm. O ther o mpanie orga",ze arou nd functional areas such as
devci o pment, marke ting, fi nance , and so on , givi ng projec t manage rs respo n ibility for monitoring and
reporting o n proje t progress. O ther compan ies empl oy an organization that mixes both of these In ge neral,
there are three type of orga niza ti o nal Slnl c turc : projtCf-orjwttd, j 'Hlcliotl -oriw ttd , and m(lfrtx . W e examine each of
these," the ect lo n that (ollow.
In projecl-orien ted organiza tions , personne l arc o rga nized around the projects of t he compa ny. When a new
projec t is initia ted, a project manager is assigned to head up the projecl. O ne o( their first tasks is (orm ing the
team , whi ch is made up of new hires or people who are finishing o ther prOJects. The project team comprises
people from multiple functional area such as marketing, fi nance, development, and so o n. Team members
report to the project manager, who is thei r ult imate boss. They are attached in all ways to a parti cular project,
and have no o rganizational affilia tion with peo ple o n other projects . This type o( o rganization is illustrated in
Figu re 7.4.
The principal rca on to o rganize around projects is to develo p loyalty to the project rather than to the
functiona l manager [ I]. Since employees are dedica ted to a si nglc project, they can focus their ti me and
energy o n that project. Th is increases the predi ctability o( sc hedul es as there IS less chance of team membe rs
spending unschedul ed time o n other projects. H owever, th is type of o rganization has the potential
disadvantage of isolat ing engi neers professio nally and redUCi ng the amount o( reu e and profeSSional
stimulatio n between projects as a resu lt o f this isolat io n.
Senior
Manager
President
F","ction-orirnttd organizntiolls arc a very common type of structure. A compa ny is organ ized IntO groups based on
their fu nctions , such as marketing, Anance, development , QA , and so o n. Th is type of structure is dlus trated in
Figure 7.5 .
In this form , functional orga nizations have projects, but the scope of their prOjects IS lim ited to the
boundaries of ,heir group responsibilities. As an example, if a software functional group is working o n the user
interface (UJ ) software of a larger software product , only the UI software being developed is considered the
current project fo r that group.
Functional managers in this kind of organization act a project managers. re pon ible for the" projects
as well as the hiring, Aring, a nd salaty of their team members. Managers may be responsIble for multiple
projects. TI,is structure has the advantage of clear and responsible decision· makin g c hannels However,
because managers arc responsible for multiple projects , their knowledge of proje ts is nece sari ly limited by
their available time. In addition , they must wei gh carefully the needs of each and e nsure that they don't favor
one over the other. If one of their projects is falling behind schedule, for example , they may shift personnel
from another project to the lagging project . ThIs may cause a delay," the other project.
7 _1 ,3 Matrix Organization
A-latrix organization, are a c ro s between project - and function -oriented organizations. They try to gain the
advantages of both project-onented and function -oriented organizatIOns. In a matrix orga nizatio n, employ -
ees belong to a functional g roup (e.g ., marketing, engineering ) but arc loa ned to projects based o n the"
expertise_Thus, a software eng,"eer's supervisor- who" responsible for evaluating that person-would be a
member of the softwa re engIneering fun tlonal unit . Within ea h project o n which the person is ,,'orking,
howl>ve r, he or she would be supervI sed by a project leader Eng,"cers arc u uall y In vo lve d o n a regular baSIS
with one project, sometimes two, but ~e ld om mo re.
FIgure 7_6 illustrall><; the reponing srru lure of a matfl x organlzatron In lh" .tm lUre, a prOject manager"
aSSIgned to each project For example, Oscar Man IS' mcmber of the marke ting depanment alld a<signed to the
airline r=rvati on proJec t, headed by Al PruItt For all proJe t-related aCtiVItieS, Oo;car repom directly 10 I
144 CHAPTER 7 PRINCIPLES OF SOFlWARE PROJECT MANAGEMENT I: ORGANIZATION, TOOLS. AND RISK MANAGEMENT
Project
--
v
c:
Pitt, mgr) Full time
::>
Ll-.
Engineering Hal Egberts Ben Ehrlich Mary Len Engels
dept Ooe • • • ••• . , . ." Ericson • •• •••
However, Oscar's boss is Julia Pill , a manager in the marketi ng department. Julia would consult with AI when
doing performance apprai sals.
An advantage to this approac h is that project managers maintain focus and have responsibility for the
success of the .. projects . Functional managers are focused o n the content of their functional area and can
more easi ly coo rdinate the efforts of their g roup members, some of whom may work on multiple projects For
example . the software manager of a database group might recogn ize that multiple projects have similar
requirements for accessi ng a database . The manager can coordi nate a software design that is ge neral enough
to be used by multiple projects. We will consider team size next.
Agile teams consist of technacal people. The .. principal no ntechnical contact is with the customer. Stili,
function s of the kind mentioned above conti nue to be required. An example is Anance . Every o rganization
needs to understand the costs and benents of projects. Agile teams become adept at estimation , and so nnance
people-who are not part of the agile team itself-have good shon ·term data and forecasts but are required
to be agi le as well. This is because agi le teams are not plan -driven . n,e upshot is that the nontechnical people
must base their work on good but relatively short-term data.. They perform their work by interacting with the
customer and WIth the development team .
To be precise, a "team" is a group of people who work closely together on a daily basis. One mIght imagin~
that the appropriate size of a team depends strongly o~ the size of the application (large team for large
applications, etc.) but th IS is not so . Large teams (not necessarily groups-keep the deRnitoon of "team' in
mind) have the advantage of div iding the work Into many pans but the disadvantage of communication lhat i
TEAM SIZE 1U
I
Effectiveness
per developer Developer communicales
regularly with 11 people.
Developer
.r~- communicates
O~-- regularly with no one.
3 7
I I
Number of people with whom
developer must interact frequently
Key: 0; engineer
f"tgUre 7.7 Options for team size showing extremes
time-consuming and error-prone. A significant aspect of such communication is the need for tea m members
to explain what they are doing. Having to keep forty people up-to -date on a daily basis , for example, requires
a lot of meeting time. In his ciassic work , Th, Mylhical MnH -MoHth [2]. Fred Brooks pomted out that adding
!><,ople to a failing project invariably makes mailers worst . In other words, for many projects the disadva ntage
of increased communication channels, which are panicularly heavy during the learning process of new team
members, may often outweigh the advantage of divisio n-of- Iabor.
What is the optimal size of a team ? This is a mattcr of trading off the benefit of haVing many helping
hands against the cost of communication among them . The optimal size depends on the nature of the projec t,
Routine projects can usually benent from larger team sizes because a lot is understood about what each person
should do. Let's consider extremes for a typical project, shown In Figure 7.7. The vertical axi reAccts the
effectiveness per developer.
Experience of the authors and others shows that the number of develop,:rs with whom each developer needs
to interaa on a regular basis should normally be between three and seven. (Humphrey (3) suggt'Sts four to elght.).
Formal studies on the effect of team size on performance are rare. At one extreme shown in Figure 7.7, the developer
works without interactmg regularly with anyone on an individual basis. Although no time i spent on
communication, such isolation typically results In misunderstandin!." of what is required of that developer, leading
to a relatively low level of effectiveness. At the other extreme, the developer has to intern t regularly with so many
tndiv,duals that there is not enough time left to perform development itself, again resultinG in relative
ineffectiveness. In panicular, true "regular communication" could entail speaking with someone for an average
of approximately two hours a week_ If an engincer were In regular communtcation with ten others, then fully one
half of his time would be spent communicating, leavmg only half of the week for hIS tndivldual contnblItion. Project
organizers, whether planning twenty -person or hundred-person projects, have to a count for thiS. Figure 7.8
Illustrates these potnts as follows. If you pick a team size such as three and draw a venicalline, it into,..;e ts the
blue area between two values of 'effectiveness per developer ' TI,e inexactn""s of this measure leads us to talk in
telms of ranges rather than absolutes. We arC interested in picking a team ,izc that yields the most effiCIent work on
a per-developer basis. Figure 7.8 shows this occumnlj between team siz"" of about three and seVen
As the number of participants in a prole t grow>, an orilanlzation where everyone is a peer b<:comc -
ImposSible to usc because thft number of commu nica tio n llilk (between all of the pairs) grow . With the square
of the number of panicipants Three people entail three Itne, of o",munl 3tion, four pt'oplc cntatl ix, nyC
people ten, six pee. pic fifteen . " people rcqlttre (II - I) + (II - 2) + ... + I = II (/I - 1)12 hnes of Olnrllun lcat lon .
This grows With the square of H ne hundred people would have til participate rCHttlorly In 4,950 lines 11
communlcationl One alternative for laflje pro, e~t' 1< the orga nizotilln ,huwn til l' lgttrc 7 _, In whic h peN
146 CHAPTER 7 PRI NCIPLES OF SOFTWARE PROJECT MANAGEMENT I' ORGANIZATION, TOOLS. AND RISK MANAGEMENT
r Dovoloper communlcalos
Ellectiveness regularly with 11 people.
per developer Approxlmat"
optimal ra ng" Communlca llon lime
outweighs /)Onefils 01
Interaction.
Developer communlcales
regularly wllh no one.
" No communlcallonllme is
lost. bul developer is too
Isolated and has no help. ,•
7
Team of leaders
groups remain small , and one member of each group is deSignated the communicator with the other peer
groups . This type of organization tries to preserve the benefits of small teams. but it harnesses the large
number of people to bui ld a large application . Note that team leaders have double the amount of
communication rime than non · team leaders.
Independent of whether a team IS project-oriented , fun ction -oriented, or m.trixed, team members maY be
either collocated or geographically distributed . The latter prese nt a unique et of challenge
Managers naturally try to make usc of worldwide programming talent to optimize costs and improve
quality , a process sometimes called oifsbonn9 . The Internet and collaboratIon tool have mad .. offshonng
increasingly practical. n,e
per-hour costS of remOle progra mmers are traded off against the ommunlcation
GEOGRAPHICAllY DISTRIBUTED DEVELOPMEHT 1. 7
• me ofR e arca
+ ideal for group commun Ica tIon
- labor rates suboptl1nal
problems incurred by physica l remoteness . TIlls trade ·ofl depends large ly o n the degree of need for continual
interaction wIth the customer. Options lor remote tcams are illustrated in Figure 7 10.
Bob Schudy , a colleague 01 the authors who has extcn ive experien e wIth offshon,,!:, lists its
advantages,
Costs 01 OHahorlng
Benefits 01 OflshQriog ® Communications hampered
@ Lower oltshore labor rales ® Cultural dilteronces
© Work continues during U,S. ® Increased projecl
night time management coslS
o rne of the trade -o ffs that arc accounted for in deciding whether and how muc h to offshore are shown
in Figure 7 I t _
Figure 7 , IllS an e xample of how a project can be distributed among "ncar-shore" (same country; remote
locatio n ) a nd offs ho re , Fi gu re 7 . 13 shows how tasks coul d be allocated in a distributed development project _
The particular allocations are shown as exa mples o nl y, and were quoted by a group at IB M _
IBM lis ts the methods in Figures 7 14, 7, t5. and 7, 16 for dealing with distributed development The word
· reqUlrements" in the Rgure refer; to what is needed about the process, not the reqUirements of anyone application_
CDD stands for geographically distributed development. UML is a deSign notatio n covered in this book.
--.,
!{l -.,'"
.-5
'0
--., -.,
---!:!.'" --
'-'
~ <:
c
'-'
E
<:
<:
<:
E
<:
--!{l'"
=>
'" --
,0
-
'-' 0
8.
E
>.
-.,c-
0 -g
--
'"
~ 0
<:
0
u => .,
c 't::
w- e. U
0
0 -
0
a..
Figure 7 .12 Example of how tasks can be allocated In a distributed development project .
Souru 18M, c.opyr18t't (j ;l lntcmallonal BuSiness MacJllnos COrporation, rtPrInted WIth pOfmlSSlOr\, httDJlwww3 software ibm comlibn'd,./'plltl,~~'¥'"
weblgvkleslGC34 2500 00 IXl'
GEOGRAPHICALLY DISTRIBUTED DEVELOPMENT 1_9
- - ---~~-~ --
REQUIREMENTS IBM RESPONSE
United leams despite • Enable brow<er-based access to Ihe same knowledge base for all teams
diverse languages and • Provide easy access 10 guidelines, template and tool mentors based on
cultures underl yi ng best practices
• Visually communica te discipline workAow and interactions wilh the Unined
Modeling Language (U ML)
Reduc tio n in work • Imple me nt a fTamework based on core process workflows fro m business
transfer issues modeling through deployment
• Use a phased approach to software development that detads execution for
each disci pline
Easy-to-navlgate pro · • Jump-slart planning and gel new team members up to speed fast with
cess that is not over· knowledge assets and guidance
whelming for users • All ow users to create personal process views that are central to individual
needs
• Provide intuitive naVIgation wi th a browser- based interface
Demonstrated progress • Track metrics th roug h out the project life cycle
toward expected return • Report on variance measurements and adjust process to ach,eve desired results
on investment for CDD • Track project progress and quality through quantitative analysis
projects
AbIlity to assess and • Maintain a broad and deep understanding of an organization's capacity, skills
manage distributed re- inventory, total workload and resource de mand
sources efAc lcntly • Optimize ski ll usage with resource planning to align mission-cntical resources
with h,gh-priority projec3
I cmo nstrated proBreSs o Track metncs throughout the projecl life Lycle
tow."d expeLl<'d return o Report on vorian e measurements and adjust proc~s to achieve: dcsl~d ,eoul~
o n II, ,,'lInerll for ,I D
o Track project progres and quality through quantitative .oalysls
prOjects
Abrlity to assess and o Maintain a broad and deep understanding of an organiUltion's capaCity, skills
manage dr stributed rnventory, tOl.1 workload and resource demand
resources efAcrently o Optimize ski ll usage with resource plannrng to alrgn mission-critical resources
with high-priority projects
Scalable projec t o Centra lize sensitive schedu le, budget and resource data while allowing
management so lution secure, high -performance access anywhere in the world
o Implement native scheduling, resource loading and ·what-if" scenarios that avoid
performance issues by integrating with third·party scheduling products
Consistentl y executed • Capture and reuse successfu l GOD engagement models, work breakdown
processe structures and workAows to ensure execution against IT governance re-
quirements and best practices
• Enable reusable project templates and task guidance based on a proven
process, so teams never have to start planning from scratch
Accurately tracked • Accurately track labor expenses and budget for time and materials or fixed-
labor costs for in ·house bid resources
or external re ourers
- -
REQUIREMENTS IBM RESPONSE
Quick and easy Imple- • Facilitate discussions, set up chat rooms and combine team calendars with
mentati on to start col- ready-to-use templates
laboratin g in days, not • Leverage out-of-the box functionality that users can customize themselv~
mo nths
• Centralize installation on one server
Consolidated work arca • Create a centralized location to post and share project documents that can
where team s can more be viewed and modified by other team members
effectively com muni · • Share team member project calendars
care and co ll aborate on
• Track feedback from other team members
project issues
• Enable the creation of forums and partiCipation in threaded discussions
• Allow team members to share files in real time via Web conferencing
-
IBM RESPONSE
n demand omnlunl .
• Let users know which team members are available for collahoratlon through
carion optIons for di . IOregrated presence awareness
tributcd team mcmbe"
• PrOvide lOstant messaglOg fo r real . time, ~~on · to·person communication
Te.am s avoid reinventing procedures thar arc common to everal sohwan: devci opment proJects- O rgan iza .
tions create procedures or gUi delines in adva nce for tea ms to apply . \'(fans Humphrey's Tm., Soj,","" Proem '"
CTSP) [3] does this in a detailed manner. The TSP proVIdes gllidance to gTOUpS o n each of the prole t
development phases aftcr requirements analysis. Humphrey has reponed encollraglng re lilt in estabhshlng
matunty goa ls and procedures for software teamwork. The objective of [he T P are sho wn In Figures 7. 17
and 7. 18. Whether or not a team uses the TSP, much can be learned from It. TSP share, ,everal charactenstlcs
with agile teams, sllch as the autonomy of teams . TSP is heaVIl y metric·oriented , and alt houg h ag .!e me th ods
are not, they do take seri ousl y the velocIty measure.
The TSP's emphaSIS on team inillative and bottom -up interacllo n encourages an In r<'ased degree of
profe sionalism among so ftware eng inee r For exa mpl e, H umphrey Slates that it is unprofcs<1 o nal fo r
enginee~ to prOVIde management with sc hedules that ca nno t be accomplished , cvt'n ,,,he n requested to
do so. He counsels negotiation In such a sitllatl o n The phdosophy here IS sllll1lar to that for agdc project'
• cierate MM Improveme nt
• make /\'IM 5 "normal"
• · Provlde Improvement 8U1de llnes to hi gh-maturity organizations"
Professlo nalt sm, Humphrey reminds us, involves an oblt ga tio n to Serve society responsib ly, In addition to
serving employers Also nOleworthy is the TSP's emphaSIS o n " oaching" by managemen t external to the team.
Managemcrrl I expected not simply to give orders and specify deadl ines, but to provide guidance, tools, and
ot her required resources In this respect, TSP is beller able to handle teams with varyi ng degre'!s of experience
and kills. T Pi orga ni zed around Iterations of the waterfall sequence; It requires that the team "launch" each
iteration at a mee ting where a number of predeAncd Issues are addressed. Humphrey provid(~ numerous
detailed scripts and checkl ists to support the TSP. Figure 7. 19 su mmarizes these points regarding TSP
The phases can be iterated severa l limes, requiring several launches. Launch is lies to be settled are
shown in Figure 7.20.
Humphrey recommends that the items listed in Figure 7.21 be produced by each phase launch. Much of
thi is covered by procedures and IEEE documents discu"ed in this book .
Formal training for TSP is beyond the scope of a stude nt team working together during a softwa,e
engineering course . For exa mple, it requires t he already extensive Personal Software Process. The TSPi is
a sca led·dow n versio n of the TSP designed to At in an academic semester. The TSPi roles arc /tam ltadt!',
drutlopmt>llmaHagtr. pla""",g maHagtr, quality/proem ",."ag" , and support "'all.g". In the TSPi the "support manager
is responsib le for obtailling and 'upplying all the tools and environments, such as compiler., fo r ~xample.
Humphrey describes a spcciRc emester.long schedule for the TSPi , consisting of three it~rations ( h~
ca ll s them "cycles") as hown in Figure 7.22 .
The Idea of this schedule template is that data obtained from each cycle is used to estimate the metncs
for the next cycle. Cycle 1 is comparatively long because it includes the team's first progression through th~
stages. It is intended to be a "minimal function workin!: subset of the final product." Cycle 3 is long enough to
• Team initiative
o Process to be u cd
o QuaillY goal
o Manner 01 tracking quahty goa l
DHow tca m WIll make decision s
o What to do if qua lity goals no t aHai ned
o Fallback posHio ns
o What to do if plan no t approved
o fallback positio ns
o Define team ro les
o As isn tcam roles
wrap up the job completely n, is Icaves a reiallvel y sho rt m,ddle cycle "Strategy" (phase t 01 an Ileralion ,n
Figure 7.22 ) rerers to the overa ll way in wh"ICh th e team wdl go about budding Ihe cycle ,n ques ti on Th"
requires a hi gh.levei discussio n 01 the requirements, a conceptual design, and an overall assembly plan For the
components. The results are then made into the concre te plan (phase 2), the wnllen reqUirements (phase 3 ),
and so on .
Projec t manage rs and teams use a variety of 100is and techlll Q.ue to manage a soFtware proJect, such as A E
tools, budd vs. buy decisions, language selectio n, deC ISion making w,th t"age , and the u e of project
variables . Each is described In the sections that loll ow.
1 1 1 1 1 1
Week -- -
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
Milestones
Cycle 1 launch
• Cycle 2 launch
Delivery
•
<dele 3 launch
I
1. Stralegy
2. Plan
3. Requiremenls
Iteration 1 4. Design
5. Implemenlalien
6. Tesl
7. PeSlmenem
A numbe r of vendors e ll lools and e nviro nm e nts for he lping e ngi neers to devel op software applications
These arc so me lim es referred to as computer·aided software engineering (CASE) loo ls, and o metlmcs as
"integrated loo ls " to.·lany are packaged with o r connected wi th de velo pmenl environments such as Microsoft's
VI ual Stud io Th ey ma y also be a coll ec li o n of tools obta ine d fro m unre lated ou rce Figure 7 23 lists some
pos ible lools. They Include scheduli ng loo ls sllc h as M icrosoft Project . co nfigurat io n manage ment tools
such as Sou rce Forge or C VS, requiremenl< manage ment lools uch as Rat io nal' Re qlllsitePro. design
representation . t)' plca ll y With U ML too ls such a Borland' T ogether, code- budding tools like Am , and
tesling Sllpport lOols sllch as Ralio nal's T estMa nager. Large projecls Si mpl y ca nnot be managed with out at
leasl some of these co mpone nt ; In particular, configura tion manage ment too ls arc indispensable
• • • chedulin g
• • • Managing requirements
• • • Code build
Figure 7.24 Example of build vs. buy decision making for a video game graphics engine
Tools and applications Ihal promise to help or form Ihe basi. for new applicalion are often available For
example, in planning for a Web ·based auclion app lication , we would compare the purchase of ready ·made
auction software with developing our own app licalion fTOm scralch Typicall y, we delay thcse deci ions untd
the requirements are known, bUI they arc discussed here si nce Ihey are a part of proje I management
A rational manner for approaching Ihis kind of decision is 10 make a IIsl of expenses and to eSllnlale the
magnitude of each alternative. An example is shown in Figure 7.24 , ",hich iiiustraies the decislon ·making
process concerning the purchase of Ihe (hypothetical ) Ajax graphics sofrware thai would help us enhance Ihe
graphics of our video game.
Figure 7.24 reduce'S [he decision to a comparison of numbers, which is a common way of deciding among
altemarives. In other words, II computes the bottom line wllh and withoul purchasing Apx' sofrware. It breaks oul
the relevant desired graphics features and estimates Ihe co I of cacho Ajax Implement> Feanlre I. firsl.person
perspective, completely (i .e , conlinually d, plays Ihe view of Ihe scenc fTOm Ihe player's perspectIve). On Ihe Ofher
hand, Ajax does nOI do a complele Job of handling 3·D (Feature 2), so we WIll have to pro&""m 10 compensate for
Ihis. Finally, we need light rcnrclion (Feature 3), where the scene gives Ihe impression of a lIght sOllrce shinIng onlo
ilfrom a si ngle direction. Ajax helps here, but we will have 10 perfoml considerable programming to make II work
The ",ble in Figure 7.24 could be an appendix to Ihe projcci plan or Ihe Software Design Document. A more
realistic version of the lable would com l>are Ihe com on a muillycar ba IS, and wou ld In lude mainltnan e
expenses. The more features we are reqUired to implemenl ourselves, the less attracllve Ihe purchase
Many deciSIon ca n be framed in a cost compamon form like tillS Mamlalning a wnllen re ord of
deciSIons such as quanlilative budd -or· buy trade·offs helps In commlllll aling Ihesc decI> lons to Ihe learn and
oth~rs . The form can be refined and updaled as more mforma lio n becomes known , and II aIds postmortem
and pfocess Improvemenl.
Iknefl! of Bencftt of
Weight Language 1 una....' 1
Factor (t - / 0) 1 10 10 = besl I to 10 = bHt
Internet -friendly ) 8 2
-
Familiarity to deve! - 3 9
ormcnt tea m
-8
Compilatio n speed s- 2 8
Runtime speed o n ,- 7 3
processo r p
Score -3 .. 8 + -8 .. 3 + -5 • 2+ -3 * 2 + -8 .. 9 + -5 * 8+
-1 * 7 = 65 1*3 = 121
- --
Figure 7.25 Example of method for deciding language choice
requirement . Sometimes, however, the implementation must be chosen from several alternallves. A common
wa y to deCide among alternative is to first list the factors involved , and then to give factor each a weight
(measure of 'Illponance). After that , each alternative I scored relative to each factor Calculations are then
made that produce a total score for each alternative. Figur~ 7.25 shows examples of factors and weights that
could enter onto suc h a de termination . The weig hts are faclOrs in arriving at the botlOm line . For example, the
score fo r language I is 1. * 8 + J! .. 3 + .2. • 2 + ! .. 7 (weights underlined ).
Dec' sion -making tab les such as this arc no t subs titutes for mabn g judg me nts, they merely decompose
large deCISions (e g., wh at langua ge 10 c hoose) into smalle r o nes (e .g ., Java is mo re Web-friendly than C + +).
Suc h decompositio ns provide mo rc s tabili ty , but th e conclusions that they provide are se nsitive to the
weighting c hose n, the factors selec ted, and th e judgments made . Their results should be compared wi th
commo n se n e co nclusio ns.
Execu ting projects is frequently an overwhelmin g experience . For example , a "to do" list of wants and needs
accumulates qUickly, g rows during the project more tha n it shrinks, a nd can easi ly induce a feeling of futility.
The natural way to deal wi th this is to prioritize. A complete prioritization is frequently overwhelmed by
events, h owever. For exa mple, if we have a list of 100 things to do , a nd time for probably only 20 of them,
then It is a wa te of time to meticulously order all 100. Triag, can be useful for situations like this.
Instead of a le ngth y decision process, triage requires o ne to make no more tha n two decisions about
each item , as shown on Figure 7.26. O nce this has been performed, items from the "do at once" category a~
If so, place it in
Pia e in category
Number of ....eks
before del/very Schedule
Quality Defect count
Number of
Cost Number of engineers
requirements Functionality o
carried out unt il they are e xhauste d (if eve r). and the n we move o n to the middle list, and so o n. When
necessary , items can be prioritized with in their category. The benefit of this is that little time is wasted In
splitting hairs o r wonderi ng about the exact o rder of ac tio ns that wi ll never be performed . As reported in
Bu,i"ts' W"k (4), for example, triage teams were used by Microsoft in combing through bug reports durin g the
debugging of Windows™ 2000.
Next , we consider what rools the project manager has at h and to steer his o r her prOject to success.
To achieve project objectives, the project leader has fo ur va riables that conceivably can be manipulated.: co,t,
schdul" q"ality. andju"ctio"ality. As Figure 7 .27 suggests, this is something of a balanCing act, because there are
man y trade·offs among these four attributes .
For example, if the project leade r is asked to spend less time producing the application (affecting
sch,dul, ), he or she has to negotiate for reduced requirements (affecting j,,"cllo"ality ), Increased defect
expectations (affecting quality ), or inc reased labor (affecting co,t; assum ing that mo re people ca n be used
effectively) in order to offset the reduced time.
Project management deals constantly with trade ·offs among these va riables. T o make the best decisions,
we quantify these trade·offs whenever we ca n. One wa y to VISualize them is by means of a "bulls ·eye" di agra m,
suggested for this purpose by Humphrey. In a bulls·eye dia gra m, each of the va riables IS plotted by means of
an axis originating at the cente r. This is s hown for the cost parameter in Fi gure 7 .28 .
The axes are drawn symm e tric all y re lative to each o ther. In the bull s·eye d,a gram shown in Figure 7.29,
there are four variables , so that they form 90· deg ree angles.
Parameter:
Projected cost (S)
Unfavorable
Favorable
,
ProJocted cost
($)
Taraet: 100% ... ' ...... - Tarael: $70K
\ ...,\
Pro1ected , Projected
I > '-00%
(unct/onallty - - - ~S=8'itl;::'SIif.led5-+---~,..-- schedule
( % requirements (fatal weeks to
saUsfied) ,.,.. _.., comp/ele)
'.'.
\•
Taraet: 4 defectsIKloc ... .................... . Targel: 30 wl<s
Projected quality
(de/eel densllyj
I
Figure 7.29 Bulls·eye framework example for project variables
The va ria bles h ave to be arran ged so that o n eac h of th ese axes, th e origill is th e most favorablt va lue, and
th e ta rget va lue , m ark ed o n eac h axis th e same di sta nce fro m the o rigi n, fo rm ing a quad ri latera l. (If there
we re five va ria bles, they wo uld fo rm a regular pe ntago n, etc. ) Fo r example, o n the "projec te d functio nality'
ax is, th e o rigi n de notes "man y mo re than the deSignated requirem e nts sa t,sfied ," while the unit mark
represents " I 00% of the re qu ire ments sati sfied ." TI,e actual values co uld lie o utsid e the po lygon if they exceed
goa ls, as shown in Figure 7.30 .
The status o f a project can be visualized using the solid po lygon o bta ined by joining the values on the
axes and fi lling ,n the res ulting polygo n. The m o re the resulting po lygo n li es within the Origi nal regular
polygo n , the he alth,e r th e projec t . The example project sh o wn in Fi gu re 7 .30 f<lll s sh o rt o n two o f th e vanables
but pe rfo rms we ll fo r th e o the r two. Th is visualizati o n helps a project manager to alter prio rit ies and achieve
goa ls In an cve n manne r. Fo r cxampl e, the leader o f the project re presented in the figu re sho uld cut costs and
push fo r a n inc rease in func tio nal ity, even if !h is results in hig her defect rat es and lo nge r project duratio n .
•
Projected cost
Taraet100%
--- -----
,
Acblfl: •
• Tal!!8\:
Aaa/: --- ,,
1.5
, 30 wI<s
•,
--- AIifwI:
20 . .
qu.llty
Organizational
I . The team may not have the reqUired Java skills to exccute the job on time because several of them
have no t used Java in a bus: ness environment.
2 . We ma y lose a team me mbe r.
Technical
3. An off-the-shelf database mana ge ment system may not be versatil e e nough to cover the types of
operations required of a vIdeo store.
4. We Intend to u e Web services, but no o ne in the team has used these before.
All projects invo lve a degree of risk. These arc issues that ca n potentially cause problems such as a delay of the
schedule o r increased project costs. Figure 7.3\ shows some risks from the video store example.
We try to confront risks as soo n as possible rather than waiting fo r them to confront us in the proces of
build ing the application . Th is is ca lled risk maun9"",,, I. and it consists of the activities in Figure 7 32 .
Perhaps the hardest part of risk manageme nt is iden ti Rcatio n , because it requires imagining parts of the
process that may not seem at first to harbor a ny risks. Once a risk is identified, it is important and vety useful
to express the risk with as much precision as possible . For examp le, "a team member may get sick" is too vague
a descriptio n. Much bette r would be "sick ti me will exceed the company norm by 50% due to an unu ual
number of youn g parents in the team ."
Figure 7 .33 illustrates a way to thinking about ri sks, It shows two obstacles to a project .
We ge nera l.ly dea l with risks wi th o ne of two di fferen t stra tegies. They arc cOllq.usl (such a building a
traffic ligh t at the roa d ) or nuoida"" (e.g ., routing the path around the h ouse). These two strategies arc
Illustrated in Figure 7 .34 .
Teams develop a plan to address eac h risk and assig n an individual who sees 10 it that the plan is carried
out. The c halle nge here is to develop a concrete plan and avoid ge neral statem e nts such as "we will alil ea m
Java: For exa mple , we ca n address the "inadequate Java ski lls" risk mentio ned in Figure 7.3 \ by conquest :
'Tom , Sue, a nd Jack wi ll pass level 2 Java cert inca tion by Dece mber 4 by attending a Super Education Serv.ces
I. Identify risks by imagini ng all worst -c ase sce narios: lasts for approxi matciy Am thtrd of project.
2. Analyze each risk to understand it potential impact on the project.
3. Typically too man y risks give n time . H e nce , prioritize .dentiAed risks lO e nable foc u on most enou .
4. In dealing with each risk, c hoos< to conquer or avoid it. Co nquering 0 risk mea n In vesti ga ting it and
takIng action so thac the eve nt docs not mate rialize Avo ldin\;\ mea ns c h angi ng plans so that the I sue
never occurs.
Intermed iate Java cour ·e." Alterna ti vely, the risk can be retired by avo idance: "Use C ++ instead of Java"
(assuming that the team is skilled In C+ +). A reti rement strategy for the "Web services know ledge immature'
risk IS to set up a couple of sa mple Web services and write access code for key Video store functions that use
them . If the resu lts are satisfactory, we will have empl oyed risk reti rement by conquest.
Table 7. 1 illustrate o ne way to perrOm) risk prioritization . First , the risks the mselves shou ld be
deSCribed fully . The priority de pends o n fac to rs such as the likelih ood of the risk and the seriousness of its
impact on the project. A h,gh,prlorit y task has a low.pri ority ",,,.lur because people usually rerer to their
"highest priOrity" a priority number I The more expe nsive it is to deal with a risk. the lower its priority. In
particular, when managing a risk becomes a very large amou nt of work, we may be better off not working on it
2. Retirement by
avoidance
Risk 1
1. Retirement by
conquest
Estimated
likelihood of Estimated Estimated cost priority number
occurring (L : l · l0 impact (1:1· 10 of managing (lowest number Target
with 1 low est with 1 lowest (M: l-l0 with 1 handled first) Retirement Responsible completlon
No. Title IIke-lihood) Impact) lowest cost) (11 - L) . (1, - n . M plan person date
1 Insufficient Java 8 9 9 3 . 2 . 9 = 54 See note 3 Jared 10/ 15
skills: See note 1
• • •
'"-
V>
"
3:
i
m
3:
m
!i
......
...
162 CHAPTER 7 PRINCIPLES OF SOFTWARE PROJECT MANAGEMENT I; ORGANIZATION. TOOLS, AND RISK MANAGEMENT
In ad an ~ at all, but simpl y dealing wllh the ,,'ue In volved when It aCluaJl y arlS", I or exa mple. If the o nly
wa to anticipate a mk "to Om li1J t an expen Ive Imulatlo n, thell we may simply have to acce pt the risk
Note I 11,c n<k I< that the team docs nOt ha ve enoullh <kdl,n java to handle th programming reqUired
by thi s proJe I wllllin the time reqUIred
Note 2. The rI k I that altho ug h Web ervlce: le:chno l08Y b a good ~ h oicc . technica ll y ~ peak inR . It "
ne,,, to the industry at the time of thi S prOJect. and it, Imm atunty ma y c rca le dlff,cult, c<
Note 3. jen, Oscar, and All should pas level two java cc rtdi atl o n hy ctober 15 by attend ing an Ajax
Edu atl o n ervlces Int<mlcd,atc java o ur<e.
No te 4. jcn will msta Jl three \X-' cb servl es typi al of DVD Inventory manage ment, and run 1,000 tYPical
transac ti o n against these, gathering timing data .
N o t every risk can be dealt wllh earlier than it natural occurren e. T o take an ex treme: example , suppose
that the team ha a week to add slg niA,ant functionality to an app lica tio n 11,e goa l would be. Add the
capability to how future investment growth graphl ca Jl y for a Anancla l appltcat lo n. There is probably Intle to
be ga med from performing nsk analySiS and reti reme:nt m thiS case. Since the time frame is so short, the team's
time may be belter spe nt si mp ly sta rtmg the deSign at once. Doing so takes a chance, but the time requ ired for
risk analysis may not leave enough time to do the job.
This section describes how the student team o rganizes for the development task, prOVide a hypot het ical
account of interactions among students, and gUides students in producing a Software Project Management Plan.
Student teams are usually organized as peers. T o make pecr teams effective. the team leader encourages
consensus but keeps the chedule firmly in mind, making clear and timely deCisions when requi red. In ruden!
teams, team leaders tend to mtervene too "ttle. Meeting drag 00 unreaso nabl y in the quest for consensus or
agreement , and the team leader is not experienced enough to make a resoluti o n. Being Arm Without alienating
team members is a valuable skill. A ke y to this IS en uring that team members' opi nions are respected-
whether adopted o r not.
Fi gure 7.35 lists the steps for orga nizing a team . particularly a student team .
One effective management arrangement for a team is to pair up developers by haVIng them work
together some-or even all-of the time. The lalter is called pair programmi"g . Another way is to deSignate
team members as leads for the project phases with a backup for cach oT ypi ca ll y, the lead and the backup work
together, o r the backup serves as a continual in pector. ready to take over the lead role If necessary The
project arrangement shown in Figure 7.36 is deSigned to make each perso n the backup fo r the actiVity on
which his or her primary activity is dependent.
Once a projec t leader has settled the procedural aspect< of team organization . it IS time to consider what
really counts with team members: how they feel about what they are doing. If a person belongs to a motivated
and well -organized team . he will probably enJoy his work and the team wtll probably produ e a good
product. People are motivated when they are respected and arc engaged in an activity that the feel ennch
them . Part of each member's Job is to create those conditions for himself and others The project leader
creates a well -organized project by settmg schedules and limits, with the team' as=ment. In partl ular.
when it comes to meetings the issues In Figure 7.37 can be u<cful
In the case of srudent team • """"" cOIII"bulloll i often a major pI' blem . some team members ma ' fed
that a member is not contributing enough. A team member who fecls this way ,hould di us< the I ue With
the project leader If there IS genera l agreement about this , thc prole I leader hould s!><,ak privately to the
STUDENT TEAM GUIDANCE: ORGANIZING THE SOFlWARE PROJECT'S MANAGEMENT 163
individual. If no significant change is observed in that person's behavior after about a week, the proJect leader
should confirm th ~ team's concern and th en di scuss th e issue with the instructor. Instruc tors will either
remove the individual from the team or discuss wa ys to app o rti on credit accordingl y.
One activity regularly requircd of project managers is to hold meetings. Figure 7 38 lists som e good mee tin g
practices from which all team members can benefit.
The ite m s marked with a si ng le asrensk sho uld be perfo rmed before the meetIn g . Since gro ups are
not particularly good at c reatin g artifacts from sc ratch (especially designs ). it is far better for someo ne
to bring to the meetin g a tentative ("straw · man") ve rsio n of the artifact to form the ba sis fo r di scussi on .
For example , the design leader brings a t<ntative desi g n . or the team leader brings a :cntative work
breakdown . The version shoul d not be overly speCific, becau e th e re must be plenty of roo m for input
by the members.
Team leader
Configuration management leader
Ouality assurance leader
backs Requirements management leader
up ...
Design leader
ImplementaJlon leader
In ad an e at all , but '1"'1 Iy deallnll wIth the IS~ue involv d when It a tuall y aro \e, I' or example, 01 the only
wa to antIcipate a ri>k i, to co n,lO~1 tan expemive ,imu lation , lhen we ma y ~ Impl y ha ve to aLeepl the r"k.
Note I The rosk 0< that the leam duc, nOt have enough ,k oll, n java 10 handle the programmIng requored
by tillS proJe t wIthin the lime requIred
N o te 2. TI,e ri k I that a lthoullh Web erv lce lechno lollY "a good ChOILl', tec hnIcally spcak,ng, It IS
new to the Industry at the tIme of thIS prolect , and ItS Immaturoty ma y reatc dolf'c ult,e,
N o te 3. jen, Os ar, an d Alf ho uld pa,s level twO java c<rtlfi atlon hy O c tober 15 by .nc ndong an Ajax
EducatI o n Services Inte rmed,ale java course
Note 4. jcn will install three Web services typical of DVD oowcnlory management , and run 1,000 tYPIcal
transactions agaInst these . gathero ng toonlng data .
Not every nsk ca n be dealt with ea rl ier than ItS natural occurrence To take an extreme example, suppose
thai the leam ha a week to add sIg ni fica nt functionality to an applicatIon . The goal would be. Add the
capability to sh ow future ooweStm e nt grow th graphIcally for a fi na nc Ial app l, ca ti on . There IS probably lIttle to
be gaoned from performong risk a nal ysis and r!:lorcment in this cascoSince the lOme frame is 0 short, the team's
time may be better spe nt SImply tarting the desig n at once. DOIng so lakes a c hance, but the tome required for
risk anal YS IS ma y no t leave enough time to do the job.
This section describes how the student team o rganizes for the development task, prOVIdes a hypothetic<ll
account of interactions among students, and guides students in producing a Software Project Management Plan .
Student teams are u uall y o rga nized as peers. T o make peer teams effective, the team leader encourages
consensus but keeps the sc hedule Rrmly in mind, making clear and timciy deciSIons when required . In tudent
teams, team leaders tend to intervene too little . Meetings drag o n unreaso nably in the quest fo r con ensus or
agreement, and the team leader i not expe rienced e noug h to make a resolutio n. BeIng Rrm without al,enating
team me mbers is a valuable skill. A key to thi s is e nsurong that team members' opi ni o n ane respected-
whether adopted or not.
Figure 7.35 lists the steps for o rga niZ Ing a team , partIcularly a student team .
One effective manageme nt arrangement for a tea011 IS to paor up developers by haVI ng them work
together some or even all of the time. The latter is ailed pnir progmml.i"9 . Anot her way is to designate
team me mbers as leads for the projec t phases with a backup for each . TypIcally, the lead and the ba kup work
togethe r, o r the backup se rves as a continual inspector, ready to take over the lead role If necessary. The
project arrangement shown in Figure 7.36 is desig ned to make each person the backup for the actIvity on
which hi s o r her primary activity is de pe ndent.
Once a project leader has settled the procedural aspects of team orga nization , it is time 10 con Ider what
really counts with team members, how they feci about what they arc doing If a person belong to a motivated
and well·organized team , he will probably enjoy his work and the team will probably produce a good
product. People arc motIvated when they arc respected and arc e ngaged In an activit that the ' feel enriches
them. Part of each member's Job is to create those conditions fo r hIm elf and others. The proJe t lead«
crcates a well ·orga nized project by sellIng schedules and limits, with thc Icam's agreement In partIcular,
when it o ones to mee tings the issues in Figure 737 ca n be usefu l
In the case of student leams, ""tv'" (o"'/lb""o" i, often . majOr problem · som~ team member> m3\' fc-el
that a member IS not contributing enough . A team member who feds th" wav ,hould dISCU<, the I su~ WIth
the project leader If there is ge ne ral agreement about tl"', the proje t leader ,hould spea ~ provatcl ' to the
STUDENT TEAM GUIDANCE: ORGANIZING THE SOFlWARE PROJEcrS MANAGEMENT '63
individual. If no significant change is o bserved in th at person's be hav,o r aft r about a week , the prOject leader
should confiml the team's co ncern a nd the n d,scuss the issue with the Instructo r Instructors will either
remove the Ind ivi dual fro m the team o r di cus ways to apportion cred it accordingl y
One activity re gularl y req uired of project mana gers is to hold meetings. Figure 7.38 list some good meeting
prac tices fro m which all tea m members ca n benefit.
The items marke d with a si ng le asteri sk sh ould be performed before the meeting. Ince groups are
not partic ul a rl y good at creating artifacts from sc ratch (e peCiafly designs ), it is far better for omeone
to bring to the meeting a tentative {"st raw . man"} versio n of the artifact to form th e basis for d iSCUSS io n.
For exa mple , th e d e ign leader brings a tentallve design , o r the team leader brin gs a tentative work
breakdown. The ve r ion s h ou ld no t be overly speCific , because there must be plenty of room for input
b y the me mbers.
Team leader
Configuration management leader
Quality assurance teader
backs
Requirements management leader
up .. ,
Design leader
ImplemenlaUon leader
• SCt lime limits (or meeting a a whole and for each a!le nda item . Allow exIra lc n or Aft.en mInutes for
unanll clpated Items.
• Insist o n o ne person speaking at a time . Listen to people, even if their idea seem ourrageous. (Probably
aren't )
Man meeting participants, but especially students, compla in that meetings last too long WIthout
acco mphshing e nough. \'(rhe n the approximate time fo r discussio ns is ag reed to in advance, however,
members tend to focus o n th e issues te be resolved, and meetings ca n be quite effective. Decid ing when to
all ow (urt he r discussion and whe n to break il o ff is a duly of Ihe learn leader. The keys to doing this are
whether the discu sion is productive, and whether lhe discussion of the present topic is preventing the
di scussio n of more impo rta nr o nes, g iven the time remaining. II is al so the leader's task to ensure that the
discu sion remallls focused and that a conclusion is reac hed. At times, the leader must step in and make a
decisio n, because co nsc n us is nOI always possible. The member recordin g ac tion items also records decisions
take n. Th,s should generall y be do ne 111 a crisp form-minutes are meant primarily to remind everyone of the
decisio ns made.
I. "DistrIbute Start time, e nd time, and agenda with approxi mate times.
o li st impo rtant items fi rst .
3. Slart o n time
4 . H ave somco ne record action items.t
6 . , 7., ... < more agenda items> (I nclude metrics and ['rocess improvement])
n Review acrion items 5 mUl
One good management practIce is to create and follow agendas for meetings. Some items, such as
concise status reviews, arc almost always appropriate. Risk retirement (cove red in Section 10.4 ) sho uld be a
mandatory agenda item at most meetings during the first third of the project. Metrics and process
improvement are sometimes appropriate topics. These are discussed after a phase has been completed,
not necessarily at every meeting. An examp le of a generic age nda is shown in Figure 7.39.
7,8 SUMMARY
Software project management is the process of planning, o rganizing , and mo nitonng the deve lopme nt of a
software project from inception to completion . A project is typically headed by a project manager, who IS
responsible for the daily project activities.
Companies can be organized in severa l different ways, each havin g an effect o n how a project team is
organized and run . In a projtct-arir>lttd organization , people arc organized around the projects of the compan y.
Every employee is assigned to a proJect, which is their primary focus. In aJ"ncilon-aritlltrd organizati o n, people
~long to a functional group such a.s marketing or sohwar-e development. Each functional gro up has its own
projects centered around their area of responsibility. Managers assume the ro le of project managers A mnlnx
organization is a cross between project· a nd function ·orien ted organizations. Employees belong to a
functional group (e .g ., marketing , engineering) and are loaned to projects based o n their cxpertise They
directly repon to their functional manager, who is responsible for directl y supervisi ng the m Thcy also
indirectly repon to the project manager, who IS respo nsible for the daily actiVIties of the project.
The size of a project team has a direct effect on the success of a project. Team that arc large ca n d ivide
tht work into manageable pans, However, large teams have the dIsadvantage of requiring communication
that IS time -consuming and error· prone_ Expenence shows that the optimal number of people WIth whom a
person needs to interact with o n a regular basis hould norma ll y be between three and eight.
Not all prOject tcams arc colloca ted W,th the advent of lIs'"g rem ote developers , project teams ma y be
split across conti nents Th, s is known as off hOrlng . There arc many advantages to u ing remote tcams, IIc h
as COSt savi ngs and the benefh of qu.),ty work . H owever, the re a rc di sadvanta ges to be over o me, slic h as time
zone differences, cu ltural differences, and potential communIcatio n ddn lIltles. Se tting lip reglliar fa <' · W·
lace m«tmgs and having strong o n 'Slte manageme nt arc key elements to mak,n g offshOring work .
Watts Humphrey's Ttam oJllQart Procm (TSP ) deAnes a <c t 01detail ed procedure< for buildln~ prOject
SM
tCams, establi5hing team /loal" and di stnbutlng ream ro les It c mphasiz.', team mitiatl ve and encourages an
166 CHAPTER 7 PRINCIPLES OF SOFlWARE PROJECT MANAGEMENT!. ORGANIZATION, TOOLS, AND RISK MANAGEMENT
in n:" , ed dcl!'"cc of rrofe",onall<11l among 'oftW"I'C enHineers . A.. an c~am pl , Humphrey stale. that It IS
lInprofes 'ional forengin ccrs 10 provi d~ managemenl wil h ,e hedul e.that ca nnot be accompl,shed , even when
,..,que,ted to do so.
ProJe t m""ager and team< carry Out many lask< a, part of Ihelr job, 'ncludlng project scheduling,
onhguration management , reqUirement< man.gement, drawIIlH de"gns, building code, and testing As mu,h
as po <oblc, the utilize auwlll.ted 1001, to .uppon their work n'e e tools arc someti mes ca lled computer·
aided software e nglnecnng ( A E) 1001s.
\'(then plannin g and developing an application, existing .oftware may be avadable that can form th~
ba IS for the ne\~ applica tion . In order to determine whether It makes se n e to budd from scratch or lev~rage
e istlng oftwa re, project teams make a rationa l de I<ion by compannl! the costs of ea.c h option .
Another decisio n to make I the usc of programming language. A decisIOn · making table helps to
dctennine the pros and cons of differenl language choices
Projectl11.nagers have severa l vanables at their disposal that are manipulated as they manage a project ,
0" , ,c/"d,.l" qualilY. andJ'lllcl,oual,ly . C hangi ng one va riable has a direct effcct on the others For e~ample , .
project manager may wanl to speed up a prOject by pull ing in th" compl etion date ( chedule). In that case,
one or morc of the o ther variables must be adjusted-you cannot pull in a schedule unless you change
somethlllg else. The manager must reduceJ,,"clio"al,ly , add resources (co I), or reduce qualify. Bulls·eye 6gur~
can be usefu l in visuali zi ng these va riables in a project and as an aid in seeing how each va flable affects the
others.
All projects co ntain some amount of ri,k, which arc issues that ca n potentially cause problems such as.
delay of the chedule or increased project costs. Risks are o f two basic ty pes. Orga"izalional risks are primarily
caused by peo ple's behaVior, such as resigning fro m the company. T«h",ral o nes are caused primarily by errors
III hardware or software. uch as a defect in a third ·paTry app lication. Early in a project risks are identified and
mitigation strategies created . Each risk is actively man aged througho ut the project.
7.9 EXERCISES
I. a. De cribe in your own wo rds the st.ructure of a project.based organization , and explain how it
promote the successfu l delivery of software.
b. Name twO lo ng· term disadvantages of a project-based o rga nization.
2. a. Describe in you r own words the structure of a function·based o rganization , and explain how
it promotes the successhtl ddivery of softwa re.
b. Name two lo ng. te rm disadvantages of a hillctlo n·based orga ni zation.
3. a. Describe in yo", own words the structu re of a matrix organization , and explain how it
promotes the successfu l delivery of software
b. Name two lo ng·tem, disadvantages of a matrix organization .
4. Write a paragraph explaining why adding people to a project docs not ne essaril Imp ro~
•
It
schedule and may worsen it .
5. Co nsider a project team you have been a m ~ mber of, either as part of a student leam Or in industry
De'cribe the o rga nization of Ihe tcam, and des ribe in sufAc ient detail two a peets th~t worked
well and two that did no t work well
6. Consider a softwa re prOjec t under devel op m ~ nt , with half of the e n 8 lnc~rs In one \lOle zone and
the o th er half in another time zone twelve hou rs away H ow would 011 recomm .. nd the pro)CCt
BIBUOGRAPHY 167
t~am be organized) Describe two challeng~ that need to be overcome due to the time.zone
difference.
7. a. Explain how a bulls·eye diagram can help visualize the progress of a software project.
b. Suppose you are managing a project that has the following goals,
·Cost: lOOK
· Schedule, 12 months
· Quality , 12 defeetslKloc
. Fun·e tionality, 90% requirements implemented
Draw a bull -· eye diagram that shows on ly one of these goals being met or exceeded.
8. Why plan for risk identiAcation and retirem ent when developing a project plan) In a paragraph or
two, answer thi s in your own words.
9. Describe a kind of project under which risk identiAeation and retircment would pro bably "01 pay
off. Explain.
10. Suppose that your team IS tasked to implement a system that provides Web· based books. l1,e
application is intended to execute on desktops, be downioadable, and be automallcally upgraded
over time via the Internet. You arc to assume the following ·
i. The team includes employees who are based at a new offshore Site.
ii . The application is to be rcady in a month .
iii . Preliminary plans call for a Java implementation on a PC model that is due 10 amve in two
weeks. No one in the team is ,.ell versed in Java . They all know C. + we ll.
You arc concerned about the risks associated with items (i) and (II i) above. Explain the kinds of
risks these are , your speCific responses, and the kind of soluti on YOll arc propo ing.
II. You have been tasked to build a ystem for managi ng online DVD rentals. Descri be four plausib le
risks and indicate how you would retire them. Be as concrete as possi ble in describi ng the ri sks
BIBUOGRAPHY
I Heldman, Kim. "PMP P'O)'C1 !vt4M#Cfflml Pro/mlo",,' Exam Sillily CIl/dr," SybexlWll t'y Publ lshlO~ Inc .. 2007 p. 17.
2 8rooh. Frederick P., '7bt My/b,eDI A-tan·M01'Irh Essays on SojlWilte Ett9,"cmn9. Altnll'crsary EJ,hon Addl;;on.\X!c<;ley . 1995
3 Humphrey , Walts S .. "1,.,,011111, 110" 10 ,bt Tcom Soilll'llft Proem (1lH Sfl Smd '" ojllN " E"9t"(m"'9'~" Addl ..on · \'(I~lcy, 1000, p 496
.. Iht' MOlht'r of All So hwilrc Pro,ec ls,· BIA.5i"lH \Vuk, Fc:bnlJry 22 . 1999
principles of Software project
Management II: Estimation,
Scheduling, and Planning
Figure 8.1 The context and learning goals for this chapter
This chapter explaIns the methods that prOject managers use to e timate the ost. of a prOject and way
to <chcdulc If It also explains how to wnre a project plan.
COST ESTIMATION 169
The proc:<:sS of esrimating project co (i.e., for Axed ca pabilitle , quality level , and schedule) often starts at
fS
the inception of a projcct and continues even after coding has begun . There are severa l speciAc techniques
used to estimare cost that are described in the following sections. Before doing so, however, let's examine
how plecise we can expect such estimates to be.
When a project is ini riated , the team ca n typicall y have o nl y a vague idea o f its cost. TI,e more we learn about
the requirements for the product and the more desig n we perforn1 , the more precise we ca n be about its cost.
This is illustrated in Figure 8.2. Since complete precision is a practical Impossibility in most cases, a range is a
good way to express projected cost. There is always a need to estimate a 'ball park range" from a summary
requiremenfs statement , hence the cost estimation following conceptualization shown in Figure 8.2.
Our assumption here is that the goa l consists of auaining a set of capabi lilles rather than starti ng With a
fixed amount and asking what capabilities ca n be implemented for that amo unt (a related but different
process).
The fourfold <sri mation error shown in Figure 8.2 is from a study reported by Boehm [ 11. For an
application that will eventuall y cost $ 100,000, for example, estimates made after the application's concept has
been developed can be as low as $25,000 and as high as $400,0001We use various techniques to sharpen our
esti mate of a project's cost as earl y as possible , which amounts to reducing the height of the vertical lines In
Figure 8.2. O nly at the latter e nd of implementation can we have complete confidence in our estimates. (The
estimates are far less useful at that time, h oweve r, si nce most of the fu nds will a lready ha ve been spen!!)
It puzzles some people that we ca n eve n begin to think about the costs of a project without detailed
requirement.s , but this is a common practice in o the r Acids. For exampl e, one can gain a ro ugh estimate of the
cost of building a h ouse without any desig n or detailed requirements. One can use rules of thumb such as
$4
Conceptual-
Ization $1 $3
phase $.25
_ _ Rough range 01 cost estimates
a ller requirements analysis
Requirements $1
$2
analysis
$1
I Design I
I Implementation
I lntegrationITeat I•
Fleure • .2 Range of error in estlmatlng costs narrows as the project progresses
170 CHAPTER 8 PRINCIPLES OF SOFTWARE PROJECT MANAGEMENT II: ESTIMATION, SCHEDUUNG, AND PLANNING
"" u,e, In th IS area O,t about $ 100 per "ll'are foo t to budd: dnd so J I ,C)OO. ,(]uare. foot house w.II c.ost about
$ 100,000
A good way to appro. " proje t cost estima ti o n at the very early sta~e' of a project IS to develop
c,t ima te in severa l independe nt way, a nd the n combin e th e re<ults. One an eve n weigh the estimates
obtained a cording to one's level of co nfide nce in each of them
It takes expericn e to properly u e cost estllna tio n too ls, and the first time one uses them the re,ults are
often unrel iable. \'(Iid, time, fcedba k. and ca libra ti on , however, one lea rns to usc the m with increasing
precision The rest of thi S sec tion desc ribes the te hnl ques used to « timate projects in summary form . The
c hapte r then describes them "' detail.
Cost esti mation methods fo r agile projec ts, described in ectio n 8. 1.6, focu o n esti mating rhe upcoming
itera tio n ("sprin t" in scnlm te rn,s), based o n its requ ired user story o r stories, as well as experience from past
itera tio ns. These arc small ·sca le estimates but it is part and parcel of the agil e philosophy that large projects
arc composed of sma ll deliveries. Now let's turn 10 estimatio n of projects in the la rge that are not necessarily
agi le in whole or in part. Whether o r not o ne actually uses the methods described, they do contain many
hard ·won ideas that ca n be con figured for various situations, including variations in ag de estimation .
Figure 8.3 sho ws a typical road map for the earl y estimatio n of project co t a nd duratio n. The next
section shows an example of the usc of lines of code and past projects. The function point methodo logy and
COCOMO (Construc tive Cost Model) are explained below.
This section discusses ways to estimate lines o f code at a very earl y stage, well before any design has been
performed. O nce desig n work is performed , the me thods are based o n the parts of the design and become far
more precise, as ind icated in Figu re 8.2.
Several estimation methods , no tabl y the COCOMO and COCOMO II model , de pe nd o n the number
of lines of code. "COCO MO " stands for Boeh m's "Constnlc tive Cost Mo del" [ 1]. At the very earl y stages of a
project . COCOMO may not sou nd very useful because coding is a long way off when o ne is in the project
planning stage . By compari ng the product with other products, however, esti mating hnes of code may well be
feasible . For example, we could estimate that our current sate li ite co ntTOI job is comparable to our last satellite
job, which requi red 3 millio n hnes o f FORTRAN . H owever, our currenr job has the add itio nal requirement of
being able to mo nito r hurricanes. It may be possi ble to roughly e timate the ize of th is additional piece based
on other hurrica ne trackers (700,000 lines of FORTRAN , for example). When impicmentation languages
change, mdustry ·standard language conversio n factors arc used.
I. Usc comparisons with past Jobs to e timate cost and duration d irectly or to estimate line of code
and / or
Use function point metho d to estimate lines of code.
i. Compute unadjusted function points.
ii. Apply adjustment process.
2. Use lines of code estimates to compute labor and duratio n usmS (II) fo nmula .
Figure •. 3 A roadmap for estimating the cost of a software project
COST ESTIMATION 171
Orglniutions wonting above Cap;lbillty Maturity Models level I must be able to record the person -
hours Ind duntion of the pans of jobs. In the ab ence 01 such data, we would have to compare our Encounter
"dec Illme, for "xample, with other game . It is difficult, impossible even, to obtain data directly from
comp;lnles other than one's own, although trade publications and general industry studIes sometimes provide
pI~1 data. For example, we may know from industry announcements that "BugEye Inc." has worked on its
rw: iI same for two years, The announcement may even mention a number of programmers. Such data is
suspect, however, sin e companies regard their development knowledge as a corporate asset, and commonly
or underrepon numbers as the case may be.
In the absence of historical data , it may be necessary to compare the project with related projects,
(simulations, lor example, in the ca e of our video game). Let's say that we have very little experience
programming gam~, and some experience programming simulations and Java. Our lines-aI-code estimation
may have to be something like the follOWing :
lance wrote a nongraphical simularoon of a simple queue in C. + , which required about 4-8 pages
of code_ At about 30-50 non -comment lines pcr page, this totals 120 400 lines. We will assume
that Java requires the same number of lines. The first commercial release of Encounter has 4-15
such queu~ and 30-90 additional components of comparable size to make It interesting, so that
yields between [( 120 lines) x ( 34 components)] minimum and [(400 lines) x ( 105 components)]
maximum as our range, or approximately 5,000 to 42 ,000 lines of code. The use of graphics
multiplies the effon by 1.5 to 4, depending on the degree of sophistication , so this gives us a range
01 1.5 x 5, 000 to 4 x 42 , 000 = 7 .5 to 170 K-lines (thousands of lines) of code. (NoI" The case
study in this book encompasses a prototype. which is far less ambitious than Ihe version o n which
this estimate is based.)
By documenting such data o n a spreadsheet, we establish a baseline, and we ca n then sharpen our
estimates as the project goes forward . Note that the range 7 .5 to 170 K-lines is consistent With Figure 8.2, in
which a 16-fold range in es timate is expected at the conceptualization stage. The preceding calculation is a
bottom -up approximation , sillce it estimates the cost of the whole from the cost of the pans.
An example of a top -down approximation follows , lIsi ng indu try data (or, preferabl y, historica l data
from the organization performing the work). Suppose we know that a very good video game required the
servIces 01 5-20 expert programmers for 1- 2 years. Since we can invest only 1/ 10 of the amount that was
invested on that ga me , we WIll assu me that ours will ha ve about 1/ 10 of its ca rability. A suming 5-25 lines of
(fully testedl) Java code per day, this yields
( 1/ 10 capability of th,,(amous game) x (5 - 25 lines per day ) x (5 - 20 programmers) X ( I - 2 years)
X( 48 - 50 weeks pcr year) x ( 35 - 60 hOllrs per week )
~ 4_2 - 300 K - lines of code
This range is different from the bottom -up «timate obta illed previously , but it helps to grollnd our ideas
about the job'~ magnitude, Since the method" ed this lime is quite different .
Free estimation tools, 'u h a, those at www.con<lrux com , arc also avai lable on the Web.
SUrtlllg In 1 ~79 WIth All recht (2 ), th e mo re (undame nt,,1 nOli on OfJ""Cllo" pO;III. wa> developed to assess the
size of a prOject Without ha Ving to kno w II, de<i~n and WlthOLII havln B to mah any a pnori a"u mltio ns .boul
code SIU . The fun c lIon pOint lechnlque " a mean s of ca lthralinll Ihe capab;),tles 01 an appli ation in •
unIform manner, a, a \In!!l. numb r. Th" nllmb r can Ih,-n he ",cd to e tlmare Iln e~ 01 code, o<t, and
'72 CHAPTER 8 PRINCIPLES OF SOFTWARE PROJECT MANAGEMENT II; ESTIMATION, SCHEDUUNG, AND PlANNING
durat.on by cOl1l parison with th e fun t.on pOint values 0 1 ot her proJects . Functton POtllts arc a\tra<.t.ve .n
oncept , s",ec they try to /let to the hcan 0 1 a future produc l" ca pability H owever, It take. a grcat deal of
rra ti e to appl y them in an accura te and o", .Stcnt manner
• Exlmlal j"puls, O nl y inputs th at affect the function in a differe nt way fro m each othe r are counted as
sepa rate . Thus, a funct.on of an application th at subtrac ts two numbers would have EI = I , no t EI = 2. On
the o ther hand , if the character A ca n be input to req uest an addition and S for subtraction, these would
contribu te 2 to EI.
• Exl,,,,"1 ou lpuls, Only o utputs that account to r true eparate algo rithm .c o r no ntrivial funct io na lities should
be counted . For exampl e , a process that o utputs a charac ter in several font would be counted as I ; ellor
Internal
External Log;",,' Fifes
Function
Inquiries
~
• (ILF)'
(EIN) •
~ LagIcII
cf External
External OUlpuls
Inpuls (EO)
, Internal logical
File grouping of user
data into files
Ext. inputs El • • • J or • 4 or • • • 6 : I I
Ext. outputs EO )( • •
• or • • 5 or • • • 7 :
I I
Ext. inquiries ElN )( • • • J or • • 4 or • • 6 : I I
-
Int. logical files lLF )( • • • 7 or • • • 10 or • 15 : I I
Ext. logical Ales ELF ) ( · .. 5 or " 7 or .. 10 = _
I I
Count Total I I
Figure 8.5 Function point computations (IFPUG)
messages are not counted . Chart representatio ns of data are counted as 2 ( I fo r the data and I for the
formatting ). and data sent to separate nontrivial destinati o ns (e.g ., printer) (3).
• Extmsallogical files: This counts each unique gro uping of data o n fi les external to the app hca lio n.
Ext. Inputs I 3 I 1 6 13
Ext. outputs o 4 o 5 o 7 o
Ext. inquirks o 3 o o 6 o 25
Figure 8.6 Unadjusted function point computation for first Encounter functions: "Set up player character."
Ext. inputs o 3 o . o 6 o
Ext. outputs 1 . o 5 o 7 ,
co," mtHts; R,porf Oil ",,,/I,
Ext. inquiri.,s o 3 o o 6 o 16
Figure 8.7 Unadjusted function point computation for Orst Encounter functions: " Encounter foreign character."
COST EST1MATION 17 5
Ca" Study
1. Req uires backup/ recovery7 0-2
2_ Data communicattons required, 0- .
3. Distributed processi ng functIOns ' o
4. Performance critical , ]-4
5. Run on existing heaVil y utihzed environmenO 0- .
6. Requi res online dara entry' 5
7. Multiple screens for input' ' -5
(co""",ud)
Figure B.B General characteristics for function point adjustment. numbers 1-7
Once accurately obtained. function poi nts arc very useful. For example, they can be used a ompariso n
met rics. allowing organizations to estimate jobs based o n function point mernes of previou Jobs. They can be
converted to lines of code using tandard tables. lines of code can then be used to estimate total effort In
person- months as well as duration (see the next section o n COCOMO ). For example, [4] estimates 5 3 hncs
of Java source per function poi nt. Using th is factor for the Encounter example, we anticipate
(361044 ) 53"" 1. 9 - 2.3 K-Hne of Java source As expecled , thi s is much lower than the previous estimates
of -\.2 -300 and 7.5· 170 K-lines of Java source. This is true because " applies to o nl y two "function s' for
Encounler, whereas the larger e limale were for a full game.
Let's consider a system that tracks Video rentals. We will conRne the appJ.cali o n to a cus tomer-oriented
appl icatio n, in which customers rent videos and need informalion about availability.
\VIe assume that the application requires two Poles only, o ne for custo mers and a second for videos. The
unadjusted functi o n po int computation is as shown in Figure 8. 1 I .
Now we estimate the adjus tment faclors , as shown in Figure 8 . 12 , yielding a "General Characteristics'
total of 35 .
Ext. inputs 2 3 f 4 o 6 /0
Ext. outputs o 4 I 5 o 7 5
Amosml dut
Ext. inquiries o 3 f o 6 Jl
- ncpla""'io", Availability
Figure 8.11 Unadjusted (unctlon point scores (or vide store example
COST ESTIMATION 1n
This yie lds 33 x 53 = 1, 749 lines of no n-comm ented source lines of Java code .
The function point method is summed up by Capers Jones in [5], a practiced advocate of function pOInt
applicatio n. See also [6 ].
O nce lines of code have been estima ted , either throug h use of historical data, by companson to related
projects, or via function points, they can be used to estimate labor reqUIrements and prOject duratIon uSIng
Barry Boehm's COCOMO model [ I) COCOMO is based o~ the idea that project outcomes, plo tted as
graphs, have a consistent basic shape A para meterized formula is found for the shape, so that to obtain the
graph for a particular project, he si mpl y has to detemline the parameters fo r it.
8.1.5.1 COCOMO I
Boehm observed that the labor required to develop applicatIons tends to in rea e faster than the applicalto n's
SIZC. He found In his init Ial rc earch that the exponentIal fun Iton, WIth exponent close to 1.12. expresses thIS
rtlationship quite well Boehm's model also says that the duratIon tncreases exponentia lly \ IIh the erfon , but
WIth an exponent less than 1 (the exponent used III th , case is clo e to 0 35 ). Th,s rell t, the observalto n that
.fter. c;.,n.atn sIze (the "knec' In curvc (2)), additional reqUIred effort ha on ly a gradual lengthenIng effect on th~
time It takes to complete the project TI,CSC are illustrated In F,gure 8 13, wher~ L ",ho n for "Iine< of ode '
178 CHAPTER 8 PRINCIPLES OF SOFlWARE PROJECT MANAGEMENT II: esnMATloN, SCHEOUUNG, AND PLANNING
(1 ) ellort' lor
Increasing LDC
(2) Duration lor , '2
(y _ 3.. . ) ,
Increasi ng ~
ellort'
(y _ 2.5 .. 0.35)
Exponent < 1
> 1
U lng data fro m num erous projects, Roehm estimated the parameters fo r these re latio nsh ips, assuming
an e xponential re lations hip. H is fo rmulas arc illustrated in Figure 8. I 4 . In this system, organic applications an:
stand-alone applicatio ns suc h as classica l (i.e ., no n -Web-enabled ) word processors or our Encounter case
study . Embrddrd applicati o ns are integral to h ardware -softwa re sys tems (e .g ., an anti lock braking system). S""i-
dew hed apphcatio n arc in between . A Web-enabled Encou nter, for example , is semi -detac hed: it is not
o rganic , but neither is it as heavi ly e mbedded as the code in an antilock braking system, for example.
En counter would commU ni cate with the Inte rnet via signals that are o nly occasiona l when compared with the
frequency o f C PU Instruc tion execu tio n.
Boehm's mo del says r,rst that the required effort and durat ion ha ve separa te models (fo rmulas) fo r each
ty pe o f appli cat ion (differing in factors a and b). For examp le, a sta nd-alone job with 20,000 lines of code
would take 2.4 x 20 1.05 '" -I person -mo nths duratio n if organic (stand -alone) but about 3.6 x 20 1.2'" 76
person-mo nth if e mbedded _
The duration formu la ca n be expressed directly 111 te rms of line of code (KLOC) as follows:
Duration = c x Effon = c x (a
l
X KLOCb)J = c x i X KLOCIJ
At nrst glance, Boehm's duration fo rmu la may appear strange because the relations h ip between effort
and duration seems to be simpler than his form ula indicates. For example, If we kn ow that a job ,..,quills 120
Software Project a b
- c- d-
-
Organic 2.4 1.05 2.5 0 .38
Sem i ·detached 3.0 I. I 2 2.5 0.35
Embedded 3.6 1.20 2.5 0.32
pc:r.;on .months, and we put ten people onto it, won't it get done in 12 months? This would indeed be the Ca3e
if we could usefully and con istently employ all 10 people on the project from day 1 through day 365 , but this
is not usually possible Consider, for example , day 1 Since all the engineer.; can't know much about the
project (it has just begun ), what u dill activities could all ten engineers do that day; It follows that if we
allocate 10 engineer.; (Tom the first day , the 120 per.;on .mo nth job w,1I actually take longer than 12 month .
Boehm's duration fonnula has the strange property of being Independent of the number of people put on
the jobllt depends only On the size of the job. Actually, the formula assumes that the prOject Will have roughly
an appropriate number of people available to it at any given time (for example, one on day I , th irty on day
100, assuming that is what's needed).
Boehm's model , whi h has been tested extensively and is widely respected , has been refined over time,
and has been largely updated with the more complex CO OMO II , described next. A great deal of practice is
required to use even COCOMO I effectively. It i< best used along With an independent method and a healthy
dose of common sense (sometime called a "saOity c heck") . U"ng Boehm's basic formula on the prototype
ver.;ion of Encounter (conSISting of two basic hIOction ), With 4· 300 K·hne. of code, we obtain 10 to 1,000
pcr.;on.months of effort , and 6 to 35 months in duration, as shown in Figure 8 15.
8.1.5.2 COCOMO II
COCOMO (I ) is somewhat identified with the Watcrfall process because it does not speCifically account for
iterative development. It mu t be used anew for each iteration , and docs not account for factors such a
whether the iteration is early or late in the process. For this rca on and others, Boehm updated it to
COCOMO II. (See, for example, httpi/sunset.usc edulresearch/ COCOMO IIl) The n of COCMO I can be
interpreted as a scaling factor. COCOMO II replaces it with a product of various scaling factors F F" SF"
"
SF <, and SF, . This al lows for a more refined set of parameters. The b parameter In COCOMO I expressed the
number of times KLOC is multipl ied . CO COMO II replaces thIS with a product of seventcen quantillc EM ,
K b approx.
-a - -
Effort nK" b
c P d approx.
- - -
Du~lion cP" d
LO 2.5 10 0 .38 6
Flaure ' ,15 using COCOMO I to estimate the magnitude of the Encounter effort
180 CHAPTER 8 PRINCIPLES OF SOFlWARE PROJECT MANAGEMENT II: ESTIMAnON, SCHEDULING, AND PLANNING
w here n = 1.0 I + L,
I' SF,
EM, ore multiplica ti ve cost dnvers
SF, a rc sca ling cost dri ver
(so eoch replace KLO in CO O M O I) These arc called l11ulliplica l,", co,1 d,,",,,, and they allow for m o r~
re~ nem c nt in dc>cribmg the produc t and project.
The CO OMO II Effort fom1U l. is shown in Figure 8. 16. 11,e sym bol ] (cap ital p) is the product symbol
For ex,mpl e, n:
,k' means I ' X 2' X 3' X 4' .
Fi gure 8. 17 lists the ty pes of the quantities SF, and EM}' The SF, parame ter, for examp le, allows for
fac tonng in the maturity o f the develo pment o rgani za ti o n. The SF, parameter allows for the degree of risk
re maining in the projec t. The va lue o f SF. is hi gh for initial iterations a nd low for later ones The EM ..
parameter account for the modern practice of developi ng in several physical locations. Each of th~
porametcrs has a de fi ned scale.
This eetion di scusses esti mation techniques for agi le projects . In o rder to commit to delivering capabil ity
at the e nd o f a cycle , a team must assess th e effor! req uire d . As with fun c tion points, ,lory pOlnls are a means
by which to measure the size of a story as it relates to implementation . Unlike function po ints, however,
which attempt abso lute measure me nt, Sto ry points are a relative measure . In other words, they compare
sto nes w ithin a project o nl y. Th e size ra ngc is typically betwee n I and 10, and the size of a Story is based
on the team's hi story o f implementing stories in past cycles of the project. One way to establish story
poi nts is to take a n executed story that the team considers to be average, assign it 5 story points , and use it
as a yardstick (or fu ture stories . Another is to select a vcry small implemented story, count it as 1 point, and
thcn calculate all o ther stories as multiples o( it . A mo re sophisticated way is to create a plot as shown in
Figure 8. 18 .
A big ad va ntage of agile meth od s is that they involve man y entire creation cycles. In a pure waterfall,
team member find it difficult to estimate the size and completion time of a job because they will not
usuall y have performed o ne just like thi s in the past, with the same participants. Agile methods, on the
other hand , facilitate th e assessment of how much completed work a team is capable of producing by
relying o n observed past performance within the same project. Recall that in physics, velOCity is defined as
di,'a"ct co"md p" lime 'IIIil. Similarl y , agile project velocity is defined as the amolln l of fun "o"alily lilO',."lta ""
unil. This translates into story points per cycle. Assuming the constancy of cycle (e.g ., alway two weeks),
the reliability of a ve locity calculatio n depe nds only o n the ability to accurately as ess story points With
the ex perie nce o f repeatedly making thi s estimate, te om mcrease their estimation accuracy as the proJeCt
prog resses. Sec Figure 8 . 19.
As effective as this kind o( agi le estimation is, it requires augmentation when larger scale estimation i
required. The reader is referred to ohn, Agilt Eslimaling and Planlling , Prent.ce Hall, for example, for further
reading.
COST ESTIMATION 111
- - -
Sym. Abr. Name
-
SF, PREC Precendentedness
SF,
,
FLEX Development Flex,bility
,... - -
SF, , RESL Architecture and Risk Resoluti on
10 Upper bound
•
• •
t , Com pule past e rror %
•
• 01 2. Estimale using compaMson ,
I 3. factored by Irend in past errors %
0
0 1/
•
1 2 3 4 5 6 7 e Cyclo number
8.2 SCHEDULING
Project estimates are used as input for co nstruc ting project sc/"d" I". Teams develop schedules so that
everyone knows what to expect, ,. hat to do, and when to do it. Figures 8.20, 8.2 I , and 8 22 step through a
tYPical schedule construction using a spread; heet . Substa ntial projects arc best' perfo nmed with specialized
tools such as Microsoft Project .
Softwa re project sched ul ing confro nts a fundamental c h icken .and·egg problem , as fo llows. Part of a
software e ngi neering project is to ga ther the requi re ments but until we know the requirements fo r the
application , we ca n't say h ow lo ng it will rake to do the job and so, strictly speaking , we can't schedule it.
There are severa l approaches to breaking out of this loo p. One is t'o develop a sche dul e o nly afte, the
req uireme nts ha ve been speciRed . Although thi is logical, it is no t often used. The main reasons fo r thi arc a
follows ,
I. As me nti o ned befo re, it is usuall y imprac tical to specify all req uireme nts up fro nt.
2. Management uSllally needs to know llP front how much time the project will consume and how muc h it
will cost.
A common way to approach these issues is to begin With deadl ines and to ae am pi ish as mJn of the
important requi reme nts as possible with the speClAcd time and Ananei.1 resources , and the n to i~rate this
process. For the purposes of dIScussion, this is the approach used herc.
The AT'i t step is to show the deadline for ddiverables to the cus to mer. In Ollr ca e , we wtll <lIPPO (' that
the custo me r wants to <cc a prototype aller fo\tr week < and Ihe completed proJcct after f lit month O ne
I T I I I 1"
I Schedule for VideoStore Application I I
I I
4- January
1 2 3 4
February
1 2 3 4
March
1 2 3 4
Ap ~1
1 2 3 4
May
1
t t
Milestones Prototype X X Freeze requirements Final product X
t I
. -- - -
1 2
-
3 4 1 2 3
-
1
l'i - '" -
~' -
~
:r:
m
o
C
Figure 8.21 Building a schedule Part II-shOWing phases c
z
Cl
e:
~
\:
2
~
~
CD
"0
4 4 1
-
2 3
-z
;0
-
n
"0
f;;
V>
o."
~
~
;0
ITt
"0
e'"
ITt
~
~
m
;::
ITt
1 I 1 ~
1 1 1 1 1 1 1 1 --
"
1 1 1 1 1
-• ~ I ' I I ~;::
11111 11111 1 1 1 4
-o~
z
•
~
I
ITt
g
C
Z
Figure 8.22 Building a schedule part III- showing work breakdown structure '"
•
~
Z
o
"0
~Z
-Z
'"
THE SOFTWARE PROJECT MANAGEMENT PlAN 115
---.,
-
---i-, '
-
phise I dBHllled - -
- -
I
phue I delilled •
---
I
,
--r-- -
-
phase II detailed
- -
Figure 8.23 Dependerrcies shown in schedules
technique used in setti ng a sc hedule is to build in buffers to compensate for factors that we don't or can't know
about. For example, our schedu le assumes four weeks per month , whICh provides at least o ne unscheduled
week. This is shown in Figure 8.20. Some project managers frown on approaches like thi s because they hide
things.
Now we work backward from the mil estones to show the times for the various phases, as shown in
Figure 8.21 .
Finally , the team needs to ensure that people are availab le to do the work . This requires a work b".ktiown
"ruc'u" (WBS) showing who will do what work. Figure 8.22, for example, Includes a WBS
In the example of Figure 8.22 , the last week of design requires Just o ne person and the first week of
implementation requires twO eng,neers .
Schedules show the intended o rder of tasks. 11 task A is schedu led to be performed prior to task 13, this
docs not necessari ly imply that 13 depends o n A. For example, we may have selected the order because it i
more convenie nt to perform task A befo re /J. However, if task X depends on ta k Y, then task Y should be
scheduled to complete before task X begins, and the dependency should be made clear on th~ s hedu1c.
We can denote dependencies o n a schedule, as show n In Figure 8.23 These become ,mportant
whenever we want to aller the schedule. They are al so necessary in detennining the proJect's rillcnl pnl" : the
sequence of activities that ",usl be performed, and the order in which they must be performed To ummarize:
The dependencies form a subset of the schedul e, and the crit,ca l paths are seque nce of depend ... n ies
The prOject plan is docume nted <0 that everyone knows what to do and when to do ,t . There are many
formats forsu h a plan. We will use IEEE Soltware Project Management Plan ( PMI') standard 105 · 1 98 for
this purpose. TI,e table of contents for 1058 · 1998 I< show n in Figure 8 24 , and is used 111 the ca e ,tudy 111
186 CHAPTER 8 PRINCIPLES OF SOFTWARE PROJECT MANAGEMENT II: ESTIMATION, SCHEDUUNG, AND PLANNING
Figure 8.24 IEEE 1058-1998 software Project Management Plan table of contents
Section 8.4 . The IEEE standard is someti mes viewed as belonging only to "document-heavy" projects. In fact ,
its parts should be used when and o nl y whe n they provide value . Agile project leaders can gain by perusing
the topics and dec iding how a nd when the issue me ntioned is to be hand led . Non-agile projects are not
bound to usc a ection unless the effort IS worth it. Prob lems arise w hen needed issues arc igno red and when
docume ntation is used for no productive purpose.
Section 1. 1 in the SPMP-the overview-sh ou ld ide ntify the project but should not cover its
requireme nts (i.e ., descriptions of its behavio r). These arc cove red in the Software Requireme nts Specifica·
tion , described in Part " of this book. Repeating th at materia l in the SP{\'IP would violate the principle of
single· source documentation (to say each thing in one place only). Section 1.2 dcscrib", t he ways in which
the SPMP itself is expected to grow a nd c hange. The Software Co nAguration Management Plan (SCMP)
hould have been developed by th is ti me (see C hapter 6), so that versions of the SPMP can be properly
controlled . A reference to the SCMP is provided here.
Section 4. 1 describes the ways in which orga nl ZJtions wi ll co mmunicate with the development team
This depends o n t he project's stakeho lders (the people w ho have an intere t in it). For example, how will
engineering interface with marketing (regu lar meeti ngs, E-mail, etc .) Section 4.3 speeiAes the responsibili.
tics of project personnel.
Section 5.2, the Work Plan , caR co ntain the project's schedule. Section 5.3, the Control Plan, peciAes
who will manage , con trol , andlor review the project, together with how and when this IS to be done. For
example, sen io r management needs to know how projects arc progressing, so we would de. cnbe the process
for keepi ng them informed here. Risk ma nagement (Section 5.4) was described in hapter 7.
Constraints on the languages and tools used are provided in the "technical proce s plans: L"CtlOn 6 for
exa mple, 'This project shalilisdava from Su n, versio n 1.2. 1, and Rational Rose versi,o n I: Section 6. 1 refers to
the software development process to be u<cd (e.g., wa terfall , spiral , incremenral ). Possibll' ·organlZational
struclure<' were discussed in C hapter 7. Section 6 can ,"elude ,"fonnatlon On reuse requ",:ments
CASE STUDY: ENCOUNTER PROJECT MANAGEMENT PLAN 187
In Section 7, the • upponing Process Plans references or dc:scnlxs activill'" that suppon the
development process, such as configuration management and quality assurance. If the suppon function is
descrilxd in separate documents (e .g ., the configuratIon manage ment plan or the quality plan ), we reference
those document ·. Otherwise, We describe the upport hlnction In full. These and other aspects of the SPMP
are explained fun her In the ca e study at the end of this pan of the book.
The reader will find a ample SPMP for the Encounter cases study in SectIOn 8.4 of thIS chavter, wh,ch
conforms to IEEE standard 1058· 1998 Excerpts from management documentatIon for the Eclipse and
OpenOffice open source projects can be found in ections 8.5 and 8 6 res pectively. In compari ng them , the
reader will notice the benefits of using a standard but also some of the limitallons in ncxlbility.
I 1.1 E Braun: Expanded 3.2 1/ 19/99 Explai ns how and by whom this document will
be maintained. It will have 10 be mo(hfied In
1.2.0 R. Chadwick: RevIewed for release 5/ 19/99
severa l ways (e .g., with a more detailed sched-
1.2 . 1 V Brahms: Final editing 4/ 30199 ule as more is known about the reqUlremc.-nts ).
If a concrete plan is not Pllt In place to
Versio n 2
maintain this docum"nt, It will be worked
2.00 E. Braun : Updated to 1998 standard on sporadically or not at all.
5/18/2004
188 CHAPTER8 PRINCIPL 5 OF $OFlWAREPROJECTMANAGEMENT II: ESTIMATION. SCHEDULING. AND PlANNING
h" docum ent wdl be m a '"t a ll, ~ d o n a SPMP = Softwa re Project M anagement
wC('k ly h. <o b •he projec t lead er. It .s subJc t Pla n (th is document )
to o nfo llurat' o n m. nage ment by mea ns of th e SRS = o frwa re Requ irements
.\11' It 0< th e projc t l eJd c r' ~ r~ s p o n . •bil.t y to pcci fi ca tio n
subl111t th. s do um ent a< a I. and to h 'e p .t up to SDD = o ftware De ign Document
date T his SPMP ma.nl y fo ll o ws th e fo rm at of IEEE STP = Softw are T est Pla n
10 8 I · 1998 tbd = ro be decided
2. References
4 . project organization
[IEEE) Th e appl. able IEEE standards are pub lished
on "IEEE Standards Collecti on," 1997 edition.
4.1 Externa l Interfaces
[MPA L5) Th.s document is to co nform to the
company's "MaSler Pl an for the Attainment of CMM
Level 5 " Name the people and organizations with
[Braude) l1,e princi pal source of textbook ref· whom the team shou ld communicote.
erence matenal is 50fl.,ort E"gi""",'g , A" Objtcl-On-
mltd PmptClovt by E. Braude (Wiley, 2000).
The projecttcam will interface with the fo llow.
ing individuals and organizat ions, VP, Engi neering
3 . Definitions (for tech nical and standards direction), Marketing
CI = Configuration Item (for requi rements), Came Laboratory (for advanced
CMM = Capa bility Ma turity Model, the game features). and the quality assurance engineer.
SE I's model fo r o rganizationa l
imp rovement 4.2 Internal structure
IEEE = Institute of Electrica l and Elec-
tronics Engineers Figure 8.25 shows the organ izati o n of the Encounter
QA = Qua lity Assurance project within Camin g Industries Consolidated.
SEI = Software Engineering Institute, The project will be organized as a team of peers
Pittsburgh , PA with designated roles. The role are team leader,
SCMP = Software Cor-figuration conRguratio n management leader, qual ity assurance
M anagement Plan leader. requirements management leader. design
President
j"' I IV&VI
VP Marketing VP Engineering I
•" I Soltware
I
- Englneerlng
Labs
" . Game Lab
Requiremcnts
Team CM QA Manaaement
leader Leader leader Leader Leader Leader
lab
( I) 170
(2) 4.2 00
(3) 1 1.4 46 1.9 · 2.3 for two identified func ti ons, 6 ·20 times as many in
comple te a pplication
Least conservative 4.2 46 Mini mum o f min im ums and minimum of maxi mums
Widest range 4.2 300 Minimum of min imums and maxi mum of maximums
- - -
Narrowest range 1 1.4 46 tvtaxi mum of min imum s and m inimum of maximums
-
Figure 8.27 Very rough estimate of application size prior to requirements analysis
5.1.3 Resource Acquisition Plan ThIS sectio n specifies how the work will be
subdivided .
·Report forma ts
Requ .
Team CM QA Mngmnt Design Implementation
Name uader uader Leader Leader uader Leader
Ed Braun X X
AI Pruitt X
Fern T ryfill X
Hal Furnass X
Karen Pders X
Monlh , Monlh 2
-Mon,h 3 Month 4 Month 5
, 2 3 4 , 2 3 4 , 2 3 4 t 2 3 4 ,2 3 4
SCMP complete , Begin system testIng '
, SOAP complete Delivery ,
Milestones
, SPMP rei. , complete
Freeze requirements '
Iteration'
,
Iteration 2 I I
Risk Identification
and retirement Preg:. for maintenance I I
Figure 8.30 High·level chart of tasks with fixed delivery date, ordered by completion
imp lementati on. The prOject roles and responslbili . 5.2.4 Budget Allocation
ties are shown in Figure 8.26 . The budget allocation, shown in Table S. I, matches
the work breakdown structure shown in Figure 8.32,
5.2.2 Schedule Allocation and includes an additional 10 percent to cover
unantIcipated cOSts. Loaded I labor rates arc $4,000
per week.
11 we are given a Axed completio n date and
have identiAed the process that we will use, we 5.3 Control Plan
may have enough Information to provide a
high.level schedule. We increase the amount
of detail in the schedule as more becomes The IEEE describes this section as ' ",etria,
known about the design. reporting mechanisms, and contlol plocedlUcs
necessary to measure, ~port, and conllol the
product requirements, the project scheduk!,
The schedule is shown in Figure 8.30. Refer to budget, resources, and the quality of worlt
the SQAP for the schedule of quality activitIes. processes and work products.'
It is usually advisable to schedule regular
5.2.3 Resource Allocation team meetings (typically weekly; sometimC!S
The work breakdown structure is shown in rlgure short daily stand·up meetings). When there
8.31 . The bottom line shows t~e person · month is no business to conduct, such meetings can
available for each month . easily be canceled. On the other hand, sched,
uling a meeting on short notice m~y be
We have not yet pcrfonned any design, so it is when team members have other commitllknlS.
too early to name the engineers who will work Even teams that work to~ther every ~y need
on speCific pam. These names will be added to schedule negular review meetings to avoid
he~ after the designs for the various configu· drifting. The meeting convener should __
rations have been detennined. mally cancel a meeting if there ~rc no qcncIa
it~~lmIiS.
I Ie , Including bc:ncAts
CASE STUDY: ENCOUNTER PROJECT MANAGEMENT PlAN 193
J . Pruitt 111111111111111111
F. Try1111 1111111111111
The ~ ntire team w, lI meet at the begi nn,ng of nece sary. The team leader wli l inform the team by
~ach phase (reqUire me nt s, d esig n, and imple me nta · Thursday at 4:30 p.m. if the lotter meeting is to take
tio n) within each it~rati o n . There w,lI be wee kl y place .
project m~e t ing< on Tuesdays from 10:00 a.m. to
noon. T ~am members are requested to keep Friday 5.3.1 Requirements Control Plan
mornings from 9:00 a.m to I I :00 a.m. o pe n fo r an The req uirements leader will report to the project leader
additio nal meet ing, in case suc h a meeting becomes o n the status of the SRS in wnting each Tucsday.
'"
""z
;!1
n
-
""m
Impact a."
RIsk Tide likelihood 1- 10 Retirement Priority (lowest Ta'llet V>
a
(details 1-10 , . /east , =/east Cost 1- 10 numb~r Responsible Completion
• alven above) likely impact , =/owest handled first) Retirement / Mitigation Plan Engineer Date ~
cost '"
IT'
-0
Z
FIgure 8_32 sample risk analysis for Encounter case study o
~z
-
a
CASE STUDY; ENCOUi'ITER PROJECT MANAGEMENT PlAN 195
Comm.nors T""
lask2
T.... 3
CHARTER FOR THE ECLIPSE TECHNOLOGY small , informally structured prOjects that add new
(TOP·lEVEl) PROJECT capabl),ties to the Eclipse software b.se (l ncub.tors
Stream). fos ter gre.ter communtty .w.reness and
underst.ndlng of Eclipse (Education Stream). or
The "Eclipse Technology Project" diflers ITOm
explore researc h ISsues in Eclipse -re levant dom.ins
the "Eclips.... Project." The following document
uc h as program m"'g I.nguage , tools, .nd develop-
includes a description of project management
ment envlfo nments (Rese.rch Stream). The Eclipse
in Eclipse. It is fou nd .t http-Jlec1,psc .org!
T echno logy Project IS Inte nded to :
technology/ technology -ch.rter.html and h.s
been reform.tted and .nnotat .... d by the author.
I . Provide the o pen source commun ity with a
As described below, • project can migrate from
lighter-weig ht .Itern.tlve to the I.rger scale,
being an "Eclips.... Technology Project" to be-
more strucrured development activities carried
ing an .. Eclips .... Project: This "ch.rter" docu-
out by othe r PMCs, .nd
me nt mainly d .... cribes organization .nd
manag.... ment. Without committing this kind 2. C rea te o pportu nitte for rese.rc hers, ac.de mlcs,
of thing to paper, there would be little c hance and educators to playa Significant ro le Within
of a successful outcom ..... the Eclipsc com munity
overview Scope
The mISsion of the Ec),pse Te hno logy Projec t IS to • Rcsour e comm itm e nts te ntalt ve, due to vol unte~r
pruvlde a ho me With", the Ec),p>c Foundat io n for labo r o r la k of ponsor funding
198 CHAPTER 8 PRINCIPLES OF SOFTWARE PROJECT MANAGEMENT II ESTIMATION, SCHEOUUNG, AND PLANNING
• I cvclopmc nt ol tcn ross·cuts the ~CO I)C o f <evera l rCl110vtng ob,r" 1«, so lVIng problem" and resolv.
o ther E Ilpse Foundation Proje ts ing conflIcts.
• Providing the leadersh Ip and viSIon to guide the (This IS the overall controlling body for
projcctJs overall direction in a manner con~i s t e nt Eclipse.)
with the Eclipse FoundatIon Architectural Roadl11ap.
• Providing assistance and <upport to the developers regarding contributio ns proposed under Ilcensrs
and rescar hers workIng o n the prOject by other than the 'tandJrd .,., ,,,..d by EcI,p5C
CASE STUDY: PROJECT MANAGEMENT IN ECUPSE 199
• Working Wifh the EMO and committers to ensure monitor the main roject mailing list and the devel -
that in-bound contributions arc made in accord- opor mailing lists for all projects and components
ance with the Eclipse Foundation IP. they are overseeillg.
ca,c o( large proJcct,), an h,ve Ihelr 'talll' promoted omm llleT> arc reqUITed to monitor the devel·
to that o( J • (1II1mIIlC( for that project or omp!}nenl op r m.dmg Ii t .<soc,ated With all prOjects and
~,p<'t.tivcly A comnllllcr h", wTite access to the sou~e compo ncnts for which they have commit pnvdeges
de repo>l tory (or the .«ocIJted proJcct (or o mpo· ThiS 1<" ond ltJon of being granted <.Ommit righi, to
nem), and gall" votlllS rights allowlnB them to affect the prOject or component. It IS mandatory bccau~
the fu t\J~ of the proJcct (or compone nt). commltters must participate in votlllg (which In
orne ca,es reqUIres a certam minimum number of
votes) and must respond to the mailing list III a timely
The followlIlg par<lgraph describes a formal !-ashion in order to faCilitate the smooth oper<l"on of
process , which is e senllal to the smooth the project. When a commille r is gr<lnted commit
running of the Eclipse project. rights he or she will be added to the appropnate
mailing !'sts. A com mitter must not be unsubscribed
In order for a developer to become a committer from a developer mailing list unless theIT aSSOCiated
o n a particular project overseen by the PMC, another commit privileges are also removed .
comminer for the some project (or component as Commirters are required to track, participate in,
appropriate) can nominate th,t developer, or the de· and vote on relevant discussions in their aSSOCiated
veloper can ask to be nominated. Once a developer is projects and components, There are three voting
nominated , the committers fo r the project (or compo· responses: + I (yes), - 1 (no, or veto), and 0 (abstain).
nent) will vote. If there arc at least three positive votes Committers are responSible for proactively
and no nega tive votes, the developer is recommended reporting problems in the bug tracking system ,
to the PMC for commit privileges. If the PMC also and annotating problem repons with status informa·
approves, the developer IS converted into a comminer tion, explanations, clarifications, or requests for mo~
and given write access to the source code repository for information from the submitter. Committers are
that project (or component ). Becoming a commincr is a responsible for updating problem report. when
privilege that is earned by contributlllg and showing they have done work related to the problem .
discipline and good judgment. It is a responsibiliry that
should be neither given nor taken lightly. projects
G"oen the fluid nanu'e of EcI ,p<e Te hno logy report, and papers, coursewarr, downloads o( reo
Projects, organozational c hanges arc possible , in par. lease" and thIS c harte r.
t,cul • .., d,viding a Project into components; dividing a
Project into two or more independent ProJect . and o General Mailing List-Ma,ling list for develop·
merging t"'o or more Projects into a song Ie Project. In ment dl scu sions pertaining to the project as a
ea h case the initiative for the c hange may come whole or that cross projects Th is mailonB list IS
either fro m within the Project or from the PMC , but open to the publoc.
the PMC mu t approve any ch ange, and approval o Project Mailing List-Development maili ng list for
must be confirmed by the EMO. technica l di scussions rel ated to the project. This
If a project wishes to di vide into compo nents, mailing lost is ope n to the public.
commit privileges arc no nnall y gra nted at the com .
ponent level , and the committe rs fo r a given com . o Compone nt Mailing List-Development mailing
ponent vote o n issues specific to that component . list for techn ica l di scussions related to the compo ·
Components are established and discontinued by the ne nt. This mading li st IS o pe n to the public.
PMC When the PMC creates a component it ap·
points a component lead to ac t as the techn ica l The Development Process
leader and names th e initial set of comm itteTS for
In this section, the phrase "release cyde" wi ll refer to
the component. The compone nt lead is designated
a signiri'cant block of project activity , which corre ·
as a committer fo r the project and represents the
sponds to an ac tu a-l rel ease cyele in the case of
component in discussions and votes pertaining to the
incubators or Education Projects , o r to a majo r stage
project as a whole. Component committers do no t
of a phased Research Project.
participate in votes at the level of the project as a
whole, unless they are also the component lead .
In cases where new projects are be ing created , This assumes an interactive development pro·
either by splitting or by mergi ng , the usual proce· cess. However, each iteration is actually released,
dures as set forth in this c harter are fo llowed . In and so must be a usable version of the product.
particular, developers will not necessanly have the
same rights after an o rganizatio nal c hange that they
enjoyed in the previous strucn" e . Each project lead must produce a development
plan for the release cycle, and the development plan
must be approved by a majority of committees of the
project. The plan must be submitted to the PMC for
review. The PMC may proVide feedback and advice on
This section is a useful checklist for most the plan, but approval rests with the p,oject committees.
softwao-e projects.
POE
As an application, Eclipse has f,al1ms . As a
'T he PDE (Plug.I" Dwt/opmrool En voro"mnl l) project platform, Eclipse has to have an API stl, a
provides a number of views and editors that make means for interfacing with il (or programmers
is easier to build plug . ins for Eclipse Usi ng the POE, extending It.
you can create your plug·in manifest file (plugon
xmll, specify your plug· in runtime and other required
plug·ins, define extension points, including the or Thos document lays out the feature and API set
specific markup, associate XML Schema files with for the next feature release o( Eclipse aher 2. 1,
the extension point markup so extensions can be designated rel ease 3.0 (Why Eclipse "3.0") .
validated, create extensions on other plug.in exten·
sion points , etc. The POE makes integrating plug·ins
easy and fun ." A hyperlinked table of contents like the fol·
These subprojects are further decomposed . For lowing is useful. Notice the emphasis here on
example, the Platform subp roject is broken down deliverables and schedule, expressed in the
into componen ts. Each component operate like a first item .
project unto its ow n, wi th its own se t of com m it·
ters, bug catcgorie5, and mailing lists. These are as
follows [8], Release deliverables
The following is excerpted and quoted from the This part is a seop" statement. It also specifies
projec t plan for release 3 of Eclipse [9]. It provides the management of this document and pro·
an example of a specific project plan when compared vides an overview.
with the c harter
LAsI rwistd Friday, J.nuary 30, 200< (' ",arb
1.lmsli09 chan9cs IInC( Ih, prtOIOU S drnfl of Oclob" 27, Plans do no t materialize Ollt of nowhere, nor are
2003 ) . they entirely stiltic To ensure that the plannong process
CHAPTER 8 PRINCIPLES OF SOFTWARE PROJECT MANAGEMENT II: ESTIMATION, SCHEDULING, AND PLANNING
I tran<po",nt and open to the en tire E itp<c commu · WIth the preVIOllS re lease as the starting pOInt,
nlty, we (the E Ilpse PM ) po t plans In an embryo nl !his i< the p lan for how we wi ll enhance and Improve
fOnll and revise them dl roUg holl t the release cy Ie It h xinl! bUf(s, imprOVIn g te<t coverage, documen ·
ta tt on , example , performance , usab tl lty, and so on ,
are conSIdered routt ne o ngoing mainte n an~ aCTivl '
PM:: = Project Management Contmi[t",e .
tic, and are not Includcd In thIS plan unless they
wou ld also invo lve a SIgn Ifi cant c hange to the API or
The Irs t part of the plan deals with the impo r. feature set, or involve a sig nificant amount of work.
tant matte rs of re lea c deliverables, release mil e· All interesting (cature work IS accounted fo r in thIS
stones, target operatin g envi ronments. and release- pla n.
to·release compa ttbility. These are all things that
need to be clear fo r any release, even if no featllre
This provides more on the sCOp'" of thIS docu·
were to change.
ment. The activities listed are cODsidered
The remainder of the plan consists of plan items
"mainte nance: covered in the last pan of
for the various Ecli pse subprojec ts. Each plan item
this book . A three · part scheme for require·
covers a feature o r AP I that is to be added to Ecli pse,
ments priority is used , with the added ore·
or some aspect of Eclipse that i< to be improved. Each
jected" category. This merely k","'P' track of
plan ite m h as its own e ntry in the Eclipse bugzilla
requirements that were proposed at some
database, with a title and a concise summary (usua lly
point .nd rejected.
a si ngle paragraph ) that exp lains the work item at a
SUitably high e nough level so that everyone can
readily understand what the work item is witho ut The c urrent status o( each plan item is noteel
haVi ng to understa nd the nitty ·gritty detail.
Committed plan item A committed plan item
is o ne that we have decided to addr""s for the
Note that, in place of a detailed requirements
release .
document, the detailed requirements are effec·
tively provid",d via the Bugzilla database, where Proposed plan item-A proposed plan item is
there is no real distinction between required o ne that we arc considering addr""sing for the
fearur"" and a bug in what's been implemented. release. Although we are actively inves:igating
Bugzilla is an open source defect tracking appli· it, we are not ye t in a position to commit to it or
cation. 5<-e httpJlwww.bugzilla.org/. A refer· to say that we won't be able to address it. After
",nee on Eclipse's specinc use of Bugzilla is at due conSidera tio n, a proposal will either be
httpsJ/bugs.eclip"".orglbogsldocslhtml committed, deferred, o r rejected.
ROLES AND RESPONSIBILITIES Project members who give frequent and valu·
ab le contributions to a project can have their status
Everybody can help no matter what their ro le. The
promoted to that of a "deve loper" for that project. A
more a person gels involved in the project . the more
developer has write access to the ource code repos,
h e or she develops a trusting relationship with
itory . A "content developer" has write access to a
others. Those who have been long ·term and valuable
project's documentatIon but not to the source code
contributors to the project earn the right to commit
In order for a contributor to become a developer,
directly to the source repository.
another developer has to nominate that contributor
OpenOfflce.org respects the rights of its com·
The project lead may convert the contributor into a
munity to post messages and use the mading lists to
developer and give write acces to the source code
further the aims of the project. In fact , we cncour·
repository for the project.
age people to usc Ihe mailing lists. To this end , we
Al times, deveiopers may go inactive for a
will do our best to I,mil "spam" and to ensure that
variety of reasons. A developer who ha been In-
communication among community members I car-
active for six months or more rna lose his or her
ried out politely and efficiently . We have posted
status as a developer. In Ihis ase or if the value of a
some "Mai l·List Guidelines" that detaIl our
developer's contributions dimlllishe wTit~ access
I
commitment.
may be revoked by the responsible project lead.
A commItted change mu<! be reversed if thi
We would sute here something like the fol- requested by the =ponStble project lead or b the
lOWing: "There are several categories 0/ Commllnity Counetl or i" delegates and the condItions
cannOI be Immedlatelv salt ned by the equiv.>1 I1t of a
CASE STUDY: PROJECT MANAGEMENT FOR OPENOFFICE 207
'bug fu, commit The situation must be rescinded c harge o f. Any member o f the affected projec t may
bcfoit the cha~ can be included in any public release. ask fo r the C ommun ity CounCIl to reconsIder a
project lead , o r to interve ne in disputes o r questio ns
co ncern ing project leadc",hlp _ A decision by the
This belongs on a location whe~
Commun ity C ouncil IS requ ired to revoke project
ipOLi8c ruI~ lI~ gIVen for committing code to
OpenOIficf:. lea d status.
A ny me mber o f a project is el Igi ble fo r e lection
to projec t lead of tha t project Electio ns arc arranged
by th e project concerned . A list of our current
PROJECT LEADS
project leads can be fo und in the Irs. of projects.
There are three main categories of public projects in
OpcnOfAce.org : SCHEDULE
• Native-lang SOURCES
lind d~crib"d this risk a speclRcally as she could . suggested . Hal pushed very hard for a buffer
She also ~searc:hed companies that provide o n-SIte week in which no tasks are assigned . Karen
training 3t short notice. Her step -by-step rIsk pointed out that no work hould be aSS Igned
~ti~ment plan was included in the malerial she during the week before the midterm . There was
sent to Ed. Hal Furnass had a concern about super- also a discussion of using a simple waterfall to
imposing images in Java , and he sent h is n sk avoid the compl, cat ,ons of revisiting document ,
identification and retirement write · up to Ed . The but thI S was dismIssed as not reRecting the real
latter collected these in the straw man SPMP, and world . Fern pushed for Incremental development
listed them in priority. because she wanted to begin coding as soon as
Ed then drafted the following agenda for the possible , but there was little support for this
m~ting . because the team did not even have architecture
Meeting to be held in Engineering 397 at 10:00 yet . Members felt that "quality" was an area they
a.m. to 11 :30 a.m. Friday, September I needed the most practIce with
Arter considerable debate about building an
1. Appoint record keeper and time keeper (5 min · eXCIting computer game, the team decided that
utes, 10:05) "the attai nment of the specified quality parameters"
would be its top priority. It ,",'as recog nized that a
2. Approve agenda and times for this meeting (5
minutes, 10: 10) quality ga me worth playi ng was ou t of the questoon
in the time available, and that the actual capabi lities
3. Review SPMP sections supplied by Ed (25 m in· would be have to be minimal. When the tea m arrived
utes, 10:35 ) at role allocation, Karen volu nteered Immediately for
the "design leader" role . There were three volunteers
4. Allocate remaining SPMP section to writers (20
for "imp lementation leader" and no ne for QA leader
minutes, 10:55)
Ed compromised by suggestIng that two of the three
5. Arrange review process (via e-mail andlor meet - people plit roles as QA and implementatio n leaders,
ing) (5 minutes, 1 1:00) switch ing halfwa y throu g h the semester. The other
• roles were filled , and Ed reminded them of their
6. Brainstorm for additional risks ( 10 mlOutes,
responsibilities , and of theIr addotional backu p ro les,
11:1 0)
as stated in the SPMP.
7. Rev iew action items (5 minutes, I 1: 15) The dis cussion of h ow to allocate the wflting
of the SPMP went over its planned I,mot , but the
8. Miscellaneous business ( 10 minutes, I 1:25 )
discussion was productive and to the point , so Ed
did not try to curtail it. It was de cided that on ly
Ed e -mailed the agenda and his straw man
two team members besi des Ed would write the
SPMP to the team members two days before the
SPMP , and the rest would reVIew their writing ,
meeting, and asked them to read it over before the
since ot would be too difficult in a <hort time to
m~ting . His version of the SPMP contained all of
manage more peo ple writing . After 10 minutes,
the IEEE headings .
the team found itse lf diSCUSSIn g very small eC'
tions, and Ed Cllt off di SCUSSIon , promISing to
THE INITIAL PROJECT PLANNING MEETING resolve the mall differences offline , and c · ma il
the two member concerned a dctaol ed allocatIon
At the meetIng , Ed asked Fern to re cord action of the sect ions The team deci ded that th e writers
ILems and major deciSIons, and asked AI to watc h would complete their sec tion s by Froday at 600
the time and remInd the team if It exceeded p .m ., and Ed would cre atc the d ocum e nt from
planned l,mits, It wa s unders tood th at the se two th ese and CIrc ulate th e results to the team b
roles would rotate among the members In futllr., Saturday at 3.00 p .m Everyo ne ,,, o uld prOVIde
meetings Most of Ed's Id eas were accepted . Sev. co mm e nt s to Ed b y unda a t 3:00 pm ., Jnd Ed
eral c hanges to Ed's proposed schedul e we re would take all of the<e co mm en t< Int o a count t
210 CHAPTER 8 PRINCIPLES OF SOFTWARE PROJECT MANAGEMENT II: ESTIMATION, SCHEDULING, AND PLANNING
110allzc the do lIment A tcn tatl c meeting was se t weekly !Hne was selected which members would keep
for l ondo at II · 0 a m . In Arts 283 in C" C It was available, but would be used only If reqUired.
nece ory, and Ed was ta ske d wit h Informin!! th e
team by unday ni g ht at 8.00 p .m. w he th er the /
The case srudy contains material concemmg
meetinS wou ld be reqlllred or not.
liaison activtties. These are shown for illustra-
Fern reviewed the dcci ion made , who was to
tio n purposes, and would not normally be the
"'nrc what sect ions , and when the duc dales were ,
res ponsibility of stude nt teams. Some teams
The meellng adjourned.
mi ght want to designate a member as liaison to •
8.8 SUMMARY
Projc:ct costS are estimated as early as prOject Ini tiation, well before the requirements arc defi ned. The earlier
the estimate is made the greater the margin of erro r, and we therefore use ranges as a way to calculate
estimates. For example, during c..onceptualizarion , co t estima tes ca n have a fou rfo ld estimatio n error,· afte r
deSign , a ewofold error.
Project eStimates are done by nrst fi nding something objective to measure , such as lines of code (LOC).
Since this is done before any code IS ...'ritten , the applicati on IS compared to the LOC of si milar or related
software produced in the same company, and the LOC of the new app lication is extrapolated fro m that.
Ano th er way to produce LOC is to compute f.II Clioli POilil' , which objectively measure the intended
fu nctionality of the new software. The function point calcu lation produces a si ngle number that is then
converted to lines of code using a standard conversion . Once LOC arc calcu lated, the COCO 10 model can ,
be used to compute an eHort estimate.
Agile projects can be estimated by the use of story points, whic h are assigned based on a compa ri on of
new stories to existi ng stories. For example, an average story 1S give n a score or 5, ilnd all new Slories art'
compared to that story. ,
Once an estimate is made, a detailed schedule is constructed that lists all the tasks, their duration, th.,r
dependence on each other, and the resource assigned.
EXERCISES 211
A ...
project
" plan is created that includ es aII prOject
. .m format.on
. ..ncludml!
. project
. organization , roles and
respons.b.Iot.es
. ' project estimate • sched U Ic, an d ns' ks . It aIso mcludcs
. references to such doc'Ument5 as
configurallon management , and verification and valodation plans.
8.9 EXERCISES
1. Describe in at least one paragraph at least two consequences of failing to develop a written project plan.
2. Suppose you are tasked with computing the numbcr of function poi nts for a small application .
Assume the application implements the following functionality measures, all of which can be
c haractcrized as having medium complexity:
5. Ust a part of the SPMP that you r student tcam IS probably unable to supply at this stage of the project.
Th.s refers to a part you will have to return to after mo re work has Ix.'en performed on the prOject
6 Explaon why project planning is considered one of the phase in the software Io fe cycle and al 0 an
umbrdla act.vity that stretches acros several phases
212 CHAPTER 8 PRINCIPLES OF SOFTWARE PROJECT MANAGEMENT II: ESTIMATION, SCHEDUUNG, AND PLANNING
TEAM EXERCISE
SPMP
Develop a oftw.re Project Manageme nt Plan for YOllr project. Use (or tail o r, or improve upon) the
IEEE sta ndard, as shown ," the cas. srud y bel ow, Include at least two ite ratio ns ," the sche dule, Obtain
a roug h estimate of the size of the produc t,
Befo re you begi n, es timate the number o f defects per page th e team th inks it will discover during
its fIOa l revlc,,'. Keep track of, and report the time spent by individual members and by total team j
effort in the fo llowing stages: research , docume nt preparation , review (including inspections). Show
the actual defect density (ave rage number of defects per page). Assess your team's effectiveness in
each stage ," a scale of 0 to 10. Summarize in a narra tive, usi ng the numerica l results, and state how
the team's progress could have been improved . The team is encouraged to usc additional metrics if
they co ntribute to effec tiveness in this and future efforts.
Criteria: I
I. Degree of clarity o f the plan and addendum (A = very clea r writing; all specifics included,
especially of risk retirement)
2. Degree of realism of the plan and addendum . (A = sets realistiC goals a nd procedures (neither too
ambitious no r too modest»
3. Extent to whic h the plan and addendum include all relevant speCifics. (A = > 95% of knowable,
relevant specifics included)
4 . Exte nt to which the plan and adde ndum exclude irrelevant mate rial. (A = < 5% if details supplied
Irrel eva nt)
Usefulness of you r self·assessme nt.
BIBLIOGRAPHY
5
funcllo n.polnt -Ianl!:'uascs-tablellnde:x.html {JccC'Osc:d November 15. 2009 }
jonc-s, Caper;, "Ap plied SojJIl,jj rf McalVfrI'Il"I1 Clobnl Alfo1 /y5IS oj P,o;/wCfl('nf)' a1fd Qwa/Jty,·' 3rd edLtLon, McGraw- Hill Osbome M~dl.l, lOOS ,
•
6 Dorfman , M , and R A. Thayer (ed'\: and contnbu lon.). "Software: Enslntc:rtn8." IEEE COIII~rtT SOC-IrC)', No,,~mbc:r 1999_
7 Ecl ipse:. httpJI""",,-w.c:c1tpse:org/cclipscli ndex php [acccmd December 10, lOO9]
8 Ec1tpsc. hnp,J/ww'W eclipse orglplatformlindex php
9. Eclipse. http IIwww.«lipscorw.C.CI I.... c/de:vdopmc:n tl«Jlp<;c_pro.tc~_ploln_3_0 hlml ,
uality and Metrics in project
Management
"
- The Software
• How do you use metries 10 improve
proJects?
Development
Life Cycle • What Is a software verification and
validation plan?
Figure 9.1 The context and learning goals for this chapter
•
Soft'wa re qua hty docs nOI come about by a ci d e m Achieving II Slarts by cu ltivolm g a quality culture
withm the prOject team . It also req uires careful plann ing and mo nlto nn g, with project manaKcrs continuously
asking ques lio n suc h as the fo ll OWing Ihro ug h o ut the h f~ of a projecl.
Agile teams become adept at answeri ng these questions for tcam · level work. Continua l interaction wlth
the ustomer, short, mutually deAned spri nts, and con tinual testing mcan that questions like these arc being
continually asked and answered In the co ntext 01 the team and customer rcpre entative. On the other hand,
the scope of the project can exceed a single group, in which case various non .agile techniques a re applied a,
well.
As introduced in Chapter 2, the answers to these and si milar questions are provided by metrics, which
arc data collected and analyzed throughout a project.
Examp les of project metrics are dtftclS ptr KLOC (thousa nd lines of code), lilltS codtd ptr ",an-",onl/, (MM ),
and Irst case f'Xtcuti01f rale. Each provides an objective measure of a project and its processes. Metrics are an
important tactical tool of Ihe project manage r. They allow tho manager to continuously assess project quality
a nd c hedule, identify problem areas, and gai n Insights into the project that allow him o r her to make
proactive decisions to head off problems. As an example, if during the testing of the software an unusually
high number of defects are discovered in a particular soltware module, action ca n be taken to proactively
remedy the root cause, such as conducti ng a co de inspection, redeSigning the module, or executing unit tests.
Without metrics, it is difficult to know how a project is executing and the quality level of the software. Metrics
help
•
not only current projects but also future o nes. This is because future projects base metric targets o n pa.st
ones.
Targets must be established to effectively utilize the metrics collected. For example, if 50 teSt cases are
executed during the nrst week 01 system testing, is the testi ng team making good progress or poor progress)
The answer depends o n the test case execution goa l deRned during project planning. If the plan called for
executing 100 te t cases, then lhe answer is poor progress; if the plan was 20 teSt cases , then the answer is
good progress. This also aS$Umes a Standard for "test case." The goa ls are establi shed by analyzing metries •
collec ted during prior projects and using them as baselines.
T"'rmal quality rders to the quahty activities undertaken by the development team itse lf. Th is calls for
cultivating a quality culture among the development tcam , an attribute of good leadership. The essential goal
here is a sense of shared responsibi lity and pride amo ng the team members. Fundamental gai ns in a quality
attitude accrue when the project ieader continuously ensures that the work is very o rde rl y, and that the team's
effort 3_fC focused on appropriate: pri orities.
We plan for the management of a projecl and its internal quali ty assurance procedures at the same time.
Internal qual Ity procedures, standards, and habIts arc active throughout the project management plan , the
requ.irements, the design, and the code.
Exltm,,1 provision for quality is specified in a eparate set of documents, the quality assura nce plan, the
verification and validation plan, and the test documentation . The relationship of internal and externa l quality
activities is illustrated in Figure 9 .2.
The interna l management of quality is as much a mind-set as a document ct. It begin with a
ir
conRguration management plan that ensures con iSlc nl and 5.tlfe documentation. (For example, we were t'O
implement the wrong versio n 01 the design document, the code would not match the requirements for the
impie.mentation , and thus would hardly be a high-quality productl)
Most project management plans de ignate team member; with specific responsibilities. Table 9. 1 shows
an exampl e of respon ibility designation in which each member also has a backup responsibility. Each activity
PROJECT METRICS 215
Perform
reqUirements Include tests lor each requirement
analysis
-
Create
design
Include tesls lor each unit
leader promotes an atti.tude of quality for his activity. The backup members can act as palf Inspectors for each
leader.
Proj'c1 ",,'rics are those that apply across the board or ha ve broad implications during a project rather than
being vety focused . The metrics process starts by identifying which mctries to collect . setting target goals for
each . and regularl y monitoring and reviewing them th roughout the project. Th is is described in detail in the
sectio ns that follow .
9.2.1 Identification
DUri ng proje t planning, the metries to be collected are Identified . Some arc applicable to all phases (e.8.,
defect ) wh.le o the rs o nl y apply to a spec.fic phase (e.g, test case execution ). While there are many metric< to •
chose from . some of the most usefu l arc as follows [ I ].
Project Milestones
A plan IS created early in a proje.c tthat contains a detailed schedule. including milesto nes, which are concrete
objectives that must be achieved at speCific times. A project manager monito rs the progress of a pmject
against these milestones to determ .ne whether it is on schedule. Project scheduling and the establishment of
milesto nes were covered in Chapter 10. The obvious metric here is the number of days between a milestone's
schedule and the day on which it was actually reached.
Testing Progress •
A test plan is usually constructed before any formal testi ng commences . It includes information regarding the
types of test cases to run and detailed information regarding each test case. The most common mctrics to )
collect during formal te ling arc the ralt oj ItSI cast t'Xtculioti and the )lumbrr oj passrd ttst cast'S , With these two
metrics, project mana gers ca n determine whether testing is proceeding on schedule.
•
Defect Injection and Detection
Defect metrics are probably the most common type of metric collected. Defects occur during each t
development pha e, but such defects may have been incurred (or "injected") during a previous pha...
The drJecr dclrcl'ion ratt is measured for a given detection phase and a given injection phase. For example, a
"defect detection rate of 0.2 per 100 requirements defects at the implementation phase· means that one defect
in the requirements is detected, on average, when implementing a set of 500 requirements . Figure 9.3 shows
an example project in which these data have been collected. It also shows the longevity of defects, phase of
injection vs. phase of detection. For the sake of simplicity, we have omitted the test and post.dclivety pha.ses,
which would complete the picture.
Let's focus on the detailed requJrements part of Figure 9.3. It shows that two defects per 100 were
detected during the requirements phase (assessed by means of inspections). This compares favorably with the
organization's norm of 5 per I00. looking across the "detailed requirements" row, we observe that our process
detected fewer than the normal rate of requirements ddects during subsequent phases. This seems to toll uS
that our project, and possibly the process we are using, is comparatively effective when it comes to producing
quality requirements. However, it is also possible that our detection process is worse than usuali This bears
investigation . To complete the table, we would include similar defect data collected during testing, and
during a specific rime (e.g., three months) after product delivety.
The results for d(Sign defects in Figure 9.3 are as follows . We detected more than the usual number of
design defects during inspections at the time they were injected, but recognized fewer design defects at later
PROJECT MElldCS 217
Defects detected,
-
Phase in whic h defect was detec ted
Per 100 requirements/per . •
in the design/per KLoC. etc. Detailed
This project/llonn requirements Design Implementation Deployment
stages. Since it is more expe nsive to detect and repair a defect lalcr in the process, Ih, s indicates that ou r
project seems to be superior to the o rganization norms. Figure 9 .3 also con",ins Information abo ut defects
detected after deploymenl to customers , whic h is surely the most Im portant metnc In the end .
Defect Resolution
Tracking defect detectio n tells us the rate at which we arc fi nding defects. giving an indication of the qualtty
of the evolving product. Equally important is the met ric d,Jrcl rtSollllioll . wh ich measures the rate at which
defects are being resolved. Defect detection and defect closure arc complimentary . Fo r example . even If
defect detectio n is meeting o r beating the plan. if the defect resolution rate is bel ow plan . the backlog of ope n
defects increases and the qualiry and schedule of the project suffer.
9.2.2 Planning
Once the set of merrics to be collected is identified. a plan is t'Stablished with targets for each metTic. The be'St way
to derive targets is to use the metrics collected during previous projects as a baseline. adjusted as neces<;ary
Without projections based o n prc-vious projects, it is very difficult for project managers to kn ow whether a project
is meeting expectations. An example of a plan used to track dcf,rt d,lrclloll and d,Jtrt mollifioll is shown in Figure 9 4.
Figure 9.4 tracks the number of defects submirted and resolved weekl y versus the plan . Each week the
actual number of defects discovered is fi lled in and compa red wi th the plan . In this example. note that the
number of open defects for the first three weeks is g reater t han what had been anlicipated. At the e nd of week
3/ 10-3/ 16, 103 defects are open vs. a plan of 66 . Armed with thi s knowledge . th e prOject manager can take
appropriate corrective action Similar plans are c reated for each of the other melnes collected .
DUTlng the Ide of a proJecl it is a good Idea for key members of the project team to revlcw the metn cs
On a regu lar basiS, usually week ly . One good way to do this is for the prOject mana ge r to c reate a pa ke t
of IOformatlon co ntall"ng metfl cs c harts as shown In Figure 9.4 T h IS helps pre se nt th e info rmat IOn In a
GonClse format for eaSie r review . H owever, JUSt presenting lhe se oVervIew e h art 111 a nOt be enollg h
For example, in additIon to th e defec t pl a n ~hown In Figure 94 . ,ddillonal'llfo rm a ll o n ~lI h a detailed
218 CHAPTER 9 QUAUTY AND METRICS IN PROJECT MANAGEMENT
Build
44
45
46
47
48
49
50 20 TROUBLE!
51 10
5
o
Figure 9.4 Example of tracKing defect resolution-recognizing problems with defects remaining open
defect re ports ma y be Incl uded to better uncie"tanci the ou ree of the probl e m bei ng d is ove red If thIS
I ~ done fo r each of the mc-tn S Incl ud ed In the report , the amoun t of i nforrnalion Ciln become
ovcrw hclnlln g Al lh ough it I S sti li a good Idea to Include It all , I t is common to crC<ltc a umrn<lry,
so me t,me s ,n the form o f a pro),rt dn ,I,/'onrJ . A dashboard pre Cllt a co ncise , g raphical summary of
esse nti al InfOrmal lo n re ga rding the ge neral health of J project. Th is IS analogo l1 ~ t'o an automobile
d ashboard . wh ich co ntains gauge.:; slic h as fue l leve l, odometer, and engine temperature , (0 quickl y J
a crta ln th e ge neral S1aru and hc alth of a cor F'g ure 9 .5 shows an examp le dashbca rd from the
PROGRESS
PRODUCTIVITY
E... , 1 ~ V~
(8CWP)
s 10 •
COMPLETION
Adual'-'
tACWPI
StD>*
T••' ' '....
Coo,Qlr"lJ uu"
COh;:'.U ~ On T..,...
I
I
I
--- ,
,,,
SAp •• d T1me
'j
CHANGE
OJI. arr Progra .. AlII""g,'! N,'ulork l2J Th e ty pe of 1I1formatlon cO llla in~d ,n a d .. hboard Includes the
following·
• MilestOne ompl~tion
• R~uirements changes
• onnguratloR changes
• tilff turnover
• Staff overtime hours
With this concise project rnformation , stakeholders can focus therr attent ion o nl y o n those metrics not
conforming to plan. For "xample, it can be noted fTOrn Figure 9.5 that the plan ca lls fo r two requirements change
per month, but in the period covered by the dashboard three requirements changed. Stakeholders can now look
at more detailed informatio n regarding the requirements that changed to determine whether they pose a risk to
the project. Other merncs that are meeting or beating the plan need no t be examined In great detail.
But how do you Ide nti fy what needs improvement? There is a wise saying that ")'OU ca n't improve what
you don't measure: Metrics provide the measures that allow projec t managers to identi ty how a prOje t IS
performing, the areas requiring the most improvement , and the objective data needed to measure the ratc of
improvement . The next two section desc ribe how this is accompli hed within and across project.
The first step to Improve qualrty fro m o ne deve lo pment phase to the next is to coll ect me trics dunng cach
phase. Table 9.2 shows a summary chart that ca n be used, which include< prov i io ns for o mpariso n with P3>t
projects The data ca n be used In twO ways·
•
Table 9.2 Data on actMties relating to document creation and error rates
Quantity'" N/ A N/ A 22 N/ A N/ A N/ A 28
I
(Average procuctMty) TBO" TaO ' TBO" TBO" TBO" TBO" 18.3"
Self·assessed Quality" 3 S 2 1 5 9 N/ A
•
•
The informatio n in T able 9 2 is examined, co lumn by column, identifying data that are different from
par. For cach datum below par, we de vise concrete actions that the team will perform differently for the
next phase . For each datum above par, we look for beneficial techniques that may be applied in future
phases. "Self-assessments" arc comparat ive, subjecti ve scores that the team assigns Various activities . One "..
way to collect the m for four actiV iti es, le t us say, is to ask each team member to allocate 5 x 4 = 20 points
among the fou r activities, each score being betwee n 0 and 10. The averages indicate how well the team as a
whole th inks it performed o n each activity. Th is i a subjecti ve measure that can be profitably compared
with other metrics .
Here IS an explanation of the superscripts in Table 9.2.
Left-Hand Column
II Spent by entire tcam , in person -hours
Ll The average amount of time spent on these acti vi ties in one of the following (select one), entire
organization o n all projects, e ntire orga nization on si milar projects (the ideal ), this department on all
t
projects, this department o n similar projects, this team o n prior phases.
U For documents, to tal number of pages produced in the case of documents. For code, X 1000 lines of
no n-commented code. A line of non- commented code is de fi ned as < A precise definition is provided
here. perhaps showi ng examples of how to count lines for common constructs such as for loops.>
L' This is a judgment that the team makes about the quality of the activity's product It is subjective but
ca n be very useful. A good way to obtain self-critiCism is to force the average of these numbers to be
five on a scale of 0 to t O.
USING METRICS FOR IMPROVEMENT 221
Top Row
1'0 Spent b>, team members preparing the an ifact to the best of their ability; before submitting anifac! to
the rest of the team for review
TI I nc Iudes inspectIOns
' .
T:l After review; responding to comments from the rest of the team
In~rior of Table
II Measuring productivity for these activities is a more advanced concept and is covered later.
12 Pages per hour = (total pages)*60/{ total time in minutes)
13 Found during the "finalizing" stage
1< This metric is determined by the end of the project or even during maintenance-when defects are
detected that were injected during th is phase.
The following notes correspond to the last row in Table 9.2 and are examples of speCific process
• •
Improvement actions.
I. Our self·assessed quality measure on rmarch was 3. The team spent a percentage of time on this actlviry
that is close to the norm, so the remed y is not to spend more time on research . If there were know n
reasons why research was on the poor side (e.g., a new procedure or very unfamiliar type of application)
then the data here may not be a cause for alarm . O therwise . the team would discuss how to improve the
research process in the future .
2. The drajliHg of the artifact was poo r in several respects. It too k more than twice as lo ng to draft a page than
is usual; the product of drafting was significantly poo rer than the self·assessed average of nve; and the
defect rate was significant ly higher Ihan the norm. The table by itself proVIdes no explanations or trade ·
offs to deal with this, it merely indicates the problem . The tcam con iders the particular circumstances of
the activity and deci des what went wrong and how to fix it. For example, perhaps the main reviewer wa
Ed and his mother became ill during the actIvity The team may conclude that there was not enough
backup for lead writers, for example .
3. The next problematical activity was ,rui,wing, where the score waS lowe<t· I. ince the team spent 20
percent of its tIme reviewing compared WIth the no rm of 30 per ent , the team's first co nclusio n is
pr.obably to spend mo rc time revieWIng. ThIS has to comc at the ex pen,.., of another activity. The team
would probably take the time from the po, 'mo,'r", activity, where ItS sco re was very high, and finn/iz l"g,
where it spent more th an the usual amount of time
4 To capture benefic .. 1 prac tices for the future , the team notes area where It performed well . This applle
to the poslmorUm activit y, wh 're it performed IlIShl y to It< \OtISf. ti o n and used less time than is u,ua!. T he
team must Identify the r · a~on~ . An example is any unusu~1 actIVIty, <u h as team members btlllg ing t th
postmoncm prepared statements of prOLe" IIYlprove mcnt.
222 CHAPTER 9 QUAUlY AND MEIRICS IN PROJECT MANAGEMENT
Our self·evaluatio n gIve S o rcs of 3 to review and 8 to resea rch o ut of a forced average of 5. We spent
15% of our time o n revi ew and 25 % o n resea rch . We will spend 20% on each of these activIties for the
next pha e ,,
O ur ddect rate decl ined steadily except fo r thi s phase , when it rose. This seemed to be due to a lack of
commo n vi sion prio r to divid ing the writing. In past phases, we succeeded in establishi ng a common vision
of what we wanted to do before beginning to write our parts. Before begi nning to write the next document
we will conflnn a shared vision .
The ratio of requirements time to design time was 1.2, which is lower than this ratio from past successful
projects in the compan y. O ur design self·eva luatio n was 6, more than average . On our next project, we ,
•
plan to spend 10% more time on requirements analysis at the expense of design time.
Teams set aside time at the end of each phase to assess the conclusions drawn from me tries, and to write down
how it will improve its process during the next phase. Figure 9.6 shows examples of improvement conclusions.
Companies strive to improve their perfomlance from project to project. No matler how efficient they are, the
be l orga nizations know th ey can always improve. Th ey iden tify area s for improvement and specify actions
that w"l lead to the desi red improvements in those areas o n subsequent projects.
Ste ps that can be taken to achieve these improvements are as fo ll ows,
1. Ide nti fy several areas for Im provement that arc important to the company. Examples include ~uality,
,cb,dul, prrdiclahility. and ,fficorncy.
2. Identify and coll ect metnes ,hat measure perfo rmance in each of ,hese areas. These metrics arc used as
baselines for setting goa ls in future projec ts.
3. As part of project planning fo r a future project, establi sh goals for improvement in each of the identified
areas, usi ng melrics from prior proj ects as a base line.
4. Identify speCific actions to implement that will support achievement of the goals.
As an example, Figure 9.7 Ii51 fo ur arcas ,hat have been identified for improvement, S<'brdul,. prrdiClahilily.
cIficimcy, and timt-lo-mn,kcL A metnc is identiflcd fO accurately measure project performance i n each area. Note
that the re may be severa l appropriate metrics to usc in each area, but fo r simp licity we are only identifying
one. An improvement goal is identified for each category, and speCific ac tions arc defined to bc implemenl<d ,
in the next project in o rder lO reach the targe ted improve ment goa l.
Figure 9.8 contains a ge neric set of actions to be implemented in order to reach the first quality
improvement goal Ii ted in Fi gure 9 .7, redu cing dqrc/,IKLOC by 10 percent. Note that in this example we ar<
I
o nl y fOCUSi ng o n the d'frc15IKLOC as a measure of quality, in practice there arc othe,-,; we would focu on as well.
The first of the improvement steps is to identify those parts of the software that contained the mas'
defects during the pno r release. The areas are then targe ted for additional design and code reviews to
understand why they contained a high number of defccts, and a plan is devised to rdactor those areas durin8
the subsequent project to improve their quality- Provisions are made in the planning of the subsequent projrct
to incorporate these action .
SOFlWARE VERIFICATION AND VAUDAnON PLAN 223
Improvement
Metric Description Coal
Quality Defect KLOC New defects fo und dunng 10 %
forma l QA testing , per
c hurned KLOC
Time to Market Cale nda r rim elKLOC Pre -QA ca le ndar time per 15%
c hurned KLOC
Figure 9.7 Improvi ng projects across the organization examples of Improvement goals
Recall that "(rificalio" respo nds mainl y to the question "Are we correctly building th ose artifacts in the present
phase that were specified in t he previo us phases7" Validalion res po nds to the q uestion "Do rhe artifac ts JUSt
completed in the prese nt phase sat isfy their speciRcations from previo us phasesi'
IEEE 10 12-2004 Softwa re Ve rificatio n a nd Validati o n Pla n. whose hea din gs are reprodu ed in Figu re
9.9, provides a framework for expressing the manner in w h ich V&V is to be carried o ut. Th is specificatio n is
writte n during in itia l p roject pla nn ing , a nd complime nts the Software Q uali ty Assurance Plan covered in
Chapter 6 and the case study in C hapte r 8.
The annexes to IEEE V &V S tandard 10 12- 1998 are as fo llows ,
Annex
A. Mapping of ISO/ IEC 12207 V&V requirem e nts to IEEE Std 10 12 V&V activities a nd tasks
Actions,
I Purpase
5.4 Opera tian V&V
2 Referenced da cuments 5.5 Maintenance V&V
DcRni tlans 6. V&V repartlng requirements
4. V&V 'Overview 6. I Reparti ng
4.1 OrganIzatIOn' 6 .2 Administrative
4 .2 Ma ter c hedule 6 .3 Documentatian
4 .3 Saftware integrity level scheme 7. V&.V administrative requirements
4.4 Resaurce summary 7. 1 Anomaly reparti ng and resalution
4.5 R~ponsibi l i t ies 7 .2 Task iteratian palicy
4 .6 T 0'01 , techniques, and me thodologies 7 .3 Deviatian palocy
5. V&. V pracesses 7 .4 Standards, practic~ , and canventions
5.1 Management 'Of V&V 8. V&V dacumentation requirements
5 .2 Acq uISi tIo n V&V
5 .3 Development V&V 'Subheadings arc typical examples (IEEE )
Figure 9.9 tEEE 1012·2004 Software Verification and Validation Plan-table of contents
Source IEEE Std 1012·2004
C I Technical Independence
C2 Managerial independence
C3 Fi nanCIal independe nce
C4 Farms of independence
C4 . t Classical IV&V
C 4.2 Modified IV&V
C4.3 InternallV&V
C4.4 Embedded V&V
D. V&V 'Of rcusab le saftware
E. V&. V metrics
E. ! Metrics for evaluati ng saftwar< develapment processes and products
E.2 Metrics for evaluating V&.V tasks and for Improvi ng the quality and coverage of V&.V tasks
F. Example 'Of V&V organizatia nal re latianship to other praject res pa nsibilities
G. Optional V~.v task descriptions
H. Other r<ferenc~
I. Definitians from existing standards (na rmative)
Copyright IEEE 2003
An ideal pracedure is for an outside group to perform V&V. This is ca lled '.d,Jontdtttt Vtnjk.rio. ""d
V.lid.riml (IV&V).
CASE STUDY: SOFTWARE VERIFICATION AND VALIDATION PLAN FOR ENCOUNTER 225
TI,e next s~ tion in the hapter gives an example of a VVP case stlldy .
9.5 CASE STUDY: SOFTWARE VERIFICATION AND VALIDATION PLAN FOR ENCOUNTER
• Perform all post -unit te tin g • Arc all cntlca l marketing factors identified?
• Report the =ults to the team and management • Docs any conce pt Imply a SIi!nificant risk to pro~Ct
completion) If so, should that concept be mitigated?
• Maintain this document
,
5.3.2 Requirements V&V
4.5 Tools, techniques, and methodologies The Encounter SRS WIll be verified by answenng the
follOWin g questions,
To be supp hed
• Are all critical requirements that were identified
5. life Cycle V&V during the concept phase speCified)
The V&V dforton Encounter (i ntemal and external) will • Does the SRS account for all required interf.ces
be supervised by the manager of Quality Assurance. with other systems?
' Acquisition" is the process by which an orga- • Arc all requirements accommodated by the design)
nization obtains software. Using third·party
software relieves the development organiza · 5.3.4 Implementation V&V
tion of having to reinve nt the wheel. However, The Implementation of Encounter will be verified by
it places a burden on the organization to answering the follOWIng qu('Stions,
certify the Quality of such software. Many
disasters have been expenenced because this • Are all requirements fully verified)
step was avoided.
• Is the code organized in a way that faCilitates
traceability back to deSIgn and req uirements)
Each vendor·supplied tool used for the develop-
• I all code documented according to standards
ment of Encounter will be valIdated by the QA engineer.
• Is all code thoroughly documented )
5.3 Development V&V
5.3.2 Test V&V
5.3.1 concept V&V The test documentatIon of Encounter will be verified
Conceptual work on the Encounter game concept by answering the follOWing verifiCJIIOn Questions,
will be verified by answering the following questions. and the .ahdation questions that follo,,'_
CASE STUDY: SOFTWARE VERIFICATION AND VAUDATION PlAN FOR ENCOUNTER 227
This part verines that the application is appro· 7.1 Anomaly Reporting and Resolution
priately supported after deployment to users .
The QA engIneer attached to the Encounter prOject
wi ll mainta in th e current state and the history of each
To be supplied defect fo und . T he QA enginee r will rnai ntalll all
metrics identi fie d in the SQAP o n a Web site and
WIll e·mail a list of all anomalies (including defects)
5.9 Maintenance V&V
Ih at he or she deem to have excessive repa ir time·
TI,e maintenance plan hall be veri ned agai nst corn · Iones. This includes defecls with no repair duration
pany mamtenanee crite ria , specified in the com· es timates and tho e that have exceeded their planned
pany's mai ntena nce requirements and procedures, compictl on date . The Bugzil la fa cility will be used.
documenl 890.23.
7.2 Task Iteration Policy
6. Reporting Requirements
Th ,s seclion explains the circumstance under
Th,s includes who reports the resu lts of the whi h VsN tasks are repea led be au C 01
V.. V effort and to whom do they provi de results obta Ined o r because of changes in
thcie report~, the project.
228 CHAPTER 9 QUALITY AND METRICS IN PROJECT MANAGEMENT
v V tasks wlil be ropea ted at the discretIon of Any pro posal to deVIate from this plan requires
the QA repre e ntatl ve, but these wlil Include the th e approval 0 1 the QA manager and the project
f 1I 0"'lng c riteria . manager
• A n inspectio n w hose defects count is more than 20 7.4 Standards, Practices, and Conventions
percent greater than the norm
These arc set down for all company prOjects at http://
• A test whose defects count IS more than 20 percent
• •
grea ter than the norm
8. V&V Documentation Requirements
• An entire phase ,f the previous phase c han ge by
mo re than 20 percent.
Section 6 de cribed what should be reponed.
7.3 Deviation policy Section 8 covers the means for noting in
writing the results of V&V. It specifics the
form that all V&V documentation must take.
Describes the procedures required to deviate For example, it could be organized as an
from this plan . appendix to this document.
9.6 SUMMARY
Quality In project manage ment begins by cultivating a quality culture within the project team . Members
develo p a shared r.spon Iblilty and pride . Many projects designate team members with speCific responsibili.
tICS, and each actIvity leader promotes an attitude of qua lity for h is activity.
En unng quality reqUIres carefu l planning and mo nIto rin g throughout. Metrics arc collec ted and
analyzed, providing means of concretely assessing how well a project is executing . There are many useful
,,,1
metrics, some of the most ba IC arc projecl mtl,,'oHr plaIH"d '" fulfillrd , drJecl rOIlHI" and ",rruIIOH .
After identifying the metries to be collected, a plan is created with goals for each . Targets are created by
analyzing previous projec ts and using metrics fro m tho e a a baseline. If targets aren't established, project
managers will not know whether a prOject IS o n track.
During the course of a project, the team meets regu larl y to review the metrics. In addition to the detailed
data , a grap h ical summary often known as a projrrl dasl,board is c reated. The dashboard presents the key metries
in a clear, conCIse manner, allowing the team to quickly ascertain how each is aspect of the project is
perfom"ng against the plan.
Successful companies strive to improve the overa ll quality of their performance, both during the course
of a project and between successive projects. Metrics are analyzed in each case to identify areas requiring the
most improvement. SpeciRc actions arc then enacted, and metrics objectively measure whether the
improvements arc providing {he anticipated results .
The Sol-tware Verification and Validation Plan is an important part of project quality. It specifies a plan
for generati ng artifacts based on specificatioAs of previous phases (otrifiralion), and for building software that
meets customers wants and needs (validalloH) . IEEE to t2 · 2004 provides a framework for this document.
9.7 EXERCISES
I . In your own words, define · proJect metrics" and explain how they are used in managing a projcct.
2. The defect pl.n in Figure 9.3 shows the number of open defects falling behind plan st.ning in week
I . Assuming you are the project m.nager, at what point would you start taking corrective aclton'
BIBUOGRAPHY 229
Would it be aftcr the Arst week, or would you wait a number of weeks to see whether the situation
Impro v Arc there any other metrics you might collect to help you deci de? Write a paragraph to
e):pl~ in Ollr an wer.
3 D~cribc in your own words how a project manager could utilize a project dashboa rd in managing
a project.
4. What metrics related to software testing mi ght you include in a weekly project metrics report to
provide insIgh t into the status of the te ting process? Explain your choices.
5. For each of the remaining ca tegories in Figure 9.7 (predictability, efAciency, time to market),
Clcate an acti on plan to reac h th e stated improvement goals. Use Figure 9 .8 as a template for your
plans. Include a minimum of three actio ns to take for each ca tegory .
I EAM EXERCISE
V&V Plan
TI. Produce the relevant parts of a V&V plan usi ng IEEE standard 10 12 · 1986. Measure and report o n
the metrics described in Team Exercise TI in C hapter 6.
Criteria:
1 Practicality: H ow well does the plan ensure that the work will be adequately veriRed and validated?
(A = completely practicable in the environment of the project)
2 SpeciRcs: H ow speciRc is the plan in terms o( sui tably naming places and participants? (A = spell s
out exactly how V& V will be performed in the e nvi ronment o( the development)
3 Team participa·nt pe rce pt io n: T o what degree are partici pants likel y to perceive your plan as a help
to them ? (A = written in a way that respects the time and efforts of engi neers)
SQAP
T2 . Produce a rea list IC softwa re qua lity assu rance plan for your project. Measure the time spen l o n thi s
dlort by indivi dual mcmbers and by the complete team . Provide the corresponding metric data and
self-assessment for this assign me nt , as described in Team Exercise in Chap ter S.
BIBUOGRAPHY
I la ird, unda M . Ind M rol Srerman, hware Mea suremen t and E~ um;ulon A Practica l Appro') h/' W"ry- I'IIUlC"IOKt, 1006,
P9 181- 192
1 SohwJr~ P,oKram ManDQl'!l1 Nl"two r'k (S PM N) hup Ilwww ~ nl1ln com.
I
principles of Requirements
Analysis
Figure 10.1 The context and learning goals for this chapter
Bdore a software system is deSIgned and implemented, one needs to understand what that system .s
intended to do. This intended functionality is referred to as the rc4""",,,,,t5, and the process of gai ning the
necessary understanding of this is col lled rrqulrrmrnts ,malYSIS. An application for Video store management , for
example, could mean different things to different people, each a somewhat differing set of require ments. One
intop",r3tion could be an application that track. employee t.me and outputS paychecks; another, an e·m.,J
SOURCES OF REQUIREMENTS 231
• The proce of underst4ndinl! wh4t's wanted and needed in an apph ation For exa mpl e, yo u may know
that you U'.,.'
a colo nia l hou e in New England, bUI you may no t know that you will pro babl y ""d a
baseme nt for it .
• W e exp re require me nts in writing to comp le te our understand ing a nd to create a contract betwee n
develo per and custo me r.
appl ication that processes Customer ren ta l req uests; a third , an a pplicatio n th at records rented vi deos and
computes charges; and so o n. As in mOst busi ness endeavors, the reliable and professio nal way to specify what
IS agreed upo n i to ex press it in writi ng. Therefore the o utput of requirements analysis is a software
requirements speciReatio n (SRS). T hese po ints are ummarized in Figure 10.2.
A requirement specioes wha l the customer wants. Th is no rmall y docs no t include any th ing about how the
applicatio n is d esig ned o r programmed . Specifyin g a req uireme nt is like tell ing a cont racto r lhat you wa nt a
12 foot by 15 foot roo m added to yo ur house . You gene rally do no t specify how yo u wa nt the contracto r to
build the additio n thai is a desig n a nd const ructio n issue.
A dd ective requirement (i.e., o ne not re paired before the requirements document is fina lI zed ) turns o ut to be
very expensive. It i·s an estimated 20 to 100 times mo re ex pensive to re pair if allowed to slip thro ug h the
develo pment process compared with re pairing it soo n afte r it is incurred, In Anancia l term s, if the cost of
Rnding and repairing a defec t at requ irements time is $1 , then the cost of Rnding and fixing that same defect at
the end of the deve lo pme nt process is $20 to $1 00. The damage that re ults fro m the custo mer's poo r
experience with the appl icatio n is a fa cto r addit io nal to the expense involved.
G iven the trem endous be neRt of detecting and re pairing defec ts at requirements time, "' hy are so many
projects damaged by poor o r no nexiste nt requ irements anal ysis) A princ ipal reason is tha t custo mers usually
do no t know at the beg inning o f a projec t all that they want o r need . Instead , they learn to understand what
they themselves want o nl y while th e project progresses. Th e Encounter case stud y is an example of th is
uncertainty; it has a purpose, but o ne whose de ta ils are still in fo rma tio n. Thi s book emphasizes ite rative
develo pm ent and the close alig nm ent be tween the requirements, deSig n, and implem entation Agi le method s
are a prime exampl e. Engi neers usi ng a well ·orga nized ite ra tive process gathe r requirement , desig n for those
requi reme nts, and impl eme nt for them in coordinated ite rati o n ~ .
We usually th ink of cu,'omm as the source of requirements since a ppli at,o n. are bUIlt fo r them. In p ractice,
matters are ra rely sim ple here because t he people paying for an applica tio n, the peo pl e who will be u ing the
appllcallon, and the people de<ig natcd to wo rk o ut the requ ireme nts may be differen t. It is wisest to conSIder
the WIshes and nee d~ of a spec trum of people. All of the people wi th on interest in an a ppli Ci'l tlo n' o utcome Jre
known as its .lQlctholdm To simplify matters In till' c hap te r, ho wever, we wi ll usuall y use th e tern, "c usto mer,"
There are two mai n requireme nts analysis challe nge , F" , t, a< already men tio ned , ustomers ro rel
know exactly wha t they want whe n a proJcct begi ns. TI,C co mplexi ty 01 mo dern appt. atio n, Ill akc~ ,u h
com pleteness all but impOSSIb le. ccond, <.Usto mc,.,. rare ly know all that they !I"d , either o metim", . th ey are
noteqUlpped to know it To relUrn to thc hou< add itiun ana logy. It may take tllne for a ho meow ner to ...:ollz,·
lI,at for the addit Ion he wants. he wi ll deS ire wi ndow_ o n 0 11 wa ll s. H e may have III be cdu atl·d to unders tand
that he n eed~ u> >uPP') rt the addI ti o n wi th p,ers ra ther than WIth a reg ular fou nela tion,
232 CHAPTER 10 PRINCIPLES OF REQUIREMENTS ANALYSIS
t
Unconstra/n«J
Doclslon support system lor mlillary IBeIICS
•
Encountor video game •
I •
Relatively ApproxImate % of requirements
low gstheled from people
Requirement arise fro m mult iple sources, mostly from stakeholders, but also from documents and even
from books As shown in Figure to.3, Brackett [ I ) has plotted severa l types of applications to illustrate the
degree to which requirements are gathered from people, as opposed to other sources such as written material
Figure 10.3 classifIes applications by the degree to which they are constrained by nature restrictions on the
application that cannot be altered. For example, an appl ication that describes the trajectory of a ball is constrained
by graVity; chemICal reactions arc constrained by physical laws. Generally speaking, the less constrained a
problem , the morc its requirements must be obtained fTom people. At one constraint extreme, for example, is our
Video game case study. Being the product of pure imagination, it relies on people for most of its requirement.<.
A typical reqUirements document is large A detailed description of every requirement, although nccessary in
some fonn or other, can be mlnd · numbing to read. Imagine, for example, a document that spells out evety
detail of every property of MICrosoft Word™ . It would certainly no t read like a novell For thIS reason, we
often divide requ iremen ts documents into two parts, "igl>-fro" and d,tai/,d ,
The first part of a requITements documen, is an overview, which is relatively readable and is wdl suited to
customers Its contents are referred to as the high-ltvd or hSlSI:1t'Ss requirements . Anyone wanting to get an idea of
what the application IS all about read the high-level requirements. In many organizations, the mark<ting
department p~pares this material based on market research and conversations \~i th customers Although not
fonnally necessary, the hi gh -level requirements often Include a de cri ption of why the application is being
built, and they state the benents to both the developing organization and the customer [2). In some
organization s the: hlgh .level requirements fonn a separate document such as a -market requirements-
document In thiS book we will include the high-level requirements In the SRS. As an example, the video
tore application high-level reqUirements might contain sentences like the following ,
NONFUNCTIONAL REQUIREMENTS 233
The V,deo tore .ppl. at,on sh.1I enable clerks to che k DVDs in and out
The followIOg hows a ketch f the maIO u er ,nterface. . . .
The second part of a o mpl ete requirements do um ent con is ts of the complete particulars. They are
espeCially u ,,"11 for developers, who need to know precisely what they have to build . These arc the d.l.i/.d
rrquiJtm(IJts. Although de ta iled requirements are used frequently by developers, the y should be understandable
10 the u IOmer, and hou ld not conta in developer Jargon wh ere possi ble . Here are o rne examples from the
",deo slOre applicatio n.
The dail y late charge o n a DVD shall be computed at half the regular two·day rental rate, up to
the value of the DVD listed in the "Interga lactic Video Ca talog." '\>Vhen the amo unt owed reaches
this value, the to tal late charge is computed as this amount plus $5 .
When the "comm it" butto n is pressed o n CU I 37, the CUI shall diS3PP('ar and CUI 15 shall
appear with a superimposed g ree n bo rder (RC B = 6, 32 , 8) and the name and address 6elds Riled
with the data for the custo mer.
One challenge of writing the hig h·l cvel and detail ed requirements is to ensure that they remam
consistent over time. Thi s is facili tated by kee ping the hi g h. level requirement at a hi g h enough level-for
example , "Clerk can enter customer particulars." Thi klOd of statement te nds no t to change very much O n
the other hand, the details are provided in full in the detailed requirements and are much more liable to
evolve. A corresponding examp le is, "Clerks ca n enter th e customer's Rrst name of I to 10 alphabe tical
characters in the text neld shown in ngure 34 , a second name of I to 15 alphabetical characte rs . .."
Requir-ements are commonly cla.ssiRed as either i""" ioll.' o r "o"i"""io,,.1. Thi s classiRcari o n applies to both
high. level and detailed requ irements. Each type IS described in the sectio ns that fo ll ow.
Fu.d,o•• ' rtquirrmtnls, also known as beh.viora' reqUirements, spec,fy serv, ces that the application mus t provide
(e.g., 'The appltcation shall compute the va lue of the lIse r's stock po rt fo liO ."). An appltcation all ows entities
Interacting with it (ty pica ll y users) 10 accomplish tasks. Such an enti ty IS fTequent1 y a perso n, but it ca n also be
a machine o r eve n ano the r program . Ai""elio,,,,1 "q"i,,",",' speCifies something specinc thatlhe applica tion
allows such an entity to accomplish . In o ur video store application , fo r example, the fo ll OWing are fun ctio nal
requin:ments .
Any requirement that docs no t ~pcc ify fu nct,ona llty prOVided by tht· app lt atlo n I< "0..j"",,,0,,,,1 For cxarnri~ ,
• requJrement such ., "the ap plica tio n shall dl<pla y a custo mer\ a Ollnl >latll< In ics> th an two seco nd • "no t
functional , b ·c.ausc ,t does nnt <pc Ify a <pcc ,f, ,crvlCe Instea d, ,t q"al, 1(5 a service or erv, es « pe ,nts
23<1 CHAPTER 10 PRINCIPLES OF REQUIREMENTS ANALYSIS
somcthlnfl abou t th m). No nfun tio na I req uirements need to be , pc iAc, quantit.able, and testable. Consider
a nonfun tlo nal requirement that read,
This reqUirement is vague (e.g., what docs reln"It mcan l), no t quantifiable (e .g , how fast i quicidy7), and
therefore no t able to be tested. An imp roved versIOn of the requirement would be as follows
Once the OK butlon is pressed o n the "Retrieve Account In formation " sc reen, the user's account
info rmati o n shall be displayed in less than 3 seco nds.
This requirement IS specific (because it identi fies a specific button o n a specific screen), '1uantiAable
(because of the specific response time), and testable . The documentatio n shou ld make it clear exactly what
"the O K bUlton" refers to.
Major no nfunct ional categories are· qua/il'" (e.g., reliability, availability, maintainability, etc.), Co", I'<li. l,
(o n the applicatio n or its deve lopment )' ",',mal i" '"jam (hardware , software , communication) and mor
COrtdJliolls. The se are summanzed in Figure 10.4 and elaborated upon in succeeding sec tions.
Rdlabllity "4u""",,,I, specify "the ability of the software to behave consistently in a user· acceptable manner
when subjected to an environment in which It was intended to be used." [ 3]. In other words, it is the extent to
which defects wi ll be detected by users dUring no rmal operation . This kind of requirement recogn izes that
applications are unli ke ly to bc perfect , but limits the extent of imperfection in quantified terms. The following
is an example , and assumes that a definition of 'kve l o ne faults" has been provided.
The Airport Radar Application (ARA) shall experience no more than two level-one fau lts per
mo nth .
• Quality attributes
• Reliability and availability (observed fau lts, ave rage uptime)
• Performance (speed, throughput, storage)
• Security (maliciOUS and non malicious compromi se of data o r functionality )
• Maintainability (cost to maint.,n)
• Portability (move to a different operating environment)
• Constraints on the applicatio n or it developm ent
• User interfaces
• Error handling
Figure 10.4 NOnfunctJonal requirement categories
NONFUNCTIONAl REQUIREMENTS 235
A"",labi/ity losdy rdated 10 re"abllity. quantifie< Ihe degree to which the application is to be ava lable
to lIS u el'5 The followlllg i an example .
ARA shall be avaIlable at level one on eIther the primary or the backup computer 100% of the
l1mc.
ARA hall be unavailable on one of thcse computers at level o ne or two for no more than 2% of
the time in any 30-day period.
Often . high-availability requiremcnts are specified in terms of "the nincs." For example , Ave-nines, or
99999% availability, means that a sy tern ca n o nl y have a yea rl y downtime of 5.256 minutes. This type of
requirement might be documented as fo llows.
Ptr/o"",,",, rrqui,,,,,,,,', specIfy timing constrai nts that the application must observe. These include
elapsed time for computat ions (speed), throughput, and storage (e.g., RAM usage, secondary storage usage,
etc)_ The follOWing i an example .
The Stress Analyzer shall produce a stress report of type five in less than a minute of elapsed time .
Performance requirements are a critica l part of ,wl-,im, applications , where actions must complete within
specified time lim its. Examples include collision avoidance software. Aight control applications, and antilock
brake controls. The follOWing is an example .
Stcurity "qui",,,,,,,, co ncem mal icious Intent toward a system. Th is makes security different from other
requirements, which specify application behavior when used by well-intentioned people. One can specify
requi rements that contribute towa rds security. These call for concrete measures, such as login procedures,
password lengths, and so on, that contribute to making the product more secure. On the o ther hand, imp"cit
security requirements are far more di fficu lt to deal with . Implicitly, no o ne wants an application that is vulnerable
to attack. so the requirement exists in the abstract. H owever, the nature of many future attacks is not predictable,
and so there is no way to specify a requi rement for their defense exccpt In genera l tcrms that are of little value.
Mainlainability rrqu"""",', specify how easy or difncult it i to modify the softwa re. as a result of fixing a
defect or implementing an en hancement. For exa mple , the easier it i to understand the software, the easier it
is to maintain . Maintainability can be measured by th e time it takes to repair defects. The f-ollowing is an
e.ample of a maintainability requirement.
The average time fo r a maintenance engineer 10 repair a sevcrity ·2 defect shall be no greate r than
8 person -hou rs .
Portabil,IY rrqu",mtnl' Identify those parts o f the sohwarc that may need to run in dilferent operating
environments, as well a ~ ho w ea<y o r difncult It is fo r those part~ to be ported. The following is an example.
The graph,cs subsystem shall be desig ned so it an run in bo th the Window< and U nllx operatin!;
~ys tem .
236 CHAPTel 10 PRINCIPLES OF REQUIREMENTS ANALYSIS
• Platform
Tl,e maximum amount of effort to port the graphics subsystem from Windows to Linux shall not
exceed 2 person · months.
10.5.2 Constraints
A COll s/ralll/ o n an applicatIOn is a requirement that limits the available options for developing it. Recall that
requirements are genera lly "what" statements. '"How" is usually left to the design . Constraints can be thought
of as exceptions to this. Figure I 0.5 shows some examples.
Design or implementation constraints describe limits or conditions on how the application is to be
designed or implemented. These (nonfunctional ) requirements arc not intended to replace the design
process they merely specify conditions imposed upon the project by the customer, the environment, or
other CIrcumstances. They Include accuracy , as in the following example.
The damage computations of the Automobile Impact Facility (AEF) shall be accurate to within
one centimeter.
Tool alld lallguag< cOlls lra ;II /S are often imposed. These include historical practices within the organization,
compat ibility , and programmer expenence. Here is an example.
D",gll cOlls/ra ;II/' arc imposed on the project because stakeholders require them . They can be speciAed in
the requirements document or the design document. Such constraints restrict the design freedom of
developers. The fo llowing requirement IS an example .
1he AEF shall utilize the Universal Crunch Fom, to dIsplay impact results.
The constraint of having to follow certain , /alldards is often determined by company or customer
policies. Here are examples.
The AEF code is to be documented using company code documentation guidelines version 5.2.
Projects arc frequently constnined by the hardware platforms they must use The following is an
example.
AEF shall run on Ajax 999 model 12345 computers with at least 128 megabytes of RAM and 12
Gigabytes of disk space.
NONFUNCTIONAl REQUIREMENTS 237
• Hardwa~
• Example: "The application must Inte rface with a mode l 1234 bar code reader."
• Software
• Example: "The application sha ll usc the compan y's payro ll system to retrieve sa lary Inlormatio n."
• Example: 'The application shall use version 1. 1 of the Apache server."
• Communications
• Example : 'The application shall communica te with human resources application via the company
.
Ifltranel. "
• Example: "The fonnat u cd to transmit "article expected" messages to cooperating shipping companie
shall usc XML standard 18 3.34 publ is hed at http :// .... ..
Figure 10.6 '!)'pes of external interface requirement for an application. with examples
Applications are frequently required to interface with other systems . The Internet is a commo n example of
such an external system. Interface requirements describe the format with whic h the application commu·
nicates with its environme nt. Figure 10 .6 shows the common types. with examp les 01 each .
User interlace design is sometimes included with the "design" phase of software develo pment , but it ca n more
properly be considered part of the requirements phase . This book takes the latter perspec tive . including o nl y
sofllDare design in the "design" phase, and not grap hi c desig n.
Customers commonly conceive of an application by visualizing its graphical user interface (C UI ), so a good
way to help thelll describe the application is to develop draft CU ls. Our goal here is to provide some of the
essentials of userinterlace design. This is quire different fro m the I,elm lra! design of the application, w hi ch is covered
in Part IV. The latter includes considerations of what C UI c lasses to se lect and how to relate the m to other classes.
In developing user interfaces for app lications, it is ideal to work with a professional de ig ner, who is
trained In user behavio r. co lo r usa ge , and tec hniques of la yout desig n. Fo r many proje ts, however, especially
smaller ones, software engineers must design use r interfaces with no such aSSIsta n e . Thus, we lis t some
guidelines for user interface design .
Calitz [4] provides eleven s teps fo r develo ping user Interfaces. We have adapted these. as s how n
in Figure 10.7. Each o f these steps is applicable to the high · level req uire ments process andlor the detailed
reqUirements processes. Steps I and 2 are described in C hapter II. Steps 3- 11 arc explored in C hapter 12.
Rtquiremcnt\ a nalySiS dea ls with two kinds of erro r~ . The first arc th ose that actors make (e ntit ks '"terac tillg
with the application suc h as a user or ot he r syste m ), the Sc o nd consi,ts of errors that developers make Error-
handling rcqu"cment~ 'pecify how the applic ation responds to diffe rent· type< of errors. Figure 10.81i ts some
of the ways of dealing With errors
~garding the flrs t kind of e rror. error-handling requirements explain h o w the application mli't re'pond
to anoma lies In I[S enviro nm e nt For e xam ple. whal ,liould the application do if It rc e lves a m,-,,,asc fro lll
238 CHAPTel 10 PRINCIPLES OF REQUIREMENTS ANALYSIS
• Ignore
• Warn user
• Shut down
another applicatio n that is not in an agreed-upon format l lt is preferable to specify th is in the requirements
document r.uhcr than leave the cou~e of action to programmers alo ne.
The second bnd of error refer. to actions that the application sh ould take if it nnds il,d! having
comm.tted an error-that is, becau e of a defect in its constructio n. This kind of error requirement is applied
very selectively, because our aim is to produce defect-free applications in the fir.t place rather than cover our
mistakes with a large set of error- handlmg requirements. In particular, when a functio n is ca lled with improper
parameters, we program a continuation of the application onl y if such an erroneous continuation is prdcrablc
to the actual cessat.on of the application. As an example, suppose that we have to specify the requireme nts for
a device that automatically applies doses of intravenous drugs. U ser. arc entitled to assume that the
application .s thoroughly specified, designed, implemented, and inspected, so that the drug composition and
dosage computations arc correct. Nevertheless, it would be wise in a case like this to specify a n independent
check of the composition and do age of the drugs before administering them , and to specIfy error handli ng
accordingly_Error-processing requlTemenlS in this case may consist of a comple te stop of the application, or.
temporary halt and a notincation to the operator of the device indic.ting the problem.
The output of requirements analysis is what the IEEE calls the software requirements specification (SRS)-
There are several ways In which an SRS can be organized. As we will sec in C hapter I I and beyond, the
Ecl,pse open source prOject is organized around three "subprojects." Within each, requiI'Cment are orgamud
AGILE METHOOS AND REQUIREMENTS 239
around several "themes ." The OpenOfflce open source project organizes its requirements III four main pans, a
word processor, a sp readshee t, a presentation faCility , and an illustration 100i.
In this book we will ofte" use and modify IEEE tandard 830 · 1998 [6 ], ,hown In Figures 10 .9
and 10. 10. The IEEE sta ndard was developed and maintai ne d by a committee of very experienced
software engineers . It is very helpful , but it requires mo difi ca li o n and tailoring 10 respond to changes In
tools, languages, and p ractices . The Arst two sections of the landard , "In troduction" and "Overa ll
desc ription ," correspond to the high. leve l requirement s and arc cove red in C hapter 11 . Section 3 of the
standard, the "SpeCific requirements," corresponds to the detailed requirements . It is expanded and
applied in Chapter 12 .
ext we turn our attention to the essential links of the SRS to the resl of the projecl.
10.7 TRACEABILITY
Tractability is the abilrty to readily understand how the parts of eparate project artifacts relate to ea h other.
In particular, it links indiVidual requirements With other project artifacts. (Sec, fo r examp le, [7 ]). A detailed
requirement is traceable if there arc clear links between it, the design c lement that accommodates II , the ode
that implements it , the inspection that verifies it, and the test that validates It. Figure 10 . 1 I shows
relationships between the artifacts, based on a si ng le requirement.
Table 10. 1 is an example of how a c hange in a requirement for DVDs in the video stOft application
causes c hanges in the remaining artifacts.
Hyperlrnking is a c onven ie nt way to transitIOn easrl y between art ifac ts. In particular, the requirements
document can be placed on the Internet or an intranet, Jnd dependent artifac t can be connected v ••
hyperlinks
Agile prOCesses specify requirements analys" by " t e\labli<hlnl! a .hared v'Slnn of the apl) li atlon Th •• "
dOl\(! v.a d,S(;uss.on~ amon~ the learn members and th ... CU~lOmcr After that the requlremenl' are gathered In
relatively small .. talle .. The v,,;on stage i. Intended 10 form a Lon cpt of the ullllll~le prod"ct that r< >lmpie
240 CHAPTER 10 PRINCIPLES OF REQUIREMENTS ANALYSIS
3. I External interlaces
3 .3 Performance requirements
Figure 10 .10 IEEE 830-1998 Software Requirement Specifications table of contents, 2 of 2-detailed requirements
SOtIrre IEEE SUi 8JO.1998
and clear enough for all stakeholders to understand and relate to. This vision is kept as concise as possible
without compro miSing the shared vision itself. Examples arc as follows,
An appl ication that allows VIdeo store personnel to manage DVD re ntals
The vision stage is followed by multiple iterations that are typically 2-4 weeks in duration. Such an
iterative style ha the advantage of kee ping misunderstandings to a minimum and allowing all concerned to
grapple with the requiroments being considered. The requirements for each cycle are gat herod by means of
lISt' ,writs narratives, always told from the us"-s perspective, of how the application is to be used. This
process is summarized in Figure 10. 12 and described in more detail in the sections ,hat follow.
UPOAnNG THE PROJECT TO REflECT REQUIREMENTS ANALYSIS 241
implements relales 10
relales 10 implements
Inspection
Table 10.1 How a change in a requirement for OVOs in a video store application causes changes in other artifacts
Onginal version Revised version
Requirement The title of a OVO shall consist of between 1 The title of a OVO shall consist of between 1
and 15 English characters. and 15 characters, available in English,
French, and Russian.
Design element
~ing
OVO ..QYQ.
title: String
A project's document sct is a liVing e ntity It has to be "fed and cared for" at regu lar intervals thrOullhOlIl the
life o( the project TYPically, when a pha e IS executed, severa l documenl must be updated
For very large projects, the proce" of analYZlnR the customer's requirements IS (ormal and or~anl zl'd ,
Forexampie, the U.S_Department of Defense (000) ohe n publ"hcs a requesl for propo<al. (RFP) to develop
2~2 CHAPTER 10 PRINCIPLES OF REQUIREMENTS ANALYSIS
Develop
common
vision
Each cycle:
end Code
an SRS alone. Such an RFP contains a very hi g h level descripti o n of th e project. The RFP can be thought of as
specifying the hig h . level requi re me nts. Contrac to rs res pond to the RFP, and a winner is chosen who creates
dctailed require ments. To en ure that th e requirements are sa ti sfac tory, numerous meetiF'lgs are held. These
involve contracto r perso nn el , civi l serva nt specialists and managers, unifo rm ed ofRcers of the Navy or Air
Force, and o th ers. The rcsu ltlrlg RS ca n be th ousands of pa ges lo ng. The winning contractor mayor may not
be c hose n to perform the actual design and development of the application .
Once h' gh · level requirements have been ga thered, the SPMP CJn be updated as shown in Figure 10. 13.
Such upd a ting occ urs through ou t the' li fe cycle of an application.
The result ing schedule wou ld rypica ll y be like that show n in Figure 10 . 14, containing more detail than
th e schedule show n when th e SPMP was o n gi nall y drafted (C hapter 8) but still not ve ry detailed. In
Risks Ide nti fy initia l risks Reti re risks ide nti Red previously, identify more risks
now th at more is known about the project
L AlcHed\le
~ 0eI7' 7 ~de,.."
,...
'.EYote
particular, we may know that release 0.0 .2 shou ld be made on November 13, but It may be too early to deCide
other parts of the schedule .
Cost estimation ca n be improved once hi gh -level requirement have been analyzed. Th e main
Improvement stems from the increased understandlOS that developers gain concerning the scope and nature
of the application _ Func tion pOLn! estimates (described in C h apter 8) can be made more comp lete , and 0 ca n
the estimates derived from them for schedule and labor. Direct bOllom -up e timates can be improved as well.
Another factor limiting rhe number of Iterations of the requirements IS the hi g h degree of coord lOatio n
required to keep the project documents and th e ource code coordinated . 1111 is o ne reason that hi ghly
iterative development techniques such a agile meth ods do not rea ll y atrempt to wnte detailed requirements
documents.
10,10 SUMMARY
Requirement analysis IS the process of unde rstanding whal ', ,"anted a nd needed 10 an application . The
output of requirements analysis IS a software req uireme nts spe Ihcation ( R ), whi h serves as IOput IOtO the
design process. The R document used in thi s book is IEEE standard 830 - 1998
ReqUirements arc divided into hig h -leve l a nd detailed rcqlliremen ... Hi gh -level reqUlrement< arc al 0
called business requlfcments These deSCribe why the app li ation IS belOS built and <tate Ihe benefits to both
the developing organization and the Ql<tOlller Detailed requlfement, provide omplete speciC, < about the
requirements that developer must know 10 o rder to implement the appli ation .
ProJcct requirements often change and evolve throllghou tthc life of a project. \Xfhcn the do, other prOject
anlfacts such as the de~18n al1d Impleme ntallon mil t c hange accordingly Trnrrnbi/lly allows for mallll,lIl1lng
a~lalJon between IndiVidual requirements and other prOJe t artifocts to faCilitatc IIpdatlOA the m
Both high -level and detatlcd requirement' are ciasslted "' either fun tl o nal or nonfunctional Fun lIonal
requir 'ments 'PC ify 5ervicc~ th at the app" allon mu t proV ide 10 the II c r. N o nfunctional reqUIrement
specify qual,tles, <.en slrainh, Interfa os, and errur h a ndlln ~ of the application ,
Agtle reqUirements analys" ,tart, by deOnlng a o n I<C v", on <tateme nt ahollt the Intended application .
ext , 2- 4 week development y I ', are excUited , With the R,." 'IeI' of eaL h dchnlO~ the reqllirel11cnh f(lf that
2« CHAPTER 10 PRINCIPLES OF REQUIREMENTS ANALYSIS
Iter.ttlon Each requirement IS u.ually ba cd on a """lory along with an explicit acceptance test. A uscrStory IS
a hig h . level piC e of req uired runctional iry a seen by the antiCipated user. Detailed reqUirements arc usually
expressed in terms of unit te ts r.tther than being wrinen explic itly .
After requ irements analysis IS completed (or after each iteration," an Iterative process), the project plan
I updated to reflect the new details known about the application . The more requirements that are known, the
closer the schedule omes to being fina lized .
10.11 EXERCISES
I Explain wh y a defective requirement could be 100 times more expensive to fix after software is
deployed ve rsus being fixed during requirements analysis .
2. Give an examrle or a so rtware application in which the customer is the sa me as the end user. Give
an example in which they are different. In each case . identify the customer and end user.
3. In your own words, explain the difference between hi gh.level and detailed requirements. Give an
example of a h igh -level and detailed rcq'Jirement for a typical word rrocessi ng application.
4. In your own words , describe the difference between functional and nonfunctional requirements.
5. Explain wh y the foll owing requirement is not sufficient. How would you amend it(
" The o rder e ntry system shall not crash more than 5 times per year. The system shall recover
from each crash as quickly as possible to avoid down time."
6. Bracken makes the po int that the more constrained an arrlication , the less reliance we have on
people as the source of requ irement . (Refer to his graph in Figure 10.3 comparing "approximate
percent o f requirements gathered from people" with "type of application.") Can you think of any
applications that do not rail on the graph's diago nal )
7. Agile requirement; ga theri ng calls for a customer representative to work continually with the
development team generating requirements . Describe a scenario in which this type of arrangement
may produce poor requirementS .
8. What are three major advantages and disadvantages of describing detailed requirements with unit
testsi
BIBLIOGRAPHY
1. Brackett , ] "Softw3R' Rcqulrt~mC'nls SEI CU rriculum Module SE I· CM · 19- 1.2: January 1990. hupJlwww sc: ,.cmu.~dul1lbr.uy1
r
absrracw rcpof'tsl9OcmO19 dm 3cc~srd N ov('m~r 1S, 2009 J.
Mort Abcwr SO/llNrr RC4I1'ttM",fJ. Mic lO<ioh p~S\. 2006, P 5
2. W iegers, Kl.rl E., W
3. Davis. AIVl M ., NSoJlll'IJrt RtqvlrtWlm lj Ob"trlt F"",ho"). a"J Staid", Prentice: Hall, 1993 , p 310
4 Callt'Z, W .• "11.1( EJsmlldl ~wJ( to Uw Irs'tr/act 00'9" k ,,,troJlI( llI1II !D CUI Pmlclp~ amJ Trcbrsrqllt)," John Wilcy & Son .., 1996
S. Alexander, lan , ;tnd Ncoll Malden (Ed itors), ~Sc",,"nos, Siono. US( Cam.. nr~h IIx Systmls Drotloplfln" Llt-Cyru" (pJ.pc'm;u:k), John
WIley & Sons. 200 ..
6. ~I EEE Rccomme:ndC'd Pri)c~icc: (or $o(IWolr'C Rc:quJre:me:nts pc:-cl t\ca tions,· IEEE SrJ !JG- I90S, June: 1998
7 Wle:gert, K;ul E. ~Sof'1l)Q rr Rcqllll'CMnfb," Microsoft Prc:ss. 2003.
Analyzing High-Level
Requirements
Hi g h . level reqUire men ts descnbe the purpo e o( an appl.cation and ilS Intended functiona lity. They can
al a descnbe the app lication's beneRts to both th e cu>tomer and the dcveloplng organization. This chapter
de cnbe th e process w hereby we collect, ana lyze, and specify the requirements at a hi g h level . It is help(ul to
express hi gh . level requ irements usi ng both text and dia grams, in o rder to convey a complete understanding
of the intended application . Hig h . leve l requirements arc of great interest to all stakeholders, particularly
eu to mers, who purchase and ult imately usc the applicati o n based on it require ments .
T y pically , at the time that requirements analysis com me nces, the customer is still (orming concepts of what
he o r she wants and needs. ThIS is an.logou< to the requirements·ga thering ph.se between an architect and a
client . Fo r ex. mpl"" a client may want a house with (our bedroom s and a large li vi ng room , but nevertheless
rel ic o n th e architect to help clarify what he wants .nd needs (e .g ., a ranch house with a living roo m with
ealing (or ten ).
As an example , consider the Encounter case study. The (allowing is a fragment of customer thinking
obta ined by a myt h ica l marketing depal tlllcnt.
Encounter is to be a role -playing ga me that simulates all or pan o( the player's lifetime. It should
be of interest to bo th male and (emale ga me players.
Figur<'S I 1.2 and I 1.3 summarize the hi gh.level requirements (or the Encounter case srudy. The complete
descnptlon of Enco unt er hi g h -level reqUirements is contained in Section 2 of the SRS, Overall Description. The
requ irements sta tements In Figures 11 .2 and 11 .3 arc at a very high level with detail purposely omitted. For
exa mple, th e requ irement "Each quality has a value" does not specify what those values are. SpeCific values are
documented in the deta iled req uirements o( Section 3 of the SRS.
• Ro le·pla yi ng ga me that si mulates all or part of the lifetime of the player's character.
• Ca me chacac ters no t und er the player's control called "fo reig n" c haracters.
• Ca me cha rac ters ha ve a number of <llIalirits such as strmglh , spud, pa tirncr , etc.
• Each quality ha a value.
• C haracters ""ncounter" each other when in th e same area, and may then "engage" each other.
• The result of the engagement depe nds on the va lues o( their qualities and o n the arca in which the
engagement takes place_
• Player characters may reallocate their qualities, except while a foreign character IS present.
• Realloca tion takes dfect aftcr a dela y, during which the player may be forced to engage .
• Success is measured ...
o by the "life points" maximum attained by the player - o r -
o by living as long as possibl e.
At thiS rag~ requlI"cmcnrs analysis, there are usually unrcsolved bsues such as whether there is to be
In
onc or several h.ra ters under the control of the player, what should occur when two character; Interact, and
w~fher thc same an be played over the Internet. It IS the task of the development team to work With
customers to clarify their wants and needs_ A common pro ess is to interview the customer, which is
d~bed III Section 11 .3.
Customer nccds can be Subt ler to las ify than their lV.n'" since customers arc typically less conscious of
them . For example, a cu tomer may W.II' a musi application that allows computer novices to write music but
may "ltd a periodic auto-save function to avoid lOSing work. Whether such a feature i a requirement or part of
thc design dcpends on what is agreed between the developer and the customer. If the customer. having
underilood auto-saving, wants this feature , thcn it becomes a requirement_ The customer may be content ,
however, to Icave it to the designer as to how to accommodate the computing needs of novice users. In that
case, auto -saving would not be a requirement, but a desig n element.
The people who have some interest III the Outcome of the product are ca ll ed its ".ktl,old"s. As an example,
consider the creation of an c-commerce W'cb SIte. One set of stakeholders consists of the site's Visi tors .
Typically, their primary requirement is the ease with which they can And and purchase needed items . Thc
company's owners are stakeholders, too. Their primary requirement may be proflt, sho rt - or long-term . For
this reason, they may want the si te to emphasize high -margin items. Marketing, another gTOUp of stake -
holders, may rcquire the Web site to track visitors . The application's developers are stakeholders, 100. For
example they may want 10 use new development tec hnology to keep up to date.
In the case of packaged (shrink-wrapped) applications such as word processors, spreadsheets, and
development environments, as well as their equivalents (such a do,vnloaded applications ), the deve lopment
team pays a gTeat deal of attention to the acceptability of the application by as many users as possible.
Although this can be a difncult marketing problem , it is clear that the users arc the most signincant
stakeholders_ For many large projects, identifying the most imponant stakeho lders is complex. n,e
·customer" is often the pany paying to have the application developed, but even this is not clear-cut
For example, the Navy may be paying for an application , but the developers' day -to- day customer may be a
civil servant rather than a naval ofncer. Then again , arc not the taxpayers the "customers," since they arc
actually paying for the application] The customer of a subco ntractor is the prime contractor. The Ctl tomer
for shrink -wrapped applications is a composite of potential customers established by the marketi ng
depaltlllenl. WRen an application is intended for Internal company usc, such as claims processing within
an insurance company, the customer i~ an IIlternal organization .
ConAicting takcholder interests ca n ea<i/y result in inconSistent requirements_ An example of this
occurs when two different groups Within a company, with different motivations, apparently want the "samc"
application built. When requirements ca nno t be reconciled, project tend to flounder and are frequently
canceled. Even when stake ho lders' requirements are co n,i tent, they may be toO expensive to sa ti sfy entirely.
Developers yet anot her stakeholder com munity- are subject to professional respon<lbilities, which can
profoundly affect reqUirements. uppo. e, for example , that developers arc asked to build software for a medica l
<k-viGe With a fixed budget , but they come to understand that the reqUired fearures ca nno t all be adequately tt-' ted
'.'Hh'n that budget. Unless the budget" changed , they would need to dim lnate feature for professional reason,
A good deal 01 stakeholder identiAcatlon and management involves Ill.naging the <cope of the
rC'luorcments to make them bUildable within give n bud!!etary and scheduk con~ trailH~ . The go d prole t
leader ~rmounh these ddf,cultlcs a pro c ,t hat require, manaHcnal , personal , bu<lnc", alld politi al,klll'
Customcf\ develop a Vision somct lm c~ ulle nsclous or IIlLomplet e of how thelf al plication "'ill
operate_This Vls)on IS sometime<; referred to a ~ the applica ti o n', modd or COfl«P' of oprr.,Ii.II I "'crellt peorle
248 CHAPT€R 11 ANALYlING HIGH-LEVEL REQUIREMENTS
may hold differing co ncep ts of what a software application enta,ls_ For exa mple, th e poss ible concept of
operations for ' a weather syste m" could be
• a facility for {"urning raw weather service information ,nto graphica l form
or
• a real -tim e system fo r forecasting the weather
or
• af.\ application for alerting users to weather anomalies
These diffe rin g co ncepts of operations lead to very d iffe rent applicationSi
The project manager o r requirements engineer helps the stakeholders to clarify their concept of
operatio ns , ince custo mers usua ll y lack the means with which to express such concepts, engineers can
propose appropriate techn,que uc h a usc cases, data flow d iag rams, or Slate transit io ns, w h ich are described
below These tec hni ques are also used for desi g n , as sh own in Part IV.
Much of the analysis of requirements IS a person -to-person activity , organized to produce an application
satisfyi ng the customer_ Figure 11.4 summarizes the process of preparing for and interviewi ng the customer to
ehcit their require ments.
ince there are ryp lcally several stakeholders who want to provide th eir input, the Hrst issue is deciding
whom to interview. Recall that requirements co m ing from different stakeholders may be contradictory. It is
often effective to Interview a small number of primary stakeholders, and then solicit co mments from other key
stake ho lders. Two interviewers at each session arc preferable to one, since a typica l interviewer tends to miss
POIn[ . Bringing a recorder can help. with permission requested in advance. The most sig nifica nt person to
Interview IS ofte n the most difficult to chcdule time with , so perseverance is called for. Interviewi ng the wrong
Befo're interview:
1. list and prioritize "customer" Interviewees
• most likely to delenninc project's success.
2. Schedule interview with fixed sta rt and end times.
• at least twO from development team should attend .
• prepare to recordi
At interview :
3 _ Concentrate o n listening .
Don't be passive, probe and encourage.
• persi t in undt'rstandlng wants and exploring "tcds.
• walk through use cases, also data flow ) state diagram s)
Take 'horough nOles.
4 . Schedule follow -up mee' lng for validation .
After interview :
5 . Draft SRS hi g h -level requirements using a tandard.
6 . Contact customer for commen t'S.
ptOI'le can I.. sult III wa>ted o me and dfort. The e",,,, ' 8 ,1e process in particular tn, ist' that the customer
communlt. supply ju<t o ne rcpr.,,;c ntatl ve for reqUI re ments. Th is puts the o nu o n the stakeholders to provIde
con n ent requiremen t'; ra ther than havll1g develo pers adjudicate amo ng d, ffering custo mer communities.
Altho ug h It IS Im portant to listen carefu lly to the CUsto mer at the mtervi ew, o ne usuall y ca nno t obtai n
requ,,..ments b o ne·way listening alo ne. T ypically, the cu to mer fo rmulate some of the requirement a he
goes alo ng , and need - help. Altho ug h Ihe VI ion crealed is pri marily the custo mers, the intervIewer and the
cuSlo mer develop a visio n Jointly to an ex te nt. usto mers usuall y require some pro mptong to fi ll out thci r
VIsion, a I,ttie (but nOI too muchl) like a witness o n Ihe stand . Denni [ I] suggesls askIng three ty pes o f
questio ns: close·ended, o pen-ended, and pro bing. Close-e nded que ti o ns, such as, "H ow man y videos do yo u
expect to keep in stock " prov,de ,mpo rtant de tai led ,nfo rmation about the system. O pen .ended que tio ns,
such as, "What are the sho n comings of yo ur current vi deo sto re system]" allow the intervi ewee to elabo rate
on his requirem ents. Pro bing qu.,,;tio ns , such a "Ca n you give me an exampl e of why the use r interface is
dif6cult to use?" are fo ll o w·up questions desig ned to ga ther mo re detail ed info rmatio n.
U e cases, described in Section I 1.5 are an effective way to obtain and express requirements fo r a wide
variety of appl icatio n Some requirement need to be diagra mmed, and ways to do Ih is are described In Sectio n
11.9. To validate the requirements as written out, Ihe II1terviewers follow up via e· mai l, holding a subsequent
meeting if necessary. Recall that the dtlnikd requirements have ye t to be gathered and require additional meeung
time
After the meeting , the hig h . level requirements are draft ed on a fo rm at such as the IEEE tandard. The
draft should be provided to the customer communi ty fo r co",ments, and successive interviews arc conducled
unt" there is sati sfactio n \vith the high · lcvel requirements.
The great challe nge we fa ce is expressin g clearly wh at custo mers wa nt and need. W o rd alone ca n be
appropriate, but for many applicati o ns, narrative text needs to be supplement ed by Rgllrcs of van ous k,nds.
The following sectio ns describe how to express hig h· level requ irements.
11 .4 WRITING AN OVERVIEW
An overview is inte nded to all ow readers to quickly understand the mai n purpose o ( the ,ntended applocation.
O therwise, it sho uld be as sho rt as possible and should seldo m need alteration whe n projec t deta" s change
The ch allenge o f writing a good ove rview is usuall y underesum ated. pro bably becau e it is often thoug ht that
,f one knows what a subject is about then summariz ing it sho uld no t be d ifficult
The follOWi ng is an example for the video sto re appltcation, in th is ase, a songle se nte nce suffices
V to re is inte nded to help video sto res manage DVD inve ntory and rentals.
II IS tempt ing to add mo re details to thi s, but good requirements document< arc organtzed to provide
detaI ls 111 o rderl y sta ges, so add ing mo re detai ls hcre wo uld result on dup lica ti o n and could reduce readabil, ty .
"Manage D VD onvc ntory and re ntals" prOVIdes substantive info rmat io n but 's genera l enouglt so that changes
on requirements detai l< are unl ikely to fo rce ,t to change .
FollOWi ng an overview sectio n, h, gh · level req uorement s u<ually li« the majo r (un t,o n such a< "e nter new
Video" and "re nt vIdeo " Since users ty pi ca ll y lI UIt ZC ap plt auo ," through a rel atively , ma ll nllm ber of
common ba~k . a n d . rort h on teract,o ns, t his can be a good way to summartze functi o naltty 11 dfe t, ve wa to
document Ih.,.e In teract ions 15 th ro ugh wri ti ng li St cn<rS , o nl(i nally co,ned by Jacob o n [21 U ease de, nbc
the lyp,ca l .equence of ,nterac t,O", betwee n u<e r 0 1 an "Pplt auo n J IlO th e appl! a ll n 't,ell , and proVide a
250 CHAPTER l' ANAL ¥ZING HIGH-LEVEL REQUIREMENTS
narrative of how Ihe application is used [3) . They have become a very effcclive way to express many
fun tional high-Icvel reqUIrements. As an exa mple , when using J word processor, we usually ( 1) relrieve a fllc,
(2 ) cha nge and add teX! , and Ihe n ( 3) store the resull. Functional hi g h -level requirement. are often naturally
cxpre sed as an inleraCli o n belween th e applicalion and agencies eXlernal 10 it, suc h as the user.
Agile projects rend 10 employ Ihe idea of IISer slo';t!. TI,esc are si mdar to usc cases but arc broader in
scope and have dis llnc t c rileria . U scr stories are de cribed in Sect Ion I J .6.
A use case IS ide ntified by its name and by Ihe Iype of u erof the applIcation, called theaclor. The main part
of a usc case documcn a typical inleraction bctween an actor and the application , often called a scmario. A
scenario consists of a numbered list of steps. Each step should be simply described and include who is carrying out
the SlCp. A good way 10 start wriling a usc case is to list the tnai" sllcem sct"nrio, which is the sequence of steps that
lead 10 a succt'Ssful o ul come. A single use case should nOI attemprto accouni for a significant number of branches.
Other scenarios of Ihe usc case , such as error conditions, are ty pically documented as ext""j""s . For example,
Rrlnroc n File would be a typical use case for a \\lord processor, with the user as actor. The main success scenario
contains Ihe following seq ue nce of seven steps. NOle Ihal each step stans with Ihe entity Ihal execules Ihe slep. ln
Ihe case of an error in ope ning the selected file . an alternalive is doc umenled in the Extensions secllon ,
RetTieve a File
It is possible for a single person to use a system in several differenl ways, adopling Ihe roles of differenl actors.
In UML, a usc case diagram shows Ihe actors, the use cases, and Ihe relalionship between Ihem. A use case diagram
is a useful 1001 for d iagrammatically summarizing Ihe sel of aCIOrs and usc cases without having to show allihe
delails of Ihe usc cases. Figure J 1.5 is an example of a use case dia gra m, wilh Ihe names of Ihe use cases shown in Ihe
ovals, and the actors drawn outside the rectangle with lines connecting Ih<'TTl 10 the use cases Ihey inleract with.
As furlher examples of use cases, Figures 11 .6 and 11 .7 contain examples of lise case scenarios for the
I"ilialit< and E"ga9' Forcigll ChMaclcr use cases for lhe Encounler case ludy.
The aclor in each of Ihese usc cases is the player of Encounter. Each use case is a sequence of aClions laken
by the player and Ihe Encounter game, as shown for Ihe IniJializt lise ease. The Engag, Forrigll Charnelrr use case is a
typical sequence of actions by Encountcr and Ihe player, whenever Ihe player's main characler and a fo",ign
charaCier arc in the same area .1 the same lime. The aClor in the 5" Rub usc case is a game designer. The actor
describes Ihe ability of Encounler 10 support the ediling of rule forcharacler interaction. The Trawl 10 Adjomol
Arta usc case is explained in the case srudy accompanying this book. The Stl Rules use case is nOI included in t~
case ludy ",quiremcnts.
DeSCRIBING MAIN FUNCTIONS AND USE CASES 251
ActOG
Initialize )
/ Travel 10
adjacent
area
Player "- /
Engage
foreign
"'-
character
"-
Designe r Set rules
figure 11.5 Use cases for Encounter-a UML use case diagram
Initializ~
The actor need not be a human role- It ca n he another syste m th at lIses the application. For example, if
the application under development I a robot con trol y.tent, then the actor cou ld be a fa tory au tomation
system that uses the robot contro l sy~tcm
Use cases can handle limi ted branching, but .r there is more than one leve l of bran h,ng, the exte n"on
Idea. dc~cnDcd above, ca n be tned Ot herw l e the ",. ca," should probably he decomposed Into other lise
cases Even a slOgle branch in a lise cas lead to an awkward description . Forcxample, the follOWing ould be
a usc case for a personal budgeting aprl,cation
3 ne .et lo n happen>
9 • •
Th is would be better decomposed '"to "select o ptio ns," "add c hecks: ' and "reco nci le accoun t" use cases.
Use case are like tones and so they provide excellent insight into applications. They can be expressed
at d.ffe nng level of generality. The Uni Red Software Development Process [4] reco mmends using detailed
use cases to specIfy a large fractIo n of the requirements.
A usc C35e that is si milar to an existing o ne yields li((le addit io nal value . Usc cases sho uld be stq"mlial,
or el e orlhogollal to eac h other. T wo usc cases are sequentia l if o ne can follow the o ther. Orrhogo"al is not a
preCISely deli ned term , but o rthogonal use cases take completely different views o r options. For example,
in a warehouse appl,catio n, usc cases based o n a fo reman actor and a Rnancial anal ys t actor would typIcally
be o rth ogonal. In the Encounter case study, Sri Rul" is o rth ogo nal to £"gag, Forrig" Cbaraeltr. Chapter 14
shows how use cases are combined to produce new usc cases; it also introduces inheritance among usC'
ca cs.
Jacobson's [2 ] inspiration fo r the idea of use cases was that, despite the huge number of potential
executIon . mos t applIca ti o ns are conceive d of in term s of a relat ively small number of typical interactions.
He suggests starting application desig n by writing usc cases, then usi ng them to drive class selection. This
technique is demo nstrated in C hapte r 12. Use cases are also the basis for system·level test plans.
Many established documentation standards, including the IEEE's, predate use cases and they must be
augmented to accom modate them. The Encounter case study describes them in Section 2.2 ' Product Functions'
of the SRS, as th IS IS the sect Io n that describes the functi o nal high -level requirements. Although use cases arc
often identified with object-o riented methods, they can be used with any development methodology.
HIgh -level reqUIrements fo r ag de projects arc collected and understood in a manner si milar to that for non-agile
methods except that the requirements process operates ," pieces and continues continuously through most of
the li fe of the project. Non-agi le processes requi re a time when requirements are frozen (,.e , beyond which the
customer has no right to change them). Agile processes, o n the other hand, accept frequent chang~ in
require ment as a necessity How can one of these be a valid approach without the other being invalid] Th ..
difference lies in the level of truSt e ngendered by very close customer contact. If the customer's trusted
represe ntative works continuall y as part of the development team , it is unlikely that he will suddenly ask fOf
un reaso nable requirements In agile processes, selected h igh-level requirements arc elaborated upon within
each iteration. Each is usuall y based on a ",,,slory or slori", each accompanied by an explici t acceptance teSt A
uscr story is a high-level piece of required functionality as seen by the antlcipaled user. According to B~k and
West [5] a use r story must be discrete, estImable, teStable, and prioritized, as described in Figure 11.8.
Compared with use ca es, us"r stories are described less by their form than by these qualities. Having to be
estImable is o ne d ifference, and this is ill ustrated in the example below. User stories can al a be more utens;ve
than usc' cases.
AGILE METHOOS FOR HIGH·LEVEL REQUIREMENTS 253
Beck and West [5J give an example of how to ga ther user stories. Thc custo mer starts wi th the fo ll owi ng
story.
This is fine cxcept that it's no t estimable-there is no way to esti mate th e effoft reqll1red to carry out th is
job. Consequently , the developer probes fo r more speCific stories to o btain estimable ones, a process known
as splitfing.
4.0 Communication . Will (omm lm icntt with tht cus lonur 10 prtvw l tran sactio" (rrars
This is an improvement, but these are still not estimable, so further splitting is required. Recall that
prioritization is also ca lled for . The agilc programmcr the n requests more speCtfics concernin g the highest
priority story. If this were ' .0 Pay",,,,t , the uscr mi ght provide the following :
I. t Accept coins
1.8 Ellsu" Ihal pay",,,,t m"IS or t')(",ds tb, cosl oj th, "ltCled /Jrod" I
1. 9 Makr chall9'
254 CHAPTER 1 1 ANALVZING HIGH·LEVEL REQUIREMENTS
0 .0 WI/I
Spill
outperform all
o/h8r wmding
1.0 P8ymen~ Accspt
machines Spill
all kinds 01 psyments
2.0 Freshness. Sell
NOI eSlim able no stale or outdated 1. t Accept coins
merchandise
t 2 Accept currency
3.0 Restocking.
Automatically request
t .3 Accept debit card
restocking 01 Items 1.4 Accept credit card
sell/ng best In tha
area 1.5 Accept debit or credit
card via Web transaction
4 .0 . ...
1.6 Accept loreign coins
NOl eSlim2ble
••••
Needs prioritlzalion
Th e speCIficat Io n of a user iNerface at a hi gh leve l is often included rn the high . level requirements. Recall
fro m SectIo n 106.4 rhe fo ll OWi ng steps in specifyi ng user interfaces.
Step 4 . •
W e wrll discu s Steps 1 and 2 in thi c hapte r as the y app ly o nl y to h ig h · level requirements. The
rem ai ning sleps arc described the nex t chapter, on dctcu led requirements.
ThIS step invo lves understandin g the narure of th e applicatio n's eve ntual u ers. Figure 11 . 10 outlines ome of
the fac tors Involved The c heck lis t IS a way of ensunn g that we know the ba IC c haracteristics of the
anticipated u ers, and that we documen t our as: umptions. These characteristics determine the nature of the
user interface. In genera l, users with less educa ti on, trainin g. skill , and moti va tion rcquir~ grca t~r simplicity,
more explanation , and more help. This may have to be traded o ff against ef~de ncy and speed. It is 011<11
desirable to provide several levels of uscr interface, dependin g o n th e leve l 01 the user.
ThIs Slep requires the d esig ner to understand th e purpo e of the particula r proposed u or interface in I.nms of
the application's overall purpose. For example, If th e busines purpose is the stocki ng of. warehouse, we may
SPECIFYING USER INTERFACES: HIGH lEVEl 255
want the user interface to reflect the layout of the warehouse floor. The seque nce of screens that appear
typica lly reAects the manne r in which use rs no rmall y carry out their tasks for thc business at hand.
Sometimes the execut ion of a program ca n b e e nvisaged by displayi ng a se ries of C UI images .
For exam pic , OAe could provi de a fair co ncep tion o f Encounter by di splayi ng a seq ue nce of scrcen sh o ts.
Figures 11. 11 a nd 11.12 arc exa mpl es of preliminary C UI sketches forsc lling the qua lities of an Encou nter
character.
Upon being show n C Uls, the customer typicall y realize that he needs more or wants o meth ing
different. In the exa mple how n in Figure 11.11 , it could well occur to the cus to mer tha tthc C UI for c hangi ng
11.11 Preliminary sketch of user Interface for setting game character qualities
256 CHAPTER 11 ANALYZING HIGH·lEVEL REQUIREMENTS
Name 01 Name 01
adjacenl area adjacent area
Name of
adjacent area
Name of
adjacent area
the value of qualitIes is awkward because the total number of points may not change. The cu tamer would also
probably observe that the CUI is no t visually appealing. The process of Rnalizing the CUI is very interactive.
The detaIled requirements provide precise CUI specification , as explained in C hapter 12.
Applicallons typica lly involve multiple CU ls. The high ·level requirements describe the required mouse
aCllon that take the user from one CU I to another. Figure 11 . 13 shows a useful way to represent the
transitions between CUls. When a particular CU I IS present on the monitor, the application can be
co nsidered to be in a partIcular ,tal,. Changing from one CU I state to another is ca lled a l,a" ,;l1o" . States a-nd
tran itl ons are actually more general concepts, and are described further in Section 11.9.2.
cricJc An event
Indicates 'slock OVO" (usually a
slart stale / ___- - - - - - - - - - . - - . . ., mouse action)
GUI
(a stale)
StockIng DVD
GUI GUI
Transition
Hit ·commlt"
butt""
Select ------~-;:====
"stock OVO' •
•
Se/ect Chac:Idng Out DVD
' check our
• Hit
"commit-
button
~~~~. ____________•__~CI=='I=~=.;lg~l_n_D_VD
__~
A typical CUI/ transition diagram for the video store example is show n in Figure 11 . 14 .
While a particular CUI is being displayed , an application is said to be in a particular , 'aic. We explore
states further in Section 11.9.2 .
Figures 11 . 15-11 . 19 show rough sketches of the CUls referenced in Fi gure I 1. 14. The deta iled
requirements provide compete detail.
Select Procedure
StockDVD @
Register customer (0)
Check out DVD @
Check in DVD @
Figure 11 .15 Rough sketch of "Select Procedure GUI" referenced in Figure 11 .14
Stock DVD
ntle
I I
Number 01 copies
fl&ure 11 ,16 Rough sketch of "Sketch of Stock DVD GUI" referenced In Figure 11 .14
2S1 CHAP~R 11 ANAlYlING HIGH·LEVEL REQUIREMENTS
Register Customer
First name
I I
Last name
I I
Figure 11.17 Rough sketch of " Register Customer GUI" referenced in Figure 11.14
I ~
Customer
I ~
Figure 11 .18 Rough sketch of "Check out DVD Gur' referenced in Figure 11 .14
Check In DVD
DVD name
Figure 11.19 Rough sketch of "Check in DVD GUI" referenCed In Figure 11.14
11 .8 SECURITY REQUIREMENTS
Many security requirements can be dfeC1ively expressed at a high level because we can express security goals
without having to anllcipate all of the specific breaches that can OCCur Here is an example from the Eclipse
project.
The Eclipse Platform should provide the basic framework for a security mechanism that can be
used by all plug· ins. Including a simple credentials store and u er authentication Additionally,
SECURITY REQUIREMENTS 259
o ConAd~ntiality "C'
o D.t3 passed not vi,Ible to the unauthorized.
o Nonr~pudi.tion
o Authorization
key pans of the Platform itself should be secured , such as the abi lity to onstall plug-ins, whIch
might need to be restricted in certain products or (or certain users. I
Standard c1assilkations for h igh-level security requirements are shown in Figure 11 .20_ They are
mmetimes collected into the acronym "CIA." which stands for "Confidemiality , Integrity, and Authentica -
tion ." Figure 11.20 add 1I0llrtpud,alloll , which is the ability for panics to a eomract to prove reliably that the
contract was indeed made _ It also adds nlllhonZailoll , which specifies who may access what panicular
information, and availability, wh,ch speCifies reaction to denial-of-se rvice attacks. Denial -of-service attacks
are activities, such as Aoodlng a Web site automatically with requests, that make i difficult for anyone else to
access it.
We ensure that these propenies are satisfied by suitable corresponding requirement at the detaded level.
However, ill-meaning perpetrators devise ways to compromise systems by explOIt ing combonations of
propenies that the sy tem does 1101 possess. To explain th,s, consider a (non -software) set of requ irement
that were already devised to ensure that ,he funds in a prominent Irish bank werc secure. These required that two
bank managers, each possessing a dIfferent key, were required to unlock a major safe. TI,ey .1 0 reqUIred
COnstant guards for the managers. Both procedures wcre fa ithfully observed . It is important to understand ,hat
for perpetrators, exi ting sccu rity mcasures simp ly con titllte a set of constrain, wilh,n which they work, elling
them to seck opponunities that the constr.ints do not cover In the case of the bank example , there wa no
requltement for guards on the f.milie of ,hese two officia ls. Observing th is combina tion of prope nies that the
system did "01 po seS5, enminals took ho>to go the famil ,es of both managers and by this mean ocrced the
officers into obtaonong the bank's cash on their behalf_
PrIVacy is often hnked with or considered part of ,ccurity . This is because the purpose of many exp loits"
to gaon accts, to data to whIch the perpe trator" not entit led , thereby compromising its pro a _
One t:Xamplc of priva y regulations IS the Health Insurance Ponability and Ac ount.bility A t of 1996
(HIPAA ), whIch regulate> hea lth inlo mla tlo n rea ted o r maIntained by health care prOVIders who CI1!l"llt in
tksignated e lectronIC hea lth care tran a tlons _The Department of Health and Human ervlCes IS respon ,ble
for implementong and enforCIn g HIPAA The a t took cHeu on April 2003 _
The main thrust of HIPAA I to en>ure that an ,"dlvldual\ health infoml.,ion 1< u,ed lor health purp <c'
~onc _ ' me ,nal rules for <eco m ty protect the confldc nlla loty , IIl1 egri ty, and av.i1abd, ty of In livldual he. lth
information and ""II prov,de a sta ndard level of proteellon on an environmen t wher ' he.lth ,nfoml. tio n
260 CHAPTER 11 ANAL YlING HIGH·LEVEL REQUIREMENTS
pertaini ng to an indi Vidua l is housed (·Iectron icall y an d/or is rrtm mitted over telecommunicati o ns system s!
netwo rks. The standard mandate safeguards for ph ysical stora ge and maintenance, transmission, and access to
IIldividua l health info rmat io n. EntitIes reqUIred to co mpl y with the standard include any health care provider,
hea lth care clearing house, o r health plan that electronicall y maintaIns o r tronsmils health information pt'Ttaining
to an in divi dual · Figure II 2 1 ummarizes these poi nts.
Acc o rd ing to D avi [6 ) and WIegers [7 ), no SIngle VIew o f requirem ents gives a complete understanding, and
It IS o h en hel pfu l to represent hig h ·leve l req uire me nts usi ng dIag rams. What IS o ften needed is a combination
of text and dIa g rams to convey a complete pic ture of the Inte nded apphcatlon . We introduce two types of
dI agram used to descnbe hI g h . level reqUIre men ts: da ln flow and ' Ialt lra tl,illotl dia grams. We are using them
he re to express requ irement . Thcy arc often used to ex press deSIg ns as wdl , and this can be confusing. The
dIffere nce to watc h fo r IS not so much th e fo rm of ex pressio n as whe ther th e attempt IS to express ' what"
(requ ireme nts) o r "how' (desig n)
Some requirements are na turoll y described as th e flo w of data am o ng processi ng e leme nts. Fo rexample, imagllle
that our customer is tryin g to explalll what he want fro m an ATM banking applicatIo n, startm g with depo It
and affecting accounts at several locations In a Jain flow dlagra .. , the Hod" , sho wn as CIrcles or rectangles,
represent processing Untts. ThearrolDS between nodes deno te th e Ao w of data . The arrows are annotated wilh the
data's type . Dalll , to,rs-places where data reside, such as databases arc den o ted by a pair of honzontallincs
enclosing the name of the data store. ExIt""" a9C>1CtCs such as the user and printers arc represented by rectangles.
For the ATM application , the dtpo,il functi o nality mig ht get the deposit from the user and check tht
deposit tronsawon to ensure that It IS legitimate. These '"nnions arc represented by clfcles In Figure I I n .
Next , the type of data Rowing between the functions is noted on the figure- the account number and the
depOSit amount. The user IS involved. too, and so IS represented A function to create a ~lI",mary of account'S,
10 give another example', requires input from a store, as shown .
A more complete data flow diagram for the ATM requirement would be as shown in Figure II 23.
UStNG DtAGRAMS FOR HtGH'lfVEt REQUtREMEPlTS 261
Processing
81811.801 Input
Get
deposit i-----UIIr
ACCOUnt no.
and deposff Outout
Direction
of data now Dala type Prtnlet
•• • •••
I
Balance
Validate
query
deposit Create
I
Account __ dala
Account
account
summary
Data store database
The complete diagram of Figure 11 .23 includes the "member banks" data score , which is a list of banks
allowing a deposit at this ATM. It also shows the data Aow for the response to a query, in which details about
an account are displayed. ExpreSSi ng these requirements in text form only would be marc difRclllr than using a
data Row diagram to help describe them . Notice that data Aow diagrams do not show COnlroi. For example,
the ATM application does not indicate what function occurs first . Standards used for the symbols differ
among organizations (e .g ., rectangles ca n be used for the processi ng elements rather than circl",,).
Whether or not data flow diagrams are helpful for expressing requirements depends upon the
application . For example, the ATM data Aow diagram in Figure 11. 23 clarifies for many re.ders what
behavior the application is mcant to exhibit, whereas video game requirements would probably not be
Member
banks Get User Get
deposit Inquiry
I
Bank
Error
nDtnB Account j Error
Account II
..-
account
& deposll display
Validate Validate
Inquiry
deposit
Account II
Display Make
account Inquiry
Account II
& deposir Prfm'
Account BaIanC6
dar. query
Do
deposit 06po!U Account
'\J
"'"""unl
Create
account
transaction summary
1,.n08elion _.- _. database -- 00/8
descnbed well uSin g a data now diagram . When usinM these dia gra m' for require ment s , peClnc.tlon, there i~ a
"snlAcant dan ge r of hpp inl! into perfo n"in g desig n ,"stead o f analyzlnB reqUirements. For example, If an
appitcatio n IS reqUired to tra ck the now o f o rders within a compan y, then a data now diagra m (DFD) shOwing
thl proces at a h ig h level would be an appro priate form for hi g h-level reqUi re me nts because the DFD "
nceded to ex press the o utcomes O n the other hand, consider an application that is required to apply a
complex formula . A DFD explain,"!! the calculation process would be part of the design , but nOt the
req Ui re me n15- the fomlula would be uffi cient for expressing the requirement . We will r<-vislt data Aow
d iagra ms in Pan IV, the de ig n ectlon of the book.
Sometimes, an application, or pan thereof, is best th o ught of a being in one of several slalrs. The Sta te of an
application is its si tuati o n o r s tatus. States are sometimes called "phases" or "stages ." Although a state often
correspo nds to a CU I and vice versa, the state concept is more general than C Uls_The idea is to divide the
applrcatlon into sta tes so that the application is always in o ne of these states. Note that the states we arc
de fi ning arc based o n the requirements of the appl,c.ation-not its software design . For example, it might be
useful to think of an o nlrne sho pper at a bookselling si te as being either in "browsing" state (looking at book
info rmati o n) or in "purchasing" state (providing credit card information , etc.). A diagram that depicts the
different states and the transitions between states is ca lled a sial, lrallsilion diagram .
There arc several pOSSible Enco unter states,
• 5,l/mg up· the stare during which the game is being set up
• P"ilOring. equipping th e players character with qualities such as "strength" and "intelligence" can be
performed as lo ng as no foreign c haracter is present
The e sta tes arc sh own in a UML state transi ti o n diag ram," Figure 11 .24. For eve nt -driven applications,
diagrams Irke this can be an effective way for the custo mer and developer to obtain a shared concept of how
the: application IS meant to work .
After identi fyi ng the states, the Imn silions between states are added. TranSitions, denoted by arrows, arc
each labeled with th e name of t he ro," 1 that causes the object to change from one state to another. Events arc
,
_~ Setting up Preparing
,••
(initial state) I
Player I
clicks I
Complete quaNties ,I
setup menu
• ,,
(final
•
, state)
ForBign
,
character __--j
Wailing ' - - - - enters Engaging
8f8a
Stale
EY..~
Player Coodilioo
moves to
adjacent ~ {foreign
8rea character
present]
{foreign
character
absent] Engaging
Condition SIal9
occurrences that can cause a c han ge in the object's state . A t)'pical eve nl on a CUI is a mo use c lick. The soli d
circle denotes the startin g state. The final state IS d e pic ted by the solid circle inside another ci rcle.
States and transitions ca n apply 10 entitic at many levels. For example, a ship ca n be in one of several
stales, such as Sailing , Docking , or Dock,d . Parts of the shi p ca n be in evera l states, For example , a cabin can be
in Occupied or Unoccup"d state.
Sometimes, when an objec t is in a give n state and an eve nt occurs, the object can tran itlOn to one of
several states, depending on a condition . For exa mple, when thl- player decides to move h er character 10 an
adjacent area, the ga me tranSItions rTOm th e Waitillg state into one of two states. O ne possi bili ty is to
transition back to Waili"g state (if the foreign c haracter is absent from the e ntered area ); th e o ther is to
transition to the Engaging state (if the fo reign c hara c ter is prese nt in th e entered area ). In UML, co nditi o ns arc
de noted b y square bra cke ts, as sh ow n in Figure 11 .25 .
The complete state transition d iag ra m for Encounter is sh ow n ID Figure I 1.26 O nce the player has fi n ish ed
scumg up the Encounter ga me , the latter transitions from s,lIillg Up state into Waiting state. If Encounter IS in
Ptayer Reporting
Se\1Ing up dismIsses Setting
report qualltle$
Player window
completes
setup
Player
set requasts Player
qualities status requests to
window __- set qualities
enters area
Foreign
chartJcter
Player enters area
moves to
adjacent area Engaging
Playor
quits
{foreign choracter ~-===
pro.ent]
•
Fleur. 11 _26 Encounter sUite transilion diagram
264 CHAPTER 11 ANAL VZING HIGH·LEVEL REQUIREMENTS
\\fmfl"9 ,tatc and a forc l!!1l harac ter e llterl, the n Ellco""ler trln,itlo n, IIlto E1I9a91119 sta tc F,gurc 11.26 ,nd,catc,
th.t th c pro c-; . of setlll1g qual ity va luc< .nd the pro e» of repOrllllg the re,ldts of an e ncounter ca n b<:
int el1\Jpted by thc amv.1 of the foreI g n c haracte r The laller allse< a new encounte r to commence Immcdiately.
A sta te Iransltio n 1110 del is a good way to explaIn the o llce pt of opera tI o ns of Encounter State
tran Itio n model arc commo nl y used as de Ig n 100is a well (sec hapter 16 ) Whe ther o r no t they should b<:
used to exprcss 11Ig h . level reqUlremellts, as we are dOlllg here , depends o n the apphcation in questIon and
h ow helpful doi ng so IS fo r the custo mer. Tim ma y require ome edu cati o n of the cu tomer.
For man y app1.catl oIlS, each tate correspo nds to a C UI H owever, there .. a wide variety III what we may
de Rne as a state . ll,e tate d iag",m in Figure 11 .26 corre po nds rOll ghl y to the pre cnce of VIsua l artifacts on the
mo nito r, but thcsc are no t C Uls. Fo r example, when the foreign ch.",ctcr FreddIe appear o n the monitor, the
app1.catlOn t",nsltio ns to E1I9n91119 tate, but rreddie is Just an additio nal g",ph,ca l clement, not a scpa"'te CUI.
1.2 SCOpe
Encounter is to be a role-playing game that simu-
lates the lifetime of the player's main character. It should
(The Iospccts of the application this document be of interest to both men and women. The measure of
is intended to cover.) 'success' in playing Encounter is up to the player.
Typically. success will be measured by the ' life points'
maxImum attaoned by the player or by the ability of the
Thi document covers the requirements for player to live as long a life as possible.
release 0.0. I of Encounter. Me ntion will be made Some game characters arc to be under the
throughout thIS document of sele ted probable fea . contro l of the player. The rest. called "foreign"
rures of furure relea es. The purpose of this is to characters. are to be under the application's control.
guide devdopers in se lecting a design that will be Came characters will have a fixed total number of
able to accommodate the full ·scale application . points allocated amo ng qualities such as strength.
stamina, patience, and so o n. C harac ters encounter
1.3 Definitions. Acronyms. and Abbreviations each other when they are in the same area at the
same time. and may then engage each orher. The
See Table 3.3 . result of the engagement depends on the values of
(heir qualities and on the environ ment in which the
1.4 References
engagement takes place. Engagements are not nec-
essarily violent or adversa nal. Players have restricted
Software ConHguration Management Plan (SCMP)
opportu nities to reallocate their qualities . One of the
for Encounter version 1.0
player-controlled characters will be referred to as the
Software Design Description (SDD ) fo r Encounter "main" player character.
version 1.2 In early versions of this game. there wi ll be only
Software Project Management Plan (SPMP) for o ne player·controlled character and one foreign
Encounter version 1.2 c haracrer.
Software Quality Assurance Plan (SQAP) for The eventual nature of the characters is 10 be
Encounter version 1.0 determined fro m insights gained from surveys and
Software User Documentation Plan (SUDP) fo r locus groups. It is expected that initial releases will
Encounter version 1.0 not have anionation Encounter should eventua ll y be
Software Test Documentation (STD ) for Encounter hig hl y customl zable. so that users can eit her start
version 1.0 with predefined games . substitute predesig ned char·
acte rs and rules of engagement. or devise their own
1.5 Overview characters and ndes of engageme nt.
The design shou ld support expansio n into a
Intentionally omitted.
fa mily of games. including Intemet ·based multiple -
playoc versions.
The author of this document felt no need for
this section. and ontends to cover the overview 2.1 Product Perspective
in Section 2.
This state/transit Ion is tested by integration test It shall be possible to ave and re trieve a game.
< to be supplied> .
2.1.8 Site Adaptation Requirements
2.1.2 User Interface Concepts
The followlOg figu,..,. are preliminary sketches of Req uiremen ts for execution o n a particular
key I'ser i nl~c(s o nly , used to proVIde PCISPCC· installat ion; versions in various la"B"lIcs
live o n the producl. All lhe user int., laces are (e.g., French, Japa nese, panish ).
~pccifi.ed in derail in Section 3. We have modified
No ne.
CAse STUDY: HIGH·LEVEL SOFlWARE REQUIREMENTS SPECIFICAnON (SRS) FOR THE ENCOUNTER VIDEO GAME 267
Actors
Initialize
Initialize - - 1. Syslem displays playefs
main character In the
dressing room.
Travel 10 2. Syslem displays a window
adjacenl 'or setting his charactefs
Player area
qual~les.
3. Player allocates the
Encounler character.
0'
qualities his main
foreign 4. Player ohooses an exit
charaCler
'rom the dressing room.
5. System moves playefs
Sal rulos main character Into the a_
Designer
on Ihe other side of the .xlt.
The u cr IS expected to be approXImately 20- the devel o pers. It IS antIcIpated that they WIll be part
3 ye.n; o( age o( a futurc release "OptIonal" requITement. will be
Impleme nted at the dI scret io n o( the developers.
2.4 Constraints
11.11 CASE STUDY: HIGH-LEVEL
REQUIREM.ENTS FOR ECLIPSE
These are all conditions that may limit the
developer's options. They can onginale from
many sources. Note to the Student:
This section discusses published requirements for
Eclipse. There is no single requirements docu·
Encounter shall operate o n PCs nlnning
ment (or Eclipse the requirements arc spread
Windows XP or later at a minimum peed o( 500
over multiple documents. The authors have
1Hz. Java shall be the implementation language.
reconstructed a partial requirements document
from thesesourcesata single pointin time, p.lacing
2.5 Assumptions and Dependencies them roughly in IEEE fonnat for the sake of
comparison. The result is necessarily incomplete,
(Any assumptions being made (or example, and illustrates a shortcoming of many 0 pen source
future hardware.) projects. Most of the material below is quoted
directly (but selectively, of course) from the
Eclipse documentation online at the time.
o ne
, lb..,lIctJ ..)
5 1"'091 1 hllll Lc_ • _ . S tr t"9l
SUuri J e!ht,lt.c-.• • aew S t r\lr9{
-1
!.J( -u....,......•
_._" . •
- Cu , ' ---
_.erE
0Copf
c .... r ( I hId "tcu' .
c ....r l J eo:hlS!:. :n:t cu t a '
II
Z
'0'
J ·c
..
n
lotu.h""
Figure" .29 USing Bugzilla in Eclipse to track bugs and detailed requ irements, 1 of 2
ECUPSE PLATFORM SUBPROJECT (F(RSf OF THREE) 271
Description:
I ~ olad af ter ceadlDO the [cllp3e Pr o) e c ~ Dratt 3.0 pIon tha t 1n ecl l ~e
3.0 that tble bUQ q01QO to be a4dre3~ed , but I a130 V&nt tbe peo ple who 13
going to eusdce~5 t.h13 bUQ to pc ovld.e Cop 1 ' ~ t o do ~bC' lIICnu and t. oo lbar
cU3t.D:lll ECot i o n ( 1 ,e, 01108 u.s to remove WlVDJlt.ed IIICQ\,I 1tc....., peoor" "Q~ l c ally ) • It
.,..... .. a .. a ~" ...... r .... '; .... ~ ... ,.. r _ ... .. . ; ... . . . ...... " .... .-.-. . .. .. _ _ .. ......... r ,..,. . ........ _ "'_,.v
FIgure 11.30 USing Bugzifla in Eclipse to track bugs and detailed requirements. 2 of 2
would like to provide fi le exte nsion associa tio n so (. recently deferred item) Provide a general
that doub le -cl icking o n a Ale in th e 0 de kto p would purpose navigator (36961) ...
open th e assoc iated Ecli pse edi tor. The o perat io ns
and capabi lities ava dab le o n th ese 'outsi d~ of the
These arc just a few examples Ihat illustrate the
workspace" Ales wo uld need to be deA ned . (37935 )
organiza tion o f th ese documents.
Improve workspace synchronization with file
system . ... Other Eclipse Platform Items
De tails o mitted The foll o wing are examples from the Eclipse
Platform subprojec t within this "theme."
Content-type-based editor lookup. ...
Design Constraints: Compatibility of Release
Details o mitted 3. 0 with 2.0 and 2.1
• The Da tabase User Tools faci litatt'S day to day We would ex press these mo re like the
database work in a Simple preadsheet-like form following .
Th<-y su ppo rt dBASE databases and ODSC or JDBC
High-Level Requirements for WRITER WRITER s hall be a fu ll -feot ured word proce, ·
or It hall all ow Ihe crea ti on o f "nlple d
It appears that th e: o nl y hi g h -level desCription and complete books With o nte nl " d,.gr>n" Ifl -
of WRITER IS wntten in a style to attract users dexe , e tc An e.amplc IS sh o wn In FI~lIre I I , I
27. CHAPTER 11 ANAl YlING HIGH-LEVEL REQUIREMENTS
""""'-.4.
..
.... " ....
t..
.~
1'10
~
Hi g'" IsIh Is
fl. MI kI _ o8lcw RA y.A/'.... IttJOI."",, ·ou
.....,."7 ... Ja" todqMfd~Itt . . . h fir £N.'
bllJ_rsMWIplluavws.rs . . . J.,,_I'I( ~~f'>fI fo,,,.,.
Mfl& COI$ "U' H>,dIMtOWltl1ls 51)01 _ _ ii4iJ'ld
~.s OIl 'Cu £V0*
11.14 SUMMARY
Thi chapter has described the process whereby the high . level requirements for a product arc obtained and
rKorded ,n a manner ctear to the customer and developing organization . High.level requirements describe
the purpose of an application. its intended functionality. and Its bencht . The high ·level requirements arc
documented on a form uch as Sections 1 and 2 of IEEE 830· 1993 Software Requirements SpecIfications.
Variou techniques for ell itlng ane:! record ing high .level requirements are used Onc way to gather
requirements is to interview stakeholders and potential customers.
A combinatIon of text and diagrams is used to document the requirements. The following guidelines can
be used to choose the appropriate form .
• If a requirement is simple and stands alone, express it in clear sentences within an appropriate sectio n of
the SRS.
• If a requirement is an interaction between the user and t'he application, express it via a use casco
• If the requirement involves process elements, each taking inputs and prodUCIng outputs, U e a data
Row diagram .
• If a requirement involves states that the application can be in (or parts can be on), usc a statc transitIon
diagram. States often correspond to CUls.
Use cases are Widely applicable for describing customer requirements because the y capture user
application interactions. If a state transition diagram expr~sses what the customer wants and needs and the
customer understands the diagram, then its use is appropriate . The sa me ho lds for data fl ow d iagrams
User interfaces arc speCified as part of the high . level requirements . Two importa nt principles for
defining high. level user interfaces are to ( 1) know your user and (2) understand the busine s function in
question .
High.level requirements for agile projects arc collected continuously through most of the life of the
project. Each requirement is expressed with a US" slory. A u er story is a high. level piece of reqUired
functionality as secn by the anticipated user.
11.15 EXERCISES
1. Describe In your own words the dIfference between custo mer "mills and custo mer IItcds. PrOVIde an
na mple that illustrate the difference .
2 list four of what you consider to be the most impo rtant h ,g h. level requirement~ for an appl, atlOn
•
\,(t hat I a usc ase) I the following a usc case) Why or why not)
'Tho sys te m shall provide advice for Ih e beginning Windows user on how to execut<
Windows operations."
5. Write a usc case for one of the hi gh. level requiremenls " sled ,n Exercise 2.
6 Why is II importanl to show customers preliminary sketc hes of C Ul s as early in the development
cycle as possible) Cive what YOll consider 10 be o ne o r two of the most important reasons.
7 . Your customer needs to specify u er interface •. Discuss twO o r three of each of the pros and Cons of
the fo llowing means for doing this in the conte xt of the application (large o r small ) and the nature
of the C UI (complex or imple).
a. Ske tching using ha nd drawings, your own o r draw n by a gra phic artist
b Sketc hing using graphiCS tools, such as Paint or PowerPoint
c. Using the C UI ·building features of the target la nguage of the application
8. D raw a data flow diagram to ex press the high.level requirements of an application that tracks the
flow of orders wit h in a company.
9 . Consider an application that manages patients in a docto r's of Ace. Patients call for an appointment
and thei r information is entered into the application . Patients ca n call to reschedule or cancel
appointments . Afte r a patient is seen by a doctor, the patient may be referred to ano ther doctor for
treatment' if necessary. Draw a state · transition diagram to express the h igh. level re quirements for
this application.
TEAM EXERCISES
TI 1. 1 Write the high·l evel requirements for a n application decided upon by the ream. Follow tho form of
IEE£830·1993. Track the a mount of rime spont doing this exercise. Decide what fraction ofth. requirements
are understood by the tea m. Estimate how long it wo uld take to obtain 95 porcenr of rhe requi rements. State
how the process you used could have been improved. Be speci fic, a nd provide examples.
TIL2
a. Identify an individua l outside the team who needs a modest a ppl ica tion. You will be gathering high·
level requirements from this ind ividua l, thcn showi ng thcm to him or her.
b. With yeu r ·custome r: identi fy metric, for how he or she will evaluate yo ur high· level
requirements. Also determine the time limit fo r an interview (e.g ., a half hourl.
c. Interview the customer, and write th e high·lcvcl requirements.
d. H ave the customer evaluate and com ment on your high· lcvel req uirements in accordance with the
chosen metrics.
BIBLIOGRAPHY
I ~OntS. AI.,n. &~n. Wixom, 3.nd DaVid T eg3rdcn , "5)'5,,"j AMI)'lJ1IHld On'I" wi th UMl. Vffl)OfI ] 0 AI' Ol,«f.Ortt14r.cJ Ap~,OItCb. · John
Wlln" Son~. p 139, 1005
BIBUOGRAPHY 277
l. JoooI>wn. Iv... · Ol,od 0M0"" So!..,." E.gl• .m,,/' A U.. C." On·... App,..cb." (Addison. W«ley Obj<C1 Technology sma). Add,..,n·
W<Slcy. 1994 .
3. Fowki . Manin. "UML IMblW n.,nI EJ;r.... A 8ri<f C.wl, .. oM S",.wJ",J Obj«i MoJd;"g lA.gug,: Addison.Wcsley. p. 99. lOOo4.
4 Jacobson. Iv••. C,.dy Booch ond Jomos Rumbauwh. "Th U•.j1rJ So/''''''' Orodop.", Pr.",," (Addison· Wesley Objoct Tcr:hnology
$cries). Addison.Wesley. 1999.
5. A1exonde<. I... ond Ncn Maiden (Editors). "x...ri... 5'.ri". Us< C ."" Througb ,lor 5Y'.... , O""lop"",,'li/,.Cy,k", John Wiley 0 Sons.
lOOo4.
6. Invis, A1.n, "20. """"'pits 0/ So/...,,, &'9,.. ,,;.g." MeC.. w HIli, 1995
7. WicQCh. ~rl. "SofbNrt Rrqlffmtmb." Microsoft Press, pp. 193-4 . 1003.
8. -IEFF Recommended Prxtitt for Software- Requirements Spttifications," IEEE Sid 830· 1998, June 1998
Analyzing Detailed
Requirements
Rgure 12.1 The context and learning goals for this chapter
THE MEANING OF DETAILED REQUIREMENTS 279
ft~r luSh -level requIrement are spe Ifled , tYPI ally (or an iteration , the next ste p in rcquorcments
i is to define the deraIled req uirements. The purpose 01 de taIled requirements is to provide the reader
WIth absolutel y .lIth.t's requored of the application . W,th o ne exce pti o n, the re i no where cI e fo r the team
to state <XiI Ily what thIS conSIsts of. For e ample, if we do no t state here that the title of a VIdeo mu.t appear In
• t6-poont font on th e mo no tor, then we aSSume that thos will no t appear In the produ ct
The "exception" mentio ned above refers ro the pOSSIbility 01 eother stat Ing each detail ed requ irem ent as
a comment In the so urce code or of expecting source code and its unit tests to effectively specify the
requirement. Thi tends to be the approa h oI agile projects, which we discus ed previous ly. Ag ole projects do
not rule out the kind of documentation char we di scus In this c hapter, but they value working code ahead of
Sll h separa te documentation.
This chapter concenrratcs on wriue n deta iled reqUireme nts. However, whe ther o ne writes down
d~tailed requirement in these ways o r not , there is no c hOICe but to eventua ll y think them thro ug h. In fact ,
they fo rm a common currency of app licatio ns, as it were Detail ed requirements arc usuall y d ivi ded on to
sectIons, including funct io nal requirements, no nfunc ti o nal requirem e nts, and CUI deta ols
Detailed requorements provide software e nginee" with a ba is lo r deSIg n and Implementatio n. n,ey are
sometimes called "specific requirements," "functi o nal speCificat io ns," o r "developer requirements." Detail ed
requirements consist of a complete liS! of specific prope rtI es and functionality th a t th e application must
possess, expres ed In complete detail. Eac h of these requ irements is labe led, and tracked thro ug h imple·
mentation . Detailed requirements a re consistent wit h, and e laborate upon , the h Ig h -level req uireme nts _They
ar< inte nded to be read primarily by developers -h owever, customers are inte rested in the m as we ll , and
should be able to understand and commen t on them wi th few exceptions. Recall that the primary aud ie nce fo r
the h ig h ·level re.q uire m ents consists of customers.
As the case studies in this book demonstrate, when it comes to software e ngineeri ng, "the deVIl is In the
deta,ls: For example, in 1999 NASA lost a weather sa te ll ite wo rth a rep o rt ed I $125 mill,o n, reportedl y
because control data they had assumed to be in metric fo m, was no t [ I J
.. the root cause for the loss of the M eO spacecraft was the failure 10 usc metric unit s in the
coding of a ground software file , "Small Forces," used in trajectory mo de ls. SpeCIficall y , thruster
performa nce data in English units instead of me tric units was u ed in the software app loc.toon
code titled SMJORCES (s mall forces). A fi le ca lled Angular M o me ntum Desaturation (AMD )
contained the o utput dara from the SM JO R ES so ftware. The data In the AMD fi le wa<
require d to be III me tric units pe r existing o ltw.re Intwface docume ntatI o n, and the trajectory
modelers assumed the data was provided in metric unIts per the requireme nts.'
This descri ptIo n ,mpl,es that the req uireme nts stated the need for metnc un Its but the oftw.rc d id no t
Implement the requi re me nts correc tly A fascinating fact os that thIS defe twas Ide nti ,ed with", mere day, afler
the d,saste r. Th, s mea ns thai it may not be hard to loc.te a defect o nce we kn ow it I present. The pro llcm is often
OUr Ignorance o( liS presence The d etailed requi rements lo rm the first lone 01dde nse agilln tthe corruption r
OmIssion of dcta ofs Far fro m beIng the mindless ac ti VIty that it mig ht flrs t appear, !;e tlln g all the requ Irement'
down In complete detaIl Inv'Jlves the d ifficu lt tasks 01 orga ni zo ng people and the " th u"ht proce" . To
understand this challcng~ , Imag Ine the task of or)(anlz lng a 20-volume req uo re me nt< document (' t , " c1lectlve
that a N A englOeer, for example, would know cxa tly where to add o r look (or a <pccific reqUirement Storing
and malOtalnlng these requireme nts In a ""a rchable database helps a great deal , but the task remains difficult
Indeed.
Whe n two Encounter game characters are in the same area at the same time they may either choose or
be obliged by the game to e ngage each other.
Every game ch arac te r shall have an amount of life points.
The sum of the values of qualities of a game character relevant to the area in question shall be referred to
as the character's area value. In an engagement, the sys tem compares the area values of the characters
and computes the result of the e ngagement .
The name of any c haracte r in Encounter shall have no more than 15 letters.
A It grows, an uno rganized list hke the o ne above quickly becomes unmanageable.
• Its very size makes It hard to understand as a unit even before it grows into the hundreds, if not thousands.
• The reqUIrementS arc of mixed types, performance requirements must be dealt with differently from
functiona l requireme nts , (or example.
style and includes a sectIon for usc cases. Fi gure 12 .3 maps the detatled requirements section o( Sect Ion 3 to
the requirtments ca tegory it describes.
It may be advisable to o rga nize detailed reqUIrements int o a comb",.lio" of lasslficatlons For example, a
feature· based organization could be used within the co"figllring, txcculmg , and backing liP tates of an accou ntIn g
application . The requirements for a factory automation system cou ld be orga ntzed at the h, gh. t levd by
function (i ntake, part manufacturing, and assembly), they co uld then be o rga ni zed by clas withIn eac h.
This means the metho d o( organizing detailed requirements is somellmes related to the probable
architecture or implementation of the appitcation For example, if the deSIgn is :0 be object-onented, detailed
requirements organtzed by use case or class should be considered because they faclittatt traceabtlity. If the
application lends itself to an obvious functional breakdown, then o rga ni ztng the requirement by (.>lUre hIerarchy
may be appropriate.
The oldest manner of orga nt ZII11( detaIled reQ Ulrement< IS by feature . This amount to prOVIding a SImple Itst
of functional,ty such a< the fo ll OW Ing , f'Or th e Encounter VIdeo game Many (eatures are defined bv J IImulus .
and-response pa", as for requirement 12 7.
282 O1APTER 12 ANALYZING DETAILED REQUIREMENTS
3. Specillc requlremenlS
3.1. EXie mal inlerlaee - - - - - - - Inlerface requ lrome nts
requ irements
3.1.1. User inlerlaces
3.1.2. Hardwa re inlerfaces
Figure 12.3 IEEE 830· 1998-specific requ irements, 00 style interpreted as functional and nonfunctional detailed
requirements
SOUrce. IEEE Std 8JO. 199S .
125 . The re shall be a SCI of hy perlinked locat io ns at eve ry exi t to every area.
126. The fo reig n c harac te r shall move fro m area to adjacent area at ra nd o m times, with an average of
three seconds
127. Whe n the use r clicks o n th e "Set qual ities" butto n, the window in fig ure xx appears on Ihe mo nitOr.
Arra ngi ng req uire me n ts by fea ture has Ihe advanta ge o f simpli ciry but the di sadvantage of in·
accessibi lity ; th is is because it all ows jumpin g fro m a feature in o ne pan o f th e applicat io n to a feature
In a com pletely d iffe re nt pa rt. For example , if we wa nted to c han ge the manne r in w hich the fo rei g n character
moves about, we wo uld have to de termin e tha t th e relevant requirement is number 12 6. H ow would we kn ow
w h at o t her req uire me nts are affec te d] Searc h tOo ls can help a g reat deal. Ano th er disadvantag e is the lack of
traceabi lity. For examp le , what pa rt (s) o f th e cod e does requirem e nt 12 5 map ta l
One wa y ro im pose o rd er o n fun c tio nal feature lisls is to arran ge them in a fun c tio n hitrnrcby (i .e., by
dec o mposing the ap plicati o n into a set of h ig h . level fun c tio ns, and th e n Ihese into subfunc ti o ns, etc.). For
exa m ple, the requ ireme nts fo r a ho me b ud get program could be d ecomposed into ( I) dJeckill9 functi o ns, (2)
sa viN9s func ti o ns, and (3) i"" " 'm,,,t fu nc ti o ns. The required ChlCkill9 fu nc tio nality co uld be furth er decomposed
into checkbook fu nctions, reconcilwtio" . and rcporlj"g, and so on.
US( cam (Intro duced in C ha pte r I I) ex ploi t th e o bservati o n that many requ irem e nts occur naturally in
o perati o nal seq ue nces. Fo r exa mple , an ind ividual requ ireme nt suc h as "a video sto re applicat io n shall allow
ente nn g th e title of a new vid eo" ty picall y takes place as pan of a seqll,"cr o f transactio ns . A usc case diagram
sh OWing a collectio n of usc cases fo r a vi deo store applicat io n is illus trated in Figu re 12.4 .
The auth o rs ad vocate provid ing use cases fo r hi g h · level req uire ments . O ne may have the o ption of
usi ng this same organi zing p rin ciple fo r d eta iled requ ire men ts. In this case we would gTOUp the detailed
requireme n ts acco rd ing to eac h use case, Aes hin g out the ste ps o f each use c ase in complete detai l. The
fo llo w ing is an exa mple of how o ne suc h groupin g o f req uire me nts wo uld appea r in the SRS.
Figure 12.4 Organizing requirements by use case for the video store example
The applicatio n shall provide the following capabil ity to interact wIth store clerks. These
requirements assume that the main scree n is on the mo nitor (Note 2)
3.7. 1.1 Step I , Chtck III button (Note 3)
The clerk shall be able to hit the Chrck III bulton , whereupon the (b,ck In screen WIll appear
(described in section xx above).
3.7.1.2 Step 2, Filling in fields (Note 4)
The clerk shall be able to fill in the following text fields In the (b, k In s rcen •
Note I , This paragraph corresponds to the Chrd:in9 in DIID usc case described in the hlgh. level
requirements .
Note 2, This section introduces the usc case and states prrcondlrions. if any. A preco ndition I a fact
assumed true at the inception of the usc case.
Note 3, This corre ponds to the nrst step of the use case.
Note 4, Since these are the detailed requirements, they must specify the requirements completel y. The
details will not be speCified elsewhere.
The Unified Software Development Process favors orga ni ZIng all requirements by u e ca e . Aglie
methods de ·emphasize detailed requirements in favor o( workong code , but they emphaSIze organization of
requirements by user tory.
I Are. CUI ,
Arca C Uls shall have Ihe appe.rance shown in figure xx. When the user clicks o n the ' Set qual,ties"
button , the wi ndow in figure xx appears o n the monitor. When the user clicks o n ... .
2. Dungeon C UI . . .
3. Living Room C UI • • •
The advdntagc of organizi ng requirements by CUI is its direct connectio n with the usc of the application .
Anot her advantage is traceability, we have a good chance of tracking the requirements associ ated with a given
CU I class. One disadvantage of rhis means of o rganizatio n is that it ofren fail s to cover all of the requirements. ln
the Encounter example, we need to describe the requirements for the interaction of the player's character and
the foreign character. No C UI paragraph is a natural container for this. Perhaps the closest is "Area CUls:
However, this is not a uitable place for specifyi ng the manner in which characters exchange points. Another
disadvantage IS rhat given functionality is often associated with several CUls.
As an example , Figure 12 .5 illustrates an organization of the video store requirements by CUI.
Specificatio n of individual CUls is discussed further iA Section 12.3.
•• • 1 I
Figure 4
Figure 12.5 organizing requirements by GUf, for the video store example
ORGANIZING DETAILED REQUIREMENTS 285
This styl.e consists o f collec ting In o ne place the deta iled require ments that apply to each state. For example.
the reqUIrem e nts fo r an appl icatio n that control a c hemical process might be best classified by the states in
whIch the process c an Rnd it e lf (sla rlin1 up, " aclin9 . coo/in9. etc.). With in each state classiflcation the """IS that
affee.t the applicatio n while in that state are listed. Classificatio n by state c an be approp~ate when the
I"'C'qulrements fo r each state arc qu itC' di tinc t. For example , an accounting system may be required to behave
entirely difkre ntl y de pe nding o n whe ther it is in the confi9 urin9 , ex,eu Iln9 , o r btlckin9 up state. Although the
Encounter case study requ ire me nts could be o rgan ized by state , we decided that there are more advantages to
organtzlng them by class, which we describe next.
In the object ·oriente d (o r "cia s') style lo r orga nizi ng requirements, a ca tego rizatio n is fi rs t perlomled
equivalent to selec ting clas os; then the individual requirem e nts arc placed into the resulting classes. C lasses
used to categorize th e requirements arc kn own as domain cl asses. D omain cl asses represent real· wo rld objects
or concepts in the applica tio n . Fo r exampl e, a banki ng applicatio n would have do ma in classes such as bank
mslomt!', cbrckin1 accounl, and savings balm",. A commo n first Step in ide nti fyi ng doma in classes is to ga ther the
nouns or th~ir equivalent used in the high · level requirements W e then make ea h fu nctional detailed
requirement correspond to a functi on in the target language. Th is promotes one-la-one traceability from
detailed requirements to metho ds. Agile meth ods use a si mtlar approach in that detai led requireme nts are
organized by tests 01 classes.
One disadvantage o f organi zi ng requ irements by classes IS the risk that we later c hange the cl asses,
thereby breaking the correspo nde nce between require ment and design. ThIs is d IScussed by Jo rdan, Smila n,
and Wilkinson in [2]. In fa ct, some develo pers use classes lo r o rga nizing the require me nts but do not seriously
aim to usc these classes fo r the desig n. In this case, traceability is compromi sed , but there IS Ie s pressure to
identify lasting classes ve ry earl y in the process. Ano ther disadva ntage of th is classincation is that it requ ires
us to select classes very earl y in the develo pme nt cycle , and man y argue that we a re effectively perlorm ing
design in doin g so. Let's look at the fll cou nl, r game case study as an exa mple. Picking classes such as
Play,rebamelt! and Arm at re quire ments time is harmless since the Implem enta tio n is very likel y to use these
classes. On the other hand, it can be reasonabl y argued that having the ArmConn" 'lolI objects refere nce the
Alta objects that they connec t i a design decisio n.
The great advantage to o rganizing requirements by classes th at will be used in the desig n is that it
promotes tight corres po nde nce be twee n req uireme nts, design, and Impleme ntatio n. This is a key be nefi t fo r
using the 0 0 paradi gm in a ny case. In add iti o n, cla ses that correspo nd to real ·wo rld concepts are muc h
more likely to be reu sed than those th at do no t. For many appl ica tI o ns, the benefi ts o f usi ng a cl ass·oriented
classincation meth od o utweigh ItS drawbac ks in the authors' o pinions.
A ty pIca l seque nce fo r obtai ning fu nc ti o nal de tail ed requ ire me nt UStO g the 00 style is a fo llo ws,
I. List the concepts me nti o ned in the u e cases a nd othe r hi gh . level requireme nts (usuall y, man y of the
nouns).
2. TI,e resulting collect Io n 01 classes is tY PI call y incomple te . T ry to uncover re mai nIng "do mai n" cl asses.
Th IS proce~s is ex pl ai ned below Inspect thl collecti o n o f classes.
3, For each o f the cl as es obtaIned , Wrtte down all o f the req uired fu nc tio nality of the app ltcation pnman ly
penai nm g to tha t class, as shown In the Enco unter ase stud y This I do ne In the fo rm of at mbute. and
fu nc tl o ns For exam pl e , "every c usto me r s hall have a namc" (an anrtbute ltsted under paragra ph Cllslo,"rrs )
286 CHAPTER 1i ANAL YlING DElAILED REQUIREMENTS
1. Obtain domain classes and objec18 Irom use ca,., and high. level
requirements diagram,
r ,
2. Add additional 8I88ntlal domain
Inspect the resulting c:ollec1lon 01 classes
16.Release I
Figure 12.6 Road map for detailed requirements using the 00 style
and "the appli catIon shaU be able to compute the tota l assets of each customer" (a function listed under
( 1I510rn,,, ) In the (req uireme nts) document that you arc writing, avoid usi ng the term "class." Use
ord inary, no ntechni ca l English. Specify the events that the o bjects of the class arc requi red to handle.
4. Inspect the detailed requirements as the process progresses .
5. Idea lly, test plans for each detailed requireme nt should be devised at the same time, as explained below.
6 . Inspected the detailed requireme nts against the hi gh-level requireme nts.
7. Verify the detailed requ ire me nts with the custo mer.
8. Rel ease the requirements , or return to Step 1 ror more requirements.
Reca Jl that the primaJY audience for de tailed require me nts consists of developers. However, customers
are vitaJly interested in the deta ils, too . Figure 12.6 summari zes these steps.
It is a commo n error when classifying requirements by class to use the language of uesign instead of
plain English. For example, the foJlowing language is acceptable .
g"D,/illqu'IJ IDays() returns the numbe r of days delinquent On the accou nt.
In other words, object-orientat ion is u cd here o nl y as an or8a n izin~ pnnciple for the req uirements. Th<
use o f 00 for design and implementation is I>crfonned later.
ORGANIZING DETAILEO REQUIREMENTS 217
We ide ntify the classifying class~s carefull y and co nservatively, identi fyi ng th e d o ma in classes of th e
application . As an additional example, the d o ma,n of an applicatio n simulating a bank mig ht conta in classes
Bank Cuslom" (the corresponding class name in Java o r C • • can have no blanks, of co urse) and Tell" but no t
Filr or DatabQ st-not even Cllstomrr or Tm"5action . Th e latt er arc not specia l to the applicat ion in question . Our
goal is to identify a minimum but suffici ent set of do ma in classes that include all of the speCific requirements.
Each CUI usuall y results in a d o main class .
As another example of d o main class selectio n, consider an appl icatio n th at manages visi ts to a Web site.
Some candidate domain classes are Sitt Visitor, Sile Visit, and Silt Missiou. Requirements pertaining to the visitor
(e .g., data about visitors, and functio nal ity such as displaying vis itor profi les ) wou ld be collected wit h the Sile
Visilor classification . If the application fCquires us to track the reaso ns fo r each visi t, thcn a d o mo," class Sile
Mission would be appropriate . The corresponding requ ireme nts would be coll ected w,th in Sile Miss,on. Fo r
example , the requirement on the applicatio n co uld be that visitors submit a form stating th e lf goals in visil1 ng
the site.
After identifying classes from the use cases and other hi g h · leve l requiremen ts, an effective way to
complete the identification of key do main classes is to use a '·Iist and cu t" process. Th,s co nsist' of (Step I )
listing every reasonable candidate class you can think of, and th e n (Step 2) agg ressivcll' paring down th e list
to a few esse ntial classes. We elaborate o n th ese Sleps nex t.
(Step I) Figure 12.7 s hows candidate classes for the Encounter game elected from the te.xt of the h ig h ·
level requirements. The UniRed Modeling Language (UML) no tat io n for a clas is a recta ng le containing the
class name.
(Step 2) We now Riter th e classes identi fied. Note firs t that il is fa r easier to add a clas later than to
remove one that has become embedded in the design and implementJtio n, so that if there is d ou bt about the
usefulness of a candidate clas we eliminate it. The rationale used fo r the fin al se!cc t, o n of do ma in cI.ssl"S fo r
the case study is given ne xt.
En,oun'", Change to EncouHlcrGnm, to make its purpose clearer (we may also need th e plain "encounte r"
conccpl as we ll ).
Game: Not a domam class-toO ge nera l (,YO mal' rc,ntro duce this later when scek'"8 useful
generalization ).
Ga .. , Ch.r.cler: Too ge neral to be in the do ma in (we may re '"tro duce this later when seek,ng useful
ge neralizations).
288 CHAPTER 12 ANAL YlING DETAILED REQUIREMENTS
Pia cr: Plny,r barnelrr IS a preferable name (mo re speciAc to the domain ).
Foreign I,.raner: OK (foreig n char.c ters aC I In w.ys tha I arc differenl from player c haracters).
Eneoullirr O,atan,,: OK (ge nera lization of PlayerCharacl" , Fo"i9n Charnet", CIC., IS still wllhin the domain
of the app lic.tion )
Exit: NOl sure if we need Ihis; leads lO neighbo rin g area. T ry as si mple attribute of A"a o mit for now
Passageway. We do need to connect are.s, bUI we do not yet know what form these connections will
rake . U sc EtiCo lmtrrArcnCOntH'ction instead.
Map : Omit-not requi red at this Slage (maybe in a future versio n).
Engagrmtlll Display: OK-needed by usc case tho ugh will try to postpone by substituting a command line
ir:tcrface .
The resulti ng classes arc shown in Figure 12.8. The figure includes the inheritance relationships present
among these classes denoted with a tria ngle. UML no tation is covered in de tail in C hapte r 16.
EncounterCharaCler En counterAreaConnection
If ConnectionHyperlink
Th~ classes in Figure 12.8 may relate in ways besides inh~ritance. For CJGImple, EHCo"nler Arc. ConHeclion
will probably .ggreg~te two Arta objects. However, our concern here is only wilh the core application classo<,
using them to organ .ze the requirements . Relat.onsh lps among classe, arc , hown where necessary. Using
Inheritan e enables some degree of leverage. For example, after 51ating the requirement' for EHCO"nllr Characler
we do not need to repeat these requirement' in describing Player Cbaraeler and Forti9n Characler. The Eneo"Hlrr
QaracltT class is shown in italics in Figure 12.8 becau,e it i, abstract- thi, declare, that there will be no actual
characters beside player·controlled and foreig n c haracters.
The IEEE 830· 1998 SRS standard designates a place where the purpose of each class is stated,
together with its key attributes and fu nctio ns. The stan dard ca lls for uSIng the decimal numbe ring system
fro m each class (e .g ., 3.2.5) to eac h of its attribute requirements (e.g ., 3.2.5 . 1) and each of its function
requirements (e.g ., 3.2.5.2). In stead, we will arrange classes alphabetically to make it easier to add and
~move classes. Such insertions are necessary as the applicatio n grows. It is important to number
requirement.s, however, in order to be able to manage the m, so we do this within each class as show n
in the case study.
Sometimes, only "essential" requirements are numbered since onl y they mllSt be tTaced for now. A good
reference for this style of organizing specific requirements is Jordan , Smilan, a nd Wilkinson [2]. T o assist in
trac;ng detailed requirements it can he lp to give a name to each o ne, a in the case stud y. For example ·
Including "desirable" and "optio nal" detailed requireme nts is beneRcial for several reasons. First, the
scope of the application can be co ntrolled by implementing the requ irements in a planned order. Second ,
~tati ng future requirements provi des directi o n to designers, helping them to create designs that can
accommodate fuiure features . One technique for indicating which requirements have actually been designed
for and implemented is to start by including a disclai mer with each , as in the follow ing exa mple.
When organizing deraile d requirements by class, .t's sometimes a c hall enging issue to decide under
what class to state the requirement. Consider the following require me nt example,
This requirement shou ld be classified with "Encounter C harac ters," We wi ll explain below the relarion
of this with a CUI requireme nt. The following require me nt «quires more consi deration.
Whenever the player's main cha rac ter en ters an area , rhat arca and all the characters in it shall be
displayed o n the mo nitor,
Class candidates to classify this function are Playrr haraelrr and Arro . TI,e requirement effectively calls
for an event h an dl er A na tura It n'gger'lng c lass fo r handling the entry event would be lhe area e ntered . because
.
.It IS aware 0 f W' h Ie h c h aracters .'" h ab 1't I' t. The area entered could display itself and the c harac ters It contaons,
\0 the requirement stated above could rea o nabl y be classified under Arm . .
0 d '
W eo ften lin It necessary
to dcal with /I.diu;d""/s. 099"9al;0Ils , and GUis ce ntered o.n a SIng le theme. For
example, for a video tore manageme nt application , we need to deal with the followon!! .
• ' d I V.' dual D VDs7 For exa mple, what are the l en~ th lim.tallons of lhel r
Wh ilt are the reqUire d properr'1e~ 0 f on
titlc\7
290 CHAPIER 12 ANALYllNG DETAILED REQUIREMENTS
• What are the required propertie of the co llecti o n of DVDs? For example, what is the requirement for
stocking new CUls?
• What are the specincations of a CUI that displays info nnauon about DVDs? For example, what are the
limitations on the text shown? (CUI speCifica tions often change Frequently.)
TI,inking ahead, we recognize that the e will be separate classes when we come to design time, so we
organize the requirements document paragraphs to anticipate this. It is u ually best to begin with lhe
paragraph that describe the requirements o n the ",JiviJuals: in thi case, DVD . This speCifies the required
degree of detail that the application is required to store . It is referenced by other paragraphs.
3.2.DV DVDs
• • •
3.2.DC. I.X Director's Name Appearance The director's name shall be dispiayed in
the location shown in figure xx , in accordance with requirement 3.2.DV. I.X, but
limited to the first 20 characters. . ..
• •
• • •
3.2.D1.2.x Stocking a DVD The application shall allow new DVDs to be added to
[he inventory, up to a maximum of one million . ...
• • •
USER INTERFACES: DETAILED REQUIREMENTS 291
rgaOlzmg
pnncipl. Advontage< ))1Sadva11lage<
By Feature © Mops well to why we ore ® Docs not map well to 00 code
bUIlding the appl,ca ti on
© Easy to understand ® Hard to locate random requirement
By U se Case © Easy to understand ® U c cases may overlap
® Hard to trace to deSIgn and code
® Coverage IS hmited
By CUI © Easy to understand ® Not every function appears in a CUI
® Functionaliry of C Uls overlap
® Hard to trace to design and code
By State © Easy to understand ® ClaSSification can be unclear to the
© Design th Inkin g begins early cus tomer
® H ard to allocate requirements to state
By Class © Easy to trace to code ® C1assi 1catlon can be unclear to the
© Easy to locate random cu)tomcr
requirement
© Design thinking begins early
Figure 12.9 ummanzes the d iffe rent way to organize fu nc tio nal detailed requirements that we discussed In
the previous: sections, along with th eir relative advflntagcs and disadvantages
Step 1 Kn ow your u er
• En~ure consl ten cy amo ng the Screen. of d es l ~ n a tcd "PPloc.t lons, and among <crcc n< w,th,n cach
• conventIo ns, procedures, look .and . fecl , loca ti ons
• Anticipate w here the user wi ll usua ll y s tart
• freque ntl y uppe r left-place "Ars t" clement th e re
• lake navigation a si mple as possi ble
• align like clements
• gro up like c lem ents
• o nsl der borders aro und like cleme nts
• App ly a hierarchy to emphasize orde r of imparlance
• Apply principles 01 pleasing visuals u uall y:
• balance, ymmetry, regul arity, predIctability
• simpliCIty; unity: proportion, econom y
• Provide captions
Steps I and 2 were descnbed in the previous C ha pter I I since they apply primarily to hi g h ·level
requ irements We now describe the remai nin g steps fo r specifyi ng detailed user interlace requirements,
whIch are esse ntiall y a detailed descriptIOn of each C UI screen.
First name I I
Middle name I I
Last name I I
Street I I
City I I
State/county I I
,
4 _ ...........
-'~
•
-
. ~
•.
.. ~
•
..
the improvement that the applicarion or th ese p n nciples can bring. Figu re 12 13 shows where so me of rhe
principles of good screen des ig n were applied.
------
·~w..Qustomers ""' - dl!~~a EXQBCted position
Brand
Model
~ID=----_ _ 893·8913·789014
4. Purpose:
present a set of controls
- paleNe window
continually search the l1sl for the option we require, and this outweighs the benefit of increasing the choICes.
The main menu items arc determined by the bUSIness at hand-in this case the processi ng of texL Thus, for
example, gTaphics command are placed o n a secondary menu.
~C~a~s~c~agdrrm~guw~m~d~O~w~S! --------lcon
,-
Tiled New Customer I
t - windows --I
I
- Name Screen
Text bOX - - - . &
First I I I .....a<d
-.:J
Last I I boc'
r
Rand , ·co lor is comple. ity person, ,cd" 4) oftware e ng,nc"" who do not have a profe'slonal desIgner with
whom to work .hould be very panng aod On<ervallve about the u c of co lor. Try black and white ~r<t If
there" a lear purpose to ,t , ""roduce one color Make sure th t th,s help' the u,cr Th,nk seriously before
addIng more olor'S.
Takong note of well .e<tablished applocat,ons, suc h as w,dely u ed wo rd processors, ca n suggest how to
usc colors well. You Ca n be assured that experienced pro fe« ,onals desig ned thcsc onterfaces, and the
untrained software engoneer can beneRt from im,tat,ng them . n,e color blue ,s common ,n real · world scruns
of all kinds. Symmetry of colors 's often recommended, and th,. symmetry c an be of severa l varieties. For
example, the author's word processor uscs mainl y three d,ffere nt , hades of blue, which occur in a symmetrical
pattern on the standard color pa lette. The other two colors u cd arc yellow and , to a lesser extent, green.
These are used on small quantities, accentong additional functionaloty o nl y, and they do not compete with the
major Item , which arc in b lack and gray.
\'qriting the detailed requirements for security measu res is a maftcr of being entirely speciRc about the n«ded
secunty measures. Some of these are shown in Figures 12. 18 a nd 12. 19 When II comes to security logolls, for
example, we may want to requITe that if there is no keystroke o n the application for ten minutes, it logs off
auto matically. Audit tra,ls for security breaches arc important. Some of these requITements are easy enough to
specify but difflcult to implement. For example, how would an application know that it has experienced a
security breach)
For each requirement, we ask what would happen if ,t were to take place under erroneous circ umstances. As an
example, let's take a requirement example put forward by Myers [5]. as shown in Figure 12.20.
5. Password speciRcations
• length , composition, allows characters, etc.
6 . Controls to en ur. data integrity
7 . Retrievable record of encryption methods
8. Information on security attributes of the system
AjtnCclto" lballtlls w!xlbtr Ihr,. "","bm produCt all equilalerallriangle (all sides equal), an i,osceles I'ia ngle (exactly
!wo sid~ equal), or a sca/en, lriangl, (all sides different),
2, an isoscel" lIian9 /' (whoSt ,id" are grealer Ihall uro, exaclly Iwo oj which are eqllal, and Ihaljorm a lriangl,), in which
cast il oUlpul, '/' al Ih, ,ysltm, or
3, a sealen, Iriangl, (whoSt ,id" are all grealer IIJan zero, which jorm a lri,,'g/r, m.d Ihal is n,ilh,ttquilaleral nort,o,etl,,). ill
which caSt il ollipuis '5' al Ib, prompl. or
4. no Irian91" ill wbich caSt il oulpuls 'N' a l Ih, prompl.
This requirements specification is not complete because it does not account' for error conditions. The
version in Figure 12.21 is more complete . A lack of error conditions in requi rements specifications becomes
especially g laring when the function is tes ted, si nce the tester forces error co nd iti o ns and needs to know ,,,hat
the required output is.
Sound requirements analysis does not tum a blind eye to "illegal" input: it deals with th em directly. For
example, it IS tempting to assume that a C UI for the triangle requirement d oes nOt perm it th e input of negative
nUiTlbers, and so the function docs not have to deal with erroneous data . Such an assumption is unwise because it
transfers the "legality" part of the triangle require ment to reqUirements o n code clients of ou r triangle htnction ,
- This increas~ the dependence among parts of the applicatio n, whereas we always try to obta in independent
parts. Although it i, good practice to trap invalid user input at the CU I leve l and to o blige the user to e nter o nl y
legal va lues, this does not subsl'itute for good requirements and error recognitio n elsewhere . The auth ors
recommend requiring the trapping of incorrect data at many , if no t all . possible points. Th is is equivale nt to a
long-established engineering practice of practicin g redundancy to pro mo te safety,
Chapter 13 di scusse the qualities that we want requirements to possess , an d metrics fo r meas"ring them .
We will call out o ne property he re because it is fundamental to how we think about req uirement<'
IraClabtlily .
Imagone an application with 1,000 speC ific requirement , Without, clean tTa ce fro m each requirement
through the deSIgn o f the app li cat.o n to th e actual code that Implement s it, it IS very dlmcult to e n ure that
such an application remains In compliance wHh th e requirements , When th e reqUIrements change, wh ich i
safe to assum e , this becomes eve n mo ,e dtfficult The capaci ty to map each detailed requirement to .tS
rtl<:vam pan ts) of the design and implemen tat Io n is called Ira ea btli ty . We Rrst di cuss the tra eab.h ty of
functional requirements, th en nonfu nc ti o nal req uire me nt<.
One way to help a ompllSh traceabi lity IS to map ea~ h functIona l d e tailed req UIreme nt to a Specl
function o f the target language Th .. t 'c hn.qu e is used III th e Encounter a e stud y. FIgure 12 22 .ho" '$ rart<
/
298 HAPTER 12 ANALYZING DETAILED R QU IR~M ENTS
Design
of the project that we would like to keep linked to have comple te traceability. Achieving and maintaining this
deg ree of tra ceabili ty durin g devel o pment is a major c hallenge .
As an exa mpl e, co nsider the fo llo win g functional require ment for th e Encounler video game case srudy
\'(Ihen a foreIgn ga me c haracter e nters an area co ntaining th e player's main c haracte r, or vIce
versa, they engage each o ther.
The m ea nin g of this stateme nt is clear. What re mains to be seen , however, is what part or parts of the
desig n and code will be respo nsi ble for implementin g this requireme n t. Whe n usi ng thc 00 paradigm we
can link this requi rement to a speCific function of a speCific class. The issue of w ha t class is responsible fo r a
function is not trivial , and it ari ses repeatedl y when usin g the 00 ty le . For the above example, ArrD
objects would be able to recognI ze that an engagement i to take p.1ace s ince the y would presumabl y be
aware of th ei r inhabitants. In particular, th IS requireme nt wtll be traceable to peclhe event-handling code
for th e Arra class.
As the project proceeds, the requ irements d ocument hou ld be kept consistent with the d esig n and the
implementation . When requirements are hard to trace through desig n and code , however, d evelopers tend to
avoid updating the requirements d ocument when mak ing c han ges to the ource code becau. e of the extens,,'e
effor! required . Ultimately , such a deteri o rati o n of documents result in escalatin g development and
mainte nance expenses. ThIS pheno menon is illustrated by th e following example.
Dnxloptr Bill j, ask,d 10 make cbang" 10 1/" implemnllallon /.Jill find, il difficlIlt to COlln,, ' Ih, cod, b, j modifyin!J
to 'he corrtspondiJlg pflrts oj tht rtqu;rrmtttis documtnt l cotlStqurnl/y. ht flllls to "pdale rlx dOCUmN1111110Pl
When a requirements document as a whole is untrustworthy. even the most conscientious developer
balks at properly updating his or her particular part. On the other hand , when the documents are clearly
crosS' referenced, and management makes documentation a job performance requirement, engineer< do keep
them in very good professional shape. In other words, the system used to match detailed requirements with
the designs, and code thaI imp lement them , must be very clear and co ncrete.
When the code implementing a requirement needs to exist in several parts of the implementation,
tracing is achieved by means of a requirements lracmbi!ily ",alrix of which Figure 12.23 is an example. Here,
requirement I 783 is implemented by the action of fun cti o ns 9rll"lm,10 in module I , compIII,Ba!O in module 2,
and ,howNa"" O in module 3. A change in this requiremenl necessi tates a change on o ne or more of these
functions. This must be carefull y managed because Ihese func tions may participate in satisfying other
requirements (e .g .. ,bowNa",,() is used to implement requirement 1784 as well ). As a result, changes made to
satisfy one ",quirement may compromise another. Since many· to· many relationships are difficult to manage ,
we try to make the mapping between requirem ent and function one-to-onc.
We want each detailed requirement to be traceable forward and backward . The preceding discussion
concerns forward traceabiliry of functional requirements from detailed requirement to implementation.
Backward traceability of a detailed requirement means that the requirement is a clear conseq uence 01 one
or more high .level requ irements. For example, the detailed requirement
Foreign characters should move fTO m area to area at intervals averaging 5 seconds
can Ix: traced back to the fo ll o wing hi g h . level requirement, which was part 01 Section 2.0 in the SRS .
The rest [of the c haracters), called "foreign " character<, arc to be under the application's control.
This backward traceabiliry is a basis for the inspectio n o f detailed requirements. Compiete traceability is
Obtaoned when each detailed requirement is Ionked to a spedRc ekment of design , and to a unit test, as suggested
by F'gure 12.22 . lt indicates the advantage of a ti ght trace (correspondence) between each individual functional
requ' reme nt, the part of the design Inte nded to handle the requ irement , and the pan of the code that implements
it. These are coupled with the focused tcst lor the requtreme nt , ca ll ed a 1..,;llrsl. Unit tests are the subject of
Chapter 26.
The preceding discussion concerned functional req uireme nt , but how do we trace nonfun ctional
requireme nts1 This ca n be dimcu ll because more than o ne pari 01 th e design .nd implementation may
contribute to satisfyi ng a nonlun tiona I rcqutremcnl. For example, a req uireme nt that every En Olonter
t n!!"gem"nt com plete In less than o ne second could involve ode in an Ellgagr",ml class, .neVor a Gill'" b.,mcl"
class, . "eVor an A"a clas<. ur oblccti ve at requlremen ls tllne is 10 specify nonlun tlo nal require ments.
clearly as possi ble . In o rd er to larify nonl"nctlor.. 1 requ ireme nt , we will al,o lo uch o n des,s n and
tmplementafion issues.
300 CHAPTER 12 ANALYZING OEl AI LEO R(QUII1EMENTS
InspOCI
- - - - -••......1,mPlemenlatlon l
,,-/ t
,/ I
,/ I
,/ I
,/ I
,/
components ,/
.- I
I
,/ I
,/ I
,/ I
,/
Nonlunctional Requirement · - - - tested by - - - - • System Test
O ne goa l of the design phase is to isolate each no nfunctio nal requirement In a se parate design clement
In the case of performance reqUirements , an iutempl IS made to isolate time -enrical processing units
Appropriate , inspectab le, nonfunctional comme nts accompany each function that is aHected by performance
requirements. Preferably, these are quantitative, as in "must complete in less than one mollisecond In the worst
case ." Simila rl y , in cases where storage constraints arc spec lfled , we identify functions that generate the most
stora ge.
Expenence shows that a relatively small percentage of function s in an application account for most of
the processing, so searching for a few principal time ·consuming ones can be fruitful. Let's return to the "one·
seco nd" performance requirement example for Encounter engagements mentioned above . At design and
implementation time, we seek typica l rime-consuming components in the computation of engagements
These components include loops, graphics displays, and netwo rk communication . Loops and commUnication
arc not involved in computing engagements, and a test is implemented to ensure that the graphics and CUls
required for an engagement execute f.. st enough . Probably, the function that consumes most of the time is
either the function to "e ngage a foreign character" of the E"9a9"""'1 class, or the function to dISplay
engagement results.
To validate nonfunctional requirements we therefore tic each ohhem to a test plan, preferably at the time of
writing the requirement . Figure 12.24 illustrates the typical relationship of functional and nonfunctional
requirements to implementation and testing, discussed above. It illustrates the fact that several elements
may contribute to nonfunctional requirements, and that system or integration testing is typically required to
validate nonfunctional requirements because verifying them (i.e ., prior to execution) can be dimcult.
Detailed requirements can be considered the "currency" of 3 project because they track the amount that' been
accomplished. For example, a project manager can track the project as in Table 12 1 Recall that It's import.nt
for developers to qUickly Rnd rclevant requirements sections to enable them to easily keep a requircll1.-nts
document up-to-date. In the IEEE requirements format, functional requirements arc III ection 2. If we ,,'ere
to number the paragraphs 3.2. 1, 3.2.2, ... , It would be time-consuming to locate the paragraph pertaonlfl/.!
to a CU51.",,, class, for example. For this reason , the authors usc an alphanumeric labcll n8 uch 3 2. U for
Customers, 3.2.DV for DVD<, ct .
PRIORfTlZJNG REQUIREMENTS 301
with video
It is usuall y diffic ult- if not impossible-to imp le ment oil desired fun c tio nah ty of an appiocat lo n o n sc hedule
and within budge t. As discussed in C hapte r 8 , one may trade o ff copabilily , schedll le , qual.ty level , a nd COS I. Thus, .r
the schedule , budget , and quality leve l can no t be chan ged, the o nl y alternative is to vary ca pabd ity-th at I ,
to reduce the:: requirements that are implemented . Thi s reduct ion prace S IS perfo rm ed in a planned manner.
One techniqu e IS to prioritize the specific requirem ents. Rank ing all requirements is usually a waste of time
Instead, many organizatio ns classify requirements in to three (sometime fo ur) catego nes. \'I/e wi ll ca ll th em
-essential ," udesirable," and "optio nal." The usc of three categories IS an applicati on of triage des nbed In
Chapter 5. We fi rst implement all of the esse ntial requirements. The de irable and o pllo nal req uirem en ts
indicate the direction in which the app licatio n is headed and thus inAuence th e des.g n F.gure 1225 gives an
example of req uirements prioritization .
Some specul ate that as muc h as 80 percent of the real benents of man y appiocatio ns accrue fro m as fe w as
20 percent of the requireme nts. Thus, if prioritization is perfo rmed well (e.g., calhng ro ughl y 20 percent-no
mo re- "essential"), o ne can possibly achieve most of an appl.catio n's be ne fit with o nl y a frac tio n of the wo rk.
Th is is a useful point to keep in mind if the project begins to run o ut o f time.
The preliminary draft of a n SRS sho w n in Figure 12.26 co nrains so me pri o rnized deta.led requiremen ts fo r
the first release of Encounter. They are provided here, "warts" and all , to g .ve the reader a feel fo r i<sues that mu t
be dealt with. Some of the "desirables" wi ll become "esse nt ials" in future releases. The requirements are in dr.l ft
form and are clearly in need of reorg anization. They arc improved upon later In this chapter and in the ca e Stud y
The prioritizallon of requirements usually re lat es to the itCr.llio n that wi ll .mpl ement them Fo r
",<ample, if we arc not ab le to impl ement the "optio nal " rcqUirement "Enco unter shatl take less than a second
Figure 12,26 Preliminary SRS fragment showing prioritization and status of deta iled requirements
ro compute th e resul ts o f an engagement" in rhe second iteration , it could appear with h ig her priority in a
subsequent iterati on. Th e requirements for an iteration arc maintained in an identi fi able manner. TI'1 helps In
unders tandin g subsequent requirements.
As each de tailed requirement is written , tesrs for the rcq urrement <ha uld be developed There a~ e erol
advantages to wnting tests Si multaneo usly with the requirement. Fi"'t, dOIng so helps to lan ly thc <pt'C1 11<-
requirement. Second, it shifts SOme work Irom the testin g ~ha e of th e project to the requIrements phase, Thi<
relI eves some of th e pressure on the latter half of the project when rhere IS less tlexlb.lrt III the use of timc
Agiic pro esse 110 o ne slep brther, and If>'ClJy each detailed requirement by mean of a test
AGILE METHODS FOR DElAll ED REQUIReMENTS 303
Figure 12.27 Example of association between detailed requirements and their tests
Requ irem e nt N N N . Every ga mc c haracter in the Encounte r video game shall have a unique name
containin g be tween I and 15 c haracters.
Requirements of th e attnbute type like th is rea ll y specify get- and set · fu nctions, so that Figure 12 27
constitu tes the begi nn ings of a test plan fo r th is requirement Part VII covers these teSts In detail.
In an agile project, th e de ta il ed requ ire me nts arc u uall y expressed In terms of in ·code comments and '"11t
tests rat her than be ing writt c n ex pl ici tl y in a se parate docume nt. For examp le , conside r a traditiona l
requ irem e nt such as th e fo llOW ing .
Th is is replaced with o nc o r mo rc lests as show n in lisling I , aug mented by code comments and eqUivalent
data e ntry in the correspo ndi ng CUI. Assume that the se tu p code in the unit test contains the followIOg
assertE qual s( dVD Searc h.outpu t Message , " Sorry , we don ' t stock
this OVO' , ) ;
• • • • • •
}
-.-
OJ
CD
C ust o mer shall be able to enter rhe name of a OVO ,n rhe tex t box , up to 20 alphanumenc
«• c harac ters. The app hcation shall check rhi s. wi th punc tuati o n marks replaced by blanks, with
c: the OVO inve ntory , and display accordingly "Sorry, we d o n't stock this OVO" o r "Added to
o
Z your liSt." (Excerpt from requirements d ocument. )
Figure 12.28 Unit tests and code comments as detailed requirements in agile processes
Figure 12.29 Comblnlng agile and non·aglle methods In handling delalled requirements
USING TOOLS AND THE WEe FOR REQUIREMENTS ANAl. YSIS 305
, . Understand next
requirement
5. Refeetor 2. Refactor
o. Understand code 10 clean code base 10
high-level uP. ele. prepare for Ihe
requirements requirement, jf
necessary
4. Modify code
base 10 pass
3. Write tests
Ihe test
validating the
When unit tests arc used as detailed requirements, [hey are some times written btJort the code is written
This style is known a !<sf-dn"nl drur/opmtnl. It bui lds upon the existi ng code base, and IS ca rried out in the
following sequence.
2. If needed, refact o r the code to prepare it for the new func ti onality. Rdactoring preserves the code's
functio nal ity, ne ither increaSIng nor dec reasi ng its actual h'llcti o na lity. It IS discussed in detar! In Chapter 24
3. Write test code that would test thIS functiona lity If It eX Isted . This is usuall y done with a tool slIch a
J U nit This te t will fa d initIall y beca use the functiona lity it tests does no t ye t eXIS t
Tool, can htlp th e process o f ca ptunng and managIng r ·q urrcment<- for example , hy >o""n~ , ,ltegon z; n!:.
p"oritizlng, asslgnlns , and tracklnu them One be neA t o f >uc h tool, i> to kn o w who" worklllg on what
requirement at what tIme Ton" <.a n also help to o nt",1 '·fea ture crce p'· -the pr t" by w h, c h leatur~s that
ire not r.ally nece.sary are add ed to th e app lrca tron W,th th e approprI"te t 0 1<. a projec t !tader can more
eaSIly asseos the tatu, "f r.qUlrt·ments a nal y", I or exa mpl e , th e leacler an N" ly d e tcII'lIOl' the percenl"!!"
306 CHAPTER 12 ANALYZING DETAILED REQUIREM ENTS
j:ilatuB
F,oC'tJon wmplOIO Roady lor Ooa.gned Imogr••lon
aQlllOOlllllWl edPd1¥ No.
lor
QUmb.or Essontlol OpUonol slor1od 213 'nopoction UN' 'I liad
' /3
"T tested
Ooslroble Inspoetod
8&§PQQsible
QDgIO~Q[
T
-t
of essenti al deta iled reqUire ments implemented and full y tested by QA. Bugz ill a (someti mes in a version with
the unappealing name "Issue zi ll a"), an open sou rce too l for manag ing reqUi re men ts, was descnbed In .he
Ecl ipse hig h· level requi reme nts case <rudy This cc tlo n also d iscusses the management of requ ire ments for
si mple projects, as wel l as IBM's comme rcial ReqUl sllei' ro ' 001
For simple project , much of this can be performed usi ng a si mple Web ·bascd spread sheet, as illustrated In
Fi gure 12.3 1. Howeve r, fo r most reasonabl y sized projec ts a req Uire men ts tool is esse ntial. The "deSigned for"
desi gnati o n in Figure 12.3 1 ind ica.es that the require me nt is accounted for in the desig n. "Un it tested" means
that the code implementing the req uireme nt has unde rgo ne testi ng in stand·alo ne fash ion . "IntegratIOn
testing" means that the application has bee n tested to verify that it impl ements the requ irement. A table such
as .hat in Figure 12.3 1 is mai ntai ned as part o f a project s'atus document that can be attached to the SPMP
The e lls in th is marri x could be hyperlinked to releva nt parts of the project's documents, thereby
preserving slngle·source documen.atio n for detailed req uirements (i.e., e liminating duplication ). For example,
ro ,.I t
<a href="RequAnaM EngaglngForeignCharacter ">
Engagement Requirement 1
("Engaging a foreign character")
<la>
. ... Implementallon commenls ... .
FllUre 12.32 Hyperllnk from Java source to corresponding detailed requirement using Javadoc
USING TOOLS AND THE WEB FOR REQUIREMENTS ANALYSIS 307
h)'JlCrlinks from the ourcecode to the corresponding detailed requirement can be accompli hed with toolssuch
a Javadoc.J.""doc converts certain Java source code comments into an HTMLdocumcnt describing thc classes
and Iheirmethods (sec, for example , [6 ]). By insening hyperlinks to the SRS within the e commenlS, the HTML
document produced by Javadoc hyperllnks to the SRS. This IS illumated In Figure 12.32 , where the detailed
requirement corresponding to the method CllgagtForrig. Characttrf) is hyperlinked from the document that
Javadoc produces from the ouree code. The usc of dodtts make thIS process increasingly convenient.
The trend is for continual improvements in the process by which prog rammers will be able to more
easily go back and forth between the SRS , the deSi g n, the graphical user interfaces, and the source code.
For substantial projects, professional tool s are needed to track reqUIrements. The shee r number of detailed
requirements usually make this necessary. One example is IBM's Requ is llePro™ product. The fo llowing figures,
describing it, are taken from hllp.//www.lbm.com/deve lo perwo rk ra tio nailli braryl53 47 html F,gure 12.33
shows a window for sClling the properties o f an Individual detai led req uirement
RequisitePro allows various views o f the requ ireme nts as a who le This helps projec t managers and
software engineers to manage and track their progress FI gure 12.34 is o ne example .
W •• I As&! I
...
t U !lr: '0, I ned", I Cb f.
I
-- -
....."or
I
T,..·
\It
r,IT;.~h~E.'---------------~iJ J
Ic :' :a::
.
,
:
U 11
•
c ..
rM
Figure 12.34 A view of a collection of reqUIrements In RequlsltePro
SoI¥ck IBM, hUDHYMW_iDm comIde~eIoptNo'Of'tslrttiOMlllibrbfYJ'5.247 htrnl
308 CHAPTER 12 ANALYZING DEl All D 11EQUIREMENTS
't ,'2'
- •
1$9 •
, 0 _II/ll,,.d,.
t
1.0. J m
- -
erell-"I ~I
It is possi ble to query this requ irements database-ill other words, to obtain all requirements satisfying a
desired criterion , su h as those pertaining to security As individual requirements are wo rked on by softwar~
engineers, tools hke RequisitePro,.M .IIow the "history" to be tracked, a sho wn in F,gure 12.35 . H,story refers
to an account of the work perfomlcd to sa ti sfy th e requirement at various points in time .
Once detailed reqUIrements have been coll ected, the project documents can be updated to reflect the
improved project knowledge. We w"l take as an example the reqUIred updates to the SPMP , which can be
updated as sh own In Figure 12.36.
Detailed requ irements are placed under conA guratl o ll control. One issue to be addressed is what level of
detaIl should be counted as a software conn gura tion item (CI ). ertainly , Section 3 as a whole ("SpecIfic
requ"ements") of the SRS (using the IEEE standard ) could be a CI Each class could be a CI. Individual
requ"ements are typIcally too nne· grai ned to be Cis.
\'qhe n the list of requIrements grows into the hundred , i"cotfSIsttHCltS Can easily arise . Oassifying
requirements by classes, classe; by packages, and packages by subpackages, and the like becomes a necesSIty.
The packages typically correspond to subsystems in the ove rall organizatIon of the application.
Although rompl","css is a goal for which we strive In collecting requirement , it i usually an elusive goal
For substantial applications, there is seldom a natural "last" requirement-just the last one before requirements
freeze . For th is reason , we strive for self·complctcncss: ensuri ng that all of the requirement!' necessary to
accompany each requirement arc present.
Large ·scale projects require increasi ng organizational fomlality (not to be confused WIth formal method» .
The SRS may have to be divided into separa te volumes. A single section on Our (tiny ) case rudy could <"xpand
IntO a 700· page volume. Extensive management work is required to schedule the development and onspection of
detailed requirements. PrOjects WIth hundreds of spednc requ"ements need requIrement manallement tool
The suecc<sful WIdespread usa~e or thdava package< ha shown, however, that I.rge collections of reqlllrementlo
are manageable when the functionality IS organized by well·deRned po kalles, oubpa kag.: and la c>
The rewards of good requirement< analY>ls arc sub tantlal onvcrsely, the penaltl<'S or poor
requirements are substa ntial too. For examp le, Faulk [7], repom on • Covernment A counting Of c study
of the C heyenne Mountain Upgrade project on wh,ch "reqllirements· related problems· ulted on. 600
STUDENT PROJECT GUIDE: REQUIREMENTS FOR THE ENCOUNTER CASE STUDY 309
R"ull of updating
- latus after afltr higl!.lrod Result of updating .fter detailed
Initlol draft rtq,Hrrmt"'S •
reqUirements
Cost Crude Firs! csritlln l(s Improve d cSlimalc using more specific
Estimation eStimates baltd 0" job function points and/or past experience
CO ll 1(")1 1 with similar requirement
Figure 12.36 updating a project upon completion of detailed requirements ana lYSIS
million cost overrun . an eight ·yea r delay , and dimin IS hed capabilit y. Debates continue abo ut the perce nta ge
of large projectS that turn ou t badly versus the percentage that turn out well. Many large projects do a fi ne job
of requirements anal ysic;. Th e author can arrest to thi s fro m persona l experience
12.1 3 STUDENT PROJECT GUIDE: REQUIREMENTS FOR THE ENCOUNTER CASE STUDY
This section illustrates how the requirements princi ple . covered III this book arc translated into practice, by u ing
the video game case stud y as an exa mple It use the o bJec t-o ncntcd sty le of expresslll!: reqUirements Recall that
thiS organiZing style has the advantage of improved tra cea bil ity and the disadvJnta ge o f diminished readability
compared with o ther organizations such a. by use casco11,e ca« study IS continued III <ub equent hapters
1. Preparing
Hal Furness, haVi ng bee n elected the requirements leader. wa< re<po nsi blc for o rgan izing the anal y<is o f the
reqUirements. As per th e prOject o rgani za tio n, Hal was bocked up by Karen Peter,_ They d eCid ed to ga th er
reqUireme nts in two stages. The Ar<t would be primarily from th e customer, perspec tive (hi g h . level
reqUireme nts ), and th e seco nd primarily for d evelo pers (detailed requlremt'n,, )
Hal and K.lren prepared to Ka th e r metnCS on th e req uirement, proce<s 11,ey c1as<ifled the <tage of th e
pr(')Ct:ss by preparati o n Interview, WfllC · Up, and review The I1l clrics they chose were dl tJtcd mo,t1 y b
l
• Time taken
• - eif ,. " c"I1lCIH o f Ih · artlfa t, On a < ale 01 I- I! (nut rn anJuted by ,,",pa ny po litY)
The ~a dcr IS referred to SectIo n 4 01 thi s guide to ,cc the,e metfl (' arran Ke d In tabu la r fo rm
a~n made ,ure that the sy<tcm for IOKl(ing and trac kIng delco, wa , In p la<..c . a nd that Hal was
equipped WIth the docume ntati On of how to usc It
The o mpa ny', "'W t o~ onsldered video ga mes a promISIng area . and were wrll ing 10 provIde seed mont'}'
fo r requireme nt< anal y;i and a prototype It wa, now H al and Karen', t3>k 10 cietern"ne WIth whom to speak 10
get hlg lNevcl rcqu l ~l1lenl . Hal unde~l ood Ihal no ne of the team knew muc h aboul Video gam<.,.. He deCIded 1.0
Interview people who fTeq uc ntl y play ga mes and are intereSlcd In g ivi ng Iherr tIIn e lor a modest fee . H e made
o ntact with Betty Si ms, President of Amaleur Ga mers Intern all o nal, an enthu lastl game player who saw a
bnght luture for VIdeo ga mes as vehIcles lor fun , community involvement , a nd educat Ion Betty also knl"W man y
ga rn ers. H al and Karen decided to wnle up requirements speclfica llons based o n BellY's "'put and then show the
spc ificd tl o ns to others. The rest o f the team was to inv{"sti ga le oth er avc nue~ for input at the sa me: t lm ~ .
At a weekly meelin!!, H al prese nted a plan for requ rrements analysis, as fo llows,
Week 1,
Hal and Karen , Interview Betty, begi n draft ing h ig h · level requirements .
Week 2 :
Hal and Karen, Complete draft of high . level requiremenlS, e ·mail to Betty for comments; arrange to
interview the deSig nated additional people; c· mail existi ng specifica tion to them; c reate a complele
requireme nrs docume nt fo r iteration t ; place under conAglirat io n comro l.
Week 3 :
T eam , Approve the SRS for iteration I.
H al and Karen: Interview deSignated people. edit and expa nd the specification; c·mail to all
interviewees; collate respo nses, edit docume nt, leaVi ng selected issues for team resoluti o n; plan detailed
requirements analysis (sec the Part V 01 this book).
Week . :
T eam, Provide input on the draft SRS; approve plan fo rdetailed req uirements analysis (see Part Vol Ihisbook)
Hal and Karen, Write up SRS and e·mail to all interviewees.
Week 5 ,
Hal and Karen: Resolve issues raised by interviewees, write up results; e ' ma,1 to team, begIn
impleme nting detailed requirements process (sec C hapter 13).
Team : I~ spect h'lIh . levei requirement•.
STUDENT PROJECT GUIDE: REQUIREMENTS FOR THE ENCOUNTER CASE STUDY 311
Despite the expense, Hal felt .t impon.nt to have the cntlfe team inspect the high . level requirements
because of the do ument's importa nce In general , the team planned to use thrce·perso n inspection teams.
Hal heduled the first interv.ew with Betty .n Room 1428 of the Stewan Building from 10,00 a.m. to
11 :30 o.m. He .·moiled h er a bnef write ·up of the project's history, and created the foilowoog very simple
agenda.
Hal decided not to introduce more details because he wanted BellY's requirement to influence the rcst
of the meeting.
H ~ I bro II ctll",d 'n:d cI~rofy ", !! the gJl1le lurther by analyz ing lhe lI"w ,, ( data, but , oon (cal,~d that
the data Ilow I CI" lll'C live added httle va lue
Karen I" vlewed he r no tes with the o ther, A (ew pOlOt ' nceded carre tl ng, but th ' re wa, lIene ral
:lgrecmcn l on the de~ ripti n.
4. Following Up
The SRS Sections I and 2 we re .·mailed to Betty. She realized that Hal and Karen had included o nl y twO o f
the three lise cases, and the third use case describing moveme nt of the player's character was absent. Thi
defect was logged with a high priority.
Betty was surprised to see that the SRS did not reAect several is ue that she thought he had made clear
were importa nt , and was humbled to see that the SR reflected ' requirements" that he had offhandedl
me ntioned but now realized would be a waste of time. The latter IOciuded the ability of the player to change
outfits while an engagement is progressing. She had numerous comme nt , mOSt of which Hal and Kanen
responded to, and some of which were added to the list of defects, Hal e ·mailed the R cction I and 2 to
the team to e nable the m to prepare for an inspection .
Team leader Ed had learned about Arlan Howard , a market ing executive who wa very familiar With the
video game industry The financial backers were willing to fund fun her requirements analysis at the customer
I ~d, and Hal and Karen pre pared to mee t with How~rd The I~tt er wa. no t able to ~r.nr them more th. n half
STUDENT PROJECT GUIDE: REQUIREMENTS FOR THE ENCOUNTER CASE STUDY 313
-
thiS projcct II Writ,,·up
organization (results 01
norm Preparation I ntervi"w insp"ction) Review TOIllI
TIme spent 200 minutes 170 minutes 270 minutes 250 minutes 14.8 hours
(minuteS)
... TIm" sp"nt 250/ 890 = 170/ 890 = 270/ 890 = 200/ 890 =
28 %1120% 19%1123% 30%1127% 22 %112 9%
Quantity 15 pages
procluced
Productivity 15/ 14.8 =
(= TIme! 1.01 pgs/hrll
qldntity) 0 .9 5
xlf·assessed 9 5 9 2
quality
( 1-10)
an hour since he was very busy. Karen developed a prioritized list of questions and topics and mailed them
and the existing draft 01 SRS Chapters I and 2 to H oward . They planned to wrap up the high . level
requiremenlS with Howard. The team also planned the process of developing the detailed requiremenrs .
11, y 11,; , dis lIs' cd orHa", z i n ~ ,he de,ail ed rC'1uorcmcn" by ,late< and a~ '''H'' , bJ,cd on the "at ·
"anSlllon d1J81-:lm de,c nbed "' ,he h'/lh .!cvc! requiremcn» Thl< or/oCallizatlon me thod would <-" nmt o( al.\t
I,he .K,ions that a player would take, , uc h as hck,nl! an eX it hyperhnk o n an area , (o llowed by the effects o(
th" a tI n They both agreed thai till wou ld be an undef\tandable organization, bu, dec ided that It would
no t 'nce to the nnplemcn,ati on a, well as rhey wanted They began ,earch,ng (or other way' In whic h to
rganize ,he detailed requiremcn,s.
Hal wa- ,n (avor of organ lzi n!! the funct ional detailed reqlllre men ,s by use ase, especia ll y Since he
wan ted to loll ow the Llnl ,ed Software Devciopment Process H e sa id ,hat , at tillSstage, the Video game could
most cas d be thought of In terms of the srlth'9 up u~c cas.e, th e ,"OVfI19 lUHOIIg tlJt ga mt OfClU u~c case, and the
MI9"9"'9 thtJortigll bflraclrr lise case . He point'cd out how co nvcnit:nl ll would be to use JUSt these three use cases
as the to tal e"ent of rhe (unctiona l requirement . He was also ex Ited about the prospect o( perhaps being
able ' 0 reuse these u e ca e, for specifying future games
Karen agreed tha, the requirements would be qui te easy to understand if orga nized by use case , but she
had several 01 jections. The first wa that some requirements would be pan of more lhan one use case. An
example is what happe ns when an exit fro m a room is clicked . T hi s could be pan of a ll of the three use cases
they had ide"tined, and so it would nOt be clear where to look lor i, Karen's ot her o bjection was the fact that
mapping from the usc cases ' 0 the code would not be as clean a ,he orgaOlza,ion she had ,n mind. Finally, she
pointed out that the organization was no t yet equipped to properly archive use cases for future reu e.
Karen wanted to orga nize functional use cases by class, which , she aid, faCi litated traceabiliry (rom
requirements to implementatio n. She wanted to pick ,hem ca refully enough to ensure that they would be used as
part o( the design (and Implementation). Hal pointed out a disadvantage of thi approach · the fact that it (oFCed
them to deCide very carl yon some o( the classes tha, they would u e II11mpie mentIOg the application . He was
worried about the pOSSibility ,hat they ma y later c hange their minds about the selection . After further
discussion , they deci ded that o rgani zi ng the detai!cd requircmenls by class had more benents lhan drawbacks,
and they committed to this method . They decided ' 0 be very co nse rvative about class se lection , however.
Thcy checked their interview notes with Betry and Arlan as to the properties ("attributes) of each
classification (cia s). For ex~mplc , thcy asked what propenlcs we re required for the connections between
cwo Encounter areas. (One property of such co nnec tio ns was "the first area" connected , and another was
' the second area.") For each class , they asked themselves what entities (instances of the class) were
required for thc game . For exa mple, there would ha ve to be a dressi ng room arca and a courtyard arca They
then asked what functionality the class had to possess . For exa mpl e, a functionality of each Encounter
character is the ability to configure the values of it·s qualities (requirement 3.2.EC.3 .2). Finally, they listed
all of the events that In tances of the class were req uired to rcspond to (fo r example , clicking on an exit
from an area l.
Onc aspect that di turbed them was the time reqUired for new va lues to take effect. They realized that
this wa a key aspec t to the ga me, if no time were to e lapse , the playe r would si mpl y set the qualities
pertaining to the current area to a maxi mum , and little skill would be required to play the ga me 11,e delay
made the game interesting , but the problem was, h ow much delay should there be) 11,cy con ide red stati ng
"to be decided" for the durat io n, but finally concluded that th is would no t help. They deCided to specify fo ur
seconds, feelin g that changing this amount should be straightforwa rd .
Karen was concerned about the iml'recision of some of the requirements, espeCially those co ncerning
the manner in which qualiry poi nts shoul<l be exchanged when two characters engage each other he felt
that programmers could easily misunderstand the requirements. ThIS would wa te time on defects a~d
produce a defective ga me. She suggested usi ng Z·specifications. Hal made the poi nt thai ~ o o ne excepl Kare n
would understand them ,,'ell enough , ince Ihe rest of Ihe leam dId not have Ihe required edu call o n .
They compromised by agreeing 10 use appro priale mathemall cs In specifying Ihis requirement , bUI no t the
Z·specificalion format. Karen made a menia l nOle Ihal if she ever taughl sohware e ngi neerin g, he would
insist th ai all students to be comp le le ly comfo rtable ,.ith Z ·speciRca lions.
Prom pled by the section headings in the IEEE SRS standard , Karen and H al made sure to cove r all of the
performance requireme nts and c h ecked them With Betty and Arlan , mostl y penalning 10 the peed Ihat Ihe
game would have to possess 10 be inleresting . They a lso Ih oughl Ihrough the memory reqUIrements (RAM
and disk). They the n completed Ihe document.
12,14 CASE STUDY: DETAILED REQUIREMENTS FOR THE ENCOUNTER VIDEO GAME
Th,s seclion compleles the requirem e ntS sjJeclRca · 3.1 Exte rn a l Interface Re qu iremen ts
tlon of the Encounter vid eo ga me in IEEE format.
3.1.1 User Interfaces
3, Detailed Requirements
Section 2. 1.2 in the SR for the En ounlcr VIdeo
lIame showed o nly ketc hes of u cr interfa In
Note to the Student. order 10 proVide product p<!T'Sp<Cl1ve It Ia ked
The IEEE term u.ed in this hcadJllg IS ·speclfic" delailsand , ha uld not be rega rded as the last word.
requirements We have substituted the te rm If u er Interfaces are not o mple leIY ' p<CI-
'ck~lled" to be ~onslstenl with the lext Aed later In Ih ls docume nt , Ihe~ all delall. ,holJd
316 CHAPTEI! 12 ANALYZING DETAILED IlEQUIREMENTS
dressing living
room room
Elena Current hfe
points: 56.38
(SelQU....... ) Value
16.18
1~'2i·1
kitchen
COURTYARD
dressing living
room room
--I
IGot "*"11 ,
lEnd ....1
fOOo"
Doj~ I i)I'I .....
Figure 12.39 Encounter courtyard Image
CASE STUDY: DETAILED REQUIREMENTS FOR THE ENCOUi'lTERVIDEO GAME 319
ID1ngflQn
... IOktoIrt
eo..,...
....,
10'0Wl1
'" 1'1\)
IOJIIi
CUIoI:lfl
....,
Figure 12.40 Encounter dressing room image
E. J. Staude• ..IOhn \\Iiley & Sons. 2001
3.2.AR.2.4 Kitchen Area (essentia l; not yet 3 .2.AR.2.S Living Room Area (essential; not yet
implemented) There shall be an arca with name implemented) There shall be an area Wllh name
"kitchen" requi ring the quality concenrrati on. The "hv i ng room" rcquiri ng the quali ti es co ncen tra ti o n and
preliminary kitchen image shown in Figure 12.42 stam ina Its prelim inary image show n In Figure 1243
Includes a map of nearby areas. includes a map of nea rby area
DUNGEON
dressing
stl!d v
room
'00'''
IClUih
KITCHEN
...
I GoUla... I Courtyard
I'C«IWI
lEnd gem. I
,-
Drou '''IQ
3.2.AR.2.6 Study Area (essential; not yet imple- 3.2.AR.3 Area Functionality
mented) There shall be an area with the nam e
"study" requinng (he quality concentrati on. Its pre -
This is the required functionaliry that pertains
liminary image shown in Figure 12.44 includes a map
specifically to areas. Every functional
of nearby areas.
LIVING ROOM
courtyard
study
00 , ' ... .
('o ' .... 7~ u PI
..
-
'-.
00. 0 M - , 'I)
Living
room
STUDY
DUDgfOD
-
00
eo..n,..!
'0 1-- -
.....
The reader will recognize th. delect in the last 3 .2.FC .3.1 Foreign Character Movement
equation, which should be i:
= // 2. We will (essential; not yet implemented) A long as It
is alive, a forc.g n character should move from area to
leave the defeci Inlact as an example.
adjacent Mea '" rand om interval'\ J,vt:ragins t~·o
seconds. After being present in an area for J rando m
CASE STUDY: DETAILED REQUIREMENTS FOR THE ENCOUNTER VIDEO GAME 325
3.2.PC.2. 1 Player' s Main Character The playt'r 3.2.PQ.1 Attributes of the Player Quality
shall have (.ontr,,1 over a parll lIlar U3me (. haracttr window The wlndnw for ,ett"'~ the qllahtlC> 01
326 CHAPTER 12 ANALYZING 0[1 AILED REQUIREMENTS
a player ch>r.cter In Encounter is shown by means of displayi ng four of the qualities at a time . Cltck.,ng on
• typical example in Figure 12.49. The g.me charac· one of these qualities allows the player to sdect a
ler icon appears In the center, and Its name appears at va lue for It in the text box o n the right. An explan ·
the left top of the screen. The character's life poi nts ation of how the arlthmelic IS performed IS shown 10
.ppt.r in the center. On the left center is a li st box a pale yellow box in the lower part of the screen
16.3
Explanation
"r"'he valuos of the~quC:a:-:,n;:;io~s~n~o:-:t-:sp=ec~lfi;;:ca:::;;lIy7c:;h::o::s=en~r.::m~a:-;in""'ln-:t::-h.-:-sa-m-e--
proportJon to each other. Values less than 1.0 are counted as zero. E.g.,
be(Qf9: Slrenglh = 10.0 . endurance = 60.0 . intelligence = 30 ,0 . pallance = 0 0
(curront hfe poInts 100 + 60.0 ... 30.0 + 0 = 100 0)
change: strength trom 10.0 to 20.0
after; strength .c 20, endurance == 53.33, intelligence :r 26.66
Figure 12,49 User Interface required GUI for setting quality values
sour" GraphlCl reprOduCed wllJ'I pe.,nlssb'l Irom Corel
CASE STUDY: DETAILED REQUIREMENTS FOR THE ENCOUNTER VIDEO GAME 327
Color backgrounds for the name, life points, and 3 .3 Performance Requirements
value boxes are to be pale turquoise.
3.2.PQ .4.1 Displaying the Value of a Quality This section speCifics restnctions on design . If
(essential; not yet implemented) When the there is no material in [his section , designers
player clicks on a quality in the li st box on the are free to create any (good) desig n that
left. the value of that quality sha ll be disp layed in satisnes the requirements. For example, we
the text box on the right. can add the design constraint "one·story" to
the fo ll owi ng: "A house with four bedrooms.
3.2.PQ.4.2 Setting the Value of a Quality all of which are less than a thirtY·second walk
(essential; not yet implemented) When the from the fami ly room ."
user enters a legitimate value for a quality and hIts
the -enter" button, the value of that qua li ty is set to
the amount entered. If the value is invalid, an error Encounter shall be desi gned using UML and
window shall appear stating "invalid value: try again ." objec t·ori ented design It shall be implemented in
Java . The software shall run a a Java application on
3.2.PQ.4 .3 Dismissing the Window (essential; tI'
Window 95. lt shall be designed a way that makes it
not yet implemented) When the user hits the relatively easy to chan ge the n.tles under whIch the
OK button , a time of four seconds elapse , after game operates so that o r-hers can customize the game.
which the window disappea r . At th e end of this time
period (i .e., if there arc nO interruptIons) the va lue 3.5 Software System Attributes
allOCations are made .
3.5. 1 Reliability
3.2.PQ.4.4 Interruption (essentia l; not yet Encounter shall fatl not more than o nce III every
implemented) Upo n Interruption of the dl play 1,000 encounter< T est documentatio n < reference
of the quality value window, the window van l hes to te t goe here >
Note that interruption s , hall be aused by a
forei~n character entering the arca . Note also in thi s 3.5.2 Availability
case that the qualtty value are not hanged and th at En ou nter hall be ava tl able for play on an I
an engagement takes place. n.tn ni nR \'(11ndows 95 onI (i.e ., no ot her appl icOl lo n
328 CHAPTER 12 ANALYZING DETAILED REQUIREMENTS
N o t Inclueled
Future release will allow access to saved
ga",es only with a password . 4.2 Appendixes
Not 1I1c1uded
3,5,4 Maintainability
Appendices may Include
3.5.4.1 Changing Characters and Areas
(a ) Sample VO formats, deSCflp110nS of
(essential) It <hall be str<lIghtforward to change
characters and areas.
COSt analysis stud ies, or results of
user surveys
(b) Supporting or background Informa-
3.5.4.2 Globally Altering Styles (desirable) It
shall be straI ghtforwa rd to globally alter the style of tion that ca n help the readers of the
the areas and connectIOns (Style changes reAect dif, SRS
ferent levels of game play in the same environment. ) (c ) A description of the problem to be
solved by the software
3.5.4.3 Altering Rules of Engagement (oP- (d ) Special packaging instructions for
tional) Rules of engagement should be relativel y the code and the media to meet
easy to c hange. security, export, initial loading, or
other requirements
State explicitly whether or not each appendix
3.6 Other Requirements
is to be an official part of the SRS .
None
12.1S SUMMARY
Detailed requirements ("developer" or "detailed" rcquirements) arc written primarily with designers and
developers in mind. They are created from hi g h · level req uirements, as well as from conti nued customer
Interac tio n . Detaded requirements must be testable, traceable , and consiste nt. Since they become numerous
they must be classified systematically. There are severa l ways to orga nize de tailed requirements including b
featu re , use case , CUI , state , and domain class.
Agile projects tend not to create documents separate from the code and tests with detailed requirements
Detailed req uirements must be traceable to the desi g n and implementation that realize them and to the
tests that vahdate them. Without a clean trace from each reqUIrement through the design of the appli atlon to
the actual code that Implements it, it is very difficult to en ure that such an app(,catlon remains in compliance
with the requirements When the requirements change, which i safe to a sume, this become< even more
difficult. Detailed requirements must also be traceable in the o ther direction , to the 11Igh-level reqUIrements
they arc derived from , fa ensure that all arc fully specified.
Since it is difficult to Implement all desi red functi o nality, requ irement are often prionllzed . Jtegones
such as ",roliol, d"irablt . and opilo""1 are used to deSl gn.:e pnOrities. OrganizatI o n, ommit to dd,vc ring
essential functionality, and if there is time they Implement desirable and then o ptional feJtu,,:
EXERCISES 329
Once detailed "'qulrements have been collec ted, the project documents are updated to reAect the
improved project knowledge . For example, schedules are updated with more accurate dates and risks arc
,..,tired and more info rmation is learned.
12.16 EXERCISES
3. What is wro ng wirh rhe fo llo wing Derail ed requirement , Ex pl aIn how you wo uld fi x them.
a. HomtBudgtf shall di splay a co nve nient interface fo r entering personal data.
b. SalCoHlro' shall compute the predicted tim e it takes to c ircl e the Earth o n the current orbit,
and the actual time taken to circle the Earth o n the previous orbit.
c. /II v<sIKin9 shall determine the best investment stra tegy .
4. What are three advantages and three disadva ntages of o rgani zing delailed req uirements by class
rather than by feature,
5. Suppose that you are definin g the requirem ents fo r an applicatio n that simulates the movement of
customers in a bank. list fi ve classe, that can be used to o rganize the req uire ments.
6. Provide detailed requirements fo r each class identi fie d in Exe rcise 3 by describong o ne attribu te and
one function corresponding to each class.
7. When identifyin g do main classes (as in Fi gure i 2.8), wh y is it usefu l to denote the rel atI o nship
between them (i.e., inheritance, aggregatio n),
8. Applying the principle of goo d screen desig n outl ined in Step 3 of Section 12.3 sketch good C UI
screens fo r a ho me finan ce applicatio n that ,
a. displays a summary of a user's fi nanc ial ho ldings, o rganized by ty pe of ho ld,ng, and
b. allows a user to input rhe details fo r a new ho ldi ng
IEAM EXERCISE
SRS
, t h e SRS fo r your a p pl 'lca rio n · Use o r mod ify the IEEE
W rotc .standard
" . If YOll are u In s an iterative
apprQac h , try to .In d 'Ica te what requirement< arc to be Impl emented In each itera tIo n.
330 CHAPTER 12 ANALYZING DETAILED REQUIR EMENTS
Tra k the t me SpCIlI o n thi' by individuals a nd by the "roup Hrcak thl ~ tIme Into appro prtate
o tl vi ties Measu re the effec tivene, o f you r effort. (Feci free to develop yo ur o wn mctrics, sec also
tea m exercises III previou< c hapters ,) Indi ate ho w the pro CS5 yo u u<cd to de ve lop the RS c;ould
have been lin proved.
Evaluation cri teria:
( I ) Degree of clarity
(2) Exte nt to which the plan includes all relevant del'ai ls and excl ude, irrelevan t materia l
(3) EffectIveness o f your <elf· measurement and process imp roveme nt descrtption
BIBLIOGRAPHY
I Booch. C r.:ady . "Ob} ,-Qnt'll lcd APlIII)'lls (mJ Dwgtl Ull ih ApplicaIlOrtJ,"Add lso n. Wc",lcy , 1994
1 Jordan, R. hard, Ruth Smllan, .lnd Alex Wilkinso n, -Sut'am IIll1n8 the: Project Cycle with O bJect-Onc nted ReqUIrements,· OOPSLA
Co"JruPlcr PfOCttil'"9s ( 1994), pp. 287-300.
3 Cahtz, W , "The ES).t'rl hul Glmle 10 Uw Irt,nfaa Df1j9" At! '"'rOdUf flon 10 CLiI PnrtnplN arlll Tcconufuf1," John Wiley Sons, 1996
<t . lUnd, Paul , "A D~.g""'s ArC YJlc Uni'Vcr'SIlY Press, 1985
S M YCN, C le nfo rd. J., 'Th An oj SoJtwart Tnli"g." John Wiley & Son~ . 1979
6. Jav.,™ SE 6 PI3tfonn Documentatio n, 2006.
7 , Faulk , Slua rt ,"Soft ..... are Requ i reme nlS ; A T ulOria I." 1997, hit p:llww ..... .c ~ . umd , (' d ulcl3 o;: o;:/s pri ng2004/c msc8 38plRC'Qu l rC!mC!n lsl
F3ul~ReQ _Tul , pdf [accessed Novcrnbc:r 29, 2009 ].
8. ,,tars Clim3tc! O rbiter M'shap Investigation B03rd Phase I Repo rt , N ovembc:r 1999 , hpJlltp hq nit..Q .gov/puhlpaolreponsll9991
MCO_ rc:port pdf [accessed Novc:mbC'r 29, 2009] ,
uality and Metrics
• Comprehensiveness?
• Understandability?
• Teslable?
• Traceable?
Figure 13.1 The context and learning goals for this chapter
This chapter deSCribes measures of q uality In requirements The mo re a requireme nts docume nt
expresses what the customer wantS and needs, the h ighe r Its quality \Vle u uall y think of de tails as being far
less Important than the "bl!! pic ture ," but a misSing requirements de tail ca n se n ously affect projects , a
numerous case studlcs show Recall , fo r example, th ove rlooked de ta il o f metnc-to- no nme tnc dl>tance
COnversion that dispatched a $ 125 million spa ecraft to obli Vio n
332 f tAPTER 13 QUALITY AND M ETRICS IN REQUIREM ENTS ANAL VSIS
To he lp e nsure that the requ irem e nts are indeed covered, we foclls on qual ll Ie, that requirem ent< should
po oss They sho uld be complete and consiste nt; eac h one should be capab le of being traced through to the
design and impl eme ntatio n , tested for valid,ty, and implemented accord,ng to a rational pri omy, Figure 132
Iosts these attribu tes and tells what we sho uld look for in good requireme nts. We can systematically revIew
and inspect req uire ments based o n thi s li st . For example , a set of co nsistent requi rements is fa r more Iokel y to
express wha t stakeho lders want and need than a se t with contradic tions.
Th is c hapter disc usses ho w each of these qualities ca n be mea.sllred . "Targe t va lues" refers to the numerical
goa ls set in the project relative to various metrics. Metrics are most useful when their target values arc pecihed i.
advancr. For exampl e , we could state in advance that , based o n experie nce o n past projects, requirement will be
considered ' complete" whco the rate of modinca tio n and addition is less than t percent per week.
Projects are greatl y improved when the QA organization is Involved in rhe requirements a nalySIS stage.
In particular, QA ve rifies that the intended development process is being execu ted in accordance with plans
QA sho uld participate in inspec ti o ns o f requirements docume nts. They tend to have a healthy perspective
bec ause they lInderstand rhat they will ha ve (0 validare the product based on the requirements. In poorly
o rganized projects, QA may be handed an appl ication with little or no req uire ment documentation and
asked to test it Th is begs the question , "what is the application supposed to do)"
Before d,scussi ng the attributes of req uireme nts analysis qualoty lIS ted above, let us discuss the quality of
reqUirements for agile processes. Th e primary process for requirements here consists of el iciting user stories
from th e customer, along with acceptance te ts, and then subjecti ng the imp le mentatIon to th ose te t upon
completion. In addition , the custo m.er must feel satisRed with the result. Thi s mayo r may no t be supported b
significant documentatI o n. Quality has to be assessed , if not measured acco rdon g to th is sta ndard. Th,s entaIl
computing the fraction of acceptance te sts passed and making an assessme nt of th e custo mer' rcaclIon.
possible via a que stionnaire . Si nce the customer-usually in the foml of a team member rcpre entatlVC' ISo
part of the developme nt effort, requirements assessment include the performance of the customer Given the
nature of req uireme nts analysis, this is all to the good .
To deal with a set of req ui rements, we should be ab le to access the o nes we want, when we want them ThIS IS til.<-
quality ofaCCtssibility. The first property we need in this respect is a means of identifyinj,1 the detaIled reqllircm('nt<
COMPREHENSIVENESS OF REQUIREME~S 333
• Metric:
0, tX'III.tly /o,,!/ aotrag, access Ii",' (compand ",ilb Ih, orga Hizalion, Horm)
to: aOtfagc acctss rime as fasf as Ca H be rxptC'tJ
We do this by num bering them in same way . A good numbering system allows uS to kn ow whe the r the
requireme nt has bee n imp le mented , for example, and to trace it to the code that actually carries it out.
A projcct's requirements change continually throughout itS life cycle. For example, when a programmer tries
without success to implement a requirement and explains this to the customer, the latter freq ue ntl y Rnds mi sing
pam in the requirement . The SRS must then be accessed to ascertain whether these mi sing requirements were
present, and included if they were not. Taking an example from the video store case study, the CUSfOmer (i n this
case, the video store) may question why a DVD's play time does not appear o n the mo nitor. The developers and
the customer will want to know whet her this wasspecified in the SRS. Where in that docume nt should they look to
determinc this7 Rummaging through poorly organized documents is time ·co nsuming and therefore expensive .
H cre is a c hecklist for improving the accessibility of requirements:
• Arc the detailed requirements o rganized in groups, preferably with each gTOUp correspondin g [0 a hi gh -
level requirement7
• Are all of the detailed require ments orga nized infO a list, o r a clearly understood Ii t of list 7
• Can you look up requirements by keyword7 By subject matteO By use case7 By G UI ? By uscr type7
• Can you look up requirements by other cri teria relevant to the particular app licatio n o r pfOJec t7
One accessibility metric is the avtragt time ,aken '0 access (J dtta il('d mtuim11M1t. To measure {hi . a sampJt:
would be taken of exi ting and missi ng requirem e nts, and severa l people would be timed fi nding these or
ascertaining that they are absent. Statistica ll y speaking , 150 is a good sa mple size . Smaller sample sizes are
unreliable but are probably better than nothi ng . In selecting a sample , one uses a process that is as rand o m as
time allows. For example, o ne could ask eac h of a group of people fa miliar with the pro posed appli catio n to
contribute ten potential detai led requ ireme nts, then pick at random fro m the combined hst to obtain samples
to seek. AcceSSibili ty IS summarized in Figure 13.3.
make the requirement mo re comprehensive. One way to deal with the evolVing set of require ments is to
Include requirements of h,turc iterations and of all priorities In measuring comp leteness. An example IS s hown
In Table 13. 1. Thi s perspective helps us to assess how close our plans arc to sa tisfyi ng the customer's wants
and needs.
A mo re tractable measure is stij.compl","tSS, in which the requ irements contain all materials th at its partS
reference. However, this is somewhat different , and is discussed bel ow.
Here is a checkltst for improving the comp rehensive ness of requirements:
• Summarize, or give a very short preliminary description of needed requirements that have not been
included yet.
• Is the customer satisfied that the requirement' reAect all of his or her needs and wishes
• What fraction of the listed requirements are slated for implementation in the current release Future
releases )
781 Every customer record shall include the customer's credit card number, consisting of 1 2
16 digits.
782 , ..
UNAMBIGUITY OF REQUIREMENTS 335
Understandabi lity appears to be a hi g hl y subjective qua lity because it depends o n peoples' o pIni o n.
However, it can be measured . For example, a random set of people from an appropriate population can be
asked to express on a form their opinio n 01 a requirements docum ent Table 13.2 is an example of an
opinion form-in this case applied to a u or interface . Here is a c hecklist fo r imp roving the compreh en ·
siveness of requirement s.
• Are the requirements written in language that its ty pical reader would understand7
• Do the requirements describe only external behavi o r-that is, as seen from the user's POlOt of view l ("U ser"
can include external sys tems rather than just people .)
• Do the requirements avoid stating ',010 the problem is to be solved, what tec hniques are to be used, o r ho'" the
application is to be designed7 (The except io ns to this are when such peCl fica tio n are indeed req uited up front .)
• For each reqUIreme nt, IS there o nl y o ne way that 0 ty pica l reader would IOterpre t "
• Fo r each requ irem e nt , arc terms aVOIded that could be underswod 10 mo re than o ne way7
F,gure 13.7 shows a me tric for ambi g uity that de pe nds o n a trioge meas ureme nt deCIde whether the
d.:talled reqUIrement ha e xac tl y o ne clear meo ning (score of 2 ), o r mony mca n1l1gs ( corc 0 ), o the " vl<c g,ve"
• 'COre of I .
336 CHAPTtR 13 QUAUTY AND METRICS IN REQUIREMENTS ANALYSIS
A set 01 detailed requirements is cOIISllI",1 if there arc no contradictions among them . As the number of detailed
require ments grows, inconsistency tends to become difRcult to detect. Inconsistency is illustrated by the
three requirements in Figure 13.8.
• For each requ iremen" are there olher requirements that could lea d '0 co ntradicting or annulhng i,)
• For each requirement , are there other requ irements that arc very similar and so can reate Inconsislencles?
• Does each requirement avoid a chair. of conseque nces tha, ca n', be readily fo ll owed )
A consistency metric is Ih, prrc,"lag, oj d,lail,d rrq llir",,,,lIs partly or wholly cOlllmd,clcd r/5<whrrr. T o ob,ai n such
a metric, one would consider a sample of de ,ailed requirements - I 50 would be appropria,e-and investiga,e
each one in tum '0
determine whether i, is co ntradicted elsewhere in ,he document.lllis en,ad, comparing"
to all of the remaining detailed requirements . Figure 13.9 prOVides ano,her example.
This measure is imperfect because it accounts on ly for pairs of Inco nSIS tent reqUIrements A Figure I 8
illustrates, inconsistency can fesult (-rom a se t of requirements
Since qua lily is ultim ate ly de Aned by customer sa lisfacllon, the re qUirements ana lysIS proce, "con tinuall y
directed toward the customer's conce pl of sa ti sfacll o n . T eams 'YP lca ll y show stake holders Interim a com·
plishments, and stakeho lders then IIlnutnce lhe course of the work accord ing ly . Be ausc of thIS. ,h,' priority
of requ ireme nlS and thus the order In which requirements arc Im plemented , as de cnbed III hapter 12-
makes a SlgniAcant d iffere nce in the custo mer's sa ll sfa tion In math ematical lan guage, ,hi IS a non ·
commutat ive operation si nce the SRS seque nce
There are effective and ineffective prio riti za tio ns. Fo r example, g iVing most req uirements the hIghest
pn o rity Indicates poor planning. Ranking low . prio rity requiremenlS IS usuall y a waste of time because they are
unl ikely to be all im plemented. As me ntio ned , when stake ho lde rs see the Impl eme ntatio n of reqUIrements, they
tend to change subsequent requirements. An effective priori tizat ion tries to account fo r these faccars
H ere is a c hecklist fo r improvi ng the prioritization of re q uirements.
• Arc the prio rit ies at a hi gh level consistent with th ose at the detai led leve l)
• Is there a pnoritlzation process in place such that it will remain clear what is the ne xt importan t requ irement
that sho uld be wo rked o n)
As ume that each req uirement is in o ne of three priorities. H ow would we measure the quality of the
prioritizationr A good quality prioritization categorizes requirements into equal parts, indicating that no
category has been neglected. Figure 13. 10 sho ws a metric fo r this.
For example, if 900 requirements arc very well prio riti zed, each category would contain 300 requirements
and the fo rmula would g ive 100 . [900 - 0 - 0 - 0 V900 = 100%. O n the o ther hand, if 700 were classified as
h igh priority, 100 as medium and 100 as low, the me tric would yield
100. [900 -1300 - 7001-1 300 - 1001-1300 - 100111900 = 100' 100/900 = 11.1 %
Security ca n be dea lt with a an actual (explicit ) requirement or as on at~ributo of require ments. For example.
"All passwords shall be unavailable except to the system administrato." I on explicit requirement of an
application. On the other hand . 'The requirements in our SRS will cause (ewer than 10 security brea hos of
level I or greater (defined elsewhere) in a century of COntinuous operation under the threat e nvII'Onmcnt of
2009" is not a requirement in the ordinary sense. It is an attribute of the requirements.
Security In requirements is a special case in that It deal s with deliberate explOIts o n the p.ln of o the l'S to
misuse It. Traditional requirements, after aH, are intended to specify what an application sbowlJ do, and have not
SEl.F·COMPLEI ENESS OF REQUIREMENTS 339
.ddJtssed misuse. This i changing . To an increasing extent, requirements documeOls are addressing the security
~ by including such content as misus< casts. These arc similar to the idea , me ntioned earlier, of inverse
requirements. The following are examples of misuse cases use cases that the system is required to disallow.
An automated user of the application eMters a known user ID and more than 10 password per second.
A user accesses more than 30 customer records in a si ngle si tting and transmits these to another
address within 10 seconds of accessi ng the m.
• Consider the places in the pro posed application where intrusion appears to be possib le. Are concrete
security requ irements stated fo r those places]
• Have speCific, known security exploits ("hac ks") been speCified aga insO An example is "SQL Injection shall
be prevented." (SQL injection is a mea ns of unautho ri zed database access.)
TypiCally, a requirement depends o n o ther requirem e nts. A set o f requirements is " If·com plttt If it contai ns
every part whose inclusion is necessi tated by parts already present. Figure 13 II illustrates an incomplete et
of «quirements. Without the speci Rcatio n of how a video is to be "displ ayed," thi s se t of requi rements is
incomplete as a unit.
As anothe r example, suppose that the SRS for a ca le ndar application contai ns the fo llowi ng requi rement.
Th, applicalioll ,hall rttain all ",jormatioll t>ltrrrd by tht "'" jor tach appoilltmtllt.
REQUIREMENTS
I. Tht applicalion lhall di,play a DVD ill slock Ivbtll a
lilk i, mtrrrd at Iht prompt, ot""wi" il ,IJall di,play
"OUT OF STOCK. "
2. Tht applica llon shall display all oj Iht ,10"" DVD,
by any dirtclor whost las t namt i, ", Iurd at Iht promp t
Thts< ,hall bt di,playtd Ollt by 001t Advall ill9 tlJrollgh Iht
DVDs ,hall bt con lrolltd by Iht lorward artOI/1 kry
The prese n e of th is requirement ncce sita tcs a requirement describing means forentcnng apPointment
information It also necessitates a reqUirement explaining means (or displaying this Information . TI,is IS the
meaning 01 "sell-completion ." Here is a c hecklist lor improVing the sell-completeness 01 requ iremcnts
• For eac h requirement stated, are all th e requirements prese nt that it rclers to]
• For each requirement stated , arc all the requirem e nts present that It depends on ]
To measure sell·completen ess, we look a t each detailed requirement and note any necessary associated
reqUirement that is missing . An appropriate metric is shown in Figure 13. 12 .
The number 01 miSSing requirements is determined by sampling.
Each detailed requirement must be leslablt; that is, it must be possible 10 definitely validate that the
requirement is operative in the finished app lication by testing lor it. Figure 13. 13 provides an example
01 a non testable requirement, and sh ows what it would take to make the requirement testable.
Better;
3. Layout of buttons
4. Readability
• • • • • •
Requirements that are no t testable arc of negligi ble va lue. It would be impossible to assess whether such a
requirement has been attained. This is an all·or.no th ing property. The re is lit tle value in the "degree of
testability" of a requirement.
Testability can sometimes be used to specify a detailed C UI requirement. Fo r example , instead of
specifying a CUI in complete detail we may prefer to provide a test suc h a the following ,
The CUI for entering DVDs shall ha ve the Rclds and butto ns listed in figu re xx, and its deSign
shall score an average of at least 8.5 out of l Oon the user satisfactio n questionnaire In Table 13.1 .
An effective way to ensure testability and to ensure the clari ry of a requ irement at the sa me time is to
include tests with the requirement. Figures 13 . 14 and 13 . 15 illustrate an example.
Agile programming applies this test orientation but sho rt ·ci rc llit's the prose by e ncodin g the test up
front , usi ng it as a requirement, in effec t . A reasonable testabil ity me tric IS the fo ll owi ng,
Even when a requirement is tes table , executing a test may be d ifficult o r time-co nsum ing. T o be
complete, we sometimes need to consider the cos, oj ',,'i"9
as part of the considerati o n. A very h igh cost
The video store app lication s hall impl eme nt a discount program as follows,
I U\lo me r we" Jo nes re nt, o n ' OVO He b c hJrl(ed the rq!ul. r rc nt31 o( $ 5 00
2 ustomer T r re," Edward, re nts two OVO, he i, c h3rgcd th e rc~ul ar rel1t31 o( $5 .00 fo r the f,m and
$4 00 (20% d" ounl ) (o r the e o nd .
usto me r ll,eodo re L, sl renlS Ihree OVOs He, c harged the regul ar re ntal of $500 for the nrst, $4 00
(20% d,s ounl ) (o r the second , and $3.00 (40% d i ount ) (o r the thIrd .
4. usto me r Fred Harari rent < !lve OVOs. He IS c ha rged Ihe re~ul a r re ntal o ( $5.00 (o r the first, $4 00
(20% di s ount) for th ~ seco nd , and $3.00 (40% d, s o unt) (o r Ihe third. The fo urth and nfth OVOs are
harged at $3.00 (40% dlScot'"t ).
inAuences our c ho ,ce and pnoriry of requirements. For example, suppose that we cons,de r adding to our
online video service the follOWing requirement:
Fo r each movie entered by the customer, the appltcation shall di splay a number from 0 to 5 that
provides the ystem's estimate o( how much he will like the movie . This e t,mate 's based on the
, .. .
customers past viewing ratings .
ThIS can be tested, but the expense of doing so properly ma y d,ssuade us from making it a hi gh prio ri ry
Reco mmendation algorithms have become a competitive activity amo ng providers, with large rewards
provided fo r the creators o f the most (measurably) effective ones. like this one, many requirements are
strongly associated with business decisions.
Here i a c hecklist for improving the testability of requirements,
• Is Ihe requirement clear enough to devise inpu t/output data samples lhat exercise it) Specify the tests.
• Is there a set o f tests that, if passed. provides significant confidence that the requirement will have bee n
satisfied?
• If one reasonable person in the cuSlomer community proposed a set of tests for the reqUIrement, would
another probably agree that it tests the requirement?
T raceabiliry was defined in Chapter 10. Our concern here is how to measure a .et of requirements in th,
respect. A requirement is traceable if it maps in a completely clear manner to the design clement that
accommodate it. the code that implements it, and the tests that test ,t . \'(Ihen the 0 0 or "class"
organizat ion o( requirement writing is used, the mapping to the class within the des'gn and to the code
can be comple tely clear. It requires work and clear th"'king to mainta", such clariry, however. For e ample , a
Cuslolll" paragraph that speCifies the rentals that each customer can have could compromise traceabili ry The
design would probably have the clas«, C""O'"" , DVD, DVDRrtJlnl , and DVDRrnlnls. The requirementS
orgal1lzallon should reAect this.
Organizing cla.scs by funclIona lt ty, CU ls, use cases, and so on has vanous advantages, as dis u sed "'
Chapter 12 , but traceabiliry is 110t a strength for most o( them . One would have to pen,« cach deta,led
requirement and ask whe ther a will clearly map to a class.
METRICS FOR REQUIREMENTS ANAlYSIS 343
(Range: 0 to 100)
• For each detailed requirement . is it clearly conceIvable that an ide ntifiabl e part of the code base will
Implement it? (It's ideal when a single method implements a SIngle deta ded requirement. )
• Is it clearly conceivable that a ing le, identifiable pan of a software design ..nd implementatio n could contain
itl (A detailed requirement that must be spread over several probable main modules is not easily traceable.
Traceability can be measured as in Figure 13. 16. Usi ng 2 as a measure allows the appl,catio n of triage for
a give requirement , where 0 = u,,'raccablt, 2 = Jldly 'ra ctablt , J othtnVlst .
The previous sections of thi s chapter described metri cs for a number of requirements qualities , acceSSIbility,
comprehensiveness, understandability, unambiguousness, consistency, deg ree of pri omizatio n, secu rity, se lf-
completeness, testability , and traceabi lity_ Additio nal metrics ca n be considered .
The fo llowing li st of quality assurance metrics includes requirements analysis metrics in IEEE Standard
982.2-1988 ("IEEE Cuide for the Use of IEEE Standard Dictionary of Measure to Produce Reliable
Software"). Some measure the qualities we have already discussed in a different manner.
reqlllrcrncnb arc
- rnodifled
- elimlnaled
- added
• 1easure of the degree of o mpl e tcncss of the requIrement, . ThIs can be e't lmated from the rate, after the
official "nd of dctarled requirements collectio n, a t whic h specIfic requrrem e nts are . ..
- mod ified
- added
The reader is referred to C hapter 5 for a descriptio n o f the inspection process In general.
Detailed requirements are the Arst software process documents that ca n be inspected agarnst pnor
docum e ntatio n (the h igh.level requirements). Inspectors prepare For the inspection by reading over the hIgh .
level requirements and companng the detailed requirements with them. It ca n be very productive to Inspeci
requ ireme nts against each of the qua lities and metrics listed above .
The rest of thi s section proVides an example of a detailed requirements inspection. H e re is an un inspected
versio n of detailed require ments For the Encounter video game case study o n which we will perfo rm an example
inspec tion, entering the results in a table (see Tabl e 13.3 ). We empl oy the technique of auto mati cally adding the
"no t inspected yet" comment to each . It is removed when the inspectio n takes place. The Anal versio n of these
requirements, re sulting from the inspecti on, is shown in the accompanyi ng Encounter case study.
Arm R'4u ir"''''11 I ("Art. name"). (Not inspected ye t) Every area shall ha ve a name of up to t 5 characters.
Art. R'4uir"""11 2 ("Art. image") . (Not inspected ye t) There shall be an Image in gif fo rm to display each
Art. object.
Art. Rr4ui"'''''11 3 ("Display area method") . (Not inspected yet ) Whenevcr a player character enters an
arca, that area and the c harac te rs in it shall be displayed.
Art. Rr4uir"""11 , ("Courtyard object"). (Not inspected ye t) There shall be an Art. o bject with name
"courtyard: Its image shall be that shown in Figurc xx o n pagc xx.
Art. Rr4uirrmrnl 5 ("Dressing room object"). (Not inspected ye t) Therc shall be an Area object with name
"dr<ssing room" and blank background image. The dreSSing room shall be adjacent to the courtyard area.
Encou,,'er Rr4uirrmrr,' f ("Engaging a foreign character"). (No t inspected yet) When an engagement takes
place, the Following computation IS performed, The sum of the values of qualities of a game char.Jcter
relevant to the area in question shall be refcrred to as the characters area value. (In this release, all qualities
will cou nt as equal.) In an cngagement, the system compares the area values of the characters and ITan fer<
to the stronger, hal fofthe points of the weaker. For example, suppose the pl.yer cn!!ages a foreign character
In an area requiring stamina and attention span, and ps is the value of the player's stamrna, et . A Imlog p.,
+ p. > f, + f" wewould have p,' = P. + f/ 2, Po' = p. + f/2 , F,' = (,12 , fo' = f/2 where xl is the vallie 0 x.fter
the transaction.
Table 13.3 Example of a foml used for the Inspection of detailed requirements
Traceable
Requirement Traceable forward
NO. Description backward Comprehensive Consistent Feasible unambiguous Clear precise Modifiable Testable Note 14
1001 Area Requirement 1 Note 2 Note 1 Yes Yes NO 1 Yes NOl N02 No 1, 2 Yes
1002 Area Requirement 2 Yes Yes Yes Yes N0 3 Yes No3 Note 3 Yes Yes
1003 Area Requirement 6 Yes NOle 5 Nole 5 Yes N03 N03 NO S Yes Yes Yes
1004 Area Requirement 3 Yes Yes Yes Yes Yes Yes NOle6 Note 3 Yes Yes
1005 Area Requirement 4 Yes Nole 7 Yes Yes Yes Yes Yes Yes Yes Yes
1006 Engagement NOle2 Yes Yes Yes Yes Yes Yes Nole 3 Yes Yes
Re.9ulrement ,
1007 Encountercharacter Yes NOle 1 Yes Yes No 1 Yes NO 1 N0 2 No 1, 2 Yes
Requirement 1
1008 EncounterCharacter Yes No 11 Yes Yes Yes NOl e Yes N06 Yes Note 9
Requirement 2 8
1009 Encountercharacter Yes Yes Yes Yes Yes Yes Yes Note 3 Yes Yes
R~ulrement 3
1010 EncounterCharacter NOle " Yes Yes Yes Yes NOle NOle 12 No 7 Yes Yes
R~ulrement 4 12
1011 EncounterGame Yes Yes Yes Yes Yes Yes Yes NOle 13 Yes Yes
Requirement 1
Yes Yes Yes Yes Yes NO8,9 Yes Yes Yes -z
1012 foreign Character Note 11 VI
."
Requirement 1 m
n
1013 Pla~er Character Yes Yes Yes Yes Yes NO Yes Note 15 Yes Yes :::t
10 z
Requirement, C>
NO 12 Yes 0
1014 Plaler Character Yes Yes Yes Yes No 12 NO NO 12 Nole 3
~
Requirement 2
Yes Yes Yes Yes NOle 10
12
Nole Yes Yes Yes Yes
...
~
m
1015 Pla~er Character 0
10
Requirement 3 '"Dmc
-m
'";:::
m
~
VI
~
346 CHAPTER 1J QUALITY AND METRICS IN REQUIREMENTS ANALYSIS
Ell 0,,"1, I),,,,, I" R,qlll"'","1 , ("Name of ga me haracld '). (NOI ,nspecled yel l !- very game charac tcr ,n
lhe En o U/ncr video ga me shall have a uni que name o f up 10 15 chara l e r~
E" 0""1,, I ,",' I" Rrq,,;rrmn" ("Qua lities of !;,me charac lers''). (NOI Inspec led yel l Every game
1
c har. ler has lhe same scI of qual ,.lies, each having. floating pOlin value These arc In'tialized 10
1001n, where n is lhe Ilum ber of quali lies. The qua l'lie, are allentiOn 'pan , endurance , intelligence,
pa lie n C, and strenglh .
E" 0,,"1, l>araelrr R,qlllrtl","1 J ("Image of game h.racler" ). (NOI In spe ted yel l Every game character
w,lI be shown uSing all image that lakes up no mo re lhan 1/8 of the monilOr screen
Elleo,,"lrr IJaracl" R'q,,;rnllClI I < (,'Engagemenl wllh foreig n haracler") . (Nol lnspcctcd yel l Whenever an
Encounler ga me charac ler enters an area con lai ning anol her ga me c haracler and one of lhem is player.
controll ed, lhe player c harac ler may either chao e or be obliged by lhe ga me to engage the olher
characler \XI' hel her lhere is a c hoice o r not is co nrro ll ed by lhe game in a random way o n a 50% basis
Elleollt"trGam, R,qlll"mClII I ("Encounter game objec!"). (NOI In pecle d ye t) There shall be a Si ngle
Encou nterGa me objecl.
FOrtl911Charaeltr R,q"",m,"1 ("Freddie foreign characte r object") . (NOI inspecled yet ) There shall be a
I
foreig n c haracte r named "Freddie," all of whose qualities have equal values and whose Image is shown in
Figure 4.57.
PlaytrCh.,.eltr R,qlllrnllcIII
("Conngurability"). (NOI inspected ye ll Whenever all foreign players are
I
absent fro m an area , the player may set the values of his o r her qua li ties us ing the PlayerQuall ty.
Window , as long as the sum of the qual ity values rema ins lhe same.
Play,rCharaclrr RC4" irtnlCllI
("Main playe r character") . (No t inspecled yel l The player shall have
2
complele control over a part icu lar game character called the main c haracter.
PI.yrrCharaelrr R'4"irCltl"" ("liVing points") (Not inspected yet). Encounter shall produce lhe sum of the
J
values of lh e charac ler's qualities, ca lled its livi ng points.
We will show ty pical results of an inspection of these requirements. O ne inspection comment aboot thiS
sel as a who le is that the requirements do not support enough expansion of the game into a competitive
product. A more particular defect is that the requirements do no t properly specify lhe delay involved in
settin g a player's quality va lues, during the delay the player is subjected to an engagemenl in an unprepared
state . (If the delay is too small , the player simpl y se ts the qualities required fo r the area as high as possible and
lhe game is not much of a challenge.) Let's inspecl the list of proposed detailed requirements one al a time
Table 13.3 IS an example of a form that can be used for lhe mspection of detailed requirements. applied
to the above list. Most of the melrics preVi ously described in lhi s chapter ca n be computed fro m th is table
The table co nta ins "Notes" and "No" notes.
H ere are the "No" no tes,
II. Ambiguous, because the player can't contro l everything that happens to the main character at all times .
4. It is hard to answer "complete" because it is unclear. See the note referenced in the "Clear" column fo r the issue.
5. We assume that the customer has some leeway in exactly what the "courtyard" will look Ioke .
S. It is usually preferable to have a si ngle requirement match each attribute. Thi s doc not appear necessary,
as the qualities will be treated alike.
10. These details arc not mentioned in the high · level requirements, check with customer.
12. For Internet versions, it may become necessary to have more than o ne instance of an EncounterGame
object. We will not exclude this possibility in future iterations.
14. Is the requirement wrinen in such a way that it will be possible to trace it through to the code that
implements it7
13.14 SUMMARY
The quality of a requirements document is reRected in how well it expresse customer wants and nec:ds. T o
hdp ensure that requirements are of high quality, we focu s o n attributes the y shou ld posses . TI,ey Include
the follOWing:
• AccesSIble
• Comprehensive
348 CHAPTER 13 QUAUTY AND METRICS IN REQUIREMENTS ANALY IS
• L1nJ",bl ~u liS
• on~ls t cnt
• Pnontlzed
• cure
• e1 f·complc te
• Testable
• Traceable
Requircl11enrs arc Inspccted aftcr they are writtcn . They are the Ar t softwa re process documents that
can be inspected against prior documentation (the customer reqUirements). It ca n be very productive to
Inspect requirements against each of the attributes listed above.
13.15 EXERCISES
1. (This is intended to bc a closed book exercise .) list the qualities that requirements should possess
(o ne example · precise). In your own words, dcscribe the meaning of each .
2. Explain why the following requirement fo r a book sa les site is ambiguous. Modify the reqUirement
to make it unambiguous.
"Orders that include speCia l edition books and overnight delivery or exceed $ t 00 must be
processed ove r the phone."
3. Provide an exa mple of three requirements for an order entry system that are inconsistent . How
would you modify thelll to make them consistent?
-I . For the order entry system in Exercise 3, provide three requirement that are not testable, and
expla in why each is not testable . Provide a modified version of each requirement to make it
testable.
5. Your instructor will pair up stude nt project teams. Conduct an inspection of the other team·s
detailed requirements. Evaluate thc requirements against the list of metrics described in thi
chapter Prepare a table such as Table t 3.3 to summarize your results.
Formal and Emerging Methods
in Requirements Analysis: An
Introduction Online Chapter
14.7 SUMMARY
14.8 EXERCISES
To access this online chapter please visit www .wiley.com/cottege/braude.
principles of Software Desi n
Figure 15.1 The context and learning goals for this chapter
A ·sorrware deSIgn" is a representatio n, o r model . of the software to be built. Its purpose is to enable
programmers to implement the requirements by desi g nating the projected parts of the implementation . It i a et
of document containi ng text and d iagrams to serve as the base o n which an application can be fully programmed.
A complete software design should be so explicit that a programmer could code the application from it without
the need for any other document Software des. g ns arc like the blueprints of a building that arc sufAcient for a
contractor to build the required budding. They can be understood in two parts: high · level desig n, often referred
to as ' software archite ture: which is ge nerall y indispensable, and all other design, referred to as "detailed
design ." It can be beneficial to make designs very deta iled, short of being actual code. Th. is becallse engineers
can exam ine a derailed design for defects and improvements prior to the creation of code rather than examining
THE GOALS OF SOFTWARE OESIGN 351
only Ih~ code The beneAts of a fully detaIled desIg n arc balanced agai nst the time: required to document and
maintain detail~d designs. For large elfo"s, level s in between high level and detailed desIgn may be identified
This chapter introduce the concepts, needs, and terminology of software design. It sets the stage for
the ~m.jning chapters in thIS pa" of the book, whic h include various co nc rete examples.
The first goal of a software design IS to be sufjimtll for atlsfying the requirements. U ually, software designs muSt
also anticipate changes in the requ irements, and so a se ond goal is jlrxibi/ily. Ano ther goal of software design IS
rohosllKSS: the ability of the pro duct to anticipate a broad variety of input. These and other goals are summarized in
Rgu~ 15.2.
These goals sometimes oppose o ne anot her. Fo r example , to make a de ign effiCIe nt il ma y be necessary
to combine modules in ways that limit Aexib di ty. In fac t, we trade off goals agai nst each other in ways that
depend on the project's priorities
A software design is sujlie;," 1 if it provi d es the compo ne nts for an Imple me nta tio n that satIsfies the
rcquirements . To assess such suffiCie ncy , o ne needs to be able to understand it. This fact is obvious, but it has
profound consequences. It can be d ifficult to create an understandable deSIg n for applications due to the large
number of optIons that are typically available . Open Office, for exa mple, is a ve ry comple x applicatio n when
viewed in complete detail. Yet Ope nOffke is simple when viewed a t a hI gh level, as consisting of a few
subapplications: word processing, spreadsheet, presentations, and database.
Modulnr;1y is thus a key to understandability . So ftware is modular when it is di VIded into separalely named
and addressable components. Modular software is muc h easier to understand than mo no lithic software, and
parts can be replaced without affecting othe r parts. It is easier to plan , develop, mod ify, document, and «-st .
\\:'hen software is modular you can more easily assign different people to work on differe nt part .
A design is a form of communication. In its most elementary form , it documents the res ult of a des igner's
thought process, and is used to communicate back to h imself thereafter when he needs to know wha t he
designed. Thi s IS fine if the designer is to be the o nl y person who has this need , but a projec t usuall y Involves
several people throughout its lifetime . If a design is not ulldm lolldnb/, fo r them, it IS of lim ited val ue, and the
project's health is at risk. Design implification , in particular, frequentl>' results in a better de ign .
Understandability is usuall y achieved by o rga nizing the design as a progression fro m a high level w ith a
manageable number of parts, then increasing the detail o n the parts.
A good software archItect and designer forms a clear mental mo de l o f h ow the appl icati on WIll work al
an ov"allievel , then develops a decomposi tion to match thI S mental mod e l. She firs t asks the key modularity
= Component
question such as: What Rve or six modules shou ld we usc to decompose a personal nnance applicatIon) What
four or five modul e neat ly encompass a word processi ng application ? After decIding this, she turn ' 0
decomposing the components , and so on. This process is sometimes ca ll ed "recursive design " because i,
repeats the design process o n design compone nts at successively fine scales. Software decomposition itsel f
involves consideration of cohrsioll and couplillg.
Cohesion within a module is the degree 10 which the module's elements belong toge,her. In other
words, " is a measure of how focused a module is . The idea is no' just 10 diVide softwa re into arbitrary partS
(i.e., modularity ), but 10 keep related issues in the same pa rt. Coupling descnbes ,he degree to which modules
communicate with ot her mo dules. The higher the degree of coupling, the h arder it i 10 understand and
change the system . To modularize effectively, we maximiz, cobtsion and 111illimizr coupling . Th is principle helps to
decompose complex tasks inlO simpler o nes.
Software engineering uses Unified Modeling u.nguage (UML) as a principal means of explaining
desi gn. Understanding softwa re design concepts by means of analogous physical artifacts is helpful to orne,
and we will employ this mean on occasion . Figure 15.3, for example , suggests coupling/coheSIon goals by
showing an architecture for a bridge, in w hich each of the six components has a great deal of coheSion and
where the coupling betwee n them is low. The parts of each bridge component belong together (e.g., the
co ncrete and the embedded metal reinforcing it )-this is high cohesion . On the oth er hand, each component
depends on just. few o,her components two or ,hree , in fact. This is low coupling .
The "Steel truss" III F,gure 15.4, on 'he o,her hand , shows many component dependIng on each other at
o ne place. We would question this high degree of coupling.
Component
High coupling X
fl&Ure 15.5 ASpects of flexibility: ways in which an application may be required to change
Low coupling and high cohesion are particularly important for software design because we rypica lly
need to modify applications on an ongoing basis. Compare the life cycle of a typical software application with
that of the bridge in Figure 15.3: the likelihood that the software will require mod ,Rcatlon is many time
greater. Low coupledlhigh cohesion architectures arc far easier to modify, since they tend to minimize the
effects of changes.
The number of top-level packages in an architecture should be small so that people can compre hend the
result. A range of "7 ± 2" is a useful gUideline , although specinc projects ca n vary greatly from tim range for
special reasons. As an example, OpenOfnce would be hard to understand if we decomposed it into 100 parts
instead of four as follows : "word processi ng, spreadsheet, presentations, and databa e." The mind has much
trouble thinking of 100 separate things at more or less the sa me time. The difference between small - and
large-scale projects (such as OpenOfnce) is the amount of nesting of modules or packages. Projects rypica ll y
decompose each top -level package into subpackages, these into subsubpackages, and so o n. The "7 ± 2"
guideline applies to each of these decompositions.
A design or implementation is robll" if it is able to handle miscellaneous and unusual conditions. These
include bad data , user error, programmer error, and e nviro nmental conditions. A design for the video sto re
application is robust if it deals with attempts to enter DVDs with wrong or inconsi tent information, or
customers who don't ex.ist or who have unusuall y long names, o r if it handles late rental situations of all kinds .
Robustness is an important consideration for applications that must handle commUnication .
The requirements of an application can change in many ways, and as a resu lt a design must bejl""blt to
accommodate these changes. Fi gure 15.5 illustrates ways in which an application may change.
A set of previously used drsi9" partm" is a useful resource for flexible designs. DeSign patterns are
discussed in Chapter 17. We design so t·hat parts of our own applications can be rr"ltd by others and ourselves _
Figure 15.6 lists the rypes of artifacts that often ca n be reused .
A an example of I." reli'>c, o n<ldcr the cI"" DVDRe" I./ that ""oclat.s the I)VD and Ih customer
ren ting it u h " cia s " rcu ~ab l e on ly in ano lhe r application d al"'/I with the renta l 01 DVD<. wl-"eh "
li mited. II. however. we deslg ll a R", III/ class dea li ng wit h the rental o f an fi rm to a (", IOmer, and If /JVDRaiID/
Inherit fro m R"' lli/. then we wou ld be abk to reuse the Rall. / portion fo r other app licat ions due to ItS
genera lity . Design patterns faci litate the reu •• of assembli es o f related classe, rather than Indi Vidua l ones
'.Jonnalio" /"di"9 IS a deSig n pri nCiple "' wh, h the interna ls of a modul e arc dcilbe ratciy nOI usable by
code that docs not need to know th e detai ls. T h iS i. suppo rted 10 o bJcc t, oflented languages by declanng a
publ ic Interface throug h which user code accesses the ob)ec" 01 a class Pnva te me thods and annbu te\ are
o nl y accessibl e to the objects of the class itse lf. Informatio n hidin g all ows the Internal s of a module to be
modl Rcd without the use rs of the modul e haV ing to change . It also reduces compleXity because the module
interface is R~cd and we ll deR ned; usi ng code need not be co ncerned With Internal detai ls.
Efficinl ry refers to the use of ava il able mac hlOe cycles and memory . We create deSign s and Impleme nta .
tions that are as fas t as reqUi red . and that make use 01· no mo re tha" the reqUired amount of RAM and disk
EfRd e nt desig ns a, e o fte n ach ieved in stages as fo ll o ws. Fi rst. a dcsig n is conce ived Witho ut regard te
dRcie ncy; efRcie ncy bottle necks arc then identiRed. and ~na ll y the a ngi nal desig n IS modi fi ed As an
example , consider the usc of maps o n the W eb. When the user browses a map and wants to move to an
adjace nt area. earl y algorithms required a separate page fetc h. Algorithms were introduced . ho wever. to
automaticall y fetch appropriate adjacent maps aft er th e init ial fe tch . im provi ng efRciency and. with it, the
user's experience . It is ideal if cfRciency is considered at th e t,mc of initia l desig n. however.
It is unrealistic to expect that a real ·wo rld applicatio n be 100 perce nt defec t· r-ree. An application is
...Iiabl, if it fall s within a predetermined standard of fault occurrence. Met rics make t hi S precISe. such as the
average time between failures. Reliabili ty is related to but diffe re nt fro m ro bu t ness. Robustness is mostly a
design issue because o ne must spec i~call y accommodate erro neous data in ad vance-accommodating it does
not happen by accident or experience. O n the o th er hand . reliabili ty is mostl y a process issue. requinng
thorough inspect ion and testing of arti facts. Desig n affec ts reli abil ity in that clean deS ig ns make It easier for
developers to produce error· free applicatio ns. H owever. a wide range of o th er fac tors make for reliabi lity.
because an applicario n can fail fo r a wi de va riety of reasons.
The architectural drawings o f an of~ce bUilding comprise th e fro nt eleva tio n, the si de elevation. the electrical
plan . the plumbing plan . and so o n. In o ther words. several diffe rent views are req uired to express a bUlldlng's
arch itecture. Similarly. several different views arc required to exp ress a software desig n. They are ca lled modds
Four important models are shown in Fi gure 15.7, and they are expl ai ned next. Several ideas here are
taken from the Un iRed Software Develo pment me thod o f Booch. Jacobson. and Rumbaugh. Figure 1-
includes an example fro m the Encounter video gam e case study to illustrate the four models and how the fi t
together.
The subseque nt sectio ns o f th is chapter elabo rate o n these mode ls so that they ca n be contra ted and
combined with each o ther. Subsequent chapters in th is parr of the book prOVide detailed examples of each
This section describes several levels o f use cases and related concepts. The " , ClISt ",odd conSIStS of the
follOWing four parts:
I. The ,,", i"61 " SC CQStS : a narrati ve fon11 . suitable fo r devcl opcr. to ·cu to mer commun i ation, descnblng the
required basic sequences of ac tio ns
INTEGRATING DESIGN MODELS 355
Target
Application
3. Their transfo rma tio n into "qu"'ctdiagrallls (covered in Chapter 16). which in rurn ca n be in twO successive
stages of re fi ne me nt:
(a) With informal functionality desc riptio ns, at first lacking all details
4. SCOtarios: instances of use cases th at contain specifics. and that can be used for testing. For example . a
scenario of the use case step
The usc case model e xpresses wha t the applicatio n is supposed to do. as suggested In FIgure 15.8.
Classes are the building blocks -mo re preCisely, the ty pes of budding blocks of deSIgns Cia . mo dels
consist of paekagts (a groupi ng of clas es ) that decompose Into smaller packages. and 0 on. whIch dccompo c
Into classes. and these, in turn . decompose primarily into met hods. Thl IS shown in Figure 15 .9. We cover
doso;cs in more detail in Chapter 16
BUlin•••
u•• c••• ------------ U.. ce..
~ ;
~;
~;
~
~
~
~;
~
~
~~
~
e laborated by _.
~~
~~
Sequence
dl.gram r------------1 Scenario.
I
Target
Class model
Application
..
Data flow model State model '
model , because the objects invo lved must belong 10 the classes III the class model. We discuss data flow
d,agrams in C hapter 16. Fi gure 15 . t 0 shows the parts of a data Aow model.
Sta te models reflec t react ions to eve nts. Events incl ude mOllse ac tions and c hanges in variable va lues. Events
arc no t described in class mo del s or component models, but they do occur in the state model. We in troduced
sta tes in Chapter 11 as o ne way to describe the requirements of an application . The states in that conte xl
describe the external behaVIOr of the application . The states we arc referring to here reAect the state of
I Package ~" ,,
Consists
of ...
Cla.s
Terget
Application
Target
Appllmlon
Target
Application
I States ~n------1
decompose
Substates
I
Into ...
I Transitions
I
Figure 15.11 The role of state mode ls in design
Sourt:e: Jacobson, rwr. "ObJect Or~nted SOftware Englneenng: A use case Driven Approach, " AOdrSOfl·Wesley, 1992.
elements in a software design . The role of stare mo del s is shown in F.gu re 15 . 11 . n,ey are described in more
detail in Chapter 16 .
15,3 FRAMEWORKS
As we have secn, the rruSt of compo ne nts is a major goa l in so ftware development . If an o rga nization ca n't
leverage its investments in the ski ll of it designers a nd programmers by usi ng their work severa l times over,
competitors who do so will be faster to market with superior produc ts. Th e parts of an application that are
particu lar to it and arc not reused arc often ca lled Its bus11ltsS log'c. Bus iness classes arc es ent.ally the doma.n
classes d.scussed In Chapter 12.
Where do we keep the lasses slated for reuse] H ow do we orgaOlze the m] Shou ld we build.n rela tlonsh.ps
among thesc classcs] Do they control the application or does the app ilca no n co ntro l lhem ] n , e computlOg
358 CHAPTER 15 PRINCIPLES OF SOFTWARE DE IGN
Aenloilioms Rontals
- -,
RenialCuslomer$
'-_. ..
- --.~-.- --- _...._ .. __ .R._~._
.- • '" • ---~
Figure 15.12 A framework for rental applications
community ha learned from experience that merely making a list of avadab le fun ctio nality docs nOI necessanly
result in reuse . We have learned . however, that arrangements like the Java AP I (co here nt se ts of classes) do
indeed lend themselves to highly successful reuse. The Java AP ls (3D, 20, SWing , etc.) arc Jramrworks .
A Jrm"rwork , sometimes ca lled a library, is a collection of software artifacts usable by several different
applications. These ani facts arc typically implemented as classes , together with the software reqUired to
utilize them . A framework is a kind of common denominator for a fami ly of applications. Progressive
development o rganizations designate selected classes as belonging to their framework . Typically. a
framework begins to emerge by the time a development o rganization develops its second to founh
application . As an example , consider the Renlal fra mework shown in Figure 15. 12 that our video store
application could use. This architecture divides th e clements into the items that can be rented (books, DVDs,
etc.), the people who can rent them , and the rental reco rds that associate members from the first two pans.
The individual classes in the fra mework will be suppl ied later. Frameworks like these are usually
obtained in a combin ed botto m·up and to p .down manner; boltom .up by examin ing the tructure of actual
application architectures such as the video store application, seeking more general forms; and top·down by
conceptualizing about the needs of a particular family of applications such as rentals.
Classes within a framework may be related. They may be abstract or co ncrete . Applications may use
them by means of inheritance, aggregation , o r dependency. Alternatively, as we wil l see below, a framework
may feel like a generic application that we customize by inserting our own pans.
Figure 15. 13 shows the relationship between framework classes, domain classes, and the remaining
design classes. The design for an application consists of ( I ) the domain classes (that are special to the
F•• hb.wortlcl•••••
,----------
I :
I I
I
I DMIgn cI8.... I
I
I I
application ), (2 ) some of the fram ewo rk classes (generall y speaki ng, no t all are needed ), and ( 3) the remaini ng
classes needed to co mplete th e design , w h ic h we are call ing simpl y "desig n" classes. The design classes consist
ofthose required fo r the architecture and th ose that are not. The latte r a re effectIve ly the detai l design classes,
requ ired to comple te the d esig n. These three co nstitute th e class mo d e l fo r th e application . All of the domain
classes are in the de ta iled d esig n because th ey are very specinc. The fra mework classes used are part of the
application's architecture.
The framework classe s used in th e desig n a re part of an a ppl icati o n's arc h itecture , as show n in the figu re.
The domain classes are usuall y part of th e d e ta iled d esig n si nce they arc speCific to the ap pl ication and are not
architectural in nature .
The IEEE So ftware D esig n Docum e n t (SO D ) sta ndard 10 16· 1998 provi des guid e lines for the documentation
of design. The table o f con ten ts is shown In Figu re 15. 14 . IEEE guideli ne explain how the SOD could be
organi zed fo r va n ous arc h itectural styles , most of w h ich are deSCribed above . The case study uses the IEEE
standard, WIth a few mo d ifica tio ns, to account fo r a n e mphas is o n th e o bject·on ented perspective As show n
In F'gu re 15 14, Sections I t hrough 5 ca n be co n id ered software arc h itecture , and Secllo n 6 ca n be
15.5 SUMMARY
Softwa re desig n 's a mo d el of the ,ntended oftware appllca " on , as spc , Aed by its req uire me nts A software
design is analogous to the b luepri nts of a house.
Good software designs should ex h,b,t the fo llowing c haracteri tI d; , u nders tandab diry, modu lar·
,ty, high cohesion , low coupl, n!!, robust ness, flcX lb d,ty, reu,abi l, ty, ",forma tio n I" di ng, err, ,en y , and re habll l!}',
Whe n expreSSI ng a software dcs l!!n, ill S he lpfu l to use evera l d iffe re nt conne ted VICW , or mo dels
use .. se model de nbes what the app hcatlon I< ,ntended to do from the po,nt of view of th ~ 11 er _ eql1en e
360 CHAPTeR 15 PRINCIPLES OF SOFTWARE DESIGN
d,agra m< arc de ri ved fro m u\e a es and de< rlbe ubJecl' and the <cq ue nce o f ",e th ud.. ca ll , between them
la,s model s arc a stati re l)rc<e ntall o n of the la,se, o f the de,,!! n and th e reia li o nslll p between them A data
tlo w model show, spcClRc o bjc t, and the types of data fl o wing be tween them A Sla tC mo del sh()w< deSIgn
cleme nts and th " " reactio n to events.
Fra mewo rk arc collec tio ns o f reusable software that Impleme nts a !!enc ral so lutio n to a uene ral
problem. For exampl e, C Ul s arc ohen des is ned via fra mewo rks .0 that new app lica ti o ns do no t have to
rewrite code to implement a C U I. T hey ca n instead leverage the eXIsting C UI code and just add the" Own
• •
<.:ustom tzal Ion.
1S.6 EXERCISES
I . Write a pa ragrap h deSCri bi ng what a "so hwa re de ig n" is, and why it IS impo rtant .
2. In YOllr o wn wo rds, defi ne th e goals of software desig n and ex plai n why each goal is important.
3. In yo ur own wo rds, de Ane the fo ll OWin g term s; nl odufnrily , coh" io" , and coupli"g. Why is each a
desirable property of software designs7
4. Ca n a design be cohesive and exhibit a high degree of coupling7 Explain your answer and provi de
an exam ple .
5. H ow might coupl ing and reusability be relatcd7 H o w might cohesion and re usabi lity be related7
Explain your answer and provide o ne example fo r each .
6. In your own wo rds, expla in what is meant by robus/II"' . Belo w is code fo r a meth od dioid,(). Make
the method mo re ro bust in at least two ways.
7. U si ng the Internet, research o ne of the many Java API framewo rks (e .g., Sw ing, JMF, 20 , 3D ) In a
few paragraphs, describe the design of the framework and how it accommodates re u e.
8. Provide a modulari za tion fo r an appl icatio n that advises clients o n stock picks, and enables them to
tra nsfer funds am o ng vari ous stocks and savi ngs accounts. Expl ai n yo ur solu tio n. Hi" k One
reasonabl e solutio n employs fo ur packages.
Language
088lgn
Figure 16.1 The context and learning goals for UliS chapter
Reca ll that a "software des,gn" I a reprc<cntat lo n. o r model , of th~ >olrw.re to be budt For many yea"
SOftware engineer rel.cd on a mi<cellany of >omewhalllnrc ialeci graphica l mca n for gc u",J.C acro" the pOint
of thcor designs Their prln Ipal mcans were data now diagrams, lIow har", and wa s to p'CILIre Ihe locallon
of phY\Jca l nics These wcr never vcry all,fac lory W,lh the adve nl and ""de accep lan c of obJect-onented
methods , leader"> In the \o ftwar{' engineerin g communlly begJn to poo l :lnd rd i1tc th eir ,dcJ\ for notJtlon Jnci
gra phical reprc ~c nt a tl o n of oftwa re deS ign, la<"" , lor exa mple , now needcd I" he rq I'l'<cnted "' de',!,!"
ftgures The Unlr,ed Modelln/! un!;lIa;:e (UM!.) " I!'" re",lt
In thl> chapter we ,"troelu e the UML, wh, h " now a Widely accepted , IM~ d y w.p h,Lal nOta lion lUI
CXpr SS ln!! "bJect.onentcd de"w" The lI t- IL standard" nu n'J.;cd by the nonproil l bleL t i\lanagcmcnt
362 CHAPTER i6 THE UNiFiED MODELING LANGUAGE
Croup consortium of compa nies (www.o mg .org ), and ta kes hundreds of pages 10 formally specify. As a result,
UML tends to be incl usive (some say too muc h so), incorporating da ta flow and , in effect , flowcharts; but It
contains much more that we do not have s pace in this book to include . The part> that we do cover, however
are adequate for m ost of o ur needs . UML is an excell ent ste p in the direction of imp roving software
engi neering, but wi ll probably be improved upo n as the d isc ipltne evolves.
The c hapter describes class relatio nships in UML, includin g inherita nce (Class Models, Section t 6.2 ) a
wa y to represent control among fu nc tio ns (Seque nce Diagrams, Sectio n 16 .5 ), diagrams of state , events, and
transitions (Section 16.6), its moderni zatio n o f fl ow c harts (Ac tiv ity Diagrams , Sec tion 16 .7 ), a nd finally data
flow diagrams (Sectio n 16 .8 ). Section 16 .9 shows an exampl e that combines these.
Classes in UML are represented by rectangles o ntain ing the class name at a minimum . The detailed version
includes attribute and operatio n names, signii Nres, visibility, return types, and so o n. Figure 16.2 shows a clas from
the detailed design of an application that controls the Aow in a chip man ufactu nn g plant of canisters holding wafers
Not all of the attributes need be specified in the class model. Wle show as much detai l as nceded, neither more
nor less. Showing more deta il clutters a diagram and can make It h arde r to understand. Some required attributes
may be left 10 the discretio n of the implementers. It is also commo n to o m it accessor hrnctions from class model
(e .g ., gelSiu() and sctSize()) si nce these can be inferred from the pre ence of the corresponding attributes (,m).
As an example of a class , co nsi de r an application tha t as ists the u er in drawing a Simple figure of a
person using geo metric shapes. We'd probably want a Rectangle class for this with attributes such as 'm9th and
h".dlh. Since the app licatio n is supposed to be smart, we'd want it to use the concept of a foot (e.g., to kno'"
where feet bel o ng), so we'd probably want a Foot class. By int rodUC ing these c1asse , we arc improVing the
cohesion of related parts, such as the attributes of a foot , the understandability of the dl" Ign , and ,ts
mo dularity . W e are also hiding information until it's needed . Thi example will be explored a \~e go through
this c hapter, and will be described as a whole in cetion 169
This sectio n discusses the way In whIch UML collec t< cla«es and such In packages It .lso inllod" es
rel.tionships call ed associations.
CLASS RELAnONSHIPS IN UMl 363
pllClulge of classes
-
myPackage -"
.. - class MyFIrstClass ( ... )
mySubPackage .
'w,, _
•
-• package myPackage.mySubPackage;
1
MyClass
I· .- ....,_ . . _.. class MyClass ( ... )
subpackage
/
- hidden- MyFlrslClass
-'
./
• public package
myPackage;
Bcccess/blllty of classes class MySecondClass ( .. .
from outside package )
-'--- -, ~
/
IC visible » MySecondClass
16.2.1 packages
The U nified Modeling La nguage uses the te rm Pllckng, for collecting desig n elements suc h as classes. UML
packages can contain subpac ka ges , or an y material s associated with an applicatio n, Includ ing source code,
designs, documentati o n , and so o n. Figure 16.3 shows the UML nota ti o n for packages a nd sub packages.
Classes within a package can be speCified as access ible o r as inaccessi ble fro m code external to the package.
"Package" also happens to be the nam e of collectio ns of Java classes. Java packages trans late into file
directories; thei r subpac kages decompose into subd irectories, and so o n. The Java implementation of this is
shown in Figure 16.3.
16.2.2 Associations
Attri butes arc o ne way of sh owi ng the properties of a class, and arc ge nerall y used to de no te si mple types such
as integers o r Boolean s. Msocia lioll is an additi o nal method of indi ca tin g clas properties, and is commonly
used to denote that objects of two classes de pend on each other in a strucnlra l way . ASSOCIations are drawn
with a solid line belween two classes. We ca n a nnota le th e relati o nsh ip, which may be o ne- o r two·way . Two-
way associa tions are problematical because we nee d to be sure lhat bo th e nds of the implied info rmat io n are
kept consistent. This is illus trated in Figu re 164 .
Consider a n application that a Sl tS the use r In drawin g a Sim ple fig ure of a person . We ma y want a
FooISb.", class if the sh ape of a foo t needs to be described (promoting the "sufflclc ncy" of the design ). There
wouJd be an association between FoorShap, a nd FOOl , indicat ing coupl ing be tween the two Th is example i
described as a whole in eClio n 16 9
364 CHAPTER 16 niE UNIFIED MODEUNG LANGUAGE
Employer
•
employs
IS
~
employed by
,---il Employee
class Employer
(
Employee! J employees;
• • • • •
class Employee
(
Employer! J employers;
• • • • •
)
16.3 MULTIPLICITY
The ends of an association line can be annotated wirh "lI/hipliClty, which describes the numerical relationship.
or the number of instances, of each class. For example , consi der the Employ"IEmploy" relationship as shown in
Employ" indicates that each insta nce (object) of an Employ« can be assoCiated
Fi gure 165. The "1..3" next to
w ith 1-3 Instances of an Employ". Conversely , the " I. .• " next to E"p/oy" mean that each instance of an
I
Employer can be associated with a minimum of one Employtr (with no maximum ), In ocher words, the
multiplicity next to a class indicates how many instances of th;n class are associated with one instance of the
class at the other end of the association line. A single value ca n be used to indicate an exact number of objects,
If a multiplicity is not present neXl to a class, the assumed value is I . This is also illustrated in Figure 16.5 ,
which shows that one Employee IS associated with exactly one PcnoPlalInfo instance , and vice versa.
16.4 INHERITANCE
In UML, illbmlancc desCribes a relationship between classes in ..... hich o ne class assumes the attributes and
operations 01 another It is often thought of as an "is·a" rdation ship. Forcxamplc, since an
Employ" "i.-;," Pm"" ,
we can express their relationship with inheritance by saying thal an Employee inherits from a Person . U"I,L
,
Personallnfo
MyPack8ge
package MyPackage:
abstract I MyAbstractClass . . . .
MyAbslraclClass package MyPackage:
class MyDerivedClass MyAbstractClass
---I-~-
Inheritance
r l---. int atl;
• • • • •
}
MyDerivedClass
an: Int - - attrllwte
Lm2yF:..u:::n.::c:.:ti::o:.:n~()_....::.°cperatlon ""':::===:::'_-"'/
indicates inheritance with an open rriangle. We refer to the class being Inherited from (e.g . PmoH ) as a basc
class, the class dOing the inheriting (e.g .• Em ployu ) is a d"ivd class.
Figure 16.6 shows an example of a package consistin g of two class. ; MyAhstractClass and MyOmv,dCla ss .
with MyO,rivcdClass inheriting from MyAh,tractClass .
Abstract classtS-that is, those classes that ca nnot be instantiated into objects are denoted with ital ic . [H !!ifacts
are collections of method prototypes (name, parameter ty pes. retum types, and exceptions thrown ) Classes rraliu
interfaces by implementing the methods that the interface promises. The UML notatio n IS shown 111 Figure 16.7
It is customary to arrange class models 0 that base classes are physicall y above derived cia se
H oweverl this positioning is not necessary in any technical sense .
on<lder ag' ln Ihe app lica ti o n ,h., ass; ts Ihe user In d raw ing a simple r,gurc of a pcr<on Si nce il deals
wllh ""nou geo metric shapes. we may intro du ce a Gromr/nc5l,.pr class from wh ich Rr I(/nglr and ,uch In henl.
Th" save us fro m havi ng 10 rcpea l cod e commo n 10 Rr Ilmglc, G,elr , rna"glc, and so on , lhe reby promoti ng
modu larity , fleXi bility, and reusability in the deSig n. This exam ple i desc ribed as a w ho le in Secti o n 169.
16.4.1 Aggregation
Aggrr9alion IS a type of a soci al ion Ih al can be Iho ug hl of as a w ho le- part re lalio nshi p . It IS d e no led wi th an
ope n diam ond nexl 10 th e aggregat o r (wh o le ). Agg regalio n ind icates Ih e Slruc lU ra l Inclusio n of objects of
o ne cl ass by ano th er, and is usuall y imple me nted by mea ns of a cl ass (w ho le ) ha vi ng a n attribule whose
type is the Incilided class (part). Agg rega tio n is sho wn in Fig ure 16.8, w llh bo th Company and Employ-
"Dirrclory each co nsi der<d a "wh o le ," and eac h consisling of mull iple Employ"" th e "paris." Th e label "emp·
next 10 th e di amo nd d e no tes th e refe ren ce In Compa"y and Employ" 10 Ih e agg regate d Employ". The usc of
aggrega tion Im plies Ihal if a parli cular Em ploy" is bo th a pari of the Co mpa"y and parI o f the Employ-
"D" " ,ory, Ihen the IWO agg re ga lors "share" Ihe Empl oyee instance th aI is part of both . That is, if "Jane
Doc IS an Employ". the n o ne instance of her Employ« re cord IS c rea led . a nd bo th Compa ny and
EmployeeD " eclory refe rence that insta nce .
Rcrurn ing to th e applicat ion that assists the user in drawing a si mple figure o f a person, the associ ation
belween Fool and FoolSbapr probabl y turns OUI. mo re specificall y. 10 be an aggregatio n of FootShapt by FOOl. I
T h iS exa mple is descri bed as a who le in Sec ti o n 16.9
t
16.4.2 Composition
Compo' i/ion is a stro nge r fo rm of aggregati o n in wh ic h th e aggregated o bjecl exists o nl y duri ng the lifetim e
(and fo r the benefi t o f) th e composi ng object-n o o lher o bject may refe rence it. T he composed obJecl is I
created and destroyed whe neve r Ihe composi ng objecl is creal ed and de<tToyed. Compositi o n impl ies that I
the composed in ta nce is nOI shared. Fo r example , Figure 16.9 shows Ihat Employtt inslances are struc turall y I
pa rt of Compa"y and Em p/oyaDirtclory. Fo r any give n emp loyee suc h as "Jane D oc ," a separate instance of her
Employee o bject is crealed as pa rt of Comp""y and Emp/oyaDirtclory.
Company aggreglltlon
att: int
emp
-- -- • Employee
my Function()
----
1: ---- '\
•
aggreglltlon
"- --- ---
f.-.. /
~- -
dB'S
dass Company /\ amp
{ EmployeeDtr. "tory
Elhpk,yse amp; {
in! 811; Employee amp;
101 a1l; EmploveeOlrectory
•
,
• • • •
• • • • •
)
) att: int
/ " myFunctionO
1
INHERITANCE 367
Company composition
att: int Employee
, ,,
myFunctionO , ,
, ,
, , •
, ,
, ,
composition
~
/
/ emp
/
/ "
dass Company
{ class EmployeeDirectory EmployeeDirectory
class Employee emp: { att: int
{ ...
} class Employee emp:
(. . .) myFunctionO
• • • • •
} • • • • •
}
/
/
/
/
"
Figure 16.9 UML representation of composition and Java implementation
16.4.3 Dependency
Drp",d",'Y, denoted with a d o tted line arrow, means t hat o ne class depends upon another In the sense that if
the class at arrow's end were to chan ge. then thi s would affect the dependent class Stnctly speaking,
dependency Includes association, aggregation . co mpositio n , and inheritance. However, these relati o nships
have their own notati o n , and we usuall y reserve dependen cy to indi cate that a metho d of o ne class utilizes
another class, and to relate packages. Thi s is shown in Figure 16. 10.
f-------"";"
myFunctionO •
dependence
(reference to s class)
cl... MyDependentClass
(
• • • • •
void myFunctionl( MyAelerencedClass r)
( • •• ) •
I _ _ _ . _ _ __
I
paramete,
Figure 16.10 UML reprcsentatlon and Java Implementation of dependence (excluding Inheritance and aggregation)
368 CHAPTER 16 THE UNIFIED MODEUNG lANGUAGE
CustomerMailAppllcatlon
goneraleMaliO customer 1 CuSfomor
getCuslomerTypeFromUser() eleateMallO
malnO
r ,,_
I ... - - _
I
I ',--
,
,
--- - - ---
I
I "" --- ---
I
DelinguentCustomer
""
MountalnCuslomer
--
RegularCu stomer
createMailO crealeMaliO creat.Mail()
Cus1omerMailApplication
generateMaliO customer 1 Customer
getCuslomerTypeFromUserO eleateMa/tO
malnO
Figure 16.1 1 Exa mple of a class diagram (class model) for a customer mall application
Class diagrams help us to vi,ualize the des'gn of applicatio ns. They describe the ty lX"S of objects in the application,
thm amibutes and ope"'tions, and the sta tic rciatio nsh ips between them I l l. Co nSIder an applica tio n produCIng e·
mail text fo r various kinds of customers. A possi ble UML class diagram IS show n in Figure 16. 1 1. It says that the class
( uslommvlmlApp"Ca llo" has a variable named customer, which is of type Customer. Since ( £Islam" is abstract, the custom"
va nablc IS either a DclmqunltCuslomrr, MOttntainCU51omcr, or RtgularCuslom« When nUlomcr.ma frMnil() is called, o ne of
the three versions of crwfll\1ailO is called, depending o n the class that cu, 'omer belongs 10.
The stre ng th of class diagr.m s is that they help us to envisage th e buildtns blocks of an application .
Note , howeve r, that they do no t indicate the way in which the appli cari o n execu tes. In the C usto me r Mail
Appl ica tion class model , fo r exa mple, there is no way to tell w hat me th od execu tes after mai.t(). Sequence
dtagrams, d iscussed in Sectio n 16.5, prov,de this capabi lity .
An object diagram shows objec ts and th ei r relat ionships. A n objec t is a particular realization of a class , so
object models arc dCTlved from class model s There .re many possi ble o bject model s deriving from a class
model. Fo r example, let's retum to th e class mode l in Figure 16.4 . Figure 16 . 12 ho ws o ne objec t mo del that
derives from it . Wh c:: rc::as class models are compile -time rel atio nships, object model s are us ua ll y runtime:
relationships. Figu re 16. 12 shows that the o bject njaxCorp Co,"pa"y employ th e objects ,"c,Employ« .nd joe,
Employ« It .Iso sh ows that the o b ject ahcCorp·Compa"y employs th e objec t Joc.Em ploy«.
Use cases arc a good complement to classes because they de fi ne steps through wh,ch a use r and an ap pltcation
transi tion . To use them i n design, however. we refine them into a more:: technical fann So that class and
methods that enable them can be ident,fied. In .ddition , there arc many «que nce of 'C(,on ' th.t applications
SEQUENCE DIAGRAMS 369
Class Model
sue:Employee
ajaxCorp:Employer
jjOe:Employee
abcCorp:Employer
Figure 16.12 Example of a class model and a particular object model in UML derived from it
need to be designed for but are not use cases. The number of possible sequences o( (unction ca ll s even
common ones-is very large, whereas the number of use cases is kept relativel y small (4- 20 (or small jobs and
at most hundreds for extremely large ones). Sequence diagrams are graphical represe ntati o ns o( control Aow,
and are particularly useful for describing executions that involve several object" as found tn the sce nario of a u e
case. Sequence diagrams rcquire us to think tn terms of objects and funct io ns. The lifctime of each object
involved is shown as a solid vertical line, with the name of the object and ItS class al Ihe top . Each tnl eraclio n
between objects is shown by means o( a horizontal arrow from the objecl initiatJng Ihe service to Ihe objecl
sup.plying the servicc. As an example we develop a sequence diagram (or Ihe Ch"k 0 141 use ca e for Ihe video
store appl ication. Figure 16. 13 shows a beginning sequence diagram (or Ihe usc case.
Note 2
Originates 'rom use case: NOle 1
Clerk :MainScreen :BarCodeReader 1. User swipes bar code
order
2. Applicalion prompls
doCheckoul0 for rental duration
3. User enters duration ...
:Checkoul0ptionDisplay
readO
Step 1 01 use case I
NOle 3 I
I
:Checkout I
, I
I I
Step 2 01 InltlaleO I
usecas8 ShowO I
•
Note 4
flcure 16.13 Beginning of a sequence diagram for Check Out use case In Video store design
I
370 CHAPTER 16 THE UNIFIED MODEUNG LANGUAGE
The (01l0w\I'8 no te explain the cOlTCspol1ding (ca tllrcs o ( the d,a grn rn '
Note 3· cqllc ncc diagrams sho w the initia ti on and execution or il sequence or functions. The
obj ec t at th e be gi nning of each arrow {t1 ilra lC5 work , the objec t a l [h e en d of the arro w ca m(s Old the
wo rk 0 1 th e me th o d Ind icated . Eac h clo ogated recta ng le den o tes the execu tio n of a meth o d o (
the ccrrc~ pondlOg o bject
In o ur Ch,ek Q", seq uence diagra m, the clerk initiates the seco nd (un c tion by swipin g the bar code
reader over the VIdeo. \Vle then determ ine w ho o r what should execu te th e respo nd ing function . Since a
bar code reader recognizes a swipe, we may decide that a Bar od,Rtadcr o bject would be approp riate (or
d ealing With actions relat ing to the ph ys ical re ader, and th at th e requ ired fun ction o( Ba,Cod,R,adcr will be
nam ed "adO. There will be o nl y one BarCodcRcadcr objec t (or the entire application, so the no tat io n
",BarCodcRcadcr" to rep rese nt th is o bject is su(RcierH . There is no need to nome a BarCod,R,adcr object; we
ma y deCide la te r to make the "adO method o( 13a,Cod,R,adrr static, in whic h case no actua l BarCod,R,adrr
object would be invo lved
Note 4· We can ca pture the c h eckout process with a Grekoul class. The BarCoJ,Rcadrr o bject then
c reates a Grekoul o bject. We h ave used a fac tory meth od iHiliat' O here to create and initia lize the
1.
I :Checkoul II :Account I I
2. t inlliateO
2.2 ereateO
2.3 showO
3. setDuralionO
move
I U
Chtcko"t object. The method j"jtlat'() then creates a display for choosing checkout optio ns and
shows it on the co nsole . A comple le sequence diagram for the usc case is given "' Figure 16 t 4.
In the previous sequence diagrams, the solid arrow head indica te s)"I(I](ollo"s method ca ll s, meaning that
the caller receives control back when an operation is comple[c. Sequence diagra ms show aSYJlcbrollous
messages using either stick arrow heads o r half·arrows. An asynchronous message means that the caller does
not wait for an opera ti o n to complete. InSlead, control returns immediatd y back to the caller and th e result . if
any, is processed at a later time. The called method executes in a separate thread, either by spaw r.ing a new
thread or executing wi!hin an existing thread. The elongated recta ngle at the end of the arrow represents a
thread that executes in parallel. As an example , we migh t want the game characters of Encounter to move
independently from area to area during the action . This is shown in Figure 16. 15 with both a PlayrrClJaractrr
and ForrigilCharactrr runn ing in epa rate threads .
Figures 16. 16 and 16. 17 summarize the steps needed to create a sequence diagram .
When the initia to r is the user, a simple label at the to p suffkes, rather than a rectangle. Note that the
object responsi ble for executing the method named o n the arrow is at the O ld (no t the begin ning ) of the arrow.
:M Class
• name thO ob;oct, if posSJb&e "
3. II not the user. draw a rectangle to represent
Ihls Initiating object at lelt toP .. ........ .. .. , •
•
We intro du ced th e co ncepr of state and transi tion s In C hapte r 11 as a way lO some times express
requi reme nts A slale diagram shows the states of the objects of a class , the eve nts to which th e object arc
sensitive , and the resultin g transitio ns between rhem , State di ag ram s are also kn o wn as sfa lc-Iransihou
diagrams o r Slllftcharts .
In UML. sub>!ates of a statc arc Impl y show n as nested rounded rectangles. Figure 16. 18 sho ws the states and
su bstatcs th at ma y be present '" an O. /i",Shopprr class. It shows that while a sho ppe r is c hecking out , she can
be having her c redit valida ted .
The stall" 1l1complclt indIcates tha t the shopper has signaled a readiness to check out but has not yet subm itted
credIt card info nmation. The black dot and arrow ind icate that O"/"" S/JOpp,, objects are initiall y In the Browsi.9 statc.
16.6.2 Events
In the context of state models, an wrnl is somethin g whose occurrence affects o bjects of the c1uss in question,
Exa mples of eve nts arc a butto n click o n a Bultoll o bject or (], chJnge in the value of an o bject's variable.
Browsing ( ltemsChosen )
CheckingOut
( IncomPlete )
( CreditUnderValidation )
[ CreditDonied 1 [ Complete 1
{credit card
~ data
Incomplete]
{credit card
Incomplete I- Hit Sub;'it _ __ data .. ( CreditUnderValidation )
bunon
complete]
Figure 16.19 Conditions on events in UML and the resulting difference in transitions
16.6.3 Transitions
An event may cause an object to !rtmSlrio" from its current state to another state We denote a tran si ti on with an
arrow, labeled with the name of the event causmg the transi ti o n. Fo r example. when a S/'opptr o bject In IH complcie
state subm its valid credit card informati o n, It transi tions from IH comple'e state to C"d,tU"d"lIalidatio" state
Sometimes, when an obj ect is in a gi ven stJte and an event occu rs, th e object can transition to one or
several states, depending on a co"diho" . For example, when a sho pper submits credit card Informallon (by
clicking the mouse or hirtlOg r"t" ), the resulting tran sit io n depends o n whether o r not the d ata are compl ete.
As shown in Figure, 6. ' 9, conditions arc deno ted by square bracke ts In UML.
A complete state · transition dia g ram fo r the O"li",Shoppcr is sh o wn in Figure' 6.20 When the Shopptr o bject
enters the ChcckingOut state, It automatically en ters the substate Incomplete (mo re preCisely, Ch, kingOul.
IH compl"c).
select item
put back
last item
(credit card
Browsing _ _ _ select item - - ltemsChosen data
When an oppllcalion IS displaying a CUI , o ne can think 0(" as being in a particular statc Mouse or keyboard
OCtion- arc romls thot affect this state. Although we ma y well want to define , totes that do not correspond to
CUls, and vice versa , , State-CU I correspondence ca n bc made (or many appi<callons
Flowcharts arc among thc oldest graphica l met hod (or depicting the Aow o( co ntro l o( algorithm' The UML
uses an extended fo nn of Aowchart called Activity Diagram s. The no tali o n (or activity diagrams is shown In
Figure 16.21 . This example includes parallelism, shOWing the aClivitles Do" Ta,k and Do AMol/", Ta ,k operating
in parallel. Control is no t passed to Do fum Mort until both have completed.
Figure 16.22 containS an activity diagram (or a sclNaln'O method , showing the most commonly used
Am.chart constructs; decisions (diamo nds ) and proces es (ovals).
The fo llowing example shows on act ivi ty diag ram involVinG two classes . It describes the backward
chaiOlng algonthm (or expert systems , and illustrates how Aowcharting can be helpful in exp laining
complex algorithms. Experl ,y,',m,
arc usua ll y based on knowledge In the (arm of rules. which take the
(orm
tltltcrtdmt AND QulcccdrJ11 AND . .. AND (wtcccdrtl l ~ cO lI scq utHf
0 0 Something
00 Something More
00 Even More
Parameter
Output notification to console else name 100 long
.
• a list of rules such as A..R=:-L,
- AkB=:-C,
- and B.. C=:- -R
det<rm ines whether or not a given fact, such as L, can be deduced . The an,,"or is "ye " fo r tim example,
because
A(kll oum )&B(kn oum ) =:> C.
B(kIl OWII )& vu,1drdu crd) =:> R;
A(kllowlI )&R vu,' drducrd) =:- L.
We will store the current list o f known facts as a static Vrclor of Fa I ea llcd jacILi" , ond Ihe ),st of known
rules as a static Veclor of Ruf, called ",frllasr . We wi ll simplify the elup of these lists by hard coding the
example given above In the Facl and Rulr cla« es. T il i, Is hown in Figure 16.23.
O ur emphaSis IS o n the harder part · the "backcha ining" algorithm provrBack() fo r establishing whether o r
not a given fact, wh ic h we Will name sou9/' IFacl, call be deduced from the given facts and rules A 1I0wch,rt '"
thiS algorirhm is shown In Figure 16 24
Th is aCll vlty d' .lI'am he lp< to Si mplify an o d, erw lse complex algofl th m. An in pc tlo n 01the ,el1 " ""
diallram mlg hl un ove r th e fa t lh . I " fads to tenTI ln.tc If Ihere " a "u lar haln In the ru le b.'1: su h a<
X =:> Y and Y ~ X
376 CHAPTER 16 THE UNIFIED MODElING LANGUAGE
~
Facl consequent
Rule
1
conlent addRule()
addFaclO proveAnlecedenls()
l..n antecedents
proveBackO lorwardChaJnO
I
--------------------- )
I
I
Facl I Rule
I else
I
I
I
in lactUst I
I
I Another rule R exists with
I sough/Fact as its consequent else
I
I
I
I
I Apply
I Report FALSE
I R,prDveAnlecedents() •
I
I
I
I proof succeeded else
I
,--_ _--, I • Prove that every
RepMTRUE : antecedent fact is true
•
Figure 16,2 4 Activity for soughlFact.proveBackO involving two classes
D.ta Aow models wer< intToduced in Ch.pter II when we discussed requirements, Rec.llth.t they consi t of
aclia", . each of which takes place at a "odt . The UML not.t,on for thIs is exemplofied in Figure 1625. Each
node ha s Input and ourput pi"s indicating the corresponding data type . Data stores are shown with rectangles
and a data"o", stereotype,
A DESIGN EXAMPLE WITH UML 377
Ship
part
order
Parts lisl Parts lisl
Part order Process
part
Price lisl
order
Credil
card Charge
dala Charge amount
credit
card
.. datastore ..
Charge amount
As an example that illustrates several parts of the UML notatio n in this chapter, consider a graphics studio
specializing in drawing stick peop le. A CUI for this is dlustratcd in Figure 16 .26.
We will focus only on the "foot" requirements. Certainly, there is a need for Rtela"gl, and Elll psr clas os.
The first question is whether we need a Fool class. When we drag a rectangle near the end of a leg, the
application has to know that we want it to be placed at the end o f that leg In a standard positio n. Althoug h it
may well be possible to do this without the application ·'knowlI1!;·' about leg- and fee t, it IS muc h c'asier to
0
0 Drag to vicinity to
0 auto-complete
o (Rest to be specified)
Ellipse Rectangle
Fool
Figure 16.27 Bad attempt at class model for "A foot Is either an ellipse of a rectangle"
Foot Rectangle
""
El hpse Fool RectangleFool
Figure 16.28 Better attempt al class model for "A foot is either an ellipse of a rec1angle"
cany out if Ltg and Fool classes arc used . (For exa mple , a lLg object would aggregate a Fool object). The next
quesllon IS h ow to re late the classes FOOl, R,clnngl" and EII, plt. Co nside r the pOSSIbility sh ow n in F,gure 16.27.
n, is class model says that a Fool object is bot h an e llipse and a rectangle, which is not co rrec t. A berter
optio n is th e class model in Figure 16.28 .
This mod el is at least not incorrect as the firs t anempt was . It IS a little clumsy , however, in that it
prohferates classes (ElIip,tFoot, Rtclangl,Fool, elc.). Th is is nol te nab le (do we need RtaClaJlg/,Ear, elc.I) . It also
uses multiple inherita nce, whic h is problematical In general, and not available In Java . Now consider the
option shown in F,gure 16.29.
This is a reasonable solution excep t fo r o ne very awkward ISSUC : it makes every ElIips( in our application a
kind of FoolSbape, a nd likewise fo r every Reelallg/,. For o ne thin S, thi s cenalnl y lim its the reusab ihty of the
Ellipst class. For anot her, It is rather strange to Ihink of ellipses as FoolShapes in any case. Finally, if we continue
with thi s, Ellipst ma y also have to be a HnJldShnpe objec t etc. One way to deal WIth t hese problems i fo r
FoolShape to depend only "lightl y· on Elliplt and Reclangle as sh own In Figure 16. 30.
Foot FootShape
...-..•. /'
". ,
.' "
....v ",
..... . .~
I
Ellipse .-
.'
'" Reclangle
./ "
'.
Figure 16.29 Another atremp, at class model for "A foot Is either an ellipse of a rec1angle"
FootShape
Foot
I drawAsE llipseO
drawO
drawAsRectangle(h
I
,I \
\
Ellipse Rectangle
draw() drawo
Figure 16.30 Best atteillpt so far at class model for "A foot Is either an ellipse of a rectangle"
A DESIGN EXAMPLE WITH UMl 379
Area
~------------- - - - - - - - GeometricFigure
releaseCursorO
,, "- , - , leg
~~
,,
,,
,,
,, ~ ~
/
~
FoolShape
Fool
drawAsEilipseO
draw()
,, drawAsReclangleO
, ....
....-~ -- -- -- - /
/ ' "-
....
-- ---
/ ....
........ .... .... . . ..
Ellipse --
- --
---
-----------
/
p OSition
,-:
/
'~-.., "
- - - - - - - - -....
Reclangle
drawO drawO
Figure 16.31 A class model showing all dependenc ies in drawing application class model
This class model shows that the restrictions o n the shape of Fool objects are rentcted in the methods of
FooIShap, . They reference only Ellips< and Rtclallg/, at this point , but can readily be augmented to accept other
geometric shapes. We can no w fill in more detai ls, as shown in Figure 16.31 .
The Area's rt/,as,(ursorO method handles the auto-placement (at th e end of legs in the cases shown ),
and this information is passed along to the anatomical object (Fool in th is case ); olherwise the drau10
of Ellip s, and Rtclallg/, are used to do actual drawing . The class Posilion could be avoided . It contain the
x- and y -coordinates. For example, drawAsEllips,(Posilioll oPosilioll) in FoolShap, cou ld have the following
form .
Showing a ll of the dependencies in a class model can make for a complicated diagram , and for this
reason dependencies are often omitted. (This i< perhaps like swee ping thinSs under th e rug l) The sequence
diagram in Figure 16,32 specifics how the classes and methods work together, and show< details aboUl
parameters
The sequen e diagram speclAcs that when a geometric Agu re IS dragged to an area and the cursor It
released , the "ttllS' u" orO method of Arm execu tes with Ihe C,om,'n',Fig"rr as parameter The At,a Obll'Ct
deduces which anatomical obje t IS Involved (Fool in thiS case), <0 It ca lls upon that obie t to dra, ",elf, It als o
knows whar gcometn form IS required
380 CHAPTER 16 "!'HE UNIFIED MODEUNG LANGUAGE
I
-----+.,.,
releaseCursor
( GeomelncFigure
draw
I
aGeomelncFigure)
I
( Leg .Leg,
GeometrlcFlgure
drawAsEllipse'
I
aGeomelrlcFigure) ( PositIon aPosition)
draw( aPosihon)
I
, or drawAsRectangle() ...
16.10 SUMMARY
The Unified Mo deling Language (UML ) is a widely accepted graphi cal nolation for expressing object -
oriented designs. UML defines several ways classes can be related TI,ese are sum marized in Figure 16.33 .
UML models are diagram that show either th e cla.sses of a software design and how they are related , o r
the Aow of control 01 a design . Figure 16.34 summarizes the UML models covered in this chapler.
• Package
• Group of related classes
• Inheritance
• Take on attributes and operations from o ther classes
• "is-a" relationship
• For example, an Employee "is-a" Person
• Association
• Structural relationship between classes
• Aggregation
• Structural mclusion of object on one class by another
• "whole -part" relationship
• Composition
• Stro nger rorm of aggrega ti on
• Included object is created and destroyed when including object is created and destroyed
• Dependency
• One class depend on another
• Changes to depended ·on class aHect dependent class
Figure 16.33 various relatlonships between classes that can be shown In UML class diagrams
EXERCISES 381
• Oass Modds
• class~s of a design and their ~ I ation sh ip
• Obj«t Modd
• obj«ts of a desIgn and their relationship
• Sequence Diagrams
• seque nc~ of method ca lls among object
• usually corresponds to a usc ca e
• State Diagrams
• states of a design clement
• transitions among states caused by events
• Activity Diagrams
• Row of contro l
• si milar to Row charts
• Data Flow Model
• show processing elements and the data that Row between them
16.11 EXERCISES
I. Name three major re lati onsh ips that could eXISt between classe A and B. Describe them in your
own words. Express each 10 UML and in a typical Java implementation
2. Explai n the difference between aggrega tIo n and composition. Cive an example to support your
answer.
3. Which of the following classes inherit irom whic h7 Exp la In YOllr reasoning.
WOnt1. Ellips<. Al1ilnal. 2DF,gurt. Circ/,
4. D raw the class diagram for the fo llowing code . Explain the correspondence between the code and
the diagram .
abstract class A ( )
class B
(
B( ) ( )
)
class C extends A
(
B b = new B ( ) ;
)
5 A library ha, a aile li o n of 'tcm< (boob and magazine ) avai lahle to loan patrons Forea h 'tem ,n
the ollection . the system mJ,nt"", dDta about 'IS t,tle, au thor, and unique ,eI In adel,t,on , the
/
382 CHAPIER 16 "!'HE UNIFIED MODELING LANGUAGE
cop right year is malntolned (or books , and the edit io n number I; mo intalned (or magaz ines. Draw
a UML clas. diagram representing the library item;. Be sur< to include the required attributes. HI.'
U sc in heritance In your model
6 Show a class d13 gram (o r an application that displays automobiles. Depending o n the user's request, It
dl plays a tYPical Ford, T oyota, or C he vy, tOset herwith Interactive pages o( In(onnation about each
We want to be able 10 easil y add new auto mobile brands to the application in the fulUre and to reuse
parts o( the deSign where possible.
7. Suppose that your car has a buill ' ln applicalion that dISplays the status of Ihe cngi ne parts at all
times. Draw a UML stale diagra m (or Ihe 5larl" class that describes the automo bile's starter o nl y.
Explain your reasoning.
N o te that the starter is some times connected to and sometimes disengaged from the car's
motor The ~tarter react s to actions involVing the car key. The key ca n be in one of three positions:
vertical , 90·, and I BO·.
B. ConSider an applicalion used at a doctor's office. The application schedules patient appointments
and maintains patient medical hi stories. Suppose the application design contains an Appomtmrn !
class to lrack appoi ntments, and a Medica /Hillory class (or each patie nt. H ow would yo u draw Ihe
U ML class relatio nship between these two classes)
9. Consider Ihe fo llOWing use case for a web e·commerce app lication,
Use Case Name, "Select Item"
Actor, Shopper
Precondition : Actor has req uested product list
Sce nario:
BIBLIOGRAPHY
I Fowler, M :mm, "UNLL DIJftIJcJ A Bnt! Ci1Aldt 10 1lH- SwnJnrJ Ob}tcl MoJtli"9LA"9~"gt.~ 3rd ed Addlson-Wnl cy. p 99 , l~' .........
2. )KOOwn, Ivat. Grady Booch .nd ) OImes RumbOlush, 'Th U'UfitJ SoJIv'4rt DtlHloplflt'n1 P~m." (Addl~n- \\:/ec; lc y O bJcct T C'Chnology
Sene'S), Addison · W(1.I~ . 1999
• What are examples of a recurnng design
purpose?
Figure 17.1 The context and learning goals for thiS chapter
DesIgn pauerns co ncern class co mb,n all o ns and accompanyong algonthm, that fu lfill com mOn
desIgn purposes Eac h desIgn pallern cx prcs es a desIgn co ncep t rath e r th a n an onllcXlble da ,
combination The aecompanylnj( algonthms cxpre the pauern's b."e opera ll o n Thl c hap te r"
Intended to famolianze the reader w Ith th e purpose, of de<lg n paue rn" probll'K theIr overa ll form,
and usage, (ju mm an z lng lhc..~ major one.. , and ('xatnIn1l1g (cve r~1 In ~omt.:' depth Th(·... t: arc lake n from
Camma "t al [ I ], th e clas"c ref ·re nce (or the su h) ee t hapt e r I dc<c nhcd t pl ca l software de,"!;n ):oa l,
and purpo,", We wol l ,tMt h rc w nh an exa mpl e de"gn purpme a nd follow It with a de"sn pallern
satlsfy,n/! that purpo,e
384 CHAPTER 17 SOFlWARE DESIGN PATTERNS
ll,crc are m.ny applica tio ns In whICh w~ defIOe. clas bu, for wh ich oilly onc In"an c wdl be needed As an
cxa m pic. householders arc forevcr co n,ernpla'ing ,he moderOl z. " oll of ,helf kl ,chen<, or.en usi ng software '0
vISualize 'he posSibili',cs Usi ng a K,rcim, class would be nalUral. Now suppose ,ha' a reqUirement IS that the
applica'ion does not allow ma rc than ooe kllchen to be under conSi derati on. It IS always. good idea for an
apphcallon to enforce what it mtends, so the patt ern needed here IS rhe enfo rce ment of th e o ne· in lance .onl y
reqUirement The Singleton design pauern . describcd in ec tl on 17.5. 1, fits th is bill.
Let's con 'lnue wi ,h ,he kllchcn application, which we will call Kirch", V"u>tr. "enables ,he user ' 0 first layou t
th e parts of a kit chen \v' uhout comm itting to a style. The overall interface IS shown in Figure 17 .2.
Here is a usc casco
Uscr drags ,he wall cablnc, '0 a posi tion "' ,he upper half of ,he work arc • .
0
Wall menu
cabinet
.!1
l1
Counter
./
display area
0 styles
Floor
cabinet
""
~ Modem 11b[I.,.,;;c;;;;laSS;;;;;;;,
ICdl~ ,
Anllque I~ Arts & Cra". I
Figure 17.2 Graphical Interface to the KltchenVlewer example application
EXAMPLES OF A RECURRING DESIGN PURPOSE 385
Once the layout process IS complete, the kitchen appea~ as in the example hown in Figure 17 .3.
After a kitchen has been sketc hed 10 the above ",anner, Kilchen V Icwer allows the user to try various
styk-s (or the wall cabinets, t100r abine ts, and countertops . When the user selects "Antique," for example, thc
design appea~ as in Figure 17.4.
Counlerlop
I ,
\
0 0 I
• 0 0
\i
I
I
,,
II ,,
, ,I
I I I
,
•
0 0 0 0 0 0
/
. 1.
I ,,
,
"
What are our specific de Ign purposes for Kitchen V,cwcr7 The procedure o f re ndenng the va nous " ylcs
IS baSically the ,.me, rega rdl cs, of the style, and we should "01 ha ve mo re than o nc copy of thi S procedure In
Our application. In particular, we shou ld avoid code , u h as .he fo ll OWin g
This is because no amount of added codc wtll enable thIS to draw va mble rypes of counters at runtime.
Better deSign thinking than thIS IS required, and it is usuall y set up ' 0 all ow po/ymorpi",,,, , a Single block of code
then executes In severa l possible ways , de pending o n the context O ne approac h IS to dC'sign the kitchen
appitcatlon so as to provide a method such as rrndtrKllrbrn(mySly/t}, somehow parame .e riz ing the rendering
procedure With a requ ired srylc. We would need to Agure o ut what kind of a thing mySIyI, sho uld be , and how
mld"K,lrbm() uses It. Thi . kind of design purpose recurs, and we ca n descnbe it a fo llow .
An application mus' ("oPis/ruet aJamily oj objects al nwfin1c; TI}t JfSigtl mu sl mabie dJolCt omO.19 srorral farnilltS oj styks.
ThIS purpose can be approached wi th the Abstract Fac tory des ign pattern , which is dis cussed in
Section 17 .5 2.
To illustrate how patlcrns express ideas, think about how yOll might describe your housing prefere nces to a
realtor. The term "ranch style," ror example, denotes a usefu l hOllse pattern . It conveys an idea rather than a
completely specific de ign.
As an example of a so ftware deS ig n pattern , let's rcturn to the Kitchen V icwe r example . Reca ll that we wan1
to be able to provide a method such as rtlldtrKllrh,"(mySIy/,). Now we need to ela borate on what mySIy/'
means
The method 'rnd"Kirrb",() uses the classes K,lrhrn , \VaI/Cab""I , and so on, and we wtll make it a member
of a class called 0,,,,1. If we temporarily forgel o ur purpose of parameterIZing the style, the method
rtlldtrKilrhrn () would look somethi ng like listing 17. 1.
This code would have to be repeated (or every style , result ing in more error. pronc and far less
mai ntainable code . (Sooner or later, code that IS supposed to be duplicated becomes different In different
places.) A class diagram for this would look like Figure 17.5.
The result is reJ>('tltl vc and complicated. As a result . it is inflexi ble , hard to prove correc t, and hard to reu e.
Now let's fulfill our KitchenVlewer design purpose by applYing the Abstract Factory deSign pattern. ~ ell
assume that some object will have the rcsponSibiliry for creating .he kllchen. Here IS the Key, Instead of that
object directly creating AIIriqu,Wal/C,bi.,r objects, for example, a parameterized version of mldtrKil "'"0
AN INTRODUCnON TO DESIGN PATIERNS 387
I I Render antiqueKitchen
• • •
nell Ant iqueWa llCab 1net ( " //applles o nly to antique style: Replacet with the follo'W'lnq.
myStylo. getwallC~b inet (); Ilapplles to the s tyl e c hosen at runtia\C~
AI nuntime, the class of ,.ySlylt determines lh e version of gtlW,,1/ nbilltl() executed , th ereb ' produclllg
Ihe approprrate kind of wall ca binct To carry out tl", dclc~at lo n of re<ponsibility, we Introduce a new do s,
,.,hich we'll all KlichtHSlylt, supporting methods gtIWnI/Cn hllltl(), gtlFloor "h,"tl(), and <0 on Kllcht. I It Will
388 CHAPTER!7 SOFTWARE DESIGN PAlTERNS
Chent
(onderK.tchenO
___ __ - - ---- -- -- ..,. 1\
---- - - - ---
~"'/
; ",/ I \"
; /
Kitchen ; I
; / \
;
;
/ I \
; / I \ FlOOrCobFnel
WallCsbinot ;
; / I
; / \
;
; / I \
; / I \
; /
; I \
; /
/ I \
; / I
; / \
; I
; /
I
ModernWaliCabtnet AnllqueWal1CablnOI
I
I "
I
I
I \
I I
I
ModemFloorCablnct AnlJqueFloorCabinel
have subclasses, which we'll name Mod,,,,KSlyl,, A"'iq",KS'yl" and so o n, each supporting se parate imple ·
mentatio n of g,llVaIlC,bi"ct[), g,IFloorCabi",'(), and so o n This is show n in Figure 17.6.
Recall that, due to polymorphism, executing ",yStyk.g"FioorCah",,,() has di ffere nt effects when "'yStyk is an
object of ModmtKStyk vetsus an object of AHliq",KStyl,. The class model in Figure 17.7 is a more complete vetsio n.
Notice that th e client code rdere nces K, Ich,", K,'ch",Styl" WaliCabi"ct , an d FloorCabi",' , but docs not
rde rence pecinc wall cabinet sty les or Ooor cabi net sty les. For example, the class A"liq",W"IlCabi",' does not
appear in the clie nt code. T o sec how th is wo rks, let's assume that at runtime, "'ySlyl, is an object of the class
Mod,,,,Sryl,. In this case, when the method ","ItrKilch",() executes a statement such as
WaDCabinet FIoorCabln8t
lI"IFIooiCabi""'1I C;
,
,.,--,---':'::_"'1'
ModemKSfV1e ;
gelWatlCab1nelO getWalICablnel() ' .... ,-
;
getFloofCobOnelO gelAoorCabinetO
I
AootC'tNl getFlootC.~1()
I rerum r4N .'cdllfoRoooc.btnlIO: )
Figure 17.6 The Idea behind the Abstract Factory design pattern
AN INTRODUCTION TO DESIGN PATTERNS 389
Cl"",'
. ..
rendef1(ltChOn( K1tCl'lenSty1e)
,,
KItchen
,,• --
,
~Wo!!('·, ... 1(1
.- - - ' - -
•
AoorCaolnot
,
I '--...n I'lIIiW U:OC'l.,hrwl.O.
• • ••
••
•
'. • ••
•
•• • •
•
••
• • ,.
• •
Anllgue KStyie ••
getWauCablnel() •• ...
gelFloorCablnelO AntiqueAoorCablnel
kitchen.add( floorCabinetl , . . . } ;
kitchen . add ( f loorCabinet2 , . . . J ;
• • •
390 CHAPTER 17 SOFTWARE DESIGN PATIERNS
CUenl
--- -- -- --
" " doOper.tion( Stylo mySlylo)
-- ----- ,;'"
.",.
I \
Style
-- -"-"
""
I
I
I \
\
\
9O/CompoilentAO Collection \
I \
go/Compollom80 I
\
I
I \
'"
ComponantA ComponentS
l , L,
, Style 1CompcmentA
, ,•
Stylel ,
, Styte2COmponentA
getComponentAO ,1
getComponenLBO ,,
---- ---- -- '
, ,- -- - - - --- - ..,
, , --- Style ! COmponentS
$tyle2
,,
gelComponenlA 0
getComponentB 0 --- -- ------- -- --- --- -- --- Style2ComponentB
The client method JoOpcralloH (Style myS/yle) builds an inslance of Collecrioll in the style indicaled by
myStyle by calling mySryle.getCompoH".tAO and myStyle.grtCompolln.tB() . If myStyle is a Styl" object, for example,
these two operat.o ns produce Styl" Compo"",tA and Styl" CompolI".tB objects, respectively. The pattern thus
ensures a consistent style throughout
We have mentioned that desi g n panerns , ho uld no t be rega rded in a literal manner. For example , the
desig n," the above figue< could also appear as shown in Figure t7 .9 .
In this alternative. Collerrioll aggregates Sty I" CIi",r docs nOl rderence Style directly, doOprratioll O
takes no parameters, and Collertioll has methods for getting the vari"us components. Collerrioll', aggregated
Styl, obJeci is instantiated at runtime . perhaps with separate se tup code . When JoOprrarioll O
calls grtCompolI",tA() in Collrerioll , conlrol is de legated to getCompolI",rA() in the aggregated Styl, object.
This is still the Abstract Factory pattern . The Abstrac t Faclory palle", is described in more delail in
Section 17.5.2.
Gamma et a!. [ 1] classified deSIgn patterns in one of three ca tegones, dependmg upon whether It has 10 do
with one of the following ,
Client
doOperatlonO
--- -- "- ,,
StylB
-
Collection /
/
/
,,
gBtComponentA O gelComponentAO /
,,
getComponentB{) gelComponentB()
/
/
,,
/
/
,
ComponentA CamponentB
7J:
, "'i Style 1ComponentA
, ,
Style 1 , ,
, Style2ComponentA
getComponentA() , ,
getCamponentBO - --- - , ,
-- - - - ~ ,- -
, , --- -
- -- - . - - - Style l CamponentB
,
Style2 ,,
getComponentAO
getComponentBO --- -------- - - - ------- --- - Style2ComponentB
These categones arc useful for recognizing when 0 panern may be needed and as the beg.nning of a
guide to sciectlng which one may be appropriate. Next , we wi ll elabo rate on each uSing exam ple applications
Table 17. 1 summanze the use and nature of key creat. ona l dcs.gn pallerns The ab tract factory and
SIngleton pallerns are descnbed .n more detail .n sub equent seCll o ns.
Abstract Create coordinated Display a ki tchen layout, allowing Encapsulate each family in a
Factory (see fam ilIes of objects at the user to select a style at runtime. class whose methods return
Section 17 5.2) runtime, chosen from a (See Section 17.2.2.) objects rn that style.
set of styles .
Create an aggregate Display a kitchen layout. allowing Create the objects ofthe type
object in which selected the user to select at runtime a type by cloning a prototype.
Prototype
parts are essentially of wall cabinet. or a type of noor
copIes. cabinet, etc.
Ensure that a class has Build an application to evaluate the Make the constructor private
at most one results of a lab experiment Ensure and obtain the unique object
Singleton (see
InstantIation, accessible that there is exactly one Experiment by means of a public method
Section 17.5.1)
throughorJI the object at runtime, and ensure that it that returns it.
application. can be accessed by any method in
the application. (see section 17.5.1.4.)
Decorator Allow objects and Allow the user of an online clothing Link the objects using
functlonafity to be added store to see his or her Image aggregation.
to an object 8t runtime. dressed in a variety of clothes.
(continued )
SUMMARY OF DESIGN PATTERNS BY TYPE: CREATIONAL STRUCTURAL. AND BEHAVIORAL 393
Adapter (see Ailowan application to Design a loan application from intrOduce an inherited
section 17.6.2) make use of external (e. scratCh. but allow It to use any Intermediary class relating
g., legacy) functionality. vendor's classes that compute the application and the class
monthly payment calculations. with desired functionality.
Manage software Design the architecture of a student For each package, Introduce
architectures involving loan software application so that an object that IS the sole
large numbers of one group of developers can access to objects within the
Facade (see classes. concentrate on the loan option package.
secuon 17.6.1) database, another on the user
Interface (simultaneously). and a
thlfd on payment calculations.
Minimize coordination problems.
Some methods are Assume that rendering an image Introduce a class standing
remote, or require lots of consumes a significant amount of between the requesUng
resources to execute time and space because the image methods and the resource.
(time or space). Ensure data has to be read from a file, fill a
Proxy
that they can be buffer, and then be rendered . If the
executed, but no more buffer is already filled by a previous
often than necessary. invocation of the method, then
Invoking the function should not
repeat this step.
When an application runs, much behavior generally occurs among the objects. An example IS when a method in
one object calls several methods In an obJcct of a dlHerent class. Sometimcs wc want to control and label behavior
111 order to parameterize it or reuse It Each behaViora l pattern captures a kind of behav ior among a collectio n of
objects Let's consider the follOWing example of mutual behaVior among Ship and TlIgbonl objects Let's say that we
want to cstimate the amount of lime required to bring sh i ps Into and out of a harbor and tran pon them to dry
dock for maintenance, based o n their Size, and 0 on Imagine that thIS i, a omplex calcu lation ,hat requires a
systematic simulation o f the ,ransportation process !'igore 17. 10 suggests a configulUt.on
The classes Ship and Tugbonl are natural closs ch Oices, blll obJcc ts of rhe e lasse, play different role ,
depending on whether 'he ship IS entering , leaVing, or head i ng for d ry d ock 111 e th erc arc many pOlentl.1
applications In which we ca n usc SI" p and TIIgboll l, we d o no t wont th e,. la'5e' to depend o n ca h o th er, J,
• "'88«ted by Fil!ure 17. 1 I
We have a bchtlvloral design purpose h ere occa u,c we wan' to 'CI>Jfate the interd ependen t behaVior of
(hcse objects from the objects them,elve, The Mediator design pattern doe, th". Figure 17 12 ,how, the
core Idea of Mediator
394 CHAPlER 17 SOFlWARE DESIGN PATIERNS
U"
I ,
-
~
-
,.- ;.--J hA
h~
obstacles
Figure 17.10 Example of behavioral design goaf-tugboat and ship port entry
Harbor application
I 1..n
Ship --......:......:- Tugboat
ILongshoreman I
Figure 17.11 Avoiding design dependency in port entry example
In this deSi gn. Ship and Tugboal classes do not refer to each other Instead. the I.r.. IIIgPo,./ class contro ls
how objects of Ship and Tugboat behave to es timate the tim e for that maneuve r.
The full Mediator pattern allow (or the fact that the mediated clas es may need to com mun ica te (e.g.,
to respond to events on either of them). T o accomplish th is. the media ted classes ca n be made to subclass a
bast' c1a~s that aggregates a genenc media tor class (PortNLsSlOt1 ) TIll S is shown in Figure 17. 13.
a te that 111 Figure 17. 13 the Ship class docs depend on the class V",tI , wh, h depends on P0r1Ml5lI0n , so we
can not usc the ShIp class wi thout these [Vo'o, These dcpcnclcn ics arc much more acceptable , however, than
Ship
LeavingPort
eSlimateTImeO
Tugboat
Agure 17.12 The Mediator design pattern concept applied to the POrt entry example
SUMMARY OF OESIGN PATIERNS BY TYPE: CREATIONAL STRUCTURAL, ANO BEHAVIORAl. 395
PortMlssJon
Vessol
eStlmaleTImeO
-z;; if
Med1al0f base class Tugboal
Ship
Ente ringPort
eSlimateTlme O
LeavlogPort
estimate TimeO
-t-
8eingMainlained
eslimaleTimeO
Figure 17.13 Applying the Mediator design pattern to the port entry example
having Ship depend for. 1I lime o n Tugboat Ships are always vessel<, and they usually have missions, but they are
only someti mes assoCIated w ith tugboats. T able 17.3 summarizes th e usc and nature of key behavioral design
pattern . The Interpreter, O bserver, and State patterns are described in more detail in subsequent sections as
examples of strucrural design patterns.
Command Make the execulton of Allow users of an application to capture each command In a
operations more flexible, retract their last four decisions at class of its own.
For example, enable any time (the " undo" problem).
" undoing."
Interpreter Parse an expression. Design an application that takes as Introduce a class to capture
SectIon Input an order for a network of PCs, expressions, and allow
17.7 1) expressed In a standard syntax. The expression classes to
output consIsts of Instructions for aggregate expression
assembling the network. (See classes
Section 17.7.1.5)
•
(continued )
396 CHAPTER 17 SOFlWARE DESIGN PATIERNS
Table 17 • 3 (contmued)
Observer (see A set of objects depends Keep management, marketing. and Capture the data source as a
Section 17.7 .2) on the data in a single operations departments up to date class. Allow It to loop through
object. Design a way in on sales data. Each of these the observer objects, calling
which they can be departments has different an update() method.
updated when that requirements for the data.
single object changes
attribute values.
State (see At runtime, vary the Customers fill out an order form on Aggregate a class
Section 17.7.3) effect of invoking an a Web site, and then hit the " enter" representing the state with
object's methods button. The result must depend operative method dOAction(j.
depends upon the upon the state of the form data: Subclasses effect the
object's state. " Product Information Complete," reqUired actions of substates
" personal Information Incomplete," With their own versions of
" Credit Check In Progress," etc. doActionO.
Template Allow an algorithm to Organize the huge number of traffic Have a base class contain an
execute partial variants light algorithms in a city by overall method, but with
at runtime . arranging them into a few basic functlon calls where
forms, with variants tailored to variability is needed. Have
specific locations. subclasses implement these
function calls to capture the
reqUired variability.
DeSign pattems are partially described by class d iagra ms, but they also ca n be th oug ht about in two ways. th e
stolle and dynamic viewpoin ts of th e pattern. This secti o n cxplui ns these two view polIHs. It also describes th e'
(fbstracl and non· abstract (concrclc ) levels of design patterns FI nall y I it' covers the ways I n which de ign patt~rn
arc embedded In applications, The st'luic vs. d ynamic vicwpoim~ . ab tra ct '"S. conCret(' levels. and embedding
issues are acwally characteristic of mOSI deSig ns, a nd are not Itm itcd to de ign patterns, These characteristics
arc su mmarized in Figures 17. 14 and 17. iS .
CHARACTERISTICS OF DESIGN PATIERNS: VIEWPOINTS. ROLES. AND lEVELS 397
(class O( classes)
- - -role
1.-CII"", -- - _ --
-
"- -- ---- --
I
I
I
-- --,..
I 3. Role: Application of the design panem
I
I
I A. Static viewpoint B. Dynamic viewpoint
,-------,
: A 8 ~ 0) Abstract level
DOD
,_-
',.L I
•
:C D : (iI) Concrete level
_ _ _ _ _ _ _ _ .J
(sequence or
(crass model)
stste diagram)
DeSign patterns arc dlustrated with class models. showi ng the cia ,cs "wolved and their mutual relation h'l)s,
this IS a stallCviewpoint orthe pallcrn The function, of thc'\(" c1as .. cs execute: In panlCular sequcn c , ho \\revcr,
which class models do not illustrate Th is is the dyn"ntlC ViewpOint 01 the poltern . and reqUire, appropriate
means of exprc~slOn .
We'll use the Kit hen V fewer eXJ mplc to IlIlI~lratc the: ~tatlC and dynanll viey,r po lIll\ The StJlI VI(,WPOlllt
was shown in Figure 17.7. TIm ViewpOin t doc< not <peedy how the design actually work at runllmc whal
happens Rrst, <econd. and ,0 on . Figure 17 6 li\t< the ode for 9rtFloo, G,b"ltl() and g,tDoorCn I"'ltl(). and although
thIS code contribute, to the dynarnl ViewpOint of the de ' lgn I"ltern appltcallon. It " hard to <ec the
whole execution PI rure T () cxprc.., .. the d y namiC VICWpO lIll , we often U~l' ... cquence dlJ 8r.l 1ll'. J" IlIlI,lrillC I In
398 CHAPTER 17 SOFTWARE OESIGN PATTERNS
Cllont I mvStyle.KlfchoflStyle
,,
I
rr __ ~m~YS~~~le~.~~~~ ~
Lf. gelWauCabinotO - IFmyStyte BELONGS TO ModOmKS'Y'<>-
------,
myStyte: waltCablnet I
ModemKSlylo Mode rnWallCa binOI
rendcrKItcl'len ,,
(myStyte ) ,
gOIWallCabinetO
MOdomWallCabinotO l1 I
myS~I. : wallCablnel1 :
AntiqueKSlyle AntlqueWaJICablnel
,
:__~g~.~IW_'~I~IC~'~bi_ne~I~()__~ ,I
AnllqueWaliCablnetO '11
~ I
Figure 17 16. It shows the dynamic vIewpoint of the KltchenVicwer application of the Abstrac! Factory d«ign
pattern .
allct: that within the KitchcnVlcwer Abstract Factory pattern application , some of the classes are
abstract. In conformance with Gamma et al. [ I ] we wi ll ca ll non·abst ra ct classes "concrete." Figure 17. 17
, , "
, ' '
, ," ,
,
•
• , , ,
--
,
, , ,
"
, " '
•
•••
Waf/Cabinet
,
-, "~ ~...
KlfchenSty/e
• •• FloorCsb,oet
••
Abstract level ••
Concrele level
...JO
KHchcnJ O +
ModemWaUCab'nel AnllqueWaUCablnet
" " '
---- , , •
,
,, ' '
MOdomKStyle
'- ,
'" ,
" , , , ,
, , , •
" " , •
'" - ,P'.-
•
, , , , "
ModemFloorCo.l)(net
, ,
••
AntiqueKStyle -----. ---- ---- -- ---.
-- AnflqueAootCabtnGt
",arrang~ th~ physIcal placement of cia C In F;gure 177 to e mphasIze the abstract and conc rete
groupings ailed Ill),'"
Th~ mterface of cl,ents with a design palte rn application u ually needs to be at the abstract la yer. This
can ~ s~en in the code for rmd"Kitd"!l O, which is wntten in term s of KltchenSt)'le (and doesn', reference
ModemKSryle o r A!lloqu,KSt),/e ), W.II .bl/ltl (not ModentWallCabl!lrl o r AHloqueWaIlCabm<l ), and so o n
A divI Io n onto abstract and co ncrete layers IS a ohen a good d~Slg n practIce, regardless of whether
d~ig n pattem are beIng apploed, because clien t code can be wnlten in terms of the more ge neral cla«es of
the abstract layer, maki ng it more ve rsa til e
17,4.3 Three Roles Involved in Pattern usage: Pattern Application, Client, and setup
This section cxplains the th ree pans orroles-on volved in the usage of a desIgn pallem on a design. n,is dIScussion
is designed to help the srudenl surmount common problems uSIng design pallerns. The thrce roles arc as fo llows,
• The code that uti /o zes tim application (the "client role")
• The code , of required , that inot ializes or changes the desig n panern application (the "setup ro le")
These theee ro les arc shown on Figure t 7. 18, and arc explai ned next.
A design pattem-the desig" pa llcrn appllCn loo,,-involves a specific class model. For example , K,tchenVicwcr,
described in this c hapter, contains an appl,cation of the Abstract Factory design paltern Th is is the ubstance of
the d~ign pattern .
Many pans of a program can potentially usc a desig n pattem application We usuall y rde r to these pans as eli", "
of the paltem application. Each client is typicall y a method, but we often regard the method's class as the c/oent In
0 0 0 0 0 pat/ern
application
J
Flsure 17,18 The three roles Involved In design pa ttern usage
400 CHAPTER 17 SOFTWARE DESIGN PA TIERNS
Ihe K,t henV,ewerd<""lln, for example, the ,,,,dlrK,1 ImtO method 1<, chen l of the de<lg n pallcm appllCal,on We
, ,II use the tern, d,",1rol, fort he ommuI1Ity of cI,ents T yp, ally, the cI,ent Ull/' Z« the d<-<;,!!n pallern ,pphcatlon
onl y through spe , ted methods of speclflcd clas<cs of the des,gn patlern ,ppi.c.tlon The>c methods and cI",scs
onSlitule the ",,,,mce of the pallern apphcat,o n. In the case of the K,tchenVicwcr deSign, for ex,mple, the
'"terl.ee con"StS of ti,e cia, e K,lc/'",Sry/" K' ICh'fI, WoIICnb,,"I, and Floor au",,1. I,ents may nOlrder to any other
parts of thIS p'lIem app /'callon, and they generally do not overlap the desig n pallern ,pplicatlon.
The third role involved 10 the usage of design p.llems is not terribl y Significant. but o ne ca n get co nfused If
o ne docs not recog 01 zc its pn:sc ncc: and necessi ty , It co nsists of the code that initiali zes o r hangcs the design
pauern applica non code at runtim e. YOli ca n think of th is as a ja nitoria l or housekeeping-role In th e
KitchenV,ewer des'gn , fo r example, cI,ents specifically do not reference particular styles, such as Mod,,,,-
KSry/, Reca ll that rrndrrKilc/'",O takes a Kilc/',,,Slyl, object as parameter, and deliberatel y docs not rderence
any subclass of Kilch,,,Sry/c. How arc these speCific style objects selected and instantiatedl Th, s is the task of
what we w.ll call the Stlup rol,. In the KitchcnViewer de 'gn, ,t is the code that r« po nd to cl icks o n ,he "Style"
buttons ," Figure 17 4 by ,"Slantiallng a Kitcb",Styl, object and calling ,mdrrKitcb,"O wi th this parameter va lue
Setup code needs access to man y parts or the applicati o n, is no rmall y runtime inten ivc , and is ty pically
no t Intended ror reuse Thi is becau e it tend s to be speci al to th e application and beca use it d epends o n too
many other classes. O nc can think of the setup role as not overlappin g ei th er the client o r the design paucrn
application, although both arc possible.
11,is section dcscnbcs the SIOgleton and Ab tract Factory design patterns as examples of creationa l design pattems.
17 .5.1 Singleton
Alt hough a typica l class allows the crea tion of many insta nct."S at nlntime. we ohen want a class to have exactly
o ne instance throughout th e appli cati o n, and no more. For example, many applications maintain a profile of the
use r. Often, there is no need fo r more than one U S(( instance at runtime . In f<lct , the eXistence of marc than
one InSlance cou ld lead to problems where one parr of the application c hanges the user's profilc in one wayan onc
Instance t and another part in another way on another instance. Thi S leads to an incorrect impl ementation. We
want a guarlmtcc of onc and o n~y one lIser instance al runtlmc . Fi gure 17 . 19 summan zes the purpose of Singleton.
DeSign Purpose
Ensure that th ere is exactl y one insta nce of a class S. Be abl e to obtain the
instance from anywht.·re In the appli ca ti o n
Make the constructor of 5 private; define a private stallc .tt"bute for 5 of type 5,
define a public accessor for it
We ",(er to the desired un ique instantia tion as the ""glrlo" of the class. and the class as a Smgltlo" class.
As an example. if an apphcation ha< a U", class as described above, chcnt mothods 'uch as ocrifyAcctSs() .nd
snuIbn,,,IToU rr() would require a reference to the Si ngleton of Ustr To get the Si ngleton , they would con t.in •
st.tement such. the following :
This requires that grln"Ustr() is a static method of LIm . NotICe again that a statement such as the
(ollowing:
would crea te a truly new U'tr object , fai ling to guara nt ee the require men t that th ere be only o ne U,,,
instance.
The first issue is· where do we put the sing le insta nce of our class) We wi ll nam e the class in question S. A
good place is within 5 itself, as a static variable. So far so good- but the problem is, what's to StOP another
pan of the appliCation from including the following sta:emen t
S myVeryOwnlnstanceOfS = new S ( ) ;
We prevent this by making thc const ructo r SOprivate. The o nl y remaining ISSUC is a way to obtain the
singkton, to do th iS we include in 5 a public statIC acce sor meth od
The Singleton design patlern IS actua ll y a specia l case of Factory in which the obje treturned I the o ne and
only in tance of the class With the Factory met hod. Si ngleton IS thus in the Delegation form · the method getti ng
the Singleton delegates ItS creation to the construc tor. The class model for Si ng leton IS , hown in Figure 17.20.
Let's sum up thIS dl<CU<Slon. Suppo<e that 5 is a class for which "'e requ ire one and only one instan e.
The Singleton deS ign patlern consi IS o f th e stcps shown in Figure 17 .21 .
Making the constructor of the class MyClnll private prevents the crea tion of MyCln" o bject except by
methods of Myeln" itself My In 5 IS given a tatic dal" member of t)' pe MyCl"" thaI ",'" be the Singleton
Ld, name this ob,cct ' IHtJ'rloIlOjMyCiall A public static f"Clory mtlh od 01 My la» ,!1/1S",glrloll ifilly IIIs, O. IS
defined that re turns 5,"glrI0IlO!My( In5s. Thus, to get thIS onc and on ly clement of IIlyCln's . "' e merel ,n\' ke
MyOass grISmglrlo"OjMYC/fIl'()
Our di'KuSSlo n on Inl(lcton doc not aU Io m.1I ally extend to clients operat ing "' parallel thread"
needing a e" to a SlnK'c to ll abJeCl
402 CHAPTER 17 SOFTWARE DESIGN PATIERNS
Client
,
I
I
There is 10 be exactly one Exprri .."" objoct .t runtime, and it can be accessed by any mcthod in the
application. Each time the method is called, it displays the following message on the console to verify it was
called,
Output
E~ment
IheEx~riment; Ex riment
IClient f- - - - - analyzeO
theExperiment
.. static ..
getTheExperimenr{): Experiment
reportResultsO
Now we turn our attent Eon to the creation ofjamilirs of o bjects. ThE S kEnd of problem was discu< cd En SectEo n
17. 1 using the KitchcnMasrer example.
Our design purpose here IS to create a fami ly of related o bjects, chosen at runtEme from several pOSSible
families. You can ofte n think of a "family" here as a "style" choice . \VIc want to be able to ",nte code that
appl ies to these families without committ ing to one parlEcular family .
As an example, consider a word processor requirement that all ows th e user to view a document in everal
styles Modern word processors all ow users to view documents in a variety of ways, for example, En outli ne
form, shOWing only the headings. We w:ll si mpli fy this for Ellustration. TYP Ecal input to our pnmitive word
processor i shown En FEgure 17.24 .
-+ Emcr text.
I was born In a sma ll mountaEn hut - EntC< Headi ng o r "· done·
·don(·
- Enter Headlni( or "·done·'·
Youth (toll ""!ltd )
1
.... ." .
» Enler Ihe style you wanl displayed: » Enter tile style you want displayed:
big small ,
Option 1 Option 2
My Lile
--- Title: MY LIFE ----
Birth
Section 1. - BIRTH -- I was born in a mountain hut ....
I was born In a mountain hut ." .
Youth
Section 2. - YOUTH --- I grew up sturdy ".
I grew up sturdy ...
Adulthood
Section 3. - ADULTHOOD ---
•• • •
The application prints the document in a variety of styles. For si mplicity, we will use ,mall and big styles.
In ,mall style output , all headings are in left-justified lowercase a nd end with a colon. In bl!! style they are
capitalized with sectio n numbering, and so o n . The tide a nd the various subheadings appear differently in
these IWO styles. \VIc can assu me that mo re sty les wi ll be required in the future . The o utput for "small" a nd
"big" styles is shown in Figure 17 .25 .
\Vle want a design with a clean separation into the wo rd manipulC)tion pan and the srylc choice part. We
capture the various kinds of headings wi th classes In general , a · style" In volves a fa m ily of classes. For
example, CapitalStyle ,nvolves the classes Capit"ITit/e , CapilalLc"elrHcndin9 , Ca," laILevei2Hcnding , and so o n, so
the proble m is to be able to c ha nge the fa mil y at run time . The purpose of Abstract Factory, as expressed by
Gamma et aI. , is as shown ,n Fig ure 17 .26.
The rest of this sec tion explains the pattern that fulfills this purpose
Design Purpose
Design Pattern
'Erich Gamma e( ai , "D~19n P;1t1C!ms, E1c.mc.'nts of Rcn~ablC' ObJC'cl ·OncmC'd Software: Addi~on . \'(I~.h~y. 1995.
--------------------------------~-------~
Client
-"
-"
-"
I
I \\ '<.,. . . . . ..........
Ensemble -"
-"
-"
-"
I
I \
, " " ..........
......
AbstractFactory
-" I getAPanl0bjeciO
setAbSlraC1FacloryO '" I
I
\
\ "" getAPal120bjeciO
doAFunclion() I \ ""
I
I \
\ ""
I \
\
""
"
Sty leA Factory StyleBFactory Style ....
Abstract Factory· ..J
Oient code has acce£s La the ent ily 10 be co nstructed wilh Ihe fa mll, es We wi ll name Ihis class EII s""bl, In
general. The class AbslraclFaclory encapsu lates the sryle of Ihe EII" ..bl, pans. The Inlerface fo r the client has
the appearance of Figure 1727 .
For a discussion on a narrowe r intcrbce alterna tive using the Facade deSIgn pattern , sec SectIon
17.6. 1. I . Fo r our word processor example , the role of EIIs""bl, would be held by a class such a OocllmClfl, wh,ch
suppo rts methods dependent upo n Slyl, (our Abstract Factory). First the chent or setup code-ha to
determine the required sry le, ty pica lly de pend ing o n use r input as in the fo ll ow ,n g
Style currentStyle;
... II interact with the user
currentStyle = new SmallStyle ( ) ;
_ . . or
curren tStyle = new LargeStyle ( ) ;
• • •
document . setStyle ( currentStyle ) ;
O nce the ty le has been sc t, the client makes calls to OocII,"rll l uch do ""'rIIl dlSplay(J. A cia. model for
thIS would have the appea rance of F,gure 17 28 .
But what does a "sty le" cla.s look hke, and how does it ac hieve our purposesl
The Abstract Factory de<lg n patlern usc, a c lass 10 cn Uect coo rd Ina led fa cto ry met ho ds "' one plJ <, one
class pcr "style " In the <land.rd "allern , the base cia" for the<c >Iyle cI~s,cs ,s nJm ed Abs lflltlF" lory The
,dea IS that e.ch AbslrtICIFtlCIOry ,ub Ia<' In lerprets ,I> fa~lory m e l ho ds to produce obit I> of, s,ng le,t Ie
Abstract faclory IS ,n th' dcle/(.lIon form , dd el!a llll ~ the "ge lle r " of Ob,CC h 10 Ol1, lru l(lro. all In Ihe
deslfcd style
406 CHAPTER 17 SOFTWARE DESIGN PAITERNS
Document
Slyle
setStyle()
display()
/
/
/ // r---'---, r - - - ' - -
/ /' Small Style LargeStyle
/ /
/
/
//~----:::-------
/"
/
-
- --
/ // -
" -- --
/
• • • • • • •
For th.e "ke of SimpliCIty we wi ll iliustTate this with just one sty le to beglO with . Let's call the class whose
complex objects arc to be constructed, ElIsrmblt. pigllre 17.29 shows how E" Stmblt objects are constructed in a
style encapsulated as SlyltA . E"s""blt consists of parts, Pari' objects, Pari> objects. and so on. The attribute
abslraclFaclory of E" s""blt is instantiated with a SlyltAFaclory objec, 10 ,his case. When a Pari' objec, is required,
the gtlAParl,Objtcl() method of abslraelFaclory is c,lIed . The virtual function property implies Ihat the
gtIAParl , Objtcl() method of StyltAFaclory is actu,lIy c,lIed, ,nd it returns a ParifStyltA object. Similarly, when
griParl2 0 bjtcl() of Ens""blt is called. it returns a Parl>StylcA object. Thus, all of the parts obtained are in the
same style . 11,e p,rtial class model is shown in Figure 17.29.
The full Absiraci Faclory class model . with two styles (AbslraclFaclory subclasses) is shown in Figure 17.30.
As dIscussed in t'he section above on client intcrf-accs, the client may interface with the AbsrracrFacrory
,nd PariX classes bu, specifically not with Ihe ,ubclasses of Par" . Pari> , and so on .
AbstractFactory
aMb.&::tFaclory 1
Ensemble gelAPan lOblectO -1
r selAbstract FactoryO golAPar120blectO I
I doAFunctionO 7'i 1
1
1
y 1
I
I Part 1 Part2 I
1 1
I L C. 1
I I
I I
I Part! StyieA Part2StyleA 1
I
1 " ,, 1
1
1
1 ......................... ,, I
I
1 , , , , StyleAFactory I
I -cr.e. ........ 1
1 " :.J:~panl0biectO I
1 , IAPar12Objoe'O I
1 1
I 1
I I 1
I I
I
------------ ---- - - ---- ----- - - - -- Client ----
I
-,
AbstractFactory
abstraclFaclory 1
Ensemble getAPartl0blecl() -I
doAFunctlonO getAPart20blecl() I
I
1.. n 1..n I
~
I
Partt Part2 Part... I
I
I
I
I
I
Part1 StyieA Part 1StyieB Part2StyleA Part2StyleB I
I
I
"- .... .... ,- I
I
I
"-
"-
"-
.... ....
.... .- " " ,-
,- I
I -creat... " "
,,' ,- I
I ....
, " .... , , ,- I
I
"-
" .... ....
I
"- " .... ,- " I
I
I
" I
Sty leA Factory StyleBFactory Style .... I
I I
I ""C"- _
-- - -- - - - ~ _ -'7
I
I
I1_______________________ _ -- -- I
I
Client -----------~
A sequence dIagram for Abstract Fa ctory , including th e se ttlnB up of the parti cu lar "sty le" (the Ab,lracl Fa ctory
object ), is shown In Figure 17.3 1
We now show the deSIg n of our Word Processor example USlnS the Abstract Fa tory deSIgn pattern The
follOWing use ca es describe the app licalJon
View a Docume nt
Precondition : none
The followln~ " the "11 .(hnWfext" use Ca>" rdere n cd above
408 CHAPTER 17 SOFlWARE DESIGN PA" ERNS
Selecting
setAbstraclFaclory a sryle
(abstracIFaclory)
I :Pa rU StyleX I
I
doAFunctlon O
.,.. getAPa rUO
Assume that ----
./
""~
I
Creating
objeclln
a ParU
this method
- / ge tAPa rUO I
required styIe
requIres a
...../1
ParUobject Part.J SlyleXO
, +rl
,•I
Virtual •
j
function
property
Provide Hcadingrrext
Preco nditlons- user has provided the title
1. ApplICa ti on reques-ts a header
2. Usrr provides hcadcr tcxt
3 AppJlca lrol1 requcs ts text
4. U", provides tcxt to fit with thc header
Thc class modcl IS shown In Figure 17.32 .
T ypical output is shown in Figure 17.33.
This seClion describes the Facadc and Adap<c r dCSlgn patterns as exam ples of structural design patterns.
In bUilding applications we parcel out sets of classes to separate developers Th is reqUires the clear
modularization of the design Developers typically require the <CrYlces of classes thar orhers are responSIble
SElECTED STRUCTURAL DESIGN PATIERNS 409
Document Style
style
geIAH.ad,ngO gelAHeadlngO
r-------, I
gelATilleO I Displa yable I gelA Tit/eO I
grtDocumenlFromUserO I
: dlsplayQ :
O•. n -- --- I
L ~
I
O••n I
Text• __ "-_--I Heading 1 I
Title
value v value I
'--- D,splayable '--7\""',-_.J value
:--7\:--
, ~
r
SmaliHeading LargeHeading I~ LargeTitie
d,splayO displayO dlsplayO d,splayO
'--~----
Ioj create» - - - -
~-~-r-~-~-~-~~~~-~--~-----
c.:::.- -
- - - -
~ LargeStyle
gelAHeadingO gelAHeadingO
gelAnlleO gelATille()
~, _.:::7
Client
gelStyleF romUser() -- - ----------- --~
dlsplayDocumenl()
- -T,tle MY LlFE-
SectIon I - IlIKTH-
J wac, b(}rn In a moun lain hut •
Section 2 Youth- -
I grew up ,turdy
Desig n Purpose
'0
for developlllg, so ,hat classes and packages ohe n ,elalC each o,her as clien! and server. The client a nd server
portio ns are deve lo ped re la'ively independently-,he problem is ,h., services arc typica ll y in va rious Sla' es o(
comple<ion as 'he projee! progresses. Complexi'y is grea 'ly reduced when ,here is juSI o ne o bjee! providin g
access to ,he fu ncllonality of a collectio n of classes.
A component acts cffcctivc:ly as a server when its interface is narrow. "Narrow" means that the inte rface
(I.e., a collection o( functio ns) conta ins no unnecessaty parts, is coll ected in o ne place, and is clearly defined.
The Facade design pattern e5lablishes juS! such an in,e rface ' 0 a package of classes. Facade regulates
communica ,io n wi,h the objects in ilS package by exposlllg o nl y o ne objee! of th e package ' 0 client code o(
the package, hiding all of 'he ot her classes. This helps organize developmen, because the programmers
responsible fo r a package can publicize th e services offered by a Facade o bjtet and stub them while ,he
package is under development. ("Srubbin g" is temporarily substitutin g the rea l content w ith very simplisti c
content, o r perhaps wi, h none at all .)
Clients o( ,he package have a conc rete reprosen,a'ion of 'he package's fu nctionality to use during
development . Th is Jdva ntagc extends to maintena nce. If maintainers can upgrade rhe way in which
functionality is coded wi,hou , d islU rbing the fa~a de , 'hey can be assured ,ha, all clients of the package
are not affected . The Facade objee, is a ,y picaliy a singlelOn . Figure 17.34 summan zes the design purpose and
technique of Facade
Suppose ,ha' a package contains a collection of classes and tha, 'he cl ient code, extemal to th e package, requires
a «rvice myCMtlhod() provided by a class C in th e package The c1 ,en' may interface o nly with the Facade
object, which we Will ca ll Ih,FacadrOhjrcl. Thus, the clien' code calls a method suc h as Mrt/)odOjFaeaa,Q
of Ih,Facad,Objtcl in order to accomplish this purpose.
The Faead, class model shows c1ien" inlCrfaci ng with a single class of a package, bu, With no o ,hers. Actually,
there is nothing to stop us from designaring more than o ne class as a Fncadt class. The non-Facadt c1as es a~
no' ac"<sible to code extemal to the packa ge. The Faeaar structure IS ,n 'he Delegation form since the Faead,
object delcgales commands '0
classes intemal '0
its package. This IS Illus trated In Figure 17 35 .
SELEC I EO STRUCTURAl DESIGN PATIERNS 4"
, 1
"- Fat;;ade
Client - .. - exposed.. I-not eXPOSed-I
cMelhodOfFacadeO
" "- I
This cat!
repla ced
"" I
I 2 I- not eXPOSed- I
by t an d 2. "" I
Client can't
reference C
" C
.. not exposed.. I.. not e~posed.. 1
myCMelhod()
A call that ",ould o ther"" e refer to an o bject o f a class wIthin th~ package IS repl aced by a ca ll to a
method of the Farad, object ThIS metho d ca n then referen ce the obJect'" que<lIon The seq uen c~ d,agram IS
shown," Fi gure 17.36
:Client si ngleton :C
'--
:Facade
cMethodOfFacadeO
myCMelhodO
(return it any)
---- -- - - - - --
(relurn If any)
- --- ----------
MyGameEnglne
MyGame
. '6CJJde IJ
MyGameCharacters
MyGameCast
f.,fsellde" MyGameEnvironment
MyGameEnvironment
,.fscs del>l
Figure 17.37 Using Facade for the architecture of the Encounter video game
Su ppose that a preex isting app li cation, o r eve n just a preexi ting object, prOVides functionality that
o ur applicat io n req UIres. For exa mpl e , th e exis tin g appli ca ti on co uld co mpute the pnncipal
Design Purpose
Allow an app lication to usc ex ternal
functionality in a rctargcta blc manner.
Design Pallorn Summary
Write the application against an abstrac t
versio n of the ex te rnal class, introduce
a subclass ,ha, aggregates 'he exte rnal class.
Figure 17.38 Design purpose and summary for the Adapter design pattem
SELECTED STRUCTURAL DESIGN PATTERNS 413
obtained trom \nVC ling .ll!pv<:n amOunt (or a given number of year In a pcclaltypc of Investment , and
WC' want to u~c lhl) (lin [tonality In u~ing Ihi~ functionality . however, we want to modify our own
application as Imle a po<slblc . \VIe also w.nt to be able to easily witch to alternatwe
ImplementatIon> of tht· required functlonaltty F,gure 17 38 ummartze the e purposes and the baSIC
Adapter technIque
The "client" IS the apphcatlon that must 1I e the ex. ling funcnonahry We create a deSign In whICh the chent
doe not directly Interract' wtlh the t:XiSllflg fun uonalay, however In lead. It Interra cs with <:In Clbstracl
method of an app roprtately named ab trac t class. The laller must be In tan!tated al runtime with an object of a
concrete ubclass. as exp lained next.
Let' call the ab,tract cia
AbslrnclClass . and ItS relevant method we need sta>ldllIForR<qu,,<dAt<lhod() .
Cltent code would be om"th,ng like the fo ll owing .
· -. - .
AbstractClass anAbstractClassObject:
... .. II setup code instantiates ... nAbstrdctC!a.s"Ob)ect
• • • •
anADstractClassObject.clientNameForRequ1redMethod() ; Il usetheexternalfunctionality
• • • • •
• • • • •
The d ..s model for IIdapt" IS ba ed on ,he delegation foml because an Adapl" o bject delegate> the o mmand
to the tars,;eted ommand , as <hown in F,gure 17 39
Adapter works by handIng off function ca lls to cilclltNllnt,ForR,qllll"iAI<llrotl() as shown '" h~lIre I i ·,0
.1. CHAPTER 17 SOFTWARE DESIGN PAmRNS
alent adaplee
( ad'poee.requlredMoUIOdO:) I
Figure 17.39 The Adapter class mOClel
:Client I :AbstractClass I
•
:Adapter adaptee
:RequiredClaSS
I
I
I
d 'entNameFotftequ1redMethodO I
RequiredMelhodO
I
I
I
I
I
I
I
I
I
Lds consider a Rnanci.1 application that needs to use the met hod
of a legacy class Pn"cipit . We want to b<: ab le to e.sily switch to other impleme nt.tio ns of th is functionality if
necessary. We write our applica"on by giving our own names to the function of interest, and the class/object
that owns the function. For example , we can name a method as follows,
in the class F""",cial. This cia" is made abstract, as illustrated in Figu~ 17.41 .
SELECTED STRUCTURAL DESIGN PATTERNS 41 5
.,
AI!~lIcation Ada~latJon Legacy system
Financial
amountO Principle
computeValue()
...J
amountO "
.-------~~~----. "
( legacyAdaptee.computeValueO: )
The Adaprc::r design pauern in this case co nsists of a class, which we wli l name: FlllulICltJ lAdap lt r here,
",hlch onherits fro m the application' c las (Flllllllnal on ou r case), and whIch aggregates the legacy cia s
Pmlnpal. This could be Impleme nted as follows .
The new application IS W,;ltt'l aga inst the clas ... Fmannai , but o 'cudcd at runt ime with OJ FmtH1CIaiAdapltr
object Setup code instantiates the Flt1tHlClfil obJcc t a'\ a FlllolicIfI1Adtlptr Insta n (' For example , the Ilcnt cou ld
be wflttt'n w ith a method parametenzing Fmatl cw/ , such a~ th c roll0,o,I,ng
It cou ld ,hen b~ exe~utl·d "",h ,he followIng s" rr p 'tatement th"",,llZe' ,h e opprop""c ,ciop,cr obIt: t
octlonListencr
ActlonLislener
Resull 0 1 bunon (!f§SS
MyBulton MyClass
addAClIOnUslenerO myMethodO
Mylistener
actionPerlormedO
~
lava arc adapters for the following reason. Suppose that we want myMrlhod() in MyOaS5 to execute
liSlClftr5
whenever myBllffotl is pressed.. T o do this , we introduce a class MyListrncr that implements thc ActionLslcncr
onterface . The class model is shown on Figure 17.42 .
The class MyLis lrtl cr IS the adapter class in thi s casco At runtime ....u: ca n insta nt ia te aclionLisltH" with an
Acllotlustcntr subcla ss in lance slich as MyListtncr, according to thc effect we require when the button is clicked.
nle code in Myl3ulto" rderenccs only Acliol1USlt1ltr, not any particular subcla s.
• Instead of aggrega ting RrquirrdClass on Figure 17.39, we could onherit from it, as long as the language allows
multIple inheritance. Thi s is shown in Figure 17.43 .
AbslractClsss
Cllen.
( requtredMethod():)
~ ' c m. , be .tlSfied to make Abslra 10alS an Interface If the language does not suppo rt multiple
,"hentJn c le g ,I.va)
• Adapter IS often usC' d when we reate an application U1\lng library c1as es. bu t where we want to retain the
lle.,ib,l, ty to >ck· t other "brary clas e< For ~xampl e . we n1lgln use Verlo, In a Java application to store a
oilcctlo n, but find that It I> ,omcwha t awkward for the purpo e In question. \'(Ic could rhen de Ig n and code
thc application so that It use. an Ideal class of ou r IIl ve nti o n to store a co ilec tl on (e g., AUlomobilts ,vith meth ods
SlonA IIIO() e tc,), Then we wo uld incorporate a n adapter to fit th iS to Vrrlor \'(Ihen a mo re " " table o ilrc tlo n
managemenr l as~ appears, we could then ea dy retarge t to it , nceding to change onl y rhe adap ter
• Rewrntng (0 the fina ncial example, lO preserve the opti on to retarge t a1 runtim e , we cou ld rela in
FuulHClalAdap'rr, but Int roduce a new Adaptu class FlllmlClnfAdaptrr2 , inheri ting (rom FU1anCIai Whenever
we want to targe t the application to the t(o nd lega )' SYCi lem , we wou ld execute th e applICatIOn Wit h the
following .
This seClio n describes the Interprete r a nd Observer d t's ign patterns as exa mpl es of particu lar behaVioral
design patterns.
Appl icati ons must somellmes deal wit h n:prcs5Io"S written Ir. J grommar. A comp lier, fo r example, must deal with
r xpressions wntt'c n in the grammar of a programming languJge. Compdcrs are th e: most common example,
but the,. arc many other needs for the interpretation of g rammars, The following X/l.tL, for example , IS an
expression, and the gram mar (ca ll ed a sci",,, • . no t exp liCi tl y g ive n here ) >pecii;e the permISSible form for the
XML used In thiS context.
•
«engl.neer > >
« nam e»
John Q . Doe
« /name»
«task»
Un iversal payroll Application
<<' /task > >
«task>.-
lnterglactic Web Site Analyzer
«/task>.-
<.-task»
"a CHAPTER 17 SORWARE DESIGN PAffiRNS
Our purpose is to desig n an interpreter for gra mma rs. In th e XML example, our Interpreter should ~
able to interpret the fo llowi n g expresSIO n as we ll .
•
«engineer»
«name»
Sue W. Smith
«/name»
«task»
Fr iendly Server Application
«/task»
«task»
Intergalactic Web Site Analyzer
«/task»
«/engineer»
There are two parts relating to the Interpreter desig n pattern : pars"'9 and inlcrprcting . Parsi ng is the
process of converting an input-usually a string-into a trce of objects consistent with rhc c lass model . In the
XML example, this would include picking o ut individual pieces suc h as the engineer's name. Interpreting
consis ts of performing useful functionality with the result of the parsing phase. The purpose and baSic
technique of Interpreter are summarized in Figure 17.44.
Once an expression has been parsed and represented usi ng the Inltrprder class model , clients interface with an
Ab.t,acIExprnsio. object that is the root of the parse tree. The client typica ll y ca lls an i."rprt'() method o n th is
Oesign Purpose
AbstractExpression
Client - - ------
inlerprel()
objecl. In the above XML example, suppo e that the twO express,o n formed by parsmg the twO 'nputs are
joh.Do,XML and "" ""IJ,XML Suppose that the appitca l10 n IS Intended to co nvert XML to conversano nal
pro e. When the client execute Johl1DorXA1L '"trrprd(). the fo llow m8 m' ght be output
En9'"W Joh" Q Dor IS ••o.king Oil th, joJJowI119 Ihm prowls, UI1 ..",,,J PnyroJJ AppJi "lrOl1. J"trrgnlaclle W,b
Sift A"alyzer. mid Finml ial ForcctJStcr.
The class model for the clien t/deSig n pattern Interface looks like F'gure 17.45
The Interpreter deSig n paltern has th e Rccurs l v~ (orm because ex pressIO ns can con tain fu rth er expressions.
The class model is showr. in Figure 17.46
AbstractExprcssJolI objects are ei th er TcrnliualExprrssioll objects, wh ich the Interpretation function IS
0 11
simple, or No" Tm"il1"IExprrssion o bjects The latter aggregate Ab, lrll IExprrsslon objects ,n turn The ,"I,rprrt()
/unctio n o n a NOl1Trfmm"IExprmiol1 objec t operate by perfo mllllg required work o n the object It elf. then
essentially commanding each of Its aggregated AhslraeIEx!)((ssiol1 objects to execute Its mlrrprrl() method. Th IS
has much in common wit h the dynam ic viewpOint of the Composite design pattern
The sequence diagram in F,gun: 17..17 cap rure s th e Intcrprctilt ion process.
As an example of In terpreter. consider an applicat ion that handles orders from customers fcr networked computer
systems, and genera tes installation ins[fuctlons Forcxali1ple,conslderthcorderrora network shown In Figure 17.48.
AbstractExpression 1..n
IClient ~- ------ Inlerprel()
:Client AbstractExpresslon
:NonterminalExpression NonterminalExpression
Interpretl)
...
.. create and
~ TerminalExpression
interpretO
..l.
It con<o<l< of a 700 ," ' hz system wi th 5 12 I\I~ of RAM connected to a system th at consi ts of the following twO
con nected co mpu tcrs
. - "'-;
.
ll,e ou'pu' prod<tced by the application wou ld be instructions to th e techmcian , d escribing how to
perfoml the a"cmbl y.
The ma", u<c case fo r this exa mpl e IS as fo llow All 110 is to th e console .
Figure 17.49 speciAes th e grammar for th e orders and hows typ,ca l inpu t.
The ord er exa mp le ,n Figure 17.49 is ,ndeed a legi tim ate expresSIo n in th e grammar speCIfied , as the
fo llOWing veri Ae .
{ component } { comp o ne nt } -
{{ compo ne nt } {compo ne nt} } { computer }-
{ { { compo nen t} {compo ne nt} } {computer }} { (cp u ram ) } ~
{ { {compute r } {computer }} { (cpu ram ) }} { (444 -1-1 ) }-
{ { { (cpu ram) } { (cpu ram ) }} { (333 33 ) }} { (44444 ) }->
( { { ( 11111 ) } { (22222 ) }}«33333) }}{ (44444 ) }
The output of the interpretati on process-instructio ns on how to assemble thi S ncf\.... o rklng ord er- are
as shown in Figures 17 .50, 17.5 1, and 17 .52 In this case, th e user se lected th e exa mple prov,ded by the
application.
Our Arst ta k is to parse the ,nput and create the corresponding set of aggregated objects. After that, t he
output is generated in respo nse to a clie nt ca ll ing aNr,workOrdtr.asscmblr(). ll,e metho d a"""blrO takes the
place of ,",crpr<'O in this example , The Inte rpret at, o n of a primi,i1lc e lement alone (e.g .• a CP U In the examp le ) 15
Please deSCribe a network on one line uSing th e follOWing grammar for 'component '
Blank paces arc ignored .
Pk.se de>eribe • network on one line USI08 the (olloWIOB grammar (or 'compone nt ' Blank paces arc
,gnorod. Inputs w,th sy nt.ctic error< will be ignored withou t comment.
Examp\c, ({{( 400 4 )){ (900 3)1) {(600 3»)) {(750 10») {{{ (400 4)11 (900 3) 11 1(600 3)11 {(750 10 »)
'* F,rst Part, Assemble a network, which we will name 'component 1', as (allows,
Assemble a network , which we will name 'cornponent2', from eit her one or two parts as follows ,
-
Assemble a network, which we will name 'component3', from either one or twO parts as follows ,
-
Build computer component3 , (rom th e (allowing parts,
CPU with specifications . .. . .' 400
and
si mple (see the CPU class 10 the listing). What remains is to execute an i"trrprrt() function when applied to a
morc compl(x expression.
Applying the Interpreter design pattern to the netwo rk order example, we obtain the class diagram
shown in Figure 17.53 .
For simplicity , we assume that every network consists of just two components , so that each SyS'tmr object
aggrogates two Compo"",t objects. This can be easily extended to mar< than two. The so~rce code for the
implementation is contained in the accompanying textbook Web site.
17.7.2 Observer
Softwaro roquiremenlS and design frequently involve a source of data, together with a number of chents that
must be updated whenever the data changes. As an example, suppos< that the headquarters of Internation.1
Hamburger Corporation maintains data on its s(rvcr abour hamburger ~11es throughout thc- count-ry
Distribur~d cli~nts for this data include Senior Management, Marketing, and Operations. The data c hange
SELECTED BEHAVIORAl DESIGN PATTERNS 4 23
A emble a network, wh ,ch we w,lI name 'compone nt 5', from c ,the r one or IwO pans a follows ,
~
Assemble a network , which we will name 'cornpo ne nl7', from eithcr o ne or two parts as follows·
continually , and each of headquarters' clients nee ds 10 updale li S dISpla y accord, ng to thelf various
requireme",s. Lei's say , for example , Ihat Stlllor IVlaIl"gcmclIl's bar c hart muS! be lIpdated afte r a 5 percent
change has takcn place, Il'tnrkclillg d, splays a new P'C c hart when a c hange of atieasl I percenl has rake n pia e ,
and OperatlollS reqUIres lables 10 be updaled when every c hange lake place .
~ Second part Now assem bl e a nClwo rk, which we will name 'compone nt S', as follows
Assemble a network, whIC h we wd l name 'com po ne nI9', from eilher one o r two parts a fo ll ows:
,
.2. CHAPTER 17 SOFTWARE DESIGN PATTERNS
-----------.....,
: 99[!1PQ'lltnl I 0 .. 1
Client r ------L--->
1 ____8ssemb/eO
- __ _ _ _ ~
Th~ Observer design pattern is imcndcd to address these rcquirern~ nts . Irs purposes and basic techn ique
arc summarized in Figure 17 .54 .
Suppose that the abstr.lct class Sour('( IS aware of {he data source. Whenever a client want'S all observers to
,ake notice (Iypically, of a c han ge in Ihe data ), il ca lls a de sig naled melhod of So.rer . In Ihe modd below,
Ih,s mClhod is named "OlifyO. The c hen, IS sh,elded from Ihe manncr in which Observer ca,,-ies oul thos
process.
The partic in the Ob!'crver design pattern requiring updating arc known as observers, and arc subclasses of a
single abstract class, which we will call Ob5<tVrr. Thi pallern is in the Delegation form SInce SO.'IC delegalcs
thc updaling process to Ihe Obsrrvt, objects. The pattern os show n in Figure 17 .55 .
Design Purpose
FIgure 17.54 The design purpose and summary of the Obselver pattern
..
ConcreleObserver
ConcreteSource
observerS tate
state
updateO
3 r -1: ..J
Step I The lie n'! references a known '"terface object, requesti ng that the observer, be no tified For
example, the client could be a process programmed to no ll ee that the data ha changed , or It could
be a c1oek·dri ven ta k In the model , this is shown as a (1,<11/ object telling the SOllrer object to
execute Its lIolify() functio n.
Step 2 The IIoli/Y() meth od calls the II pdn l' () func tion o n eac h of Ohscro" object that It agg regate,
Step 3 The Impl e me nta ll on of II pda l' O depends o n th e part icular (ollerrl,Ohs",'" to which It belongs
Usually, updnl'O compares the (ollere/,Oh,,,,·,, o bjec t's sta te (variabl e va lues ) wlfh that of the
cen tral dat a ouree on the serve r, then deCides whether or not to change It S va nable va lue,>
accordlOgl y It probably perform ot he r actions uch a erea lln g a new dlSpla
1ne class model tells u that evel)' Ohscro" reference, a object. In fact , the 'ollIT",Ob,,",,, Will
011 "
reference the oncrt !tSOufet obj e 1 at nm tl me H ow do the COllnclcObcn'(r objects kn ow to reference the
Conc rete ou rce object] \"lIe could pas a reference to It 10 the parameters 01 IIpdnl'(), ", IS do ne In the Java PI
(sec Section 1772 .5).
SenlorManagement
forecast
Headquarters update() Marketing
demand marketinaOemand
/ updale()
If( abs( hq.demand - marketlngDemand) > 0.01 ) doDisplay()
•
( marketing Demand = hq.getDemandO;
doDisptayO;
)
we will make the change to Awesome Inc.'s stock by hand. The application will then display the resulting
changes in the mutual funds canying Awesome stock. We will use the OhsrrvtrlOhsrrvahlt java API to cany out
this d~sig n and implc:mentation .
The main usc case is as follows ;
I. The application reports the status of mutual funds that invest in Awesome Inc.
2. 1. The application prompts the user to supply a price for Awesome stock.
2. 3. The application reports the status of mutua) funds that invest in Awesome Inc.
Many of the design panerns discussed in this book are present in the java API. However, one recognizes them
by their form rather than by ~ame. Observer is one of the few pattems explicitly called alit by name in the
java API. The java API Ohstnltt class model is shown in Figure 17.59.
The java API uses virtually the same terms as Gamma ct al. Notice that "pJa/t( . ) is a callback
method in the sense that it provides Ohstrvtr objects a reference to its source, thereby enabhng them to
compare their data and so on with the OhSlrvahl, object in executing "pJa/t(j . Because update is
implcmc:ntcd as a callback, there is this no need for concrete Obsrrvtr classes to maintain rdcrenc('S
to the ObsfflJQblt object.
SELECTED BEHAVIORAl DESIGN PAIIERNS ~7
otc, HGrowt hMulualFund qarts w"h 3 sharcs of Awesome, assumes price of 1.0, and has non-Awesome
holdings totalling 4000
'ote· kdGrowthMutualFund ,tarts wi th 2 hares of Awesome, assumes price of 1.0, and has non·
Awesome holdings totalling 300.0
NOle, LoGrowthMut\JalFund lart with I share of Awesome, assumes price of 1.0, and has non -Awesome
holdlnb'S totalling 200.0
---- ---------------1
I I
r---::-:- r- ----------------,
Observable I Observer I
notifyObservers() >-- I updste( Observable, Object ) :
~-------~---- ----
I
I
Mutua/Fund I
I
value I
I
numAw8someShar8S I
I
I
LongTermMutualFund
Awesomelnc
Client ------
price MediumTormMutualFund
HIGrowthMulualFund
Key-
IJava API CI8ssi ....
IOovelOPO' Cta.ss I updatel ... )
MyConcreleObserver
MyObservable observerS late
subjecl updale( .. ,)
• Observer also goes by the widely used name of "Model -View-ContToller" (MVC ), altho ug h there arc slight
differences in emphaSIS. The "Model" in MVC is the So ure, in Figu,e 17.55 (the Obsrrvabl, in the Java API ).
The 'Views" are the Ob,nv" o bjects, an d th e "Control " is client and possibly setup code. MVC emphasizes
the fact that the mo del is data and the views are C Uls, whereas Observer is conceived wi th broader
applica tion
• Observer aflows the additio n and removal of observers without d.sruptin g existi ng observer code. Only the
loop In Obsrrvabl,.nol1jy() must be augmented. Some times th e process of adding and removi ng o bservers is
co nside red part of the panern (rather than being a "setup" function ).
• Observer may be di sadvantageous if very few of the observers need to rcact to changes (in w hich case the
numerous nmi Rcatio ns waste resources).
• Obscrotr is di sa dvantageous when update is morc naturall y implemented ce ntrall y , or w hen update policies
among observers have very little in commun .
• Obsrrvrr ca n't work if the observable cannot have a reference to all of the observers For example, we would
not usc it in a clien t/server situation unless we were wi ll ing for the server to maintain references to all
clients.
• In general, having the observers update themselves (as opposed to eXlerna l sohware perfo nm ing it) .s good
o bject· o riented design because it keeps related fu nctionali ty together.
17.7.3 State
Many co ntemporary applications are "covent -driven," A word processor, (or exa mple, waits (or the use r to click
on an Icon or menu item, and o nly then reacts . Evc:nt·driven applicatio ns are often de igncd as STate-transi tion
systems. When a system behave by essentially transitioning among a set ofslalts , the State des.gn pattern can
be helpful. For exampl e. we can descriix the Encounter vi deo game at runt ime in term s of the state it is IO- i t
could transition among the StltH1g .up , WailiJ19 . StttiHg-<haraclcnSlic:s. and hnrnctrrs~j"tcrQCfi"g sta te . among
others. A desig n should capture th is behavior eff<ctivciy. As the ga me becomes better deAned, the design
SELECTED BEHAVIORAL DESIGN PATIERNS 429
Design Purpose
Cau<e an ob)c t to behave ,n a
manner determined by IlS state
hould al 0 be capab le of gracefull y absorbI ng new Slate and actIon handltng without dt<rupllng the e"Sllng
desig n. F,gure 1760 sum manzes the purpose and basic techn ique of the tate design pallern
To use the State pattern , the lient imply makes a call o n a spe iRc method of a specik object The cl,ent"
sh,elded from the various possible dfects of ca ll ing the method, whICh depend o n the object's <tatc.
In general terms, suppose that we want to use a method doR rq"rsl() of an object 'arg" of class Ta'9" , whcre
doR,qursl() can behave in different ways, according to la,g<l's state at the time of the ca ll . Th ,s IS solved by
introdUCing a class, which we ", til ca ll TaryrlSlalr , and givtng Targrl an all"butt (we'll call,tlary,1 lair ) of type
TO'9r1Slalr We ensure that I<Ir9,ISlo l, properly represe nt the Targ,' object 's current state at all limes ThIs IS
ensured by I<Ir9rlSl<lIr berng an objec t of the appropnate Tar9,ISlalr subclass FIgure 17.6 1 hows tillS. ote that
the State design partern is In the Dr/rgaltoll form .
The method doRcqursl()ca lis lar9rISlalr.lu",dlrRrq""I(), so the ca ll to doRrqlu,l() is tran<bt ed by thc vlnual
funct io n property IntO the parercu lar vcrsio n of /'a "dlrRrq",,'() approp riate to the Slate o f ""grl The elre llt docs
not need to know the sta te of Inrgrl . The fu ll cia s mode l is shown In F,gure 1762
The Encounter VIdeo game ca n typIcally be In a variety of sta tc, When you Slart to play the game, you rna
have the o pportunity to sct yOllr characte ri stl s (" elllng Up" Slate ) When yo u ate III the mId" of lI11l'ra ting
WIth othe r characters, your state IS dl lferent ("Engag In g" <tatc , perhaps ). It I rcasonable to t' pect that you
can't cha nge you r charactcn t l S In the mI dst of an engage ment because th e game would no t he mu h fU ll to
{ largetSlate handleRequeslO; }
Chenl
I /'
, ; / Tarqe tState
Target lorgetStalc
•dcRequeslO 1 handleRequosf{)
( l argel51al e,handleRequoslO: )
CHent
I
T Targ et l.rgeI518le TsroelSlate
•daRcqueslO ,
handleRequesrll
1
71
TargelSlaleA TargelSlaleB
• • • • • •
handleRequeslO handleRcqueslO
Figure 17.62 The Siale design pattern: doRequestO behaves according to the state of Target
play In tha·t case . If the ga me tnterface had the appearance in Figu re 17.63 , the dfect of pressing the ScI
Omractcn sl/cs button would depend on th e state or the game at the time .
Figure 1764 shows how the Statc design pattem can be used to handle the states and actions of Encounter
The cia s MyGame has an attribute called , laic of type MyGmncSlalt The type of the , Ialt o bject (I.e .,
" 'hich subclass of '"lyGamtSla le It belongs to ) delCrmines what happe ns whe n stlo,araCltri, It C5(J is called o n a
MyGamt obJect ,
The code for st lo,aracltnslt«(J In MyGamt passes contro l to Ihe handltCfick() function of slalt. Each
subclass of MyGarntSlalt Im plements l,andleCfick(J in its o,,,n manne r. For example , if MyGame is in Wailing state,
then the effect of clicking o n the "Sct C haracteristics" huna n is that a wi ndow appears thro ug h which the
playe r ca n change hiS charactenst lcs . O n the o ther hand, if MyCa,"c is in ScltmgQutlilhcS state , then nothing
happens because the user IS alread y s elling his characteri stics.
Set Characteristics
MyGame stale I~
setCharacteristicsO _ handleClickO
•
t
stato.handieCIlckO.
I
Figure 17.64 The State design pattern applied to the Encounter role-plaYing game
• The State design pattern is particularly beneficial when new states are likely to be needed In the hltu re.
• State does not hand le the question of how to set up the sUCCesSIve state (if required ) once ha"d',E"",tO has
been perfonned. Although State doc no t hand le the tranSition funcllon , it can be a useful fnmework In
wh ich to implement transi tion . For example , halld',E""" O ca n contain code that swaps In the new Slate A
possible companion to ('he State deSign pancrn IS a state-transitIOn table whose entries indicate \~hal new
state the object tranSitions into for each "current s tale~vent occurrence" pair
• Whetheror not the State de ig n pattern IS applied, tate -onented arc hlte tures have been used with success
for many applications (see, for example, the work of Sh laer and Mell or (2 )) Real-time apphca tions lend to
benefit especially from the sta te architecture because they often rely o n a sratc/event perspective
As the exa mpl es of deSign patterns above Iliu trate , they occur ," a ),mlted number of forms We could >a y
that there are patterns to the design patterns meta patterns. If yo u like . Mo,t deSign pallern are based on
the dcltgahoH or ftcursiotl forms , as descnbed In thIS secti on.
ConSider a ta,k that needs do,"~ , the o bjec t thai initiates it , and an object thai doc< the actua l ",ork 0" '91111°"
IS a proc"", by which the Initi ator emp loy, a th"d obJc tto get the work done by the doer. An example from
re.llife IS the usc of a rcalLor In whic h th e . c ller (the InllialDr) wants to cllto a buyer (the doer, In thiS a<e)
To ach ieve nex,bd,ty, the KltchenV,ewer dC<lgn rep lace dlfcct code ,1Ich a,
Client
cllentFunctionO - - - - - - - - - - - - ~ IntermedlaryFunctionO
" I
" I
,X !
,, I
I
I
replace I
" , -!t
." requlredFuncllonO
11,e Abstract Factory design pattern replaces several dircci m<lhod ca ll s (constructor calls, actually )
with delegated calls to se parate methods, which ca ll the desired me lhods in turn. The basic idea of delegation
is shown In Figure 17.65
A common way in which design patterns put delegation into practice is through a clas~ that delegates
functi onali ty to the methods of an abstract class. When we apply Abst rac t Factory in Figure 17.7, fo r example,
the work of crea ting a Wal/Cahi"" object is de legated to the methods of a KilchrnSIyI, object.
A common lorm of Delegation is illustrated in Figure 17.66 . where an abstract class is aggregated and
acts as a base class for severa l concrete subclasses.
The client calls the method ml,rjacrM"bod() of the interface class OP/"',rjacr. In turn, inltrjacrM"hod()
delegates the reqUired fu nctionality to its aggregated Oorr&" object, do,rObjrcl. The functiona lity is carried
out by having dorrObjecl execute a method that we have named do/l( ). At runtime do,rObjrct is an object of
either the class Co"" ",OO''' , Co"crtItOom , and so o n. Since the effect of do/t() depends on runtime cond itions,
so docs the effect of i"l,rjaccM,'hod(J. The class OP/III,rjfl" thus has the followi ng fonm .
class DPlnterface
( DoerBase doerObject;
• • • • •
public void interfaceMethod ()
{ doerObject . dolt ();
}
}
DESIGN PA ITERN FORMS: DELEGA liON AND RECURSION 433
I
Client ... inte~aceMethod( ... )
I ! ( ... doerObject.doltO ... ~ ,
I - .,
I
I
I
I
r.-~ DPlnteriace doerObject DoerBase
IntertaceMethodO dol/O
DelegatIon . Implemented using ,he virtual functio n property. is the most common form of deSIgn
patterns . Another common form is Recursion : the usc of slnK,u res '0 cffcctl\·ely reference ,hcmselve,
Several deSIgn patterns require re ursion- In o,her words, part of ,he pattern essen tially uses I,self For
example, recurSIon is useful for represe ntIng a linked list of objects ir. wh, h each objec, of a cia> agg rega ,e
another o bjec, of the ame class. Anot her examp le IS construc'ing a graphical user In,erface tha, al low> fo r
Windows within Windows withIn windows . . and so o n. In lhl'> case, the \\'mdoIP object aggregates itself
In a recur Ive patte rn fo rm , a duallnhcrnancc-aggrcgal1 o n relario nshlp eXists between 3 base class and a
5t:Jbclass. as shown In F, gure 1767 No,ice tha, the Recur<lve form U$e, the DelegatIon form-In tI", case, the
deleganon doubles back o n Itself
From the dynamI C VIeWpOint , in a RecursIve form ,he ct.en, ca lls a me' hod of the Intedace, which we'll
name doOptration () If the object actually belongs to ,he subclass Rcn",,,,r IllS! , ,hen execut"' g li S doOprrahon ()
Involves the o bjec t(s) of aggrrgalt T hese objec" may once aga ", ca ll doOprmholl(), and so on
Let's take as an cxample ,he case where RccII,""on/3asr ",he la> Employer , doOprrallollO " ,he me,hod
pnnrOrgan'ZIlhonO, and Rrcurs,"cC/ass i< the class SII pm",or The Idea " to produ c a prin,out f all ,hc
~mployecs of an o rga nIZatI on The d a« model IS shown In F,gure 17 68
The method pnnrOrganlZllr.onO In SuprnJlSor would be prowammed '0
nrst pnnt ,he <upelVI< r' name,
Ih~ n u il the p"n rOrganlzarlonO method In each of the Employer o bject< III S"prrvlSccs For Employ" obJects of the
dass i.J,.,dualronr"huror, the m<·,hod p""rOrganlZnr.oll() prln'< only ,he name 01 ,ha, empl oyee For Employer
objects o f the clil~'" up,rVl sor. prltl l () rgaH IZtl ll otfO pnnt) th a l ) lIpcrvl,or's n a m~ Jnd the pnntln g pro (' '\ rcpt"ill'
re ur!lo lveiy Thl~ rccur'iIVC pr(lce~) eve ntuall y print all or th t: nJmcs The c1J" uprn11,or Ihl! ha, the:
fQlJ owlng form
434 CHAPTER 17 SOFlWARE DESIGN PAmRNS
RecurslonBase
Client - - - - - ;> doo".,. r'on(j
t:;>
NonrecursiveClass
doOpe,atlon(j
RecursiveClass
doO".,.tlonq
p aggrega.e
I
. void doOperation( ... ) I
II ... aggrega •• ... }
: - y
Employee
IClient fu_u p,lnro,ganIZlltlon(j
Gid •
pnntOrganlzation( ... )
I
... supervisees.printOrganizationO ...
J
~. _____________________~t~>~'
Figure 17.68 The Recursion design pattern lonn applied to an organizational chart
{ • • •
supervisees.printOrganization(); • • •
}
}
17.9 SUMMARY
This chapter I ntrodu cd design pattern", which are used to ~atlsfy recurring de IS" purposes A df.:slgn partcm ,'\
a g-roup of cia ~c ( th e sIalic VleWpOll1t ) that tnteraClll1 a recognizable ..... ay (the d)'lwmlC V ICWPOlnt ) Typically. a
desIgn pattern consists of an abstracl level of clas<es and a nonabSlraCl ("concrete") levd Three roles ( et of
codd a", involved In the u<e of de Ign paltern<, lhe appl'<ntioll of the deSIgn pattern Itself. lhe code thal uscs It
(the e1,"'t role). and the code lhat ini tialIZes or changes the deSIgn pattern apphcatlOn (the " tu p role)
Most design patterns usc dtltgatioll . In whIch calls to an Interface method arc handed of( to another
method to facditate vanation at rtJmin"lc everal deSign patterns also u c a (orm o( ,tClm/OfI , In whl h a class
rderences either Itself or a base class from which it inherits
DeSign patterns can be rOllghly c1as ,ned as (7w llonal , sfru 11m,', o r btb,wlora'- Crw I/orlllI patterns create
nonrnvlal object ensembles In a manner determll1ed at runtime. Structural pancrns are used to represent
collectIons of objects. Bd,.",oral patterns deal AeXlbl y with behaVI or among a ot of objects
This chapter descri bed the following crealio na l design patterns by ,yay of example The S,n gleton
pattern i used to enforce classes with o nly a SIngle in tance. The Abstract Factory pattern IS used when an
interreiated family of classes is required but in a vanety of "styles " A "style" In thi< sense IS a haraCtenSllc
appli~ablc to every object in the family .
The follOWing behaVioral dcc;;i gn patterns WCft" discussed . Facade IS a way to treal a group of c1a ss~s JI:; a
unit. by provIding ItS functionality only through a slOglc object Adapter IS a way to SWItch u er obJe t ty pes
of given functionalIty at runtime
The chapter al<o dl cussed the followlOg structural de Ign patterns Interpreter" used when the
situation IS VIewed a the exe utlon of a language speciall y designed for the appJ.catlon Ob,erver" used for
deSigns thai I:;eparate control from presematlon and data tal C II:; used to deSign Clpphcation pilrt" bel:;t th ought
of term of a SCt of stales
In
These points are summa rized In Figure 17.69. The reader i referred to Fowler (3) and VIl<sldes (4] [or
further exploratIons of dC<lgn patterns.
• DC'Slgn Pattern s are recurring designs sat lsfy mg rc urnng dec;;lgn purposes:
• Des<:nbed by Static and DynamiC Viewpoints
• TypIca lly cias, models and <quell e d,agram, . re'peLllvcly
• Use of a pallern app hea llon 1< a lient Role
• heot Interface cardully Lontrollcd
• "S<:tup: tYPIc..ally Inltlahzatlon , a separate role
• Dc"gn pattern rorm~ u,ually Delegation or Re ur<lon
• Oas.. r.·d.s rcalional, trucllIra l, o r Behavioral
17.10 EXERCISES
I. Which of the following arc applications of deSign pallerns) Exp lain your conclusio ns.
(a) An obJect,orlenta ted design
(b ) The ab ili ty 10 vary the order 10 whi ch a pn,,'O method IS app lied to the ciemen ts of a Veelor
(c) Varying the order 10 which a method is applied to the clements of a collection of objects by
introduclOg a ciass who e methods IOciude a method like go ToNtxIEl""ml()
(d ) Cap turing the mutual beha Vior of a pair of objects o f twO classes
(e) Capturi ng the mutual behaVior of a pair o f objects of twO classes by introducing a third class
aggregating the two clas es
2. Char.lctcnzc the fo llowing design purpose as , ,(aIlOMl, structllral, or btlJovioral. Explain your
conclusion clearly.
We must build an application with 15 different screens involvlOg va ri ous combina tio ns of 6
us., interface contro ls (e.g .. list boxes) arranged in a si mple grid Pe rfo rm ing a mouse ac tion o r text
e nt ry o n a co ntro l (e.g .. a butto n) in a screen affects other controls o n the same scree n. In all o ther
respects the screens are not related and are not si milar in appearance. The compOSition of th ese
screens is very unlikely to change .
3. Characterize the fo llowing design purpose as erralronal , structural, or bthavioml. Explain your
conclusion clearl y
We must build a hum.m resources application dealing with the management structure at a
large co mpany . We nee d to represent the organ ization chart withi n the applicati o n.
4 . Cha ra cterize the follOWing design purpose as ertel tional , structu ral , or bthapioral. Explain your
cone/uSion clea rl y.
We must build an application that allows users to build and change their stock portfolio with a
various ki nds of mutual fund picks from specified subcategories. The mutual fund categories ar<
ttchPlology , old mdustrits , utilities , rtal (stal(, and mining . The application allows users to pICk categories. It
then milkes portfolio recommendations depending o n the user's choice. For eXilmple, the user can
ask fo r a low· risk portfolio of utilities and mining Slocks. and the application describes its
recommendat ions within these constra ints.
6. The following figure shows the Obstro" desig n pattern class model. Group the classes to
show ab,tract and co"crete levels. Group the classes to show the three ,oles descTibed in this
chapter.
7. (a) What two design pattern form. are mentioned 10 th is chapteo
BIBUOGRAPHY 43 7
(b ) ~ h,ch of the ".0 fomls IS more lIkely '0 u'c virtual functions ) Explain your answer Jnd gIve
In example
(c ) Wh,ch of ,he two form IS a I",krd I'si of obJtCIS Ioke1y '0 be) Explain your an wer
(d ) Wh,ch of the two forms IS the Observer pallern In Exercise 61
S. Re ('arch the Java wing soflwarc ar hltcclUre, such as Java wmg, and descnbe In a few
paragraphs how It make usc of the Observer pallern Draw a cla<s dIagram a part of your an<wcr
9 Research the Java EE p ia, form and desenbe In a few paragraph, how i, makes usc of ,he Facade
de Ign pattern Draw J clas<: diagra m as part o( your solullon
BIBLIOGRAPHY
1 c'mma Ench. Richard Helm . Ralph }ohn ..on and John VI''iSl dcc; D(~I!1" PQlftnt ~. El('lllmh of Rrw.wbft Ob}tcl.OnnlkJ 50//11',1'1 dd"on .
Wc .. lcy. 199
'2 Shlaer, Sally. and tcphcn Melio r "Ohle, Lfrrydn /\loJrlIl19 1M World.,\ lollI'S, You m o n Pr~ ~ 199 1
3 Foy,·lcr, l\'brtln Pull"" H(mhl"9 f)MI9" Pallen" AppJltJ " Acid ..:;on '«'c"lcy I?'J$
of VIISS,dc-s, John ~' . MPOII(n.~ of E"'crpnSt AI'P',collon J\rrhl lrdlm " Addlf;on· \,(/c 'iIc)' 2002
Software Architecture
Figure 18.1 The context and learning goals for this chapter
Th IS p.rt of the book , oncern ed with desig n, began by dcscnbing design go.ls and principles and then
described patterns of design that reCur th roughout. This chapte r describes d<sig n at the high leve l, and the
chapter that foll ows at the detailed level.
A sofl wtlrt archlfcch~ rt descnbes the overa ll compo nents of an apP'!ic,Hi on and how they relate 10 each
oth er. Its design go. Is, as discussed," C hapter 15, include suffiCIency , understandabil Ity , modularity, hlSh
cohesion, low coupl ing, robustness, fl exibi l, ty, reusability , err,clency, and reliability. For a give n softwa",
SOFlWARE ARCHITECTURE ALTERNATIVES AND THEIR CLASS MODELS 439
devel opment project, lhere may be several possible app ropna te architectures, and elecllng one depends
upon [he goals that ont wants to emphasize.
Flexibility , to choo c one of these qualities, is a key goal of many archilectures-the ability to
accommodate new features. This uc;uall y Invo lves Inrro duClng abstraction Into the praces For C"xample , we
mIght want the architecture for the Encounter Video game case study to support not Just thIS partICular ga me ,
but any role. plaYi ng video game
Attaoning one de irable deSIgn property ma y entail a trade ·off agaonst others For example , a de Igner
who uses abstlactions to obtaon a fleXIble architecture may make" harder lO understand
Shaw and Garlan [ 1] have claSSIfied software arch"ectures 111 a u cful manner Theor cia Slficallon, somewhat
adapted here, is shown in Figure J 82 . Section 18.3 explaons these ",ch"ectu res There IS a WIde variety of
problems requinng software solutions, and lhere is a wide va ri ety of archItectures needed to deal with them
In most cases, the architecture is unique to ,he problem Sometimes, o ne of the a rch itec lures Identi fied by
Shaw and Garlan matc hes the problem, in many cases they si mpl y proVIde Ideas o n whIch to base the
architecrure. This is Similar to arch itecture in hOUSl' construction, In which claSSIcal and standa rd Ideas
prOVide inspiration for great architecture but arc nor c;imply copied
The softwa re archItect develops a mental model of how th e application I meant to \ o rk, often with nve
to seven components The JrChlltCl '., mental model depends on the app li ca ti o n In qUl:.'!)l\on . of COll r~ e , but
may benent from architecture< that o ther ha ve de veloped In th e p. t, JU<!" a ,u>pcn" on brodge de>!gn
benents from the study of preVIously budl suspe ns Io n brodges . ThIS section e laborate< o n the arch ll ec·
IUr<S claSSIfIed by h aw and Garlan They calegonze architec tures as dota flow , ondependent compo ·
ncnb, vlrrua l machlne'l , repository archItectures. and layered aT h,lcclllrcli. Figure: 1 2 summanz.e'" th('~e
and 'heor subcate!!orocs, and the re~t of thl sec ti on cxp l"n< th e m It also add , serv l e · oroc nled
architectures.
Some applIcatIons are best VIewed a, data Oc,wlng among proce'Slng unlt< DOll 1I0w dl.!;"m, (I 1'0<)
IIiUstralC 5uch VI('WS Ea h pro csson~ unit of th e OFf') " de,,!<ned Independently of the oll1el ' Data
440 CHAPT£R 18 SOFTWARE ARCHITECTURE
member
Gel Gel
banks User Inquiry
deposil
J".
no"'" tlccounl no
act:ovnt no.
and doposlt
Validale Validate
deposil Inquiry
aca>unl no.
Display Make
scoounl no. account Inquiry
Printer
'''''depoSIt
tJccount balana>
dDra query
Do Create
deposit doposll S=><PII account
transactlon trat'lSBction - .. account_ dols summary
dalabase
emanates (rom sources , such as the uscr, and eve ntually flows back to uscrs, o r into sinks such as account
data bases. The c le ments of the DFD no tation were explained i n C hapter 16 . A banking application is
sh own in Figu re I S.3.
Data Row from the user to a "Get deposit" process, which se nds the account number and the deposi t
amount to a procc,ss designed to check th ese data for consistency . If they arc consistent, the data may be sent
to a process that crcates a tran sac tion , and so on. DFD s can be nested . For example. the "Create inquiry
tran sac tion" ca n itself be decomposed Into a morc detailed data flow diagram .
The functions of a data Row d iagra m may reside on morC than one physical platfo rm . Figure IS .4 shows
one possible allocation.
ATM
Get deposit
o Get Inquiry
Display account
Consortium
server Bank
server
Make Inquiry
Do deposit transactIon
Create account summary
Validate deposll
Valldale inquiry
One kind of data Ilow ar hltceturc. <hown In Figure 185 , IS referred to as the plpcalldjiltcr.rehlteerure In thl<
kind the processing elements ("fi lter,") accept streams as Input (sequences of a untform dara element) at any
time, and produce output , tream . Each filter must be deSIgned to be Independent of the other filter The
archItectural feature in FIgure IS 5 I< Implemented by UNIX pIpes, for exampl e
Pipe and Ill e r architecture" ha ve the advantage of mo dlilant y An exa mple IS shown In Fi gure 18 6 .
In It the applI ca ti o n malntaln ~ ac Qunt> as tran saC ti o n, arrive at rand o m l1nH;S from co mmu nica ti o n
lines The arc hitec ture Includes;) lCP for logg in g lran,a C ll on~ In case of system fa ilure The Withdraw
function would ha ve withdrawal Input su h as Jo lmDotAc olUltNum 11 J OAmOUPlt$3S00 00 , or Just Jobn.
DoCf 2J 45 SJ 500 oo'-that IS, a character stream and bank address input such a< llallkNu"'9876 The
proce ing elem ent , hown in ellipses. wai t untd alf o f the reqUIred Input has arnved before performin g
their op"ratl o n
stream>
filler
hlter
filte r filter IiIter
pipe
filter
< stream
FIgure 18.6 Example of a plpe·and·fllter architecture, to mai ntain Wired fInancial transaction
442 CHAPTER 18 SOFTWARE ARCHITECTURE
Transaction
analyzeO
recordO
l..n Account
w~hdrawO
Bank r depositO
Figure 18.7 Obtaining a ctass model from a data flow architecture bank account example
There is no absolutel y uniform way to map data fl ow diagrams (DFDs) on to class models, however,
functi o nal units of the DFD can frequently map directl y o nt o methods of classes, as shown in Figure 18.7.
n,e Incrl!asing usc of distributed computing is acccieratlng the applicatio n of stream · onented
computing because rem o te function ca lling is often implemented by convening the call to a stream of
characters . nlls IS do ne in Web services, for example. These use seria lization, which converts objects to XML
charactersITeams. ln additio n, l/O is often implemented u ing streams, and performing 1/0 in a language such
as Java often amounts to a Rltering process of the kind we have discussed .
In the special case where the processing clements arc only given batches of data , the result is a blilch s<qu",IIa'
foml of data flow As an example, consider a banking application that computes the amount of money
available for mortgage loans (secured by properties) and the amount a~ailable for unsecured loans. A data flow
diagram (DFD) is suggested by Figure t8 .8.
n,is DFD is batch seq uential because the functions arc executed using ail of the input data of a given
run, taken together. For example , we collect the funds available for mortgage loa ns by uSlllg all of the account
data . Th is is In contrast with the tr.msaction example In Figure 18.6, in which there arC" many nvirtually
continuous" transac't lons, each using selected data from thClf sources.
Figure t 8.9 shows one mapping into a class model in which the functions of the data flow are realized as
methods of the &H. class. The "batches" of processing arc executed by running the relevant methods of th is dass.
Figure 18.8 Example of a batch-sequential data flow architecture creating a mortgage pool
r o
--- -- -- -------- -----
: Accounts package : : Bank package :
.-.----.-
• ... -.. -.------ - ----- - --------------~,, :.-.--. -- - .------------------~
,,• ;: Bank :
•
•
,•
Customer LA_c_c_o_u_n_t --:-
: ---!: getMtgPOOIO :
•· : : getUnsecurePoolO :
.... ----.----.-.- .. ~--.------.-.------.---- .. , -
' _.. ----_.------- -.--...
_.. _.',
Figure 18.9 Class madeller batch sequential data now--<reatlng a mortgage pool example
SOF1WARE ARCHITECTURE ALTERNATIVES AND THEIR ClASS MODELS 443
For dcca dt" • data flow has been the: mos t CO rnm o n way of cxpr~~sl n g architectures, and It IS bou nd to
be u~c:ful (or some lime to come EnSlAccrs nawrnlly think ol data Oowlng, from one prace Si ng "statio n" to
th~ n ~x t and of proce<slng taking place at ca h ta t Ion . The disadvantage of data fl ow d,agrams include
the fact that they do not map very cleanly to code , whether obje t .onented or no t An excep lt on to thIS
appites to specIfic data flow language, (,ome beIng actuall y graph ,c In nature ). wh Ich arc butlt around the
very co ncept of data ilow We WIll use the data flow mo del once again when we dISCUSS detatled deSIgn In
C hapter 19
The i"Jcpmdnll compOHfll ts arch ,tecture consl IS of componen ts operatIng In parallt:1 (at least in prul Clplc )
and commUnicating wit h each ot her from time to time An obVIOUS Instance of thiS can be found on the
World W,de W eb. where milli on, of servers a nd browsers operate conttnuou Iy In para ll el and penod ,cally
communicate with each other.
·Components" arc portIons of software th at do no t change and that do not rcqutre kn owledge of the
software usi ng them . IT assemblies and JavaBca ns are example component technologIes omponents
sati fy gui de l",es aImed at maktng them self·conta lned. They use other components by aggregatton, and
generally Interact wi th other components throug h {'vents
The case studies tnclude a d,scussion of the Eclipse project. Ecl ,pse IS a development platform deSIgned
to accomm odJtc plllg-IIIS Th ese arc independent component that can be created by developers fo r vanou~
purposes. and added to the platform wit hout affec ttn g exi ting functio naitty
In a df(nt-S(rv(r architecture, the server componc nt serves th e needs of the chcnt upon rcque~t Clie nt -
server r~ latl o n s h ips have the advantage of low coupitng between the parti CIpating compone nt s. When
morc than o ne person perfo rm s Implem entatI on It is natural to parcel out a package of clas es to each
developer o r g ro up of deve lopers , and deve lo pers ty pica ll y req UIre the services of classes for wh ,ch ot hers
are res po nsib le In other words , de ve lope r;' packages arc o r. e n re lated as citent and ,erver The prob lem
IS that these service arc typica ll y in va ri ed sla tes of rC3dln es 3'> the app lica ti on I - In the process of
being built .
A server componen t acts morc eHcclIve ly when its Interface IS narrow - arrow" m(,.-a ns that the
mterface (essentially a colle tlOn of fun tion, ) co nta ins only neCCSs.1ry part>. IS coll ected ,n one pia e. and"
clea rl y defined As exp laIned 10 hapte r 17. th,· Facade deSIg n pattem es tabl"hes Ju<t ,uch an Interface to a
packa!!e of clas os Facade regulates communIcat Io n WIth th e objec ts 10 Its package by exposIng o nl y one
object of the package to code USIng the package , hIdIng all of the ot her c1a<ses
hent.server architectures were a steady feature of the 1980, and 1990s !vIa" of them replaced
malnfram terminal arch Itectures Olcnt/'>crver an. h,ttcturcs have c;ub ...equent l>, bee mc more ;,ophl heated
J
and more va ned orne arc now de~igncd as three· tlcf arch lt ecture~ Instl'ad of the ongmal two tlC~ (chent
and server) Tht third tl c r it t< betwee n the c1 ,cn l and the erver, prov Id,ng, Itsehtl level of II1d,rc tlon A
C()mmon allocalton of (unction IS to de Ign the C UI fo r thc cl ,e nt , the database management, 'tem . or
procedure management for the mIdd le layer. and »sorted app l,c, tlo n prosra ms a ncllor the dataha,e Iheli lor
the thtrd la ye r The mIddl e la ye r ca n he a com mo n data "bitS" that br kef< commltnt a lto n ItcrnJtlwlv
the mIddle layer can operate vIa a \l.nliard ",eh a, M ,cro,oft', ET . " (IIIMIt! FInall y the World ~ Ide \'(Ieb
Un be: onlJldcred a bre d of ellcn ... rrver ar hnc(. turc In whl h "one- wrvrr/tcn ... of <..ht.""n l," .'> ft'plJ.ccd hy un
krver/mdl,oo> of iten" ·
U. CHAPTER 18 SOFTWARE ARCHITECTURE
Ano ther type of "Illdepe ndent o mpo nent" arch itecture idc ntlAed by Shaw anel Ca rl an" named pa,alle'
(OmnHOllcnf"'9 processc . TIlls archilc lUre I characterized by scvcr;\ 1prace C". or threads. execut ing at the ~amt
tIme. In h,s classIC book [2l. D'Jk,tra showed that co nceivIng a process suc h as the combIna tion of parallel
parts can actuall y SImplify deSIg ns. An example of this is a SImul ation of customers In a bank Trad,t,onally,
man y such simulati o ns were deSIgned withou t paral1eh m by sto ring and handlIng the events Involved . Such
deSigns can sometimes be imphAc d, however, if th e movement of each customer IS a SCpM.1tc process (c 8 ., a
thread o bject in Java ). uch a paralle l commun icating process dcsi.g n has the advantage that" matc hes more
closely to the activitIes that it simulates A good refere nce to parallel communlca "ng processes in the Java
context IS [ ]. The parallel proce ses may run o n a si ngle platfo rm o r o n separate platforms , as illustrated on
Figure 18. 10.
Encou nter uses th is architectural parallel eleme nt by havong the foreign c haracter Freddie move
Independently from area to adjace nt area while the game progresses. This thread "communicate s" w henever
Freddie fi nds himself in the same area as the player character
A UML notation that expresses parallelism was dIScussed in C hapter 16. Th is no tation, used in
Figures 18. 11 and 18. 12, shows an architecture for a banking appl ication desig ned to handle multiple
transactions occurri ng simultaneously o n automated teller machines (ATMs). This particular arc hitecture
allows the customer to initiate tran sac ti ons without hilving to wait for completion. even w hen the transaction
,akes Significant time. The applicatio n may , for example, inform a customer that funds he deposited will
not be immedIately available-that is, not wait for the completio n of that process befo re making the
announcem~n[
When customer II uscs an ATM , an o bject for customer II is created (Step 1 in Figure 18. 1 1J. Customer II
cr~ates SCSSIOII m (2) Sessio n m then retrieves an Accou~1t object such as customer t1 checki ng (3). The retneval.s
pcrfom1ed a ynchro no usly, and a thread , o r parallel process, is created because it may take time. Th is allows
the custome r to carry out other bu si ness in the meantimc . The method call rc trievi ng the Accolmt object is
de noted by • Slick arrow head indicating that the 5"';011 o bject proceeds in parallel with th is constructio n,
returnin g to th e customer object. Si nce we are dealing at an archhecturallcvcl . we arc omitting details here
uc h as showing the thread objects involved and showi ng how the 5os;01l objects kn ow that thIS is its required
comun/catlon
e xecutJon
create
0: .: retrieve" ®
0
deposlt-+j deposit·
°
(",ore wo~
(thread detail omitted),
Figure 18.11 Example of parallel communicating processor architecture managing ATM traffic. fragment of secuence
diagram
call. The Cuslom" object Immediately pcrfoml s a deposit "ansaClion by sending a me< age to t h e 5,,,,0"
object (4 ). TI,C 5",io>l object executes the d c poSit by sending a depos it message async h ronously to the Ac oU>l 1
object. spawning a new thread ( 5 ). Other w o rk can go on-lilcluding by o th er seSSIOn s whde the deposit IS
processed
In parallel , o[her Customt'r obj ects such as customer s are creating and operatmg on other <':;CSSlons such a
seSSion k. This is shown In Fi gure 18 12 .
Figure 18. 13 shows the beginning of a class m o del that handle thIS kind of architecture
6) Customer_n sesslon_m
:Session
session_k
:Sesslon
customer_n_
checking
:Cuslomer:
:Accounl
;
customer 5 create
0: I retrieve" : 0
-Customer
..J create I
ret neve'
'"
4 depoSlt+j r_0
::;5_ d_e_P_OS_It_. +-- - --n
Withdraw
---+j Withdraw'
f - - -- - -
U (Ihread detail omitted)"
Figure 18. 12 Example of parallel communicating processor architecture managing ATM trafOc - secuence diagram
446 CHAPTER 18 SOFTWARE ARCHITECTURE
,---------- .,
,_.-._.-------
. _. ___ • ____________ _______ _______ _ CuSlomers
I
~ __________ J'
.
.
; Sessions : ,, ,
,,------.- .,
,, ,, ,•
•, ,, ,,,
,,,
,
J" ~ Account ,,
,
,
,, depositO ,
,, Session , ,- ,,
, ,, Customer withdrawO ,,
,, ,,, , relrleveO ,
'-- • ---- ... .
• . • • -- -----.---_.----- • •
Figure 18,13 Example of parallel communicating processor architecture managing ATM traffic-<:Iass model
Let's tum to """I 'Y,'mos , the third type of "independent component" architecture cla ssi~ ed by Shaw and
Carlan . Thi s architecture views apphca ti ons as a set of components, each of which wa lts until an eve nt occurs
that affects it. Many contemporary applications are event systems. A word processor, for example, waits for
the user ' 0 click on an Icon or menu item. It then reacts accordingly, by stonng the fi le, enlarging fonts, and
so o n. Event systems arc ofte n ful fi lled as state transition systems, which were Introduced in Chapter 11 .
\,(,hen a system behaves by essentially transitioning among a set of states, the State design pattern
should be conSidered fo r the design. This design pattern was explained In Chapter 17. For example, we have
described the overall requirement fo r Encounter In terms of the state diagram in Figure I 1.26 of Chapter 11 .
Encounter tranSit ions among the Sellin9 up. Wailin9 , Sellin9 qualilies , Reporting, and Engagln9 states, among others.
Our design should capture this behavior effectively. It should also be capable of gracefully absorbing new
states and action handling as the game becomes more complete, without dISrupting the existing design. For
these reasons, we wdl app;)' the State design pattern described in Chapter 17 to Encounter.
The State pattern solves the problem of how to use an object without having to know its state. In the
CQntex't of Encounter we want to be able to wnte co ntrolling code that handles mouse actions but does not
reference the possible stales that the ga me can be in , or the specific effects of the mouse actions. This makes it
possible to add new game situations without disrupting th is controlling code.
Figure 18.14 begi nsto show how the State design pattern can be used to handle the states and actions of
Encounter. The framewo rk class RPGame ("Role· playi ng ga me") has an attribute called ,'ale , which is of rype
Gam,sln'e . The subtype of slale (i.e., which subclass of GameS'ale it belongs to) determ ines what happens when
handl,Ellrn'() is called on an RPGame object. The code for /,andleEv",l () in RPGam, passes contTOl to the
h."dl,Ev", ,() function of state.
-- --------,
: RolePiayingGame I
,- -- •
.-------------------------------~-------
_____1
I I
I Slale I
I RPGame GameState
I
I handleEventO iI
handleEvenlO
I I
I I
I I
I ( state.handleEvent{); ) I
I I
-- --- -
I
'
------------ . ----- --------- . ------ - I
-,
EncounterGame
------------,
lRolePlayingGam-:J
-- -------
RPGame state
GameState
handleEvenlO hand/eEven'!)
( slale.handleEvonIO;)
f:::,
EncounterGame : EncounterGam e 1l
-- --- ------------ --1------------ ~
Figure 18.15 State design pallern applied 10 the Encounter video game
As shown in Figure 1815, each subclass of Gam,5Ial, implements handl,E"cnIO In its own manner. For
example, if Encounler is in 5,"in90ualilirs state , and the event is the arrival of a foreign character. then the
window pcrrOitting the setting of characler quality values disa ppears because th IS IS wha t the method
ba.dl,E"rnIO in 5,111.90ual,Il<' is programmed to do An additional co nsequence of ,hIS particular even t/Slate
comblOa tion IS that Encounter transition to rhe EII9agrng state , as required by the tate · tranSitIOn diagram
This lransition is Implemenled by code <uch as
EncounterGame.setState ( newEngaging( » ;
The nexi ttme an event occurs in Ihe ga me, the I,alldI,E"oI IO funcllon of En9119in9 Will exeCUle, rcOectt ng
the fac t ,h al the game IS now in Ih e En91191119 tat e
AVlnual machmt ardulel.lurc:: trea lS an appli cation as a program written In a special-purpose language BecJuse
an Interpreter for such a language ha< lO be budt, lhl arch,tect"rc [.lays off on l If everal "program>' arc to be
wmten '" the lanljUaHC, ge nerallng several appl,cal ,ons
The Impl ementall on of a tO mpltlc vlftual rna h,ne requ lfe< the buddln!; of an Ifllcrprett r The
lnt(:rpreLation requlrt:<; us to execute an o perall n- Iel 's JII It 1tI1trl'rt"() on a pro gram wntten In our
lanllWge The 'nterpretall on of a prlmil ive clem ent alone (e g , a I'U '" the exa",ple of ~ h aplcr 17, ",here
lhe part, of a " PU " are no t relevant ) " genera ll y Simple (flJr lhe ex.lIll l>lo, tim cou ld be >lmpl 10 pnnt lake
448 CHAPTER 18 SOFTWARE ARCHITECTURE
PU o ut f.t bo "l. The problem IS ho w to execute an i"'trprt'() (unct.on when ap pl. ed to a mo re complex
"program ." T o do th .. , we may usc th e Interpreter de>l g n pattern.
V.rtuaIOl" h". e arChllee!Ures arc advantageous .f th e application co ns"ts o f the process.ng of compit-x
entit.es, and if these e nt itic , II h as th e v rders in the example , arc readi ly describable by a gramma r.
An add iti onal exa mple rcq uinng a Virtual machine is an app lica ti on th at provi des Cilmplc uscr-Jevd
prog ramming of a special purpose language. A nonprogra mmer use r, for exa mpl e, is ca pable of writlnS a
"pt a s.mple program- uch a the fo 110"'111 g,
A virtual machine architecture parses and interprets such scripts . The idea of such architectures is
dillst rated in Figure 18. 16.
An architecture built pnmarily around data is called a rrposilory architecture. The most common of these arc
~ .. tcms deSIgned to p{'rfonn transactions against a databa se. For example, an electnc compa ny maintains a
database of custo me rs that ",eludes details about them , such as power usage eac h month , balance, payment
hiStory, repa irs. and so on T ypical operations again st th is database are adding a new customer, crediting a
pa ymem , rcquc tin g a payment history, reque sting a list of all customers more than three months in arrears.
and so o n. A typica l deSI gn for this kind of repository architecture is shown in Figure 18. 17 . This figure mixes
the Aow of data between eMities (solid !tnes) and control (dashed lines). "Control" meJns that one of the
en tities prompt th e operation of the other-for example. rurns It on and off.
Other examples of applications with reposi tory architectures include interactive development environ .
me nlS (ID E ). IDEs apply processes such as ed.ting and co mpiling to a dalabase of source and object Ales.
O ur Encounter exa mple in its simplest form docs not include a database. if, however. it were to grow
Into a ga me Wilh man y ind ivi dual characters, then we might requ ire a database rather than J Aat Ale for storing
t'he characters ThIS would certainly be true if we wanted to allow the user to ca ll up statIStics such as "list the
characters Wilh strength under 10," and so on. Structured Query Language (SQI.) is a common way to express
queries (sec, for example, [4]).
Application I Application 2
Key:
Control flow : II ~ Database
Data flow: .. ..
Blackboard architecture , developed for artificial intelligence applications, art reposltones that behave
in accordance with posting ndes. The reader IS referred to [5] and [6] for a detailed treatment of blackboard
archlt~ctures
The final ryPl" of repository architectures we m ention here IS the hypertext architecture The m OS l
common u e of hypertext is on the Web. An application that manages the artifacts of a software engineering
application is another example .
The word "repoc;ilory" is often used in industry to den o te an app lication [hat provi des a und,ed view of a
collection of databases (, e., not just one). Th i relates to data wa rehouses RepositOries do not change the
structure of these databases, but they allow lIn,jonn acce s to them ThIS is a peclal case of repository
architectures as defined by Carlan and Shaw
Repo nory architecrures occupy a significant frilctlOn of applications. Since so many architectures make
databases their core When the proces In g i negligible compared to the fonnattlng of data from the databa e,
repOSitory architecture are appropriate . On the other hand , the presence of a large database can sometime
mask the fact that a large amount of procesSing may dnve the architecture Ad hoc da,abase programmmB
(e g., "stored procedure ") can eas ily mushroom into messy applitatlOns, wh ich perhaps should be conceived
differently from the repository model.
An archltecturalltlytr I a coherent co llection of software artifacts, t)' picdlly a pa kage of classes In Its common
form, a laye r u,es at mOst one other layer, and I used by at most one other layer. Budding appl, .t,on layer by
layer ca n greatly <,mpl,fy the proce<s orne layers, such as framewo rks, ca n erw several applica tion>
We have already seen the layered appro. h applied to the Entounter applICation , where clas«s '" the
Encounter packa,!cs ",hent from cla<st' In the framework pack.ge> TI" " hown '" Figure 18 18 n,e Agure
'hows how we might orga ni ze the u'e of a 3·D graph ItS ens,"e", a laye r acce Sible from the Role· Pla 'Ing
Came layer
Fll!Ure 18 19 ,how, an examp le of a layered art hlle ture fran AJax bank pnntlng appil atlon n,ere arc
four layers In thiS arth,tecture, and FI~urc 18 19 show, dependency 111 the reve". dire tl on ompared to
Figure I ~ 18 The appli allon layer, AJax Bank P"ntlnl;, h., 10 do With prlntlnR and f rmattlnN II " olilit
Upon (, e , u'>,,,) the Aunun!> and the AJax Bank ommon las> layer, The latter are blllh upon a \'endo l
~ppiled layer, which ~onlalns ~enera l utilitl su h as <ortin g and ear h"'H TYPlcall , a 1.I'er" I~ail :c " a, a
,SO CHAPTER 18 SOFTWARE ARCHITECTURE
3D onglne loyer
D
Role-playing 9IIme Ilyer .. uses ...
Encounter
Characters
Encounter
Environment
IEncounter Game I
Figure 18.18 Layered architectures. and example of 3D engine and video game
Architecture:
-uses"
Ajax bank printing Layer
I Accounts Layer I Ajax bank common IIbra.-Y' Layer
Vendor-supplied Layer
+
Figure 18.19 Example of layered architecture for Ajax Bank-highest level view
package of classes. For example, the Ajax com mo n library comprises classes used throughout Ajax
applications, and addresses such issues as the bank's logo and its regulation s.
The "using" relationship can be inheritance, aggregation , or object reference. In the example, only
aggregation IS applied between layers, as shown In Figure 18.10.
ScrvlCe-Orirnled Architectures (SOAs) arc gaining in usage. They are closely related to the idea of software as a
service and cloud computing, and warrant inclusion with those discussed above. SO As arc combinations of
S(flJicts: components that provide functionality according to an interf'ace speciAcation They differ from many
other application architectures in that they describe a sc t of interoperable components thilt can ~
dynamically harnessed to create functionality-rather than as a way to create a si ngle application
SOAs arc in the spirit of facade objects, and include Web services as a means of Implementation. SOAs
ace not necessarily obJect·oriented. In the case of Web servic« there is no assurance of globally defined
classes as we have proVided for Facade In prior examples. For example, suppose that an SOA is for a business-
to · busin~ss application concerning orJm. In an SO A, we would not assume that a unique Order class is known
to and usable by all service suppliers and consumers. Web services in particular deals with this by dennln8 3
schema for an orderdat. structure, and referencing the schema when Web services Involve orders. Thi uses a
Web service capability known as Web Seroicr D<scnption LAnguage and has the dfect of making an Order closs
known to clients. This is summarized in Figures 18.21 , 18.12, and 18.23 .
SOFTWARE ARCHITECTURE ALTERNATIVES AND THEIR CLASS MODELS 451
Architecture •
•
Ajax bank printing Layer t ~u s es"
,----====,-;'
r - - - - --. _. _------ --------.,
iI
,
Account I Customer
,
,,
,
Vendor·supplied
layer nol shown
---- --- ----- --- . .. _- --- - -- ----- ...
,-- - ---- .... -. _- ---- ---. --- --- .
:'-_" Ajax bank co mmon library ,,
,
,,
,,
w .
---- - - - - -- -- - - .. .._----_._- ---_ .... ---_ . . _- _. _--.,
,,,
,, Ajax Logo AjaxDisciaimer Regulations ,
, -----.----_.-._-
-- --------- .. ---------_ .. _-- .. ------_ .----- --.-- ------ .. __ .,
Figure 18.20 Layered architecture example uSing aggregation
Based o n compo nents th at provi de han ctio naln y accordin g to an interface spec
• Princ ipally via Web ervlces
• In Ihe spiril of faca de o bjecls
• NOl necessari ly 00
Example, An app lica ll o n co nce rnin g ordm
• Wouldn'I assume an Ordrr class known 10 3 11
• Instead_ Defi ne an ordrr schema , refe rence when Web services involve orders
which applications (and pans of app licatio ns) arc no t permanen dy wedded 10 each o lher Ralher SOAs
~ek to allow dy nam iC li nk ing of serviceS. For exa mple.-: , suppa e that you walll to write an appl. atlon that
orders <tatlonrry for a company_ You would wanl Ihe app l,ca ll o n 10 Identify all qualified vendOr<, check
prices and ava il abililY, call for b,d, and lenTI' , <clect a ven dor, and place Ihe order T o do dllS, Ihe appllCallon
can 't be permanentl y wedded to a c;c t of ve ndor For thl' rcao;;o n, OAs are bu dt around a rC!llS lralioH .. vstcm
Figure 18 23 ill u""'Ies Ihe fourSlcp Invo lved In publl<llIng and accessin g a service ·'Query ln g" IS like look ing
up a bU5Incc;~ 10 a te lep hone book . "BInding" mCJn s cont ac ti ng [he crvi C In order 10 Invoke It
crvice-onented architectures frequently uSc a bUSUltss proctss This defln<..'"S the components or the
"'Y"
bu iness such as the customer data base and bu int."Ss. Credit poltcics arc cxampk--s of the latter. The s(nllCt 1t1Ier/aCt
layer dennes the ser necs available that arc based upon the busincs proCl'SSCS. It specifics functionality such as
listing all customers In the database and checking a transaction for conforma nce 10 buslncss rules. The .ppr.c."""
laytr con iSt5 of applicat io ns buill usi ng the sCIVice internee la yer. These points are shown In Figure 18.24.
Applications typically use severa l subsidiary arc hitectures wIth in an overa ll architeclU re. Figure 18.25 shows
how the fra mework for role-plaYing video games could use everal of the architecture types lIsted by Carlan
and Shaw. It could make se nse, fo r example, to orga ni ze the ArtifMt, package as a database. The game
characters could be VIewed as parallel communicati ng processes. We will design the overall control of the
game as an event-driven sy tern .
.. uses-
.. uses-
Business
CharaCfers
RolePlayingGame
Parallel
communicatmg ___ ___ Event system
processes --______----
---------'
Rule-based Poslble
system - -j'- architecture
types used
Layoul
Database
•
Arlifacls system
Layered _ _ _ _ __
system
Database
system Encounter Layout
Figure 18.25 Example of the use of multiple subsidiary archltectures-Encounter video game extension
Since the hOler of a software archlte ture IS 0 lI11p Ortanl , It IS wi se to create more th.m one alternati ve for
consideration . As an example, we will create and compare two Jrchit cctllrC'S fo r the video store applicat ion
For the nrs. candida.e, we separate .hl· applica'lOn In.o .hrce majo r pans, The "back ·end" da.abase , the
middle pan , w hich cOnlains the bus lncss logic, and .he C Ul s. This IS • 1/",,·II(r archi.ecture . It IS often an
appropria.e choice when some or all of .he .iers resi de on phYSically separa.e plattomlS In parllcular, If .he
CUls are all on PCs, the middle la ye r on • server, and the databases controlled by a database managemen.
system , then three· tier architectures map neatly to separare hardware and software unitS Note that there IS no
n~ccsslty that hardware decompositions bt., the sam(.' as sofrware archltcctures, we ma y want a logical
(conceptual ) view of an applic.llon to be cnllre ly independen. of .he hardware platform, hosting " (These
are the phYSlca' VICW vs .he 'oglCa' view .) App lYIl1£ three tiers to .he video Store applicallon, ,,'e cou ld ob .aln
the architecture In Figure 18.26
[" .......;;;;:;~~...............-..............'...........................'.................~;;;.~;~~,..~~~::::;~..............'..···...............··1
I ,
I., !I
I
, I
: I
II VSCuslomers
i
i
I 1
I
1.. _ ••_ .... __ ..................... ..................... _ _
........................................... ............... ........-
' ........... .i•
Figure 18.27 Altemauve architecture for a video store application
The strength of this architecture IS that it's easy to unders tand. Anolher strength is that since the CUI
part IS separate from the rental ope rati o ns it can be changed withoul di sturbin g the latter. O ne weakness is the
coupling between the GUh package and the V50ptratio", package; there may be severa l CUI classes
corresponding to the C. "om" class, for example. Therc is also cou pling between the classes in the V5Data
package and the classes in V50p"alio", . A second architecture ca nd idate IS show n in Figure 18.27.
Th is architecture g rou ps all of the classes pertaining to the vi deos in a package. The R",tal, package
contains classes that relate videos and customers. The C" stomm package contains the classC"5 pertaining to
customers, includi ng assoClaled CUls. A third option would be to group all d isplays in a package. Figure 18.28
summarizes onc opi nion of th ese architecture alternatives.
Various computer·aided software engineering (CASE) tools arc used to facilitate the software engineering
process. Some tools represent classes and Iheir relationships, such as Rat io nal Rose by IBM Corporation.
These tools facilotate the drafting of object models, linking them with the correspo ndin g source code and
sequence diagrams.
In selocting a modeli ng tool , a list of the requireme nts fo r the tool IS drawn up using procedures si milar
to the requirements analysis process for software application development. Here is an example of some
requirements for modeling tools .
Three-tier Alternative
• Desirable. Possible to Ju mp direclly from the obJecl model 10 the source code
• Optoonal , Reverse englneero ng available (i e., create object models from source code)
• Oplional. Use color coding for tatu of class Implemental io n
Tool packages frequen tl y try to span arch,teclllre, detaoled desIgn , and ImplementatIon . Varoous
vendors are developong the capabi lity to hyperlink from source code to documentatoo n and VIce versa
Implementati on-oriented tools uch as Javadoc can sometomes be use ful to supplement the desIgn process
Javadoc is useful for navigatlllg packages because it provides an alphabeticallosting of classes and the parent
hi~rarchy of each class.
Interac tive development environments (IDEs) are delIvered with compolers and arc WIdely u ed as
partial modeling tools. Object -Oroented IDEs ge nera ll y show inhentance In graphICal fonn , and developers
are frequently auracted to these <ools because of their closeness to the compilat Ion and debuggIng process
Eclipse, used as a successfu l software engineerong case study itself in this book, is an example of a WIdely
usod IDE.
Component assembly tools create applicatoons by dra ggi ng and droppi ng icons that represent proces-
si ng elemenrs. Java Bean environments are typica l of the se. Within such environments, beans Uava objects
whose classes confonn to the Java Beans standard ) can be obtained from libraries, cu tomized, and related to
each other by means of events. The Java Beans standard wa created with the express purpose of fa.cilitating
such simple asscmbloes by means of graphical tools.
A disadvantage of usi ng modeling too ls is the project's dependence on a Ihird -party vendor. In add,tion
(0 the complocations of the application and the project itself, engoneers must be concem~d WIth the viabol,ry
of the 1001's vendor. Suppose that the vendor goes ou l of business or tool upgrades become too expen IVe,
How WIll the project be affected7 DespIte these ISsues, the use of design and development too ls has Increa cd
steadily. The rig ht tools leverage productivity, and economIC factors favor their usage
The IEEE Software DeSIgn Document (SOD) slandard 10 16- 1998 provides gui delInes for Ihe documentation
of deSIg n . The lable of cOntenlS is shown In F,gure 18.29 IEEE guidelones explain how the SOD could be
written for various archilectural ryles, most of which are de<cribed above The case study uses the IEEE
standard with a few modl~catlon< to account for an emphasi< o n the obJec l-oroented perspeclive As hown In
the figure , Sections I through 5 can be considered soflware arch,lcc lure, and ection 6 can be conSIdered the
detailed deSign, to be covered In the next c hapter
Once: an architecture ha< bee n selecled, Ihe schedule ca n be made ma re >peclr, and more detaIled In
partl ular, Ihe order in whIch part< are bUIlt can be dctennlncd For examp le , on the cas. study 11m, kes <ell,"
to fir" develop the (hamCler! fram ework pack.ge , followed by Ihe speCIfic EllcoulllrrCl",,,, I", appl,cat,on
package S,n c thes packages w oll nOI be comple ted In Ihe ('''1 Iter.tlon f the ' llIr.I , we n.nte the
456 CHAPTER 18 SOFTWARE ARCHITECTURE
1. Introduction •
4. Dependency description
corre ponding tasks ' Charac ters I" and "EncounterCharacters I." Arrows indicate depe ndence of packages on
others. For example, "EncounterC haracters ('. cannot be completed with out th e completion of "C haracters I:
as shown i n Figure 18. 30 . The sch edule sh ows th at "Integrati on and Te st I" canno t begIn until all of the other
tasks In Iteration I have been completed.
M ilestones
Freeze I Complete testing
Iteration 1
Iteration 2
Thl c tlon de)cribes a '\ccnano of how the Encoun - proces os. Ea h could be run o n a \Cpa rate parallcl
ter proJC t team may havc go ne about the creall on of thread, and the c threads would commuOicate when -
the- Encounter ar hltccture ever th4.: c haracters encou ntered each o lhe r. They
no tcd lhl s as a candidate architecture .
18.1.1 preparing The y onSldere d "cl lcnl .. erver" ne xt, but it was
In accordance with th,' PMI', Karen Pe ter, was the unclear to them what the "client" and "scrv<:= r" roles
dcslgn leader, with Ed Braun backing her up and would be, 0 they dism"scd th l alternative "Event
in pectlng all of the desig n work . Karen aimed to systems," the nex t type listed, appeared to be a
develop two thoroug hly prepared alternative archl ' cand idate architecture slOce the game responded
tectures for the Encounter project and bnng them to to cnher user- In itiated evcnt~, such as the presSing
the team's preliminary design re vlcw. She was deter· of an area hypcrlmk to enter an area, or to th e arnva l
mined to aVOId unpleasa nt haggl ing over anch ltectures of th(" ( reign character \0 the sa me area as the player
that wcre devi l·d by different engineers She fe lt that c harac tc r They no tcd thIS as another cand idate
ego rather than technical ISSueS predominated in such JrChllC Hire.
ca cs . She had even wo~e rnemanes of architecture ext , Ed and Karen conSidered "Virtual ma -
- ·compromiscs" {hal were crea ted lO reconcile com - chines ," asking whether each game executton con -
peting architectures. These freque ntl y resulted In po r sis ted cssl"ntlall y of th e interpretation of a cnpt
designs that everyone had to live and work with da ily Th is d id no t appear 10 them to be the ase
for months, if no t years. On the ot her hand, Karen did They co nsidered whether the ga me could be
not want to produce an architecrure in isolation. She thoug ht of as bu ilt arou nd a reposllory of data (a
decided that she and Ed would sclCL t architecture "repository system"). The data could be the va ilies of
candidates together, research them thorollghl y, and the harac ters and the statuS of the game They
present the choices to the team deCided that thiS might indeed be a po. IblillY if there
were man}' characters and many artifaCtS, bccau e In
th at case , rht' manipulation of large amOllnt~ of data
18.1.2 Selecting Architectures
might predominate Sin C Encounter \Va ... not to be
AI Pruitt had been thinking abollt the deSIgn of the
data -cen tn c, however, they rejected (hIe;; candidate
game application , and he gave Karen a sketch of an ad
- hoc CU I-driven anchltectu re. He pOinted Ollt that It Fin ally, they co nsidned a la yered architecture
T he quesllon here was whether Encounter could be
was simple and would be qUick to Impleme nt Ed and
Vlc\oJcd a a c;;cncs of clac;;\ grouping wtth each
Karen rovlc-wed Carla n a nd Shaw's 1"<lf!Catlo n of
groupmg: uSing o ne or two of the othcrs Karen
architectures to dl-t<.: rmmc whether Encounter ap -
fe lt th" t th ere wo uld indeed be at Ica t two u eflll
peared to matc h any of the archllecture a lte rnallves .
la yers one fo r role -play ,"!; games In ge ner"l , and
They Ars t asked whether Encounter oliid be
o ne for Encollnter They m.dt· " no te of thi S ca ndl -
descnbed as the flow of data fTom o ne procesSIng
dJle ar hltcctll re , and ended th eIr con'i.lde:ra tl ol1 of
dement to another The data would have to be the
arla n and Shaw' optlo ne;;
IXXltlons of the game c haracter< and/or their qllalllY
Now the y II ted the "rChllenlire candldate<
values Thl View did not ,ccm to them to ma tc h th e"
conception o( the same AI Prultt'< UI -dnven ardlltc ture
ext, they turned to arlan and haw's, oIlnde_
pendent components· arch ltectllres, the (Irst of Parallel I11munl calln~ procC'se'
whl~h w"' ' parall el communicating procc'ses ' To Evei'l l ... y'll' 1ll 1;"
Karen thi S seemed to he • flO"II)lo mJte h be~au;c
tach game char. tN cou ld be ()n"dercd onc uf the I.ayncd
458 CHAPTER 18 SOFTWARE ARCHITECTURE
TI, CY dl cu"ed w hl h of th«e described the to commIt· to archItecture. no advan tage of the
ovc",11 archltccture and whIch wcre <ub"dia ry to th e labl e (Table 18. 1) IS that It all owed th em to more
ovcro ll archlto ture T o d ecIde among th ese candl . ea sil y reevaluate th eir reasontng
dat es they evaluated thcm on terms o f th e qualotics n'lCIr conclu'\loll was that layenng was the
de crobed in th is charter. Th ei r sch eme gave 2 as pnmary archilc tural prin iplc Ince there was a
th e hIgh es t value and 0 as thc lowest. In the case of generic ro le·plaYIllS game layer and the Encounter
close scores, th e team would h ~)Vc ques tioned the ir laye r Itsc l f. They env lsaKcd the · cvent sysrems"
Scores closely In additIon . as they learned more architecture as ubSldiary to the layers They post·
about the applocation . they unders too d the need po ned a d etai led diSCUSSIon of parallel communicat·
to re VIS It thi s table up to the timc that thcy had ing proccsses for th c game c h aracters. Concep tuall y .
parallel
Candidates AI communicating Event
Pruitt's processes systems Layered
Qualit ies
Understandability: can be 0 2 1 2
understOOd by intended audience
Reliability: 0 1 1 2
TOTAlS 6 8 13 18
CASE STUDY: PREPARING TO DESIGN ENCOUNTER (STUDEN1 PROJECT GUIDE CDN1INUEDI 459
lhdr mam archw::,cture sele tlOn is reAeeted In 18.7.4 Refining the Architecture
ngun!IS. 35 Karen and Ed wen! now faced with the task of
Th~y
decIded to ~XP"'ss the "evcr.t ystems" decomposing each layer. They performed this by
arch,tecnon! by m~ans of tates and transitIons. Then plaCIng the two additional archllecnoral elements in
they debated whNher to use the State deSIgn pattern se parate packages. In the role-playong game laye r they
or a tatelaction table to describe the eventltransl' formed a package for the state machine called Role-
ttons, and deCIded to apply metrics to assist in PlaYlngGmh'. To handle the game characters, which
choosing from the architecnores under consIderation, move around in parallel , they created a Cha racttrs
Including AI Pruitt's. package They also created a Gam,f".iro"",,,,t package
They used e-mail to try to get agreement on the to contain classes describing the places on which the
""(:Ightlng of critena for architectures (extension, charac ters would move . Finally, they envisaged an
change, etc ,-see Table IS I i.e., "Evaluation of Artifact. package for the funore to describe the miscel-
arch,tecnore candidate by means of design qualit- laneous Items such a shields a~d swords th.t would be
ies,") 10 advance of the meeting, without mentioning involved. This package, postponed for future releases,
the architecture candidates themselves. They then e· would have a Repo.itory architecnore.
,
maIled AI a draft of the comparison table in advance Their decompositoon of the Encounter applica-
of the meeting to make ure that they had not missed tIon layer was analogo us since man y of its classes had
1.1 Purpose
ThIS section shows the decomposition then
This document describes the packages and classes of explai!1s each part in a subsection.
a framework for role -playing Video games.
RolePlayingGame Characters
RPGame state
handleEvenlO
GameCharacter
..J
O.. n
( Slale.handleEvenl(): )
.,
IRPGEvent r- GameState
handleEvenl O
GameEnvironment
GameLayout
2
GameArea ~
Artifacts For future
releases
GameAreaConnection
(represented) by Ihc part Icu lar Gam,Sla l, obJe tag · 3.1.3 GameEnvironment package
gregated by the (s Ing le) RPGam, object Th is ag!."e · T his package de cnbcs th e phYSIca l envIronm en t of
gated object i named statc. In other words, state is the ga me . T he class GntllC'Llyolll aggregates co nnl'C -
an attribu te of RPCam, of type Gam,SI,"'. tion obj t:ct" Each connecti o n obJc 1 aggrcgatc~ the
The functIo n ha>ldl,E""'I() of RPCam, I ca ll ed to pai r o( Gam rA,m objects that Il connect<.. Tlw. arc hl .
ha ndle each event occurnng on the monItor (mouse lectu re allows for multiple connections between twO
c"cks, etc ). It executes by ca ll ing the hmldl,E"",:() areas . Eac h GamrAr(Q object aggregates t11t~ game
functIo n of state The app licab le versIon of handl,· characters that It ontalAS (If any ) and can detect
Evtrll() depends on the particu lar ubclass of Gm.,Slal, encounters among chara tl;'r~
that state be longs 10
3.1.4 Artifacts package (Not Implemented-
3.1.2 Characters package for Future Releases)
TIl\'; packagc IS Intended to store e l c m c nl~ to be;.'
10CCllCd In areas, slich as tree or tables. and Cnt ltl C
It may seem strange to have a package co n· posse< ed by character , such as , hIe Ids and bncka es
tai nlng JUSt oAe class, but most arll faclS In
software desIgn have a te ndency to grow 3.2 Concurrent Process Decomposition
Even if the pacakge docs not grow, this
d~ not dISqua lify it< usefu lness. For anot her nl(' framework dOl's not II1volvl" conClIJT(:nl pro ~'C'
example of a package with just one class, sce
jaua appl'l, whose only class IS Applrl (but 11 . 150 4. Dependency Description
contains a few '"tertaces)
Tl,e only dependency among the framework UML Th, UH ifi,d Modrl"'g UlHgung, U><r CUld" by
module, I the Jggregation by Cam,Arra of Booch, J. Rumbau g h, and I Jacobson (Addison -
Gamr ham fer Wesley.
IEEE standard 10 16· 1987 (rcafflrmed 1993) gUide·
5. Interface Description lines for generating a oftwar. Desig n Document
x/yy/zzz K. Peters, addcd decomposition by The IEEE standard is extended usi ng Sections
usc casc model and state model 3.4 and 3.5 in o rder to descri be th ese models.
Recall th at the other possi ble model is data
1 . Introduction
flo w, whic h we have no t co nside red useful in
this case. In the particular case of this video
1.1 Purpose ga me , we chose to use th e statc descri ption as
part of th c requirement as we ll as the design.
Th is docu me nt describes the desig n of th e Encounter
rolc· playing game.
This deSign is fo r the prototype version of En· This section sho uld no t dupl icate the "detailed
counter, which is a demonstration of architecrure , design" secti o n described in the next chapter.
detailed design , an d docume ntation techniques. The We do roOt go i ~to dotail here regarding the
architecture is inte nded as the basis for in teresting con tents of th e packages.
versions in the future . This descrip tio n excludes
the framewo rk classes, whose design is provided In
the SOD cnlitled "Ro le· Playing Came Architecture T he package architecture for Encollntl!r is
Framework." show n in Figure 18.32. T he th ree packages arc
E'1C'OUl1tlrGamc , El1co ,mttrCha rac1trs , and fl1C"o"nttr-
1.3 Defi nitions, Acronyms, and Abbreviations EH OtrOtfmrnl. These have: facade c1as cs El1 counfc:-Gamc,
El1couPltcrCasf, an d fn co uPi ttrEl1lJiroPlmtnt respectively .
None The facade class of each package has exactly onc
instantiation , and is an interface through whic h all
2. References dea lings wit h the package lake place . Th e re main.
ing classes are not accessible from outSide the
"Role· Playi ng Came Arc hilecture Framework: sec· package (Sec Section 17.7. 1 In Chap ler 17 and
tion in Software £.9i."n.9 A. O'J<ct-Orirnt,d Pmprcti." [ I ] fo r a complele deSCri ption of the Facade deSign
by E. J. Braude (Wiley, 200 1). pattern .)
CASE STUDY: SOFTWARE DESIGN DOCUMENT FOR ENCOUNTER (USES THE FRAMEWORK) 463
EncounlorGamo
EncounterGame
.. facaC16,.
EncounterCharacters
EncounterCast
.. fscade,.
Encoun18rEnvironmeni
EncounterEnvironment
.. facade ..
3. 1. 1 EncounterGame Package The data stnl ru res Aowing among lhe pack·
The EncoIHl,crCmt1( package consi ts of the classes can· ages arc: defined by the Area , EncoIH1!rrChnrtJc frr, and
rrolling the progress of the ga me as a whole 11,(, Ellco lI~llrrAr(Q Dill/teflon clclSSC.,
package IS dl"signcd to react to lIsc r actions (eve nt,).
3.4 State Model Decomposition
3.1.2 EncounterCharacters package
The E'1C'ouHttrChamc frr5 packa ge cncompas lOS th e EnCOUnl('r co nSIst, of the slate, <;hown In FIg.
characters invo lved In the game. These Include ure 18.3 .
character(s) under the co ntro l of the playe r toge ther
with the foreign chllra lers ,
This state diagram was provided in the SRS ,
3.1.3 EncounterEnvironment package Section 2 . 1.1 , where it was used to des nbe
The EnCOUHltrE,wiroH,"oll package dcc;cnbcs the phys - the rcq uirements fo r En ounrer Tht, remaIn ·
icallayout of Encounter, oncluding the areas and the ing stares mentioned in the reqUtremenb WIll
connecti ons between them It doce; not Include be implemented in ubsequent relea<es
moveable Items, Ir any
3.5 Use Case Model Decomposition
3.2 Concurrent Process Decomposition
Setting up
Player _ -1 Reporting
dismisses Setting
report
Player
qualities
window
compleles
setup
Player
dismisses Player
set requests Player
qualities status requests to
widow __-- , qualities
Foreign
character
Waiting I---<: enters SleB
Foreign
character
Playel enters area
moves to
Player
adjacent area
\ Encounter
campleted --l Engaging
quits
presenl]
absenl]
Details .,.., given in the "detailed desigr." There are no significant dependencies among
section. the usc cases,
This section describes the dependencies for the The: dependencies among package interfaces arc:
various decompositions describe d in Sec tion 3. shown in Figure 18.34.
EncounterGame
EncounterGame
EncounterCharacters
Encoun1erEnvironment
Th~ Ell OIm,rrCnmr pa kage depend o n all of the 4.4 State Dependencies
other En ounter p() ckage~ The En oJmlrrEmmotllnnst
po kago I d Igned to depend On the E"co""lrr- Each State I related to rhe <tate< Into whIch lhe game
ebara,'ers pa kage ThIS IS becau c the game'. charac · ca n lranSll ion fro m it
ter Int~rnc tl o n takes place o nl y on the context of rhe
4.5 Layer Dependencies
~nvl ronm ~n t. I n part icular, Arm objec t arc re po nsi ·
ble for detcmllning the presence of the player's char- The Encounter app location depend. on the Ro/r-
.ctcr together with the fo reign charncter P/IIYJIl9 Gllmr fra mewo rk a , hown on F,gure 18 .35
O,'pendenclcs among no nln terface classes arc Each applICa tion package u'c< exa t1y one frame-
expJalnl.'d late r i n th i.; docume nt.
work package
5. Interface Description
Such dependencie arc detailed deSIg n
specIficatio ns. TIll<; section descnbes the InlC-nan.· .. lor the obJcct
model o te thaI ,eve ral of the cla',cs descrobed arc
dehned In the de<ogn dc< roptlon of the Ro/r-PIIIYIIlg
4.2 Interprocess Dependencies Ga me Framework .
3. C ameCharacle r ge tTh eFo cclg nC haracter()/lthc 5.2. 1 Player Character Movement Process
un ique ch arac ter 11,e interfaces to the process that moves the player's
4. IIExchange q ualI ty values specific to th e game charac ter aboul th e game consist o f the g raph ical user
area interfaces specified in Ihe SRS. TI,e process reacts 10
events descri bed in Section 3 4, whI ch are handled by
5. VO Id engagePlayc rW ithFo reignC harac ter th e El1colw lrrCmnr package in accordance with its
(CameArea) spcctfk~H jo n s , described later In th is document.
Rgure 18.36 has just three part>-a manage· • JF<IC' " a se t o( UI framework USlnS \xrT , used (or
able number to comprehend Eclipse" a large co mmon UI
and very complex pro duct, however. T oge the r • \Vo,kb,,,c/, "defines the Ecl,pse UI paradIgm Th"
with the brIef explanatIons below, this decom- Involv('<; editors, Views, iln d perspectives
"I
I UI
I
I
I
I Workbench
I
Plug-In Developrnent Environment
'- I
I
I
I JFace
I
I Slandard Widget Toolsel
I Java Development Tools
1/
Pla~orm ~ depends on
",, Core
, \
I Workspace
I
\
\
, \
I Runtime
I
Key: 0 A depends on B.
@
UI
I Workbench I
I JFace I Java Development Tools
I SWT I I Java Core
I
Core: Workspace
Core: Runtime
.-~ Application
Dependent
IU·
"
80::
~«
Framework
-'"
en Infrastructure
l.1Jyers
System Abstraction
-L
Operation System / GUI
OpenOffice Architecture
Application
-0.. SW SD SC SM Layer
= ,_._ ......
« Framework
Q) Layer
.-u
~
o~
UNO UCB SO
l::===-:::;-;::===~-;::==;
e-'"n
Infrastructure
r Layer
VOS TOOLS
.- ---- -- -------- ._--- --------_ ... ------- -- -- -_ ..System
-----
STL RTL OSL Abstraction
Layer
------- ------- --- _... -.----------_._.--.---- -----------
[ OS / GUI I
Figure 18.39 The architecture of OpenOffice
~ Edited from Qpe:/OfflCe. hltpJ IWwW openoffice OI'glWhiteJ)aJ)ers/l ec.h. overview/ tech3wervlew I'ltmJ,J
The System Absttilct.o n laye r "e ncapsu lates all 18. 11.1 System Abstraction Layer
system spec.fic APls and prov.de a cons. ten t o b· Th is sec tio n is reproduced from [ 1 I) It references
Ject·oriented AP I to .cce« sy tern resources in a Figure 18 39
platfonn mdependent manner · It provides a k.nd of Platfonn ·dcpe nded implementation take pia e
single, v.rtu.1 opctilt .ng system on wh.ch to build below the ys tem Ab. tractlon Layer ( ALl or arc
OpenOff,ce part of 0 pl1o nal modules "In an ideal world an
The In frastructure layer . a platfornHndcpen. .m ple mentat. on of the SAL·,peciRe [unctlo mhty
dent environment for bUilding app lica tio ns, compo - and recompi ling the upper I. er module will all ow
ncnt~ Clnd <;crvlces you to nm the appl.catlons To prov.de the whole se t
The Framework laye r· To al low reu<e, tI", laye r of fun ctio nality, the opti onal platform spee dic mod ·
prov.d('S the envlto nm ent for appi1ca llo ns. It al ° ule" I.ke telephony suppon or speech recog n.t.o n,
prQv.des all shared funcllon.l.ty ,ueh "' com mon have to be ported , too " To reduce portin g cfforts.
d.alogs, (.Ie ac(css, and eonfigur.l1on mana gem nt the AL fun ctio nality I ) reduced to a 011111",,,1 " . ." t,
n'e Appl.c.at.on layer "All OprnOffic< 0'9 appl •. avallJblc o n every pladom, " (or ~Omc ,v,tcnh
cat1<Jns are part of thIS layer T he way the. appl. · th e laye r Inc1udc'i ~o m (" Impl Clll cntallO lh to emulate
cat.ons .nt·rou I~ b., d on the lower layer> .. "'ul11 e runCtlO Il i.1 hl y or bt' havlor. F r example on
Th next ~CC llOn\ dc\Cnoe ,hesC' bytr~ In mort "'y, lc.:m, whe re n nilllVc nudtllhn:ild ,ng I ,,,pportcd
the layer ca n su pp rt <0 ailed ·u<e. land' thrc:ad, •
470 CHAPT<R 18 SOFlWARE ARCHITECTURE
This d~>crlpllon IS not very lear, In (act, It is The last <entence is useful and appropnate at
difOc\l!t to wnte meaningfully and clearly at a this level. The meanlnS o( "semi platform
high level. What follows nc"" however, IS Independen t" is unclear, n,e
second se ntence
Indeed clear and meaningful. IS not clear but is presumably explaIned in the
more detailed sections
1B-11 _1.1 Operating System Layer 'The oper- The relationship with the Standard Template
allng system layer (OSl) encapsu lates .11 the library that comes with C+ + should be c1arifittl
o perating sy tern speciflc functi onality for using
and accessing system speCific re ources like Rles,
memory, sockelS, pipes, etc. The OSl is a very 18_11 .1.4 Visual Class Library 'The VCl encap -
thin layer with an object-orien ted API. In co ntrast su lates all acce 5 to the different underlying CUI
to the upper layer this object-oriented API is • C- sys tem s. The implementation is separated into fWD
API." The reaso n for this IS to allow easy porting to major parts. One is platform · independent and In -
various platform s using different Implementation cludes an object -oriented 20 g",ph ics API with
languages _"For embedded systems or Internet app li - metafile-s, ron~s , raster operatio ns and the Widget
ances, for example, an assemblc:r language can be set use by the OpenOffice .org sUIte. ThIS approach
use d to realize th e Inlplcmentation ." virtually gua",nt.es that all widgets have the same
behavior independentl y of the CUI system used. As a
18.11 .1_2 Runtime Library "The runtime library result , the look-and·feel and the functionaliry of the
provides all semi platfonn independent functionality . widgets on all platforms arc the same."
There i an implementation for string cia scs pro -
vided. Routines (or conversion of ~tnngs to diHcrent
This explains the squiggly lines in Figure 18.39
character sets are implemented . The memory man -
that separate the rwo parts of the VCL
agement functionality resides in this modu le ,"
Infrastructure Layer
(OSL) (RTL) ,
LlbJ1lry
(STL)
I Library
(VCL)
I
I I I I
Operation System I GUI
The platfoml .dependent pan Implements a hbraru,:s Thl~ Includes a co mmon Implementation
JD·gr.lph,c drawing anva, that IS u<cd by the for handlinS date and time re lated data , an Implc ·
pladonn' lndependent parts. ThIS canvas redirects mentation of "lru lUred storage) , a generic registry .
fun 1I0nailly dll-ccdy to the underlYing U I , y,tem l ypc~af(' managcmc.' nt , and pcrsl",tcnCc of property
Currently, there CXI"-l Hllpk'mcnlallon" for the data "
Win32, X· Window , 0 /2, and Mac The a e <
to the prlnllng functionality , clipboard and drag. 18.11 .2.3 Universal Netwo rk Objects Un lUmal
and·drop IS also reali zed In"de the V L. " Ntlwork Obit Is "the o mponent tt-chnology used
wllhln ptliOlficr or9 "It . IS heaVily bascd o n multi ·
threading and n(:( ..... ork communlCJtlon ca pabilities
18.11.2 Infrastructure Layer It
Framework Layer
Infrastructure Layer
,
Vlnual
~
I Tools
•
UnIversal Compound I •
ScriptIng
Ope ra1lO 9 Llbranes Content ObJecls and BaSIC
System Broker Library
(TOOLS) I
Layer
(UCS) (SSL)
(VOS)
I
System AbstractIon Layer
-
Il..
Application Layer
«
Q) Framework Layer
u
-
:s::: I
Applicallon SVX Library
0~
Framewo rk library I !
-'"
rn
Infrastructure Layer
18.12 SUMMARY
A software arthltCClUrC dcc;c.n l c th e components of a ... oftware ~y'-lem and th e \\I JV III whic h th e II1tCr.\U
WIth each olher Ther il rc many ddft'rcnl way ... a "YSlcm ca n be archllccled Jrl an and hon\" h;)\I(, dJ ...... dH.~d
\Qhware arch lt ·Cturcc; Into <'JtCJ,(O (ll-'''U h a<; dJlanow, IIHJ c pcndc nl cUlllpOncnh , Virtual 111 3 hl nc , fl"' 0"
tory, and lay "red ')CrvKC -OfI Cnlcd arch lte lure I ;'InotiH.' r type.: uf Jrc.h lt c llIrt' In w h lL h VJ llUU \ C mpOl"wnh
art' (.omb lncd to provld ~ a ., 'rvlCt
~()ftware d -"11m arc dotumen,ed In J <ol,wore d -"gil d(lLum"n, ( 1)1) ) The 11: 1: [ pub l"hc, IFI-I ~,cl
IOI6- 1'j')ij for ~uch a !'>urpo<e TIl(' 1)1) lor ,he I nwuntcr to>e <1lI<iy 11«, tim " J dOLum n' ,eml)iate
474 CHAPTER 18 SOFlWARE ARCHITECTURE
For large ' oitw;lrC project I ll " Impo rtant lO modulafl zc th e 'OrlwOlrc dc., lJi(n. Modu lafl zlIllon facilItate!.
dlfferenl wo up' of devcio pe,", work lnll o n Ihe d,fferenl parI, sHllullancously T o make Ihi' work as efficlen ll y
a, po"iblc, Ihe Facade desIgn pallern an be u cd 10 provide a clean inlN!ace for each module. n,e Facade
pillh..'rn I typ i all y appropria te when developers arc colloca led. In di stributed enVironments, Web service!.
a n often be u cd.
Once an archOlcclure I <e lecled, Ihe proJeCI « hedule IS updaled 10 reRec llhe order In which Ihe p.rt<
are 10 be developed.
18.13 EXERCISES
I. In a paragraph . ex plain the purpose o f a software arc hOleclurc and how il relales 10 design.
2 Suppose Ih.1 yo u arc deSIg ning a batch imulatio n of cus tomers in a bank. BCln8 a batch si mul atio n.
the charactcnstlc~ of the si mulation are Arst sct, then the si mulation IS execu ted wit hout
Intervennon H ow could you describe this as a data Aow applicano n) U sc a simple skele ton
co nsisl1ng of fo ur parts 10 Ihe dia gram . (Identify you r four parts . and Ihe n look at how yo u cou ld
descnbc this applical'ion as a state-tran si ti o n dillgram .) Which perspective offers more va lue in
de scnbang the architecture]
3. Wh en desig ning a client -se rver architecture, th erc arc generall y two altern ati ves: Ibm an d Ihick
clients. A thin clien t implie that client hmctionality is kept to a minimum; most of th(O processi ng
is performed via th e server. A th ick cl ient implies that much of the functio nality is con tained in the
diem; the functional ity o n the server is kept to a miniml.!m. D iscuss the o ne o r two major
adva ntage and disadvanlages 10 each of these approaches.
4 Operating system are frequently desig ned usi ng a layered archItec ture. Resea rc h the linux
o pe~tlOg sys tem o n th e Internet, and explain how it utili zes J laye red arch itecture. What arc the
benefit of such an architecture,
5. Conside r a word proce SI ng appl,cat ion with which you arc lamil,ar. Sketch the software
architecture of th at program using one of th e architectures descri bed In this chapter. DeSCribe
th e purpose of each of the components of your architecture.
7. Some design patlern are particularly relevant at the architectural level. Na me two of these and
explain their r('levancc.
8. Which software arehitec ture is the best ca ndida le fo r each of the fo llowIOg app l,cations
a. An applicallo n for reordcnn g auto parts from hundreds of stores
b. A roal-time appl icatio n Ihal shows the heallh of an automobile
c. An appitcJtion that provides advice to stock CUStomers. It uses a multi·platform design
consisting of several Web sites O ne si te conti nually collects and stores pnces and o ther
In(orma tion about stocks; a second site conti nuall y collects stock advice from anaiysts; a third
recommends pon(o lio suggestions to users
d. A sclenti(ic instrum ent com pliny builds equipment (or analyzing molccu lilr tnlctures. The
application you are 10 design analyzes .he structure 01 DNA mo lecule , which arc very large.
BIBUOGRAPHY 475
TEAM EXERCISE
Architecture
Develop the architectLire for your proJect. Dcscrlbe YOLir ar hltcctLire u;tng the IEEE tandard, as tn the
JSC srud a compa nYing thn. chapter (vlakc It clea r what type of archrtccrurc and cit! rgn paltern
arc bemg applied how at lea (one other architecture that you considered , and explain ,,,,·hy you choc;:;e
the altematlve descnbed Include the u e of metncs It IS not reqUIred that YOLI automatically chao e the
architectures via metn ~ alone: .
Track the [arne YOli pend dorng this exerCi Se In increment of nvc: mInute , and Include a lime: heet
haWI ng the time pent by IndIVIdual and by the team U,e or Improved upo n the loml tn Table 182
that reco rds the time pen t per person o n Cil h modu le Give your opinion on whether your (!(Icklng of
tIme paid off, and whether YOLir time cOLild have been better managed
Module
1 2 3 4
BIBLIOGRAPHY
I ha ..... i\1 C and 0 Carlan Sol,w.Hf A"b,'rdlotrr PmPtdlt'f"> 0" an Elflctl/llfl) 1)'«('llllIl( Pn:nlr c Hall 19C-16
1 DIJL.stra E A DISCIpline of P' 09ra"'," I",/ Prentl(.(' Hal' , 1976
3 ua D CDrlCW'rt:t'I' P'Oljr.JPI4"IIHtlIH IlUll1 D~'9 " Pflfl( lrtt1IHtJ Pall(t'?u ( /"JI'O Slnf') Add,,>,)n ' \'(' <:"olcy I tno
.. Kaluznlolcky, E K , and V Kanah;H X~., ~ P,ol}fa,../PI'"9 /or '/,( True lkl,I"H" All IIII,~u dlo" Ii) Inr Xb.lSt Llff~W.19 ( ,II Iht C(m 'ex l ~f JH.I\( tilT.
I", i Fox",o. aYlJ (lIPW, "'lcC r:.w Hill l)rofc"u,mJl 1996
S )ap3nn;:uhan, V KaJcndra I odhlil"",ab and l...Jwrcncc: lbum editors. lIIa.k~o.u .1 A,.b,ln.lutn .,lId "f'"lnoJllclI\ A(oldcn),<. ll r " 1999
6 rnf'clmofc. Robrrt Jnd Amhon y MnrJNn (Ed ,to,... J. DlDclcJlO.lrJ Sy~ltm S (n" In 'fIJIJI 'tnt'i '" ArlIPC I . l lllllr"l~rnl( i'J,J""", \\,,,!ry 1<)88
7 Erl Th om ii~ . £ '1" (( Onf"ll lfJ Ilrd"'fdillf ronH/lIS, T nhflotogy IInJ l)f"SuJ" P(cnt,,-c Ii all 200(\
8 C.lmm.l Er.<.h , Richard t Idm Ralph John,on , ilndJohn VI"'>ldC"'> /)«ollill P.lllff"' EI,mOl" 0/ Rt\4\abk Ob/I'\ I·()nrJI,tJ 1 1 ~ ,Jrt Add,'>on
W ~1C'f , JlJtJtJ
9 Gamma l,.,h , and Ikc.k . KC"m ( on,,,bwlrll!/ In Fdtp\( Prlll0l'lt , PlIflrm> UI1J PIWII ·'"t: Add, ..o n Wcdcy 20<.P
I(} CJpc:nOflK:C' ProJect, htlp www vf')t'nl)(hce nrw", h'le. PJpcr>. Icc h OV('rvl('W Ic;<.h _ ovcrvlcw html ll ~ (,I(.(.c: ..,cd 0' C'mht-r 2'. lUt)") I
Detailed Design
Figure 19.1 The context and learning goals for this chapter
O(;{:;lIlcd design is the technicill activity that follows architectural selection and Covers all remJinlng
aspeCIS of Icch/llc.1 crealion shorl of aClUal code. It addros es major goa ls of software deSign (from
Chapler 17 ). sufi1C!cncy. understandab il ity, modularity , cohesion, coupling . robustnes , fleX ibility, ,""us'
abi h ty , In formaiion hiding , dficiency, and rchabdllY· Th is hapter start> by relating lhe detailed design
RELAnNG USE CASES, ARCHITECTURE, AND DETAILED DESIGN 477
pro<.""" to the artlf. ts that have already been dcvdopcd by ,he tIme we get to this point , especIally the usc
ases of the requirement, analys" pro c" and the hIgh -level de Ign-the arch,te ture ( e tlon 19 I)
With regard to suffi lency , detailed des Ign provides enough partIculars for developers to implement the
",quorement of the appll atoon As for unde"tandab,llty and modulanty, obJect-onented desIgn specIfy classes,
theor attnbutt-s, and the or meth ~ i'nncipb of de,alled object-onented designs arc Introduced on Section 19 3
This fom1 of the applicatoon allows u to Inspec, deSIgn for strong coheSIon among grouped components and
weak ouplonK with others FleXIbil,ty, ,he reu e of component , and informatIon hidonll are d,scu ed on SectIons
19 4 and 19.6. Detailed deSIgn cntails the developmen , of sequen e d ,agram from usc cases (Secllon 197), whIch
are pnncipal SOUrcL-S for the pec,(, Olion of classes and me,hods The chap,er ends wIth case srudies
The agde method, d"cussed In haptcr 4, hegIns codIng without a full detaded deSIgn , and pcrhaps
wIthout any detaded de Ign at ali ThIS means that ,he detaded de Ign essentIall y lorms in the monds of the
programmers and IS gencrally documented wlthon the code Neverthcles<, dctaded deSIgn contonueS '0 exi t
for agde developer . We d,sc uss this further In eCllon 19 .
The rclationship between lise cases, architecture, and detailed de 'sn ca n be understood by analogy with the
process of deSIgning a bndge . U,c cases would be part of the requirement> for th e bridge (see ,he use case
example in Figure 192 ). Based on the r('qulrC~mcn(s, cnginloci would then selec t an archllcClurc by stcpplng
back, as it were , and looking at the big picture U sua ll y, more: than one architecture ufnccs In this case , a
sU5IXnslon architecture wa~ selected . ThiS process is diu trat-cd by FI8ure 192 .
Once the architecture ha been elected , engineers ma y develop the detailed deSIgn ' 0 enable ,he
reqUired use cases with the architecture selected This is suggested by F'gure 19 3.
In the software analogy to the bndge example. each corre pondong stage accumulate, additIonal c1a«es,
wh,ch arc shown to F,gure 19.2 and 193 In Step I, lise cases are spe lfied as part of the requirements. In tep
2, these, together with other sources, are used to Identify the domaIn classes. In tep 3, we develop the
software .rchitecrure, as described 1<l Chap ter 18 In Step 4 we develop the detaded design b), definIng deSIgn
cI.s es. We ,tart WIth the domaIn cla«es (e .g , Auto, Road ) and add additional de 'sn c13>se (e g , Guardrail ,
Cable) to complete the deSIgn. \'Qe then verify that th e arch Itecture and detailed deSIgn sup pOrt the requored
use cases For the bridge analogy, we venfy that cars can Indeed use the bridge de<ign '0 travel from Green's
Figure 19.2 The relationship among use cases, architeClure, and delalled design an analogy from bridge bUilding. 1 of 2
.78 CHArTER 19 DETAILED DESIGN
-Cars should be
ablo to ltavel l rom
B
Road
the lOp 01 Grecn's
HIli a t 65 mph, In
a Str81gh 11108 . (addecllor r------------------------------------,
I r::::l I
and amv.!) at dll.OIlledck ) gn) : SuPPOrt use case ~ :
Figure 19.3 The relationship among use cases, architecture, and detailed design-an analogy from bridge building, 2 of 2
Hdl to Jones H o ll o w a< specified Fo r software de .gn, we verify that Ihe classes and methods specified by Ihe
detailed dC~ l g n are capable of executing the required lI'i;{" cases .
19.2 A TYPICAL ROAD MAP FOR THE " DETAILED DESIGN" PROCESS
Deta.led des 'll n 51arts wilh the resliits of the .rch ilecture phase and ends with a complete blueprinl for the
prog rammin g phase. Figurl' 19.4 haws a typica l sequence of steps taken to perfo rm dctaded deSign . There is
rcally no universa l <landard way 10 go abo ul Ih.s process-and , in fact , we frequenlly cycle back to designing
\\"hen co n fTonted with the real ity of turning il deSign into reJ,!.ty The agile process in partic ular, d iscussed
bclo \1/ 10 celio n 19.8 and 10 C hapte r 4 , is an exrreme example of th is.
tep 2 of F'b'llrc 194 rcates the cia scs that associate the architecture on one hand with the doma", c1asse on
the o ther hJnd , a, .!Iu tTOted ,n the prev,ous seCllon. J)c"gn pattern may help in doi ng th, < for software designs.
We oft n begin the dcta.!ed dcs'gn process wlIh tho e aspec ts of the deSIg n that must be Implemented, come what
mJY, or that presentthc m ost n ,k Forcxample, in dCSlllfl1nl! En o unterwe m,ght conSIder risky the way In whIch
the c1as<cs were mod ulJ nzed (all charactef> "' o ne pa bge, etc ). Th,s shou ld be settled as soon as possible by
specify, ng the deta'!s of the Interface methods <0 that wecan get an Inllmate Idea of how th IS modulanzallon work
out. If the u<c of the ratc deSIgn pallem \,'cre perceIved a a ri.k. we would specify 11 5 details first
tep 3 of Figure 194 Includes chec kin g that we ha ve a complete de" g n It also In ludes c nsunng that
the object model supports the u e cases tep 6 co nllnues the praCllce of ,pecifYlng a test a< oon as each
ckment IS speCIfied .
In teSt ·dn ve n development , o ft e n a soclated wnh as .!c development, Steps 6 and 7 arc performed pno r
to some (pe rhaps a ll) of teps 1-5 , and their Il11pl eme ntall o ns art Included "' the process In other words,
tests are develo ped truly as early a pos ible, and the n de 'g ns and code created to sal1sfy them RegardJc<s of
the methodo logy used, ea rly <pec lR atlon of te t< ' 5 usuall y an excellent idea.
Marton [ I , 2) Identified five prinCIples fo r class desig n of o bject ,o rl e nted sof twa re that also go hand" n· hand
W1\h ag,le development These are <ummarized in Fig ure 19.5
These principles arc similar to, or follow (rom ~('v('ra l (hat we' havt" already discussed.
The '"91, Rrspo""bofily Prmcopl, emphasi zes the need for classe to have one clearly understood
rcs-ponsibtllry slich as "represent eu to mer data" or "represenr order (or ca mp ing Items ," rather th an very
bro.d tOpiCS such as "all there i< to know aboutlustolllers and their habits"~ or "campinS prefere nces." In other
wo rd<, I.>ses should ex hibit. hlsh level of cohe Ion When classes have only onc re pon"b d,ty. they arc
ea.slcr to 1ll311lQln and reuse .
The pClI .(J. <rd Pn" Iplt (0 P) states that module should be open lo r extension but closed for
modlAcation . That is, if an eXiSli n!! mod ul<' needs to support add,tlOl,al requirements, thcn the eXISting,
working code would remain Int.ct. It would no t need modification. In o ther words, new fu nctionality should
be Impl emented with new code. Consider the example shown In listing 19. 1. as described in ( I]. The code
sati sfie the reqUirement to draw a set of shJPcS consisting of clrclc~ and squares However, thiS code vtolatc'§
the 0 P because shapes o ther than ci rcl es and squares cannot be drawn Without modifying-not Simply
adding 10 th e body of th e fun c lio n.
A common way to avoi d modification and conform to the OCP is by lItil izi ng inheritance and
polymorphism . liSling 19.2 shows how thIS is accomplished in a new ve rsion of drawAIIShap"O. In this new
version . shapes such as Circles and Squares inherit from the base class Shape. A a Shape is extracted from the
vector, its polymorphiC drawO meth od is called to draw that shape . This mea ns that each type of shape i
respo nSible for knOWing how to draw itself. If Rew shapes need to be suppo rted. drawAlISI,up<> O does not need
to be modified-It au to maticall y calls the drawO meth od of that new shape when it is removed from
the vector.
Th~ U".u S"bsl;,"tio" Pri"ciplt states that any code referenCing an instance of a base class must also work
co""ctly if, instead. it is p.ssed an instance of a derived class. In o ther words, a d~rived cia", must honor the
semantics of. base class. If this principle were to be violated. then every time a new derived class is cre.ted,
cod~ would have to be modiR~d to rd~rence the n~w class. Violating the OCP.
DESIGNING AGAINST INTERFACES 411
Copy
,,,
~ ........... --.-.. --... -... .,
•• ••
Read Wnte
Keyboard Pnnter
Copy
Reader Writer
Read Write
Keyboard Printer
The Drp",d",ty IH"""OII Prill iplr (DIP) IS concerned with hiding detatl" It ask us to deSIgn hI g h-level
module In such a way that th ey do nOl depe nd o n low- level mo dule , Instead. eac h sho uld depend on
absrracti o ns Th,s makes the modules undcr< tandab le and usable In lhemselves o n<lder the example
descnbec! by Manln (3).
The Copy modu le IS depe nde nt o n the lowe r level modules-Read Ke yboa rd and Write Pnnter. mak Ing
II dIfficult to reuse a' a gene ral purpo c copy modu le By appl Yin g the DIP, we abstra t the read and wnte
modules, as shown In Figure 197 Now , opy depend, o nl y o n the abstract Reader and W nter, mak lllg It
more flexIble and ponable If new ty pes of Readers and Writers arc c reated , Co py" un.fle ted
The IH/rifaa 5r9" 90/I OH PrlllClplr te li , LIS to colic t related me th od, Int o separate Inte rla os rather than
mI x,"!: un re lated methods (even when needed as a whole gro up ) Il draws Irom Ie so n of com ponen t de -Ign
Ie II . MIcrosoft's 0 1) where we learned to package set< of me thod, In relatively mall , l11anagl'able set< By
keepin g Interfaces I\mall , we Increa se their co h e~ l on
The Id a of dcslllnll1g allaln,' Inll'rlacc< " lIke emplOYIng a contrac t The program e lement ,uppl II1g lun -
llonaJlly (c g the (IHlomcr c.liJ", } ~lIilrantc('s 10 prOVide ,nt cdi) e ftln tltm ... wllh ~pcL dH.:d name parJnlc:lcr
l"yp<: •• and return type, (e K , VOId h,Il("OId) an d /,oo/ra" prllll/\ 0 .. ", . ( ' Irlllq nCtv IIIIITypr)) The pr gr.lm cle mem,
USIOII the (unctlonalll Ycan lhen be d ,,~n d wllh ollt havlnlt 10 ~n ()w how th e ILIIKtlo nal, ty" 100plemen tcd-
all they need to know" how l() ",e the Ill te riate We have d"tu,wd Ih" CO ll tcp l In the o nte", 01 de,' gn
.82 CHAPTER 19 DETAILED DESIGN
.. wntten in lerms 01
Abstract la yer
Customer (not
specific Iypes ot
Customer) RegularCustomer
biliO
printAccounts()
Figure 19_8 Designing against Interfaces-an example of designing against Customer rather than RegulanCustomer
patterns \\,herc patterns have client Also , the Facade de Ig" pattern is a way of providing a clean interface to
a package o( cia es.
Designmg against interfaces takes man y forms . One is the usc of ab traction . For example, if code is to
be written about l\ltnmmai objects, then we try to write it so as to mention on ly AJlimnl objects. In other words.
we try to usc: only the Animnl lntcrface . ThiS allows gn:ater applicability and grea ter flexibihry for our design
As a hlrth.:r example, suppose that we arc writing code about eu tamers . Thi s ca n be understood as
writing against the ( usfomtr interface. We ca n actuall y consider uSlOg an abstract class Clcstomtr, which may
have nonabslraet subclasses such as Rr9u/arC,,' to",cr, as hown in Figure 19.8. This desig n is mo re nexible than
writing again 1 a concrete (nonabstract) class Rtgu/arCustomrr because we ca n easily add other types o(
customers, such as Sn v"'9,C,,' to",cr objects, with 'pecia lized verSions of hillO, without haVing to change the
code that uses ( us/orner objects. The diVision into an abs tra ct and a concre te la ye r is characte risti c o( many
deSign pattC'rns.
For Java In partICular, one tries to use Java ·speCific "Interfaces" (or the interface role descnbed ilbove.
These specify method signatures (name, return type, and parameters types ) o nl y. Unlike Java inheritance,
classes can Implement any number or interfaces The UtvtL notat ion (or an interface is a dotted-line rec tangle,
and a dOlled line triangle is used In tead of a o ild one.
The goal of complete detaoled design is to prOVide a complete blueprint from which a prog ram can be
constructed A good house blueprint leaves Ihe builder with as (ew doubt as po sible about the .ntentions of
the designer, and the same is true (or detailed software design . Figure 19.9 describes typica l steps in carrying
out detailed deSign for each class, and the succeeding te" explains the Slep in delail.
A fully detailed class diagram includes all allribute and operatio n names, signatures, visibol,ty, .-.,mm
types, and so on. Accessor methods arc commonly omilled . It IS customary 10 omit accessor function (e g ,
9rtSiuO and srtSizt()), since th«c can be inferred from the presence o( the corresponding attribules (e.g ., 'izd.
UML tools have the benefit of allowing designers to suppress (I.c., to not show ) cortaln clemonts of the
Rgu~-for exa mple, the "responsibilities" section or the variable types. Many tools allow designers to view
only the class« and their relationships, in order to get Ihe big picture.
SPECIFYING ClASSES. FUNCTIONS. AND ALGORITHMS 483
One language.lndepende nl manner III wh.ch 10 speedy classe IS Ihrough Ihe OREA Interf.ee
Oefinillon Language ( lO ll Th" " a slandard. teXlual (ormal (or ,peedYlll& Ihe .ntcrface, prov.ded by
collect.ons of las es their a"nb"Ies . and Iheir funcllons Fo r Ihe spec .f.ca l.on o( IDL. sec [4 ]
In some organi za ll n . detatlod dcs. g ns arc spec.fied by prov.d.ng code w.thout fun I. o n bod.e, ralher
than UI'"IL. Th" IS somcllm.s Ime of agtlc de velopers Th e advantage o( Ih" procedure" that there" no need 10
rranslale del.tled speedicatlons 1111 0 code A d. advanlage IS thai a code fo nn IS somew hat less rcadab le than
ordma!)t pro c The funcllOns In the code form arc then filled Ollt at Impltmcntat lon lime by programrne~
An effective way to specify functions is by means of prrC'oud,floI15 and p05tcotldlllO tlS Precond itions specify th e
relationships among vanablc') and constants that arc assumed to ('Xlst pnor to the runctlon' cxeclitio n.
postcondltions speedy the req Uired relallon shlp~ after the funcnon 's ext ution For example , the func ti on
w.,bd,.w(.1l1 UJill>drnw"IAlno" .. IP) of an "cco" .. 1 cia < could be spectiicd as ho \" n In F. 'ure 19 10 Anolher
cx.,mplc of a preconditiOn IS an tlgr parame ter that J method J4I!'oumcS" I ~ greater than zero The dfects of a
method arc ,t, poo l 0111"" 011, . ll,ey are the very reason for the method, and mu<t be pec ,f,ed., well. In the
cXptTICn c of the JUlilOr\, sohware eng lflccrs rcqulfC.: slglll AcJnr tltllOlnij In the capacity to SpeCIfy
pre ondltl o ns and po,,\condl(IOnC;; with preCISion , JIi III Figure 19 . 10
In l'anauh of a method are JSSCrLlon'i: thill are both prc cond 'll on~ and PO<;lc.ondltlons They arc a way to
mall,lall' ,nlelle lual control over the behavior of functions They specify relalionsh,ps Ihal do nOI change,
which IS wei orne in the envi ronme nt of an application, where complex change IS so ohen difficult to manage.
An exa mple fro m Encounter" the fo llowll1g possible ,nvaria nt for the "dju" Q,w'"y() method.
In other words, when the value of one quality,s changed with nd)u" Qun'"y(), the values of the remaining
quahtles change )n a way thtH Ie'aves their sum unchanged.
It is helpfu l to specify nontrivial algorithms at detaded desig n time. The adva ntage of doing this is that
engineers can Inspect the algonthm separatel y without lhe intrusion of programming com plexities , the-reby
trapp,ng man y ,mport.or defects before they magni fy into code defect . The more critica l the method, the
more Important thIS activity Methods wi th complicated branching art: candidates fo r actwity diagram s
("advanced flowcharts") . Activity diagrams were described in Chapter 16.
PsrodocoJe is a means of expressing an algorithm textuall y without having to specify programming
language detads. As an example, pseudocode 'or a hypo thetica l autOmated X·ray controller is shown ,n
Figure 19. 11 An adva ntage of pseudocode is that it is easy to understand but ca n also be made precise enough
to express algorithms. Anot her advantage is that algorithms can be: inspected for correct ne ss independently
of the clutter of a programming language. A third adva nta ge is that defect rates in pseudocode can be
collected and used as a predictor for ddect rates in the product. usi ng histonca l defect data.
Some orga ni zat Ions use inspected pseudocode a annotated comments in the source code listin g. Tool s
are then able to extract the p eudocode from the source. For example. using "lip" to preface pseudocode
statements, the code could impleme nt the pseudocode cited above-see F'gure 19 . 12
ActlVIry diagrams and pseudocode each have the advantages listed In Figures 19 . 13 and 19 . 14 . The
decision whether to use them or not depends on (aclOrs particular to th e ap-plication Some devel opers shun
act,vity d,agrams as old· fas hio ned, but activity d'agrams and pseudocode can be worth the trouble for
selected parts of applrc.tions, where they help to produce better quality products.
Most e nHlnee nng dlSclphncs (elec tnca l, mec hanl ai, c tc ) rel y o n th e u·. r of compo nents that ca n be procured
s<paratciy Bndge deS igner" for exa mrle, try to u,e standalu I-bea ms The wlde,pread adop tio n of ob)e t-
onented, ob)cct -hke, and ot he r co mpo ne nt paradigm, ha, helped to promo te oftwarc reu'e Ikea,,'e of the
large numbe r of methods pack'Bcd with each ci a", ftlf' l1 0 naht y that we need " ofte n In ludcd and i<
r<:lallvely conven ient to 10 ate The usc of MKro,oft I, brane' , V"u . 1 ila,ic Lontro l" '1IGro,oft A"embhe$
Java Bans, and Java App ilca u in Prowamm ll'!; Interface Lia"c, arc exam ple\ of w de reu,e
FfilffiCW()rks. dl scllc; d In hap tc r o n Jrc..l lllt'C lu rc . Ire pJc ka gc\ of ompo nellh dC"d,.;ncd
th e: prCV IO U \
r(Jr r ·U\C We d ~c1t) p {rMl1ework ... to ~U ppOrl ilPp1K<111 0 11 Jr tHl el- lUrc, . il nd '0 the Jrt" clf('ulv(' ly n.'u'Jble
The Java co re Al'l "anr,lher exa lllpic of a Widely
u,cd framework lava ilea n, prov ide ret" .b lc tu mp nent'
for }ava applKatlOm They In Iud grap hl , II al" and "c nlc rrnsc" bean;, wh ic h e nca psula te COl 1'01'. te ta'~<
-
486 CHAPTER 19 DETAILED DESIGN
>u h J> datJbJ,e a e <. In additio n to th. advanlaj(cs afforded by bClng da"c" beans obey sta nd ards that
make them cJ pable o f mallipulalio n within devel op ment e nv ironment ' Web · ba cd programs (i.e , nOt
o mpo nc nt< ) '" h a Java c npt and C I sen pt> art o ften reused
At • dirrerent level , the tandard Templal c Library ( TL) prOVides m ,. · a nd · matc h ca pabili ty of
,t.ndard ,' lgo rithms suc h as >orllng and scarc h ing . STL IS applicable to a va"ety of data struc tures a nd
to objech o f virtually any clac;s. In summary, a omponcnl marketplace ha~ emerged and IS g rowing
co nlilluall y
n,e Encounter video ga me case stud y prese nted at the end of this c hapter CO nlalll cxamples o f reuse
with in an cnterpr.isc: in this case, a Ham," de .... elopment business T o he cO~ l - dfcctlvC'-and thus compelltlve-
the company leverages its software as Illuch as possible among projec ts. For example, rathrr than invest the
resources to develop a class for the c harac ter in Encoun ter alo ne, It Inc!> to scpaf"il tc the develo pme nt Into a ga me
c ha", ter class, and usc a subclass for Encou nter's c ha",cter. The ga me cha",cter cia .. ca n be rcu<ed for o ther
ga mes. Th is Idea is extcndcd in the case study to a game framework con'S lsli ng o f several related classes, which IS
the commo n context for reuse.
HaVing found an exist ing compo nent Ihat cou ld possibly be used in an applicallo n, should It be used ) The
follOW ing factors arc ty pical in making this decision, and t.hcy sugges t fact o rs tha t shou ld be acco unted for III
creating o ne's own components slated for reuse
• Is the component docllmented as th oro ug hly as the rcst of the application) If not, ca n it be)
T o deCide on reuse of components with sig nifica nt size, a [able comparing the costs can be devel oped,
si milar to the o n~ in C hapter 8 where a make vs. buy example was shown .
Some detailed designs are best commu ni ca ted via deta ded sequence dia grams o r deta iled data flow
diagrams. Figures 19. 15 and 19 . 16 provide guidance on ",hat needs to be done with sequen,e diagram and
data Aow diagram to complete the correspo nd ing detailed design . The te xt that fo ll ows provide detail.
and examples.
1. Begin With the seq uence d iagrams constructed fo r detailed requirements and/or architecture (i f any)
corresponding to th~ usc cases.
2. Introduce additional use cases, if necessary, to descri be how part o f the design typica ll y mtcract with
the rest of the applic<ltlon .
3. PrOVide sequence diagrams With co mplete d~tails .
• be sure that the exact obJccts and their clas.c;cs arc s pcci~cd
• select specifk function names in place of natural language
(calls of o ne oblcct to another to perform an ope"'t lo n)
I. Gather data flow diagrams (DFD<) co n<tnJ ctcd fo r de tail ed requlrcments andlo r archll OClUre (i f a ny)
2 In tTOduce additio nal DFDs, If ne ('"ary, to explain data and procesSI ng flows
3 Indicate what part(s ) o f the other model , the DFD, correspo nd to .
• for example, "the fo llow"'8 DFD is for ea h Aceou"! object·
Provldl' all details o n the DFDs
• Indl ate clearly the nat\lre of the proccs-o ng at each nod e
• ",d ,c. te clearl y the kInd of data trnn,n"ttcd
• expa nd pro C - SlO g n odl"~ Int O DFD, If the procc~sin g descnp tion requi res more detail
Figure 19.16 Refinong models for detailed deSIgns. 2 of 2-data flow dIagrams
Recall that use cases ca n be utili zed to exprc,>s reqLllfcmcms, and that \\Ie also usc them to determine t he key
domaIn cia se for the apphcation. For th e dt·tailed design phase, \ve proVIde cla'>es WIth the methods
referen ced i n the sc:qucncc d iagrams.
As an exa mple, the sequence dli:lgram fo r the: "Encounter Foreign Character" IS ~ h own In Figure 19 . 18,
hawing th e message between obje ts on the software design. The reaso non g beh ond the h",ctl ons chosen IS
as follows .
1. Forro9110Itlrael" is to have a d, <p lay ftlnc tl o n. We woll implement Ih o< wit h a method d"piay(J. (Since all
characlers will need to be displayed, we ca n actua ll y ensure thIS re q ulTeme nt by g IvIng the ba,e cia
Gam,O,"raelt' a dlsplay (J metho d .) The ,equcnce dia g ram shows Ellco""""Gam, c reating the fore Ig n haractet
(Step 1.2) and also an Engage men t o bject, and th en ca lling d"piay() An engagemcnt" to take place, and a
good design is to capture Ihis by creat ing an EII9a9Cl"ClII object Th,s IS ill ustrated", F,gure 19 17
2 ThiS tcp 10 the usc ca~C' Indicates [hat we need a n cxrcutr() melhod In E"!1agcmnlt
2. 1 Th i step requires that Freddie and th e main playn c harac ter be able to hange thelT qua lo ty va lues
Inee th is capab ll, ty i<; comm o n to al l fucol/'Ilrr Char.:lCic". w (' prOVide the base EII(.olmfr r(JJararlrr clas
WIth a wQuallly () me th od
1 1 dlsplayForolgnCharO
1.2 dlsplayO
1 3 new Engagemo:..n=-I"O--_ _ _ _ _ _ _ _ _ __
I
•
Figure 19.17 BegInning of sequence diagram for Encourl! r ForeJgn CharaCler USC case
0188 CHAP tER 19 DETAILED DESIGN
2.1 setPlayerOual,lyO
J :Player's
•
maIO
character
I
I
I
I
I
2.2 setOuai,tyO I
I
t I
2.3 setForeignOuality()
3.1 new Engagemenl0ispiayO
2.4 selOuaiityO
3.2 displayResul t()
Figure 19.18 Sequence diagram for Encounter Foreign Character use case
3. This step requires that the re ult of the engageme nt be shown. The following two substeps constitute one
way to do th is.
3.2 Now we show the engagemen! dISplay by calling its d;,playR<suliO metho d .
Si nce the me thods required to execute this usc case arc now known . we can include them on the class
model , as in Figure 19 . 19 . Con tinuin g ,his process , the class mo de l and the use case mo del (in the form of
seq uence dia g rams) arc complet ed in detail , a show n in ,he case study. T he state model (if app lica ble)
mus t al 0 be completed in derail. A data flow di agra m is ye t ano,her possibly u efu l mo d el, and IS discussed
next.
Engagement EngagementOisplay
executeQ displayResultO
EncounterGame
PlaverCharacter
EncounlerCast
setOuality()
disptayForelgnCharO
setPlayerOuailtyO
ForeignCharader
setForelgnQuality()
selOualityO
To relate dala flo'" model, to I."e•. we ca n map ('ach proce sIng elemenl 10 a meth o d of • cla.s. F,gure 19 .20
shows a h'gh ·level VIew of a dala flow d,a gra m fran ATM banking appilcaHon Dala flow mo dels can be
lc/mop,.1 For example. F,gure 19 2 1 exponds proce"In!! clement< tro m lhe DFD In F,gure 19 20
T ele, op ing allows us 10 show a hlgh · level VICW, fo llowed by successIve 'tages co nta in Ing as much
delJl1 as we WI h. Th. " aVOid .. overwhel ming the viewer Each pro e"~ ln g tlt'mem IS expanded Into a mo re
detailed DFD. a nd thI S expa nsion proccs~ is continued unl .! the lowest level prace . sin s l'!ement are reached
The latter are typically ,nd,VI dual ftlnct lo ns, pOSSIbl y of dIfferent cla<St< For example, lhe g"D,poSl'() fun c lio n
IS expanded in lO lhree un tlons (gelllnl! lhe I)asswo rd, verify,ng II , and makIn g a dISplay ). T wo o f lhese
Inleract WIth dala Slore> (a local log of lransa lIons, a lISt of problem users, and a templale for <creen d,splay»
that were not show n In l he h,gh . leve l DFD I o le lh.l lhe data enlran os and exItS from t he dela dod
expansions match Ih o~(" In the Vc,"",an, fro m wh ich the )' arc expanded
Account. Customer.
Balance User 1--
getDepositO getDetailsO
Customer
Logical (unction
(software or hardware)
Figure 19.20 Detailed data flow dIagram for bankIng application, 1 of 2- hlgh level
.'~'
.. , .' . ,.' "'" .''%...,. '"
--.
, display() wordO Pass- wordO
--
•
status
word
•
"
,. I,U
Figure 19.21 Detailed data flow diagram for banking appllcallon, 2 of 2- wllh details
490 CHAPTER 19 DETAILED DESIGN
Ea h processln~ elemenl " expanded 1111 0 a mo rc de,ailed DFD, and 'h" cxpan>lon proce" " con ·
tlnlled unt" the 10\ c-.t ·lcvel pro C"'~ '" 8 clements Jre rca hed 11,c IJuer Me tYPICall y Indi vidual (unction,»,
ro"ibl of d,fleren, cla"e For example . Ihe gr,D,pos, l() lun I,on ,s expanded ,n lO [hree lun lion' II(CltinK 'he
p.,sword, venlyong i', and making a display ) Two 01 the<c onlera t w,th data ,tores (a local log of l",nSOCtlOn<. a
10 t 01 problcmusers, and a lemplate forsereen displays) Ihal were nOI shown ,n Ihe h'ljh · leve l DFD Ole Iha' the
data cntr.mces and c>ats (rom the detailed cxpancolons malc..h tho C In the vC~ l o n ~ from whl h they arc expanded
DFDs arc nol hclphil for .11 appiocal,on . For example, rhey do nol add mu h '0
Ihe Encoun ,er case study
Ag,le procc<scs, descnbed in hapler 4 and referred ' 0 throu g ho ut Ihis book . ernph", zc work,ng code and
place documentation at a lower pnority The lauer includes dctai Icd d('s l ,gn~ An cx tTcmc I nterprctat Io n of thiS IS
thJt detaIled de: ign countS (or very little, but a more mca lIrcd Interpretation is lh~H an agile process would
crca!'e detaolcd designs for o nl y t hose parts of app lieation< where the effort to produce them is worth the beneht
An example is a complica,ed bUI important algon'hm . A non ·agile developmen, effort , on the o the r hand, may
document every method For large development erforts, Ieavon!; ,t to ,he judgmen' of hundreds 01 sorrware
engooeers as 10 whe ther deSIgn de'ails should be documented o r no' may nOt be favored by projec i managers
It is obvious that oftware cnglllcers should not engage in ~ cti v lt ies with Insu ffiC ient benefits. One issue
that makes this less than clear, however, is whether one a . esses benefi ls in the shon tem1 or the long lerm
Good , deta,led design doeumen'ation of a class ,hat supports the code (possibly as comme nts) would help
ma,ntainers. I, would also have 10 be kep' up· to· date by main,ainers. This is probab ly a long· tem, bencfir ,hal
is not as clear in the hon term
Recall ,hat 'he unified development approach 01 Jacobso n 01' aI. , described on Chapter 3, groups iterarions ,n lO
the "Inception: "Elaboration ." "Construction ," and "Tran <i'io n" ca tegoric (sec F'gure 19.22). Design rakes
place primarily somew hat during ''Elaborat ion'' but mos tl y elming the "Con truCtlOr." iterations. T he idea is
ReQu1rements I
I
I
Analysis
I
Design I
Implemen- I
tatlon
I I
I
Test
I I
Figure 19.23 IEEE 1016· 1998 Software Design Document table of contents. With focus on detailed design section
SGut:e' IEEE 10' 6-1998
that most of [he requ"e m~nt < wdl have been gat hered by tho e sta ge, An "Analy"s" pha,e " freq uentl y
identified a part of the waterfa ll proce s omp.red with the term ino logy of thi s boo k. the Ana lys " phase
cons! (s partly of requiremen t. aniliysis and panl)' of ilfchitt'crurc elc::ctlon
The unified process encourages three types ("stereo types") of classes althe analYSIS level · "'lity bou"dary
and (antral classes, wherea Lhere I no or;;:uch n:slriction on deSign clas cs Entity classes exprc~" th e es cnce of
the concept. and arc ur.likely to req uire c han ge ove r time or between al>plo c olions Boundary cI.sse, h andle
communication with entity objects, and control c1ilssC' contain methods th at pertain to th e C'ntlty ObJl'c t but
Ihat are Iyplcally speCia l to th e app li ca ti o n in which th e en tity class is beong used . Bo unda ry clas e' are
typically like the M,d,.'or objet! on the Mcdoator de ign pattern descnbed In Chapter t 6 The umned proce
promotes VI ual tools for deSig n An example o f th" " Ihe Rat io na l Ro<e tool sold by IB I\\
Recall IEEE ta ndard 10 16 · 1998 for olt ware DeSign D ocument, , how n on hapt er I o n 'olt",. rc
architecture. ae; shown In Figurt' 19 23 Thl~ format for tht' dc·taded d<.: or; : lgn \CC[ lon of thle; documcnt co nsl<;ts
of speclfyon~ a desuipllon o f each mo dufc (po ka g l' ) In turn , With a det.oIed desulptlon 01eoch d a la part Fo r
00 deSign , . the lalter c. n be repl aced with a detaded de,c nptlon 01 each cia"
On(: a detadc:d uco., lgn I ~ hand, the projC t pl;)n ca n I c mJde morc '11<'CdlC In ')(."vcral rce; pl'C ts III partl ubr
In
(.ost estimation Cil n he made.' mu h more pre I':;C , chcdul co., an be brfJk t' l1 cl own Into tJ,k,. and tJ,k .. an be
.lIocated to ond,vldual, r ,,,!urc 1924 In( lllCle, mO<l o f Ihe Impo rt a ntupdatl" to be pe ri orm e d o n e dClOoIcd
design" <omplete
<; 1Ilc..c we can ~ tlm a t e th e I1llmhl' r "110 'I ze of thl' mc·thud, IIlvolvc d In th l' app ll lJ l 101l U,U1 t-: dl' t.lIlcd
d(!,,)IKn ~. J mOre pre 1St' c, tlmal lOI1 o ( the proJc(.( ,IZC 1,\ pU"lb lt A, dl'\ nhc 1111 C h a pt e r ~ . pi ICel LO'h tJn
then 1><: Inl ~rr~d f"lm Ih e " Z.l· II ~lI rc t 'l 25 , h ow< line ",aj' o f orrylng th" lit
.92 CHAPTER 19 DETAilED DESIGN
I Make ,u"" Ihe SDD renect< I.te,t version of dctadl'd de,i~n , ., Set lied on after Impcclions
2 G,W complele delall 10 Ihe ,chedule ( PMP)
3 Allocale precise lasks to team members (SPMP)
4 Improve projeci co I and time C limates (sec below).
5 Update the CMP to renect the new parts.
6. Review proce s by which Ihe detailed design w. crealed, and determine Improvement< Include •
Figure 19.24 Bringing the project up·to·date after completing detailed design
The COCOMO model can now be used again to refine the estimate of job durati o n. It IS be t to usc
personal data to eSlimate th e LOC for very small , sman , and such jobs. In the absence of these data,
department, division, o r corporate data can be used. Otherwise, Humphrey's table (Figure 19 .26) [6] may be
usefully applied. Figure 19.26 applies to C+ + LOC per method. On the average, Java and C. + requ ire the
same number of LOC to implement si milar functionaliry [7, 8].
Calculation methods perform numerical comput.tion; data methods manipulate data (e .g .. reformat·
tlng); logic methods consist mainly of branching; setup methods initialize situati o ns; text methods
manipulate text Estimates for methods that combine several of these can be computed by averaging. For
example, an unexceptional ("medium") method that performs calculations but also has a substantial logic
component can be estima ted as having ( 11.25 • 15.98 )/2 = 13.62 lines of code.
Descriptors such as V'ry Small and Sm.1I are "fuzzy" in that they describe ranges rather than precise
amounts. These ranges can overlap. in which case an aVCr.lgc of the correspondi ng table values can be used.
(This IS actually a simpli fication of fuzziness . but adequate for our purpose.) Fuzzy descriptors arc practical
Calegory
Calculation 2 34 5 13 1 1 25 24 66 54 .04
Data 2 .60 479 8.84 16 .3 1 3009
Metho d type VO 90 1 12 06 16. 15 21 62 28 .93
Logic 7.55 10 .98 15.98 2325 33 83
Set-up 3.88 5 0·1 6.56 853 11 09
Text 3.75 800 1707 364 1 77 67
~cause they arc ca'\y to understand They ca n be made more precIse.: by ca te gorization \\Inh the normal
distributi on, as shown in Fi gure 19.27
On Ihe average, about 38 percent of the meth od sho uld be claSSified as "medium ," 24 percent "<mall ,"
and 7 percent "very small: a< illustrated in Figure 19.27 These numbers arc oblalnod from the fac llhat about
38 percent of the va lues in a normal d, tributlo n arc wilhin a half of a standard deviation of Ihe mean In
practical tenns, If the fract ion of metho ds yo u e lilll ale as "very large" differs much front 7 percent , for
example, Ihen you shou ld be satisned that yo ur app lica lio n rea ll y does have a n unu sua l numbe r of very large
methods. O lhc lwi ' e , yo u sho uld revise your es tllnales.
As an ,,"ample, lei's <Stlmale the size of the <xccul<() metho d of th e Eng"gem"'l clas l111s mel hod Involvo<
the recalculation or qua li ry va lues, which is th e cssenria l mechanism of executing the engagement process
For this reason , we could clasSify Ih e ",tmltO met ho d a, a "calculati o n.' The size of the "'t(ultO mel hod is not
particularly remarkable, since it consi ts of a fairl y straightforward co mputat io n of va lues, so we'll cla<>.fy II as
' medium : Thus , the e timated co ntribution of "'t(ult O is 11 .25 LOC
A level 5 orga nizatio n (sec C hapter 5 o n the Capabilit y Maturity M o del ) would IYPlcali y pl o t method
size estimates against acrual Sizes In o rder to improve thi S es timJtlon process. In th t- ca ... e study , these
estimates arc app li ed to the Encou nter Video ga me .
Approximate
percentage of
methods
classified with this
description s M L
7% 24 % 38% 24 % 7%
v v
-2 -1 o 1 2
Standard devia tions Irorn the moan
Fl&ure 19,27 Normal chSlllbuUon of "small," " medium," and " large"
.94 CIiAPITR 19 DETAILED DESIGN
\'\fhat follow> ISthe detailed de. llln for Encounter, based the l,audl,E.CIlIO method of Its al!grel!ated Ga",Slal,
on th e architecture speciRcd earlier 10 dHS book, and ob)e t. The seque nce d ,al!cam for th is IS shown In
U lOll the IEEE standard E.ch use case is rea!.zed a< a Figure 19,29. For th e current fe lease , the methods arc
sequence diagram by dl'CldlOg, for cach u<c ca<e step, either trivlJI or arc 'ihow n In Figure 19 29
willch object <hould initiate and wh ich should perfoml
the work Slep IOvolvecl ll,eclass models should contain
Ihe classes that appear 10 the equence diagram Pseudocode (or selec ted method within se ·
lected classes may be included he re. In addi ·
6. Detailed Design of Role-Playing Game tion , detailed usc cases can be included. Si nce
Framework the methods and thei r detai ls arc still o ne or
two lines in rhis case, it is sufficien t' to elab·
orate o n the (barely) nontnvial me thods wllh
6.1 Module Detailed Design
the no tatIOn shown in Figure 19.28 .
MouseListener
I
( rPGameS .handleEvent():
I
rPGameS RPGMouse£ventListener
mouseEnlerO
RPGame
handleEventO slateS handleEvenlO
( stateS.handleEventO: )
:RPGMouseEventListener
1. mouse-+(-,
action
2. mouseChckedO
3. handle Event
( Event)
4 . handle Event
( Event)
RolePlaylngG.me
. f_work package w
Characters
- U~6S •
EncountorGame
.. use -application package -
EncounterCharaclers
- application package- I EncounterGame
I I Engagement
I
EncounterCharacter I EngagementDisplay
I
-z;;- GameEnvironment
Ir
PlayerCharacter
- framework package-
r
ForeignCharacter
- u~es w
EncounterEnVlronment
I PlayerOualityWindow
I ..application package ..
Gam8Art~acts
Area
I EncounterAreaConnection
I
.framework packsge- I Con nectioflHype rI ink
I
Figure 19.30 Encounter game architecture packages, showing domain classes only
,
~------- ------------ ,,
:
,, RolePlayingGame ,,
-,- ------------------- --------------------------------- ------------- --,,
,, ,,
,, RPGMouseEventustener
,,, notilyOfEventO
RPGame GameState ,,,
handleEventO handleEventO ,,
,,, ,,
,, ~ ,
,
---
--- -------------- -------------------------------- --------- -- ------- ---- ----- -
1-------£------------------- -- ---- -- ---- - -- -- ~ ---- -,
--------
I I
I EncounterGame I
I «singleton» I
I Engaging Wailing I
I I
I handleEventO handleEventO I
I
I
I
Engagement
t <>l I
I
I
I I
I I
I Reporting Preparing I
I handleEvenlO I
I EngagementDlsplay handleEventO I
I I
t I
fL.. _ _ _ _ _ _ _ _
----------~------- ------- - - - -I
,, -
I
,I,
, EncounlerGame ,
EncounlerEnvironment EncounterCast ----- ----- -- ----- '
n ,crc ,.. {''(actly one 1O,,{a n l' of the E"tOUlltrrClltn( Q"alVal,,,DlSpl " a rcad ·o nly tex i box fo r d,s-
c1as n,e <r.llc, 01 Ih, obJecl rene I Ihe ; Iale, . nd pl .y ing the value of a qual,ty.
~bo- ratn ~hown In the above tatc· transltlon diagram
"Q".lValll,D ..pl " an ed'i able lex I box fo r
The fncou"tm"9 'laic aggregale all E"909""",1 obJecl
ellong Ihe value of a qua l,lY
that en ap ... ula tcs the cllgilgcmcnt of th e gJmc charac -
lers n,e E"gogm,,,,1 lass aggfl'galCS a d,splay called Enco'lIIlrrD;splayllrm ab<tracls Ihe properties and
f"g.!I"",,,IDospl.y . The laller IS m u<e ·sensollve. reg's. melhods 01 d,splay.hle Encoun ler ,terns uc h a.
lenng w'lh an RPGA IOll" E"noILslno" obJe I When Ihe Ihesc.
Encounter game IS execulcd , thl li stener 0 1 Jeet rder-
EIlgagcmrt" D,spl"y IS des'gned to do< play the
ences Ihe E"co,mlrrGano, obJecl (an RPC."" obJe I) Th"
current va lue.: of any selec ted qualIfY·
enables E"co,,,,trrG.m, to handle all evenl< acco rd ing 10
the game's tate. uSIng Ihe I.IC dl'<'gn pa llCIn The S"Q,wl,tyD,splay , dc<ogned to enable the
E"counlrrG.m, package ha, Ihe «'Spon ,bolllY 01 d, recl · playe r 10 SCI Ihe va lue of any qua lilY
Ing the movement of th e fo rc-ig:"} charactcr over l ime.
Ell o""!r,DlSplay ab traclS Ihe propcrt,c of Ihese
Th, , perlom,ed by melhods of the cia, ham 1,,-
dosp la s and IS. med,.to r base lass
MOV<mml. which os a thread class
tale classes need to rdert n e other package on
Th, document does not prov,de further dCloois
orderto ,mplcment IJall,Il,EIJtI,tf), and th,s is done th rough
of Ihe deSIg n of the,e lasses
the Fdcadr objects EncolUlkrCn!lt and E,,(OlltlttTftlViromnnl f
6.1.1.1 The EncounterGameO;splays Subpac k- 6 .1.1.2 Se quence Diagrams for Event Ha ndli ng
age of the EncounterGame Pa c kage Di splays
correspo nd ,ng to some of Ihe tales arc hand led by a
separa te: ubpackage , Ellcou"ter ,(JmcD,splf1Ys, w hi h IS 6.1.1.2.1 Player Dism isses Report Window
shown on F'gu re 19.32 Event Fi gure 1933 hows the wqllence ,,,volved
i n di sm ISS i ng th e cngagc:mem d,o;;pla tTh,<; di .
QualLslD;splos a lost box conSIstin g of Ihe qual,, · m ls' al eve nl IS ~ h wn on the ,IJtC - tran Il io n
ICS or Encounter ch ar.'l ctcrs d,agram .)
MouseListener
-_..... - ....... _..... _.. _--
r- I
I
-- --- ------
EncounterDisplayltem 0 : ~ EncounterCast I
II ~ I
,,I EncounterOisplay
,
I,,
,I Oual listDispl SetOualValueDispl
..,
I OualValueDlspl
II
I
I
I EngagemenlDisplay Reporting
,I
I
I
i '- handleEvonlO
,I SetOualityDisplay !- Preparing
- - - - -- - . _-1 handloEvonl()
user :EngagemenlDisplay
1 • hI! :RPGMouse
dismiss EvenlUslener :ReportingEncounler
bunon
2. mouS<lClockodO :EncounlerGame
3 handleEvenlO
4, handleEventO
5. solVlsible( lalse )
6. setState
(new Walling ())
6.1.1.2.2 Player Completes Setup Event Fig. connec tio n hy perl ink. (Th is dismissa l event IS shown
ure 19 .34 ~hows the scque nc(' Involved when the o n the state· transi ti o n diagram .)
player completes the SC:l"Up . (Th is di missa l event is
shown on th e ~tatc ' lransition diagram .)
6.1.1.2.4 Sequence Diagrams for Remaining
6.1.1.2.3 Player Moves to Adjacent Area Event Events The remai nong eve nts are handled very
Figure 19 .35 shows the sequence when the playe r sim ilarly 10 th ose described in Sectio ns 6 . 1 1.1
moves to an adjacent area by cl icking o n a Ihrough 6. 1.1. 3.
1. hIt :RPGMouse
dismiss EventListener
bunon
-l
2. mouseClickedO
:EncounterGame
3. handleEvenlO
or
4. handleEvenlO
"r'1
5. setVisible( false )
r'r 6. selSlate
(new WaltingOi
Figure 19.34 seQuence diagram for Player Completes Setup use case
CASE STUDY DETAILED DESIGN OF ENCOUNTER 499
9. setState
U (new Engag,ngUi
Figure 19.35 Sequence diagram for Player Moves to Adjacent Area use case
6.1.1 . CM The CharacterMovement Class 6.1.2. EG The EncounterGame Class ThIS "
the faca de , IOgltton lor th t E" o""'rrG"",, package
pr ivate EncounterGame () :
Inheritance
Th is cia'> Inhent< from Java 1""9 Thread Precondition.:; none
Post ndillon... rcJ t (~ I n EII(Olmtcr(,(lrtlc In,l"J,nte
Methods of (haradrrMov,""H I
Mcthod" of E",outllcr(,mnr
publi c static EncounterGame run ( ) ;
Slart, the foreign ~ h .ract"r ,n th" dung""n public static EncounterGame
Muve, the f",elgn haractor Irom arCJ to area getTheEncounterGame() :
Via area ('onnC('II()n<. , cha n~l!l~ area.., to a ran PretO lH.h l IOn\ no ne
domly ,cI~~led n ' Ighbnr, at random IIme< 11o\ltOlldlll n, ttlco lHllrrC,tltnrS not nlill
a\,("raKln~ f..:vc:ry two \ccond ... I e turr)«; ('It CO IIPlI('(hl "' t'~
500 CHAPTl:R , 9 DETAILED DESIGN
6.1.3. EN The Engagement Class ThIS clas< Each of Ihe« cla< e' Implements Its hand/,tDatIO
n Jpsulatco;. cnHagcmcn ls bct\..,1 ccn the players char· method in a corda nee WIth the sequence dIagrams of
aCter and th e fore lg" c harac ter. and corresponds to ection 6 I. I I,
reqUIrement 3 2.EN .
6.1.2 The EncounterCharacters package
Inheritance Inheritance
The e classcs inherit from Gam,Slal, in the This class mherits from GameCharacter in the
framework package. framework package.
Characters
. Iramework package"
GameCharacter
EncounterCharacters
..application package-
EncounterCharacter
PlayerCharacter
.·facade-
EncounterCast
ForeignCharacter
Attnbutc of EI1C'Olmltr baraclcr Set Ihe stated q uality to the destred amount
These att~.f requ irement 32ECI IF the caller adjusts the on ly nonzero qual ·
private static final String[ J ity value , divide the adjustment amount
qualityTypeS equally among all other qualtttes
This represem the qualities that EnCouHlu char- EL E change the remalOlng qualttic., re o
acters pas ess. These arc conCe ntrati o n, sta· tainlng their murual proportiOn,
mlna , Inlclhgcnce, patience, and strength .
Sct each quality whose va lue is now less
private float [J qualvalueI than 0.5 to zero.
11u IS an array COnt3 1nlflg the valuec; of the public float qetQualityVillue
qualtttcs. ( Str ing qualityP )
Constructors of EnC"ounlrrCI){zracrrr Preco nditions qua lt tyP IS a val,d q"altty string
These satisfy reqUIrement' 3.2 EC3 of the SRS Returns the va lue of qua lt tyP
Null constructor pub 1 ic f loa t qetToleranc e ( )
Po tconditton The qualit lc arc all equa l
fracttons of 100 Return , thc value below whIch quality values
cannOl go
protected EncounterCharacter
( St ring nameP ) protected int maxNumCharsInName ()
Pos tcond l Lions · Rerurns: t'he max imum number of charJcter In
( I) the qualities arc all equa l fnct ions of 100. th e names of Encounrer characters
(2) the character's name IS ameP public float sumOfQualities ()
Methods of EncolI" I"Charact" Returns, the sum of the value< of the qualltlc,
public synchronized void Thi s meth od sallshes requireme nt 32 EC3 2
adjustQuali ty public void showCharacter
( String qualityP , float ( Component componentP ,
qualityValueP ) Graphics drawP , Point posP , int
TIll method ,.ttsfle< requirement 3.2 E .3 2 heightPixP , boolean faceLeftP )
Invananls none Displays the character in cO"'PO,,"'IP. with ccn·
Precond,tIons, tcr at posP, wit h heI ght l)<Igh/P,xP, facIng left If
qualltyP I< In qualttyT ypc<S[ J
JacruJIP true
AND qualltyValue l > =0
AND quahtyV. lueP < = the sum of the TIllS metho d at"Res requirement, 3.2 r C I
quality values and 32 PQ I
Pcxlcondl t lon\
pr ivate void setQuality ( Str ing
quahtyP has the value qualtty Value P
quali tyP , float va lueP )
AND
the remaining quality values arc tn the qmc Prc onditlo ns, qlla/ltyP " a va hd qualir' 'trlng
proportion 3\ e " the qua ),ty ,nd, . ted by Ih e pM.meter t
prt()r to Invocallon , exc.ep t th at va lue:, I c,,~ Vllilltp.r th e latter t< > = 0.5. oth e rwi$~ sets
than 0.5 arc zero oal",P to Zero
The followIng" the p<cudo ode for TI,l" method 'aw.he, r~qll1n:n1t.·nt 3 2
the method aJ)u"Oua/IIY() 2 (lower Im1lt t) llll onZt>ro qUiJhlV value, )
502 CHAPTER 19 DElAILED DESIGN
Inhent ance
6.1.7. FC The ForeignCharacter Class n is Thi S d.,o;s Inhents (rom GnmtA rra
clas. i analogou to Plnycr(l",raclrr. described Attributes,
nex t, and ,s designed to sa tisfy the SR 3.2.FC
pri vate St ring nam eI ; I I
6.1.8. PC The PlayerCharacter Class This class corresponding to requirement
,s desig ned to satISfy the requirements 3.2.PC 3 . 2 . AR. 1. 1
private Image i mageI ; II
Inhcrirance cor r espo nd i ng t o requirement
Thl c1asc; Inherits fro m E'ICOlilllt rCha ra clcr. 3 . 2 . AR . 1.2
Attnb utes, private Stri ng [ J qu alitiesI ; II
co rr es pond ing to requireme nt
private static final Play e r 3 . 2 . AR . 1. 3
Cha racter playerCharacterS ; pr ivate Vector co nn ect io n
This is the si ngkton object representing the HyperlinksI;
player's charac te r.
Metho ds
Methods, pub lic v o id display ( ) I I
public static final Player shows the area objec t's image on the mo nitor.
Characte r getPlayerCharacter( ) ; public static Area geUrea
nis me thod returns play,rCharaclcrS. (String areaNameP )
return s the area correspondin g to MtaNamtP
according to requirement 3.2 AR.2.2.
6.1.7 The EncounterEnvironment package
The classes of thiS package describe th e environment public static AreaConnection
In which the game takes place. It is shown in getAreaConnection ( St ring area
F,gure 19.37. ConnectionNameP )
GameEnvlronment
I
Area
rC EncounterAreaConnectlon
EncountetEnvlron,icent
getPluginPrelerences() •• • by
/ ,, Idoolificatlon
/
/
,,
/
/
/
, \
r-_-',I'-----, ~
Preferences Palh
Re, urns_ ,he plug-on run"l11e obJec" or null generated (via Javadoc) from source code
•
comment An advantage of uSIng Javadoc is
that it lend, to ren'liUn up-lo -da te a long as ,he
progr.Jmmcr comments the code accordmg to
We have provided Just a '.s'e of the beglnnong
the standard
of the Eclipsc design . Th, example provIdes a
19.14 SUMMARY
DetaIled de Ign IS an actiVIty In whIch components su has clas c, and me' hods are denned In enough de,aol
so th at implementation ca n comme nce We Start \\1 1th the domain lassc!t from requlremcnb analysi and add
the necessary deSign classes to complete the design DeSign patterns arc Introduced as reqUIred to Implement
any comm onl y n.:curring deSign prob lems.
Dunng detailed design, l!lterface functions \ ../ith spec ified names, parameter types, and rerurn rype, arc
de fi ned The program eicments USi ng these func'ions can [hen be designed wllhou, haVing '0 know how
,he fu nctionality I Implemented-all ,hey need '0 know IS how '0 usc [he Interface Th,s faclllla ,es ,he
develop me n' of each design clement epara,dy. The Facade deSIgn pattern lone way of prov,d,n g an
intcrface to (l package of clas cs
When designing o bjec, -oriented software. severa l wc ll -esta bli,hed de>lgn pnnclpies help en,ure a
robust and extenSIble design : Slngle · re<p o nSlbol" y , ope n·closed , LlSkov substitutIon , dependenc -inVersIon
and interface segregJrio n.
'.It'lhen speCIfying ,he detaol< of a class, we start wllh the do maIn cia ses def,ned durong requirement< Wle
ga,her the attrobu'es already defined a nd add addi ' io nal attribu ' es reqUired for deSIgn Wle also der.ne cia,s
and method Invariants, and me' hod pre - a nd postcond " ions . Pseud ocode IS wrottcn '0
de,cnbe how each
me' hod is '0 be Impleme nted. W e ' hen add ad diti o n classes necessary ' 0 comple ,e the dc<ogn and dra'" a cia"
model shOWing ,he SlatlC relationshIp between classes An ac" v,ty dIa g ram an al<o be drawn '0
graph l all y
describe nontnvlal algorithrn~ Some.: detailed designs are best commun icated via detaded scqllcncl.' dlagramc;
o r de,ailed da,a Row d,agrams. Sequcn e diagrams sho w , he obJe ' s assoeoa,ed with a partIcular use ase and
the messa ges (, c ., func"on ca lls) ,ha, flow be,ween ,hem . Da,a flow d,a gra ms show procesSIng demen', (, c .,
methods) In a program and ,he da,a ,h., flow between ,hem
The de ,a lied de<osn IS documen,ed "' a sof,ware deS Ig n speclhcallon . Wle have on'rodu cd IEEE
standard 1016-1998 lor oftware DeSIgn Document< as a n exa mple of slIch a document
Detalied deSIgn conclude, by upda"ng ,he ,chedu le in , he PMI' ' 0 relk , ,hl' de ' aols learned The
proce < hould also be reVIewed with respect '0 ,he amoun, of "me ,aken and thl' number defec,' d"covefl·d
Im provcmelHs can be planned ba,ed on how these mtln ... compare agaln')t the pbn
19.15 EXERCISES
2 Your ompa ny produ es <ohw3re Ihat con tro ls a rohot 3m> for manufac tUring Name four clas.cs
that wou ld he appropria te me mber< of yo ur o mpa ny', ,0flwMe framework Expla in your
reaso ning.
3 E. lIm atr the num ber of lines of Jav3 ode fo r the fo ll owln 8 sc t of me tho ds. T he met hods arc
o rdered fTom malles t to large t. Assum e t bat th ere IS no thin g un usual abou t t he Job ",apt as
indica ted In th e informatt on below ,
4. o mpic te th e fo lioWIn!:, ex pl ai nin g und er what ci rcumstan ces you would use th e fo llowi ng in
detai led desig n.
(a) Usc activity d iag rams whc n the logic _____ .
(b) Use p eud ecode fo r a meth o d whe n _ _ __
5. Define appro priate interface th at th e fo llowing cia , exhibits (o r "impl eme nts" in Java te rms).
Assume that addll'l o nal meth o ds w ill be required as th e appl ica tio n g ro ws. Ex plain your reaso ning.
Hi,,! Th e Interfaces ind icate w.hat kind of tran saction th is is.
7. Perform a desig n (bo th architectural and detail ed ) fo r a check· ba lanc ing appl icatio n with the
fo llow,"g req uire me nts. Fix defects in th e requireme nts if yo u Rnd th em . Yo u can play th e role of
customer If and w hen the cusromcr's input is required. Repa n the l ime you spent on Sig nificant
actl viril-s to the neares t five minutes.
S. A cl05S1C Liskov substitut ion princi ple exa mple co nSiSts of two closses, Squa re and Rectan gle. Since a
square is-c, recta ngle, the rela tionship be twee n the two ca n be modeled using inheritance, w ith Squarr
derivi ng fTOm Rerum!!/,. Sup pose that Rectangle has met hods to setlget the width, and setlget th e length .
Explain how th IS relationship betwee n quare and Rectangle vio lates the Liskov substitutio n princi ple.
TEAM EXERCISES
SOD
Provide an SDD fo r )'our project. Usc, or improve upon the IEEE standa rd. Please enclose the btest vorsion of
yo ur SRS.
BIBLIOGRAPHY 507
Report [he rime pent h) the indl vldu :l l!) :l nd th e- group on rh e parrs o f (hl ~ as::,.ignrnenc. Break rh b down IntO
a ctl\' Ltlt"~. in ludlllg 3fl· hu ("<.'tu re, lnsPCl..' tl O!l , reV ICW, and dt l3i led design. o mmcnt o n how lhl" tim e spe nt
uJd h.I' " heen hen "r olJ"""tcd.
BIBLIOGRAPHY
1 f\ brtm RolX"rt A9.1t Sojhi •• Ht Dn'tlopI'IICI'II P'lP1ul'ln Purim!. DIlJ P,.ldlCt'I P"mltlC Hall 100J
2 M~"ln Roben 'DnJ9" P'JP1ctpln .",(11)0111" P,,'knh 2000 ''''''''''' ohlcctmcntm l.()m ' n;..ourc<..~"'r1Ic1C'VPnnclplc.",_i) nd_I),mcrn' pdf
l )(.cc"~ No\'cmtxr 2<) lOOQ ]
3 13rtlO Rolxrt . Th Dt~J(JIIY Itlw,.,u)r\ PnP1C1p/r . •• Rerort lI.1.:J.) 19Q6, hup ''''......., obJC'clmentOr com..r·c.. ourcc .... 3n .cll!"'i. dip pdf
l.lcC'e-...ed 'ovcmbcr 29 2009 }
" Thc ObJct t ~li"lJ8("mcnl ,mup ...."""'" omg orlo: ( ! 999)
5 lurJcn!!o Iln StUff Sy)rt7rl\ I)nxlop"'(11\ 11"111, Llt\ ll pnnRer, 2005
6 Humphr("V \X'ltl.. A D')(lp/"t( jilt ojIU',H( En911fuwlQ 'f=( Snln In _oJhi'.Jtr EII9"l(trI,,!/ ), Add, ..on Wc:..lcy 1(1')
1 Jon~, .:apcr .. "ApplIed Sof/lI'tl rt ,\t(;l\u ft'l'llrrrl As\un0l9 P'O.rUtlll'l/), uOIn (.lw.,llly. 2nd c:d'Llo n Nc",' Yorl.. M Cra\\ HIli 199(,
Q M r'1Jm.tlon Pornt Lan.,.'U:st;c.. T.:able, (A pn l 2005 VersI on ~ O) Imp '1 ",,,,.,,,. q ~m cOITlJre~ourcc"dun<.hfJn pOint Lm,,;u.lMe<. ·tahlc
,"deJe htlnl [accc:,.. ovcmbc:r 2Q 20091
9 !cyer Ikruand Ob)t'C I.OnmleJ 50jlll'<I(( "n>I'II./"JOI ~ccond Edition Prcnt KC' 11311 20<,7
10 L,~l..ov B.a rbJr.l and John UU;:J.I<: Ab-t,... dIOIf anJ IltnfiWh"" '" Pr~rdm DnH/"pmtnl i\IIT rrc:-.~ IQS6
/
Design uality and Metrics
Figure 20.1 The context and learning goals for thiS chapter
manage, I 0 renlol , A de"g n o n"'lln8 o nl y of Ihe cia <cs ""a""9" and Ma lla9"C lIl would nOI be
!tuffk u;'nt to ac omm odalc the reqllirlomenl!l Th is IS because there is significa nt data and fun lI o naltty
IXCl h all ' a" o lal cd wllh Ihe o n epl of a DVD Ihal IS m!>Slng Frgurcs 20.2 , 20 3, and 2004 summanze
ho'" deSIg n quailly an be a «sscd al a rough level
The u cedIng cel l n of Ih " chapler <lab rale each of Ihe deSIgn aspecls IISICd In Ihc c F,gure,
How •
• understandabl e (H ow coheSive Jnd cleJr arc th e parh and hov.' low I the number o f o nnectl o n
between pans)
0: IIH lcdr p,uts mId many (Dlmecllom mtlot'g limn
10 very Llndcrst,wdablr pa rts t()llh feu 1 mlCrCOlltiCc/l ons
• sufficient (H ow eVid entl y It accommodalC:s th e requlrc." ml'nts)
0: "",rla'rd to the rcq l4lrcrnnTh
10· Ob l1l0U I)' accot1llnoda lrs (PO), rcqlUrctflol l
• robu st
0: (IHY ,"put alforuoly hilS scnous oll srqu(Jl(ts
10: tvtr)' ",put (momaly acconlltl oda ttd smoothly
How •
• flexi ble
O. a~hclpattd (lddr "o~al rrqrurmwrls rtqulrt rxt(H ~Wt ciJangc 10 tlu drsrgll
10 most tml' ,palta rtqurrtnltllfS rrqUlrt 110 I](wgr to flu drs /gIl
• reusable
O. t10 part of tht dtSlg t1 eml br IIsrd III otlJtr aPP/IC(lII01l5
10 mort Ihml 75% of Ihr classts Cntl br used", ol/'rr appi,ca lrOPls
How
,
510 CHAPTER 20 DESIGN QUALITY AND METRICS
The main rcason for a design is to (orm an lInd('r~tandIO B among the software engineer) of how the applicatIon
wIll a nlally beeoded I,' reall y a foml of communi a"on , and ,0 ,he qua lilYof a desIgn depends, In pari , on II<
under<tandabiloty to people. For cach pari ' 0 make clear <ense " has 10 be cohesIve And of the parts arc no'
related by ' 00 many relatIonships, we ca n ,ell ,hem aparl more CJsol y. Thl 15 the concep' of low couplong Thu.,
Ihe ex'cntto whICh ,he cohesio n of ,he modules is hIg h IS part of a measure of unders,andabol, ty. and so 15 the
extent '0 wh,ch ,he cou pling be,wccn ,hem I< lo w. (The I.Iler I unlI kely to be zero, however, otherw ise one
Ilugh t as \\.Ie ll co nsi der tht" clpplica tlOn to co nSist of emirci y scpar.ltc ones.)
Fan-III andfnn.olll are measures of the degret" of coupling of modules Fan -In (or a co mpo nent counts (he
number of co mponents that referen ce , to' f<ln -out is t he number t hat I t re (c renet's, These: definitio n ca n be rcA ned
by spec,al,z ,ng ,he na'UTe of the refe rences (e .g , ' call ing a funct io n o f"). Low coupling is refleered by low fan- in
and low fan-oul.
For morc o n ,h is , sec [ I ) and [2].
TI,e fo llOWIng IS an example of a melTic for understandabiloty. It de pend o n definitions of "stro ngly
cohe ivc" and "ve ry few ," but the c can be made precise fo r a givc"'n fa m ily of app lica tions.
An c se ntial quality goa l is to produce a design that accommodates the requirements. Designs can co nsist of
man y parts, bu , we' ll co nsi der a si mple exa mple '0 illustrate degrees o f sufficie ncy. Suppose that o ur VIdeo
store appl ica ti o n ha the fo llOWing requ iremen t
The Jrgrrt oj ,.JfiCl<,,0' measures the ease with which a design accommodates these requirements. DesIgn
I In , F,gure 20.5 , for example, would probably score very low o n this q uali,y scale because it fai ls to capture
'he DVD , the CUSlomer, o r the rental on a rea dIl y Idenlifiable way. (This desig n could be ",ad, to work-it's
Just not a high ·quahty deSign give n th e reqUirements .) Design 2, on th e oth er hand , is su fAcie nt to capture the
requiremen ts (or a reall ti C vi deo store
The following is a useful me lric measuTlng sufficie ncy I, depends o n having a tho rough set of detailed
•
requirements.
IncreaSI ng the number of classes does not necessaril y raise the quali ty of a deSIg n, Redundan, classes
act uall y derract from qua lity . AdditIonal classes may be needed fo r other quality measures such as Aexib,llty
and robustness
DEGREE OF ROBUSTNESS AS A QUAUTY GOAL 511
Design 1 /'
/
.-
/
/
VldeoSlore Design 2
/
/
checkln() //
/
checkOuI(j /
/
./ VSCuslomerBase VSCuslomer
/
/ 1
/
/ 1
/
/
/
/
/ ,----, DVDRenlalSel
VldeoSlore :::::: 1
checklnO DVDR ental
checkOutO
1
1 •
DVDlnvenlory DVD
A good SRS contains explicit robustness reqUirements. For exa mple , Ihc vi deo store ma y requ ire that the
application react to the entry of an inva lid vIdeo name by refreshing the rdevant screen " 'Ih a blank In the
oidro 1111, window an d popping ul' a window stali ng "No such video - Please re ·e nter." Explrcit ro blls mess
requir<menls like this are measured with the "sufficie nc y" qua lity metnc. If a slalement like thi s IS nOI an
t:<pliclt requ irement, then it is measured with the des ig n robu lness metric . Fi gure 20.6 shows a pair of
designs for the video store applicalion .
Design 1 Design 2
•
VSCuslomers VSCuslomer
1
VSCuslomer 1
•
VideoSlore
customers •
DVD VldeoSlore DVDR eniais DVDRenial
DVDs I
I
renlals
I
I
DVDRenial I
I 1
I
1
•
I DVDs DVD
I
I
I
I
•
In Design I . the VideoS ,"" class cOnlains a collecti on of VSC",'omrr objects, a collection of DVD objects.
and a collection of rentals . Each rentJI can be maintained as a paIr consisting of a Customer object and a DVD
object. DeSign 2 wa.s discussed above. To assess the robustness of Design I , we think about how to handle
anomalous irualions such as attempt to en ler data for a none xis tent custo mer. This is more easily
accommodated with a class con taining all customers- si mdarl y for DVDs. The deSign should also
accommodate: erroneous rental cntries-for example, a customer forgetting to take hi s vi deo rental with
him from the store. Thi s IS more easily accommodated with a separa te DVDRrulais class than with a vector
attribute of V,JroStort, because the latter is less visib le and because it occurs among several other, differing
attributes.
A metric for the robustness of a design is shown in Fib'ure 20.7. It uses the ph""es "reacts Ideally" and
"recovers Ideally." These have to be defined in the co ntext of the application .
It is com mon to assume that the more fl exi ble a design, the higher Its quality Reca ll. however, that flexibility
may come: with a price in lcmlS of deSign, development, and maintcnance time required. For these reasons, it IS
not always pursued. Agile programming. for example, aims (or deSigns that atlsfy clear requIrements and no
more . Nevertheless, a judicious choice of fleXibility in a design can save time by facilitatrng change Figure 20.8
show the trade·offs of creating flexibility in dcslgns.
To measure the degree of flexibility of a dcsign. one can CO Unt the levels of class inhentance and th.
number of dcsign pattems used . Although these give some indication, they can al 0 encourage poor qualities
in other respects if pursued Simply to make a metnc become favorable . Exton ibility is one face t of flexibIlity
And so another way to measure extensibility, in pan. is to make a I,st of reasonable additions to the
application's requirements and to evaluate the deSign's ability to extend and cover them .
DEGREE OF REUSABIlITY AS A DESIGN QUAlITY GOAl 513
Reusability has many benefi ts but may detract from an application's quality because it I intended to benefll
future projects rather than justth. current one For example , some energy is di verted from the current project.
However, if the application under design '"'' a reusable component , then thIS usua lly benefits Its quality
because the component is likely to be more reliable than those ye l unused.
Ler's assume that we want a particular compone nt (e.g., a cia 5) to be reusable. Fo r example, how do we
ensure that the DVD class ca n be used in multiple applicarionsl How do we measure the extenr to which a
particu lar class is reu ablel First , the component must have high quahty in the usual se nse-be wellte ted, for
example Interestingly, Items can be reusable because they arc generic (we use "wood" In many projects) but
also beca"s. they arc speCific (we use I 'I. -inch machine screws 10 many projecrs). Th i difference places
classes into roughly lWO reuse categories· those that are usefu l becau e they belong in a framework and arc
reused because they are general : and those that are special to the business al hand, and form part of its too lkit.
ParameterizlOg a method makes it reusable but too many parameters make it clumsy. Figure 20.9 hst
some of the key qualities we want for reu ability, and their limitations. (The last point In thIS ~gure refers to
multiple parameterizations of methods with the same name and si mdar purposed.) Figure 20. 10 indica tes how
these may be measu red
listing 20. 1 is an example of a cia s that would rale high o n rell abdity , as explained below U s 109 the
measure of Figure 20. 10, we would rate the reusablhty of this code as follows ·
• Degree or coverage
o = ncghgi ble cove ro se or dllle"' ''1 apphCJ II OnS
2 = as wide as co n be expecled
• Degree or conlenl
o = neglig ible o nlt'nl or subslance
2 = very n ch onlcnt or associa tion...
• Parameterization of method.s-a llows method reuse
o= very restrictive meth ods; very narrow scope
2 = widely applicable methods
Degree o f coverage: V.dlOP(odu Cf covers any video item thal a vi deo stOre could possess, so "coverage"
would rale 2.
Degree of content: The complete version of this class docs not have extenSive content , but nor does it
havt:-° negli gible content , so we can rate this as I .
Parameterization of methods: The names arc about as complete as one ca n expect so thi s would rate 2.
1*
* Example of a class design highly rated for reuse
*
* Intent: Capture all of the properties and functionality of video
products
* that companies can deal with.
*
* Examples of potent ial subclasses: DVD, Video
*1
public abstract class VideoProduct
{
II CONSTANTS --------------------------
--- ---------------------=----------------
----------------
pr ivate final stat ic int MAXIMUM_TITLE_ LENGTH = 100;
private final static int KAXIMUM_NAME_LENGTH = 100;
private final static int MAXIMUM_NUM_STARS = 20;
II METHODS --------------------------
-------------------------- --------------
---------- ------
----
--
j ••• * •••• ** ••••••••••••• * •••••••••••••••••••••••
* Returns: The copy number
* Example: 3; i f title is "Gone With the Wind," then this would be the
DEGREE OF REUSABIUTY AS A OESIGN QUAUTY GOAl 515
/ **********************************************-
* Returns: Title of this video product
*/
publ ic abstr act Str ing getTi t le ( ) ;
/ ***********************************************
* Intent: Enter the title of this product in characters as close as
* possible to the orginal
*
* Preconditions:
* (1) aTitle != null
* (2) aTitle has between 1 and MAXIMUM_TITLE_LENGTH characters
*/
public abstr act void setTit le (Str ing aTit le) ;
/******************************* •• **************
* Returns: Stars of this video product if known; otherwise
* a single object "unknown"
*/
public abstract Str ing [1 getStars ( ) ;
/*******.***************************************
* Intent: Enter the stars of this video product if known; otherwise
* a single object "unknown"
*
* Preconditions:
* (1) someStaxs !=null
* (2) someStaxs has between 1 and MAXIMUM_NUM_STARS obj ects
*/
public ahstJ:act void setStaJ:s(StJ:ing( 1 someStars);
}
DEGREE OF TIME EFFICIENCY AS A DESIGN QUALITY MEASURE 51 7
~7~ In~ct desIgns, and Quantl(y how fa>! they arc likely to execute whcn bU Ilt . F,rst. one identifies each
who e peed o( execution IS o( interest For example , we codd (ocu o n the speed Wllh which the
op''ra11 0 11
Encounter video game transit lo n< (rol11 arca to arca " ,he n a hyperlinkcd connection i pressed. ( I( thIs take
tOO long, the game loses the player's intN.S!. ) This opera tion IS illustrated in Fig"'c 20. 1 I.
To assess the timc d lency o( thIs actIon , we trace the sequence of method calls that require its
<,xecution and exa llllne ('ach o( the method< (or timing F,gure 20. 12 ,how the seque nce of function calls
begInning with the pre si ng o( a hyperlll1k and end Ing with the mo nitor d,sp lay, ng the de tlnatio n arca.
T o assess probable time delays, a table lIke T able 20 I can be used , It identifie the methods that are
potential sources o( delay .
We then tackle prob lem method one by one For example , we usc double buffering or build a
compo ite image before rendenn g It on th e monitor.
The example in Figure 20. 13 co ntains no paralle li <l11 , 11> timIng IS not complocated to calcula te as long as
one has relIable estimates (or the parts o( the operatio n Recall that sequence d,agram are capable of
descnbing para llel operations, however. In that CJse, a '''"1119 dltlgram would be ncedt:d to deal \\Tuh slich Issues
a dIfferi ng sta rt times a nd the need (or more than o ne thread to usc a resour e that It cOllld altcr To handle
th os we commonl y perform uch handl ing vIa a metho d , and "'< lock all o ther ca ll e r Oll[ of ca lling th e method
while it is ope rating Figure 20. 1 IS a n example In ,,' h ich [hread I executed method 2, whIch locks out all
ocher calle~ lIch as thread 2 The la ltcr wailS unti l me thod 3 ha completed for thread I. The estimated
elapsed time IS measu red on the rime aXI
Figure 20.11 Time effitlency example from Encounter VIdeo game-lime to transition among areas
518 CHAPTER 20 DESIGN QUALITY AND METRICS
:RPGMouse :EncounterEnvironment
1. press
EvenlLislener
area
connection
:EncounlerGame
hyperlink
2. mouseClickcdO
3. handJeEvonlO
4. handleEvenlO
X~
5. sotVlSlble( lalse ) on
:Area 6. dlsplayAreeO
7. display()
:PlayerCharacler
8. dJsplayPlayorCharacterO
-j
9. showCnarllctorO
I
Figure 20.12 .o.ssessing time efficiency example using a sequence diagram from Encounter video game
Table 20.1 Identifying methods that are highest pOlenlial source of delay
Relative speed
o = negligible
1 = neither
Step Function 2 = sigmficant
, Press area connection hyperlink a
2 mouseclickedO a
3 handleEventO a
4 handleEventO a
5 setVislble(false) ,
6 displayAreaO 2
7 displayO ,
8 displayPlayerCharacterO 2
9 shOWCharaclerO ,
TOTAL 7112
DEGREE OF SPACE EFFICIENCY AS A DESIGN QUAUTY MEASURE 519
----------------------------------------
I I Execute method 4
I I Execute method 5
1 --It------II~>
f-I- -1--1--t-I- -1-1--t-I--1- time
The second major efficiency issue is pace usage, seco nd ary (ty picall y, disk) storage, RAM usage, and binary
source size. We will discuss secondary storage first.
Analyzing econdary storage usage can be pcrfomled by identifying the operations that create storage
n<eds outside RAM . T his divides hlrthcr into tempora ry data (which IS no t needed after execution ) and
permanent da ta. Table 20 2 is typical of how we migh t account fo r this in the ca e of the Video Store application
DVDlnventory' saveDvD() • • • ., • • • • •
DVDtnvenrory removeDVD() • • • • • • •
'"
~
9 101 11 1 12 13 ':1 Q
~
;;1
;0
'"0
- 0
m
-
VI
"z
0
c
l>
·:J)I • c
-- - .4~t
.45 1 I, ~
- - I -- - - ·75 i
-- »
z
0
;:
• ~
•• • • • ~
'"n-
VI
-
' 500
«OJ
J<OO
3000 +- 1
1,;oQ
2000
1500
1000
500
o
1 2 3 4 5 6 7 8 9 10 11 12 13
Figure 20.14 secondary storage needs over time video store example
DEGREE OF REUAB ILITY AS A DESIGN QUALITY MEASURE 521
Data are often compressed pnor to storage (at the ex pense of speed) . In that case the uncompressed IOrage
needs are converted inlO comprt'Ssed·form needs. Usuall y, the key Issue in slorage i the amount required over
the long run-in other words, the accumulation of dala . Suppose for simplicity that the 514 maximum bytes are
compres cd to 100 bytes and that the store is open 15 hours a day. The accumulating needs are shown in the
spreadsheet and grarh 10 Figure 20. 14. and they sugge t thc problem that requires resolution .
Storage needs that increase without bound require special consideration. For this reaso n. designs often
IOvolve periodic archiving or purging. In the ca. e of the video store, this could consist of itelating through the
database weekly, charging all customers with videos whose fi nes exceed the DVO's value and archiving those
DVD records.
This section discusses means for e nsuri ng and a sessing reliability at deSign time To assess re"abili ty 10 an
overall deSign , we look for points at which the applicat io n i most likely 10 fail. Recall that the UML deSign
models are us< casr. class , dala flow . and laIr. We look for a h ig h level fo r failure likelihood withIO each of these
models. Figure 20. 15 indicates places for use cases where failure is typicall y most likely.
Now let's consider how failures arc likely to be evident at the cla ss level. Here . we seck parts of the las
model that are most likely 10 harbor failures . Figure 20 16 illustrate< twO likel y ty pes of fadure , choke pOlnls and
deep mbrrilaHcc.
• Data collection
• From users
• From other applications
• From data communication
• Steps causing complexity
• Use case indicates involved ope ratio ns
• Anomalous situations
• For example, attempt 10 rent multiple copies of a mOVie
Figure 20.15 Identifiable places in use cases where failure is typically most likely to occur
Rental
• Cho ke po i nts
A class that relates to VStoreRental
many other classes ~
DVD VStoreCuslomer
Customer
• Deep Inheritance ,~
Three or more levels of RentalCus\omer
substantive inheritance
VStoreCustomer
,~
DVDRent.ICuatom.,
flcure 20.16 Identlflable places In class model where failure Is typically most likely to occur- video store example
522 CHAPTER 20 DESIGN QUALITY AND METRICS
member
banks Get Get
User
I deposit inquiry
bank
name error accounl ll account
& deposit account /l error
dlsptay
Validate
atert/none Check for atert/none- - -
deposit Validate
accounlll
accounl/l
inquiry
launderingy /
& deposit account # "-~__/
Make
account /I • •
& deposit Inquiry Printer
Display
account balance
account query
Do Create
data
deposit deposit account - account
transaction
transaction - _ __..
. database -
account data summary
Figure 20.17 Identifiable places," data flow diagrams where fail ure is typically most likely to occur-ba nking example
Ch oke points arc potentially probicmatica l because developers tend to make mIStakes when the
sirua ti on IS complicated Deep inheritance can harbor errors because inherited propcnlcs arc not readil y
apparent to the develo per. The number uf types employed should be reduced, or aggregation should be used
Instead to Indi ca te what qua l itlC~s arc added between ty pes.
Dataflcw diagrams can expose failure pOints most readil y where multiple StTC3nl of datil converge.Figure:'
20 17 how< a partial data now for an ATM application. The valldal' d,posi/ and oal,da l' Inquiry functions eaeh
relate to the most streams . The ilccount da tabase <l lso relate to a relat ively higher number of data tre('tms. For
these reasons we would Investi ga te these Arst for reliability . Ince use cases co ntrol (unction call equcnccs in
dara now dia gra ms, we would invesligate by checking whether u e eases behave clearly 31 these points. We
would ask whether a different decomposi tion wou ld make thiS clearer-fo r example, whe th e r it IS advisable (0
ge t separale types of Inquiries via separa te operatio ns
Choke points can be reduced by introdUCing additional proces ing nodes and by dccomposlOg nodes
into multiple nodes. For example, we could split \Ia',dalt {nqUl ry IOto several validation o perati ons.
The final desig n model we can inspect for reliability is the ,'a',
mod". Figure 20. 18 <hows the sra te model
(or the Encoumc:-r Video game Tht: Wailmg state involve the mOS t transit ions , so Wl' would check It
«liability first If time allows, we wou ld thcn move o n (0 £.9a91119, and so on .
State d iagram bottlenecks can be avoided by splitting Slatcs into several states o r by IOtroducing
subSt3l(S. For example, if Wo,li,lg state becomes excessively invo lved , It may be possible to di stingUish . cvcr;)1
modes of waiting
DEGREE OF SECURITY AS A DESIGN QUAUTY MEASURE 523
Figure 20.18 Identifiable places in Slate models where failure is typically most likely to occur- Encounter video
game example
~QJrity is a special casc amo ng metries because it concern illcgillmate "functionality" of the application that
it i capable of but is not specified. It may requ ire a ski ll ed perpetrator to obta in rh is functionality An example
IS ' shall be capable of sending custome r c red it card info rmation to any specified e -mail !"
How can one measure the degree of secu rity of a design? Recognize first that every applic ation must
commu nicate with hardware or oftwa re externa l to itself, otherwise it could not execute. In so dOi ng ,
however, it acquires some vulnerabi lity . Figure 20. 19 illustrates the kinds of .n ifacts with which an
applica tio n's object code co uld make o ntacr. These, in turn , ca n make con ta ct with o ther an,facts.
In a sessi ng the degree of securit y of a design. we arc thus obliged to take a systems approach-that is,
one that aCCOunts for the vu lne rab ili ty of o ur application In th e co ntext of the large r system within which it
[ Drive c: I
Objecl
code
Operating
system
I Drive Ed: I
I no",
oontMltl~
In • u 'gll IOCIUon
Security
encrypl()
gelUsersFromURLO •
User
/
/ Id'
/ passwordl
/
""""""'
to
tot " .....-
and password
must operate. The added dimension here is that we must look not only at the potential of our application for
exploitation and damage . but also at its potential to harm artifacts to which it is connected .
Figure 20.20 shows a start for a design of a cmica l security clement of an application . Inspecting it for
each security factor in Figures 20.21 and 20.22 provides a framework for assessing its level of security. We
need to satisfy ourselves that an Impi""",lalioH neisls of the class model that satisfies every security factor-the
class model by itself does not guarantee any of Ihe m.
There are many approaches to measuring the security of a detailed design . We will discuss a few
examples. In the Arst example , we make rough assessments, on a scale of a to 10 , of the main aspects of
securi ty, as introduced in Chapter 18, These arc shown in Figures 20.21 and 20.22. Although it is difficult to
make these assessments based on • detailed design , this process is better than making a single, overall
assessment about the d.egree of security.
For a second appro.ch example, consider the following metric examples, adapted from (3).
Metric I Baseline Defenses Coverage, This is • measuremenl of how well the detatled design enables
o ne to protect the environment of the application against "the most basic infonnation security thrcats"ll,ese
require careful deAnition. but they do include viruses, for example. This metric assumes that security tools will
be used such as firewa ll s and antivirus softw.re. Some vendors claim thai the coverage of devices by these
• Confidentiality
• Degree to which data passed may become visible 10 the unauthOrized
• Estimated percentage of data compromi ses'
• Nonrcpudiation
• Degree to which parti e can prove the existcnce or agreement
• Estimated percentage or unprovable agreements
• Integrity
• Extent or ability to validate that data are not altered In transit
• Estimated percentage or messages alterable: in transit
·i.e., of a specified severity
Figure 20.21 Property· based security metriCS, 1 of 2
ASSesSING QUAUTY IN ARCHITECTURE SELECTION 525
• Authentication
• Extenl of ability 10 validale user's Identity
• E timated percentage of improper authentications
• Authorization
• Degree 10 which pcm'ission to deal wllh pnvi leged dala may be compromised
• Estimated percentage of unauthorized permisSions
• Availabi lity
• Degree 10 which availability could be compromi cd; c.g., by denlal ·of·service attacks
• Estimated number of availability' compromises per year
"i.e , of g iven severity
security lools should be "in the range of 94 percen! to 98 percent." The meaning of these percentages would
require definition 100 , and backup for claims would be needed .
Metric 2 Patch Latency, This is the time between the iden tification of a succe'Ssful securi ty exploll and Ihe
devdopment of a patch that renders it impossible . Patches are usually replacement files . Thus, if the detailed design
decomposes the application into an appropriate number of ,vell·iden!lfied (, Ies, patch latency is likely to improve
Metric 3 Password Strength: This metric measures how hard it is to break (guess at) a password , in some
",ell·defined sense, including finding pOlential weak spo t where systems use defaull passwords. BreakinS
passwords is usually perfonmed with Ihe assistance of separate software.
Melric 4 Legilimate T rafflc Analysis: This is a family of metncs that measures the extent to which
iIIegilimate traffic cou ld be allowed. It includes incoming and outgoing traffic volume, incomi ng and outgoi ng
traffic size, and traffic Aow wilh the app licalion .
A third approach is 10 put the detailed desi gn under a microscope, as it were, and measure Ihe extent to
which it is likely to avoid common known securily gaps. One example is buffer overAow, In which the bound
of an array are exceeded in order 10 access data in regions of memory adjacent to it. The content type of Ihese
regions is effectively guessed al . Another IS SQL injection , which exploits the manner III which database
queries are processed . This exploit e(fectively insert commands such as "send all credIt cards .. • wilhin an
appa rontly innocuous input data Reid . Detailed designs ca n be speCified that help guard against many such
oxploils. Tools are availab le to c heck for these type of overSights in code, but desig ns are less slandardized
and tools checking for secu rity naws are rarer.
In reality, we combine elements of all three approaches. A good reference for some of Ihe Ideas In this
section is Anderson [7].
So far, Ihis chapter has ba cd design asse sment on the individual qualities that good de igns mllst po«c«
ow we explore a more holisllC VICW of quality, starti ng with the hi gh·level view.
Although most applications can be Implemented USIOS one of evera l possible architectures, some cholce< are
much better than others Important decisions like .rchite ture e lectio n arc made by first developing and
comparinij alternatives Proposed archllectures are thorough ly exammed for defe ts, be allse finding a dde t
at an early development ,tage has a huge payoff compa red wllh allOWing one to pC""t through the proc(' ,
and thcn trying to rcpalr It.
As described In F'gurc 20 23 , one si mpl e way to comrarc ar hll ccture<" to weight the attnbllte, reqUired
lind then »slgn a fuzzy qualifier to each candidate The kmd of procedure d("'~nbed In l' lllure 202 Lan then be
526 CHAPTER 20 DESIGN QUAUTY AND METRICS
Architecture alternative
Quahty weight ,
Quality I· 10 High = 9; Medium = 5 , Low = 2
Extension 9 Hig h Low Medium
used to compare alternatives. For the sake of simplicity, we have omitted some of the design qualities discussed
above," this example. One way to weight qualities is to pick the most important one and give it a weight of 10, or
9 (if you want to provide for a qu.hty that may be introduced later). The least significant are assi g ned 1. and the
remain ing ones arc given weights in between.
Important decisio ns such as architecture are often made by groups. A group uses a Dtlphi process when
the members make individual deciSIons first . then submit them to the coordinator or leader. Boehm and
Farquhar (sec. for example, (4)) introduced the "wideband" Delphi process in which the leader plots the
results on a chart without artributlon to the owners and leads a discussion on the faCtors involved.
The (oIJowtng metrics from the IEEE (5) can be used to measure the complexity to software designs.
IEEE metric 13 . Numb" of ",Inrs a"d ",ils per madill, (package ) This can be equated with the number of
public methods accessible from outside the module. The number of exit poi nts can be counted by the
number of public functions that return values to the caller or make changes in the environment external
to themsel ves. The goal is to keep this mea sure as low as possible to favor narrow interfaces.
IEEE metric 15. Gr"ph.lb,ortlic complrxily for a"hil,elu". 11,e simpler ("static") version of this metric is
(Number of modules in the architecture) -
(Number of modules having at least one connection between them ) + I
The goal is to keep this number high, since a low number indicates many connections and thus an
increased potential for errors.
IEEE metric 25. Dala or i"formalto" flow complrxily. Thi measures the information flow of large.scale
structures, the procedure and module How compleXity, and the complexity of the interconnections
between modul ... The read .. is rderred to metric 4.25 of [5 J for the delails
ASSESSING QUAUTY IN ARCHITECTURE SEUECTlON 527
;. __ u . _ u n _ n . __ u ,
: Slmltems :
,I !. _n"
,-- --- ---- --- -"j
: SimEvents :
I SimConfiguration : : : ;.n ___ n u __ .! __ ___
, "': : ISimltem L L . . ; :
: //:..~ _________
__ Cl ----i SimEvent l
r - - - - - - - - , ,, ,/ " "
~ ......
·i· ...·.. ·· ..
I
: ~...... ...... I
,,
, /
... I
,, /
/
I .------------,
/ Simulation
I : SimDriver :,
SimConfiguration exeoute() •
---~ - --~ -- ------ - --- ...
,, initlalizeO I :,
,,, setUPO I
,, time() I
,, ,, I
,
,, ,-------- _ ... . ,,,
,,
,
,, :, Random :
,, ~- ' - -- ---
,,,
.,, ScheduledEvents
ITellerl<> serviiouration ,, ,,, addEvent()
j,olNumberl ,,
,,, ,, removeEa~ iestO ,,
,, , , ~. , __ • ___ ___ _ __ _ __ ___ _ _ _ ______ _ _ J
A conn,etion between modules A and B is dependence in either direction As an example , we can app ly
metric 15 to the architecture of a bank simulation shown in Figure 20.24 .
The architecture d ivides the simulation into the following pac kage .
SimConfiguralion-which describes the way in which the stat io ns are laid o ut wilhin the bank
Sim/irms-which describes the e ntiti es that move abo ut with", the bank (primaril y customers )
SimEvrnls-which handles the pre ent and fu ture simulated eve nts that take place in the bank (e .g ., a
customer arriving at a teller window )
Simu/o,ion-t he mechanism that drives the simulatio n (primarily by selectin g the next even t to execu te ,
eX~c\lting it, then orchestrating the consequences, includin g the ge ne rati o n of resultin g events, and
queuing them in the Sch,du/cdEoOl ls o bjec t)
Random-the package that ha ndles th e ge ne rati o n of random numbers accordin g to variou di stributio n
(for example, produci ng th e duratio n of service for the ne xt transacti o n)
This architec ture is desig ned using th e Facade deSig n pallern , and we will suppose th a t th e o nl y
inl<rfaces between pac ka ges arc th ose show n The re are five nodes (packages ), and there are five pairs of
module:< between which there arc function calls (either way ). Thus, th e graph · theoretlc archite ture
complexity is 5 - 5 + I = I. Thi S suggests an un compli ca ted ar hitecturc , which is ge nerall y good.
Metrics like th ose listed above prOVide quantiAcation, but how do we use the re ultlng numbers
TYPically, thiS has to do with h is torica l da ta . For exa mple , we ca n ea,ily tell that th e Ell o"nlaG."" , package
has four public function s a t this point ( ec the ca e s tud y o n the book Web si te ). Perhap we ca n fore as( that
thiS number will gTow to between 10 and 15. These number, arc compared with the carre pondlng average
numbers for past proJects. If th e average number IS 10 and we have bc('n >a tl sRed wllh the mo dllian za tion of
past proJccts, then thi S va lue causes no alarm . H owever, if th e average number for "ast proJect< I . 8 a nd we are
headed toward 15 , th e n a cl o>er look at th e ar h,tccture a nd slic h IS needed.
528 CHAPTER 20 DESIGN QUAUTY AND METRICS
-------------,
i RoiePlaylngGameJ
r-- ---- - - -------- -- ---- - ------------ -~------ -- - -- I
I I
I ~l1a l. I
I RPGame GameState I
I I
I handle Evenl() lIandloEVtJnI() I
I
I
- I
I
I .l I
I ( stalo .handleEvont{). I I
I I
- -------- ----- - ------------------- ----- -- ------ ,
I
~-- -------- ~
EncounterGame : EncounterGome II
-- --------- ----- - - --- --- - - - -- - ~
.,. I
I
I
I
I
Waiting ~ I
I
handleEvenlO handleEventO I
I
I
I
SettingUp Reporting Engaging I
I
handleEventO handJeEvenlO handleEvenlO I
I I
I I
.. _- ----- --- --------------------- - --- - - ---- ------- -
Figure 20.25 An archItecture for Encounter. State design pattern applied to the video game
We res. [the urge to commit immediately to one arch itccrure by compa ring alternatives. A an example , let's
co nsider th e architectu re or
the Encounter case srud y.
Alternative I for the Encounter case srudy: State design pattern .
As shown In Figure 20.25 , the State design pattern is a possible architeclllre for Encou nter. and we will
,,,,de " off agai nst ot her cand idates.
Alternative 2 for the Encounter case , tud y. ad hoc C UI ·driven arc hileel'lIre.
A second arc hItecture mig ht dispense with the idea of state altogether and build scparale event-
handli ng code into each CUI object th at is sen itive to mouse or keyboard actions. Such an arch itecture is
shown in F,gure 20 .26, where selected metho ds arc included to clarify it.
r- _ ___ _ _ -,
I ActionLlstener I
c~ _____ _
_ - - - - __ J
I
AreaConnector
Area 2 • areal
dlsplay(} area2
IransilionO
ForeignCharacter
PlayerCharaclerWindow
set( Quality. float)
PlayerCh.racte r exltO
Compute
results or
engagement,
Engoging (do 00Ih'"8) and transition
Current to Wallmg
State "Iat~
In this architecture the hy perlinks at the exi ts to areas are (C UI represe ntati o ns of) Art. Co"",elor
objects; and each has event . handhn g code . Fo r example, clicklOg o n an exi t to the dungeon sh ould cause
the screen to display the dunge o n arca . The resulting design is CU I·drive n, somewha t ad hoc, an d
language· specific . There is no clear connection , howeve r, between the code for this design an d the
conception of the game as a series of srate transi ti o ns. As a benefit , however, the lass model co ntains fewer
classes.
Alternative 3 for the Encounter case stud)" stare · transitio n t.ble.
A third architectural alternative is to re tain the idea of states, bur ex press the slate transitions by means
01 a table. Table·driven state transi tio ns arc emphasized by Shlaer and Mell o r (6), fo r example r.gur. 20.27 is
an example of such a table. n,is architecture uses the State co ncept, but it does not use the State design
pattern .
Here is a list of pros and cons contrasling the Srate desig n patte rn with the table·driven approach . A
flliler comparison of the three architectures follows .
Pros of uSIn g the State desig n pattern,
• Duplicate dat. · The st.tc of Encounte r could be dedu ced from v~rlable o ther th an the "ate obJe t
IOWrring the pos, ib.hty of programmer error if these va n ab les and the , tate object be o me IOCon istent
530 CHAPTER 20 DESIGN QUALITY AND METRICS
Quality weight,
Quality I . 10 High - 9; Medium ' 5; Low = 2
• The table IS easy to understand and the contents are C,lSy to cha nge .
• DocumentatIon o n thi approach is av.i lable using the Shl.er- Mellor metho d .
• Augmenting the table with new Slares and actions may disnlpl existing code and design.
Fi gure 20.28 shows a comparison of the three architectures usi ng the proslco ns tec hn ique described
above. Given th e weightong shown, which favors extensibility and chan ge, the architecture based on the
State design pattern comes out ahead.
R~ga rdlC'ss or the sys tematic means one uses to evaluate alt crnativt"s , engineers also perfonn "sanity
checks," uSing holisti c pcrspcctiv~ and the in tuition and experience o r tearn members . Thi s may concern the
number of classes Invo lved or even subjective factors such as e legance. If the result disagrees ",ith th.t of the
more objective process we have d~cri b(:d. engeneers ma y re -ex amine th e process and the result'S.
Usc ca es are developed to expre ss customer requirements . Th ey ca n't take IOto account the applicatIOn's
architecture SInce it wi ll nOt yet have been dt:tcnnincd. Once th e architecture has been e1 ~cted , howcv~r, it
is <<sential to revisit the usc cases to check that the arc hI tecture supports t hem adequatel y. For example, the
Engag<Foreign Chara ItT use case shown in ChapteT II must execute upon the arch,tecture we h,ve developed.
ASSESSING THE QUALITY OF DETAILED DESIGNS 531
Player
dismisses
qua/Illes Player
menu requests
status
Move 10
Foreign
character
Player enters area
Waiting ready 10 _ Engaging
_____~p~r~oc~e:e:d~-=~
character
enters area
Since we r("tam the domain classes throughout the process, th e cla .. sc~ Orlg mally rel'e rred (0 111 the u.. e CJC<C'
should be present among the lasses in the deSign. T YP icall y, Ihe <equcnce d,agr.lms for Ihe u<e ca,es now
involve additional architectural clas es (e.g., Facade cI",es).
Architectures are inspected against rcqwn.:mcntCi. The me-t n c; nlcntl o lH.-d above provide.: a oncrc[C'
baSIS for the inspection. For example, in<peclion of the architectural fra mework package' for Encounter ould
lead 10 the conclu ion that there arc no requirements yet fo r game anifacts and thai the pre>ence of theArllf.1C1
package IS a defect Consider lhe Encounter statc · tranc;ili o n d,ag riln1 ,hown In Figure 20 29 3') In addltronal
example . A perusal of thi< State diagram could yield the defects nOlcd In thc figure. These defect, can be
removed by clarifying the names and/or de cnp"on, of the eve ntS referenced.
Recall that detailed de Ign con<osts of a\l de"gn that" nOt at the higheSt , arch,tc lural lew l, but I
code Itself In th. S("C ll o n , we fl""'Vlno/ quantltiltlve mea,ures of cHe lI vcnc..;s In dClalkd dC:~lgn
Figures 20.30, 20 3 1, and 2032, how "cpS for en<unn l( Ihe qua l,l y of delaoled dC>lgn<
MetroLs fordclallcd deSign arc proVided III thiS ,cellon that '01"lv tep I In Figure 20 0 _tep< 2, ~ , and
4 arc checks that the detaolcd de 'Bn expand, on all of the ar hlle ture , and noth ing m rc
Slep 5 e nsu r<.-s that a dt',.gn 1'\ compicte h I') c:3 v l'nough to c he k lhJl every 111c...' thod of evcry clao;;~ .,
properly 'rc ,f,cd , bUI how do we know thai we have InLlu(kd a\l of Ihe la"e, and method, that arc
nccC5~ry? To do fhlet , we r ' IUrn to the: req UIrement .. Jnd ell.)urc: that th e dt'tal1cd dC'lgn We have dl'vclol"cd
accommoda tes all of lh r QlIlfl.'Il1Cntf.o If we lI~C: tl1(; rc:qulrc nH;' nt~ org;\lHzilllon ", In tht· CJ ;"C ,Iud tht'n \\.:
kncsw Ih;lI every (uncllonnl r ' qulfCnlCnt Lorrc<.pond, to J ~pl·c..dl C fncthocl nlll''' , th e fun cIIOll:l1 COlllpICtCIlC,\'
tilk II r duccd '" cn,"r/ni/lhat ca( h of thel Ill~thod, Lan be la ll ed at an appr pnate pOint In the c'c IItlon
CUn!.,d r, (or ex.amplc.', the r<.'qul(CnI ~ nt
S32 CHAPTER 20 DESIGN QUAUTY AND METRICS
We have already ensured that a function to perfonn this requirement exists, but to verify that our desill"
supports the execution of this function , we have to dfcctivdy walk through a fully rep~nt'li~ s..! of
- .
functio n alhng sequences. each of which exe rCises the funclion . This amounts 10 develo ping a scI of menIal
tOSI aSt'>, and the re ult< should be aved for Ihe tcstlng pha e Here" such a set.
Bcjln game'l cflll liP wmdo w to stt qwaillJC), srI quality, sri qualify "galli , dJsmls wmdoUl
AIOl't 10 area Ull'" no forti9" hamrlcr, call liP u.),"dow to 5(1 4I1al,IIrs, sri qual,ty, d'srtusS wmdolD
Camplttt rngagtfflnrt, wall 1111111 jomgll charaeltr drpnrts . call liP Illllldow to 5(1 quaI, tits, set qualIty, dISmISS
IPtndow
For each of these cenanos. we verify Ihat Ihe classes and method< do Indeed eXist 10 accommodale II
Once we ha ve done Ihls fo r every functional rl'quirement, we will have ve ri fied our deSign from the fu ncll o nal
POint of VICW \Vlc can perform a Similar process with our detailed deSign for every nonfunctional rC'qlllrcmcnt ~
\'(Ie can venfy mentally, and via calculalion (e g., In the ase of liming) Ihatthe deSign suppons each of Ihem
Once again . the work we do to crea te each of these sequence can be used to develop lest Ihat we apply once
the impleme ntatio n has been performed .
Step 6 calls for testabdllY In o lherwords. is It a reasonable process to te I Ihe elements of Ihe design' A
design thaI can'l be readily separated into parts rend to be untestable An effecllve way to ensure Ih,s
properry is to wrlle tests for each deSign eleme nt as "oo n as it IS SPCCdlCd
Step 7 concern the properties that we deSIre from our detadod deSigns We de Ife all of these
prop<rties, but it IS usually nOt possible to have them all In particular. "mploco ly may be In conn,Ct Wllh
9",,,al'l), and rxp.>ldabdily . Design pa tterns often Inlroduce add iliona l cia <e<, too Thu<, II IS be" to speCify In
advance which of the e properties we care most aboul, and then evaluate the deSign agalnS! them If
ponabiHty is paramollnt , we can es tablish scenario ror implementation on each dl.'slrcd platform
Step 8 checks that every detad is given, short of code. The onhodox definition of "de tad" refers to a complele
description of the design ho n of code itself. Agile methods te nd to foc us o nly on key detads up front , t)' pKally
leavmg most detads until code time It is common for de Igners to po<!pone many delads until ImplementaliOn
tlmr because the specificati on of detail,s time consuming . Forcr1 l1 cal ponlons of an application , however, thl~ I
usually a mistake. There are many ISSUl'5 to consi der at implementallo n tim e, and so thinking through the detad . of
critica l seCtions beforehand, and IIlspectlng them separarely, can pay 011 handso mel '
Detaoled deSign metncs include cou nting the number of mo dule , functions , cntry pOlnl" and e "POint For
oblect,orlented Implementallon<, th i' translate IntO ountlng th e number of package<. the number of cia se<.
the number of metho ds, the numbe r of para me te rs, th e number of atrrlbutes, and <0 on When clas es are
proVided wllh complete class ,"varlanl , th is ,"c reases the han es that the re>ultll'g method i of high
quality When pre ond,t ,ons, Invariant<, and PO<l o nd,tl o ns for a method are all ,tatcd In precl<e term,
chances arc that the resulting mt·thod i of higher qu. lllY Ihan o therwl<e These ca n bc mea,ured a follows
Pcrc.cnta~e of nontrivial m('lhods \upplled WIth pr llie pre o nclitlon\ . IIl VanJll h and p ,tLondltlcm,
534 CHAPTER 20 DESIGN QUALITY AND METRICS
A o mprch cn"ve , .Ihelt more complicated metric IS IEEE met'rlc 19 "deSIgn structure" (sec (5]), whl~h
dc te",,,ne, "the <Imp liCl ly of the det.ded deSIgn" of a program .
The overa ll pnn iples and practice of inspectIons were expressed in C hapter 5 The Inspection of deeaded
dCc\Ignc; consists or inspec tin g clast;Ocs , thclr metho d pro to types ( name, return type , and parameter ty pe~), th e
nowchans and p eudocode. and the relatIonships amo ng classes and meth ods WIthin various models. Th ...e
modds ca n Include ,he usc case models and their associ ated sequence diagram s, the clas model, the state
models, and the data fl ow model.
As wnh all inspecti ons . data about eac h defect arc no ted, including its seve rity, its ty pe. and the
probable source of the defect in the project life cycle. The IEEE standard 10 44 . 1 classifies seventy as shown In
Figure 20 33 .
Designanng a defec t classification scheme helps to pnorltize repair work: H oweve r, we avoid usi ng
more categon es than necessary because time is con sumed categorizing ddecls. The triage classifica tion,
shown in Figure 2034 , IS fast but provides less information than IEEE 1044 . 1.
Defect Iyprs can include those listed below , which have been taken fro m IEEE standard 1044. 1·1995.
TI,e types that apply 10 detailed designs for Jav.doc· level inspections are marked "XDOC: and for
pseudocode · level inspectio ns arc marked "PS".
• Logic problem (Forgonen cases o r steps; duplicate logic; eXlreme conditions neglected; unn~cessary
(-unc ti on ; misinterpretation; mI ssi ng condition test; checking wrong variable; itcrating loop incorrectly.
etc) PS
• ComputatIo nal problem (eq uation in ufflcient or incorrect; precision loss; sign convention fault) PS
Severity Description
Urgent Failure causes system crash, unrecoverable data loss; or jeopardizes pcrsonnel
High Causes impairmcnt of critical system functIon s, and no workaround solution does exist
Medium auses Impairment of criti ca l sys tem functions. though a workaround solution does exist
Low Causcs Inconvenience or annoyance
None None of the above
• Inrerta "ffm"ns problem (lnlcrruplS handled Incorrectl y: 1/0 liming incorrecl : ubrouline/modulc
Im,ma l h) PS
• Dala· handlms problem (miliali zed dala incorrectl y; accessed or lored dala Incorrec tl y, ,caling or Ullits of
d,ta mcorrect; dimension of dala Incorrecl) XDOC, PS
• Data problem (sensor data In orrect or m"si ng, o perator data Incorrect or miSSing, embedded data In table<
InCOrTCct or missing; external data inco rrect or missing; output data Incorre ct or nllSslngj Input data
Incorrect or missing ) XDOC, PS
• Documentation problem (ambiguous descripti on, etc. ) XDOC, PS
• Document quality problem (app licabl e st andard not mel , etc. ) XDOC, PS
• Enhancemcnt (change In program requ irem en ls, <I .) XDOC, PS
• Fadure caused by a preVIOliS fix XDOC, PS
• Performance problem (associated "'ilh tesl pha eJ
• Interoperabdity problem (not compatib le with other oft",are or components ) XDOC, PS
• Standards conformance problem XDOC, PS
• Other (none of the above ) XDOC, PS
Lds Inspect pseudocode examples . The In pectl on focu ses o n defec ts in com mISSion (wh ether the
methods chosen .re appropriat e) and omi ssion (whether thtr. are other methods that should be
Included ). The pseudocode for a me thod hou ld be c hecked aga inst th e corre pondln g reqlllrcment in
the SRS or in the SOD . For example , the follOWing is an early draft of a D ' reqlllrel1le nlS of Encoun ler
fro m the SRS ,
-(essentia l) Evrry game charaettr has 11]( SlI m( srI of qual,tlrs Each qualIty sb,,11 be a IIo" -l1 rgah(!( floatltl9 po""
numb,( wl fh (II itast o.u arC/mal oj preciS/ot! TI,ts( {1ft all i1ll llfll,zcd ('fually so tba l IJ;r SIIIt! oj II)(Ir IJ"Iur5 IS IOU
For Ih, first rC/(flsc fbc qua/illcs shall bc (otl tclI/rallo", slmnUla, Jt11rll,gCtlrr, I,a fimtc, tmd ( /(('119 11, Tllc pal,u oj t1
quailly ca"" ol be bOI/' 9ft. 'rr IIJall u ro ."d 1m Ihml as ..
Th is reqUiremenl IS Implemenled by the fun cti on IId)II"OII.IIIy (Slnll9 .0ll.I,Iy, flolll "OIll,I'Iy\l"I",) Wllh
the pseudocode to be In<pected as show l1 111 Figure 203
An inspectio n of Ih" pseudocode sho uld ex po, the roll ow lI1 g de k e "
Recailihal the In<pectlon prOLess sho uld merely c<labli,h Ih at there I< 3 defec i In cach ea , e IlillC
should be spe nt by the In spec ti o n rca m Iryll1J.( to repalT till' defec i dUTIng th e In<pec tl On Illce tlll!! T hl'
I"age seveTity cia<slf'C3t10n of defec i 2 (re lallng to li ne 10 ) " ""'3J Or" beea u C It< "'''' '1" e I311 0 n an lead
to "S I"flCant dlff ren 0< In th e produ I U'lIlg the I~ FE 1 0~4 1 'Iandord , 11< cla",h OllOn "
" Comput atl o n.. 1 "
536 CHAPTER 20 DESIGN QUALITY AND METRICS
20.12 SUMMARY
A soft ,,'are design IS assessed in term s of desig n qualities sllc h as ",ffidrnty . robu' h"'.' , flexibilily, rtu,ability,
cffi"tllty . and rtllllbolity. Metrics are defi ned , collected, and assessed fo r each quality . In addition, the IEEE has
defined several metrics for assessing the com pl exi ty of designs. These include nllttlbtr oj (ulries mid exits pcr module ,
graph-lhcortllC (omplexlty for ard'ltccturc. and data or IIIfonnal/oll ]low complexity.
When se lecting an appropriate softwa re archItecture for an application , we explore several alternat ives
and co mpare their relative streng th s and weaknesses . Each is mea sured against severa l qualities to determine
which alternative I the strongest.
The quality of detailed des,gns is pursued by fo llowi ng steps such as ensuring that each arch itectural
module is expa nded, each part of th e detailed design maps back to part of the architecture, the desig n fulfills
ItS reqUirements , the desig n is complete and testable. and all the necessary deta il s arc provi dcd .
Inspecllons arc used to fi nd des,g n defects TI,ey focus o n inspecting classes. their me th o d prototypes
(name . return type, and parameter ty pes). th e flowcharts and pseudocode, and th e relatio nships among classes
and meth o ds within vanous models, such as use case , class, data Oow, and state. D efect types can be classified
U inS th e ca tegories specified In IEEE standard 1044 . t · 1995 . These include the fo llowi ng types of problems:
logic. co mputational , interface/timing, data handling , incorrect scope, data , documentation , perfonnancc,
Interopcrability. and standards conformance:: .
20.13 EXERCISES
I a list the qua"ti.s that desig ns sho uld possess. In your ow n words, descri be the meaning of each
b Choose three of these qua"ties. For each, give enough of two differe nt des,gns for the
follow, ng appl ,catio n to clearly distinguISh one that cores hig her than th e other on terms of
BIBUOGRAPHY 537
the qualit>, The appl, at ,on takes" ,nput the academi record of a h,g h <chool stude nt and
produ es as ou tput three career< to which the <tudent appear< to be well·suited. An
e.wlanation 's prov,ded as well
2 o n"der an apph allon that helps manage a fabric store A sume that the storrs sell fabncs and
as ociatcd Items >u h as buttons and ribbons. Give three 10 (our robus tness IS ucs spccd\c to (hl~
applicallon Explain your c ho,ces.
3 Below is code for a me th od d,o,d,() Make the method more robust ,n at least twO ways.
BIBLIOGRAPHY
I H enry . , and D KJrur.l ~Sohwan: <;tructurc "' Iem Bil\.Cd on InfomliHlon Ao.... , IEEE T"'I1(';ldI O'1\ Or! oflll'l," &t.J1"an~ , Volume E-7
No s pp 5 10-518 SC'ptcmlxr 198 1
1 ShC'p~rd. Milnm , "O C'oIj7(n melne: .. an empIrical 3naly ..... , (EEE SO/IIl',m tnill"lf"ll1!/ 'ournJ I Vol 5 0 1 IJlluarv !lNO pp ~ - I ('I
3 BcnnatO, ScoIL A FNJ C.oo.:l 'n/Of?14Jlb./:m Savnly Mrln('\, July 2005 , hltp J/~' c-.oon llne: convolrtld 220 1621AJ't:w_ :~.xUnformallon_
R
21.6 SUMMARY
21.7 EXERCISES
Figure 22.1 The context and learning goals for thi s chapter
540 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
ode IS realed fro m de<lgn, whe the r the de,,!; n " expre<sed In "'fllInR or nOt In the 00 ca,c:, thiS
mean, that man of the cla"e, -a nd !lerhap, the method, as well- may a lready have been Identified and
deflned by the tu"c prog rammlll8 Deglns. The l11all' goa l of the programme r" to translate the deSig n Into
code that IS correc t, bug free, and mOilltalnable. Many lechn IClue. and guideline exist to help the
programmer achu:ve lhe c goa ls, and th cc;e arc covcr(,d in thi S chapler.
ode listi ngs arc provided In ect lon 22 . 15 lhat Illustrale <evera l of the precepts discussed In thiS
chapte r
ThIS book ha< reviewed the idea that agi le and no n·agile approaches differ but also support each o ther. If the
approach used on a proje t I agile, the n impleme ntati on-the subjec t of thi s c hapter- is begun just as soon
as the Rrst user Story has been understood . That is very earl y compared with no n. ag " e approaches. Fo r agile
projects, Implementation IS viewed not o nly as building the applicat io n bUI also as a process of understanding
the requi reme nts The very act o f determining classes and methods is a process or fleshing out a realization
or th e C'J rrcnt user story. There i no oth er requirements analYSIS o r deSign or documentation process unless
th e team fetls the need fo r these III the course of implementing each user story As the implementation
progresses, the proce of refac to ring (see C hapter 24 ) is viewed as enabling devel opers to alter the deSign
and implementat ion to suit evolVing requirement .
O n the o ther hand , if the approac h is non·agile, then req uiremen ts and a design (though no t necessarily
of the enllre application) arc in place when implcmcnt(Jtion beg inS.
The programm ing language selected fo r implementing a de ign is usuall y dICtated by the company, the
customer, or th e environment 10 which th e applica tio n must run . For example, if the application is Web -
based, some JavaScnpt ma y be reqUired. If the compa ny is a Microsoft ·o nl y shop, then CN may be the o nl y
choice. Given a programming lilnguilgc, it IS th en necessary to selec t an interactive develo pment environment
such as Eclipse fo r Java o r Visual Studio fo r Cff. When the freedom eXISts to select a program ming language,
an Ident ifica tion and weigh ti ng of selec ti o n criteria can be used to aSS ist th e deciSIo n. Features of languages
needed for th e appl iCCl tl on constitute o ne set of cri {cria. Another criten o n is th e avai labili ty of uscfullibrancs.
Th e degree of softwarc engineers' expertise in a language is yet an o th er ractor, and its weight is usually hi gh
As of 2009, most languages used are o bject·oriented . Many of the principles dis ussed in this c hapter
apply, whether the language is object·orie nted or not, o ther< make sense on ly fo r 00 app lica tio ns.
22 .3 IDENTIFYING CLASSES
Let us f,r<t look at the ori glll of classes, whICh is the basIS for an Implementat ion, Each class has o ne of three
Ori gi ns. Dotnaltl ria ssrs refer back to the corres po nding partot; or th e requ irem ents for their intent, drsig" ("faSStS
rcler to the Software Design Document (SDD) Inev itably, addilio nal classes wi ll be needed that were
not enVisaged 10 the desig n. \Yl e can call these impJrmnllation c1as sr The ongi ns of a class arc summarized in
Figure 22 .2.
A class should have a name that makes sense to Irs (ludlcnce. For example, V.droSlorr G15tom" IS uch a
name, whereas SIObsNobKl probably i<n't. Class invarian ts shou ld be stated and observed by all of tho
meth ods of the class These arc concre te statements (e.g, IimllS o n valoc ) about the class attributes and their
relationships. The constructors and nonst3ti c meth ods of th e cla ss arc designed \'0 as ume but al so to enforc("
th e cla ss invanants, th ereby mak.ing their purpose within th e dOl s more expliCit ilnd, In consequence, making
DEFINING METHODS 541
• Domain class
• rrc ponds to a fCQlllf('ments paragraph
• Example, DIID
• Design class
• peClhcd in DD
• lot a domain cia,,,
• E."mplc· ROllal/le,.
• Implementation class
• Too millor to ~ pecdy In design
Ihe la more reloable . The ROII"I class In LISting 22 .2 ( eClion 22 . 15 I), for example, specifies the fol lo"10£
Invana nt and a method, heck/"ullnaH I() used for unit test ing
The mo I Importa nt goa l of a block of code IS for it lO sa tisfy Its purpose. We refer to ,uch code a,
"correct " Th is means, first , that the programmer knows w hat that purpose IS se a nd , th(· programmer wntl'S
do",n that purpose precisely wit hin th e com ment s, thord, the ode Im plements the purpose, and fourth , the
programmer explain , formally or IOformall y, why the code fulfi ll s the purpo,e The IIIIOIl/pr(co"JoIIOII'
postconJ",om/rrtundm/ltlc (0 ,","01' (ormat cover<.:d III lhe next ~c lion I S de Igncd to ht·l p realize the goal of
correctness .
When alliS said and done , the work of an application IS performed b It S method< (also know n procedure or
funclIons ) ror that rcason we ,ake spe ,al care to ,tatc the purpo,e of eac h w,lh,n the c de comment< The,"
can be effec ti vely organized under t3 tC'J.:0rJC, c;uc.h JS mrwI , prrcoml,',oll , pO~llo"Jlllo'l . rdunl , UHleIr"",t, rxcrp'loPi
and blow" ISSUes The HtUut .:lnd Jmoum I NlC~ arc Informal , but th e rcS t <Ire pn.'t. I'C: The , peclfy comp letely
couthlO8 sta tcm 'ms In lcml~ of nllmed va nablc,
The IOU:nt il) documentation thai pJo..:ralllllu: ro; u",ullll y prOVIde an In formJ\ ' I JIC nl l' l\l uf what the
method 's Intend d to do ~()r cxampk. the method l,r,NrxIRrollflIN"",llfl () In the la" R"II,,1 of L" t,ng n 2 ha,
the follOWing
l1"s help, 3 lot In expla"",,!: the meaning of the melhod. NOle thai II " not a precisc or thorough
deAnttlon If the method corresponds ro a documented detailed reqUirement or if it i, ,pcc,f,ed in the de,ign,
the '"'nl' · tatcm~nl may simply rdcrcn e th,'i.
11,e preconditions deAne the assumption lhat the method makes about the value of variables external
10 the method , including the parameters. nIl excludes loca l variables. The method srlldO In Listing 22.2./or
example, has the followln8 preconditions,
In ot her words, rhe method's code assumes that mIld is within the legal bounds. Notice that the
specification of preconditions IS precise-usually Slated in term s of concrete, named va riables. For all but the
"lnlent" SeCtl OM , vague statements lead to ambiguity and should be avoided .
The po tconditions specdy the method's effects. Every method has a return or a postcondition . This is
because methods exist to have dfects. There is no reason for rheir existence otherwise . The effect does not
have to be permanent. For example , a method that displays the acknowledgement "DVD Rental Completed"
has the following postcondition,
More commonly, postconditions refer to variClblcs whose values could change . The co nstructor
public Rental
( intan ld ,RentalCust omeraRentalCust omer, RentalltemaRent alltem)
throw> Except ion
When a method depends on another method from which preconditions or posteonditlons are to be
repeated, it I preferable not to literally repeat the precondition , but merel y to reference the methods on
which ir depends This practice is applied in precondirion ( I ) The beneRt of such a rderence is that if the
preconditions in the ca lled method change, it IS not necessary lO then update the preconditions in (very
method using them . The postconditions in thi s example arc pretty much what o ne would expect for a
constructor.
As another example, if we define a method
so rhat .dd,"d2 is asSIgned the sum of .ddtlfJ, and nddmd2 , then .dJrnd2 is mentioned in the postconditions as
follows ,
The notallon x' refers to the v.lue o( a vanable " at the conclu ,on of a method
The Invariant SPCCdlCS a r('latl onship among the variab le... thal the method doC's not alter ThiS program ·
mer may want to draw altcntlO.n to an invanant . For example, he may want to Sln: S that the class Invariant IS
honored by the method. pecifYlng an Invariant IS equivalent to qallng It among the preconditions and the
pOSlCond,tions.
The return pCCliles the exact nature of what the mcthod IS Int('ndcd to rt-turn Once Jgaln , thiS IS
class Rectangle { . . .
public double area ( double aLength , double awidth ) . . . '
• l"uana"1 , Relatio nsh ip a mo ng no nlocal va ria bles th. 1 th e me lhod's executio n leaves un cha nged
(The val ue, 01 th o Individual va nable< may c hange, however )
• Equivalent to Inclusion In both pr{' · and po~t o ndlllOn<i
• There may also be In vanants among loca l v,nable<
• Rrlurn :
• What the method returns
• Kno lDn ISSIltS .
• Honest ,Iatement of what h. 10 be d one, delecI, that have not been repaired, etc
• ExcqHIOHS
• n,ese arc of l en thrown \vhen the prcc.ondillon..; arc: not Illet becJlI\c dw;; In{he'He," an abn rTllalu) In
exeCUtion
•
/ n Intent : Record anOorX at aRo w/aCol if aRaw/aCal blank ; Retu r n ' N' if
• not permitted ; return anOorX i f full row/column/diagonal
•
1> Preconditlo n s : a nOorX = ' Q ' ORa nOorX= ' X '; 1< = aRowO(:;;3 ; 1<;aCol<=3
•
* Postco nditio ns (note use of x and x ' )
" Post.O . All preconditio ns are met OR Ey. ceptio n thrown
• Post 1 . gameBoard ' co n tains all n o n - b la nk eleme n ts of gameBoard
• Post2. gameBaardlaRow- l] laCo l - l ] = " OR retu r n = ' N'
• Past3 . gameBoardlaRaw- l llaCo l - l] ! = " OR
• gameBaard ' laRow- l] laCal - l] = anOo rX
* Post4 . There is n o full li n e o f anOo rX i n gameBoard ' OR r etu r n:;; a nOor X
· /
public static char ma ke Mave( c har a nOa rX , ; n t aRo w, i n t aCal) t h r o ws Exce p t i o n {
This has th e pro perty o f being independent of th e class It belo ngs to . and we would ty picall y make"
, Iallc. We wo uld invo ke this vers Io n of nr<nO as in
. . . Rectang l e . area ( 1 , w ) • • • •
Al terna ti vely, we could de fi ne nrenO with preconditions on the instance va riables 1"'91h and widlh of
R,elnH91" a in
c lass Rectangle { . . .
public double area () . . . . }
This leverages the object· oriented nature of R, InH91,. We would invoke th is version of .renO as on
. . . rectangle.area () • • •
Figures 22 .6, 22 7, and 22 .8 summanze good habits for imple me ntin g cod e. The y arc described in more dotail
in the following scctians, and many of them arc put Into practi ce in, listong 22.2, found in Section 22 . 15. 1i
and also applocd to the R'Hlnl class of our video store example.
When assigning names to vilriables , parameters. functions. classes, ilnd so on, the most important criteria a~
that the names are expressive and that they convey meaning. They should not include vague, ambiguous
terms. This helps the reader to understand their purpose (recall that Our job includes produci ng ma intainable
work). Consider the following piece of code,
IMPLEMENTATION PRACTICES ~5
• U se expressive naming: th e names of the (unction , th e parameters, and the va nables shou ld indicate
the" PUll>0 e
• m(llllpuinlr(jloal aFlMt, .,... r mrl"r) - poor
• g"&",ROIsrdToExpo,,mt(floll' ,113,,,,, ,", ""Expo"ml) ~ belter
• Avoid g lobal va riab les : consider pa 'ln8 paramelers Inslcad
• rx'rac,(,., a"E" lry ) { labl, = } _ replace]
• ""'r<lc'(IHla"E,,,T)', Employ«Tabl, a"Employt<Tabl,) - belter
Bul Hot wl)(l1 the tlumha of para mrl(r) rxcrrds ± 7
Whal does llll< fun c llon do] Il mulliplies Ihe IWO pJr.lmtICI'. Jnd re lums the ""u ll , bUI whJI eXJ t1y"
Il, purpo\ 'l it " hard lO le ll hy Ihe name' of th e funcllon or Ihe vanob le ' - lhcy do nOl o n ey "ny mean",!;
Now cono,lder lhl\ li lmpl e fun lion rewritten u~ lng C'<fUC';;lve nJll1c'i
~6 CHAPTER 22 PRIN CIPLES OF IMPLEMENTATION
Even with ou t co mment s, th e purpose of tht" (unctio n IS now cl ea r: it co mputes th e area of a recta ngle,
lI <i ng the le ngth and wi dth that arc p. scd as parameters.
G loba l van.bles are dat a accesSIble fTom an ywhere in a prog ram . Using g lo bal va ria bles compromises the
pri nCip le o f mJOfrn a liOll h.dll19, w hich we discussed in Chapler 15. InstcJd. w e want to minim ize thei r usc to
reduce the dependence o n o th er part s o f the im pl("m Cn lari o n and to hide implementati o n detail s.
D on't usc parame ters as wo rking variables th is is not th eir purpose. Parameters sho uld o nly be used to pass
info rmatio n into and out o f a functio n. If a wo rking variable IS nceded . It should be decla red within the
funct ion O th erw ise, unintended errors can be introduced . For example, If an input param eter is used as a
working varia ble. Its original value ma y be mod ified. T hcn if the parameter IS used late r in the fu nc tion with
th e assumption that it contains it s o ri ginal value . an error will occur.
limit the numbe r o f para mete rs to 6 or 7-lt is hard to keep trac k o f parame te r and use them properl y
if the re arc morc than 60r 7 Also. the more parameters are used , ,he more li ghtl y coupled the call ing func tio n
is with the called fu nc tion If so much data need to be passed, reexamine the design and sec wheth er the
coupled fu nctions should be combi ned. or if they belo ng in the same class, With the parameters becoming
pri va te class members.
It IS no t good practice to use explici t numbers in code. ConSider the follow ing:
It I nOt clea r what 8927 means. Why loo p 8927 limes? Usi ng a number like this hides the truc meaning
o f the loo p. Now consider ,he fo llowi ng,
•
for( c e ll Co un te r = 0; ce llCount e r < NUM_CELLS; ++ cellCo un ter )
Th is is much clearer the program containS cells. thcr. are 8927 of them. and we are looping through
all of them.
IMPLEMENTATION PRACTICES 547
",here N U '1_ ELL "defined , and all re kre n c, 10 NUI\I_ ELLS ", oil u<e Ihe new value
Ir IS good practice to dcclJr(' va nable .. a.. clo C (0 thl'lr hr<.lll'c a') po",blt: If you arc rcadlng a pu:c(' 01 c.ode
you ~rlll then be m o re likel y to hnd J l'ld undc.::'-"'la lld th\.' v.:lnablc, I t rd('r('nct:~
The reaso n we In lli aliz\.' vJnabh:~ I ~ to take cOlltro l of th t.:m . avold lll g ddallit or garbage va lue . . that tht.: "y.,lcm
as Igns. n ll c; aVOids POLt.:llt lai error.; where J v;:t nablc '''' used and con tainS an uncxpt.: lcd valu\.' It I') good
practice to in itiali Ze (J variab le when Il I') declared, a . . In thL' (ollowlng example
22.5.6 LOOps
Loops. ca n be c01l1phcatcd and arc common "'OUfce... of . . e n ou... (adurc..·... TI1C arc.:: thu., 'peclal targch 01
vc n ficJ tl o n McConnell [ I J ... uggCq S the fo ll OW ing question, to I t: an ... wt;..' red a, gllldc(,nc ... to tn.,unng loop
CO lTectne~.;
• H ave lo ng loop (.onlt.'nt" hee n moved into thl',r ow n fun lion '"
They arc dc.,trrhed In more (il-ta dll1 dl(' fO ll ()WII1~ "l' l l tnn., Jnd Ill anv or them J l l' r llt InW rr~(;tI (' an
I",t",~ 22 2. fuund "' '><(l IO" n 15 I and ar plo ed hI Ihe Rnll,,1 la" (,lour vlden 'tOfl' e,.mplc
548 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
n dIe IIw p,"c ti cc lo r nliniml z lIlg bugs is to a ntICIpate po te ntIa l e rror> and Impleme nt code to handle th em
ll'l ~ t(. hn iquc IS Glilcd dcjt11Sil)c progrmtf'"ltIg nc orthe most common erro r sour cs 1\ Illegal data, either (rom
a bad vallie in a (-un tl o n's II1put param eters, or from an external source su h JS f! file, database, or data
communIcatio n lone . In each case the bad data must be detected and a stra legy e mpl oyed to handle il. There
are a numbe r 01 crlec live defen Si ve <[ra<cgies such as ig no rin g the e rro r. slIb<titul ing a default va lue, o r II the
error IS (rom an c.:xternal source, wailin g, (or valid data . These arc di scus'O\cd in ma rc detail in th e nex t secti on.
ExC/P lloli halldl"'9 IS J mechanism lhat paSSl'S contro l to erro r handling code that kn o ws ho w to respond
to lhe erro r. Many I.nguages such as Java and C++ have bu dt · in e xceptio n· handling laclloll es. Exception
handling IS covered In Se lio n 22 .6.2.
O th er meth ods 0 1 dden Ive programrr.in g include bufler o verflo w preve nt io n and "e nlo rclng inten·
lio ns · Eac h is dIscussed al the end 0 1 this sectio n.
Deve lo pers are constantl y faced with the issue 01 what to do with po tentIally illegal data . An example 0 1
illegal data is an account number that docs not correspond to an ac tual bank account. Altho ugh we try to
make ImplementatIons as simple as pOSSIble, the real world is not simple. A large fractIon of programming
goes toward the handlmg of errors A dISCIplined approac h is essential , pick an approach , state it, and be sure
everyo ne o n the team understand and abides by il.
Gi ven that the possibiliry of errors must be dealt with , how does one program a method to handle illegal
input-tor example, a merhod that gives the balance on an account number when the method's preconditions
clearly require that the account parameter be legal l lf all of the aspects of the development process have been
properly practiced, the method's parameters wi ll always be legal whenever the method is ca lled. But should we
program a check of the parameter value in case our design or Implementation is flawed, The answer depends on
the requ irements . For example, suppose there is a system requirement thOlt the continued eXc.."Cution or the
application is paramount. even if the execution is degraded or flawed . In this case, the programmer must deal
with all inputs , even those that ",ake no sense. Techniques for hand long illegal data are described below [ I].
Wait for a legal data value. If the illega l data are from an external source such as allser interface, database,
or commUnication device, onc possibili[)' is to interact with the data Source until the input is changed to a legal
onc before the processing continues. This is possible for much of uscr interface programming, where we can
often ensure that only legal inputs are permitted. If the only allowable strings that can be entered in a text Reid
arc "car:"'rruck ," or "bus," it is easy to prevent the user from continuing until a legal entry is made . A list box is a
common way to do thiS. Even here, however, subtle errors may creep in. For example, the user may cntt.'T date or
birth as I/ I/ SO and age (on 20(0) of 30. It is possible to check consistencies, but the onus i on the designer to
handle all possible consistency and boundary checks (sometimes called 'business rules").
Another example might be when data are transmitted over a faulty communica tion line. The receiving
method may be deSIgned to expect certai n data, but the application is ofte n explicitly required to continue
execution, even when the data arc not legal. Here, the data mllst be checked and errors processed in
accordance with the requirements (e.g., "If the signal is not between 3.6 and 10.9, discard the signal and listen
for the next signal . . . ") .
Sct a default value. Sometimes a default value can replace a bad data value . As an example, consider an
application that monitors heart functions and controls an oxygen supply to a patient. Let's uppose thaI we are
coding a method process (int measurementType, • . . ) where mra,umromlTy/>t must be
poSllive. LeI us assume that Ihis application cannot afford to crash even when an internal mel hod has
been given an illegal integer due to a development defecl. To deal with this, the code would check Ihe inpul
DEFENSIVE PROGRAMMING ~9
and set ",fe default value If po .. bk If th" " not po Sible, It may place the entire applic.tlon '" a default
mode of operotlon In e ither cosc, some kind of .lert would be raised indicating .n Internal error oCC1lrred
Use the previous result . ome soft,vare contmuou Iy monitors the va lue of something-for example,
real-time tock qUOtes. If one tll11e the . oftw.re read all Illegal value, a pos>ible reac tio n I to u<e the lastlcg.1
"Jllie th.t , . read 11l1S a !lood approac h when Ih e dala va lue, arc read frequently enough Ihal you don'l
~xpcct much deViation bctwet'n read" However, If Illegal values are rcad consecutively, the program may
,,'ant to raise an alen or log an error to IndiCate th e prob lem .
Log error . j\1any software applicanons Implcmt:nt a loggIng ~ubsy~ l e m to store erro r ,nformallon for
later use. Log IIlfOmlatl o n I>:. tYPically wntten to non vola tile 'Storage ..;uch as a file, With dara save d Including an
('rTordcscriptlon . SOi l,yare funen o n whl."re erro r 0 cu rrcd . ca ll ,tack at tlml' of error, regI ster values. and 0 o n
Throw an exccption . Exce pti ons arc a mt.."chanlsm to handl e unexpectcd program errors, mcludmg
Illegal data va lues. Languages slic h a C+-r and Java have bu.lt -In exception suppOrt Exceptlo n< are covere d
to more dctad In the next sec ti o n
Abo rt. In some appl.catl o ns any bad ddta are con>ldercd fa lal.nd the system IS aborted and resc l This IS
most often the COl C 10 applicatIOn s w here sarC:1Y IS a o nccrn and a bad va lue can cau cham, TI,ls ca n al 0
occur In embedded SYSl crn" that manage th"lr Own memory and detect memory corruption If 10gg1Og !
Execu llng the de li ve red producl reqUires 0 dlfferenl perspecti ve II ,he mel ho d I ca lled w llh negallve
parameters, tim Indi cate a defec I In Ihe app l, ca ll o n Itself \VIe wou ld like to protect o""e lv« aga ln>1 our own
mIStakes, but the Cure mu,t be rrde rable 10 Ihe dines,
Developers lose o ntro l o( their appl,catIOn when they apply an arb it rary default whose consc -
quen c are not kn ow n Th is must be balanced against the contInued execution of an appht.al lon WIth
wrong va lues. h owe ve r. It may be une th ica l to di tribute, WIthout warn In!! , an applicatIOn that handl«
dc('ctive d('vcl opment With an inco rr.ccl continuati on (i e., a co ntinuatio n not slaled in the reqUire -
ments). A defec t i a n1l take , but an arbitrary defo ult no t cxp hci tl y specified in the reqUIreme nts is •
cover-up. It IS often preferable to rc launc h an abortl·d app hca tl o n rather than ha ve It execute Incorrectly
(think of an applicatio n p lo tt ing airp lane course ). Undisci plined error procesSIng hides defec ts, and It
becomes expensive to fi nd the defect compared WIth allowi ng the application to c ras h (hopefu ll y at test
t Ime ).
Exce ptions arc a mechanis m to handle une xpected program errors. languages suc h as C ++ and Java have
built-in support (or exceptions. For those languages wi thout explici t support. developers sometimes design
and impleme nt the ir own exception-handl ing code.
In general, w hen an error is detected an Cxc(.'pt io n is t"rolo", mea ning co ntrol IS pa ssed to that part of the
program that kn ows how to deal with the error. Th is is also kn own as calcbill9 the excepti,," . As a ge neral rule
you should catch those exceptions that you know how to handle. A method handling an exceprion looks like
A method 110 1 handhng an excep tion (I.e .. passin!: it to callers) looks like the foliGwi ng .
• I( the present method cannot handle the exceptio n, there ha to be a handler in an outer scope that ca n
do so.
• If you can handle part of the exception, then handle that part and then rethrow the exception (or handl ing
within an outer scope.
• Make reasonable expectations about the ability of ca ll ers to handle the exception YOll are throwing;
otherw ISe, fin d an alternative design si nce unhand led excepti o ns crash applicatio ns
• "I ( you mU St choose between throwi ng an exception and continui ng the compu tation, continue if you can-
[2)- The point here is thaI the continuation of an applicatio n can be preferable to shu tt ll1s It down in cases
when the con eQuences have been thou ght through.
As an example, the Encounter case study continues to perform wit h a default name when given a faulty
parameter strin g (e.g., null ), si nce th is is preferable to shuttin!! down the ga me jllSt beeau e a name is Illegal.
On the other hand, a banking trans.ction WIth an illegal amount would not be allowed to continue.
DEFENSIVE PROGRAMMING 551
There arc differcn es of opi nIon conce rnIng lhe use of excepllons when a method IS c.lled .nd does not
sail fy It'S precondltton; ome believe lh al lhl IS a leglllmate usc fo r exceptIon , others dlS.gree, and belteve
that thl is a matt er for testIng alone, The aUlhors' o pInion IS that stnce code IS naturally error-prone, a
con 1 tent policy (or thro,,'ing exceptio ns In uch ca cs 11) a benehClal practice
Some langu.ges, notabl y and ++, . 1I0w writIng to memory lh.l exceeds lhe space declared in the code
For "ample, the followIng C code declares an array wIthIn a method
Clearly, we intend to WrHe no more lhan 10 charac ter< to ",yCha rArr.y. Howeve r, Ihe follOWing code
"-III place new bits be)'ond Ih e memory allocated to ",yChnrArray If lom,(I""Array happens 10 be longer than
I0 characters.
The effects of thIS ove".ntlng can be benign , bllt the y ca n al 0 be catastrophIc lor the appltcatlon, If
exploited by a m.llci oll hacker, they ca n prod uce a securilY breach Thl ca n be prevented by checking
v.na ble size at ke y pOInts (e.g., when a lIse r proVIde Inpu t) .
If YOll Intend somethlllg about how the code yo u arc con tmcling IS 10 be used by other parts of Ihe appltcatton ,
Ihen Iry to enforce this Intentton . The aUlhors ca llihi Ihe "Enforce Inlent lons pnnClple It IS often evI dent In
uscr tnterlace , where appltca tt ons try to preve nt Ih e lIser from entenng dleg.1 dala \VIe are stressIng the
"Enforce Intentions" pnnciple for mltnltll proc{"t:;s lng heft" . The prinCiple ISJnalogolls to conslru tln g curbs and
ISlands on roadways 10 direct traffic along JU I those palh intended by tra flic engineers , and no olhers lIch
enforct.'mcnt of intentions makes road s safer, It IS comm only apphl'd In many l'nglnec:nng dlsopllnes The
followlog Includes cxa mple of Ihe "Enforce Inten ltons" pnnclple In software englneenng
• Us<: qualtflers such asji"al, co,,<1 In C+ +, and abstra<l 10 enforce the orre pondtng tnlentto ns ji".1 c1asse
can't be tnhen ted from ,jintll met hods can'l be ovcmddcn In tnh tnted cia <('5; Ihe va lue ofji.1II1 vanables can'l
be changed If Ihls cause< comptl e ·time error , II means Iha t YOll do nOI fu ll y undersland you r own program
yet, and no harm ha< been done \VIhal we espt lally $l'ek 10 aVO Id arc n.lIlltm e erro"
• Make COnstanls, varianles, an d cla.sc< as loca l a< pOSSIble For cxample, delim: loop counlers withIn the
loop don't glVt' them Wider scope If th iS I) nOt you r Intention
• Usc Ihe Single Ion deSIgn pattem .r Ih re IS to be only one In'tan e of a clas. (see hapter 17).
• Generally spcakl ng, make member. In accc" lble If lhey are nOI !,eclAca ll y Intended to be acces' ed
directly
• Make a1l nbules protecled Ac.cess Ihent Ih roug h more pub lt c acc«sor fu n lI on reqUired (In IJ a .r
makIng attnbules prolcuecl Hlvn On)e IS of ,"bda<,es JcceSS 10 member< r Ihelr ba e IJ"'" whIch I'
oflen undeSIrable )
• M.ke nWlh"ds p,,,,.,, .r Ihey arc for u", on ly by melhods of Ihe >ante IJ"
552 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
o n'\Idcr IIlt ro du 111 & c1J \ 40c \ to encapsulate legJ I parame ter va lu es that prevent bad da la For
exa mpl e. If th e intent io n ror a meth od Clw iUtl lc() is to accept only I' ear," "tru ck," or "bu s" 3 C, parameters, then
It nu ghl be won lWl hilc n Ot to u C be Ju se It Intro du ce th e po s'lbdltY of ill ega l
" 1119 JS 3 pJram <.' tc r
parame ler< It would be belle r to de fi ne a cla« suc h a Spr ", /mJVd"c/, with a priva te conStruCto r and
/.. tory fun c ti o ns.
The method In question can the n ,ake o nly a parameter of th is type. In o the r words, instead of
use
When the posSIble parameter values arc restricted but infinite, a separate class can stili be valuable. For
exa mple, a person's age is an integer between 0 and 105 , let's say, and so a method
may have to deal with errors. In fact , the same error proceSSing would have to be repeated for all methods taking
"g' as a parameter. O n the other hand, a class Agr with a private constructor and a publ ic fac tory method
Age g e tAge ( int ag e P )
would handle erroneous input In a consistent manner, located In the same place as all the other aspec" of age.
Some options for dealing wit h this error are described below. The disadvantage of this method is the
proliferation of additional classes, and the slig ht awkwardness of ca lls suc h as
. . . getYearOfBirth ( getAge ( n ) ) • • •
. . . getYearOfBirth ( n ) • • •
Applying coding standards across a team improves diSCipline, code ",adability, and code portability. We will
prescnt o ne set 0/ standards as an example. Some of these arc adapted from Scan Ambl.r ( 3). Oth.; s~ncUrds
CODING STANOAPDS 553
can be found at unorporallon's Java He The exact nature of a ~{a ndard is not nearly as Important as the
tact that the tcarn u'\cs one
• lame: entities wilh concatenated \yords as In IrnglhCylmdcr Thc<;c arc ea y to understand and they con crvc:
<pace ExceptIOns may be pemlltted at the discreti on of the programmer
• 8egln class nc)me wirh capitals. ThiS distlngUl ~ hc s them fro m va nablc:s. orne tools precede the name of
enriries with standard letters or combinations of letters. such as . . (or classes as In CuslOntlr This IS
u clul when the importance of knowing the types of name, exceeds the resuiling awkwardnes,
• Name variables beg inning With lowercase letters . on tant, may be excepted.
• ame consta nt with capital, as In I_AM_A_ ONSTANT (usc static final ) lAMA ONSTANT IS hard to
read; JamA Coll5tant cou ld be confused with a class , ,AmANamr gives no indICati on thal Il is a constant
• Some orga nizao on distingUiSh between vanables local to a method and those of the class ("Instance
vanallles). For example, begin (or end ) the name of instance vanables of classes With an under-co re a< In
_"rn,OjDay to dislinglllsh them from other variables, since they are global to the" oOject, th" I u.ed by
Gamma et a!. [4] but derided by Ambler [5]. A convent io n used In the ca . e study IS to append the suff" I to
Indicate Instance vanable , as In lim,OjD"yl. Each Instance van able is global to each clas. Instance . and
when one IS encountered in a block of code, It is useful to know thiS
• ConSider uSing a notation to dist ingui sh the stallc v.nob les of a class. The ca,e stud y u'es the surRx S, as In
n"rnC.'sEutrBu iIt5 Reca ll that a static vanable IS global to a cia... and It is heipful to know that. vanable
encountered In a block of code IS one of these
• Usegrt , sri , and IS for acce sor methods as In 9,INllm,O, srINII"" O, IsBox() (where the laner returns
a boolean value). Alternatively use "",,,,0 and ,,"m,(51'ltIg), for attribute name (c g., In ORBA-.ee [6]) .
• Augment these wllh standardized addil10nal "getters" and "setters" of co!lecllons, for eXJmple 1I11tr1l"loNamr{),
'''''O!J,F,,,,,,Narn,O, n,wNam,O.
• Consl dc:r a convcnllon for parameter" One o n Vl'n tl o n I to lI~e the' prc~x a, a... III 11"*(1111 nnhllcrg,n . mt
anlnlrrgm j. The case stud y u.cs the: <u(flx P, J' In S"m (11i1 ""mIP. ",I """'2P).
u ~ a conSI~ t om standa rd ((Jr~(!paratlon InCe s lll ~ l e bbnk Ilnc~ arc u~dul (or C;t:para tlll J.C Odl" ... e(.tlolh Within
mtthods. a conSISt "nt "andard IS to use dOllble blank line, bet,.een method, \'(/lIh,,) method, CGn Ider
"~/1dard, such a~ the loll owII1i!
SS4 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
• U sc porc nth cses wilh in expresSio n 10 clari fy Iheir me' nln g , eve n If Ihe sy nl ax o f the la ngua ge makes th em
unn c cssary Th i, is In appl. allo n of "If you kno w It, sho w II ..
In namin g clJ~ses , usc ",ingular names suc h as " USIOllltr, unl ess the cxprc!Io'; purpose is to collect o bjects (,n
whi ch case I" 'om,,, mig ht be appro prialc). T o prcve nlthe pro li fe rati o n o f classes, il lS somellmes desirable 10
have . clas, o liecI itS o wn In tan ces This wo uld be do ne Wllh a "alic data me mbe r o f th e class.
22 .S COMMENTS
Comments arc no n<:x t'cut<:d lines in a program whose purpose is to describe the intcnt of the program
Effecti ve usc of comments is impo rtant to understanding code.
Good co mments sho uld nOI simpl y repeat what is o bvio us fro m readin g the code. They sho uld provide
mean ing . explaining how and why a piece of code is doing something. Fo r example,
i -'-+ ; I I i n c r e me nt i
The comment here pro vide no additi o nal inrOmlJtion regardin g what the variable j means and why it is
being incre mented.
Now consider thi s example . using the hlnction dollO we saw earlier in the chapter.
i n t dolt (i nt a , int b )
{
in t C i
c=a *b;
r et urn c i
}
With no commenls and poor naming of the function and parameters, the purpose of Dolt is nOt obvious.
By addin g commentS we can make its purpose clear.
I I dolt - compute and return the area of re c tangle given its length and
width
I I a - length
li b - width
intdolt(inta, intb)
{
tnt c;
c=a*bi
return c;
}
Evrn though thr names of thr function and parameters are still unclrar, thr commrnts c1arify.ts pul"J'OS"
and the mraning of Ihe parameters.
TOOLS AND ENVIRONMENTS FOR PROGRAMMING 555
class Tr iangle {
private static final double DEFAULT - TRIANGLE - SIDE = Double . MAX - VALUE ;
II Invariant : 0 < len1 <=Do uble . MAX_VALUE
protected double len1 = DE FAULT - TRIANGLE - SIDE ''
II Invariant : 0 < len2 <= Double . MAX_VALUE
protected double len2 = DEFAULT - TRIANGLE - SIDE ;
II Invariant: 0 < le n3 < =Double . MAX_VALUE
protected double len3 = DEFAULT- TRIANGLE - SIDE ;
II Invariant: lenx + leny > le n z for ( x , y , z) = (1 , 2 , 3) , (1 , 3 , 2 )
Il and (2 , 3 , 1)
• • • •
lor example,
" 1 < _age < 130 " or " 36 < _ l e ngth *_widt h < 193 " .
As a reviewer of thiS book has no ted , onc can wnte a eparalC pnvatc..· or protected mcth od that IS ca lled
by other method when the invarianl n~eds c h~ckin g
It has been ~ald ohen that, a. . a species, we art loolmakcrlO, and thi S 1(,; no less tnlc of oftwa n.'" developers An
increaSing number of tool arc .v.dable lhat help developer<.
Interact.ve developme nt enviro nments riDEs) are Widel y u<cd to e nabl e progra mmer< LO produce mo re
code In iess t.me They Include drag ·and -drop faCilitie s lor forming C UI comp()n~nts . grap hical representa -
tion of directories , debugger<. "wizards: and refa LOrong f.cili tLe (d.<cus cd In hapter 2 ~ )
Profilers such a lProb, can be u<cd to accu mulate statl,tlc o n ode su h as
•
• Cumulative CPU and c lap<cd lime
• Number of call,
R~ver~c , enf(lI)ccnng tools are aVJ dablc tholt take sour e code J' Input Jnd produ c ImHted d lumen -
latlon An <:xample of J rcve"c -cng lnc:cnng source ode t 0 1 1 Ii.wadoc Rc vc~c cnglOccnn,.; I' d"lu"cd
mr",: fully III hap I"r 24
~cra l obJo~ I -()n e l1l e d lool, (sut h " Rotlo nal Ro<c . TogethcrlI/ C+ +) gencral~ ' o ur(o (od~ fr m d~"
m()dcl~ 111(."5(: rorward ,enS{lIl 'cnng tools can not h{' c>c pc: t(.'d 10 g('nl'JUtC more d\an lode ,L..dt"u n, \\ !thin
556 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
w i" h Ihe pro~ ralllmtr Illu't wo rk to pro duce th e cventu,l,mple me ntalio n H o weve r, ' 5 o ur diSC USSio n o ( MDA
In I"pter 2 1 sho wed, pl,ns arc under way fo r ,mb,ll ou o dc gc nc rnll o n , p, b"",,,, The <. me tools also
pcrio m"l reverse englOcenng by mc:chani ally pr du !OJ.( ci a, models fro m SOllr c code (hence: th e term "round#
tnp eng meering") .
The history o( tools in other branc hes o( engineering (e . ~ ., CA DI AM ) <Ul::!!cst. th at, de. pitc , rocky
start .nd sevcral (alse directions, pro gramming too ls will co ntmue to Improvc <lg nifi cantl y , that they will
co nt inue to leve rage prog rammm g skills , and th at they will reduce drtld gcry and mec h,n lCa l tas ks.
IRPGame~~-
,
'1.. J utile))
- --
c(file))
,, ~ RPGame .java R PGame .class
F1&ure 22.9 Design model and Implementation model for Ihe Encounter video game
558 CHAPTER 22 PRINCIPLES OF IMPLEMENTAnON
• •• •• • •• •• . .. _ . . ,. _ . . . ,. '" • •• • •
Time
Oat" Start SlOP Interruptn • . taken Phase Comments
6/99 10,04 10,25 4 + 6 \I Detai led Design Consulted with
am am V.N.
6/99 1,20 4,34 15 + 20 159 Personal Code Defect 14
pm pm review
7/99 • • •
22.10.4 Source Code (without Test Code): Add.ll o n.1 rulcs. The named of me' hods should
Ef/COUntefCharacter follo w commo n prac'ice for namin g gellers (g,'X()),
sellers (wX()) . and predica,c. (" XC), baIXO). ..
The r<ader IS refc ..... d '0 ection 22. 15 2 fo r a itSii ng
of ,h. code. 22.12 CASE STUDY: OPENOFFICE
Eclipse devel o pmen' stand ards and resources Eac h OpenOf[,ce class must begin w.th ,he
ar< I."ed at (8 ). They arc q uo ,ed fro m (8 ) as fo ll ow . fo ll owi ng header from [9 ]
/ * * * * ** * ******** * *** ** ****.*****
*OpenOffice . o rg - amulti - platform
conventions and Guidelines
* office pr oductivity suite
These cover coding standards, naming co nve nti ons, *
and o,h .. guidelines. Fo r exampl e , naming co nven · * SRCS f ile : code , v S
'ioAS arc decomposed as fo llo ws, *
* SRev is ion : 1. 2 S
• Eclipse workspace projects *
* last change : SlIuthor : st S SDate :
• Java package * 2005 / 09 / 02 16 : 31 : 54 S
• Classes and interf.ces *
* The Co n tents of this file are made
• Methods * available subject to the terms of
• Vanables * GNU Lesser Ge n eral Public Lic e nse
* version2 . 1 .
• Plug-ins and ex te nsion p Oint s . •
*
* GNU Lesser General Public License
* version2 . 1
Ne"." we give an example of one of the abo ve. *------------ ------------- ------
-------------------------------
* Copyr ight 2005 by Sun Micro -
* systems , Inc .
Mcthods, Me ,h o ds shou ld be ve rbs, In mixed * 901 San Antonio Road , Palo Alto , CII
ca"" wi,h ,hc Ars, lelle r lowercase, wi,h ,he firs t Jellcr * 94303 , USA
of each Inlt rn al wo rd capi,. lt zcd . Exa mples· *
* This library is f r ee software ; you
runl) : • can redistribute it and/ or modify
runF'~ ~ (J,. * it under the terms of the GNU Lesser
getBd ckqco und() ; * Gen e r al Public Lic e nse v e rs io n
560 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
) " .. r' ,· ~ , 1.,1·... • ·.. " uIII. · ··1H~u~"fllnll"'Tnf"t I IoIplorr, pruvul,.d by [onuo,,' tI~h ",.,.t:'d Intt"mC't
1- ~ ~__~________ ._,__
._~~
SCU'ce code? •
I
.-
• OoNm""U • hI ••
- VentOI' CO"'"'
Contents
1 RQQde(s Culde
. Oeve lo p.,'s G.... ,d. 1 1 Wha t Thl$ Manual COkers
' 10l ,.1'.'."0:.
• JOL 0 ... 19" Guid. 1.2 Ho .... This SOok IS OrgaO/;ed
o JDl DON G.... ld.
2 ,3 , 3 Configurat loQ
I
• • •
22.12.3 Sample open Office Code
F,gure 22. 13 is an example of the selected use All haptt'rs prOVide o ne r more exa mples that . how
of UML in this document. It how the inheri · the use of the API in the current de criptlons of this
tance of a pair of classes and the interfaces gllldc. . .
idt:noted with circles) that each of the two
d'5~ ,mplement.
The fo llowi ng sample, Listing 22 I, i. from
[ II J. The aut ho r, comme nts arc III di ffere nt
. ., type and in bold.
562 CHAPTER 22 PRI NCIPLES OF IMPLEMENTATION
com.sun.star.view.XPrintable
get?,;nter
~etPrinter
•
print
com.sun.star.frame.XStorable
haslocation
getLoc.ltion
i,R•• dOnly
store
"oreA,UrI
"oreToUrt
com.sun.star.document.
Office Document com.sun.starJrame.XModel
anachResource
getURL
getArgs
connectControlier
disconnectCont roller
lockControliers
unlockControliers
hasControlierslocked
Sl!tC urre nf Cont ro tIe r
getCu rrentControlier
com.sun.star.utH.XModifiable
isModified
..tModified
com.sun.star.text.xTextDocument
getText
reformat
com.sun.star.uti\.x5earchab\e
com.sun.star.text.
TextDocument createSearch Descriptor
===
findAIl
«servicl!»
findFirst
findNext
com.sun.star.utiI.XRefreshable
refresh
addRefreshListener
re move Refresh li st ene r
I ·*··****·*··~***··*··**·*··
* $RCSfile: ViewSample. java , v $
•
*SRevision: 1.3$
•
* last change; $Author : hr $ $Date: 2003/06/3015 : 46 : 21 $
II tt .....ill be • li . t of th•••
* • • •
*** * •• * * *******************. /
11___________ implementation___________________
// -----------------------------
1** This sample fun c tion performs all change s o n the view. *1
/I into. . .l daocription
564 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
{
aResul t : aEve nt. RangeDescr iptor;
synchron ized ( thia )
{
notify( ) ;
}
}
public void abor ted (com . sun . star. sheet . RangeSe lect ionEvent aEvent)
{
synchr on ized ( this )
{
notify () ;
}
}
public void disposing( com.sun.star . 1ang.EventObject aObj )
{
}
}
11 ______________________
}
The following paragraph inviles readers 10 following documentatio n, using the Encounter case
contribule 10 Ihe develo pe r's guide. This study as .n example,
kind of invilalion helps 10 crcale a cooperative
I . Programming co nve ntio ns
almosphere. Developers arc less likel y 10 feel
conSlncred by standards and guidelines when 2. Implementatio n model
Ihey partici pate in establishing them .
3. Integratio n plan
Make a contribution The prog rmltmiHg cOll vrn tions need no t ~ exten-
sive, but should provi de enough del.il so thaI code
We would like to invite yo u to participa te in this produced by differe nt students exhibit. consiste nt
effort. so as to cover the necds of the commu niry and style.
to hnng in the community' expe rience Please let us It is important to document your Implcmmtation
know wh.1 you would expect fro m Ihe Developer's moci,' so the e ntire team kn ows where files are to be
CUlde, what might be rni sc;ing in the current version, stored and fro m where they are to be retrieved .
which usc cases the gU id e hou ld cover and wh ich An i" fcgmtiol1 pia" is written so you undernand
CXlCnStOns you ca n think of . . the o rder of imple menl.tio n and how modules will
be tested.
12.13 STUDENT TEAM GUIDANCE FOR O nce YO ll have completed the document.tio n
IMPLEMENTATION listed above, usc your detailed design as a gui de and
Implement your project. At a minimum you can
S.fore ommencin!! with the Implementation of Implement key portions of your applicalion to
Yoor student team prole t, you hould produce the fonn a prototype .
566 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
22.14 SUMMARY
Pr gra m o de" rc. lcd lrom designs. In Ihe o bJect · o n ented paradigm , cla«"' fo rm the basi, of the de<lsn
Jnd implementation Cl as~cs arc either domam lasses, wil, h Ori gi nat e from the requirements, JtSlgl1 cli)c;scs,
whi c h o ri ~p nalc from the SDD , o r UltplClf1tlllahOJI c1a~'i;c". whic h Jrc crt:atcd durtng Implementation
Dcfm Wt programrrtltlg is lin approach to rcdu Ing errors h In yolves antlclp,ltIng crrors uch a Illega l cLJta
In function parameters and bad data (rom externa l sou rces lIch as datJ commu nIcation lines There are several
effective strate g ies for dea ling w ith th e dl ega l data . includ in g Ig no nn g th e e rro r, substitutin g a default value,
o r waiting for va lid data Th e philo o ph y of "enfo r ing Intcntio ns IS fu ndame nt al to good , defensive
•
programmin g.
There are a number of hr51 practice'S to fo llow when im plel11 cnt ing cod e, i ncludl ng lISlng expressive naming ,
aVOid uSing global va riable" nOl usi ng parameters and mel hod va nables, lim iting Ihe numbe r o f function
paramcters, U Ing named co nstants , inIt ializi ng va riables. c heck ing loop counters, and e nsuring loo p tcrm ina·
tlon. Each IS Inlended 10 reduce Ihe likelihoo d or inlroducing errors and make code mo re ma int ainable .
Progrm"mi"g sla"dards are used 10 improve Icam discipl ine, code readab il ity , and code portability.
Sta ndard cover all aspect of cod ing including namln!: co nventio ns, code la youI , usc of brackets, and use of
parentheses Commolls , especia ll y those that observe progra mmin g standards, are an importa nt aid to
understanding code. They sho uld convey meaning , purpose, and intent, and not repeat what is o bVIOUS
from rc.ding the code In particular, • good w.y to defi ne a met hod within a class IS to expliCIt ly specify In
comment It s IHlm l, prccotidiIlOt1 S, poslcotldill Ons , ;,warlants, (Xcrp rio1ls , and b,owtl issues. Poslco ndltio ns deline a
metho d's purpose precisely. The result IS an increased unde rsla ndin g of the method , whi ch leads to a reduced
likelihood of errors.
The code In listing 22 .2 below illustrates some of the prinCiples discussed in thi' cha pter, applied to th e Rmlal
class of our VIdeo sto re example.
UpOrtJava.
•
~o .
••
;
*auact. c1 ••• Rental
{
I I CONSTANTS = = = = = = = = = = = = =
= 99999999 ;
private lInu atatic int
privatellnal atatic int
- -
H1GHEST-ALLOWABLE RENTAL 10
10_WHENJENTAL_ NOT_ IN_EFFECT = 0 ;
privatellnu atatic int TOLERANCE_ON_RENTAL_ID = 1000;
private atatic Str ing F1LE_WITH_NEXT_USABLE_RENTAL_NUMBER =
"RentalNumb er . txt " ;
I I VARIABLE S = = = = = = = = = = = = = = == = = ==
protected int id = ID_WHEN_RENTAL_NOT_I N_EFFECT ; I I renta l
identificat ion
protected Ren talCustomer r entalCust omer = null; I I cust o me r rent e d t o
protected RentalItem rentalItem = null; I I it e m rent e d
II CONSTRUCTORS -- -- --
- - --
- - ---
- --
- - --
- - ----
- - - -
/ ********************** ***** *** ******
* Intent: Satisf y class invariant with rental n o t in e ff e ct
• Postc ondi t ions : id == ID_WHEN_RENTAL_NOT_ IN_EFFE CT,
* ren talCustomer == null, and rentalltem == nul l
*1
public Rental ()
/ ************** ********************** /
{
-
id = 10- WHEN- RENTAL NOT- IN- EFFECT ;
rentalCustomer = null;
rentalItem = null;
}
j* ••• ********************************
• Intent: Creat e a s p ecific rental
•
* Preconditions:
• (1) anID > 1D WHEN_RENTAL_ NOT_I N_E FFE CT
* (2 ) -
anID <= HIGHE ST_ ALLOWABLE_ RENTAL_ ID
• (3 ) aRental Cu sto me r ! = nu l l
• (4) aR e nta llte m ! = null
568 CHAPTER 22 PRINCIPLES OF IMPLEMENTAnON
•
* Postcondi t ions:
* (1) as for setId( anld)
* (2) rentalCustomer == aRentalCustomer
* (3) rentalltem== aRentalltem
*
* Known issues:
* (1) Exception not specific enough
* (2) No handling of violated precondit io n s
*/
public Rental
( int anld, RentalCustomer aRentalCust omer, Rentalltem aRentalltern)
throws Exception
/ *********************************** /
{
setld ( anId ) ;
rentalCustomer = aRentalCustomer ;
rentalltem = aRentalItem;
checkInvariant();
}
----------------------
// METHODS ----------------------
/************************************
* Intent: A check that the class invar iant is valid; present for
* demonstation only. It is possible that this method is n ot actually
* used.
* Exception: Thrown if the class invar iant is violated
* Known issues: Exception not specific enough
*/
public void checkInvar iant () throw. Except ion
j ****************************** /
{
if ( (id = = ID_WHEN_RENTAL_NOT_IN_EFFECT) &&
( ( rentalCustomer ! = null) II ( rentalItem ! = null ) ) )
{
thrown_Exception( "Invariant in 'Rental' violated" ) ;
}
if ( ( id > ID_WHEN_RENTAL_NOT_INJFFECT ) &&
( ( id > HIGHEST...J!LLOWABLE_RENTAL_IO) I I
( rentalCustomer == null} II ( rentalItem == null) ) )
{
tbrown • • Exception( "Invariant in 'Rental' "violated" ) ;
}
}
/************************************
* Intent: Get the next available number for assigning a rental
*
* Returns: The integer on the only line of the local file
CODE LISTINGS REFERRED TO IN THIS CHAPTER 569
* FILE_WITH_NEXT_USABLE_RENTAL_NUMBER
•
* postcondition: The integer on the local file FILE_WITH_NEXT_
• USABLE_RENTAL_NUMBER has been incremented
•
• Exception that exits the application:
* If the file ca.nn ot be accessed or the data is not an integer
*/
pri_t. autic int getNextRentalNumber ()
/***.**** •• ************************** /
{
Str ing nextRentalNumberStr ing = new Str ing ( ) ; / /
Str ing form int nextUsableRentalNumberReturn = - 1000 ;
BufferedReader reader = null;
FileReader f ileReader = null;
DataOutputStream wr iter = null;
try
{
/ / Prepare to read from the file
FileReader = new FileReader ( FILE_WITH_ NEXT_USABLCRENTl.L_NUHBE:R) ;
reader = new BufferedReader ( fileReader ) ;
nextRentalNumberStr ing = reader. readLine () ;
System. out .println ( nextRentalNumberString ) ;
/ / Convert to integer
nextUsableR entalNumberReturn =
( new Integer ( nextRentalNumberStr ing ) ) . intValue () ;
I I Test 0 .2
rentalTestO. id = 1 + HIGHEST_ALLOWABLE_RENTAL_ TD ;
CODE LISTINGS REFERRED TO IN THIS CHAPTER 571
rentalTestO.checklnvariant();
System. out- println( "Test 0 . 2 succeeded" );
}
cat.cb( Exception e )
(System. out .prin tln( "Test 0 . 2 : Exception as expected " ); }
//Test 0.3
rentalTestO. id = 1;
rentalTestO. r entalCustomer = null;
rentalTestO. rentalltem = concreteRentalltem;
try{ rental TestO. checklnvar iant ( ) ; System . out . pr int In ( "Test 0 . 3
succeeded" ) ; }
catch ( Except ion e )
(System. out .println ( "Test 0 . 3: Exception as expected " ) ; }
//Te st 0.4
rentalTestO. id = 1;
renta1TestO. renta1Customer = concreteRenta1Customer;
rentalTestO. rentalltem = null;
try
(
rentalTestO.checklnvariant( ) ;
System. out .println ( "Test 0.4 succeeded" );
)
catch ( Exception e)
(System. out .println ( "Test 0.4 : Exception as expected" ); }
/ / Test constructor s
~ -----------------
/ / Non-empty constructor
/ / Test 1. 2 : Lega 1 co nst ruct io n
S72 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
II Test 1. 3
try
{
RentalTest rentalTest3 =
D." RentalTest ( 0, concreteRentalCustomer,
concreteRentalltem ) ;
}
catch ( Exception e)
{ System. out .println( "Test 1. 3: Exception as expected" };
}
II Test 1.4
try
{
RentalTest rentalTest4 =
nu RentalTest ( 1 + HIGHEST.J<LLOWABLE_RENTAL_ID,
concreteRentalCustomer, concreteRentalltem);
}
catch ( Except ion e )
{ system. out .println( "Test 1.4: Exception as expected" ); }
eOOE USTINGS REFERREO TO IN THIS CHAPTER 573
I/Test 1.S
~
(
RentalTest rentalTest5 =
...w RentalTest ( 1, null, concreteRentalItem ) ;
}
catch( Except ion e )
(System. out .println ( "Test 1.5: Exception as expected" ); }
II Test 2: of getNextRentalNumber ()
System. ouc .prin tln( "cur rent integer < -- > " + gecNex cRe ntalNumber() );
}
/************************************
* Intent: set the id if the parameter is legal; warn if the number
* of rentals is getting close to the maximum .
•
* Precondition:
* anId > RENTAL- 10- WHEN - NOT-IN-EFFECT &&
* anId <= HIGHEST- ALLOWABLE- RENTAL
-10
*
* Postconditions:
* (1) id == anId
* (2) i f the rental number is within TOLERANCE_ON_RENTAL_IO of
* HIGHEST_ALLOWABLE_RENTAL_IO, a warning is present on the console .
*
* Exception: if preconditions violated
*
* Known issue: method" log() " to be implemented
*/
pri"atevoid setId( int anId ) throws Exception
/******************************** /
(
i f ( ( 10- WHEN- RENTAL- NOT- 1NJ;Fn:CT < anId ) &&
( anId <= HIGHEST_ALLOWABLE_RENTAL_IO ) )
(
id=anId;
if ( anI d > H!GHEST_ALLO~IABLE_RENTAL_ IO - 1000 )
{ /*tbs:
Log . log ( " setNumber () i n 'Rental' set ' id ' " +
"w ithin 1000 of highest allowed id' , ) ;
*/
System . out .println( "WARNING: Rental IOwithin" +
TOLERANCE_ON_RENTAL_IO + " of highest allowed value" );
}
}
S74 CHAPTER 22 PRINCIPLES OF IMPLEMENTA n ON
.1 •• I I do n ot c han ge id
(
thrown.w Exception( " setNumb er() in Rental tried setting id " +
" o u t of bounds: " + anld ) ;
}
}
}
1 **--
-- --
- - --
- - --
- - --
- - --
- - --
- - --
- - --
- - --
- - --
- - -
- -
- --
- - ----
- ---
* • • • • • • •
* I abstract clan RentalCustom.er
{
}
*--- -- -- -- -- -- -- -- --- -- -- -- --
- - --
- -
1* - - - - - - - - - - - - - - - - - - - - - - - -
* • • • • • • •
*1
abstract class RentalItem
(
private String title = "RentalIt em title not assigned yet";
public float length = 0; II 'public' for demo purposes
I I Static constants
private static final float MAJCRENTAL_ITEM_TITLE_LENGTH = 20;
/ .**********************************
* Intent: Requirement http: // tbd.tbd.tbd#3.2.DVD.l.l
*
* Postcondition:
* If' aTitle' consists of English alphanumer ic characters i n lower
* or upper case, and punctuation marks!, :, ", or ?, then title ==
* aTit le i f length of 'aTi tIe' < = MAX_DVD_TITLE_LENGTH
* otherwise title == first MAX_DVD_TITLE_LENGTH characters of
* 'aTitle'
*1
privatevoidsetTitle( StringaTitle)
/ **********.*********.*****. /
(
I I Check that' aTitle' consists of English alphanumer ic characters in
I I lower or upper case, or punctuat ion marks!, :, " or ?
bool.... charactersAcceptable = tzu8; I I make false when
unacceptable character found
char ch = 'X' ;
fore tat i = 0; i < aTitle.length(); ++i )
{
CODE LISTINGS REFERRED TO IN THIS CHAPTER 575
Source code for the EncouHI"Cha raC' /(rcias in the Encou nter video game (described In t'Cllon 22 I O) is shown
in listing 22 .3. Source code (or all of the Encounter case tud y is available o nline
Ustlng 22.3: Sample code from the Encounter video game implementation
paetaqe&ncounter . EncounterCharacters ;
/** Base class for the characters of the Encounter game. SOD reference :
• 6.2 . 1
• <p> Invariants: The values of q ua lVal ueI(J are >= 0
* @author Er ic Braude , Tom VanCour t
• @ve rsion 0 . 2
*/
576 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
publ i c cla!!. Encounte rChara cta r e xte nds Gam. Cha r a cte r
{
/ ** Total quality point s at initialization . * /
private static final float QUAL_TOTAL_ INIT= lOO . Of ;
/* INSTANCE VARIABLES */
/ ** Values of the qualities < p > Requirement 3 . 2 . EC . 1.2 */
private float [1 qualValuaI = new lloat[ qualityTypeS . length J;
/ * * Allocate ini tial total quality po ints equally among the qualit ie s.
* <p> Requirement : 3 . 2 . EC .1. 2 (quality value initialization)
*/
protected EncounterCharacter ()
( super() ;
for ( int i = 0; i < qualityTyp4lS.1ength; ++1 )
qualValueI [lJ QUAL_TOTAL_INIT / qualityTneS . len'lth :
&
)
CODE USnNGS REFERRED TO IN THIS CHAPTER S77
/** Construct a new character using the given name and image f i le.
* <p > Requirement: 3.2.EC.l.l (character naming )
* @param nameP Printable name for t h e character .
*@param imageFilep Filename, relative to document base, .... for
* character image.
*/
protected EncounterCharacter ( Str ing nameP, Str ing imageFileP )
{ tIlia () ;
•• tNama ( na=eP ) ;
ip'g8Fi.leNam er = im,qeFileP;
}
/ ** Construct a new character using the given name.
* <p > Requ ireme nt: 3 . 2 . EC . 1 . 1 (character naming )
* @param nameP Pr intable name for the character .
*/
protected Encount erC hara cter ( Str ing nam eP )
{ this ( oaceP , null ) ;
}
/ * METHODS */
/ *. Requir eme nt 3.2.EC.3.2: " Configurability of £ncounterc haracter
* quality va lues. ' ,
* Synchron i zati on holds qualit yVal u eI constant even wi th o ther threads
* running.
* <p> SDDreference: 6.1.2.1.1
* < p > Invar iants: see the class invar i ants
* <p > Preconditions: qualityP is in qualityTypesS(}
* AND qualityValueP> =O
* AND qualityValueP < = the sum o f the quality values
* <p > Postconditions: qual i typ has the value qualityValueP
* AND the remaining quality values are in the same pr oport ionas pr ior
* to invocation, except that val u es less than some tolerance are
* zero.
• @param qual ityP Quality whose value is to be adjusted .
* @paramqualityValuePThe value t o set this quality to .
* / public synchr onized voi d adjustQuality (String qualityP, Iloat qualityValueP)
(
/ / Value of the quality to be changed
float qualityValuaM = qualValuaI[ indexOf( qualityP) 1 ;
/ / Save the sum of the values
float originalSnmM = ."mOfQualitiu () ;
/ / pc Set the stated quality to the desired amount , adjusted to the
// threshold value .
HtQuality( qualityP , qualityValuaP) ;
// pc If the caller adj u sts the only n o n-zero quali ty value ,
/ / divid e the adjustment a mo unt e qually among all other qualit ies .
578 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
if ( originalS"mH == qu a lityValue H )
{
float qualityDiffEa ch = (origi nalSumH - quali tyValue P) / (qua li tyTyp e S .
length - 1) ;
for ( int i = 0 ; i < qualityType S . length ; ++ i )
if ( ! qualityTyp e S[ i ] . equal s IgnonC. . e ( qud i tyP ) )
se tQuality ( qu a lityType S t i l , qua lityDiffEacb ) ;
}
else (
/ * Co mpute factor ( "pr oport i onM" ) by which all other qualities mu st
* change .
* Example : ifthevalueswere 1 , 3 , 5 (i . e . sum9) , and the first quality
* is ch anged
* fro m 1 to 2 , th en "" 3 " and " 5 " chang e from 8 / 9 of the t otal to 7 / 9
* of the total , so each should be mult ip l ied by 7/ 8 , i. e . , by (9 - 2 ) /
* (9 - 1) .
*/
float proporti on)( = (originalS"mH - qualityValueP) / (original.S"mM-
quali tyVal.ueM) ;
l /pcAdjusttheremaining q ualities , retainingtheirmutualproportion
for ( int i = 0 ; i < qualityTypaS . l.ength; ++i )
if ( ! qualityTypaS[i] . equalslqnoreCase( qualityp) )
setQuaHty ( qualityTypeS [i] , qualValueI til • proportion)() ;
}
}
/ ** Get a copy of the list o f names of qual ity values .
* @retu rn working copies of name strings representing qualities .
*/
public static String[] getQuaHtyType. ()
(
String [] returnListH = new String [ qualityTypeS . length ] ; /1 Copy the
string array .
for ( int i= 0 ; i < qualityTypeS.length ; i ++ ) // Copy each strin g .
returnLiatM(i] :: new Stri.nq( qualityTypeS[i] ) ;
return returnListM ; // Return the copy .
}
/ * * Returns the value of the specified qua lity .
* < p>Precondition : qualityp is a valid membe r of quali tyTypeS (]
if ( fac:eIAftP )
dravP . dravImaqe ( chImaga , // Draw the image a s g i v e n ,
po.P . x - acaledWidth/2 , po o P . y - h eightPixP/2 , / / scaled a nd ce nt e r e d .
pooP . x + ocaledWidth/2 , po s P . y + heightPixP/2 ,
0,0, i·.ge Width-l , i mage Re ight-l , compP) ;
el s e
dr ••P.drawlm.aqe( chI.aage , 1/ Draw the image revers ed ,
pooP.x + acaladNidth/2 , pos P . y - heightPixP/2 , / / scaled and cente r e d .
pooP . x - scaledWidth/2 , posP . y + heightP i xP/2 ,
22.16 EXERCISES
2 Sup po c that you arc about LO code a method W hat .1fe tI'll' ma lo r .;;ourcc:~ dc . . cnbmJ.: fo r you what
th l< method IS to do)
3 Provide an exampl of a domain lac; . a de~ l gn cia.;;,. Jnd an Imp!cmCnt3ltOn ciao;, thal nll gh t be
used ,n the Implementat Ion 01 a bank AT 'I applICatI o n E,plalll why yo u t ho," "aeh cia"
4. Spec ify the '" tCOl , preco nd Iti o n" an d pO~lcon dtt1 0 'h or J (unCtto n th at o m pU lt ... the sqUJrC roo t
of an tn put pa ram eter x
582 CHAPTER 22 PRINCIPLES OF IMPLEMENTATION
5 Explain why Ihe u c of globa l vari.bles works "8alOst the princIple of Inlormatlon hid,ng. C,ve an
example of when this can lead to program errors.
6 . The following functIon returns the correct value, but violates one ol tho implementatIon practIces
described in this chapter. Which llnpl emen tatl on practice is vio lated, and how mlllht II lead to a
problem 10 the future ) How would you Ax the problem)
7. Describe two to four advantages and one or two disadvantages of enforcing coding standards.
8. For each of the error handling methods described in Section 22 .6. I give an example of when it is
sensib le to use the method.
9. What does the following function compute) How would you modify the function using commentS
and more descriptive variable names to make it easier to understand its purpose]
10. Describe how the pnnciple of "Enforce Intentions" leads to improved code quality. Provide at least
three examples to support your answer.
BIBUOGRAPHY 583
II . ChOOR thr<c of thc "good practices" listcd in th is chapter and dc<cribe exception.1 situations in
which they would not apply
12. Code is rarely perfect. Give thr<e criticism of the code in the case srudies.
Tf".M EXERCISE
Impiementatien
Implement key pans of your application to fonm a protOtype.
BIBUOGRAPHY
I McConnell. Steve. ~CoJ( Co",pklt A Pru cllclll Haltdboot of ~ff1DQft C (trlSlfllchO,. ... 2nd Ed, MICrosoft P r~s. 7004
2 Horstmilnn. Cay. S . "Pracli(AI ObJfCI-Onrnltd DAAlopmrn l 'ft C++ Q,J JUIlQ ," John Wiley & Son\ 1997
.3 Ambler, Scon. "'J1x Objt I Pnmcr TIx Appl,(D!!O" DnlfWP<r'Sew/de /0 Ob)re ! OnC"lla lloltold 11)( UA-lL. " Cambndgc: Umvcl"SllY Press, 2001
.. ~mm~. Erich , RIchard Helm, Ralph Johnson. omd lohn VII S\ldC'S , Drug" PlJ /tCrrtS Elnnm's 0/ Rrusablr Obj«,I-Onntltd Sojhr,m," Add ''ion.
W<slcy, 1999.
S Ambler. ScOtt WYIW ambY'i.oh com ( 1999) [acc('s'icd 1211 3/09 ].
6. Oman P ,J. H3~c:mC'l s tc:r , ilnd 0 A5h,·A Defi nition ~nd T;uconomy fo r Soh\\';:,rc: rvblnl alOab,hty · Unl VC,TSlty of Idaho, M o~co .....
Soh~rC' Englneenng T est l..1bor.. tory Rcpon ,,9 1-0B-TR, 10 838-13 ( 1992 )
i Sooch, CrJdy, J.. mcs Rumbaugh , Iva r J.. cobso n, "Tht Upujied 1\loJcl'Plg UtPl91Ul!/' Vu, C',lIde, Addl.son · We-sI~' Pro(~( lo n.ll. 2005
8. Eclipse ProJC'Ct hnpJIWW\Oo' cc1 ip'C orglcdp-.ch ndex php faCCC55cd 12/13109 ]
9. Opc:nOfllcC' Project. hupJ/www .openofficc.orsldev_docv rourcch cmpl.ltc:Vcodc t acc~~d 121 13/09]
10 OpcnOrfice Devd o pe~ GUide hupll",·,k. 'iC'rv l C~ opcnofRet: o rg/""lk aIDoru mcn m ion/OcvGuldd Opt:nOffice o rgJ)cvdo pel"S_
(",ude (accessed 12113/09).
II OpcnOlfkC' ProJect. hlLpJlapl .openof ICC org/(()Urcc/bro"" (d a pJ odklexa mpINlOcvd opcrsCuid prcadshcctNlcw mplc j.wa}
rev: 1.3&content .lyJX= tclt1!vnd. \',ewcv\ ·mol rkup (accesscd 12/ 13/09 ]
uality and Metrics in
Implementation
Figure 23.1 The context and learning goals for thiS chapter
The qUJ IIl y of an implementation can be mea urcd with attribute,;; SimIlar t those 1I cd fo r asc:;esslI'g J
design. The fi r I p.u,- of thl - chapter descnbes these attribute, The second di!. us "-s c de In .. pc lions an
c.-rfCClivc qllillllY process (o r discoverin g defects before code 10;; tested A~ u ~lIal . 010 t mctric~ dC'S nbt'd bel \\'
are mealllngful onl)' 111 th e context of co mparati ve dal') (rom pa')t proJect'i.. In Jddlt lo n. eac h me tric is most
effective whe n used in co njuncti o n with o the r mctncs rJth e r th"n by It elf
QUALITY OF IMPl£MENTATlON 585
As menlioned in precious chapter<, there are two ides to assessI08 the quality of implementations. One
is the IXrifica lion side, in which quality is assessed bosed on looking at the source code. This chapt.. d ISCUSses
the ""nfication side. This IOciudes code inspection , the subjeCt of the second part of this chapter. Included in
that part is pair programming , a klOd of r.o nllnual inspection favored in agile projects. The other side of
Impkmentation quality is an asse sment of the completed code . That side is ualidalioll-essentially, tcstlng-
which IS the next part of this book.
The qualities of an implementation Ca n be categorized as shown in Table 13 I. For each category, the two
cxmmes are captured with a rough scale o n whi ch 0 indicates low quailty and 10 high . More precise
measu~ments for these categones are dl cussed In th is chapter
Some of these qualities support other<, depending on the application For example, robust code is less
sensitive to anomalous conditions, and thus makes applICation morc reliable si nce they stay operat io nal
robuSlness
I / ,
reliability
I / seal bility /
/
_ _ • flexibility
f/ /--- -
efflclency ~ -- - - - - • reusability
lo nger On the other hand, some of these goals compete The I;oals of reliability and Aexibility often compete
because flexibility tends to introduce Increased opportuni ty fo r error. It is difficult, frequentl y impossible, for
a design to cnJO all of these quali ti es at o nce. Figure 23 .2 shows comm on support and contradictio ns among
them oftware engtneers trade off properties by prioritizing qualities Agile development , fo r example.
places a lower priority on tlex,btl,ty and reusabi lity than o n sufficiency and reliability
ll)c sec ti ons that fo llow claboTOltc upon each of th ese Implementati o n qua liti es .
The suffi 1(tIC)' of an Implementation measures the pcrccntag(' of th e requ irements and design specificatio ns
(lctually implemented . Although we expect to Implement all requirements, time lim ita tions often force liS to
Implement in order of pnority, omitting some. Th e suHicicncy of an Implementa tio n can be calculated from
the fo ll OWing formula (which req uires us to have a completely speCified li S! of deta iled requ irements).
If the SDD IS detailed, the design speCifics classes and methods. Another measure for the . ufRcie ncy of
an implementJtlon I as follows.
PercCllfagc oj classes sptciji,d 1/1 .be dCSlgll fh•• 'lfe IIIIplcmm .,d.
A problem with the laner is how to account for classes speCified in the SDD that arc o nl y partially
implemented .
QUAUlY OF IMPLEMENTATION 587
/ **---------------------------------------
----------------------------- --------- -
./
poblic: class Rectangle
{
-- - - - --------------
//VARIABLES ====---- --------------
-------- ---- ------------- ---
float area = 0 ;
float length = 0 ;
float width = 0 ;
------------------------ -----
//CONSTRUCTORS =====-----------------------------
/* ******************************** *****
./
public Rectang le ()
/********************.***************** /
{
}
588 CHAPTER 23 QUALITY AND METRICS IN IMPLEMENTATION
/ *********.****.***********************
* 1 public Rectangle ( float aLength , float aWidth )
/ ******************.*******************;
{
length = aLength;
width = aWidt h;
}
II METHODs ------------------------------==========
------------------------- - -- --
/ **************************************
* Preo:onditions:
* (l) length > = 0
*(2)width > =O
*
* Postcondi t ions:
* (1 ) area == length * width
*1
public void setAr ea ( )
/ ************************************** /
{
area = length * width;
}
}
Note I , The first question is whether the preconditions are complete. In view of the stated desire not to
restrict the values of 1'''9th and Ividth , the preconditions appear to be adequate. (One is not always com:ct in
onc's intentions. bur the point is thal the y are documented and so ca n be revisited . Undocumented intentions,
o n the other hand, lead to confusion and greater errors.)
Note 2, Next, we assess whether the method allows a reaso nable recovery if the precondition fails . Since
there I no provision for this in the code, the method's robustness is compromised. A check on 1"'9th and width
that leaves a'ta unchanged, and that generates reasonable notices, would elevate the method's robustness.
listing 23 .2 is a more robust version of RtctaH9l,. It restricts the values of fields to what is intended, a
practice that usually makes computing more robust. The objectIon In Note 2 above is also addressed.
Nevenheless, listing 2 is still subject to critICisms, which arc discussed below
1* *--------------------------------------------
---------------------- --------------------
* Rectangle class, including safeguards for limits on area
*
* Known Issues:
* (1) Limits dimensions to floats, not double.
QUAUTY OF IMPlEMENTATION 519
• (2) See known issue (s) for indiv idual method (s) •
*1
public cla . . MoreRobustRectangle
{
II VARIABLES --------------
----- -- ----- ------------------------
----------------------
II CONSTRUCTORS ====-==--------------------------
- -_ ._-----------------------
/ **************************************
*1
public MoreRobustRectangle ()
/ ************************************** /
{
}
/ **************************************
* Intent: Robust constructor
* Postcondi t i ons :
* ( 1) If the class invar iant is true, length == aLength && "'idth == aWidth
* (2) Otherwise
* (ilamessagehasbeenloggedtothelogfiledescribedinErrorUtility
* stating that the class invar iant was viola t ed and
* ( ii I the same message appears on the console
*1
public MoreRobustRectangl e ( float aLength, float awidth )
1************************************** /
{
if ( c lassInvar ian tHo Ids ( aLength , aW i1th ) )
{
length = aLength;
width = aWidth;
}
.1..
{
I I Postcondi tio n (2 I
Str ing error Message= "At tempt i n RobustRectangle ( float , float) " +
" to use values that make the ar e a too large . Ignored ";
EuorUt ility . 1ogAndRepoltToConsole ( er ror Message ) ;
}
}
590 CHAPTER 23 QUALITY AND METRICS IN IMPLEMENTATION
uETHODS -
// 1'1 ------------
- - - - - - - - - - - -----------------------
----------------- - -
/ **************** •• *******************.
* I ntent: A single locat ion for checking required class invar iant .
*
* Returns: true if the class invariant would b e valid after construction
* with length == aLength and width == aWidth; false otherwise
*
* Known issue: Does not deal with aLength > Double. MAX_VALUE or
* aWidth > Double . MAX_VALUE
*/
classlnvar iantHolds ( float aLength, float aWidth )
priv.at. boole'n
/ ************************************** /
{
/ / Create Double form to allow check on product of floats
double aLengthDouble = ( new Double ( aLength ) ) . doubleValue () ;
double aWidthDouble = ( new Double ( aWidth ) ) . doubleValue () ;
return
(
aLength >= 0 &&
aWidth >= 0 &&
aLengthDouble * aWidthDouble <= floatMaxValue
) ;
}
/ **************************************
* Precondition : The class invariant
*
* Postcondition: area == length * width
*/
p"'lic void S e tAr e a
()
/**************************************/
{
if( classlnvar iantHolds ( length , width) )
{
area = length * width;
}
ebe//Postcondition (2)
{
StringerrorKessage="Attempt inKoreRobustRectangle .setAreaC) "+
"to use out-of-bound value (s) • Ignored" I
ErrorUtility.lOgAndReportToConsole( errorMessage);
QUAUlY OF IMPLEMENTATION 591
}
}
/* •• ********.*.*.**********************
* Precondition: The class inval iant
* postcondition: length -- aLength
*/
public 9OJ.c:l setLength ( float aLength )
/ ************************************** /
{
/ / Safety check on the precondition
if ( c lassInvar iantHolds ( aLength, width ) )
{
length = aLength;
}
.1 . .
{
StringerrorMessage="AttemptinMoreRobustRectangle . setLength() "+
"touseout-of-boundvaluefor length. Ignored";
ErrorUtility.logAndReportToConsole(errorMessage) ;
}
}
/**************************************
*Precondition:Theclassinvariant
*Postcondition:width==aWidth
*/
public""ic:lSetWidth (floataWidth )
/************************************** /
{
//Safetycheckontheprecondition
if(classlnvariantHolds(length ,aWidth ) )
{
width = aWidth;
}
{
StringerrorMessage="AttemptinMoreRobustRec tangle.setWidth () " +
"to use out-of-bound value for width. Ignored " ;
ErrorUtility.logAndReportToConso le (e rrorMessage);
}
}
}
592 CHAPTER 23 QUALITY AND METRICS IN IMPLEME NTATION
(I + I + 1/ 2 + 1/ 2 + 1/ 2 + 1/ 2}/6 = 67%
An implementation isjb:ibft if it can easily acco mmo date new o r chan ged requireme nts. Figures 23 .5 and 23 .6
list impl~mentation techniques that increase Oexi bihty .
We dlscuSli the~ factors b.:low and subject the code above (or Rob""RtCla"glt to each factor.
I. J)ooooo..1. The idea is that the more effectively code is documented, the more easily it can be reused.
For example, we can still fault the overall ciass description in MortRobusrRtcla"glt (or lacking su(Hcienl
description o( the purpose of a cia ... One could possibly fault the "variables sectIon as lacking a
description, .Ithough none is needed where obvious.
2. Na .., CO","'"I> When constants arc named rather than being stated explicitly, the code becomes morc
eisily targeted to new u~s . There arc several places in the MorrRobu"Rcc"'"9k code where constants would
have improved its flexibility- for example , naming Floar MAX_VALUE as J\W...ALLOWABLE...AREA.
As another example, instead of the statements
pr ivate float length = 0;
pr ivate float width = 0;
we could state the (ollowing,
3. Hid, Wlmt Possiblr. In software engineering, o ur ma in adversary is compleXIty. O nc useful tech nique (or
combating complexity is to hide from view the parts that are no t relevant at the time. "Hiding" applies ro
code that is not available to other code that should not need it. Class membe rs that are not to be accessed
by methods of other classes are thus made l>rioart (or prorrcr,d if inhentance is required ). Cia ses that are
not to be accessed by methods of classes outside their package are not made p"hltc.
4. Collter Commo"Cod,. When common code is collected into a meth od, the result is grea ter flexibility ;
otherwise the common code would have to be changed in multiple places. Robu,rRtcrml91, doe a good job
of this by collecting the checking o( the invariant in one place, classlnvaria nrHold50. In this respect, then,
the code is flexible.
S. R,d." D,p",d",cy 0" Clohal Variahh This means that each method and each class sho uld be self·contained
so that they can be mixed and matched .
Perusing the methods o( Roh.,rR,c"'ngl" we sec that the o nly method referrin g to an attribute of the
class is "fAr,aO, which refers to arta . In pnnciple, we can eliminato arm as a variable, elImInating "tArtoO
and introdUCing 9,rArraO that returns the area . This is an improve ment in Rexibility , but it could coll ide
with another quality, efAciency . lf the applicatio n requires very (reque nt use ot arta , II may be preferable
to compute it once and refer to II often .
6. Program C""rically Here we ask whether the code is at a suffiCiently abstract level to be usable for
additional or changed reqUIrements. It is possible to approach thi S at the de Ign level by u ing abstract
classes, but our focus here IS o n impl,,",n rafion flex ibility Flexibility depends o n the directron that an
application is taking. For example, if this class is to be part o( a 3D appli alion, we ma y want armO to
compute the area on the mo nitor o( a rectan gle m space , een at an an!;le-that is, taking perspective into
account. Thi s is a rar more generi c computJlI on.
7. U" U"d",,,,"dahl, Varlahl, and Funcrio" Nom" In d,scu sing Rexlbilrty , we indl atcd that vanables and
methods must be understandable (or the code to be Aexlble. In f. t, the very name 01 a va nab le or method
is an Imporlant way of makIng it under<tandabk Names ,hould be as expliCIt a po<,ible witho ut
becomml! cumbe r;ome. Fig ure 23 .7 sho ws examples
594 CHAPTER 23 QUALITY AND METRICS IN IMPLEMENTATION
Memes for ro bustness can be ba<cd o n the attributes of robustness. One can mea 'ure Ihem as in Table 23.2,
probably usi ng an aUlOmalcd process, or manually by tak ing rand o m amples from the code base. (Counling all
Iilles manua ll y IS usuall y impractical).
The foll owin g elaborales o n Ihe ,nd,caled points in Table 23 .2.
OlC l One look for plain nllmbers in the co de and counts thost· not prescnt in a definition,
such as " 135" in the following :
Note 2: H igh standard dev ia ti o n means high deviation fro m the average. Measured over a
large number of classes, a deviatio n higher than the usual mean s an unusual variation in class size.
This IS no t necessarily bad , but It docs suggeSl Ihat Ihe largeSi and small«t classes should be
reVi ewed, focusing on their size.
NOI" 3: One considers paraKraphs of code, sclecled al random , and delermines the
percentage of paragraph that arc repeated al leaS! once (or ., leaS! Iwice, etc.).
NOIe 4: The hIgher Ihe perce11lage of public fields compared wilh the normal percentage,
the more global the variables.
ReusabililY of code is the capacity for ilS use in other applications. Making a componenl more Acxible usuall
makes II more reusable. ReusabililY is pOSSIble at the method, class, and package levels, although the method
level is usually lOa granula r. To make a class reusable , the follOWing factors are considered .
QUAU1Y OF IMPLEMENTATION 595
2 n,c levd of abSlroc ti o n ,hould be h Ig·h Cnollg'I to (OVer many app IK3tlon .. but low enough to allo,",!
sub,tanct' F• r example .f a dev <.:-loplll cnl organ ....... Jtlon c rc;)t cs m,uran C Industry appl, i)llon.;; the: lc.:\c\
of a cia" (IlJtllacEldoradol",,,,,,,,,,Poll . " probahly '00 10\\' and I'0 II t)· ,on h Ig-I1 ali Idr L. Jo;; feU.,a b I I Hy I!l-
on erne d An A"'omol,,I,Poll~ -J cia ...... , 0 n ,I lC· 01 Iler Ilan d \\ ou I(I b C .. ub ... tan ll VC and probJbl y reusable
3 The reliability of code pr mOlC''' rcu(,Jh.hl}' Olhcrwl'l: "0 nc IS Ilkelv to reu<;(" the Ill". It .. hould
contain o mplctc (rror dJeckltl9 . for example In a ') orncwhal Circular proce .. :, c1a"~<..·, that 3re wldc;iy u.. ed
become tN"ted and under-load and thu, morc' wldelv reu:,cd
.Metnc", for rt'us(lblilty can he ba,ed on the attnhule, of rcu,anlil tv Onc an mca!>urc them.J!> In Table 23 3
based on an automated process or bv manual random !>arnpk.. takcn from the code bJ~e ( unllng allltnC~
manually IS usually ,mpra IIca l)
late I This an be calculated on a r.lndom sample: bv laking a vote among tnspector~ for example.'
Note 2, Thc hI gher lhl' number thl.' more hkel}' th<..' cla~, JI1 be reu!> d
NOte 3 The bctlcr a las, I~ descnbed , the mon; Ilkelv It p. to be rCll'loablc Scttlon 23 1 4 dc, nl cd
measures of documentat ion , 31ld lho,c can be used here tOO
Recall that there an: ,\,' 0 kind, of cfflCl<:nc}' prot.:e." 'peed and ,tOr.sgc U'loC Elhcl<..'nC)' requlrl'ment, Ill:l) or
may not be <'peclhc..'d 111 the RS For cxampk. suppo;;;e that on<..' IS specifYIng the reqUirement, lor a Jicndar
appltcatton one should "pcClfy tlml· Illnlb su h a, the appllcJtlon wtli reSl.'t all calendar, \\,.th ne\,'
apPo intments \'lIlhm V. econd \Xlh en crfIClenc ' n.:qll ...emenl<\ Me not ... pe Ihl'd \vc apply Lommon ..en"c
hmns as bcst we can Neither Pi) (' nor runt 15 unlimited In praulce ror (:,,(Jmpk a \'(Ieb '1((: ,hoppln~ Glrt
appltcallO.n may not <,pC'clfy maximum d lay . but It I' ommon o,enw that the uwr .. hould nOt walt more than
a minute for a c redit card approval. excluding Internet dela s
An appropnau: metriC for ')peed dh I('n )' 10, the fraction 01 the ,peed required For C""(ampll' It .111
appilcatlon I:) requ ired to proc.c" J transaC110n In at I1lO,1 half J , etand but Jctually take ... two !>cc.ond.. ,q: an
fairly ~ay thallt<, dr,C lcncy m<'a .. urc 14\ YJ 12 :=25 % It all applicatiOn "cn' t~p;;tcr th an rcqutr ct , \'1.'(.' l,o,' Olild .. lIli
hkc to be able t measure Its ')pccd cfl1cll:nt y The sam fOnl1UlJ i.1pplle" ~'I example If du: appJt Jtl 11
prcxC"Sscs transac..tIOI1' In onc quarter second on avcrag<.:, then II'- CfflCI~IlCV mca .. ure wou ld be ~ I/. ~OO''tI =
It ha~ high 'lual,lY In Ihl,) rc.;pec.t with 100~... being th<: 'UCLe,' ba" Itne
An appropnate mctrt<.. (or c;paLC dh lenLY I' Slm.iar l or CXill1lplc .f an appliCatIOn I" required (I') lI'C no
mOrt. than 2 Hi o( dlc,k \PilCC hut ust's 5 {\ IB th en we (.;Hl fillrlv .,ay tllill It .. ':!orac..e: cfh ICIlCy I~ 2. 10 . IKe:
aJ(aln the (om1ula appll(,'t even If 1I,a~~ excced, requirement .. rorc'(a l11 pll.', If til app llL3tlol1 \,'ere LO U'C onl\
1 MB we: would rate " .. ~loraHc u<\c clflLll'n y a.. 2,' 1 20('''l
596 CHAPTER 23 QUALITY AND METRICS IN IMPLEMENTATION
ReliabilI ty j , a quality lhat goe< funh er than sufflclcncy and robu, tnc. <. To ' rel y" o n an ap pl.ca ll o n I ~ to be
sure fil"'i t that It docs ,~hat it is supposed to, th iS Include sufn leney, as desc nbed above Rel ,abil ity can be
o n<ldered , 0mClln'es to include robu<tncs<, where the applicatio n behaves appro priately In the pre,e nce of
ano malous Input. An appli c~tl o n that IS su(Rclent and robust may slill have defec ts and lhus be less than
reliable, however For example, an appl,callo n may be required to add any parr of Inlcliers. eac h betwee n -
100,000 and 100.000 It can be sufficient in that It does the job reqUIred and robust ,n Ihat It dIsplays an error
message fo r an y Input nOt an Integer between - 100,000 and 100,000 . However, If the applicallon crashes
aher successful I), computing add itio ns for an hour (perhaps because of unco ntrolled memory use). II IS no t
reliable. Defects affecting reliability arc found by inspection and testing.
The mo,t commo nl y used metnc for reliability is the ",,"II 1"71' b,lw«7IjQl lu" (MTBF) T o measure {\'ITBF,
o ne fi rst defines "fai lure " T YPicall y, this means that the appli cation has to be reStaned Run the application
several times, fo r SIgni ficant durati on , and calculate MTBF as foll o ws:
MTBF = (tolal time up and running)/( number of failures detected In that time)
An implementation is .ca fablt if it is sumcient for all reasonably anticipated homogeneous growth (i.e ., growth
In the same general direcllon as itS current capability). For example, a melhod that slOres dal. may work well
fo r a data rate of one record per second. If the maximum anticipated data rate is 1,000 records per second, the
method's scalabrl lty IS effectively its adequacy for Ihis growth requirement. We inspect and test the method
With thiS in mind as soon as possible. Inspection and lestlng for scalability have limitations, however.
Scalability can be di fAcul1 10 assess through inspections; early testing at the required scale can be expensive or
even impracfical because of the work reqUired to create a scaled-up test structure.
Scalability melrics measure speeds and data storage to these simulated or accelerated cnvironm~nts
Applications often include or are connected to networked pans. T he parts may be components of the
executing code (as with Web Services, for example ), they may consist of distributed data, Ihey may consist of
a downloaded Web SIte, or they may simply be accessible through the Intemet or another ne(Work. Often ,
some of the data are confidential For those reasons, security is a significant co~sideration . Consider the
simple example of logging in The application checks Ihe user's 10 and password before allOWing access. We
will assume that these data must reside on a Ale situated remotely from the application . This scenario raISes
many security questions, as listed in Figure 23 .8.
Recall that security considerations can be divided into categories. We can base initia l implementation
metrics on these, possibly weighted, as shown in Figure 23 .9, measured for every unit of code for example,
on classes and relevant methods. Although this categorization helps, the nontrivial part lies in assessing the
liability of the implementation to each kind of security b..ach.
The d ifficulty in assessing the degree of security of an .mplementation is conceiving of breaches. The
' not conceivable" category of Figure 23 .9 does nOt necessarily imply that breaches are impossible merely
that the evaluator cannot imagine one.
The tOp.c of inspecting project artifacts was covered in general in Section 6.3. Now we will describe a specific
process for inspecting code
Code IOspections are an effective tool for producing high-qual ity code. As with other artifacts produced
during development , code is reviewed by a team of peers whose goal is to identify as many defects as possible
of as high a severity as possible. Inspections are typically conducted after a segment of code is written but
before it is unit tested
Before code is inspected it should be d"k-ch,ck,d by its author. This entai ls the developer reading the
code looking for syntax and other obvious errors. There is no point in having others examine your code if you
haven't carefully looked through .t yoursel f. The code should compile with no errors or even warnings; if it
doesn't, there arc obvious errors that need to be fixed befo .. inspection .
Oner desk-checking i complete, the inspection process commeners. The author distributes the code to
a group of reviewers Sometimes an overview mee ting is held before the actual inspoction . The goal of this
type of meetlOg is to prescnt an overview of the code, presenting its layout and the overall design This helps
orient the reviewers and provide persp<Ctive whi le they read the code .
The team next prepares for the inspection m~cting by having each inspector read the code looking for
faults . The" Rrst POlOt of focus .s to verify that the code exh.bits the qualities listed in Table 23 .1, to the
extent they arc spec.fied in the requirements. In addition , an effective method is to usc a chICk/i,', which
includes speciAc errot> the inspecto r shou ld be loo king for as he or she reads the code. The following is .n
example list of .tems found .n a code review check!'st.
I Vanables
, Do variables have mcanlOgful names)
, Are hard -coded numbers used instead of named constants'
, 1\ a vanable value read -o nl y) If so I~ .t declared const or final '
2 Fun 11 0 m
o Do funclIons have me,nlngful n,mesl
3. Correctness
o Are all parenlhc es properly matchedl
4. Inilializatl on
o Are variables In ilialized before their flr.;1 use l
5. Loops
o Do all loops successfully terminalel
• If used, do brrak and COllfitlllC statements ,,,ark correctly]
7. Pointers
o Can a NULL pointer be de·referencedl
8. Comments
o Is Ihe code properly commented ?
o Do Ihe com menrs accuralely describe the corresponding codel
9. Defensive Programming
o Arc checks made to prevenl error.; such as divide by zero or illegal dala l
Inspector.; should read the code line by line, 10 fully under.;land whal the y are reading . For each line or
block of code. skim Ihrough the inspection checklist, looking for ilems Ihat apply . For each applicable ilem,
delermine whether Ihe code correctly addres«s Ihe Ilem . If not, write Ihis down , as il is a potential defect.
This list is broughl to the inspection meeting for further review. In order 10 make dRcienl use of people's time
during the inspectio n meeting, any syntax or trivial errors discovered can be fonyarded to the author prior to
Ihe meeling . This way the meeting can focus on more substanlial error.; .
During Ihe inspection meeling the facilitator leads Ihe group through Ihe code. As a block of code is ",ached,
inspeclor.; raise issues found during Iheir prior code reading. If il is agreed Ihat an issue is indeed a defect, it is duly
recorded. An In'portan! point is Ih.t Ihe fault should only be recorded. It should nol be olved , and new code
should not be wrillen during the meeting. This Is lefr 10 Ihe author 10 execute at a time subsequent 10 the meeling.
During this and all 01 her inspeclions, metrics should be collecled. Example metncs a", as follows ,
The checkhsts and data referenced abDve can b (~arTJngcd .10 a form or 3 C UI for software engineers' us('
and for data collection .
'any teams emp~oy od, wafktbroughs or od, ,roitws. The meaning of these temlS differs from project to project,
but they .Iways mvolve a meeting-perhaps only a synchronous onhne meeting. They cover some of the
ground of inspections butar. Ie s fom,.\, For cx~mp l e , participants may no t cover every line of code, and they
may not be required to prepare for the meetm!!. A detailed II t of defects may not be compi led. A major
difference is that Ivhereas inspection are dedicated to Andi ng defects alone, walkthroughs and reviews are
not. In particular, suggesti ng and discussi ng aitematives is permitted sometim es encouraged-at walk.
throughs but discouraged for inspections
Pair programming is a process by which programming is perfonned by tWO ;oftwar. engineers Slttmg side by
side and usi ng a single computer. Ty pically, one of them enters code while the other inspects contlnuously-
rssentially fo r quality . As a Sim ple example, o ne eng lncer types a method for diViding two numbers whde the
othercantinuall y think of things thaI could go wrong (e.g., di VISion by zero) o r Ihal Ihe firsl has mISsed (e.g.,
documentation giving the context or limits) or left unclear (e.g ., why a stan dard library IS nOI being used ).
The pair switches roles periodically. It IS clear that the quality Gf software produced Via pair programming will
be higher than thaI produced by a slOglc person. The trade ·offs becomc more complex to asse« when one
compares pair programm ing with Single . person programming augmenled by inspec tions.
23.3 SUMMARY
In order to assess the quality of an implemenlati on. it is use/ullO categonze ils qualilles In [he >arne way as for
a design . The qualities we con idered in IhlS chapter arc suffbency , robustness, AeXlbil,ty, reusability,
efficie ncy, reliability , sca labili ty, and security Various metrics are avadable to measure the extenl of each of
thrse in the application.
Code inspections are a speCific type of art ifact inspection thaI is conducted after a piece of code is
wrinen but before it IS unit tested. The goa l is 10 detect and fix defecls in the code as close 10 thelt injection
point as possible. Checklists are commonly used to guide revi ewers to the types of errors the y hou ld look for
while readln!! the code.
23.4 EXERCISES
I . t h e qua IIliC S 1h a t II nplcmcntation< should po'>c".
1. L.,.Ist . I" your own words, describe the meaning 0
each quality
.le ICHC')';an d , ,"'abil,ty
2. Ex p Iatn h ow C)J1( I
can >o me t'mes
•
be compe ting Impl ement all o n qual ities
an example to ,upport your a",wer
600 CHAPIER 23 QUAUTY AND METRICS IN IMPLEMENTATION
3 De~cribc SIX factors that increase the flexibility of an Implementation . and prov Ide an example of
how each contribut<s to oncreased f1cxibiliry .
4. The code onspection checklist In Section 23 .2 is not an exhaustive li't pecdy three add itIo nal
items you think would be useful to add to the checkli st. and cxp laon why you ha ve added eac h
5. Your instructor will pair up student project !eams. Conduc t a code Inspec tI o n of the o the r team's
implementation . Usc the code inspection checklist in Sectio n 23 .2 to gUIde you r ons pec tlon .
6. Chapter 22 contains a code listing for a part of the Encounter video gam(' Whe re feasible. appl y
the informal and formal metrics mentioned in thIS chapter to measure Its ro bustness Expla In
whether the usc of a relevant robustness metric is not feasible in thl case and deSCribe the
reliability of the metrics' use on this case.
7. Chapter 22 contains a code listing for a part of the Encounter video game. Where fca ible, appl y
the informal and formal metries mentioned in this chapter to assess it< f1exi biliry . Explaon whether
the use of a relevant Aexibiliry metric is not feasible in this case and describe the reliabdity of the
metrics' use in this case .
8. Chapter 22 contains a code listing for a part of the Encounter video game . Where feas ible . apply
the informal and formal metrics mentioned in this chapter to assess its reusability. Explain whether
the use of a rclovant reusabiliry metric is not feasible in this case and desc ribe the r."ab ility of the
metrics' us(' in this case .
9. Chapter 22 contains a code listing for a part of the Encounter video game. Where feaSible , appl y
the informal and formal metrics mentioned in this chapter to assess its reliability . Expla in whether
the use of a relevant reliabiliry metric is not feasible in this case and describe the reliabil iry of the
metrics' use in this case ,
10. Chapter 22 contains a code listing for a part of the Encounter video game Where feasible . appl y
the informal and formal metrics mentioned in this chapter to assess its sca labdlry . Explain if the use
of a rclevant scalability metric is not feasible in this case and describe the rel ia bd ity o f the metrics'
usc in this casc o
Refactoring
• What Is refactorlng?
Planning
-- • How does ref acto ring work at large scales?
Figure 24.1 The context and learning goals (or this chapter
RdaClonng ., a procc co of J ltcrln~ source ode .. o ii' to It:avc H ~ CX "l1n g fun cti o nalit y lIn c h"n~('d
Moltv~s for refa lOri ng vary , but a pnnc lpa l o ne "to Improve: mainlalilal lill y . espcl.l all e nhance me nt h.,
conc;,dercd ac; 500n as c;oftwarc:: eng inee r, hCg'l n writ ing co de, andI n cc; , cnlIJI p ~lIt 0 1 010" J ~ dc.: approa ht.· ..
Ie;
R.facto n "j( wa, In trod ULcd 10 a wl dc all d, e ncc hy I uw le l "' IllS la'<le hook I t J
All dc"gn volve,. and 11,,\ " e'pcc lall y lru" lor , o(l,. arc prO)CC h In lhe pa" " ha, o flen n t be n
dftctJv modify ('od very mu h J~ n~cd, 'vulvt" H owever ohJect-orl e ntJtl on , IInprovl-d dc vl'l opm l"nt
li)
enVlfonm nt~. and, f.:\pt: 1;)lIy r diJtlUn rl ~ have m.1 u · d11 \ Incl cil "tlo glv ffCCll vC
P(rhap\ the: \Imple\l dlU"t tralive e Xil llll11 C QI rC'fa((() lI og I" r(nalll/utl In w hl h th e n J Ol t 0 1 J va n ahl e-
'ndu dtn ~ a di1~~ n r pa(,k.a~C' name: an be ( hange d ~ l n" t devel opm ent cnvlro nmcnh allfo m.1l C n..· n ~ l1\ln ,.; 01 ..
602 CHAPTER 24 REFACTORING
d" u"cd below Whe ll Ihe Ilame i, changed , all rclerc nce> to It except for comment< arc automallcally
hanged Jt the ...amc time . Bef ore renamin g be ame Jvailablt", nanling a variable \vas, in practice, an important
declsloll Ihat became hard to aller o nce made and used for a lime If he o r , he wanted a new variab le name, the
pros"rammer was often o bliged to alter so man y occurrcn c: o f th e name 111 multipk- classcc; that it was seldom
worthwhile 10 carry out for a large program . Naming variables is jus t as important J~ In th e past , bur the ability
to rena me vlftually at will has freed some progra mmer time . Ild allowed new flexibililY ·
What fo llows is " second examp le that demo nstrates the tl.vo r of refacto rin g. It IS called "Promote
At'tTibu l C to C lass ," and I use d to co nvert a implc attribute in lO a class . To accommodate the increased scope
of an applica ti o n, we ofte n need to introduce ol new class to replace an att ribu te. Forcxa rn ple , suppose that we
already have a class Au!omobilr w ith inregcr attribute milragr .
class Automobile
{
int mileage;
• • • •
}
W e may decide later that "mileage" for used automobiles, however, is substantiall y more involved than a
si ngle tnt va riable. For example, the auto's motor may be a replace ment , resu lting in a m otor mileage different
(rom a chassis mdeage. In addition , if our application is required to account ('Or fraud , the reported "mileage"
would have to be modified by other attributes such as whether the car had ever been stolen . For these reasons,
we would consider the "Promo te Attrib ute to a C lass" refactoring. Th is would involve introduCing a Millage
class like
class Mileage
{
int nominalMileageValue = 0; 1/ shown on odometer
int chassisMileageValue = 0; / / best estimate
int engineMileageValue = 0; / / best est imate, account ing for
replacement
• • • •
public int computeEffectiveMileage () { . . . } / / to obtain estimate
}
class Automobile
{
Mileage mi leage ;
• • • •
}
REFACTORlNG 603
, .
• · o · q. · -.-- ShiftlAIVR
n -.- 1 • •
( e.G I
~n.llM h e ld fEJ
~n21 ~
I M~~~~J~ _________________________ ,
• . j...." (chp"' SDK
!!IUd ·atefewas
O' to''t? tutu.! OCCIITCII"U1 n CGif'!'lel"'(:S 4I'Id st1n;s (forcfS PNIC") ~ · o · <:. .
t PreTES )o I( II C..... I
Figure 24.2 using a refactoring wizard-an Eclipse example
Dependi ng on thc progre s of ,hIS appkatlon , eve n the cia S 1\'11/"'9' could be conSIdered worthy of
furth .. refactonng--fo r example . b). extracting ' o me of ItS properties IntO scparate types 0 mdeage classes.
Anotherdi reClion for refactoring I to extract Interface< for it so that lienr code (code that u cs It ) can as ume
that It possesses a given set of method signaturcs such a compu/,Eff, /Il',AI'/<a9'()
Some rdactorin gs are computer·asS! ted This u ually takes the fom, of a "'IZard that interact with the
programmer. Almost all interactive dcvdopment environments are eqUipped With several u h re fac tonng
wlz.rds. For examp le to use Rnla"" In Eclipse, one can place the cursor on the vanable (,n thIS ca e namrl and
press Shilt/Alt/R. The user IS then ho,,' n the window seen In Figure 14 .2 for the entry of the new name ( 10
this case n"m'_ ). The wizard automa ti cally makes thIS change throughout the application exce pt within
comments.
The rest of thIS c hapter Introduce many of the rdactorings descnbed by Fowler, a well as an additional
one, ln/roduCing Mr/iJod, ID Es regularly Include ncw refa tonngs, and" IS a good Idea to explore the e be Id~
the refactorings in [ I ). This chap tN I Intended to !l'VC the reader a ubstantlve taSte for refact o nn g and to
place II 10 a ~oftware englOtcnn!; context
Fowler or!;a ni zc, hI< rda cto ring as 10 Figure 24 .3 TIll' chapter does not attempt to explain all of
Fowld~ refactonngs For example , S,mplifY"'9 LOIIJ,llollal Exp'''!loll and 11101:/119 IIf"J.,d alh ""pI" are n t
<iaborated 10 this book , Jnd the reader IS rderred to r I )
604 CHAPTER 24 REF ACTO RING
The refactonng de<cnbed In this section are mai nly at the class level and have more of an architectural impaCt.
They arc thus called "big rdactorings." Fowler describes fou r. 'Tease Apart Inheritance," "Convert rrocedu,"1
Design to Objects: "Scpa'"te Domain from Presentation: and "Extract Hierarchy." Each is described below.
Tease Apart I"brnl."cr can be applied when subclasses of a class proliferate Into multiple combinati o ns, as
exemplified by Figure 24.4 . Effectlvciy, we want to factor the combinations as if convcrting a product such as
9 ( dx3 ) cia ses that describe every combinatio n into a urn such as 6 ( =3+3 ) classes. We do this by
identi fY ing characteristics, which we encapsulate V 13 inheritance and aggrcgation . These arc Em ploy« types
and Sialu, types In the case of Figure 24.4 .
The next "big" rd.ctOring we'll co nsi der, CO,,", rt Prortdu,.1 Dtli9" 10 Obj,el,. is appropriate for use when a
design has not fully leveraged object orientati on by bei ng unnecessari ly procedural This IS commo n for
Inexperienced programmers and eve n for experien ced programmers wo rking in a hurry. For example , as
rJ0 Em~yee
~
<-r
SoftwareEmp MaintceEmp ClencalEmp
.J-0~ ---_--,
IVldeoGame I
stanGamBO
disptayCharactar O
moveCharacterQ I
GameCharacter I
I . '.' t" u
shown in Figure 14.5, a designer may usc a clas such as COH ,ro/ to contro l a vrdeo game (Le., to start and stop
vanouS element of the game). The problem with this IS that cont ro l classes, when needed, should be used to
manage object o nl y by initia ting the" methods, not as a replacement for the work that should be performed
"'rthln an object. When an o bject is requi red to con trol, it should be kept to a min imum : usually a simple,
s,"glr call to a method in an appropriate object that sets off the entire process. Figure 24 .5 shows how
dements of what used to be control, such as mourO, have been relocated to the objects to which they properly
appl y The Instances of CameCharactcr now move themselves . Minimal control ma y sti ll be needed outside
of VideoCame and CameCharacter, but it would in itiate rh o work rather than doing it.
The next "bIg· re(aCloring we'll consi der, Scpnrn tt Domtrlt1 Jrom PrcstH ltJ liotl , is used when a design mixes
control with output fonmalS-ln part icular, when C UI code occurs in the same class as the computational
algonthms or the data repository . For example, as shown in Fib""e 24 .6, a desig ner ma y use a class such as
Accovn' to perform computations but also to produce di pl ay<. Such a design lacks reusability and conceptual
Account
name
balance
•••
displayStandardO
displayHTMLO
:
display 0
Account
nlme
=> balance
•••
display ()
Project
=>
simphcity (ConsIder how comphcated it would be to change just the CUI parts or to allow several displays
for the same account data .) Figure 24 .6 shows how the o ri gina l des ign can be decomposed into the core part
of A CCOIUlt , se parated from classes describing varioLis ways to display the account.
Our Rnal example of a "big" refactoring, Exlmel Hicrarc/,y , applie, when il has become clear that a new or
extended hierarch y of classes IS nceded-in particular, when the classes in the existing hiera rchy are not
refined enough for the task at hand. For example, as shown in Figure 24.7, a designer may use a class such as
PrO)tcl to implement a project management application . We'll presume that the application has become too
soph isti cated fo r a generic project. So, for example, quite different functionality IS needed by software
engineering proj ects vs . entertainme nt projects. As shown in Figure 24 .7 , cXl.Tacting a hierarchy of classes
fro m the original beco mes a needed rdac torin g
The "composing methods" category of rcfactorin gs concerns the process of creating , removing , and
combinm8 methods to SUIt an evolving Clpplication . The various rypcs of mcrhod composition examined
by Fowler are shown in Figure 24 .B. They are e.plalOed bel ow.
• Extract method
• Inllne method
• Inline temp (re move a temporary vanable )
• Replace temp with query (i,e , a function )
• Introduce cxplainlOS variable (to replace complicated expressIon)
• Split temporary vanable (I.e., used more than once)
• Remove assignment to paramel'ers
• Replace method ","h method object
Exrracr M,rboJ refers to the process of identifying a block of code and creating a method that serves its
purpose . The block of code can then be replaced with a call to that method. One perfo rms such a
,eplacement when the beneRt of redUCing clutter outweighs the penalty of having to look elsewhere for
code details. This depends on the sense of purpose of the code extracted, its relative complexity, Its "ze,
and how fr<quently the functionality involved is needed . As a rough guide, note that the average length of
a method In an 00 implementatIOn is on the order of 10 lines (i.e., not 100 lines). If several methods call
the same block of code, that is stron g reason for ex tracti ng it to a method . When there ar< three such
calling methods, we very often extract as a matter of course. Most IDEs are instrumented with Exrracr
M,rbod.
1.1i., Mdhod refers to the opposite of Exlracl Mrlhod . We replace a ca ll to a method With the actual code
from that method. The occasion to consolidate is reflected by the opposi te of the justificatio n described ,n
Ext,acl M"hod : when a method is so shan or inconsequential that it is simpler to include the code itself instead
of the method call. Another case is when the ove rhead (time 0 ' heap space u cd) of a method call must be
avoided.
1.1i", Trmp refers to the process of replaci ng a temporary variable instead of uSIOg the whole expressio n
that it replaces. One considers this very strongly If, for example , the expression is complicated and has more
than twO tenns. An example is replacing y- (x-z).,,··y by a temporary variable in expression (24 . 1).
[x(y + z) - 'illY - (x - z) + x"yl (24 . 1)
R,placr Trmp wilh aurry refers to using a method ca ll IOstead of a temporary variable. For example , we
might want to save expression (24 . 1) in a temporary variable v and then usc 0 several times, or we mi ght want
to dISpense with a temporary variable and call the method that evaluates thIS expresSion each time we need it.
This would make sense if the variable we usc takes up a lot of space (true for a large data structure but not for a
Aoating point number like the one above). Another factor to consider here is whether or nOt the vanables in
the expression change . The penalty for introducing R,plaCt Tnnp will, a"rry is the time It takes to make the
•
compuranon.
1.',oduCt Explai"i"9 Variablr is the opposite of R,placr Tnnp will, a",ry. It introduces temporary van abies to
facilitate working with complicated expressions. Although the hiding quality of R,plac, Tnnp wilh Gurry is
usually benencial , it is counterproductive when there is little to hide.
Splil Trmporary Variabl, applies when you use a temporary va riable for purposes different fro m its anginal
One. It consists of introducing one or marc additional vanables IOstead. Cenerally speaking, it is good practice
to us< a temporary variable only for a si ngle purpose.
R()IIov, Alsi9"",rnllo Paramd", nxes the problem of changi ng the value of a parameter this is nOt expressly
designed to be an in/oul vanable. Cenerally speaki ng, it is poor practice to wri te to a parameter unless the
method is speCifically designed for th is, expecting and using the changed values In fact , it 15 usually good
pract ice to make methods parametersji"al (in Java notation) to prevent their use other than fo r the value they
provide.
R,piacr M,'hod W,lh M"bod Objtel is the process of replaci ng a met hod such as dofiliancinlC"lculalionO with
a function call on a dedicated object of a specially desig ned class (Fllla"ela/Calcul.llon ) uch asfinancialCalcu.
la"onl •.rxcCIIltO. The effect of calling ",te.'cO With object filla"ela l alc"lalionl' of a separate class gains
adva~tages when the funCtIonality required has too many effect to be handled conven ie ntly by a simple
functio n call ~I one. Another exa~lpfe is when we need to cou nt the number of times thar functionality uch as
n"ma lcProfilO 10 class SrockH,lprr IS executcd. Instead 01 si mply making " 'II"al,Profil() a method of SlockHrlptr.
we create a class ProfiIE."mnlioli that agsregate SloclcHrlp, •. and we call the method ",mll,O of Projilf>III".'ion
A nn.al.example IS when we want an ulldo capability . If we store the object repreSenting the function , there IS a
pOsSibility for undOing. Otherwise. we couldn't retrieve the funcllon call that brought us to a urrent state and
would be unable to go back.
608 CHAPTER 24 REFACTORING
Tim C"I<gOry of refa loring can erns c han ge in lh. placemenl of 10" feature . The,e arc su mmarized ,n
F.gures 24 . and 24 . 10
Atou, '\Itl/,o'/ han ~es the localion of a method fro m o ne las> 10 anolher For example. we may have
cla«c. "'o,"", Book, and O r.h, as we ll as a melhod lhal perfo nn , ordering The app loca"on could be budt
Wilh ",,,ultOr.l,,{&ok aBook ), a mClh od of ( 14" 0"''', However. till> would usuall y be ,nappropnatc, and
tx, ul,Ord,,{) ca n be moved with th IS refactOnn g to the more appro priate cla< O,drr
,\Iout F"Id . 'lin d" to Mou, ,\ ,Itlbod. These refactonngs arc especially nceded when we ,"troduce n~
clas'Ol's and recogn Ize beller h o mc~ for existing variables.
Exlr" I allow the softwa re engineer to create a class from a collection of artributes and methods
/" "
that alread y exist w,th in a class \Vle apply Exlrael e"IS'
whc n such a co llecti on makes log,cal sen e together
and tands out from It con tainin g class As an example, an applica"on may be ,mple mented with a Cu,'omer
cia" conrain'"g data abo ut books perh.aps because favonte books were Ill itia ll y understood to be a
characteristic of a cust o mer. However, if the app" catlon cha nges to one for wh.ch the book no ti o n becomes
Significan t, then we would appl y Exl", I C/II" to create a Book class.
1,r/iN' C/IIS' . the opposite of Exira I CIt"" is the ,"corporatio n of a cia s A, let's say, into another. B.
delet,n g A in the proce s. In other words, lhere is really no need for A.
H,d, Dt/'9"" is us(·d when a class references classes that are supposed to usc it, the dfect being to remove
these references. Clients of a class need to refere nce the used class. but the reverse shou ld b. avo.ded. This is
expanded upon below .
Remo", MiMI, ""Inn is the o pposite of Hid, D,I'9alr. Hid, DrI,gal, is accomplished by introdUCIng a separate
class, as hown in Fib'Urc 24 . 11 ; rcver.,lng {he process amounts to removing this "Middle Man."
F.gure 24 . 11 ,ho'. Hid, Drlr9alrs in some detail. Method{s) in /i,nl call "ltl/,od2 {) in (server) class C/"SSl.
H owever, m"bod2 {) requ"es th e usc of Cla,SI in a way that force C/irnl to rderence C/a,SI a well. An example
is the fo llo ,,' .ng,
• Move Me th od
• Trades off method ho ld.ng v<. usage
• Move Field
• Trades off hold ing vs. usage
• Extract Class
• Encapsulate a set of attributes and methods of a class
• Inli ne Class
• OpPosile of Exlrael Class
;----1
I
Class' I
I
I
Clienl ----.j
I
I
I Class2
I
.. _--- melhod20
delegale Class2
--------
melh0d20
Class!. Employer
In summary , Clire l has been saddl ed with unnecessary respo nsi bility. Hid, Dd'9alrs allows Iirnlto depe nd
only on Class2 by aggrega ting Class I to Class 2 (making a Cla sS! objeci an attribute of Cla"2 ). A a result, Grel
now depends only on CIa SS 2.
In the refacto rings of Ih is seclion , Fowler li m Iho e havi ng to do with Ihe location of data in a design o r
implementation .
S'if Elleapsulal, Fitld c hanges direct access of an attribute (c g., pub 1 ic S t ring name; ) to that via
accessors (e.g., pr ivate Str ing name; . . . Str ing getName () . . . ) One would use this
refactoring if one forgets to make or postpone, makin g fie lds private, available o nl y via ac~essor methods.
Using accessors in 00 is generall y good practice becau e it allows co ntrol such as checki ng an as igned value
to ensu re Ihat il is withi n bounds
R,pla" Dala V"lu, wilb Obl,el; A an exampl e, c hange the otlribute pub 1 ic S t ring name to
pub lie Name nam e . O ne wo uld app ly R,pla" Dala Valu, wilb Ob)tC1here when the idea of a name becomes
too complex for Slrill9 . An examp le" whe n it becomes necessary 10 track all parts of a name as well a alia e ,
matTIed nam e~ , and former unmarned o nes.
O,a"9' Valut 10 R,f"rncr b u cd when the va lue of an object's allribute IS beller obtained via a function
(typically, because Oblall1 l1l!! the va lue IS complex) ra ther than ,-.,h an expkll instance or with IIull, as III Ihe
fOllowing example In th e "" version below, the attribute II slon", has the va lue lIull. In the e ond VCrsl n, II
IS a ( " Sl"",,, object created by a "atic mel hod of uSlorna. Thi S ha the adva ntage of entralizlI1l! the rcatlon
of "slomtrobjecls. ",hl c h is often desirable T his advanlage be o me clear when severa l different las e need
610 CHAPTER 24 REFACTORING
ustomtr objcCl<\ In J standard man ner, such liS w h c Tl In'I J nll Jt1n~ a defau lt cu\tomer The undC:"lfable
altcmat ive is to repeat the code that rcates such o bJccts for each of the,e dasse.
class Order { . • .
Cust o mer customer ;
• • • •
• • replaced by • •
class Order { • • •
Customer customer = Custo mer . get Customer ( Str ing • . . . ) ;
• • •
( hul/ge RrfertHce 10 Value IS the opposi te of the previous refacto ring. Thi would be nceded when the
machinery of a refeeellce is fo und 10 be unnecessary. perhaps because the program turns out to be less
comple x than Jmicipated in thi S respect.
Rrplace Array wllh Obi,CI, Arrays have the beneRt of being standard in form and of ha vi ng random access.
However. they arc not as Aexible as specia lly built classes even though both may ha ve essentially the same
contents. When the use of an array loses the balance of its advantages. this rdacto ring makes the convers Ion.
An example is the fo llowi ng.
C hange Company [ ] companiesl . . . . to class Companies{ . . . } . Th is refactor·
ing may be benenci al because there are bener way to access companies (e.g.. why should IBM be
companiesl [3] in particular)). whereas accessing a compa ny by name (e.g .. Compani es compa-
nies2 . . . companies2 . getCompany ( •• IBM' • ) ) may be much morc appropriate .
The preceding rdactorings arc summarized in Figure 24 . 12.
( hal/ge Bid""tlonal Association 10 Ullid",clional, We usua lly want the relationship between classes ( , and ( 2
10 be one-way rather Ihan two -way. For example . ( , refers 10 (2 bUI ( 2 docs not also rder to (, . Olherwise.
we cannot usc onc in another applICation without the other. Ci rcular references are awkward in an)' ca e.
Elllploy« and Em ployer is an example; if the applicatio n is a corpora Ie a ile, we wou ld pro bably want Elll ployer 10
reference Employer. and there may be no need for the reverse. Tho resull is as fo llows.
Em ployer _ Em ployer.
°
CI"'"9' tI,udim:lrollnl As inlioll 10 R,d,rtCliollal is the opposite operation from th~ preceding rdactoring. If
then: i no clear way to e1.iminate the dual asso iation direction e ntirel y, we typically ny to create a third class
to ha.ndle the relat,onsh,p . An example is as follows .
Accounl
...
Iype
Accounl
•••
=>
•
•••
type
Account
...
type
24.S GENERALIZATION
The refactorings in this section exploit inheritance to conven (l deSign and code base from o ne (orm to
another that bett~r suits the si tuation .
Pull Up Firld is used whe n a field (e .g .• ordrr in Whol,salcOrd" and In R,'aiIOrd,,) occurs In severa l slibel. ses of
a class (wh ich we'll call the baS( class). It declares the ,ecurnng field in the base class. helping us to extend the
functionality of the design since the base class becomes more useful as a r«ult . Figure 24 16 shows an example.
Pull Up MtI/'od is th e same as Pull Up F,,/d except that it refe rs to recurrins methods '""cad.
1
• Pull up field
WhoIesaleOrdor RelollQrder
amount amount
• Pull up method
Pull Up Conslructor Body is similar 10 Pull Up M,thod, but here we are refemng 10 a bl ock o f code Ihal recurs
in Ihe conSlruclors of subclasses. Th is bl ock i placed in the base cia s co nstructo r. The derived cia s
construclors must call supcrO in order to effect it. An example in the co ntext of Figure 24 . 16 is when It
lxcomes clear thai there is ubstantial commo n code in co nstruclln!: Whoirsal,Qrd" and R,tmlQrdcr objects.
Pull DowlI Fi,/d or IvIrthod is the opposile of P"II Up .... We abolish the field or mel hod in Ihe base cl ass
when il is needed on ly once or twice in derived clas es. An example IS when we write a ),,,,dry lass wilh the
melhod "timat,Tim,To Cu'O and realize laler that thi app lies to very few ubclassc, - uch as dIamo nds and
sapphires and thaI even they do not have a large amount in commo n when it comes to thi s operati on.
These refactorings are summarized in Fi gure 24 . 16, where Ihe Iypical mOlive for each is included .
Extracl Subrlass is a mo re extensive versio n o f P"s/, Dou>ll . Here , we recog nize pans o f a class Ihat arc
specialized and are liable to be used toge ther, and 0 de erve clas ,hood. The process IS exempli Red in
Figure 24 17, where we recognize th e who lesale natllre o f man)' orders made to an enterpri se.
Ex'ract Sup"c/ass i an oppos Ite version o f P"II Up. Here, we recognI ze parts of class tha. can and should
be abstracted into a superclass The process is exempl ined in Figure 24 . 17, where we recog nize a generic
"employee' aspect o f manager and en gIneer objecls. [xtraet SubIS"/>"c/ll lS e nable ge ne rali zation b rcRning
the cia s model These two rd acto rln gs make It l'asicr to introdu e new kInd o f ca pab ililies g0 ll18 forward
beeause general co nce pts arc better defin ed.
Extract /"t"jac( arISes fro m askin g how a colle tlo n o f la srs would be u<ed by lients. In the example
illuslrated in Fi gure 24 . 18, we ask how a o llecll on of classes, includ ing i\~"lag" and E"!illl"' , would be used
TI,e Idea IS to collect thIS inform atI o n togeth er In a convenIent fo rm In till ase , we may come 10 Iht'
conclusion 111 the cont ex t of the applicati o n- th at u'e" of the,e las e need only unders tand that thc"
functio nal ity IS concerned with the concept' of bil/"bility (lor hargi ng eu tomers) and rtllp/oy,""" TI,e n we
crealC an interface thai re nects th ese conce r"
Collaps< H,crarcby applle< when we have hudt an inherit. "'.c Sl nl ture that' unne e , ari l refi ned- Ihat
" , It ha. too many level s An exa mpl e from llymna>tlC\ I< U""'(JI BarP"jo,,,,,, ~ Gymllll!t ~ /,or,, \\fO'''101 -
HSSt.J", t - StudtH' - Yo uth - Pmo" Fo r a , mall appl icat i-o n, Ihi< " prohahl y I 0 deep and need,
con>nlldatlo n Fo r th is exa mple, ol/"ps< H'tmrciJY CQ nLcrn ' the " cps needed to R'd" C Ih i, to the 10110w II1ll
ymna,t -10 • tudc nt - Pe r o n
614 CHAPTER 24 REFACTORING
Order
quantity
Order
quantily
• Extract Subclass
discou nt
Iype dlacounl
minimum
Fo"" T""pialr Mrlhod applies whe n we no tice a skeleto n algorithm Wi thin a body of code that i common
to several algorithms. In effect. we arc evolvi ng a desig n into an applicati o n of the Template design pattern .
The example In Figure 24 . 19 shows how the algorithms (o r "",lrBiktl"struclions() and umlrTrlkri"struction,O.
which ge ne ra te assembly instruction manuals depend ing on parameters, have 1I CO mm o n illgorithm Core. Th is
core consists of pans that can be pulled out as common to both u.rilrBikrl"slrllclio",O and wntrTnkrinstructionsO.
IDrll,PrrpO. wrltrSafrtyO. wrilrWrapUPO. and IDrilrMaHua'O.
Rrpiacr i"hcriilJ"cr lDith Dr'rgatio". somewhat self.explana tory. usually effects an improveme nt on a desig n.
00 langua ges such as Java d o not allow for more ,han o ne base class, so that there is an advantage to
GENERAUZATION 615
Assemblylnslructlons
wrllePrep()
wrileSalely()
wrileWrapUp()
wnleManual()
, ~
BlcycleAssemblylnslruelions BieyeleAssemblylnslruelions
wrileBikelnslruetlons() wrilePrepO
wrileSaletyO
wrileWrapUp()
eliminating an inheritance. Fo r the example in Fi gure 24.20, Accou/ll can inh erit from another class once the
..factoring is done , resulting in greater Aexi bil ity . Th e refactoring give a sequence of step that ensure a
smooth and safe transition from th e o rigi nal fo ml to th e refactored fo rm .
R,p/ae, DtI,galio/l with J/l h,rita/lC< would be appropria te whe n we wanl to repai r a desig n in wh ich code
becomes understood as having a gene ralizati o n rciati onship such as Emp!oy"/ Pmo/l . \Vle effec I Ih i in code by
mean~ of inheritance .
Record
lastChangedO
reco rd .Ia stChangedO
Account
Account record
taslChangedO tastChangldO
Cood deSll(n requires modul.rozallon , a process of ('paratlng Its es",ntial clement Whenevcr fc.-iblc . th"
hould be performed in advance H owe.er, it IS very useful to mod ularize aher thc fact a, well - In other
words. to recognize useful modulan Z3 t10n as the appli allon grow..; <and tran sition Into millntc:nance.
Cia se< by them elve, are a mean of modularozatlo n, but an applicatio n can contain huodred, of classes,
and so cia. os need organizing to enable designers 10 manage and appl y them . A useful way to handle
modularity o n thi sca lc is via the Fa ade dcsign pauern . Impl,(YlOl! m3ue,>, the problem can be reduced to
that shown in Figure 2~ . 2 1 , in wh ich the design IOvolves classes U, V, and W, where U references (men lions}
classes V and W . An example is U ~ Transaction, V ~ CllSlOme r , and W =Loan pool. Suppose that we want to
avo id multiple references like this (think of many clas os instead of Just the twO in this simplification , and you
can ImagIOe the re lilting compleXity). la s U must be modified becallse it ,hould no longer reference bo th
classes V and W .
The rdactoring 10 Figure 24 .2 1 is si mple if U docs not need to instantiate V objects or \VI objects ThIS IS
the case when U needs o nl y tatic methods of V or W . (Example, A transactio n needs only a generoc CtlStomer
functionality >uch as ge uIOS average assets of all customers, and the IOtal amollnt in the loan pooL ) In that
case, U references functio nality in F o nly, and F does th e work of translating slich function ca lls into the static
calls on V or W.
The situation may be more involved, however. Suppose that U requires V instances In order to operate
( such as is usually the case when it lran action involves a cuslomer). If we want to protect \1 within a package,
then U has to depend on the facade interface F and 11 0 longer on V directly. Figure 24.22 shows how thi can
be dealt with . First, V IS proVided with an abstract interface VI (Step I) that abstract its public methods.
The Exlrael liller/nrc rdactoring can be used for this. Next. in Step 2, \1 is enclosed 10 a module (or package)
package
,,---G
@}--- -0- --~
:- -~
u0)
ITmsctn ~ Cust
with facade F. The class U must now be modi Red so as to refere nce \f / and F onl y. It is far less of a problem fo r
a class to reference an interface than !O reference a class.
Let's apply thi s to an example , shown in Fi gure 24 .23 , where a transactio n o bject 01 class T",scln depends
on a customer clas GISI.
We can introduce inte rlace ICuSl, wi th Cusl bei ng unc hanged , but we need !O dea l wit h the resulting
changes needed to T"'seill . The de pende nce of T"'selll o n Cllsll re placed with depe ndence o n ICusl. TIlis IS a
slg~ificant improvement because II increases modularity. Th ink of it a fo llows: Imagine T "' ,elll as a bicycle
pump. Such a pump wo uld be of littl e use If it werc ab le to o pe rate o nly on Ajax tires (no t an interface ) but
would be very usefu l if it were ab le to operate o n an y tire sa ti lyi ng the standard va lve interface . Figure 24 .2-1
lists the impl icati o ns of th is c han ge for T ", \Chi and intro duce rem ed ies for most situall o ns.
As mentioned at the beginning of thi S chapter, rdactorlng ca n be profi lably applied a soon as software
engineers begi n wri tin g code , Figure 24 .25 was Intro duced In hapte r 4 o n ag de metho ds, bUI With o ur
mcreased knowledge of rdilc to rins we now have an o ppo rilinil to reexamIOc it. Re .11 Ih at a~ i l e
methodologies repea t the waterfa ll ,cquc nce ma ny time, bUI with eve ral diffe re n c< Eac h Ie beilin,
With the (functi ona l) code base ReqUIrements . re us u. lly in the fo rm o f IIser ~torie , . The ex ,,"n g
6I 8 CHAPTER 24 REFACTORING
Ref.clor 10
Ref.ctorlo accommodate
clean up new
reqU irements
will have been expre sly designed for Ihe eXisting requirements. It is a tenet of most ag ile melhodologies "01 to
try to anticipate forthcoming rcqulrtl1lcnt . The existing code ba~c m() y thus be unsuited to th,· additional
requirements In one or more ways-and rdactoring wou ld then be clppropriatc in order to accommodate
them . An example is the uscr story for a video Slore applicalion that inlroduces candy sa les (i.e .• nOl just Ihe
management of rentals ), A n('\\' module at the architectural level may be required" and this , In rurn , may
require pulling contro l functiona lity out in o rder to orc hcsrratc the rentaVsalt::~ actiVities.
Figure 24 .25 shows an additional refactoring step the ta,k of cleanup. I\·\osr software addilion and
modification work leaves a "me s" of one kllld and ma gnitude o r olher. An example i a SCI of displayllc-
COI(l110 methods, one (or an existing account t)'PC and two more: for added account types Even If the
application docs nor continue to evolve 10 this direction , the disorganization descnbed I\hould be cleaned lip
to make" more reliable and readable . Rdactoring is thus an esse",ial parr 01 agile design . imp lement.tlon.
and testlllg. It IS part of the expectation for agile projeclS.
Fowler's refactorlngs, described in [ 11. stand mostly apart from de ign patterns at lea" 111 expilcjl term .
However. refactOrlng is really an integral part of all de .. gn and implementatIon In particular. the need for
refactoring often poinlS to the need for new de ign panerns The cla<slc source for these is (2). in whICh
Kerievsky names most of hIS patterns in one of the follOWing forms .
' Ext.. MoveIReplacc < irua tion > \Vith/to < DesIgn Pattern >"
Our purpose hen- is on ly to dral\' the reader' attent ,on 10 thi s \Vork . H ere arc some example •.
• Encap ulatc Classes wIth Factory. Help the sO(l\Vare engineer recogn ize .. .
.. when Factory is a better way to construct o bjects that he o r she is dealIng with, and how 10 go
about the conversio n
... when the amou nt o( functionality bein g added dynamically to objects of a class is extensive
enoug h to require th e use of the Decorator design pallern , and how to go abo ut the co nversio n
• Replace State.Altering Conditio nals with State
.. . when the State desig n pattern is a berter wa y to handl e eve nts that alter the state of the
applicatio n, and how to make the transition
24.8 SUMMARY
' Refacto ring" refers to a d iscipli ne of replacing code in such a way as to Improve the applicatIon but without
changing its functionality . The improvement can be o( the following kinds.
Refactoring is possible at the archotectural level and at the det.oied code level. II extends the lIfe of
applications because it increases their capacity fo r modiAcation in response to changing requirements.
Some refacto rings can be done wit h wizards upplied woth devel o pment environment
Refacto ring is essenna l to agile devel o pment. This is because It facilitates the evolutio n of applications
so as to include additIonal funct Io nality .
This chapter has eoted severa l classica l refact orings. There are many more . An a t lve research
communI ty explores new rdactoring sec f3], for example
24,9 EXERCISES
I. O ne refactoring is to "sepa rate domain fro m prese ntat ion " Explain what this mea ns, and app ly It to
a ca lendar applicatIon ,
2 Wrote a SIngle that ompute< the roots o( a quadratic cqua tlon Apply "ex tract method" to It.
class Rental{
Str ing customer;
Stringdvd ;
• •
lnt customerLlcense;
Str ing director;
Date date;
• • •
}
5. TI, is chapter ci tes the fo llowi ng class diagra m for o,allg, Bid",ctional AssocIation 10 UHld",,'ional:
BIBLIOGRAPHY
I Fowlc.-r, M~nln . HRtJactonl'l9 I".",oai"9 ,he Dn'g" of E"u l '~ CoJe Addlson,Wc-sit-y . 1999
M
Planning
• Why test early? Why often?
Maintenance
• When and why do you retest?
Implementalion
• How do you plan for testing ?
Figure 25.1 The context and learning goals for this chapter
'ionwarc le<t lnl,; i< av~l l datl"n proct<' Execu tll1 g "de (rom th e c u lv "' 1l J"p l l<.~ t lon IS provide I \\ Ith
Input, and the (csullln~ output 1\ ompzll cd wI th thl' (('qulI 'd lllPlil i'(l h <lte; rcp illlq' 01 lll'\ln\('ndccl ... ,elt·
dlecl Indicate') a 'duh , hll ~ , ()r ('rrllr In lhl' 111'r>l c ll\(.-: nt~{lnn dc"gn , ur req UIreme nt' \~/c \ ..qlllt\e the \\(lr I
<kIf<! lO u,vcr 311 lh , . t ·r01' . d -ftn ed by th .. II I L (1[1+ <; ' Jl1d " ,d C I<h<ary 0 1 01 ,,,,-,,<., 1 1l~lneefln!:
622 CHAPTER 2S INTROOUCTION TO SOFTWARE TESTING
Termmology, IEEE Sid 610 121 9 0) a< "an incorrec t Slep. pro e,s. or data dcflnilion In a computer program "
"In orrec!" " 'e wiliundersiand 10 mean something Ihat causc< a failure to sallsly Ihe rcquifemenlS In any way
The goal of Ie. ling i 10 uncove r as many defecis. al Ihe hl ghesl level of serlou,no", as pOI"ble. It IS nOI
posslblc 10 leSI an app licalion wilh every possible "'PUI value duc 10 Ihe extraord inarily large number of
combina llon of input values. For Ih, s reason, te ling ca n cstabll h the Pft5(11CC of defctls but Nol Ih,,,.b.rncc (..
o aptl y PUI by Edsgar Dijk tra) In o lher words. for any prac lica l application, Ihe follOWing is a fal«
Slatement· "II has been Ihoroughl y lested and Iherefore has no defecls." TIlOrough testing IS nevenhele<s
Indi . pensable .
This chapter descnbe essenllal principles of software Icsti ng . II also summarizes tesllng practices so
that Ihe reader can understand leSling types and their contcxt withour gettms bogged down in details
C hapters 26 and 27 provide detads.
Two baSiC principles of software leStmg are "test early" and "te51 often " These precepts havc been respected
for man y years and are a pnncipal feature of agile methodologies.
"Testing early" means testing pans as soon as they arc implemented ralhcr than waiting for the completion
of the unilS they arc part of. In the video store application, for example, suppose that we are constructing a
method that stores rental mformation using Vid,o and ( ,,"orner objects as input parameters. 'Testi ng early·
Implies testing thIS method alone as much as possible before constructing addilional methods in the class.
'Testing often" means running tests at every reasonable opportunity, including after small additions o r
changes have been made. For the video store example, suppose that we add functionality to the rental storage
method mentioned above . "Testing often" translates here imo Arst rerunning the prior tests and then testing
fo r Ihe new funcli o nality. One reason for testing often is that changes sometimes invalidate code already
implemented. \VIe discuss this next.
A goa l of modern development methods, and especially of agile methods, is for the application under
development to grow only-in other words, not to require any other kind of alteration such as er.sures.
Accomplishing this (which is not always easy) means that existing tests continue to apply as new clements arc
developed .
Suppose that we Ihoroughly tcst part P of an application . Part P necessarily depends on other parts. (If part P
depends on no o ther parts, it can be treated like a separale application .) Now su ppose that we add to or alter
part Q of the application If P depends on Q , then P should be retested . Retesting software to ensure that its
capability has not been compromised is called rtgrtSsio'rl !n tin9 · A rcgrc sion test is de Igncd to aSSure uS that the
code added Since the last test has not compromised Ihe functional ity that was present before the change{s)
were made . Such a lest usually consists of a repeat or subset of the tests that were executed on the artifact
before changes were made.
As an example, we could And that addmg function.lity to DVDRtJllaf to estimate when a Customer will
return the DVD (mysteriouslyl) changes the due date. This kind of occurrence is caused by an erroneous
addition . a poor design, or an incomplete understanding of the application. Figure 25.2 ummarizes thiS.
A problem in regression lestlng Is assessing whether or nOt addcd or changed code affects a given body
of already. tested code. Also, we may not always be able to retest every part of an application becau e this
sometimes becomes prohibitively time·consuming (an operating system is such an example) Figure 25.3
explains such situations by considering what regression lestmB is necessary aftcr code N has been added or
changed.
BLACK BOX AND WHITE BOX TESTlNG 623
1. Regression
Original lesl (= original
leSI lesl?)
Original
Original
coda
code artifact
artifact
addition 2. Teslof
added """
functionality
""-
Figure 252 The idea of regression testing
• If C is known to depend on N
Perform regression testing on C
• If C is reliably known to be completely independent of N
There is no need to regression tes t C ....
N
• Otherwise 4ft'I' $ 'woos us
Regression test C
Suppose that we have buill the video to re application and we want to tes t it . We ma y run the application with
data like the following , and then compare the app li cation's behavior with Its required behavior.
•• •
Result
Input determined by...
Actualoutpul
.. . requirements - - -.... compared with
reqUIred output
White box
Va lida lion
... design ------+-t ot expected
elements behavior
Black box tes ting is esse ntial. H owever, to uncover as man y defec ts as possib le, we also need to utilize
knowledge of how the application has been designed and implemented. ContInuin g the automobile analogy,
if the ca r is built with a new design (or its automati c transmission , we wou ld be wise co usc this knowledge ,
srressing multiple gear changes and runnin g rests that foc us on changi ng gears in as man y ways and
circumsta nces as possible. T ests based o n desig n and implementation know ledge arc called wbilt box or glass
box tests. Figure 25.4 illustrates th e d iffere nce between black box and wh ite box testi ng.
White box testing met h ods arc typica ll y performed during unIt testing , which is described in C hap ter
26. Black box test ing is performed both during and after unit testi ng and is described in C hapters 26 a nd 28 .
Tests that focus substantively o n bo th o n the know ledge of h ow an application is intended to operate as
well as how it is construc ted are someti mes called gray box tests .
Software applications co nsist of numero us parts. As with all constrtlcti o n, the sou ndn es of tho who le depends
on th e soundn ess of the parts. This is ill ustrated by the ca nt ileve red bridge in Figure 25 .5.
Because of this depe ndence, we test software pans thoroughly befo re- assembling them-a process
known as "n il 'tsling . Individual methods arc con idcrcd tmits for tC'sting purposes, and so are clas cs. A part as
substant ial as a grammar checker in a word processor is probabl y too large to be conSidered a "un it." At times
we inadverte ntly allow a defect in a unit to remain undetected until the pro duct is compiete. In that case, the
cost of isolating and repairing the defect is tens or hund reds of times the cost of doi ng so wit h in the pRase
durin g which th e defect was creat ed. In other words, there is a very large payoff in d etecting defects early at
the un it leveL
Reliable
Reliable? Reliable?
Reliable?
- - Reliable?
Reliable? Reliable?
Agure 25.5 A bridge made from parts depends on their individual reliability
TESTING OBJECT-ORIENTED IMPLEMENTATIONS 625
• Int~rfac~
testing
validates function. expo cd by modules
• Int~ration _ _ _
_ _ . combinations of module
• S~tem • Robustness
whole appitcation ab.lity to handle anomal.es
• Usability • Performance
user satisfaction
• R~ression fast enough, uses acceptable amount of
changes did not create defects in existing code memory
• Acceptance
customer agreement that conlract sal.sfied
• Installation
works as specified once installed on required plat form
Unit
Unit
• ••• •
Unit Build
Application
..... -- Application
•• ••• _~) Modufe
on test bed
- on final
Various types 01 POS'-""" tests arc al 0 administered . F.gure 25.6 sum marizes some 01 the major types.
They are covered in Chapter 28.
Figure 25.7 is a summary of when each of the post -unit testing activit.es.s performed during the praces
of bUilding an applicalIOn .
Object-oriented applicat.ons, when develo ped well . beneA t from thei r organ.zation into c1asse . like an
modularozatlOn , this help' wit h testing because the classes ca n often be tested separately froro-and '"
626 CHAPTER 25 INTRODUCTION TO SOFTWARE TESTING
add,t,on to- bl. k box functIonality . Prior to the advent of 00, modulanzatlon tended to be in terms of
fun tlonalul1Its , deco mposed 1111 0 lowe r leve l functional un its ("stnlctured programmlllg") Thc<e units can be
eparo tcl y tested but o nl y when cleanly de igned. As w.l l be >cen in hapter 211, on unIt testlllg , 00 t<stlllS
In ludes method , lass, and package te. tin g.
It require signdkant lime to decide whal lo test, how to lcst , when lO do so, and with what data . In addition,
test results must be ana lyzed to determine what defects they uncovered . We therefore treat each test as an
item of value Tc 1 procedures, tcst data , and test record arc maintained; tests are reused o r modified where
possible . E.xamples of test documentation can be found In Chapters 26 and 27.
T o ma xi mize the effectiveness of resources spent on testing. a systematic approach is required and a plan
IS devised . Recall that the goa l is to detect as many errors as poss ible at as se riou a level as possible
with the reSOurces available . Typical planning steps arc shown in Figure 25 .8 and elaborated in the rest of
(his section .
The limIts of what constitutes a "unit" have to be defined by the development team . For example, do they
include the testing of packages, or is this to be considered another rype of testlllgi
• When tester has not been .ble to Rnd anot her delect in 5 ( 101 301 1001) minutes of testing
• When all nominal, boundary and out -of-bounds te _t examples show no delcct
• When a given checklist of test type has been completed
• After completing a series of targeted coverage (c.g., branch coverage for unit testing)
• When testing "ms out of its schedukd time
For object-oriented devel opme nt projects , a common sequence of unit testing is to test the methods of
each class, then the la,scs of cach package, and then the packagt: as a whole . If we were building a
framework , we would test the classes in each framework package first and then move on to the application
packages, bt-cause the laner depend on the form er. Once the "units" and non -unIt tests have been identified,
they must be organized and saved in a sy tematlC manner.
Since it is impossible to test for every possible Situation , the rx ltll l of te ting hould be considered and den ned
in advance. For example, if a banking application consists of Withdrawals, deposits, and queries, Untt testing
could specify that every method should be tested wtth an equal amount of lega l. boundary, and illegal data; or
perhaps, due to their se nsitivity, withdrawal and deposit methods arc tested three times as extensIvely as
query methods, and so on . Test cases are se lected both from normal expected operation, as well a from those
judged most likely to fail. SloPP;lIg enl,,;a are established in advance; these are concrete cond Iti ons upon wh Ich
testing stops. Examples are listed in Figure 25 .9 .
Test documentation consists of teSt procedures, input data , the code that executes the test. output data,
known issues that cannot be attended to yet, and efRciency data . Test dnvers and utilitie are used to execute
unit tests. and these are documented for future use. JUnlt is an example of a unit test utility (described In more
detail in Chapter 26). JUnit·like and various profeSSional test utilities help developers to retaIn test
documentation JUnit classe . in particular, tend to be maintained along with the applicatIo n.
Applications are developed to so lve problems in a speclRc area , and there is often a et of test data special to
the application . Examples are as follows ;
UnIt t<' slIng i usu,II), performed by develope rs tn. m.nner o f their own cilOoslng T estIn g beyo nd the unIt
leve l i, planned and performed by people other than the devel o per- u uall y an tnternal Q A o rganlZ<ltto n
UnIt test arc m.de .v.dablc fo r Inspec tion and for possIble Incorp o ratI o n into hIg he r-leve l tes ts, Some post-
unit tes ting requires QA engineer; to understand th e design, but mos t o q~anlza ti o n s do not support this
carability , and so the y . sign QA to hig her-level , blac k box testing o nl y . Some o f the inde pende nce of QA
can be caplllred by havtn g development engineers unit-test eac h other's code. It can al 0 be attamed by QA
assuming an oversIght re po nsibdlty, ensuring that unit tesllng is performed tho roug hly by de velo pers.
Unit te ting is o ften bundled with the development process rather than being called out as a separate budget
ite m. Good leaders fos ter an altitude that the rcliabiHty o f un its is essential , and they allow developers
suf Acicnt time to alta in reliable un its, Testing beyond the unit level is an identifiably separate item , usually
assocIated with the project's budget but sometimes a part of QA's whole budget. Employing a third party for
teslln g IS sometimes used-including offshored resources-and must be budgeted for.
The develo pment organ izatio n speciRes the fonn in whIch engineers record defect counts, defect types, and
time spent on testing . The resulting data are used to assess the state of the application , to forecast the job's
eventual quality and completion date, and as historical data for future projects . The data also become part of
the organization's hi stori cal record .
Suites o f tests and test plans can be eva luated, and there arc ways to improve them . MutatioH !(sti"g , in
particular, validates testing sUItes rather than the code under test itself. Suppose that we have developed a
suite of tests for all or part of an appl ication . Fo"ft injection is the process of deliberately inserting faults into a
program , Mutation testing is a kind of fault injection whereby we change the source code in small , controlled,
and deliberately incorrect ways to detennine whether the resultIng mjected errors are detected by the test
suite. Examples are changing a true to a Jalst and a ">" to a "> = ". If our tests continue to pass despite fault
injections, this exposes weakness In our current tcst suite . We can infer that the test suite is probably failing to
find defects that we did not insert . By working on fault insertion, it is possible to estimate the number of
defects that our test suite is faili ng to And.
Mutatio n is said to have originated by R_lipton in a J 971 class . It is computationally intensive, which is
one reason it took some time to become active as an area of research and practice.
25.9 SUMMARY
Software testing is a validation process, the purpose of which is to detect as many defects of as high a level of
seriousness as possible , Defects are detected when the software under test is provided with input, and the
resulting output does not match the expected output.
Two basic principles of software testing are "test early" and "test often," "Test early" means that as soon as
a software part is implemented it should be tested. This ensures that defects are detected as close to their
introduction as possible, making them easier and cheaper to detect and correct, "Testing often" means
EXERCISES 629
running ~ts at ~very rea on able opportunity, includi ng after additions or modifications have been made.
Updated code may advcrsdy affect the exi ting code , and the errors should be found and repaired as quickly
as possible. The testing for capabilities already attai ned prior to update is known as regression testing and is
pcrfom1ed throughout the testin g process.
There are two basic test mNhodologics, black box and white box. Black box testi ng does not take into
account the manner in whIch the software i designed or implemented. Test inputs are provided based on the
requirements of the application, and outputs are examined to ensure they match what is expected. White box
testing takes the desIgn and implementation into consideration , and inputs are devised with these in mind.
Unit testing is performed on the methods and classes of the software. It employs both white box and
black box techniques. It ensures that the underlying structure of the software is sound. After some or all ullits
are test~d, post-unit test are run that test the larger system . These include interface, integration, system ,
usability, reglession, acceptance, and installation testing.
25.10 EXERCISES
I. Why not wait for many parts to be built, and then test them together? This seems to kill several
birds with o ne sto ne.
2. Suppose that you have a developing applicatio n, tested so far, to which you add code. Why not, as
the next step, test the combined result7
3. Explain why (a ) white box resting, by itself, is not enough and (b) black box testing, by itself, is not
enough .
4. Why is unit testing most com monly performed by software engi neers who program and post-unit
testing by QA personnel7
5. Why shou ld test planning be speCifically identified as an activity rather than being pursued
informall y when the time comes7
unit Testing
Figure 26.1 The context and lea rn ing goals for this chapter
UIlI" rs''"9 IS the testing of the paris of an app lication In isolation . Typically thesc are the methods and
classes. Unit testing.s conducted by software developers c.thcr IJl parallel with implementation or after a part
of the appl,cation is coded. In eIther case both white box and black box methods are employed. \""'ite box
unit te (5 focus on the unit's Internals such as program logic, branch pOints, and code paths Black box unit
teSlS focus on providing inputs based on thc particular reqUIrements of the unll , vahdating that co~ct
outputs arc produced. Once they arc uccessfully tested in ISolation , units are ready to be integrated and
UMTTEST METHODS 631
Example:
get D VD tlt/e
Desig n document
(SOD)
1i·ltllemlnlatlon
Requirement
Domain unll
document
classes (cede lor i1i."~ or claD)
(SRS)
Examp Ie:
·'t
Enmple: shall be
Example: void sa/OVON.mel ... )
possible to add 8 DVO
to the vkJeo store's me/hod addOVO( " . )
inventory» ~Pr8condl'ions: ... _
Postcond,llons: ... •
tested together. This is what we will ca ll pOS I-"IIIllrsliH9 and is covered In C hapter 27 The rest of this chapter
describes specific test methods a nd stra tegies employed in unit testing .
The first step in unit testing is identi fyi ng Units and determining wh al they are intended to do . These arc
obtained from the SRS or the SOD . They may a lso be ele me nts 100 minor to specify in the SOD . Figure 26.2
illustrates this for the video store exa mpl e.
For units arising from design , we ma y not possess ex pl icit requ ire ments against which 10 perform te ts.
An example is a test for the class Cm"rOla,aCIII, introduced for the design of ou r video ga me; none of the
original requirements specifica ll y involves CamrChamrlll per se. Separate specifica ti ons shou ld be wrillen for
all design classes oncc the desig n is crea ted . When Ihese are nOI wrinen , as is often the co e, lest cases have 10
be devised against the functionality Ihat the class is supposed (by Ihe lesterl lo pos c s Figure 26 3 ill ustrale
unit lesti ng agai nst reqUire menls a nd against design .
Both white box and black box mel h ods are ul ili zed during unll Icstl ng Some of Ihe principal te hni ques
are shown in Figure 26.4. As described In h ap ter 25, white box testing IS conducted with knowledge of
the design and impleme nlatio n of Ihe unit under lesl. The while box unit Ie I fo us o n the Internal cod~
structure, testi ng each pro!:ram statement , every deCision point , a nd each indepe ndent path Ihrough th e
code. Black box mel hods focu nn tesling the unit w lthoUI u"ns its IOternal structure Tc hniques u. ed 10
conduct black box unit lest' Include eq uiva le nce parllt ionlng and boundary va lue ana lysi<, IOP'C Ihat are
explained In detail below
There has been , and con tinue, to be, resear h o n Ih e relations hi p alilong these te tlOR Iyp<"> SIO c they
often overlap a nd a lso leave va n ou' ki nds of gaps An examp le of p. t research is dc, nhed by Rapp' and
E J. W "yuke r [ I J. '" which paths are selec ted on Ih ba<;' 01 w here v.nable, are deAned vs. where Ihe are
u$ed . Nevertheless, the types d,scu,sed form a Rood , tart ins point and pra tica l ba<is
632 CHAPTER 26 UNIT TESTING
i2} Design
3.2.EC.l .2 Dualities of ElKX>unler GameCharacler: An abstract class
chsracters with attributo name ... ,
Every game character has the
same set of qualities. Each quality
"- "- \
Test this class ... j
shalt be a nonnegative fica ting .,. against this requirement
point number with at teas tone
Characters
decimal of precision . . . .
\ GameChsfscter
"- .....
-- "-
\
L
"
Test this method ... I EncounterCharacters
... against thIs require ment -j ,
"- EncounterCharacter
t.. adjUS1OuaJityO
Figure 26.3 Relating tests to requirements and design
At a min imum, every statement in a program must be executed at least once during unit testing. Ir a line of
code contains a defect, tests that nev", execute the line will not detect the defect. Untested statements are
thought by many to be a major cause of latent defects.
Consider the function co",p.t,Fi", 0 shown in listing 26. t . We will usc a directed graph, ca lled a progra",
(0""01 graph , to graphically represent the control paths of the program . Figure 26.5 contains the program
conrrol graph of comp.tcFi",O, where each node in the graph represents an executable line of code, and each
• Statf:ment coverage
Test cases cause every line of code to be execllted
• Branch coverage
Test cases cause every decision point to execute
• Path coveragr
Test cases cause every independent code path to be executed
Blad Box Methods
o Equivalence partitioning
Divide input values into equivalent groups
o Boundary value analysis
Test at boundary conditions
figure 26.4 Methods for unit testing. categorized by black box and white box types
UNIT TEST METHODS 633
False
False
Figure 26.5 Control flow graph of computeFineQ, with numbers keyed to Listing 26.1
edge represents the transition between lines of code. In the graph we repre e nt decision poin ts uch a If, ",/,il"
or for statements as a diam o nd, and all other executable statements as a ci rcle.
In order to satisfy statement coverage, tes ts are devised ,,, lth Inpurs that e nsure eo h linc of code IS
cxecutcod at least once As s hown in Tab le 26 I , o nl y o ne tes t is nece>'"!)' to sa ti sfy sto te mc nt co crage 01
",..p..kFi"t() (but not truly comp le te overage , as we shall eel .
634 CHAPTER 26 UNITTE5T1NG
Statement coverage is satisfactory for determining whether a particular line of code has an error, but it will not
catch all ty pes of errors by any means. In facl , computcF""O does ha ve a defec t: the vanable fi., shou ld be
initialtzed to MAXJINE on line I, not to O. The defec t will mani fest if day,!..le is input with a value g reater
than MAX_ FINE_ PERIOD . Th is was not detected in the statement cove rage test because, although the if
statement on line 2 was execu ted, the branch for daysLate > MAX_fiNE_PERIOD was no t tested .
A stro nger fonll of test coverage, one that includes statement coverage and detects this ry pe of defect , is
branch cov(ragt , which means that for every decision point in the code, every branch I S executed at least once.
listing 26.2 contains an updated compul,Fi",O function , with the aforementIOned defect repaired-the
variable fi., is now In itialized to MAX_FINE on linc I .
To satisfy branch coverage , one or more tests are run with appropriate inputs to ensure that every
statement is executed at least once and every branch decision is executed at least oncc. The two test cases in
Table 26_2, for example, satisfy these conditions .
The execution path of each test case is shown in the program cont'rol graphs 01 Figure 26.6 , with the
bold arrows depicting the contTol Aow.
An even stronger form of test coverage is path coutrage, in which all distinct code paths a", executed by at least
one test case. By distinct code paths we a", rderring to the complete set of sequences of branches and loop
UNIT TEST METHODS 63S
Test Case #1
False False
False False
FIgure 26_6 Branch coverage of computeFmeO. with numbers keyed to Usting 26.1
traversals, even if the y d iffer by just o ne small part of the path . This type of testing detects errors that only
occur if a speciRc path is executed . Path coverage subsumes statement and branch coverage. As an example,
c","puItFi"r(J contains two If statemen ts, each with two branch decisions · true and false . Therefore compu/rFin,(J
has four distinC1 paths through the function as Illu trated In Figure 26.7.
Four test cases would be reqUIred to test all the distinct paths of compu/rF,",O, one fo r each path , as
shown in Table 26.3_
As the number of branches and loops increase, the number of distinct paths grows exponentially. It
.r
qUJckly becomes impractical to test them all. Fo r exa mple, the number of decision poi nts IS 30, the number
of distinct paths is over 1 billion . It is therdorc necessary to limit the number of paths to test_ A commo nl y
used method of maklOl! the tests Viable whde gal nln !! IgniAca nt conAdence is to compute the number of
linearly independent paths, or baSIS paths, through the code under test ThIS can be thought of a the minimum
number of paths that can be combined to generate every po Sible path , and i the minimum number of paths
that hould be tested
636 CHAPTER 26 UNIT TESTING
1 1 1 1
Figure 26.7 Distinct paths of computerFineO, with numbers keyed to Listing 26.1
The Il umbe r of basis paths ca n be ca lculated by computing the cye/omnlie eompltxity [ 2]. which has its
roots 10 graph theory. The Am step in computin g the cyclomatic complexity is to represent the code with a
program conrrol graph. Then the cyclomatic complexity (CCl is calculated w ith the fo ll owi ng fo rmula:
CC = e - n +2
where e = the number of edges, and n = th e number of no des.
As an example , listlOg 26.3 contains an upd ated vers io n of eornpulrFi""O that has input an array
containing the number of days late fo r a list of DVDs. In o rder to process the list, afor loo p is introduced,
adding an addi ti onal decision POlOt in th e function Figure 26.8 shows the corresponding program conrrol
gra ph for this eompul,Fi""O.
10
F"lgUre 26.8 Program control graph for computeFinesO. with numbering keyed to Listing 26.3
To cal ulale thc cyclomalic COIl1P!cXIIY of comp"'cFiHtS() , we rcrcr to Ihe program co ntro l graph In
Figure 26 .8 and no te thaI Ihere arc 12 cdges and ' 0 node$ Therefore, C IS ca l ulaled as follows ;
C = 12 - 10+2 = 4
Tills lell us Ihal Ihere arc four basIS palhs. To ge nera le a spe lfic scI of basIs path< , Ihe foll o wing SICPS
can be foll owed.
I. tart wilh Ihe stralghl path Ihroug h Ihe code (all cond i\l ons lrue).
2. SCI Ihe firsl cond 'lion 10 fa lse, kee ping all Ihe re I lrue.
3 Resel Ihe firsl co ndillo n 10 lrue, Set Ihe second condil io n 10 false , keeping all the rcSI lrue
4. Continue, se lling Ihe next cond itio n false with all the rcst true.
5. Stop aftcr the last condition has been set fal e.
ThaI IS, each basis path varies o nly o ne of Ihe conditions at a time. Note that the condition nodes in thiS
function are 2, 4, and 7, which arc the for statemenl and the IwO if stalcments. Usi ng Ihis algorithm , the four
baSIS paths for (omp"'cF,",,() arc as follows ;
The corresponding program control gra phs arc shown in Figure 26.9.
Four test.s arc then devised with appropriate inputs to ensure that each baSIS path is executed once, as
shown in Table 26.4.
The challenge of testing is the selection of a test sct. For example, a funclion such as (ompuI< Fi"c(),
which takes a simp le integer parameter day,i.A'c, ha s all of 2" = 4 bill ion possible input values . Any test
SC I IS a truly \ln y subset of the collection of all possi bilities. and so we want il to bc as represe ntative as
possible.
EqUivalence partitio ning IS a black box test method in which paramcter values arc divided into
nonovcrlapping selS that constitute the complete set of possibilities (" partitions"), with the values in each
partition expected to produce similar rest results . (( we can identify such a partitioning, we ca n have some
confidence in a test that selects one value per equivalence partilion as test input. Equivalence panitloning i
also used in system testing, which is discussed in Chapter 28.
The potential input values for a test can be thought of as points 10 para",clcr space: an "-dimensional pace
with one dimenSIOn per parameter. For example, if we arc testing a method intended to compute the area of a
rectan gle, the parameter space is two -dimensional, each widlhnCHglh pair is a point in two-dimensional spact'.
As another example, suppose we want to test that the video Store function discussed above COII«:tiy
computes the flne on late movies. Suppose that the store's penalty depends on the number of days late.
usual but also on whether the movie is a new release, old release, or ·one·of·a·kind: The parameter space
Basis Path #1
1 1 1 1
5 5
- -
'"
1>40 CHAPTER 26 UNIT TESTING
can be thought of as consisti ng of the poi nts shown in Figu re 26 . 10. The parameter space is not limi ted to
kgal va lues; it incl ude values that are no t perm itted F'gure 26. 10 lIggem the shape of this pa rameter space.
uppo e rh.:n th(" store's Rnc calcul ation requiremt'nt is as (ollows:
The Rne shall be $2 per day fo r the firs t 5 days and $ 1 per day after that, up to th e value of the
movie. The value of all new releases shall be taken to be $20, o nc-of-a·kind releases $ 15, and old
releases $ 10
The parameter space decomposes into correspo nding regio ns such as "new re lease between 0 a nd 5 days
late," each haVing the fo llowing pro perty .
1lJ( applicallo" b,hautS in II similar marHl(r jor nil lJalu(5 hI web r(9,on .
•• • • • ••
•• • •• ,
,
...-....-..- ..................._.- ........... •...... -........ -................. .......:>-
~
-5 o 5 10 15
Days late
•.g., (6 days late, "Casablanca-)
new release •• •• •• •• •• •• •• •• •• ••
.-. ~ ~. - . - ._......I.... _--_...- .. __.---_.._-- - .--
,
o 5
Days lale
I
new release •• •••••
••••• •
A full parameter space equivalence partition for this example is shown in Figure 26. 12
To identify equivalence par1itions , determine the limits or boundaries on the individual variables or
combinations of variables. These limits can be seen either in Ihe code itself or in the requirements that the
variables reAect . Often , the relevant requirements are in the form of bUlinm ",ItS . The ~ne policy of the video
Slore example is a good example of a rule for doing Ihe business of renting . Once the equivalence partillons
have been determined, we creale test cases as in Figure 26. 13.
Test '"
• • • • values strictly within each region
• • • values at region borders
NOles:
10 u e ">;· 111 lead of ·~· when checklll S for a boundary condillon For example , th e ode Ihat c heck. (or the
PlnD "lr,rsd6- IS tiny 'nlr equivalence clas in rOlllplllrFIPlr() sho uld read as foll ows
2. Identify their limits, individually and in combination (example, the co ndition 2< x+y<7 identifies 2 and
7 as boundanes for ny).
3. Test for combinations of these variable/combination/values. Testing all combtnations is ideal but when
this is Impractical , wc select those that appear most likely to fail or we select combinations at random or
bo th.
NOle th.t 2 betng a boundary for x+y implicales the straight line x+y; 2 in the x-y plane as a boundary.
Unit testing typica ll y stans by teSiing the melhods of a class. In this section we discuss how to carry this out in
an orderly way. incorporating the methodologies covered in the prevIOus sec tio n.
Humphrey [3] recommends the checkllSls in Table 26.5 for perfo rming method tests.
By now you may be overwhelmed by the sheer number of different types of tests . Several t t over
cs types l ap.
For example, a test with normal inputS may have statement coverage branch cov-rag d h
,. . . .. . .... c, an pat coverage.
One way to Slmpltfy and organize the Untt tests IS to lISt the testin g types as in Table 266 d L _ h
" d I d' I
In d IVI ua tests aceor Ing y .
. , an to numucr t e
26.3.3 Stubs
A method frequently depends on class« other than the one containing I't Th'
• IS pre ents no probl 'f h
needed c1ass« have already been built and tested. Otherwise, we use stand. ' . h L em I t e
inS Wit tnc same name but with
TESTING METl100S '43
TIllIe 26,$ Humphrey's unit-testing checklist, categorized black bOxor Whlte bOx In the context 0 f a me!hod test
operatIOn Comment
1. verify operation at normal parameter values a black bOx test based on the unifs requirements
2. verify operation at limit parameter values black bOx
3_verify operation outside parameter values black bOx
4. Ensure that all instructions execute statement coverage
5. Check all paths. Including bOth sides of all branches path coverage
6. Check the use of all called Objects white bOx
7. verify the handling of all data structures White bOx
8. verify the handling of all files white bOx
9. Check normal termination of all loops white box: part of a correctness proof
10.Check abnormal termination of all loops white bOx
11.Check normal termination of all recursions white bOx
just enough substa nce to support the method under test. These are call ed slubs. For example. suppose that we
want to test the ,,,,'0 method in the R",lal class of the video store application framework . It depends on the
classes R",'alI'tm and R,"laICuslomtr as shown in Figure 26. 14. \Vle therefore create stubs for these two classes as
shown.
Simple stubs like these are not .ufAcient beyond the method-testing level. As we will de cribe in
Chapter 27. in that case we require artifacts known as "drivers" as well.
As an example of a unit tcst . we will test for the fo ll owi ng detai led requirement for the Encounter cas. study.
3.2.EC. I.2 Qualities of Encoun ter characters. Every game character has the same se t of qualities.
Each quality sha ll be a nonnegative floating POlOt number with at least o ne decimal of precision
These are all initialized equally so that the sum of their values is 100. The value of a quality can not
be both greater than zero and les. than 0.5 For the Am release the qua lities shall be (Oil tt,lmli" • •
sl'''''M. ,."I/'9mCt. palltllrt . and sl""'9 Ih .
An approp"ate test ,et for a method adjusIQllalily(Slrlll9 4,mlilyP. floal vallltP) , gIven next Thi method
sets the qualtty named by 4ualiryP to valutl' and ad;u IS the rema ,n ing qualt ties so that the proportIon of
the remaining avaIlable points rema,ns the sa me Within each of the "on ranKt boundnries: ' Ollts d~ rang~:
644 CHAPTfR 26 UNIT TESnNG
2. On boundary? 12,3,5
7. ASsertions tested? 12
./
........- - - - - - - dependence
Rental
. . . . --------<'0' ,estin~g;---------//
stubbsd
Unit test 01
sdjustOuafllyO
Within range
and ·within range" categories, we try to obtai n systematic coverage by seeking represe ntatives of eaeh
equivalence partition . Figure 26. 15 is typical of a systematic deco mposi tio n of the input space into
equivalence partitions.
The next levels of partitioning are shown in Figures 26. 16, 26. 17, and 26 . 18, and the actual test ca es are
listed below.
A resulting test suite is s hown in Table 26.7.
On boundary
Out 01 range
=t
CXlI1Cantration stamina ... concenlration slamlna ...
Key to unit tests of adjusrQualltyl} (Details for each test follow this table)
1. Within range
• • •
• • • •
&".<11'1/ .... ,""" Concentration 20 + 10 = 30, Stamina 70/4 = 17.5, (Note, remains 1/4 of the non -
·concentration" points), Intelligence 70/ 4 = 17.5, Patience 70/ 4 = 17.5, Strength 70/4 = 17.5,
Tests 1.1.2, 1.1.3, '" are similar, using the other qualities Instead of concentration.
Test 1.2. 1
I'PIII, Concentration 20, Stamina 20, Intelligence 20, Patience 20; Strength 20,
Extoll<;adiustQualiry('"conC"rtltmtioll". 99)
Exprcl<a output , Concentration 99, Stamina 0 ( 1/4 result replaced by zero), Intelligence 0 ( 1/4 result
",placed by zero),Patience 0 (1/4 result replaced by zero), Strength 0 ( 1/ 4 result replaced by zero),
Tests 1.2.2, 1.2.3, ... are similar, using the other qualities instead of concentration .
Test 2. 1.1
I.pu" Concentration 0, Stamina 25 ; Intelligence 25 ; Patience 25, Strength 25 ,
Exrcu't , aaiu"Qualiry(",lamilla", 7' )
Exptclta outpu" Concentration 0; Stamina 99; Intelligence 0 (result of 1/ 3 is set to zero), Patience 0 (result
of 1/ 3 is set to zero); Strength 0 (result of 1/ 3 is set to zero)
Tests 2. 1.. 1.2, 2. 1.1.3 , ... are similar
Tests 2.2, 2.3 , . . . pertain to other extremes. For example,
2.N aaiu"Quality() called with parameter equal ing a current value
Input, Concentration 0; Stamina 25; Intelligence 25; Patience 25; Strength 25 ,
EXtcutt, aaiu,tQualiry('", lamina ". -25)
Exptclca ou'put, Concentration 0; Stamina 0, Intelli gence 33; Patience 33; Strength 33-,
Test 3. 1.1
Input, Concentration 20, Stamina 20, Intelligence 20; Patience 20, Strength 20,
Extcu't, aaius,Qualiry("conctn'ration". 81)
Exptctra output, Message to error log stating that adjlls,Qllaliry() was called with out ·of·range input;
Concentration 100; (20+81 set to 100); Stamina 0; (after concentration is set, there are no remaining quality
points to distribute); Intelligence 0; Patience 0; Strength 0
Tests 3. 1.2, 3. 1.3, ... arc sim ilar
Tests 3.2, 3.3, ... are similar to test 3. 1
Test 3.N . 1
Input: Concentration 20, Stamina 20, Intell igence 20; Patience 20, Strength 20;
Ext, u't: adill s,Qllal,ry('"conctnlralion". -2, )
Exprcltd OI'P"t: Message to error log stating that IIdjllStQ llalily () was called with out-of·range input;
Concentration 0; (20-2 1 se t to zero ); Stamina 25; ( 100/ 4); Intelligence 25 ( 100/4); Patie nce 25 ( 100/4);
Strength 25 ( I 00/4).
All dfective me thod for pe rform,"!! un it testin g IS to co nduct te nng in par.tllel with implementatio n. In fact,
in dfective way to "Ulld qualllY in to an impleme ntation i< to specify the tests that an implem entation mll t
pass be/orr writing the cndc After wnlln j.( u h a test, o ne add. to the impl ementat ion lIntil the teSt '" ceeds
648 CHAPTER 26 UNIT TESnNG
Th" " called ItS l-dmlCll droc/opm"'1 (mDl TDD is ofte,; a"oclated with ag ile devel o pm e nt, but ,t IS useful
w, lh,n any developmenl process The general sleps Involved in TDD arc as follow s:
I. Write a leSI case for some code lhal " yet 10 be IInplcmcnled
Envi ion what lhe code is suppa cd 10 do. Dependlllg on how tho roughly this part of th e code was
previously designed , a bit of dCladed de<lgn may be required Tests arc tYPically c reated to test only a
relalivcly small amount of code as lillie as several lines.
Stalement coverage-A natural by· product ofmD is thaI after the lests arc wrilten and pass, every line
of code is executed by al IcaSl one tcst . Thus sta tement coverage is satisfied .
Cleaner code-As we men tioned previously, only as much code as necessary is written to make a tcst
pass. TI"Iis results in an implementation that tends to be clean and contai ns little extraneous code.
Rapid feedback-Once a seclion of code is wrillen , it is immediately tested , providing instant feedback
as to its correctness. TI"Iis leads to quicker development time a,s bugs are easier to identify and correct.
Suite of unit tesls-After a test is wrillen and passes, It is saved along wilh olhertests being developed. In
this way a suite of unit tes~ iscreated and can be used for huurc te sting activities uch as regression tC'Sting.
II is common to perform mD within a testing framework such as JlI"'t, which we describe next.
, . 2. Write a test
case (wiliiall)
]U.1t is a public·domain te t framework widely used to "wnte and run repeatable tests" [4]. It is implemented
In and u ed for testing Java programs It supports lInit testing with tools lor test result executio n, reporting,
and error handling .
uppose, lor example, we have a Calculator class and we want to write a test lor a yet.to·be coded
ubtract method. 11 we are uSing TOO, the Rrst step is to write a unit test lor the enVisioned method. By
convention. when testing a clas X, tests arc placed in a clas TtS'X and every method perlorming a test 01
method mmmm {) is labeled ItSlMmmm O.
listing 26.4 is a Teste alew/ator class that co ntains One test called IrslSub'racl.
~rtjunit.framework.TestCase;
public: c:l . . . TestCalculator extends TestCase
{
public: void test Subtract ()
{
=
Calculator c new Calculator () ;
/ / Test 1: Nominal Case
double r = c. subtract (2.0000000001, 3.0000000002) ;
assert:Equals ( -1.0000000001, r, 0) ;
/ / Test 2: Corner Case
r = c. subtract (Double . MA)CVALUE , Double . MA)CVJlLUE) ;
assertEquals (0.0, r, 0) ;
• • •
}
}
By ~xamining testSubtract we can imagine the code we must wntc to pass the test :
I A subtract method that takes two double arguments and returns a double result.
2. An implementation of a subtract method that subtracts the second argument from the Rrst and returns the
result of the subtraction .
To fulfill our envISioned method, we write a subtract method such as in Listing 26 .S.
,
..' nrrul
-----_. ----- - .. -
-
1I!I . . . . ~R2',.
I I u
•- •
- '"
The result of runn ing T estCalcul ator in J Un it is the wi ndow in Figure 26.20 showi ng a g reen bar (for
"passed") .
T o illustrate what hap pens when a tes t fails. we wi ll fo rce a d efec t with a new subtract that erro neo usly
converts to float , as in Li sting 26.6.
import junit.framework.TestCase;
Listing 26.9: A TestSuite example, combining tests for Calculator and Concatenator
listing 26. 10 IS the class EncolmtrrCbaractcr from the Encounter video game.
CASE STUDY: ENCOUNTER VIDEO GAME 653
/* INSTANCE VARIABLES * /
/ ** Values of the qualities. <p > Requirement 3.2. EC. 1. 2 */
protectad float[ 1 qualValueI : n•• fIoat [qual it yTypeS . length 1 ;
/* CONSTRUCTORS */
CASE STUDY: ENCOUNTER VIDEO GAME 655
}
zoetum returnlnd e xM;
}
658 CHAPTER 26 UNIT TESTING
retum sumM;
}
Th( test was allemptcd With version 7.2. I of E. Braude in version 6.5.2. They are due to ~
&. o"."rCbarael" using version 2.3 of the TrslUliiilits expanded in later versions of EHeO"HltrCbaraCltr.
package . On th e first try , the test fa ded to run . Example of Unit Test Source Code:
We think that t his wa due to the fact that we did The fo llOWi ng code, for the EHcowHlrrCharaCltr
not really have version 2.3 of Ttl/liIiiilit! . When class, includes self- test methods.
we ~Ioaded this package , the test ran without The class TtslEx<cwlioH is used to execute the
Incident. un it test . It contains a static method pri.,RtportToFik()
whose parameters , in Javadoc notation, are as
fo ll ows.
This is a good place to mention mistakes made * @param - FileWriter - Destination of report
dunng testing. These are particularly prevalent
when user actions are required, and it is im-
* output.
• @param - String - A description of the test.
practical to rerun the e ntire test. * @param - iot - The expected correct result.
* @param - int - The actual result .
Example of a T est Summary Report (Section 4.3 * @return - void
of the Personal Softwa re Docume nti o n): Elleoll.'''' * @exception - None
CbaraeICT_T lSI_Summary _26_111'_' 999 doe There are no preconditions. The postcondi-
This test was executed by Joh n Jones at 2:00 tions afe that a fi le has been written to the destina -
P.M. using release 1. 1.6 of Sun's virtual machine . tion indi cated by the FiitWril" input parameter. It
Subject to the anomalie in the test incident report , conta ins the test description input, the expected
the results were 100 percent pass o n the bui lt -in unit result , and the actual result, each clearly indicated.
t<st methods. These met hods were inserted by The test code is shown in Listing 26 .11 .
testEncounterCharacterClass(classOutputFileNameM) ;
} catch (IOE xc e ption eP)
{ System . out . println (eP) ;
}
//2 . EXECUTE TESTS WHICH DO REQUIRE HUMAN INTERVENTI ON
Frame [) imageTests: { // Display test cases
new testCharacterImage ( // Missing image
new Enc o unt erChar acter ( " GuyWi thNoImage" , null ) ) ,
new testCha ra cterImage( // Image is present
new EncounterChar acter ( "E lena ", " e lena . gif " ) )
} ;
for( i nt i = 0 ; i < imageTests . length ; i ++) (/ / Display each t est window
image Tests [i) • setSize (400 , 250) ; // Adequate size for char acter
System.exit(O ) ;
}
/ ** Tests this class by executing its methods in combination
* @param destinationP Location to write results
* @exceptio n IOException I f there's a problem opening or accessing
* destinationP
*/
26.6 SUMMARY
Thl! Ilrs! tl!P in unot testmg is Identifying units and dl!termining what they arc intended to do. This
comes from one of several sources, the SRS, the SOO . or else a motivation tOO minor to specify in the
DO. For methods arising from design, we may not possess explicitly stated requirements against which to
pl!rform tests.
A systl!matic approach is required to effecti vely implement unit testing. In this way, as man y errors as
possibll! at as serious a level as possi ble can be d iscovered within a practical time period and usi ng a prac tical
amount of labor. The Arst ste p is o rga nizing the testing-typicall y methods are tested Arst, followed by
classes and packages.
The extent of testing should be considered and defi ned in advance. Test cases are selected from one or
more categories of tests, both fro m no nnal ex pected operation and those judged most likely to fail. Stopping
criteria are established in advance; these are concrete conditions at which point this particular testing process
will hi! considered done.
Depending on the problem space of the software , there is ofte n a set of test data that is pecific to the
application . If applicable, obtaining and usi ng this data must be planned .
Unit testing is typica lly conducted by deve loper , as they arc the most fa miliar with the structure a nd
organization of the code under test. H owever, un it testing is sometimes conducted by a separate organizat io n
such as QA because of their object ivity . Th is requires extra time fo r the new o rganization to learn the
software desig n so they can successfully executed the tests .
As with other phases of development . metrics are co llec ted during un it testmg. Metrics collected
include number of test cases, number of tests per test ty pe , a nd percentage of fai led teSts.
There are several d iffere nt types of white box and blac k box testing metho do logies empl oyed during
UOit testing. White box methods include statem e nt coverage, branch coverage, and path coverage . Black box
methods include equivalence partilionin g and boundary va lue analysis .
When testing the methods o f a class. a strategy is required to ensure proper test coverage. Humphrey
recommends u ing a checklist that includes Ite ms such as usi ng no m1al parameters, parameters at their boundaries,
illegal values, handling of error conditions, path coverage, loop termination , timing, and hard,,'are dependencies.
After the individual metho ds of a class are tested , the class as a whole is tested . All of the class methods
are tested in combina tio n. Th is is because the methods of a class are freque ntl y interrelated as they may alter
the values of common class attributes. Focus i placed o n eque nccs likely to be comm o nly used and
sequences that appear most likely to contain defects. If an ohject of a class transitions th roug h several states,
s!ate·based testing is emp loyed .
An effective method fo r performing unit testing . a nd to build q uality IO to a n Impleme ntation, i to
specify the tests that an implementation must pass btforr wri ting the code After " 'fi ting a te t, one adds to the
Implementation until the test succeeds. This IS called ',s ,·dr",,,, dwt/op,""" (TOD ). T OD IS ofte n associated
wi th agile developme nt, but it is usefu l for a ny deve lopme nt p rocess.
26.7 EXERCISES
t. In your own words, d escribe t he difference between white box and black box te ting . Why is each
Important and ncccss ary ~
2 Why do you think unit lesting is u,ually co nduc ted by lhl' d~vcloper ,vho Impleme nted the unit]
Iitriangle and returns either ' ' scalene " (all sides unequal ) ,
, , isosceles" (two sides
• • •
4. Explain why testing every line of code for correctness (i.e., 100 percent statement coverage) is
generally insufficient for ensuring that a program is bug-free . Give an example of a defect that can
go undetected by tests that have 100 percent statement coverage.
5. Why is path coverage a stronger form of testing than statement coverage7 Give an example of a
defect that would be detected by path coverage but not by statement coverage.
6. Draw a program control graph for the method adju' IQuality() of listing 26 .4 in this chapter. What
is its cyclomatic complexity' Explain your response .
7. Write the code for a class Accou"t with attribute balan", accessor methods, and method add() . Assume
that Account has states Sound, Empty, and Arrears, and that these are implemented using the State
design pattern . Write a complete set of unit tCSlS for Account, including statc·oncnted tests.
8. In test·first development, why is it imponant to execute a unit test to ensure that it fa,l s before the
code it is testing is actually written ]
9. You intend to implement a Recta"gl, class using test-first development . Suppose the class is defined
during design with the following characteristics,
Write. unit test class to test the as yet unwritten class Rt<ta"91t Next write the cod t I
" e a ,mp cment
h I.us.
tee
BIBUQGRAPHY 665
unit Tests
Perfoml full unll te ts on two signi fica nt methods of your applica ti on. State how long individuals and
th~ whole team spe nt o n de velo ping eac h part of these tests. and how the proce s yo u used could have
been improved.
Evaluation criteria,
( I ) Degr~e of clarity of th e plan
(2) Ext~nt to wh ich the plan and test include all relevant aspects of the unit tests
(3) Realism of the self·evaluatlon data and improvement plan
BIBLIOGRAPHY
I Rapps, Sandra and Elaine J W(:yuk~r. "SclC'C IIIl ~ Software Test 1)313 Usmg Datil Flow In (o rm all on," IEEE Trnnsnctto"S on SojlJD,m
&.g'''''"''9. Vol. II . no. 4. 1985 . pp 367-375
1 McCa~. T J.,·A CompleXity Measurc,- IEEf Tr"tI~lCllOtl5 "n 5"jlll.tI(( E"9H1etrltl!/. SE·2, no .. ( 1976), pp 308- 20
3 Humphrey, WaItS S , "MtJI'I49 1119 rl,( Software P'ocr<~ (SEI Srnri m SO/IU)n rc £"9'"(("" 9)," Addr so n·Wt."s lC'y. 1989
4 jUnll org WW'W jun.t org [acccs.:.ed 12/ 14/09 J
S Myers Gle nford J 'Tht Art of SO/I U1.trt TrS fm9." John Wiley & So ns. 1979
Module and Integration
Testing
Planning
• How do you test a class?
-
Impleifbl nt8tJon
• What is big bang Integralton?
Incremental? Bottom-up? Top
down? Continuous?
Design
• How do dally bu ilds facilitate
continuous Integration?
This chapter dlscuo;",co; tes ti ng beyond Unit IC')llllg-to the module level and to the Inl cgr\luon of
modules. Vil e bc:glll by discussing class tl.-sung. Cia'S tc')tmg I con,\1dcred by some to be beyond lImt It''Stln~
and by o thers not so
Integration IS the process of assembhng partS to (om, a whole As 3 phYSIcal illustration of thl< o nn.pt .
consider Flgur( 27.2, which IlIuslra tC' the Integ-ration of J ~uspcns l o n bridge . The order of Inlcgr.1tlon and the
STUBS AND DRIVERS ..7
Figure 27.2 The meaning of "Integration" -an analogy from bridge·building, steps 1 through 6
manner In which rhe part are te red toget her IS critical for rhe co n,tructio n of the bridge For exampl e,
as cmbling ir in the wrong order wdl lead to longer construcrion times, o r worse, a defecti ve bndge u h
issues are equally important for the integration of sofrwa re sy tern,
likeall engineering artifact , software systems must be bui lt fro m parts. Each part is deve loped and unit ·
rested separately. The whole i then assembled , /''',gralloll is the process of assembling these parts and te ting
the result to ensure that they work together correctl y. A part of a software system to be Integrated can con ist
of several lines of code, a whole method . a class, o r an en tire subsystem
Aglie melhodo logies use co nti nuous integration and dail y budds as much as possible. We dIScuss th ese
on this chapter.
An example of a class tc t IS provided In ne case study sectio n. In ano ther, an integratio n plan"
descnbed. Both of rhe'e apply to the Video game example u,ed ,n thIS book.
Consider the coordination issue, a,sociated w,th Integrati ng the parts of an application show n in Figure 27 .
~eral of the part depend on each other yet mu'i be put together ,n some order. \Y/e u'c ,rub, an d drivm for
thiS purpo e
Simple stubs Were Introduced ,n haptn 26 We e 'amine th em ,n more depth here for Integration
t"'"ng, and we also int roduce drivers The left·hand co lumn of F'gu re 27 4 <ta'" the proces, by sh \ mg the
tvtntual, dc" red conllgura tl ol1 01 three Item' or an applicat,on that InU,t be l11teg raled (The item ' ca n be
classes or package of cla<se, ,)
If our goal IS bottom · up Integ ration (dcstnbcd In detad I·n e tI n 27.33 ) thl'n we nN reate the Item
alone 111 Iter BU-A and le,t It thoroughl y alo ne However, a !lood ,,;t of Ie'" tri e< to repr du e Ihe mall/wr ,n
which the Item wil l be used For that reason , we create a "ub (step aU-I>), which" ,ubqanlla l en u~h 10
~tr,,'ie Item I but IS otherwt>e as mode't as po" ,hlc.
If Our goa l IS top· down Int wa tlon (dC'Lrtbed In detad ,n ctl ,on 27 3 4) then we fiN reate ,Illb, "'
Step' TD .• and TD-b These ar ,ubs"tut", (or the Ite.m th at arc ,ul"t. nl,,1 l'nollllh ( r Item I to he lested
(,te" Ti). C) but ot hcrw,, ' req",'e as lilt! . dfort ;" pr",, !>lc
•
uses
TI,,,,c remarks appl y just as much to the development of items In the first place as to their integration
and lesting .
Ah'er testang the individual methods of a class, we can move on to Ie ling the class as a whole. This amoun ts to
executing tts methods in combination or subjecting: objects of th(: class to event such as mouse action. Rt"Call
that the method of a class are frequently interrelated because they may alter the value, of commo n variables
For example, in an Aceo",,1 class, the methods J,posil () and Ul.lhdw wO would both alter the Imlun , van.ble. If
TESTING A CLASS 669
dtpoiilO "ere coded in terms of flool , for example. but uJi,/,drauJ() in terms of doublt , the tester may not notice
anything "rong in testi ng each indiVidually. For this reason . It may not be sufAcient to know that each
method has been individually unit·tested .
nlere are several complementary ways of tes ling classes, as shown in Figure 27.5. Each is discussed in
this seclio n, and several are illustrated in the case stud),.
Each method combination test consi sts of a seq uence of function calls. For the class fll eouHltrebornCI", for
example, the methods in Table 27. 1 would be tested in sequences.
We concentrate our testi ng resource o n the following :
Table 27.1 Example of a class test- labeling methods for use in combination
Abbreviation Method prototype
aq adjustQuality(String qualityP, float qualltyValueP)
d deleteFromEncounterCharacters(EncounterCharacter encounterCharaC1erP)
ge EncounterCharacter getEncounterCharaC1er(Strlng nameP)
gq float getQualltyValue(Stnng qualityp)
gs float getSumOfQualitlesQ
gt float getTOleranceQ
10 Int IndexOf(String qualltyp) throws Exception
II InsertlntoEncOunterCharacters(EncounterCharacter encounterCharacterP)
m Int maxNumCharslnNameO
sq setQuallty(Strlng qualityP, float valuep)
670 CHAPTER 27 MODULE AND INTEGRATION TESTING
There are, in fact , IOAnitely many sequence> of methods, because every met hod con be repeated any
number of times. A procedure must be employed to make the number feaSible . For example, a tnage approach
can be usefu l 10 identifyi ng common sequences. A given sequence of methods ca·n be C<1!ego rized as either
most likely or least likely to expose a defect. Otherw.se, the sequence IS consigned to the "neither" category.
All of the "most likely" tests are then executed , together with as many of the "neither" category as possible.
n,e "least likel y" are executed if there is time.
The process 01 adjusting quality va lues in the Encounter video game is relatively complicated. The
following is an example of a sequence apparently more likely than many to harbor defects.
g'-"l -aq-'q-aq-gq II g" characler - sri a quality - adjusl qualilirs - sri a quality - ad!,'" qua/.Urs - g" quality
\'(Ie will assume that the methods have been tested IOdividually, and we'll concentrate o n sequences of
methods that aflect the others. Figure 27.6 shows how the methods in the example chosen rdate to each
other through their effect on variables. Steps I and 2 affect the value of the conw,'rolion vanable. Step 3 affects
the value of " ""gl/'. In Step 4 . the "amina variable is an input to the adju"Qua/ity() method, which uses this
value (and the current value of co"crJltrntio~l ) to change the value of Cotlct'llration . Thus, each method in the
sequence sq-aq-,q-aq affects the outcome of a later method. The interaction among seemingly simple method.s
can be quite complexi
The case study of Chapter 26 shows these tests in action . The sections that follow discuss ways to tame
this complexity 01 choices.
Attribute -oriented tests focus on variable changes, and create method sequences that effect them . A simple
example for an Acco""t class is to have the balance grow and shrink to zero. To do this, we could execute
t he sequence ",Ba/aH"( 50); addToBalan,,( 70) ; d,ducIFromBa/a"er( 120); g,'Ba/aller() . \'(Ie va lidate the predicted
balance. The example in Figure 27.6 can be designed as an attribute test, focusing on the variable
(O"'"ltraflon .
5 . agoc.adjustOuatity( "concentration"10 )
As described in Chapter 22, class invariants are constraint among the attributes of the class that must remain
nut alter the execution of every method. A class invariant te t conSists of executing a seque nce 01 methods
and validating Ihat the invariant remains lrue. For example, suppose that a rule of the bank is that overdrafts
~re capped at $1 ,000, including the assets in the customer's avings, and IOtal assets per regular account are
capped at $10,000,000. The invariant of the Accolml class would be something like the lollowing.
As we have seen, the instances 01 a class ca n often be usefully thought 01 as transitioning among states in
response 10 events. We should therefore test such classes in terms of' their state. For example , let us test the
class Enco,,"lrrGame. Figure 27.7 illustrates the first steps In the testing of the application's state transHions .
The complete state· transition test is shown in Figure 27.8.
The numbered steps denote a typical event sequence for causi ng a meanin gfu l sequence of events. One
lest would thus consist 01 sti mulating the system so that it transitions through thi s sequence. The tester would
also introduce events that do not apply for panicular Slates 10 ensure that indeed they do not affect the
application .
To design and execute state·oriented testing requires significan t time, especially because extensIVe user
inputs are required. Tools arc available that record user interactions with the system and that can reproduce
test step 1
Preparing
Verify that the game is
initiallv in Preparing state
(by checking on the class
Player member gameS/a/e/).
dismisses
qualities menu
Wailing
test step 1
test step 2
........... .--/
Preparing I~
Verily that the game Is
Dismiss the quality Initially In Preparing slate
menu, and verily that (by checking on the class
the game Is in Waiting member gameStatel).
Player
slale. dismisses
qualiries
menu
test step 3
"- ,./
Move the player
character to an
adjacent area, and
verily that the Move to
adjacent - - -
game is still in area ---'
Waifjng state.
these actions In addi ti o n, assertion checkers ca n be embedded ,n the code to verify that the system is in th e
slate it is supposed to be.
27 .3 INTEGRATION
Thi s section discusses and compares various types of Integration , and is summarized in Figure 27.9. It starts by
co mpanng b ig bang inlegration with the inc remenlal style that IS generally recommended ( when it's
po sible), The extreme (orm of Incremental integration is COll titlU OUS integrati on. The last c1assincl:Ition
d iscussed is between to p · down and bottom · up sty les. Projects o ften mi x these ,"teg rati o n and testing styles,
depending on the n3rure of rhe projec t
Test Incre".entallnlegration
modules
IndMdually
IApplication I
'/
c-
Unit Unit Unit ..... • ••• • • • • •• • • •• • Unit Unit Unit
Big ba.gintegration consists of creating modules in parallel and th en assembling them in one operation . A
form of this is illustrated in Figure 27. 10 Although big ban g testing redu ces or eliminates the need for test
drivers and stubs. thi s beneAt is usuall y far outweighed by the complexity and co t of fault isolation. Since
many modules are integrated at o nce. i t IS frequ ently difAcult to locate the source of defects .
As an example, consider a sys tem that moni tors th e health of at ·ri sk patients as th ey go about their daily
lives. As illustrated in Figure 27. 1 I . the application ca n be th ought of as deco mposed into a m odu le that
Individual Health
Monitoring Applicalion
Module 1
uses
uses
Module 4 Module 3
uses uses
Module 2
handle the collection of data fro m patients, o ne that analyzes data for sp('ci flc diseases, o ne that handles
emergency notiRcations such as calls to the po lice, and a o n. it makes a g rea t deal of sense to develo p these
modules separa tely For example, \\'!hy no t develop th e diabetic analysIs in an orga nizat ion specia lizing In that
Acid, an d ha ve emergency no ti fica ti o n d eveloped by a company with expe nence in writing such software
reliably Some modules may be effectively written b), skilled teams worklllg anywhNe , geograp h ica ll y
speaklllg. Although continualllltegra tion , described below, is preferable in gene ral , it ma y not be practical in
a case like thi Each h ig h · level mo dule and its subsidiaries ma y ha ve to be devel o ped separately, and then
IIltegrated III big bang fas h io n.
The Integration and .estin g of mo dules illustrates the wisdom t,f desig ning so that dependenc ies arc
noncyelic. In o th e r words, we try to avoid architectures in which a mo dule depe nds o n itself. Figure 27. 12
illustrates suc h an architecture. We can't fully test an y pair of mo dules al o ne, O ur o nly c ho ice is to use stubs or
to test all of th em together, which multiplies the po tential for hard· to·R nd and hard -to-Ax defects.
owa days . software integra tion typica ll y proceeds 10 an incrcmt. ntal manner in whIch softwa re modules are
developed and assembled into progressively larger parts of the system, This is known as i"a"""".1 i""gra'io"
( I ). Gradually building the system means complexity increases incrementall y, making it easier to isolate
integra tion problems Incre men tal integration ommences when the first tWo pans of an application arc
developed, and continues until all its part s have been integrated into a complete sy tern , at which time system
testi~g comme nces. Stub and drivers arc employed during this process.
Throug ho ut th e integration process, software "builds" may be crea ted that foml the e merg ll1g ystem , as
Illustrated in Figure 27. 13. Befo re adding new mod ules, integratio n tests arc executed agai n t each build,
ensuri ng th at the build ",arks correctl y. Figure 27.2 Implies that mo dules arc developed and integrated in
some o rd er, but does no t sugges t how the o rder is determined , We u ually determine the Integration order b)'
ba ing it on the desig n of rhe sy tern . Two common met ho ds are bOl/om-up and lop-dOlPH , and eac h must
account for dependenCies between the modules mak ing up the desig n.
Suppose that an application consists of the modules and dependenc.es as hown III Figure 27, 14.
In bottom-up Integration , modul« that are most depended o n are developed and inte"rated ., •nrsl. Th en
the modules that depend on t h em are integrated next, .nd so on In FIGure 27, 1-1 , this implies th.t Module 3 i<
developed first , si nce it is at th e "bottom" of the dependency tree Modules I and 2 arc integrated nat with
-.
,. .'.
.•. ~. ; ••.h-
.
~
"
~-'~
.... ..
RII!'d
BuIld
Un!! Uni!
Module 4
\ uses
Module 1
uses
uses
Module 5 Module 3
uses
Module 2
Module 3 since they depend o n II. Modules 4 and 5 arc integrated lasl. Integrating in thi s manner is illustrated
In Figure 27. 15. An advantage to th is approach is that It reduce< the need for stub si nce dependent modules
Third or fourth
Module 4 Module 5
Module 1
Module 2
uses uses
- -I First or second
EncounterGame
EncounterGame
.. Iacade ..
getTheEncounterGameO
getStateO
--< setStateO
Er'I»'Hlt&rChar8cters
lr
c
1 handleEvent()
EncounterCast EncounterEnvironment
.. facade-
getTheEncounterCastO I*-
getThePlayerCharacter() EncounterEnvironment
getTheForeignCharacterO .. facado ..
setLocationO
Area
EncounterGame
uses
uses
EncounterEnvironment
__------ uses
EncounterCharacters
EncounterGame Second
uses
uses
EncounterEnvironment
uses
EncounterCharacters
Next, we apply the principle of bottom · up integration to derive an integration order. Th.s tell s us to firs t
te5tthe integratio n of EncoII"'trEnoiromn,,,' with E" Oll"'tr /larnrlcrs , and then to integra te E"colln'trGmnr. Thi s is
.lIustrated in Figure 27. 19.
Top ·down Integration is the opposite of bottom ·up, Modules at the top of the depende ncy tree are developed
first, with integra t.on proceed.ng down the tree . Th.s rype of Intq;ranon requires a cons.derable use of stubs
since dependent modules are nOI yet ready for Intcgrallon . The advantage of top·dow n '"tegTalion i that
modules at the top of the dependency tree arc typ. ally h.gher level fu nctiona hty of an aDpl. allon , su h a
user interfaccs, and are te ted early in the .ntcllratlOn ~y Ie. n,i< prov.des an early fee ling for the appli ation ,
1110lolin8 time for .mportant mod.f.cation,.
F,gure 27 20 shows the lop ·down .ntegration order of En ounter. Th.s tell s u to Ar t te t the .ntcgrallon
of EnCO""'rrG"mr w.th E.ICollnlrrEnviro","tIll , and th en to .ntewale E"(Ollllln Ch"", 1m.
678 CHAPTER 27 MODULE AND INTEGRATION TESTING
EncounterGame Ar51
uses
uses
EncounterEnvironment
uses
( second) EncounterCharacters
Top-down Implementati on . '"t<gratio n, and lCSling has a long hiSlory. In the very early days of
computing, programmers reveled in the exci ting thin gs the y could do WIt h softwa re. Programs tended to
explicitl y Iransfer co nlrol rapidl y fro m one place in memory to anot her so that th ey became very difficult to
,h,
debug and extend. In a famous letter to the editor of the (o,"m ull ica"oll. oj A( M [ 2], DijkSlra suggested the
begin nin gs of what he and ot hers deve loped inlo ,'ruc'u"a program11tillg . This called for a hierarch y of functions,
with hi gh · level functi ons cOll1i ng lower level o nes. Thi s remai ns an important part of what software- engi neers
do. T op· d ow n integratio n calls fo r the deve lopment of th e hi g hest leve l functi o ns, ca ll ing stubbed subsi diary
(unctions.
Return ing to the analogy wit h bndge co nstructio n of Figure 27.2. in top -dow n think ing-and
integration-we view and test first in th e large ("suspensio n bridge") and o nl y th e n begin to fi ll in the
rest in increaSIng level of detail Continuing the analogy. we'd test a mod el of the suspension bridge fo r wind
. nd simulated load reaction, maklOg gross assumptions .bout th e parts of the bridge (the analog of stubs )
O nl y then wo uld we test the parts.
Sandwich Integratio n is a process by w hich o ne integrates from the bottom and to p more o r less at the same
time , introduci ng stubs for the intervening classes as o ne does this Suppose. fo r example, that we wa nt to
integrate (h e class Forri9nCharacttr, which is at the lowest level in Encou nter, and EnCOUHltrGamt, which is ar the
highest, without havi ng to worry about the intervening components for now. T o have FO"'911Charac1" and
E"colmkrG~mt coexis t, we can introduce stubs (or the intervening classes. For example, in Figure 27.21 , we Ars t
have Fortl9n Cbaracttr work with a stub (or EncolmlrrCbaracttrs , then one (or E"CO,mlrrE,1IJi,."mmcH', then E"coulflcrGatftt.
We don't count the Introduction o( stubs as true integration, so the only step th at's trul y integration i n this
exa mple is the last. It integr.ltes from th. top and bo tto m Simultaneo usly.
(oll ,illuou, ;II" 9ral;01l is a ty pe of .ncremental integr.ltion in which small amo unts of code are added to rhe
baseline (the currentl y state of the application ) on a very freq ue nt basis. Intervals arc often. freque nt.s da.ly
(see Section 27.4 ), and the newl y integrated code does not neces arily correspond to a completed met ho d or
DAILY BUILDS 679
EncounterGame
uses
uses
\
EneounterEnvlronmentSTUB
b
.- uses
EncounterCharaetersSTUB
a uses >1ForeignCharaeter I
Figure 27.21 sandwich integration testing in Encounter, in order a, b, c
class but can be smaller. As long as the code is unit-tested and does not introduce errors in the baseline , it can
~ integrated into the baseline. Continuous integration is one of the twelve practices of Extreme Program-
ming (XP), as we described in Chapter 5. However, it can be utilized even if a non-agile process is being
followed.
27 ,4 DAILY BUILDS
During incremental integration we build the software and regressio n-test it at regular intervals. Regression
testing is designed to ensure that recently added code does not compromise preexisting functionality .
Depending on the phase of the project , builds ca n be created weekly or even as often as da ily. Daily builds are
often used at the tail end of projects when last·m; nute additi ons and changes are required. They are also used
during mai ntenance . Figure 27 .22 shows an example schedule of overnight regressio n testing for an
application approaching release .
Figure 27.23 illustrates the da ily code integration process. This kind of daily integration and regression
teSt schedule was reported by Cusumano and Se lby [3] as being utilized by Microsoft, for example.
Referring to Figure 27.23 , a daily code freeze time of, typica lly, 6 PM is established, after which no new
code is accepted for that day. The software system is then bUilt and run , and regression tests are executed on
week
23 24 25 26 27 28 29 30 3'.
release
Run
Regression
tests
development development
the new budd between 6 I'M and 7 AM . If a problem is found with the ne'" bui ld , it is assumed the defect lies in
the code that was checked in during the previous da y. This makes the job of problem isolallon and resolution
easier than If a longer time Interval had elapsed between bu ilds.
l"'''facr validate the interface of each module from the viewpoint of the ir usage by a client. These can be
ItS ls
conducted, to the extent possible , prior to the in tegratio n of a module (with necessary stubs); and then after
the integratio n of the module (With, typicall y, a reduced set of stubs). The Facade desig n pattern can be used
to faCilitate Interface testing. A faca de object IS created for each class o r package , provi ding an implementa·
li on of its public interface . Each method in the facade checks its input pa rameters to e nsure they are passed
correc tl y and rc turn ~ a predetermined response. Thu s, the ca ll er can test its interface with a module without
knowledge of whether It is usi ng the facade or the rea l implementati o n. This makes problem discovery and
Iso lation easier Let 's n:turn to the: Video store as an example. Figure 27.24 shows the module decomposition
for this appitcation .
DVDs
DVDRentals
DVDAccess
.. f8csde -
VideoStore
VSCustomers DVDsRented
DVDCustomerAccess fE-
.'.c.,OO,. o ..n
Note that the metho d griD VD() returns a Rnllalflffl1 o bject. The Rn.tnlItcm class is a public fram ework
class, and so IS accessIble to all o bjec ts. Th e9ttDVD() method ca nnot return a DVD object because the DVD
class is hidden fro m clie nts of the DVD, package. The interface test executes interface methods with test
cases. An example is the fo ll owi ng,
•
DVDgwtw=newDVD ( "Go neWithth eWi nd" ) ;
For the DVDRnl tais package, which does not use Far(/d, . the interface is the collectio n of meth ods of
member classes. For example , the class DVDR,ntnls expo es me thod such as the following fro m the
DVDRtntal class.
An Interlace Test:
DVDs
DVD gwtw • new DVDI "Gone With 'he W.ncf"):
Once In terface teSlS are completed , we ca n feel conRden< about th e interface between modu les. We are then
ready to test their interaction more completel y wit h in tegration Itsts . An integration tcst focuses on the
additional functionality gained by assembling modules.
Now let's i,llegrate fully functional ve rsi o ns of the DVD, and V5Customm packages . To perfo rm
integration tests , we identi fy the added functlonaliry that thi s integration provides-in thi s case, the
additional functionality that the DVD, and V5( ullo",,,, package< provide . In parti cular, the methods of
DVDRrnla', wh ich were using stubbed facade meth ods in DVDAccm and f)VI)CullomcrAcctSs , now use
fu ll y fu nctional versions . The methods of DVDRtIIln' ca n now be fully tested . The same app lies to all
classes in DVDR,"'a', . listing 27. 1 is an example of a met hod in DVDRt>ltn' that IS part of thi s
integ-ration test
Ustlng 27.': The getDVDRentalO method, which becomes more operable after some integration
Rental getDVDRental ( Rentalltem aDVD . RentalCustomer aDVDRental
Customer)
{
/ / Check that aDVD is in the inventory
DVDAcc ess theDVDAccess = DVDAccess" getTheDVDAccess ( ) ;
i f ( ! theDVDAccess" islnlnventory ( aDVD ) )
return null; / / or some other error indicator
CASE STUDY: CLASS TEST FOR ENCOUIIITER 683
Usting 27. 2, whic h fo ll ows, IS a test fo r th e Enco"n ler llaracler class and comple te the Encou nter case study in
Chapter 26 .
" ge - aq-so
" qe-sq-a-qq
• • • • • •
"I
I *TestCl:ge-aq-so"1
En counterCharacter eCIM = new
EncounterCharacter ( "CharForTestCl " ); I I method "ge"
eClM. adjustQuality (QUAL_STRENGTH , 40.0f); Il aq
TestExecution.printReportToFile(outM,
"Class test ge - aq-so", eClM. sumOfQualities ( ) , 100.Of ) ; Ii so
TestExecut ion .pr intReportToFile ( outM, " Class test ge-aq-aq-gq-so: part 2" ,
eC2M. sumOfQuali ties ( ) , 100. Of ) ; I I so
1* INVARIANT-ORIENTED TESTS
"Check for the invariant "qualValueI [i) >=0 "
* -- after executing the sequences of methods executed above
"I
bool.'n truthM ::t.l:Uei
~or( in. i = 0; i < qualityTypeS .length; ++i)
{ I " Set trClthM false i f any entry in eClM. qualValueI not >= O· I
truthH=truthM&& (eCIM.qualValueI[ij »=O .Of ) ;
)
TestExecution.pr intReportToFile (outH, "Class test for the
invar iant qual ValueI [il >=0 I
I truthM tzue ) ;
II , I
/ *TestsforgetEncounterCharacter() */
EncounterCharacter eCNorM = n.wEncounterCharacter ( "qwerty" ), // normal
TestExecution.reportToFile(outM,
"Get Character Test 1: nominal value", eCNorM . getName( ) , "qwerty" ) ,
II Nominal value
hank.setQuality (QUAL_STRENGTH, 10.3f ) ;
TestExecution.reportToFile(outM, "setQuality (} Tes tl:nominalvalue",
hank.getQualityValue( QUAL_STRENGTH), 10.3f ) ;
// Conclude
outM . close () ;
System . out .p rintln( " \nMet h od tests of EncounterCharacter
class conc luded . " );
}
/** Basic constructor -- cr eate a window for test ing some char acter ' s image .
*@param characterP Character whose image is to b e tested .
*/ testCharacterImage ( EncounterCharacter characterP)
{
"ljor (c haracterP.getName()) ; // Do all normal Frame initialization.
characterI=characterP; // Rememberwhichcharacterwe ' retesting .
}
Build 3
EncounterGame
>l EncounterGame
Build 1
-'
EncounterCharacters
EncounterCast
j
Build 2
•
./
EncounterEnvironment
\ I;
EncounterEnvironmenY1!
.
""
Figure 27.26 Integration plan
Inlegratkm Plan r,
0
1
GameCharacters
Err.;Q.ltlt~
«framework package»
r _"""
e,"'(J'''o{",N'''''',.r\~2
GameCharacter -'
&...-....e-,."..Q" . ... I
Encounter Characters
EncounterCharacter
EncounterCast ~ PlayerCharacter
. facade -
- singleton -
ForeignCharacter
Integration Pip"
1 r'>L!( . ... I
GameEnvironment
~
I (J'!CO 'IW C • A
,. •
GameAreaConnection ;<;
t
GameArea I~
1<
L ~
GameCharacter
GameLayout
~
~
Area
EncounterEnvironment EncounterCast
«facade » ~I
«Iacade~'
~
EncounterEnvironment
Build 2 is shown in Figure 27.28 . Bu dd 2 conSlSlS of The fll CoIIII,,,Gllm, package and its Ro/,P/ayillgGarro,
the EH CO lltlltrfu pjrollmhlt package and the GtlmtEIIIJlr- framework package arc no t present because the a~
part of budd 3.
0"'"'''/ framework package . logelher wil h Ihe first
build. The GamcEHPlfoHmcnt and the En Co lmttrEtlVirorl -
,""" packages use the build I Gam,Charac'tr and 2.3 Integration Build 3
f" colm'"Cas' classes, respective ly. Courtyard, dun -
geon , and liVing room are examples of areas. Some The fi nal build, build 3, IS illuslraled in Figure 27.30.
of Ihesc areas are connecled . For example, there is a Budd 3 consi Is of Ihe fllco""" re""" package, ItS
connection between Ihe dressing room and Ihe Ro/,P/aYIHgGmnt framework pa kage, build I, and
courtyard bUIld 1_
CASE STUDY: ENCOUNTER INTEGRATION PlAN 691
Characters GameEnvironment
. framework package _
- framework package.
EncounterCharacters
EncounterLayout
~--------------------1
i
I £ ~ __ _ _ __ ______ ____________ • !
-~-----=-_£".:==~-=-=-:...-=.:=~---=--=~:.--=--:.==--.:.===--.::--== --------- --- -"l
II~ «singleton» Engaglng
' Wal'tl' nn I
~
handleEventO handleEventO I
I Engagement
I ----'
I
I
I1_ _ _--...: '---_ __ __-L..._--, !
Reporting Preparing I
I
handleEventO handleEventO I
EngagementDisplay I
I
I
- .--- --.- -,,- - -- - ----- - ----- - ,- - -- -- - - - -;---------------..
: EncounterGarne :--1
L ____ __ ___ _ ____ _ _ _ _
I
Key: Domain class I
Figure 27,30 Build 3 for Encounter (Includes bulla' and build 2, not shown)
692 CHAPTER 27 MODULE AND INTEGRATION TESTING
27.9 SUMMARY
Int08"'tion rders to the process of assembling the pans of an app licatio n and testing their Interactions 10
ensure that they work tOKether correc tl y . The parIS that arc integrated can be as small as a few IIIK'S of code or
as large a ;} subsystem.
Two overa ll strategies for integra ting th e parts are IIIcnlrlrntal and big bmtg In incremental integrati o n, th e
system is built step by step in relatively small increments. As soon as a part of the applicatio n is developed it is
Integ rated into the basel ine. In big bang integration . the parts of the system are developed first and then
are ",tegrated toget her in o ne tep. This approach ca n lead to man y problem s and i usua ll y avoided if at
all possible.
A com monl y u ed tech nique is to build and test the entire code base on a reg ular basis. Earl y in projects the
interval an be weekly, but atthe tail ·end it can be daily. Co nducting daily builds ensu res that any problems that
arc uncovered can be isolated to recentl y added code . si mpli fying defect isolation and reso lution
The Facade design partern can be used to facilitate interface testing between modules . A facade stub
object IS created that implements the public interface of a class or packa ge O ther modules test their interf"ce
wi th that module, and the facade object checks that it is being ca lled correctly and retu rns a predetermined
respo nse. Once the interface is tested, the faca de is replaced wi th the real modu le and the modules are tested
further.
27.10 EXERCISES
I . In your own words, describe incremental integrat io n. Name and explain two ben el1ts of
incre menta l integ'ration .
2. In your own words, explain how a project schedule is affected by the method of integration used on
the projec:.
2A. Consider the health monitorin g application described in Figure 27. 11 . Describe wit h examples
how yo u would integrate it bo tto m· up and how you would test the integra tion process.
3. In yo ur own words, describe how boltom·up integration works. list and ex pl ai n two advantages
and dISadva ntages of bottom·up integration .
3A The case study in Section 27.8 does not deSCrIbe a continuous integration process-but
suppose that the document did prescribe one instead. What would that document say7
4. In your own words, describe how to p·down integrati on works. list and exp lain two advanta es and
disadvantages of top ·down integration. g
5. Consider a poi nt·of·sale system th.t is under developme nt. Assume that th-.... h ard ware p Iatfarm an d
device drivers that control it are brand new. The rest of the software 's b . d fr
. . Wh " I emg porte am an
eXlStmg system . at appropnate method of mtegratio n might you rec d be
om me n used and
wy7
h •
6. In your own words, explain how daily builds facilitate the isolation f d ( .
a e ects In a build.
7. Figure 27.31 shows the architecture outline of an application th t ' I h
. b k P 'd I fo .. a 51 mu ates t e movement of
customers In a an . rovi e a pan r bUilding and integratin g th O I"
IS app ICtltlOn .
BIBLIOGRAPHY 693
BankSlm
BankCustomers
~
.facade- I BankCustomer I
Pending Events
executeNextEventO
Number
~
ufacade»
getNumberO
BankLayout
BankLayout
-facade »
BankEvent
Teller
BankEvent
ccfacade'l
IQueue I executeO
TEAM EXERCISE
Integration
Obtain proj ect speci ficati o ns from two other team s in the cia . s. Speci fy informa.lly a new appl icatio n
that contains significant cl ements o f these applicati ons. SpI' cify an integratio n plan to build thi s new
applicatIon .
Evaluatio n cri ten a:
( I ) Degree of clan ty of th e pl an
(2) D egree to which the pl an conlaln an appropriate o rder
BIBUOGRAPHY
I I>czu . M auro, dod Mlchill l Y(JunH, ., 0/111'£'" Tl\l'''!/II''11 ;\~U lyfl' p ' ()( t1 C, Pm,,,,,,,, jlllJ Trdmlllun," John \'(' ,I c)' ~ S('IO, 2008
2 U.,kstra, Ed'8C'r, - ( ,I') To t .. teme n, on" den:d " "rm(u ' " COWI III'HIlj, dhOn( 0/ ,/'t AeM Vo l II no 3, I (\8 Pf' 1-t7- 1"1l
i t...J,."m. no. M . ~ Ild R W Selby. ~ llow M. ro<\oit nUl ld~ ~oft .....arr .· ( O,"I'Ut" '( ""O"~ o} I/It Ar M v I 40 no O. 1997, PI' . l - b l
Testing at the System Level
Figure 28.1 The context and learning goals for this chapter
TESTING AT THE SYSTEM LEVEL 695
• p~rfonnance . ..
Tcst peed of appl,cation
• LoadlSli <55 ..•
Test against heavy event Ira ffic
• Rdiability and Availability ' "
Determine percenlage up · lIme
• Recovcnbility ...
Test ease with which application recovers from cra h
• Usability ...
IXrermine degree of user sa ll sfaclion .
• Security ...
Determine susceptibility to intended and unintended breache
• Compatibility .. .
Application compatible with ot her systems as required
• [nslallability . . .
Test ease of installation
• Serviceability . . .
Test ease of keeping up· to-date at customer si te
SySltm Irs ling follows integration teslIng . It consists of black box test. that vali date the en tire system
against its requirements. Once all other system tests arc successfull y com pie led, Ihe application is deemed
ready for the customer's acceptance testing (Section 28.4 .2). These are related to the requirements and to
metrics in that each test measures one or more metrics.
System tests are most often conducted by an independent group such as Quality Assurance . During
system testing, compliance with both the functiona l and nonfunctio nal requirements is validated. Recall fro m
Chapter 10 that functional requirements specify services Ihat an applicatio n must provide (e.g., ''fhe
application shall compute the va lue of the user's tock portfoliO .") . Nonfunctional requirements, o n the o ther
hand, descnbe a quality or behavior an application must possess. Examples of no nfunctional requirements
include performance , usability , and compatibility . Figure 28 .2 summarizes various types of nonfuncll onal
systems tests. Since system tests ensure that the requirements have been mel , the y mu t systematically
validate each requirement specified in the SRS , including each of the usc cases.
Whenever possible, system tests are performed on the applkation "Inning in its required environment
This is not terribly complicated ('or an application that is intended to run on a PC, such a a ca lendar program ,
although even for simple platforms we sti ll have to be concerned with complicating issues such as the versIons
of the operating system . However, many applications ca nnot be fully tested in their eventual environments.
This certainly applies to space-based applications, for example, with somc times d,sastrous consequences The
Mars Climate Orbiter spacecraft i a case In point. It veered of( course , resuillng In a lo -s of hundreds of
millions of dollars. According to Cable Network News, the Investigatin g board's chairman reported that
the root cause o( the loss of the spacecraft was a laded tran,lat ion of English units into mctTlc
units and a segment of g round . based , navIgation . related nll' ion so ftware .
T csting for thiS and other requlreme nls had to take place o n a grou nd -b.-cd Ie t bed.
In analogy to the two pronc lpal forms of rcq ulre m c nt ~.f'lll Iiollallnis leSt the fun 1I 0 nai rcqulrtmcn!> of
the system, and nonJullclionll/ INl s the qua"lle, and behaVIor o( the sy<tem The ac cptan e test'. validating that
696 CHAPTER 28 TESTING AT THE SYSTEM LEVEL
the- req ui re ment ha ve been ful fl llcd, makc up th e 111 311'1 functiona l tes t ~ct. The main nonrunctlonal tests arc
In luded in the <u ",mary of Figure 28.2. , Ild ,rc di sc ussed In th e re< t of this c hap tn
This chapter prOVides a number of mctrics as,;oclJtcd wllh these lest, It al 0 dlscusscco smoke le~tln8
( cctio n 28 .7.2 ). a kind o f rough regrcs>lon te<t. a nd tes tln ~ In th e presence of lig ht we ig ht (incomplete or
eve n nonexisten t) requ irements.
I . Encou nter displays th e fo reig n charac ter in the same area as th e player's.
2. Encoun ter exc hanges quality values between th e two c harac ters.
To test th is. we may begin playing the ga me unt il an engage ment tokes place and is o bserved. as In Figure 28.3.
Test Slep
-.:....:..2.:.•:. .:. :3. and
CUl1'entonJue
so
Step 5
-
Figure 28.3 System testing of Encounter video game Engage Foreign Character use case
FUNCTIONAl TBTING
As p.111 of te ting thi Us" case, we <eo that In tep 2 quality values are exchanged. We tum to the
detailed requirem e nt< (or qua lity va lues and va hdate eac h. The (ollowing is an example , taken from the
Encounter SRS .
Every game c harac ter has the sa me sct o( qualities. E.ch quality shall be a nonneg.ti ve Aoa ting-
point number w ith at least o ne deci mal of precI sion . These a re all initialized equally so th.t the
sum of their values is 100 . The value of a q u. li ty ca nnot be bo th grealer than 0 and less lhan
0.5. For the firs t release , the e qualities wi ll be CO)Jn'" frallotl , mttlligttlct, patitllct, sfa1tlHltl , and
strmgth.
3.2.ECI .2 . 1 Every ga me charac ter has the same se t of q ualities. Each quality sha ll be a
no nnegative Aoati ng ,pOi nt number with at le.st o ne decimal o( preCISion .
3.2 .ECI .2 .2 Th ese a re a ll initial ized equally 0 that the urn of thcir val ues is 100.
3.2.ECI .2 .3 The va lue of a qua lity canno t be bOlh gTeater than 0 and less than 0.5.
3 .2.EC I .2 4 Fo r the fi rst re lease, these qll.1 itie wi II be (Olletll lrali oll , ;IItrlligrllcr, pal;ntcr , ,'amllla , and
strmglb.
• 3.2.ECI .2. 1 is validated by goi ng through each quality o n the srI quallf;'S ,,' indo,,' and ensuri ng th.t each has
a deCImal value , as shown in Figu re 28.4 .
• We validate 3.2 .ECI .2 by c hecki ng o n Ele na's quahties as the game begi ns
Concentration
Stamina
120 .0
OK
- ,
Fl&ure 28.4 System testing of Encounter Video game testing with GUI for setting qualities
698 CHAPTER28 TEsnNG AT THE SYSTEM LEVEL
I I
I
Total life points: 25.563635 I Curre nt life POints 25 16364
1 Current value:
Concentration
Con centration 0.0
1°.4 1
Done '
Inte lligence
- I Patience ~ Before last encounter:
1.3454546
lL _ _ _ _ _ _ _ __ __ __ _ _ _ _
. --
Figure 28.S System testing of Encounter video game testing via GUI for setting and viewing qualities
• Validatin g 3.2.EC. 1. 3 ca n be do ne by redllCing Elena's poin ts o n a quality to less than 0.5 . The result of
se tting stamina ( 0 0 04 and showrn g thal Encounter actu all y sets th is imcrnall y to 0 is s(--e n in Figure 28 .5 .
• \VIc validate re qui rement 3.2.EC.I .2.4 by e nsunng that all pro mised qualities arc present and th at there are
no additio nal quali ti es. We co ntinue testin g in thi s manner for the res t of the use cases and functional
requ iremen ts.
Met n cs fo r fu ncti o nal testing are lIsually based on the requirements, and include the fo ll owing ,
Thi s cction dcsuibes several common types of nonfuncti onal testing : performance, load/s tress, reliability
and availability, recoverability, lIsability, security , compalibili ty , installation, and serviceability test ing.
Perfonnance testing vahdates that a system meelS Its specified perfonnancc requirements b b h
y 0 servIng t e
throughput, or speed of the system. Throughput rerers to the number o f transactions that can be _" .
·
given amount a f time .
. 0 f a transaction
Th e meaning . d epen dson t h c: type of .lpplication that 's L- . procesScu
d F 111 a
• • 1 UC:Ing tes te . or our
Video SlO'" apphcatJon, speed could be measured by the l1umbe r of-vldeo rentals th.I can b- P d '
.... rocesse per mmute.
NONFUNCTIONAlTESnNG 699
For a ~31 · tim~ communication system , peed nllght be measured by the number of data packets that can be
p~ and forwarded ~r econd. Good requi~ments w,lI have avoided vague statements about ~rfonnance
such as 'customer ,csponses should be acceptably fast ' uch vagucness causes problems because the stakeholders
can harbor very different interpretation of ' fast : For the video store application, a well·wronen ~rfonnance
requirement is 'The appl, ation hall be able to successfully handle a load of 1000 rental requests per minute.'
Te t environments such as Eclipse's Test and Performance Tool Platform ( ee Section 28.6) identify the
packages, classes, and methods with high execution times, as well as those invoked frequently .
Mernes for performance testong are u ually based on perfonnance requ,rements, and include the fo llowing,
The purpose of loadlstress testi ng is to subject a system to incrcasi·ng loads and to tress it in various other ways to
detennine its breaking point. Another way of stating th os is 'under what load does the systcm start to breakt
Examples ofthe types of loads used are maximum number of users supported , maximum number of transactions ~r
second, and maximum data transfer rate. Once the points of failure are determ,ned we can understand whether the
system meets its load ·related requirements. Knowing these limits also allows us to examine the system desi gn to
understand those pans of the architecture that arc susceptible to stress, and use this for future plann,ng.
A good requirements document speCifics the performance of the applicati on under precisely stre ed
circumsta nces. As an example, suppose we have the fo ll owing performance req uirement.
Th, sot, shall halldl, custOll"r v,sits with a maxi",,,m of fD stcollds wait "m, "ndtr th, followillg conditions. VISIts
occur in a Pois son (probability) distrih,,"on with at, avtrag, of fDO ptr IIIill"t, Each ordtr is ai' avtrag, of 2
books, distrib"t,d IIonllally with a stalldard dwia tion of 1 .
Visit th, sil, for 10 mill"ttS with an aotrag' of 100 c"stomm ptr mill "t,. Each ord,rs at, a"trag' of 2 books, w,tb a
standard dwiation of L
Rtcall that the Poissoll distrib"tion si mul ates arroval times at a queue, the st""dard dwiation measures the
extent to which data varies from the mean . For examp le, a variance of zero ,n the orders of the above
requoremen! would mean that exactly 100 customers ca ll every minute O nce we va lidate the system ca n
handle this load , we increase the number of cu tomer vi it ~ per minute to determine the point at which the
application exhibits a probl em.
In many cases, loads and strcss limit arc no t ex ploc,t1}' spe oil ed in a requirements document In th,s ca e,
the project manager, QA, o r management decides o n the rargets to be attained based o n the lollowing factors
• Le8~1 advice
• larkct ond ili ons
T ools such as Eclipse's T est and Performance T ools Platform (TPTP see Section 28 .6) provide the
number of objec ts rca ted at nlntimc and the amount of memory they consume. V arious gra ph ica l devIces art:
prOVided th.t sho" a "thermometer" reading o f memory consumption (min to ma x) by mo uSing over a sequence
diagram of h.nction Invoca ti ons. Tc'S tcrs seck ma ximum and near·ma xlmum rea dings . The sequence diagram
can be ge nerated fro m the test execution . TPTP shows how many objects refere nced a give n object at runtime.
MetriCS for loadlstress testin g include the fo llowing ,
It IS an implICit requirement fo r every application th.t it be available for usc! Sometimes it is acknowledged
that the system will have defects or th.t it wi ll not be able to survive defects in its environment (e.g ., the
opera ting sys tem) and will crash at times. Rtliabi/ity "lid a"ai/ability assess and measure the extent of this.
Relia bility and avai lability arc ty pically measu red by the mean time between fa ilures (MTBF). T o obtai n
MTBF, a defillition of "failure" is first specified-for example, a crash of the appl ication that requires its reload.
Several different levels of failure ma y actually be defined and used. To compute the MTBF. a tester start.s the
application and notes the time. He orshe then executes the appl ication using, ideal!y, random scenarios until
the system fa ds. The elapsed time is computed. This process is performed repeatedly; the MTnF is the average
of these times.
Obtai ning a very reliable value of MTBF involves hiring people to use the applicatio n according to some
controlled rules and procedures. Gathering these data for man y hours requires significant compensatioA for
testers. Naturally. one tries to gather the data while users are using the application for another purpose.
However, the other purpos~r purposes cannot be permitted to bias the results. A related technique is to
have a large body of users exercise the applICation in advance of its official release (see Section 28.4.3
concerning alpha and beta releases). To obtalll an MTBF, it is necessary then to estimate the number of users
and the lime they spend using the application. As many know, the gathering of this kind of data continues
even after a prod uct is shipped. as in the pop·up message "Please send us notiRcation of th is fail ure . .. •
Many otherwise excellent applications crash from time to time, The reasons may be beyond the control of
developers, such as power outages. A good SRS specifics what should take place when an application crashes. A
common require ment is that, whC'n restarted , the application returns to its state at the time of tht: crash. This is a
rrc01JfI'ab,lily rcqul,,,"ml. Anothercommon requirement is for a designated log ~Ie to conta',n a . I . f h
. . n exp anahOn 0 t C
crash s cause (ratherlike an airplane s black box). As an example of a recovery techn 'Ique con d h"b k •
• $1 C'f( e ac StOP
technique employed by Tom VanCourt on the Encounter video game The code ,' s ho . L'
. wn In I tlllg 28. 1.
NONFUNCTlON.Al TESTING 701
The effect of this odc i to trap excep tion, not hand led elsewhere and report them before the
applicataon stops. One can tc~ t for thl at :hc system leve l by entering ill ega l valell's suc h as 10 '0 for strength
value of a qlll1lily . M e trics for 10acVs tre.- tc ~ tin g include the fo llOW ing:
• Frequcncy of auto· recovery compared with thc deslrcd auto ·recovery frequency
• tcan recovery time
U,./lIlily ''' 1119 va lidates an application's acceptability to Its users. Thc primary goa l 01 u ability testing is to
ensure that the application sa tisfies Its stated u ability requirements. These should be provided in the SRS In
quanrified tem1 S, toget her with the manncr in which the deSIred quantities arc to be measured. Kit [ Il lists the
overa ll critcna in Figure 28.6 as csscnrial lor usabi lity tcsting.
For example, wc might reqUirc rhat a random sample of 30 users of our home finance application rate the
application o n a scale of 0 to 10, as shown in T ablc 28 . 1. An inspection of the accessibility results shows that
our application scores about 12 percent lower than the industry average-some cause (or concern . Our
va ri ance is lower than that found In industry, however, which means that the sampled users agreed more on
• Accrssib,/,ly
How easily can users cnter, navigate, and exit '
• For example , mea ure by average time laken to ...
• RcsponslIJnltss
How rcady IS the application to allow the uscr to accomplish specified goals?
• How often IS CUI display accurate (pe rce ntage)?
• How quickly arc user actions ack nowledged?
• How oftcn is the application rcady for user actio n?
• EfficifflCY
Degree to which the number of required steps for sclected functiona lity is minimal
• "Minimal" calculated theoretically
• For example , measure by minimal limclav('ragc time
• Compr<hcn,ibilily
How easy is the product to understand and use with documentation and help,
• For example, measure time taken for standard queries
thIS seo"' .than u ~rs t pically as",e on the usabiloty of a UI. This tell< us thot a smaller percentage probably
acru.lly dl Ioke uson g our applocatlon than i u ual.
The appropriate ample sIze depends On the desi red probability of an erroneous conclusion. If we want a
smaller probabiloty o( Cllor, we need a large r sample. Usability data can be collected on a controlled or
uncontoolled environment. In a contro lled envi ronment , subjects arc o bserved and data like the following are
obrainerl:
• Average time taken to complete d eSignated tasks (e.g., crea te a letter in a word processor)
• The results are compared with required , compan y, and industry no rms. Users arc very sensitive to
applications with which the or experience deviate much from what they arc used to .
In designing usabili ty questionnaires, the challenge is to obtai n data that enable engineers to remedy the
most serious shortcomings without exceeding the lim its of user ' time and patience Alling out questionnaires.
Usability data can be expensive to collect because users often expect compensatio n fo r the time and trouble of
providing detailed feedback. For example, a client of o ne of the authors develops software for a device used by
physicians. The company provides a free dinner and signiAca nt mo neta ry compensa tion in return for viewing
and commenting on screen sho ts and demonstrati o ns
Turning now to uncontroll ed environments, Figures 28 .7 and 28 .8 show the beginnings of the Purdue
Usability Testing Questionnaire [2], which provides useful data from which to assess the value of and
potential improvements in a set of CU ls.
Security testing co nsists of id enti fy ing securi ty defects and measuring the extent of an application's security .
Recall that some princi pal aspect of security are those Ii ted in Figure 28 .9. We can base securi ty testong on
these. The I.esting ca n be performed by using or imulating interception of traffic (called "sniffers"), usi ng
software that attempts to break systems, such as sc rip ts that repea tedl y try pa<sword break -ins, and by uSIn g
people of varied skill leve ls to try delibe ratel y breachong the desig nated security aspects . At the hig h end of
this spectrum o f skills are people wi th experie nce '1, acking." A hi gh leve l o f Sc urity clearance i< required fo r
them . Usi ng hacker ca n prese nt majo r problems whe n an external co nsultong company i the o nl y alternati,'c
and especially when the experie nced people have bee n invo lved in unautho ro zed activi tIes in the pa t
The OPtto Sou,Ct Security Testooog Methodology Mml u"' (OSSTMM ) is an Opell standard me th od o logy (or
performing secu ro ty tests [3]. OSSTMM focu<es o n the technica l detail . o f which Iteon need to be tested ,
what to do during a sccuroty tcs t, and when dlffcrent type< of securi ty test. shou ld be plTformed. A checklIst
for confide ntia lity testIng in in forma tio n secu rit y, parti y ada pted from OSSn,1M , includes the fo llOWIng
actions_ o me arc part of non -securot y lest lng as we ll , a o ne co ntlnue< to re ognize thnt many se urity
breaches SImply exploit a defect In the ohware
Purdue Questionnaire ~
11><>1111'/7 ofDf6<r- Soj/vtIT. s,SIPU Ad " U
g1
"""on.
O""'POrlQnI:. Ut not mclud.d in th&.t onlul. but could b. intorpOfaud ;""0 '"
'"
oCpE.nU
iil
:;j
Z
PIe ... raIe th. u.ability of the system. "~
J!
m
II>
o Try 10 respond 10 all the items. -<
II>
• For Items tlw ate not appbcable. use NA ;ri
o Make run: the •• 6elch are 61!ed in. System: Email I. : ;:
• Add a cOUlment about an dem by c~cking on its II Icon, or add comment fields for aU items by cbckmg on Comment All.
o To mail III your result•• chck on: Mail D.,.
t2
m
r
-~
r/.
..".-, -- ..--.,....
-.
.
.
..
r j- _,",.",.~
1. \,;um rAU"",u:1' 1 1 3 4 5 6 7 NA
- - - - --
~-
~
~
706 CHAPTER 28 TESTING AT THE SYSTEM lEVEL
• ConRdenti.lity
• ",ffers vahdate that d.ta passed not vi sible to unauthonzed p.rtles
• Hlrc profession. 1 hackers]
• Nonrcpudiation
• Experiments to va lidatc
• Integrity
• Alter data .nd validate consequences
• Authentication
• Hire profeSSional hackers)
• Authorization
• Hire professional hackers)
• Valid"te cookies
• Check protection against illegal and out-of-bounds input (not necessarily input that allows breaches)
Merrics for securiry testing include the following .
Many applications arc designed to work with other applications. For example a word pro h II
. . . . . Ceisor t at a ows
the Insemon of a ~prcadshcet must be compatible With the spreadsheet application Anoth I .
. - . fr I -h . . .
application that obtainS data om peop e Wit mobile deVIces of variou.s brands Com
or examp e IS an
'b ' I' . _
, patr I Ity testing IS
NONFUNCTIONAl TESTING 7m
s.milar to integrat.on te ting III that it tests the interactions between parts of an application. The difference .s
that the Interfaces are typ.cally developed by different organizations, and developers normally can't change
the applications with which they mu t be compatible .
An important subfield of compatibility testing is assuring that the application operates w.th deSignated
past ver<.ons of software on which it depends . This includes versions of the operating system. An example is
an online learning env.ronment, wh ich must work with various versions of Windows as well as with UN IX.
Compatibility with future versions can be planned for to some extent, and it is sometimes possible to si mulate
upcoming changes. Testing must include combonations of versions.
Metri~ for compatibility testi ng include the following ,
An installation test validates that an applicati o n can indeed be install ed. An instal/ability te t is a more general
concept in that it tests via installation test cases whether an applica ti o n can be installed o n a va ri ety of
configurations. Installation tests whether an appltcation ca n be successful ly .nstalled o n its targe t system .
These are binary canlcan't tests Many types of errors can occur during insta llatio n, espec.ally du c to the
djfferences in hardware and software platforms. Applications are often required to execute o n multiple
hardware and software platforms. Multiple platforms typically require separate tests. For example , .f our v.deo
store app lication were required to execute on Windows and Macs with Internet requirements, we wou ld
devise tests that ensure the satisfaction of the requirements on each of these platforms. Although we try to
develop applications that arc plat fo rm independent, thi s has limitati o ns. Fo r example, we may need to te t
with separate bar code readers for Windows and Mac platfo rms . Installatio n tests would be ide ntica l for the
most part but would contain Windows·specific and Mac·specific parts.
Once we have tested that an appltcation can be installed correctly, we run a second tier, co n ISting of
installability tests that measure the level of d iffiwlty of installing the application . As computer u ers we are all
too famdiar with how easy or how hard it is to install an app lication . Installability tests thi s proce S and the
aspects of the application that make this easy or difflcult.
Metrics for installation and insta ll abilty testing include the fo llowing ,
Serv.cing an applicat.on .s the pro css of repainng or enhanci ng it This could include visiting the itt and
sending a full or partlal replacement ovcr the Internet.
An applicatjon '~ strVlCcah,lity refers to the ease or dtlfi tllty w.th wh. h it an be kept opera t.o nal In the
face of changes to .ts envlfonmcnt. For example, an expert system appltca t.on reltes o n Its knowledj:e base
typ.cally in the form of a \et of rule., whKh may be straightforward to moddy Another exampl e b the ca<e
708 CHAPTER 28 TESnNG ATTHE SYSTEM LEVEL
with which an appJ. Juan that nlns o n o ne versio n of an opcra tlnH sys tem can be made to run on Its successor
<rv,ceab,llt te tS execute scenanos such a wapptng databases Scrv,cca btl,t y IS re lated to matnta,n ·
abilIty-the case or dlfAcu lty with which an appl,ca tio n ca n be maintaIned The dtffercnce IS that crvlCtng is
a planned, expected , and pred,ctabk- proc.s,.
Metncs lor serviceabihty tcsttng tnelude the follOWIng ,
Th is secrion di scusses tc tln g in the co ntext of requirements that range from being not written duwn at all
(Section 28 3. t) to betng o nl y partially expressed in writing via the user stories of ag tl e processes (Secti o n
28 .3.5 ).
i\4ost of the softwa re engineenng literature emphasizes the importance of requirements a nd the execution
of testing against th ose requiremen ts. Hi g her CMM levels arc bestowed only on those organizallons that
wnte down reqUirements thoroughl y (see Chapter 6 ). However, man y real · world applications have
Incomplete or even nonexistent requireme nts docume n ts. Our concern in thi s chapter is how to rest such
applications .
Even when requi remen ts do exist in written form , the)' generally cannot prOVide a very good feeling for
[he apphcation compared with running code. This is like the dif fe rence between drawin g detailed plaAs for a
house and living in the house after it is built-they arc simpl y not the same. In fuct. if we want to determine
whether a hou.se that is already built satlsnes needs, it is more useful to ask the occupants thaa to inspect the
architect's drawings. Figure 28 . 10 summarizes the reasons for res't ing wit h little or no reference to a
re::quirem ents document .
Suppose that yo u have been asked to test an applicatio n for which there is no requirements
document. Where do you begin ) In the next sections, we'll describe a starling poi nt, a h,haDiora' ",odel of the
applica ti on .
Figure 21.10 Reasons to test without basing the tests on written requirements
TESTING WITH LIGHTWEIGHT REQUIREMENTS 709
To tcst an applicatIon 10 the ab cnce o( \vell -wrltten reqUIrements, the tester needs a .cnsc o( how thc
applicanon is meant to beh. e and how it actually behaves. ThIS IS ca lled btl,.1IIo",/ moddillg . Mo t o( us have
alread had a behavioral modehns expericn e In dealing with an unfamdl3r application. Although we may
road the manual or follow a tlilo nal , we often si mpl y ' play around" with the application . Th, s cCtl on conCerns
dLClplined ways to "play around" with the goa l of fi ndlOS as many defects, as serious as po sible, in as little
nmo as possIble. ThIS is not the black·and -white proces of requirements-based tesllOg, and it is someti mes
called 3n "arl: Good artist . however, arc extremely well -dis iplincd, and good testers are too.
Onc approa h to forming the concepts of an as· built (already constnlcted ) applicati on is to u e the
software design models that we covered in haptcr 15 These are the uS! .It modds, clnss modds , dtllnJlow ,"odds,
and slalt mo.lds. These arc valuable (or creatIng desi gns o( applicat Io ns yet unbuilt , but they are less 0 (or
modeling already -built applications. Table 282 indicates whcn these deSIgn model could apply to
behavioral modeling of already-bu ilt applicat Ions
ThIS suggests that a different or modified model shou ld be soug ht , as di scussed next.
Table 28.2 Applicability of various deSign models to black box testing of as-built applications
oeslgn Model Applicability to As-Built Black BOX Testing
use case Model Apply use cases to identify the main, unbranching behavior
Class Model Typically not especially useful for black-box testing
Oata Flow Model Possible if the tester recognizes principal functions
State Model Possible if the tester recognizes states that the application
transitions through
w. will use the concept of dlrtcltd gmpiJS in what fo li o"" . A directed graph is a Rgure consi ting of node ,
together with arrows between certa in nodes, called tdglS , illustrated in Figure 28 . II The meaning o( nodes
and edges depends on the conlext in which they art app lI ed
node
edge
1 3 ~--- 4
Actions
• Launch text document processing
• Enter leX1
• Hit liIe / save
• Enter a file name and press save
O ne approach to modeling as· built applications is to sta rt from what appears best to be a beginn ing
point of th e application , and then keep track of the paths from th ere In directed gra ph form . Each node
represe nts an act io n performed by the user o r the appli cati o n (someti mes a seque nce of such act io ns instead).
Each edge leads to the next possible act io n. Edges arc labeled ",hen necessary to distin gu is h options. This use
of nodes and edges IS neither data flow nor state/ transition. It can be tho ug ht of as a control flow in that each
node represenlS a point at which the applicarion i in control.
As an exam ple, let's perform th is for the word processor of the open source ofRce suite OpenOfRce. Besides
servi ng as a means forblack box testi ng, a directed graph is a means of ge tting to know the application. Figure 28. 12
shows the ~glnning of a directed graph for executing OpenOfRce's "Writer.' its word processor.
Si nce thero is no branching in the example o f Figure 28 .12, there is no need to label the edges to
understand the seque nce of actions. In Figure 28 . 13, o n the o ther hand, there is such a need. Branch points aro
labeled as nodes like any other (which makes these diagrams different from o thers we have studied in this book).
Figure 28 . 13 shows a continuation o f the graph ing process. The numbering serves o nl y to label the nodes and
docs not denote an o rder. The la~ls on edges are used to assist in d ifferentiating among branching o ptions.
2. Enter text
3. Hit file I save as
4 . Enter a file name and press save [Pred icate
7
5. Convert 3 line to headings at levels I . nOde) F
2. and 3
6. Bold some lext T
8
7. File exists?
8. Hit save ' "already exists" pops up , yes
- - --
1 - . save -
"
--- - -~
·• .. headings
Palhs: •
- -> bold " " '" save
Actions '.
"
1. Launch text document processing. /
2. Enter lext /
3. Hil file ' sa VB as
IPredicate
4 . Enter a Ii Ie name and press saVB
node] F
5. Convert 3 line to headings at levels ' .
2, and 3 T
8
6. Bold some text
7. File exists?
8. Hit save '"already exists' pops up ' yes
Tests are de igned via sequences that traver e mult ip le no des. A reasonable goa l is to crea te enough of these
to cover all nodes. (Attempting 10 cover all pnl/, co .. blllalioll' exposes more defects but usually leads to a
combinatorial explosion in the number of poss ibilities.) Figure 28 . 14 sh ows Ihree paths that cover all nodes ,
The number of eque nces made of these path s ca n be extreme ly large . The tester can be elective among
these as in Figure 28 IS , h owever.
As mcnlloned in previou c hapters, continual tes ting IS an IIlteg ral part of agi le proces os, especiall y via
utilities such as JUnll and N Unit Allh oug h suc h tests focu, on a method under constnlction , a growing ,
cumulative set of unit tests ca n e ffe c ti vely te,t large parts of an app lica ti o n as it grow .
A sU ite of jUnit te t , grown mel hod by metho d and class by la, (as In hap ter 27), rn a be part!
usable for functional testing ( , e , to check that the rcqullcme nls have been . at"Red ) H owever, Invariab ly
there will be reqUirements for whl h th 'yare not a pp ropria te , uc h a th o.e that reqUire user intera tl On
The follOWin g kinds of teS lin g arc ca rn ed o ul for a!,l dc rroJ,:c t\ In the sa me wa y a, for non . ~gdc ones
• onfunctlona l tcst lll g (pe rfo mla nce, 10aeVs trc", cvcont, rc ovcrab ,hty, lIsab ili! , SeCliftry, o illpatibil itv
,"stallatlon , servlceabdit y)
We have described various tcchnlques fo r t hc blac k' I)OX te.Sttn - g 0 r 's bu I It applicallons. A good tester,
U ·
however, goes well beyond them In hIS or her efforts In tryi n!: to ferret out defect that could be encountered
_.,111 an t time
w hen many people usc the appilCJllOn ror J sign ' ., per. Il aps In u nant, c,pated ways. He orsh. .shou. ld
be an Independent th,nker and should not be part of the tea m that deSIgned or ,mplemented the appllcat,on
under test. Thi IS bcc~u~c ('ven the most Independent pc:r o n involved In dcc;lgn or Implemcntatl~n develops
a vlS,on of the app hcall o n that , eve n when excellent " likel y to overlook or misunderstand ISsueS . The
following arc o rne of the qualities of a good tester:
• Meticulous
Let's translate these qualities into the testing of OpenOfr,cc. T o fi nd as many defects as possi ble within a
fixed amount of time , the tester would need sufficient detenninatlo n to go beyond the obvious ways of using
the application This is because the com mon procedures will probab ly have been exercised many times and
thus have been debugged . The tester would need dogged nes< to stay with h, or her intuition concerning
lurking bugs even when it yields few initial bug finds . In the nonnal usc of an application , users tend to be
relatively gentle . For example, the y avoid hitting a cont ro l-X butto n while a fi le is bein g saved, o r pressing
many keys in rapid succession, including functio n keys. A tcster, on the o ther hand , need the fearlessness to
stress th e application In such a manne r.
There is another sense in which testers need to be dogged: ge lling actIOn on the defects that they And.
Kaner [5] notes that Anding 'lnd obtai ning action o n discovered defects i significantl y mo re important than
simply fi nding them. H is pOint i that the time spent discovering a defec t i wasted if the defec t is never
repatred. It is certainl y the task of QA to ensure that qual iry is present. and this includes en uring appro priate
actio n o n def(·e ts.
T t'Sters need enough imagination to think of many different ways of usi ng the appl ication . The)' need to
· think out ide the box· because defects arc usuall y found in execution paths that arc not obvious. For example,
in testing the OpenOfAcc word processor, a good tester would pursue sequences very different from the nln '
of·the- mill opm fildtdillsavt sequencc_A more de111and ing sequence is opm fllrl..,ld 10 1i""ISt' Somt Ii"" '" II<InOll5
I)cading Inxls/StJlJt in Jocafjcnt f Iset Somr linC'S 10 parious bulitts/wUf itl 10caiioH 2l rcfrirot .
~d testers are C\~riOus. They a~ required to wonder aboUl the I,m its of the application, repeatedly asking
"Wha, ,f I were to - .. I An example IS "What ,f I were to load a non-OpcnOftlee document a d th •
, n en . ..
Testers need to be meticulous in that thcy must kcep CJreful records of the steps folio" d d'
...·e to Iseover Ol
defect, and gather detailed information to include in bug reports.
TESTING SHORTLY BEFORE RELEASE 713
Every project ha, a hi tory of testi ng lasti ng almost as lo ng as the projec t Itself. H owever. the period JUSt pro or
to relea,ing the appll aloon has specia l testing characteristics. which are described in thIs sectIon.
h is common to conduct loak 1<s/on9 ncar the end of the system testi ng phase. During soak testing the
applicaroon IS executed In an environment that simulates as closely as pos ible the way a tYPIcal customer WIll
use the sy tem under no rmal load . The soak lest is conducted for an extended penod of time for eX.IIOple ,
twO weeks. rest scnp~ are used so that the testing can continue for the entire duration wilhout intemoption .
The purpose i to uncover problems such as memory leaks and timong.related is ues that only manofe<t
themselves after the sys tem is run for a substantial peri od of time . The goal of soak testing IS to reduce, as
much as po ible, initial custome r complaints about problems-not necessa nl y sen ous but annoying o n<s;-
encountered when they exerci e the appl ,cation in a manner not exercISed before. Ideally. soak testS are run
by committed customers, otherwise by QA .
In principle , the customer contracts with the developer to build an application . At ome POonl, the developer
claims to have fulfilled his or her part of the contract, the cuStomer validates this , and then pays for the
application if satisfied . The customer performs thl validation by means of ncaplalla 1<sls In pnnclple , these arc
most important for all concerned . Acceptance tests can be executed by the custo mer, or by the development
organization-in ome sorr of clearly demonstrable manner on behalf of the customer. Acceptance tests arc
lYpically driven by the SRS . A subset of the system tests i selected that valodate maJor funerional
requirements and selected nonfunctional requirements.
It is a realiry of software de velopment that deli ve red applocatlons contaIn defects. If a con tra t were to
stale that software will not be paid for if a defect IS found , very few compan Ies would ro sk deve loping software.
Defects therefore have to be factored into contracts There arc several ,,'ays to deal WIth this, mostly legal In
nature, that relieve the devel opment orga nIzati o n of a degree of responsibility .
Recall that soltware ~an meet all its requireme nts ye t nOt meet the II"dl of the custOmer. o ntrac ts
attempt to navIgate the gap between customers, who want appl, cation . that arc satISfactory to them (" ' rot te n
or not ), and developers, who need to work WIth wcll ·dcflllcd ends. Acceptan c testong IS planned and
tonducted accordingly. Metrics for acceptance leStong are a subse t of those covered so far In thIS hapter, by
mutual agreement between the customer and devel oper, made In advance.
Th,s sectIon concerns ap pll ato o ns Intended for usc by a large number of pc pic A oftware product versIon I
rtl"",d when it os officially turned over to CUStomers. This usually take. place dorectly after a ceptan e te<h
Quallhcd releases may take place prio r to the fina l reica<e In many case , Int ernal pro pectlve u<cr< as well a,
CUstome rs, arc will,ng to parrlclpate in the y< tem teslong proce« Th, process 0< on tro ll ed b afpl", relea c
and "'Ia releases, as dIfferentIated by Figure 28 16
Alpha rtl,am are g Ive n to In · ho use user\ o r to a high Iv e lective and tru<ted group of ex lerna I u<ers lor
early prcrelea~ use The purpose f alpha rclca<e, 0< to rrovldc the devclol'ment organl zatoon f.edba k
and defc t Informat Ion (rom a group larger th an the teStNS, without afle tlnB the reputall n of th e
unreleaso:d product FolJowlnr< the d, ssem,natoon o f alp ha rclco>cs , I,,'n "Ira'" arc ~ Iven Out 1 he e arc
714 CHAPTER 28 TESTlr.jG AT THE SYSTEM LEVEL
c/ected cU5tomers
• Multiplies testin g act ivity
Beta
• Obtains c usto me r reactio n
give n to part of the custo mer co mmun ity wi th th e unde rs tandin g that they re po rt defects fo und . Alpha and
bet. releases are also used to co nv mce potential custo mers that th e re rea ll y is a product behind th e
vendor's pro mises.
A prinCipal motiva tion to be alp ha testers and beta testers is to gai n advan ce know ledge of the product.
Developers can gam informati o n about the appl ication (typica ll y its AP ls) so that th ey ca n begin to d evelop
applications that use It. Users can begi n to fo rm decisions abo ut purchasing the application o r gai n
• •
t!xpen(" ncc uSing H.
Metncs fo r alpha and beta testing include the metrics mentio ned so fa r 10 th is c hapter, in principle.
Alpha and beta tesllng are generall y not focused o n particular attributes. ll,ei r products are bug reports,
which arc ge nera ll y ca tegori zed Metrics include mos t of those already mentio ned in thiS c hapter, as well as
th o se with a simpler ca tegorization such as the fo ll owi ng:
• umber of majo r defects detec ted within the firs t x days/weeks/mo nths
• Number of no n-major defec ts detec ted within the Arst x days/weeks/mo nths
8/2411999 E. Braude: Recommendations game. IEEE standard 829- 1998 for Software Testing
integrated Documentation is used at every I~I of testing.
Status: to be completed The test philosophy for the Encounter video
game is summarized in Figures 28. 17 and 28. 18.
1. Introduction
Although the SOD is not explicitly a require-
This document contains the STD for Encounter and ments document, it efkctively imposes require-
its role-playing game (RPG ) fra mework. The catego- ments on the implellientation. Sometimes these
ries of testing addressed in this document include unit • requirements are spelled out in a separate doc-
integration, system, acceptance, and installation test. ument. The case study in this book does not
ing. This document describes the testi ng required to contain such a separate document.
validate the nrst three builds of the Encou nter video
-
Test Type Approach Corresponding document sections
-
White and black box; method and
Unit SRS scction(s): 3.2 Classc.IObj,el.
class tests, tcst agai nst detailed
SDD sectio n(s): 6. D,'ajt,d dt<jgll •
requirements and design.
Gray box; mostly package· level; SRS sectio n(s): 2. Outrall dt<criPlioll , 3. 1
orien ted to builds ( I, 2 , and 3), Ex/ental hlltrjac(S , va lida te representative re-
Integration test against architecture and quirements in 3.2 Classr.IObj,cls
high-level requirements. SDD sectio n(s): 3. D,compo.ilioll dt<criPljOIl , 4.
D,p,"dmcy dtScripljoll , 5. IlIltrfac, dt<criPlioll .
Black box, all packages: whole system (Build 3), test SRS scction(s): 2. Outrall
Acceptance against high-level requirements and detai led drsrn'pljoll, 3.2 Clams!
rt:qUlremenrs. Obi' Is
Black box, ail packages; whole <y tcm (Bui lds for SR section(s): 2 Ol'(rall
lostailation customer specoRc o nngurarions), test against hlgh - dt<criPllolI , 3.2 ta ss'"
level requirements and detailed requirements. Objrel
2. Encounter Video Game Test pa koge and the Encoun ler harael'" package It de ·
Documentation scribes how to verify thai the player and foreign
c haracters Ca n be retrieved . modi(,cd, and dIsplayed
n,e5 I 0 for En <>tin ter and th e RPC f", mewo rk covers thro llg h the singicton Enco""I"C"" object
lCSt planning. speCifica tion, and reporting . TI'\crc arc
separa te tcst plan for unit, mt'cgnm on, ystem , accep - 2.2.1.1.3 Test Items The classes and method< '"
tance, and ",stallatio n te ling. Each test plan reference< th e G",", harael", a nd E"cou",,,Ch.,. I", packages
its test design, rc t case, and test procedure spc IRca· arc te. ted throu g h the EncountcrCast sIng leton .
lions. The' tcst reporting documen tation consists o( the
tCSt 108, incid~nt report , and summary report.
2.2.1 .1.4 Features to Be Tested The features
tested by the tes t desig n speci ftcation Budd 1_ TD ar"
2.1 Unit Test STD based o n the reqUIrements with", the SRS and SDO,
as listed in Figure 1810.
Refer to th e separate UOit test document .
2.2.1.1.7 Item Pass/Fail Criteria Pass/fail crite- 2.2.1.1.11 Environment Needs Depending
ria are based upon satisfying the corresponding upon equipment avaiiabil.iIY, either an IBM PC,
requirements in the SRS and SOD. Sun SPA RC workstalion , or an Apple iMAC hard-
ware configuration can be used. The Eclip e In te ·
2.2.1 .1.8 Suspension Criteria and Resumption
graled Development Environmenl (IDE) should be
Requirements (N/ A) used for Ihe build 1 testing.
2.2.1 _1.9 Test Deliverables The documents
listed in Figure 28 . 19 are to be delivered to the 2.2.1.1.12 ReSponsibilities Sally Si lver and Jose
conRguration management group at the completion Hernandes from the SQA group are responsible for
of the build I integrati on test. managing. preparing , and execullll8 Ihe bUIld I inte-
grati on test. In addition , the Encounler development
2.2.1.1.10 Testing Tasks The testing tash on -
group addres es lechni cal quest,on and respond to
sisl of the foilowlIlg steps:
teSI inCldenl reports. o nAguration ontrol stores aU
I. Load build I and Ihe pa ka ge Build_ I. te st documentation and data.
upd~tlng of the PMP to rene t the arc hitecture 2.2.1.2.3 Approach Refinements • •
selected )
2 .2.1.3.2 Test Items The functlonaJ.ty to be
te ted is conta ined ,n the pcone.tlons for the
TI,e ca e studies in this book do not include follow ,n g publi c met hods of fl1 CO""ltrCasl.
the updated SPMP.
E"co""ltr asl g"n"fl1coll11 I' rCns l()
Gam,(I,a,acltr 9"Th,Player(haracl, )
2.2.1.1.15 Risks and Contingencies If the SQA
tcam is unable to execute tests, or the numberof defects
Ga ,",Characler g" Th, FortigllChaTaCI,r( )
causes an unacceptable number of system failuTes. then void stlPlay,rO,. ,acl,rQual,ty(SI,illg 4",,[ity,jloal oa[.,)
Alfred I\lurray of the Encounter development team w,lI
be aSSIgned to the budd I integration test. oo,d stIFortigllC/UI,"clerQ""I,ty(SI,,"g qua[ity, jloal
oalu, )
2.2.1.1.16 Approvals The completion of this test jloal geIP[ayerC/'araCltrQlIa[,'y()
requires the approval of the SQA Manager, the Encoun-
jloal 9" Fort1911C/,aracl,rQ"al,ty()
ter Development Manager, and the CCB Representative.
These arc tested in accordance with Fig-
2.2.1.2 Build 1 Test Design ur~ 28.21.
2.2.1.2 .1 Test Design Specification 2.2.1.3.3 Input Specifications: see Figure 28.21
Identifier . .
2.2.1.3.4 Output Specifications: see
2.2.1.2.2 Features to Be Tested The test for Figure 28.21
build I w,lI get the f llco""lerC,,sl object and the player
and foreign characters, change the va lues of various 2.2.1.3.5 Environmental Needs ThIS testing is
quahtics, get these va lues, and (hen verify their performed with the Gam,Cba ,acl,'S and fll co,ml,rCbar·
co rrec tness. actcrs packages alone.
Phytr Foreign
input Inp ut
Qu.llry v• .luf: v.lut Othu Action
InCCBr3t1on
Tnt.
Bu • • • • •
2.2.1.3.6 Special Procedural Requirements: 2.2.1.4.4 Procedure Steps Po pulate the Ale
None Build I_test_data with input data and expected out-
put values fo r Ihe qualiti es in the following fonna t.
2.2.1.3.7 Interface Dependencies: None
< quality name > < illput > < expected output>
This section dcscri~s the ",Iarion hips among < quality name > < input><cxpected output >
lhe various inlerfaces . This becomes signin .
• • •
anI for fulUr., bUilds, but is not an ISsue for
build I. There is no additio nal begi nning o r e nding text.
2.2.1.4.3 Special Requirements The test hal" 2.2.1.7.3 Incident Description Ed Blake wa d is-
ness in Integrati on TestslBuildl _T esl, m nsisting of tracted during the execulion of tesl 3 by an alann in
a class with a si ngle method, mainO, is to be co n· the building, and could no t record the re ui ts It was
structed . and tests 1, 2, 3, . . arc to be executed and decided no t to inte rrupl or repeat the test seq uence,
the results compared. and to conducl test 3 as part of Ihe tesling for bui ld 2.
I Passed N/A
2 Fa il ed 1823
s • •• •• • • ••
2.2.1.7.4 Impact It \ ,s d~c ldcd th, t the Irl IdcnL(s) d "played th roug h the Enco"n ltrEnviro",mml object,
repo n ed above were n Ot serl ou enough to rcqum.: a an d Ih ,1' the o nncctlon< among them arc con ,sLent
repe t, tlon of lh b lest. wi th the SR .
2.2.1.8 Build 1 Test Summary Report 2.2.2.2 Build 2 Test Design T hese teSts first will
ve rify th at the correc t Etlfo lHllrrEnvironmCJ1 t object ca n
2.2.1.8.1 Test Summary Report be obtai ned, and the n wdl show that the Arca o bJeclS
Identifier ... and Art'(/ COPlllrclioll objec t ca n be re tn eved as req uired.
2.2.1.8.2 summary TI,e bud d I t~Sl passed wi th 2.2.2.3 Build 2 Test Case The func tio nality to
the exceptIon of the defec ts noted . TI, i wi ll be be tested is co ntai ned in the fo ll owi ng publ ic fun c·
h,ndled by the regula r defect repair process. tio ns of Ellcolm f(rEIIVffOtHlltn l .
GnmcArm gCIThcO""9tO" O
2.2.1.8.4 Comprehensive Assessment • • •
• • • •
Add itional remarks supplyi ng details c an be Enco ll PlltrEnvi rOl' ,"ril l 9(1 ThrEt'ICO UH IrrEllvi r(l",molr()
placed here.
2.2.2.4 Build 2 Test Procedures: To be
2.2.1.8.5 Summary of Results supplied
• • •
• • • •
EncounterGame
EncounterGame
EncounlerCharacters
-'.c.de·
EncounterCast
-'8PcM _
EncounterEnvironmenl
EncounterEnvlroniicent
ott.c •••
~ syslem lests are designed to verify the The acceptance te IS arc slored in the Accept·
architecrure by executi"g and verifying se. ."crT", package, and include the usc cases.
quences of "'Ierface methods The Initialize usc case IS sh own In Figure 28 .24
and is executed by the mai"O method of the class
2.3.3 System Test Cases Initia lize in the Acctpt."erTts' package.
Syst~m T est I The E"rounltr Fortig., CJJarn use case is shown
Itr
in Figure 28 .25 and is executed by the ",.i"O metho d
I. Move player character into dllngeon . o f the class Acctpta"ctTts t l"itia/izt .
2. Move foreign character into courtyard.
2.4 Acceptance Test STD The lests are instances of the Initialize use
case, also known as "sct"narios."
2.4.1 Acceptance Test Plan
1 b. -create .. ~
2. -create-
I 'y
la . onter quality valuo
Jb. • etOuolityO
I 2.3 selForolgnOualityO
3. 1 .. create ..
2.4 selQuall1yO
I r 3.2 dispiayAesul10
Figure 28.25 Sequence diagram for Encounter Foreign Character use case in Encounter
2.4.3.1.2 Initialize Acceptance Test 2 I. Set the main chara cter's "patience" va lue to 30.
l . Set the foreign c harac ter' "strength" value to 20. The installation tests shall consist of the accep·
3. love the ma in chara ter to the dungeon . tance tests conducted o n all of the above platforms,
5. Verify that an engageme nt has taken place. 28.6 CASE STUDY: ECLIPSE
6. Observe the engagement window showi ng the W e continue to use Eclipse for a case study, as in past
resul~ . chapters. There are many systems for automating
tests; and to appreciate the kind of capabilities that
(The player's strength va lue sho uld be 40, and they provi de, we focus o n the Eclipse Test and
the foreign character's 10 .) Perfo rmance Tools Platform (TPTP), The fo ll OWi ng
is quoted and adapted from the o nline documenta·
2.4.3.2.3 Encounter Foreign Character Accep- tion for TPTP [ 6),
tance Test 3 '" TPTP is a sui te of "test, trace and monitoring
tools ," It addresses the "test and performance life
cycle , fro m earl y testing to production app lication
2.4.4 Acceptance Test Procedures mo nito ring, including test editing and execution ,
Acceptance tests shall be carried o ut with two desig. monitoring, tracing and proAling, and log analysis
nated representatives of the customer present These capabilities." TPTP addresses many of the issues
representatives shall carry out all testing wi th the di cusses in th is chapter, includi ng the col lection
assist.ance of the vendor. Whenever possible, events of metrics ,
should occur as a result of the random processe of the The TPTP profili ng tool can be u cd to profile a
game instead of being sti mulated. An example of th, s 's Web application , including memory use and exe U·
the arriva l of the fore ig n character in an area , A log of tio n time (the two ma in performance metri cs), The
all tests shall be maintained by the customer repre· ize of the hea p as the execution progresses is an
sentatives and ig ned by all panics; an y sig natory can example, TI,e profiling process all ows the user to
enter dissen ting statemen ts in the log , select parameters as well as output formats such as
graphs,
2.5 Installation Test STD TPTP can be used to record trafAc at a Web
application, In particu lar, it e nables loops within
These are tests verifyi ng that the applicatio n which a test engi neer ca n embed a test . te t parame ·
executes correctly in its required hardware and ters varying fro m pass to pass, TPTP has built · in
ope'f3,ating system environments, facilities for maki ng logs of the te t re ult for
exa mple , a grap hica l output showi ng reque t that
take the longest time.
The installation test s for Encoun ter co nsist of St.'vc:ral "agents" ca n be set to monitor various
executing the system tests on the fo ll owong hardware aspect of the execu ti o n, These ca n be thollgh! of as
conAgurations, processes a tong in para ll el with the executi o n of the
app lication under scn,tiny. Besides heap and stack
1 IIlM .compatible PC w,th at leas t 32 megabytes usage data , TPTP ca n be used to vie,,, the II age of
of RAM and 100 megabytes of d, sk space objects l-rom varoous cia ses. It can account for all of
the objects of a class that come onto being dllron!!
2. SUN SPARC mode l mmm with at lea t 32
execution, allOWing a trace into th e exe lIt ion TIm
megabytes of RAM and 100 mega bytes of disk
can be di splayed ,n the fo rm of r an of a ,cqut'nct'
space
diag ram For example , ,t may happe n that 0 man
3 Apple ,MAC mode l 1234 or later w,th 32 mega · ,n stances 0 1 the 'm'9 cia s exis t at runtim e that the
bytes of RAM and 100 megabyte s of d, sk space applicat , n' performance i, compro mISed
724 CHAPTER 28 TESTING AT THE SYSTEM LEVEL
n,e key to man y analy <5 I the Iden Ion Method Invocallon, ca n be compared, as In
of unll<ual parts, su h as a usc of memol)' by a process Figure 2826. In thIS exa mple, dI splay parameter<
that c eeds by far th ose lI>ed by o thers . have becn chosen so as to aVOId dISplaying methods
TPTP proVIdes a means for prosramme'> to invoked a negligIble nllmber of tImes (7].
insert "frag ments of Java code that ca n be invoked at Method execullo n limes ca n be displayed as In
specIfied POints," the Java closs ... " This i< ca lled F,gure 28 .27.
"l s ln~mnll(Jliotl It includes monitori ng (or "method TPTP includes the abilll)' to generate test cases
entl)', method exil, ca tch/ fi nall y block . and cia s and test procedures from higher. level descriptIons,
loa ding," \X/ ith sla'lC instrum entation. probe arc as wel l as the ability to record CU I interactions. In
Inse rted before execlltion. These have 10 be o ther words. the application is execu ted and the user
rem oved often by hand-before the application interac ts WIth CU ls. When the application IS exe·
ca n be deployed . Th is can introduce errors via cuted again in plnyba k mode. the user's same CUI
pro bes Inadvertently left in the code. With d)'llnmic actions arc automatically performed .
inslnlmcntation, moddled cia scs can be ubstllutcd T ests arc often o rganized In hierarchies. For
(or unmoddi c:d ones at runtime . This avoids the example, to test a word procc sor, we would test
manual c1can ·up process, but the application must "child" teSts for Rle handling capab,lit,es, editing
be execuled in a speCIal mode to use il. Listing 28.2 is capabilities. display capabilities, and ot hers. The Rle
example output from a class Order that has been handling tests break down into subsidial)' tCSts, and so
taocally Instrumented with method entry and exit on. Managing tests within such hierarchies is a signif.
probes [7) icant challenge, and tools like TPTP lacilitate this.
Listing 28.2: TPTP output trace of entry and exit of Order class
Entered: Order.main
Start
Entered: Order.<init>
Exited: Order . <init >
Entered: Order .placeOrder
Entered: Order.getSupplierList
Exited: Order.getSupplierList
Entered: Order.connectWithSupplier
Exited: Order.connectwithSupplier
Entered: Order.sendOrder
Entered: Order.constructOrderForm
Entered: Order.checkProductAvailabilit
Exited: order.checkProductAvailabilit y
Exited:Order.constructOrderForm Y
. Exception:Order.sendOrder! Toomanyitemsre ested.
Ex~ted:Order.sendOrder qu
Exited:Order.placeOrder
Finish
Exited,Order.main
CASE STUOY: ECUPSE 725
Method Invocltlons
....
"" .000
........-
llS,ODD
-• ' .000
0
, .....
Q
'.000
E
Z
' .000
' .0lIl
,-
.-
'.000
Methods
28.7 CASE STUDY: OPENOFFICE need n."V I('"W , I t is pO~ltive progrc!)s that is cs~ntja l to
keep th is projcc i moving lorward •
1. New issues posted for the current month or today. Look at the 'Untouched" issues hnked at
http://Qa.openoffice.org/issuelinks.html
Also try searching IZ with Issue Type set to
"Oefect" and Status set to "Unconfirmed,"
where the fiel d(s) is set to "[Issue CreatlOnl" .. .
2. Follow up on unconfifmed defect issues with the "oooQa" Try searching IZ with only the following fields
keyword . Ideally. start with the oldest "oooQa" issues and set: Keywords set to " oooqa" ... Limit the
work your way to the most current. If the issue is older search to a particular time frame .. . .
than 3 weeks and the Issue does not follow the guidelines
listed in the "How you can help?" page, leave a comment
to the user Indicating you are clOSing the Issue for now.
but If they can provide more information to help
reproduce the issue, they can reopen the Issue at their
convenience.
3. Close out issues reported against versions of 000 that Try searching IZ with Issue type set to " Defect."
are no longer current. Status set to " Unconfirmed," and the
Do a Quick check to see whether the issue is verlfable. If Component and Version fields set to your choice.
the Issue cannot be verified, send a message to the user
to see whether upgrading to the latest version of
OpenOfflce.org resolves the Issue. II upgrading 10 the
latest version resolves the problem, close the Issue. If
the upgrade does not resolve the problem follow the
000 QA " How you can help?" guidelines.
728 CHAPTER 28 TESTING AT THE SYSTEM LEVEL
28.8 SUMMARY
nee integratio n tesling is omplclcd, th e appli ca ti on a~;) w hole I ~ tes ted T hi s i~ known as system testi ng.
y<lc m tes ts arc blac k box tests th at val idate th at the applica tio n mee tS it. ,ta ted requirements Both
fu nctional and nonfun (i onal req UIrement.!> arc lC It' d.
Appl icatio ns arc freq ue ntly distributed in-hou c fo r te ting (alpha t es t in~ ) and 10 partt ci patlng
usto mers to try o ut with a lear unders tand ing of liS <tatus as undergOi ng (tn al 'c 'i ng The la lle r IS ca lled
bc 'a testin g.
Accc prancc tes ts are executed by th e cuslOmer ah er systt"ITl fes ' arc success fu ll y comple ted . Their
purpose is to demonstratC' to the cu lOm(', th at th e JppllcJtio n run s sa ti sfac toril y on Its target hardware and in
Its intended Orlwarc environm ent , such as th e operatin g sys t<..' m. Acce pt an <:: les \" s Me usually a subse t of th e
system tesrs.
j\~a ny rca l· world appl ica tiolls have incomplete or even nonexistent requin:mc nts documl"nts. T c:sting in
th e Jbsencc of well -wrin en requirements requires th e tes ter to obtai n a sen c of ho\,{ th e appl ica tio n behaves
and how it i meant to behave. This is called bt'haoioml modtlmg . A n approac h to tes tin g in thi s srtua tio n is to
S'art fro", wha, appea r; best to be a beginning poi n' o f the applicatio n, and th e n kee p ,rack o( ,he fun c ti o nal
path s fr o m th ere . Directed graphs arc used to document ,hese path s. Te t, are devised to execute a set of
pa,hs ,hat altai n a kind of coverage
In o rd e r to be effec ti ve at Rndin g defec,s, a good software tes ter mus' be de termined , dogged, (eariess,
imaginati ve , curious, meticul ous, and must think "outside the box ."The les ter's gOoll is to discover ddects that
c.a n mani fes t wh en an appl ication is used (or a significant tim e by user , perhaps In unanticipated ways.
28.9 EXERCISES
3. A compan y is develo ping an applicati o n, and th inks it has d iscove red a novel way to speed up its
tes ting cycl e. It decides to dispen se with sys tem testing, and in tead deliver th e appl icati o n to
customers just after integrati on testing is complet ed. The company will lherefore rely on its
custo me r; to discover problems in the appl icatio n. Wha, arc the ad vanta ges a nd d i ad vantages of
this approach) Be speCi fic and ex plain your answer.
4. What is the purpose of soak testing) Gi ve an exa mple o f a defect thi s ty pe o f tes tin g is likel y to
uncover.
5. Load and sfrtS5 tC'sting is often conducted on indiv idu a l units dllring unit and in,eg~ t Ion
• . • • •
'
IU
. I
testin g. n
thIS teslIng, unllS are subjected to hi g h levels 01 stress [ 0 e nsure ,hat th ey do h 'b'
. . no t ex I It an y
problems. Why IS It necessary 10 conduc, system-level stre« 'c, ,, even if all of ,·h
are success1uI7 . e '"'' t t'"'-'SO t e IS
6. Describe the various levels of testing to whic h you wo uld sub)'ec t ,he' I' . d .
. . .. "pp Icallo n escnbed In
E-xerclse 7 In Chap,er 27. Indicate which o f the clas es and pac kages ( ho . h fi
wn In t e gure ) would be
BIBUOGRAPHY 729
involved in each. (Many more classes wi ll be involved in buildi ng the completc application. but
you are not required to show these.)
7. For Nch of the black box testcr qualities listed in Section 28 .3.6. give an example of how that
quality could be counterproductive if take n to an extreme.
BIBUOGRAPHY
t Kit, Edward, £JjlfL.'\Qft Ttjtlrtg ,PI II" Rcal World l,"pro,,,,,; ,Ix Proem, Addison. Wc:sley. 1995
2: Purdue Usab,hcy T CUing QuC'Stlonna ire, hnp Jlold"ww.acm ,orglpcrlma nlques llon ,cgI1form . PUTQ [accessed 121 15109]
3 Herzog. Petcr, OSSTMj\'I - Open Source Security Tc:stlOg ''''!ethodalat,,), Manual httpJlwww.lsccom org/projcctvOSSlmm shlml
[accessed 12I 15109 J.
... Snnlv~san Deslkan , and Goplllaswamy Ramc:sh. Software TCStHlg. Pnnclples and PraCtiCes , Pearson Education. 2006
5 Kiner, Cern, J;ICk. Falk, and Hung Quoc Nguyen, T Nli"g (olllp",'tr SO/IIlIQrc, John Wiley & Sons, 1999.
6 EclIpse T~, t ~ Performance Tools Platform ProJect . hnpJlwww.cc\lpse.org/lpt.p/ [accC..Sscd 11 / 11 /2009].
7. Eclipse T e"Sl & Performanc~ T 001<; Platform Pr.ojecL htlpJlwwwed.psc.o rg!tptplpladormldocumentslprobcklvprobekit.html
[accessed 11/ 1112009J.
8 OpenOfAc~ Project. hakedown Test SUlle · hllp J/qa opc nofAcc.org/tcstcasc:/mdc)(.html (.lcccsscd 11 / 1112009].
9. O~nOfAcc Project . · 000 QA Issue Revl cw PriOntl~." hnp j/qa opcnofficc o rg/ prio rltlcs.hlml [accessed 11 / 11 / 20091
10. O~nOfficC' ProJect. "A Quick Stan CUlde to contributmg to this prOJeCt. ~ hltpJ/qa .openorAce.org/W'W"Wslagingil askslqlllckstan .
html [.ccess.d 11 / 11 12009J
11 OpenOfS« Project. "Automated product source code QA: hupJ/qa.openofRcc orglqadcvOOo_dodi ndex.html (accessed 12I IS/09}
Software Maintenance
Figure 29.1 Tlle context and learning goals for this chapter
Software systems continue to evolve after their initial release. The l'ttainlt'HflH Ct o f a software sy trm
consists of those activities performed upon it aftcr it ;s released. The IEEE glossary [ I ] deAne< ofcware
maintenance as follows:
TYPES OF SOFTWARE MAINTENANCE 731
TI,. proctSS oj mod,Jyi"!l a SOJlwart 'y,'m or eo,"poHrnl afler d,/i",ry 10 corr,el faults , impro", p,rjO"",,HCt or olb.,
a/lnb.ttS, or adapi 10 a eha"9,d ,H"oroH,"rnl.
This section introduces the unit of maintenance . It also names and describes vanous type of m.,ntenance
activities.
Maintenance organizations manage lheir work by identifying task . Ideally , the c sh ould be of comparable
magnitude (imagine the Inappropriateness of a li st of c hores that Inc ludes "buy bananas" and also "build
house"). Each such unit of maintena nce is ca lled a MaoHlrnaH" Rtqutsl (MR) in IEEE term inology We try to ize
MRs to be of a regular mag nitude , but the amount of code needed for each ca n vary and the Impact can vary as
well. A phYSICally small code c hange may have a major effect on an application . One way to keep MRs at
comparable effort is to decompose them into c hild MRs .
An MR is either a "paor or an ".hmoe''"tlfl It IS a repair when it co nce rns a defect relative to the existing
requirements, An enhancement MR is one of two types. The first in troduce a feanlre no t called for in ,he
requirements at dclovery t,me, the second type of enhancement c han !!c~ the design o r implementation , wh,le
keeping the functionality unchanged. ThIS is known as refactori ng , as Introduced in C hapter 24 . Refa tonng
usually improves the deSign ,n order lO redu ce comp leXity a nd Increa e efficiency , and it is a re pon e to
Lehman's seco nd law of Increasing co mple Xity Figure 29 .2 summan zes these distinctio ns.
A common categorization of MRs IS defined by L,cintz, Swanso n, et al (6). (7). who reRne the,e twO
types of malntenan e IntO twO .ubcategories, a' ,ummarized ,n Figure 29 3 and explained ,n the rest 01 this
seCtion
732 CHAPTER 29 SOFlWARE MAINTENANCE
• Repair
• FIXing defec t
(relative to existing requirement s)
• Enhancement
•
• cw reqUIrement
• C hange desig n o r Im picment atio n
(no func to onal hangc )
Corrective
Repair - defect identificatio n and rem ova l
Adaptive
- changes resulting fro m operati ng
system . hardware, or DBMS chan ges
Pc rfective
Enhance - changes resulting from user requests
Preventi ve
- changes made to the software 10
make it more maintainable
Maintenance Reguest 78
Problem When the player changes the va lue of a quality, the computatio ns are specified to keep the total
invariant , but they do not.
' 1""9Ih = 10, pa,i",ct = 0.8, and ",du,anet = 0.8 (sum = 11 .6 ), and the player adjusts "''''9 ,h to I I , the result is
slrclIg fh = 1 I, palimcc = 0 and mduranct = O.
These do not sum to I 1.6.
Correc tive maintenance is concerned wi th the repair of defec ts relative to exist ing req uirements. These
defects are typically d iscovered b y CUStomers as they use a software product. Each defect must be analyzed.
priOritized, and repaire d, and fixes incorporated into new sofh\>'are revisions. As an example defect, consider
th e MR for the Encounter case study show n in Figure 29.4.
MR 78 requi res the maintainer to determine th e cause o( the defect. One possibility is an error on the
code, such as in the method adJustQu.lityO, which is responsible for adj ustong quality values when one of
them is changed b y the user. Another posSibi li ty here is that eXIS ting requirements (or Encounter characters
are defect've. Actually, th e latter is the case, because the requ ireme nts mand.te the follOWing ,
TYPES OF SOFTWARE MAINTENANCE 733
• The user hall be peml ined to sel any Quality 10 any va lue les than or equa l to the curre nl ,um of the
qualitic .
• No qualit shall ha ve a value both grealer than zero and less Ihan 0.5 ,
• The sum of the qUJ.litte~ remains Invarianl.
can be Seen in the example in MR 78 , Ihese ca nnOI all be salisfied Since the defect is in the
~quirements , ill S the cu lo mer's preroga live to make o r permit the c hange, O ne wa y 10 do th iS is to relax the
last ~quircment to the followin g ,
Isum of qualities - 0.5 * (N - 1)1 <= (sum of qualilies)' => sum of q ualities
where N i the number o f qualitie and x' IS Ihe va lue of x after Ihe adjustmc nl proce
Th is modiAcation keep Ihe effect of di _cou ragi ng the player from changi ng quali ry va lues 100 muc h o r
too many times becau e point ma y be 105 1 wheneve r Ih,s is Gone ,
Adaptive maintenance i concerned wllh ada pIing the software 10 changes in the operating envi ro nm ent uch
as a new operating system relea se or a new versio n of hardware. As oft'\"arc system s evolve , It IS inevitable
that changes in their externa l environment will take place. An example i if '\Ie were to port o ur Encounler
video game caSe study to an iPhone. It ma y seem awkward to classify adap ti ve ma intenance as a kind of re pai r,
bur this is appropriate if o ne views an app lica tio n as a liVing cntity . In ordt'r to r('mam leg itimate, the
application must adapt to rea o nabl e chan ges in its e nviro nment.
Perfective maintenance is the develo pme nt and Im plementallon of u er reqllesl suc h as new feature
enhancements. Recall Lehman's Rrst law- Ihat ys tem s mu t con tinuall y adapt to o ngoi ng needs o r become
less and less useful.
As an exa mple of a perfecti ve maintenance reque<t , <uppose that thl' markelin g de partment ha de ided
that to make the Encounler vi deo ga me mo re atlfactlve and markelabl e, player require more tangi ble reward
for their skill. They wanl th e e nt ire loo k of th e ga me to be enh anced whenever Ihe player a h,eve, a new
level. The art department wi ll <uppl y the corres po ndin g graphi CS, and Ihe mainle nan ce orga n IZati o n is ta ked
with a modifica tion to accommodale lhi ' addi ti o nal requireme nt . a, «alcd in Figure 29.5. A so lutio n to till<
MR is dIScussed later In till' c haple r
Maintenance Request 16 2
Modify Encounter so th at the game begin' w"h area, and o nncl.!lo ns 111 a oordlnated <ly le \XIhen the
player achieves leve l 2 <tatu', all area, and connc tll)n< ifre d, <played In an e nhanced coo rdinated ,t Ie,
which IS <peclal to level 2 The art d epartme nt will rrov lde the req uired "nail .
Preventive mJlntcnan c cone<; ,c;;ts of c hang ing J c;;oftwJrc applt a ll on In order to m&lke It eas ier to maintaIn
'n,e need for preventive maintenance can be deduced from Lehman' <econd low As 0 program evolves over
lime, hange made through correc ti ve , adap ti ve, and perfective millAlcnancc requests cause the system to
become Inc reasing ly compl ex unless action rakcn to prevent it. Preventive maintenance Involves
IS
proactively rdaclonng the sy'\tcm to reduce its comp leXity. It IS Jlway~ a good Idea to pe rform preventIve
maintenance on an ongoin g baSI
An example or
preventive mainlcnllncc is to recog ni ze and anticipate Industry trends Suppose, (or
exampl e, that we sell a Windows ·based word pro cssor ond that we reco!: nl ze that word proce sors arc likely
to m1grare, In pan , to the \'(Ieb, A preventative maintenance action would be lO alrcr th e word processor's
architecture so that selected pans arc mo rc readily moveab le to the Web
Metncs can be used to identify lIrcas thilt need improvement. For example , by examining ddect mc(rics
It may be determined that a certain software modlilc has a hig h number of defecrs reported agalOst it After
flirt her inve tlgation It may be detem,ined that many of the defect are a rc ult of changes made wh,le prior
defects were repaired This might lead to a conclusion that the desig n of that modu le IS 100 complex, and thus
not ca, ily modified. As a result , mointenance work moy be perfom,ed to redesign the module to make it
Simp ler and morc mainta inable, without changi ng its hlOctionaliry , Subsequently , we would expect fewer
defect to be filed ogainst the refactored module.
Software maintenance preseOls a unique set of cha llenges. Ben nett [8) has categorized them as manage·
ment (what to do and who wi ll do it), process (what procedu re to fo ll ow), and techOical (design and
Implementa t ion).
Senior management tends to focus o n delivering new products, which are a Ou rce of revenuc (or COSl
savi ng if internal) and provide a quantdlablc return on investment. Funds spent on main .. enance , however,
are usually not si mple lO justify. The cost of maintenance is high , and unless the maintenance organization
ca n charge for their services, th e return on investment IS much les clear than for delivering new products .
As a resllit, maintenance teams can often be understarred and lInderfunded . maklOg an already dtfficult job
even harder.
oo ner or later, the need for organized maintenance i recognized by management and resources are
allocated !o it. Sometimes an. individual or a group or is assigned to repilir tasks ;lnd a se . pal'are group to
en hancements, Incorporated In new update or releases As software moves from shnnk . wr. ppc d d eI'Ivery and
big -bang integration to online deli very, cont lnuOliS '"tegratlon and security upd,tcs tlle tr:cn d h as be en
U ,
toward more frequent version updates ra ther than major releases_The management of rno fr d
. . " re cquent up ares
IS more demanding thon that for major relcoses Simply because !he act of relcase .
I more
freql1ent Th'I .IS
analogous to thc difference between managing a daily newspaper and a monthly magazine .
The management of maintenance involves the assessment of benefits the calc I ' f
' u atlon 0 cost and the
allocation of rcsourc~s, mainly pcopl~ . Table 29. 1 how examples of COSts MRs .. '
" . a r~ p non II zed bose<! on
ana l y~ like thiS However. maintenance requests arc often worked on in gf'OllPS s .
by coneent"'tinS on related MRs. !nce malntalners ·'V. tl'me
~ ,
ISSUES OF SOFTWARE MAINTENANCE 735
Process issues-the procedures to be carried ou t can also be a challenge. Extensive coordination is required
to handle the inAow of MRs. T ypica lly , numerous maintena nce requests flow cont in ually through the
organization. Some economy of sca le can be achieved , reducing the cost of cach change, but a stream of
maintenance changes places a sig nifican t burden on the process. Programmers , tester , and wnte rs have to be
coordinated. To take an example, shou ld the SRS be updated as soon as the customer indicates a Aaw in a
reqUIrement , only after thorough testi ng , or o nl y when grouped with o ther maintenance actions) Each of
these options leaves the documentation and source code in an inconsistent state for periods of time. Without
careful management, these supposedly short· lived inconsiste ncies ca n multiply and the documen tation get
out of control. The re ult is that it becomes difficult to know exactly what the application does.
If a Single , focuse d change were the only o ne we had to handle, the n our process problems would be
minor. However, source code changes in re ponse to an MR typically cause a ripple effect in the deSign ,
documentation , and test plans. An impact analysis (described in Section 20) determines the extent of the
ripple effect, and a cost analysis determines the cos t of implementation. As an example of a COSt analysi , let's
imagine that the Navy has inform ed us (a military cont ractor) that the algorithm for reconciling three
independent sources of shipboard navigation data is Rawed. An e timate i needed of the cost of making thiS
repair. Our calculation cou ld be performed as shown in Table 29. 1, which shows that the co t of making this
change at $400 - $800 per day of loaded labor (i.e., Including benefits, etc. ) IS $5 ,600-$28 ,000
Maintenance ca n be thought of as a repetition of the de vel opment process but with a major additional
constra int · that eXisting reqUired fun tionality of an eX isting code base i~ preserved . This Impcb 11< t
ellher add onto the eXisting deSign o r 10 redc>lgn the app lication Maintenance actions that are repairs
usually result In stayinll with the curren t dc,,!(n An e CC ptlor. to thi s is where the eX isti ng de ' Bn it<elf is
a source of the proble m. Add,nll to an eX lstln!l de ign has th e adva nt age of not perturbing ,.hat
already works but the pOte ntial disadvant'f(c of reatlng an lIna ~ cptablc overall de illn . Redcsllln has
the OPPosite advantafje, and d"adv. nta!(c, T he rede<lgn . ur. no t deciSion differs from projec t to project
and MR to MR
736 CHAPTER 29 SOFlWARE MAINTENANCE
A~ an exa mple, "UPPO)C that \'\fC \\IJ llllO ('nh.mel' ~he F n toulllt: r video ),(Jmc with tht: p rco;cncc of \cvcral
mon""" rJlher Ih an JUSI o nt oWe wo,dd prohably kee p Ihe Lurre", overa ll dC<lgn and add to II because the
overa ll 'ame rl' m a ll) S th e )JI1l(' In SPirit ilnd h CGlU"C th t· urrCJ11 archltc lUre " capJbk· of Jbs.orblng the
add itio nal apal>dity . O n th e o lher hand . If we arc reqUired to rurn Encou nter 1111 0 J rea l' lIme 31) game In
w hl h Ollr cha rJclt'r engages In v;:mouS "'Jy4; with the monster u~'ng wcapon) and they arc: Jblc to pursue each
o th er wllhm area, and from area to arca , we would reexa mine- and pr bably alt('r- thc c:xl) lIng arc hitecture
This IS because the COmbJl aspec ts wuuld domi ni.lt e the cXI"lIng ) la lC a~pcc{)
Tesllng IS a sig nl ficJ llIlechlll ailS ue Si mpl y focuslOg tes t on changed or added pans takes time enough
because pecial ttst plans l1Iust o ften be devised for this purpose. But fo u cd te'ling IS no t enough . The
posslbdl ty of npple e(fecls reqUIres th at we execute exte nsive regressio n teSlin g to cn, ure th at changes have not
compromls(.'d th e app lication's preexlsllllg funct ionality Thi s i a major factor In th e hi gh CO'Jo l mai ntcnance or
29.3 MAINTENANCE PROCESS
A ","i"lnl""e, pro css dennes Ihe flow of MRs through an orga nlzallo n Figure 29.6 dlustrates a tYPica l
ma intenance process in J large project, where the th icker lines indica te th e nominal path The additional
(thin · lined) paths show o ther ways In which MRs ca n be generated and retired.
In th e process shown In Figure 29 .6, customers prov id e co mments on enhancements and defect
through the help desk . Th ese are wrillen up as MRs. O rga l1lzatio ns ha ve a limited number of resources to
work o n IR, . mean ing that some of the proposed enhancements and repo n ed defects are eit her delayed
or nevcr implemented . .vtalOtenan cC' engi neers must therefore priOrit ize;.: i\1Rs. A Inag( proc(ss IS ofte n
empl oyed [9] th at includes the: re-vic\" of all proposed ffi (l/ntcnJncc reque sts and the prioritization of their
importan ce to th e bU. ln ess and to customers. Triage starts with an ofRc lal orga nizall o nalun il, wh ich may be
- - - Marketing
nominal
Written
MRs
Proposed
MaIntenance
Customer manager MRs
Help desk
- Approved
MRs
Modified SOurce
Rejected
& documentation MRs
a single person or a committee. deciding which MRs will be Implemerned and aSSIgning them a relat.ve
pnority . This unIt is often referred to as a Cbal1g, COl1lrol Board (CCB) ( 10). It co nsists of stakeholders.
selected from various organizations such as development . user documentation . marketing , quality assurance
(QA). and customer uppOrt . Each organization brings its ow n perspective, and collectively they decide on
MR priority.
The group conducts an Impaci a,,"lysis . which as esses the scope of the changes to the product's artifacts
that are necessary in order to Implement the MR. Each group represented by the CCB provides input into the
impact analysis. Maintenance engineers prepare an estimate of how long it will take to implement the MR.
and its impact on the system. including code and system spccl~cations . The user documentatIOn group
determines which user manuals, if any. are affected and require updates. QA determines how much testing is
required to validate that the MR is implemented correctly. and also to validate that problems aren't
inadvertently introduced into other parts of the system. In the case of repair MRs. customer support
may need to determine the impact on customers of the MR and whether there are any possible workarounds
that can be employed in lieu of repairing the defect. Using all this information as input. the CCB estimates the
number of resources required , the cost. and the risk of implementing the MR. It then decides whether to
accept or reject it; and if accepted. assigns it a relative priority. MRs approved by the CCB are then retired by
technical maintenance staff. New software versions and documentation are generated and available for
customers. For efficiency reasons. multiple MRs arc often grouped together and released as part of a single
maintenance release .
The number of artifacts affected by the implementation of an MR is va riable . Figure 29.7 illustrate two
extremes. At one extreme , the defect is in a requirement that requires changes in the SRS, the architecture.
and so on, all the way through to the code that makes the system operable in its intended environment. At the
other eXITeme. a defect could be present in the code for a method and the MR could affect that method
implementation but nothing else.
The minimal · impact case occurs, for example, when the programmer has failed to follow a standard i~
naming a local variable, o r when an unused variable is removed. In the worst case, however, every part of the
process is affected. Even for a defect in the code o nl y, the impact can range from minor to major. A seemingly
,1
Architecture
Architecture
Function code
Function code
Defee. Injected 116,..
7
Module (e.g .• package) code
"-
Module (e.g" package) code
Arch lleclU", __
--
:::.
Accommods/e ability /0 change
g/obalappearanC6: USB Abstract
~/
Function code
for Layout package
- - - - - --
----- as
Add classes and methods
Modify gameplay
-----
System code ----- --- - control code
SImple change such as an increase," the SIze of a compile-time C ++ array could have major ripple effects
throughout the application.
Maintenance Request 162, described ,n Figure 29.5 , aHects ewry aspect of the process, as shown in
F'gure 29.8. Recall that this new requirement-t he concept of mu ltiple game levels-is a signiRcant addition .
It leads to changes in every phase in the process_
When an application is designed with traceability in mind, the documentation of maintenance actions
can be manageable. Otherwise, the consequences can be extremely expensive.
After a defect MR is repaired, a process sometimes known as root-caust aHniym is sometimes conducted. This is
an iterative, problem-so lvi ng process ai med at determining the underlying reason Ihat a defect has occurred.
Once the root cause is understood , process or other improvements can be implemented to prevent similar
defects from recurring in the fueure . Root -cause analysis is performed via the change control board or its
d~ignee as part of the maintenance process. For each defect , the team asks a series of questions to narrow
down the root cause of the problem.
As an example, suppose that after an initial investigation it is detennined that the reason for a particular
defect is due to a requirement being missed by the test plan. The roOt -cause analysis process is then invoked
to determi ne the unde rlyi ng reason that the requirement was missed , and once determined, to ensu~ that
other requirements are not omitted in the future . The following series of questions illu trate the iterat,ve
narure of rOOt-cause analysis (9), [II].
2. Why? It appears that the requirement was cha nged after the SRS and test plans were completed.
3. W hy? The customer communicated wit h the product marketing group their desire for the ch.nge, but
th is was commun icated o nl y to development. The rest of the tea m was unaware and therdore didn't
update the SRS and test plan .
MAINTENANCE PROCESS 739
~ . Why~ Product marketing thought this was an .solated change that wouldn't affect product te t.ng, so
they communicated it only to development.
S. Why) Product marketing didn't underst:and that all changes to leatures must be communicated to the
entire team .
Once th. root catlse is understood , the product marketing department can implement appropriate
changes to its proc ..ss that prevent th.s type of problem from recurring .
As root causes are detemlined, metTics are recorded to keep track of them . To provide consistency and
make it easier to track and ana lyze, it is helpful to deRne a list of root causes from which the team can choose .
Rakitin [9] suggests the fo ll owing list.
A metrics analysis is periodically performed to identify the most common root cau es. The result are
used to create a plan of action to eliminate these types of defects from recurring For example, if it is found
thaI many defects are caused by Cod, prohlrm cod, rwi,w d.d" 'I ca lch iI, a review of and improvement to the code
review process can be implemented.
Patches are used in two ways. The Ar t way concerns gelling new or replacement software vers.ons or parts to
users. The second addresses delay< in impleme nt ing an MR .
In Ihe first way, patches arc permanent replacements of parts of the application. They often take the
form of a set of fi les, sent via the Internet. that replace object code already written . In th.s case, the challenge
are for the customer's organization to ensure that patches arc appropriately installed. Many customers
conduct their own system tests of patches that ' 5, 111 their ow n environment.
The second way concerns the handling of defect MRs thot require s.gnincant time to remedy It al,o
concerns defects that hamper a customer's use of the ys tem and so must be remedied quickl . A rap.d Ax is
not always possib le. To take an extreme example , in a m.lirary application with which one of the authors
was once involved , nine months cou ld elapse between the .dentiAcation of an MR ond it complete
implementation and docume ntation l l n these case patches are modifications or addition s to the object code
that either nx or work around a defect. FiBure 29 .9 showl a way .n whic h the'" patche an be organ.zed
w.th.n the develop me nt orga ni zatio n It demon strates the nom.nal , "ofAcial" path taken for a pat .. h on the
740 CHAPTER 29 SOFTWARE MAINTENANCE
1. Get malntenance-!r8Quest
2 . Approve changes
:r
3. Plan changes
Assess
Coordinate
impacl Execute
I
with
patch
4. Change code and documentation
Advantages Disadvantages
• May be a complete solutio n to the problem • May duplicate work
• Keeps customers satisfied - patch a"d final fix both implemented
• Enables continued operati on and testi ng • Temporaries sometimes ne ve r replaced
without prese nce of th e defect - pro per fix deferred fo reve r
• Avoids masking other defects • Complicates fi nal fix (where appltcable)
• Enables test of fix - must rem ove
• Complicates documentation process
• When too ls used for insertio n, ma y com .
promise code base
left-as well as an informal process f.or ge uing the patch into the application on a temporary basis on the
right of FIgure 29 .9 .
The advantages and disadvantages of patches include th ose li sted in Figure 29. 10.
The comment about "masking" refers to the fact that allowin g defec ts to remain can make it difficult to
detect other defects whose effects arc hidde n by the effects of the nonrepaired defect .
It is simplest when a single test leads to an MR that is worked on as a SI ngle ac tion , but the proce s is often not
so simple. Mai n tenance requests emerge fro m reports of trouble experienced with the application (often
called sofl ware tro"bl, reports). There may be several pieces of evidence for a si ngl e MR or, Conve rse l)" several
MRs th.t grow out of a single trouble report. E.ch part of the work on an MR that IS worth d ocumenting I
recorded in a so ·called correction rtport . To deal with the prol ifera tio n of correction reportS, We may need to
identify a child MR of the MR under conSideration . This organIzation is shown In Figure 29. t I.
IEEE MAINTENANCE STANDARDS 7.1
-;., ::t,
I, Malnlenance
Request
~ Sollware Trouble Report
STR 902834
1293
Figure 29.11 Software trouble reports. maintenance requests, and correction reports
The IEEE ha published standard Sid t 2 19· 1998 [ 12], which descri be. an iterallve process fo r managi ng and
executing software maintenance activities. It is gea red to large projects. but it is instruc ti ve to examine this
sta ndard as a speCific and de tail e d example o f a mainte nance proce s for projects o f a ll sizes. Its table of
contents showing the pertine nt secli o ns I Ii sle d In Figll": 29. 12 .
The sta ndard deA ne. seve n p hases t hat an MR flow< th roug h . each orrc pondlng to a scction '"
Figu re 29. 12. as fo llows,
2 Analysis
3. Dcsign
4 . Im plemen tation
Note th at th cse ph ases are si mila r to the phases of th e develo pme nt p rocess. Eac h of th e phases has six
attribu tes th at desc ribe th e actio ns and data associ ated w ith th e m,
1. In put
2. Process
3 Control
4 . O utput
Figu re 29. 13 su mma rizes the relationsh ip betwecn t he p hases and attributes. The foll OWi ng sectio ns
describe how a mai ntena nce req ucst flows thro ugh each phase.
Phase ANributes
1. Problem identification
a. Input 1I1e cycle
2. Analysis art~acts lor this step
Process required for
3. Design this step
4 . Implementation c. How the process is
controlled
5. Syslem tes! d. Output I~e cycle
artifacts
6. Acceptance
7. Delivery
PrIX .s. quafl1y
lactors Involved
Metrtcs lor this
• Clarity of the MR
e. Selected quality factors
• Correctness of the MR (e.g., type)
• Number of omissions in the MR
• Number of MR submissions to date
f. Selected metrics
• Number of duplicate MRs
• Time expected to confirm the problem
SOUrce: IEEE Sld 1219-1998. Reproduced WIth permIssion
This section describes and explains Steps 1-4 in Figure 29 . 13. Steps 5-7 arc si milar to the regular testing
and delivery process. Testing in particu lar emphasizes regressio n testing to ensure that exi stin g functionality
has not been compromised.
In this initial phase, MRs arc identified . claSSified , and assigned an ininal prio rity ranking . Table 29.2
summarizes the process (or the identification phase of maintenance requests
"Problem Identi fication" In the Encounter case study, for exampl e, wa perfom,ed by the marketing
department. They solicited and exam ll1ed user complain ts about the co mpl icated way In whi ch Encounter
game characters exchange quality va lues as a result o ( engagements
Table 29.3 summarizes th e ana lysIS phase (or maintenance req ue ts.
Maintenance problem s range (rom the Simple to the deeply halle nglng. Fo r example, suppo e that we
want to provide the En ountcr ga me player with addin onal image op tl on< (or the main playn This appears to
be a straightforward request, however, the ex tent o( mainte nance request> like thi S is often underestimated
The ana lys; process is deSigned to uncove r the rca l work 111 ca rrying out modifica tio ns and additions For
example, we might dete rmine that the InCrN cd number o( Image opti o n, req Ulf(: a o mple tc reworkll'lI o(
the way In whic h th e Images arC di <p laycd and c ho en
As an example , let's analyze Malnte nanLC Request # 162 (or the ca e <Iud (see Fi gure 29 ) to
~ tlmate the resou r e' reqUired to dCl lgn and Impl ement It W e \" ill u<C the Ab,tract Fa tory design
patte rn (o r the deS ign o( th is MR , . , dc, nbed In ha[lter 17 Modifica ti o n to the oblc t modd to
accommodate these, and the new I.,sc> arc req,"rcd O n c th c>c modificati o ns arc matie, it al'pe . .... that
744 CHAPTER 29 SOFlWARE MAINTENANCE
we will need o nl y to replace all Area and Are.Connectl o n references in th e client code (the code usi ng the
new configuration ) such as
· . . = new Ar ea ( ) ; a nd
· •• = new Co nne ct io n ( ) ;
and so on
IEEE metrics that quantify these modiRcations arc as fo ll ows .
• Number 01 requirements changes for MR ~ 162: between 140 and 450 as fo llows.
Since we have organized the require menrs by class, we COU nt
• The number of new classes that must be described: 60 to 90 (there are 20 to 30 levels let' d1
f ' S .lY. an or
each of thes., Abstract Factory requires a .. ctory class . a ;ubcla s of Are. 'nd a bel f A
• u u ass 0 rea.
Connection)
plus
• The number of new methods: (2 to 5) per cia s • (60 to 90) classes ", 120 to 450
IEEE MAINTENANCE STANDARDS ,.,
a. Use linear regression, in which a set of past data is used to derive a straight-line approximation , and th is
straight line is used to approximate the result. For example, instead of usi ng simply "300 detailed
requirements were completed with 6 person -mo nth s = 0 .02 person -mo nths per requirement ," we ca n use a
graph of several different past projects and fit a traight -Iine relation ship to these, as shown in Figure 29 . 14_
This gives a more reliable resuIt : • range of 2 .5 to 9 .3 person · mo nths. It should be noted that regression
methods are also available that fit curved lines.
b. Account for factors such as the nature of the application and the composition of staffing For example , if
the data are available, one can create graphs that use o nl y projects of the sa me rype , or projects whose staff
had equivalent experience levels.
c . Include variances with the measures described . (It is useful to know averages , but we are also interested in
the extent to which measurements have differed from the averages in the past.)
9
300 detailed
requirements
compleled w~h 6
person-mon1hs
•
-o • •
-
.8
•
g3
z •
Flcure 29.14 Using linear regression to estimate the effort for Implementing an MR
7~6 CHAPTER 29 SOFTWARE MAINTENANCE
• Verify design
c. Control
• Inspect design and test cases
• Revised ...
· .. modification list
· .. detailed analysis
d. Output · . . implementation plan
• Updated ...
· .. design baseline
· .. test plans
• Effort in person·hOurs
f. selected metrics • Elapsed time
• Number of applications of the change
SOUrce I£EE std 1219- 1998.. ReptodLICed WIth permtSSlOn.
GameEnvironmenl
I
Area EncounterAreaConnection
EncounterEnvironment
I EncounterEnvironment I
Figure 29.15 EncounterEnvironment package (before modification)
1 .. n
'-1 Client I
EncounterEnvironment
EncounterAreaConnect/on
I I \
I I
Level 1AreaConnection Level2AreaConnection Level3AreaConnection
- create ..
TIllS plan beg ins with the ex isting design. th en adds and tests parts that do not di rupt the existrng
implementation such as ty pes of areas and co nn ectio ns. Before th e last step. the redesig n i ready to execute
the Abstract Factory impl ementat ion. each of the pa ns hav rng bee n thoroughly tes ted In th e fi nal tep. the
new crea tio n process is fi nall y "rurned o n" and tested
Table 29.5 shows steps and docu mentation for the Impl ementati o n of mai ntenan e req ue t<
....
t
~
VI
a
Start: Existing Model
I
~ EncountsfAreaConnecrion
t:,
I ~
[ EnoountarEnybonman1 I Level lArea Level2Area Level3Area
'";:m
:p
-z
f-----../ """ I ~
:p
., EncounterAreaConneJ:tJon z
leval1 AreaConneclion lovsl2AreaConnectlon Level3AreaConn9Ction
hl
Phase 3: Inlroduce The .Builder Class and Subclasses Final Phase: Aclivate buildAreall and bulldAreaConnecrlonll
Area Area ~
,--
,
EncounlerAreaConnecllon ~ Encount9rAreaCoonection I ~
T
A
Lev"" Area Lovel2Area level3Area LevellArea l evel2Aroa Level3Area
•,,, -.: , ~
,
,, ,
,, , " ,,
, ,, ,,
,
Ley~ 1AreaConnection l evelZAreaConnection l evel3AreaConnection l evelt AreaConnection Level2AreaConncction l"eveI3Area~ eellon
,,
,,
, , , ,, ,
,, ,,
- "' , , ~
,,
,,
,
• Inspect code
• verify .. .
c. Control • • • CM control of new code
• • • Traceability of new code
d. Output • Updated .. .
· .. software
· .. unit test repcrts
· .. user documents
• Flexibility
• Traceability
e. Selected quality f actors • comprehensibility
• Maintainability
• Reliability
The response to maintenance reque sts can invo lve a sig nificant amount of development , and th is
may actually introduce new d efec ts. The mor m/, is th e number of defects cr ea ted by thos m a", tenance dfort
per unit of eflort (e.g . person. m onth ). The measurement metho do logy for these new defects has to be
precisely defi ned-for example , "th e number of defec t< of medIum eve rity found within th ree mo nths of
deployme nt." Suppose , for exa mple, that th e handlIng of MR " 162 de ribed above co n<ume twenty person ·
days and pro duces ten defec ts, th en the error rat e for thi s MR would bt, 10/20 = 0.5 defec ts per person · day,
The remai ning m ai ntenance steps arc 'ystem te tin g, acceptance testi ng , and updati ng the project
documentati on . The procedures followed for the e are si milar to th ose for regular development.
Systems th at have been maintained for a signlr.ca nt amount of timt' arc referred to a /'9"')' sy /nll Thi, teml i,
often used. more panlcularl y, for 'ystcm that most peo ple wou ld like to rep l.ce but would be expcn .. vc to
replace. As previou<ly no ted, <oftware system s that are subjected to repeated lll'fIltenance aCllvi lle< bt'coll1 c
larger and more comp lex, and ma intai ning th em can be a c hallenge. ome of th ese c hall c n g~, Jr~ •• fo li ow,
• Soflware compleX Ity due lO o nllnuous mai ntcuanc c- ' 1; ., Increased coupling
• La k of a cur.lle do umenlatiOn
• rigin.1 developers who fully unoerstond the systems ore no longer avatloblc
A the complexity of legacy sy<lems increase , so docs the cost of maintaining the m Organlzallons are
faced with the c hallen ge of how to rcdu e com by making sy,tcms more malntamable . A good approach,
especially for YS lcms with little or no documentation or w ith ou tdated documentation , IS to start with rwtrS(
tl1gU1CCntl9 This IS a te hnlClllc in which a sys t{'m is I'nalyzed to identify ItS components and thelT IOt(r-
relationships From thl information its design and specifica tions arc recreated . That is, we start w ith a low
level of abstraction (sou rce codcl and c reate a higher level of abstraction (design and documentation ).
Another common technique is '('"9111((rI1l9 , where the sys tem IS restructured in order to Improve H5 design and
maintainability . The re-e nglnee nng process ofte n sta rt s with reverse eng ineering
Soft\Y'are products under maintenance have a wide va ncty of possible hi stories, many existing applications
are poorly or Inconsistently documented, and not very well understood. This leads to inefficiencies as
maintenance engineers attempt to Implement MRs on systems they do n't fu ll y understand . Reverse
engineering brings such a system to a consistent , documented, understood sta te. Two components of
reverse engineering arc "doCllm",'allo" and dcsi9" " COvcry [ 13 J. Redocumentation IS typicall y the first step in
reverse engmeering in which documentation describing the system is generated from cxi ling source code.
Several commercial tools arc available to assist in th is purpose, which ca n, fo r example , reformat the source
code to make It morc readable or extract comments to form documents.
O nce the necessary documentation IS available, the next step is desig n recovery. This I the process of
analyzing the available documentation and know ledge about a system in order to understan d its desig n. Once
successfull y completed, improvement to the design and the system can be impitmented . T ools are available
to generate UM L class diagrams fro m source code, for example. Th is usuall y produces a very complicated
diagram. The diagram can be used to build the key parts of the UML by hand or by erasures. Suppose, for
example, that we were to lose track of the UML for the Encounter video ga me. \Vie could Rrst ge nerate the
UML for all of the code. After that we could start with a key class such as EncounterEnvironment , identify all
classes that it relates to , select some am ong th ose to retain , and then repeat the process with those or stan
with other known classes.
29.5.2 Reengineering
The short·term goal of maintenance IS to fix a probl em or install a feature as soon as possible. The lo ng.term
goa l is to position the changlOg system so that it continues to work efficiently Jnd with reasonable cost per
MR into the future . Due to increasing complexit), and the escalation in cost per MR. we periodically take a
fTesh look at the entire architecture and design of the system. Making c hanges to the architecrure fTOm the
tOP down is the maIO task of ""'9 i ",m"9 . As defined by hlkofsky and Cross [ 13J reeng' . . h
.. " . . . . Ineenng IS t e
examination and alteration of a subject sys tem to reconstitute it in a new fann and t·h b
.. c SU sequen r
impkmcnt-ation of the new fann . Sometimes the rccnglnccrcd sys tem •
support new requ I're mems t h at t h e
older system was unable to implement. The overall goa l of reengineering is to c I cat".....• sys t ('m [ h at IS Ies
complcx, and ultlmatd y . easier to maintain and less cos tl y.
As an example of recnginecrlng, suppose that the video stOre appilcation IS reqUired to - k h 'd
• ~hlC t c non ·v, co
Items that customers purchase at the store (candy, paraphernalia etc ) In the absenCA of .
. . . ' . . ... rcenglneenng , we
might add vanables to the C. , 'omrrclass so that when c.,,'omrrob)cct< are storcd th.ese add' t Id
• I lana ata arc stored
at the same time. In all likelihood, this approach will eventually produce a hard· tO·Ill· t I"
.. In am app .cation.
MAINTENANCE METRICS 751
DVDs
DVDAccess
./ac.C»...
DVDRenlaJs
DVDRenlal
VSCustomers
DVDCustomerAccess H
"'facade~ D D •
DVDs
DVDRenials
DVDAccess
wfacadelO -t<> DVDRentalAccess
to .. facade,.
nonVideoltel1 ts
VSCustomers
NonVideoAccess
.. facade ,.
.facade.
YidaoStore
• to be completed•
Key: reenginccrcd parts: I I
XX
Now lei's consider a recngi neering approoc h Recall the exisling video <lore architeclllre , as hown in
Figurc 29. 18.
Tracking non · vldeo purchascs docs nOI properly At InlO ony of the modules shown , Jnd con cqucntly a
"Off Vid,o(Jcms package IS mtroduced Si nce Ihe busi ness of Ihc 'tore now onsists of morc Ihan renr.ls. a cparate
managemenl module i strong ly indicated . We will label Ihis module vldro loft. In addition . it now becomes
appropriate to Introduce a facade object for Ihe DVDRnllais pa koge Th, rCSul1 in rhe reeng1l1ccred
architecture shown in Figure 29. 19
Since mamlenance con um es a large fTa tion o( I,(e y Ie 051 . illS pJrll ularl important 10 qUMHify il
and benefils NOI all orgaOlzallons have rhe sa me goal, in pur uinl: rnomlenan c rl-.",nI 2.lio", Arsl
determme the m.,ntenance go.ls (or Ihe appl,callon . then , de tor trcale metne< thaI measure their de~ree
752 CHAPTER 29 SOFTWARE MAINTENANCE
How long does it take • Fault closure = Average lime required to correct a defect. from
to fix a problem? start of correction work.
• Fault open duration =Average rime from defect detection to
validated correction.
Where are the bottlenecks? • Staff utilization per task type =Average person-months to (a)
detect each defect and (b) repair each defect .
• Computer utilization =Average time/CPU time per defect.
Optimize effort Where are resources Effort and time spent, per defect and per severity category • • •
Minimize defects Where are defects • Number of entries and exits per module
most likely to be found? • Cyclomatic complexity
• Ratio of commented lines/ KLoC
(KLoC = thousands of lines of source code, including comments)
-'-
of success in attai n ing th o e goa ls. Tabl e 29 .6, bosed o n a tabl e by Stark and Kern [ t4 ] , illustrates this b y
sh owing h o w three di ffe rent goals indicate the u e of different m etrics.
"The definition of "fail ure" for th e applicatio n under teSt depends on what th e customer pereeives as
fai lure, and ra nges from app lication cras h es to specific types of problems. For a fi nancia l application, for
example, any calculation resulti ng in a discrepancy of a dollar o r m o re cou ld be defined as a fai lure. In any
case, the definitions should be explicit.
Let's consider how metries ca n be used to manage a maintenance activity . Th e fractio n of co mmented lines i n
the ouree code h elps to pred.ct th e relative magnitude of a maintenance effort. For example, suppose that the
application bei ng m ain tained co nsi sts of three modules (Accounts Received, Timesheet, and Sick Day Recorder)
each with the size and com menting data shown by the respective black and white dots in Figure 29.20.
Compared with the AccounfS rcccivtd and T.mrshrtf m odules, the Si k Day R,rord" module is liable to
produce the biggest mai ntenance ch allenge because .t .s larger and has J larger proportion of uncommented
lines 01co de. The Accounts R,crivabl, m o dule is likely to be the least expe nsive to maintain because it .s the
smalles t and has a h igher than average proportion of co mments. Th e proportion of comment lines ca n be
obta i ned usi ng a uti l ity program or by counting from a random sample of pages of code.
MAINTENANCE METRICS 753
I I
0 t I I
I I
Percentage 01 0 I
•
I
I I
comment lines I I
(higher value = lower I I
I I
maintenance effort) 0 I
I
I
• • I
I
I
I
Size
•
I
(lower value = lower I
I
maintenance effort) I I 0
I I
I I I I
I I I I
I Accounts I I Sick day I
Module: I I Timesheet I I
I received I I recorder I
LOWEST HIGHEST
EFFORT EFFORT
T o manage a ma in tenance effort, grap hs like the one In I-ig urc 29 .2 1 arc useful. These s how new, ope n,
and closed MRs.
According to the c han in Figure 29 .21 , a large number of reque ts for repair and en hancement arnved in
the nrst twO yea rs, resu lting in a peak backlog during th e seco nd yea r. This backlog was eventua ll y worked off
The pronle in Figure 29.2 1 is a typica l o ne , w hether the comparable time scale are years , mo nths, or weeks.
T ypica ll y , th e maintenan ce ma na ger t-rics to account separately for fau lt and en han ement, so that the
mte cost of the application , as reqUired, can be tra cked .
To manage an orga nization's effective ness in handling the maintenance workload , a graph '" has th.· One
in Figure 29.22 can be used. The graph shows the average number 01' weeks that a maintenance request (whether
800
400+f"
300#
200#
100
o
o "
o .. " o
5+ o
o o o
a repair or an enhonccmcnt ) has been waiting for resolution, measured from the time it was first r~portcd. It shows
a converge nce to on average dciay of about one week for repairs, and roughly four weeks for enhancements.
The folloWing is an excerpt fro m the OpenOfnce there is time ). Here is a general rule of thumb for
documentation that illustrates 0 means of handling priorities,
defects and e nhancements.
P I-Ope nOfnce cannot be used fo r testing or
development.
ISSUE HANDLING AS A QA TECHNIQUE IN P2-0penOffice crashes o r basic feotures do
OPENOFFICE not work.
The 1,,",Zilla (IZ ) tool is an accesSible li st of Open . P3-Bugs that usuall y involve a feature not
Of nee "issues." These indude defects and en · working as expected .
hancements. OpenOfRce publishes guidelines and
P4-Bugs that do not offect basic features and
protocols for dealing with issues. The following is
usuolly have workarounds.
quoted f"rOm o penofnce.o rg. Priorities ran ge from PI
(very urge nt) to P5 (will be considered when PS-Very min o r annoyin g bugs.
ISSUEZILLA STATISTICS
Table 29.7 is an example of the statistics available using IssueZ,lIa [ 15] during an exomple time penod. It
tracks the number 01 dderts in each state (e.g., rrop<",d) within each major part (e.g., ,preadsbttt) of OpenOf6ce.
Tab le 29.7 Examples of statistics available using Issuelilla
Project State changes 08/ 02/04 07126/ 04 07/19/04 07/12/04 07/05/04 06/ 28/04 06/21/04 06/14/04 06/07/04 06/01104
Api reopened 0 1 1 1 1 1 1 1 1 1 1
Api started 2 101 99 98 94 97 93 95 100 99 97
Api unconfirmed 1 15 14 13 14 23 21 15 11 13 13
Api new -4 74 78 82 85 70 71 64 59 61 67
ap' Result 191 192 194 194 191 186 175 171 174 178
Chart reopened 0 0 0 0 0 0 0 0 0 0 0
Chart started 0 47 47 46 46 42 40 40 38 40 43
Chart unconfirmed 1 4 3 1 1 1 3 2 2 2 0
Chart new 0 3 3 3 3 3 3 1 3 2 3
46 46 43 43 44 46
chart Result 54
- -53 50
- 50
- - - - -
2
-
2
-2
database access reopened - 1 4 5 6 5 5 5 5
database access started - 1 30 31 29 29 28 30 30 31 31 31
daUJbase access Result 141 138 137 133 142 153 151 108 117 114
~
§
.......
...
756 CHAPTER 29 SOFTWARE MAINTENANCE
T.,hlc 29 I ,how, defect , taLU at a summa ry leve l It " a u,oful furm for pro JcU leade"h.p when
J "c" .n~ the matum of rc cnt MRs. ther form, of th e data <how defcch and fea tures (".ssues") grouped
,K ordi n); to module, TIllS enables a develo per to work n <evc ral related f<SUC S at more r Ie,s the same t.me ,
Jnd It enahle, a leader to a seS5 th e health of a module and the work of team,
29.8 SUMMARY
Software sys l e m s CO llt'l11UC' to l'volvt' after th c lr Inllial deve lopment and rel ease o(tware mainte nance
co nsist o f those aCllv .t ies that are performcd o n the sy, tem after .t< release, such as rcpa or of defects,
Implemen tation of enha ncements, and adaptation to changes In the enviro nmen t
The hallen ges of software mJ,,\lenance full into three mam arc", management , procc«, and techOlca\.
"1anagcmcnl must undC'rsrand th e comple xit y and va llie o f maintenance and prOV ide adequate support .
Impl emcntong Jn efficient maintenance process helps rcdu e the complexity T ec hn. ca l challenges In lude
th e desig n of regres ion te sts to ensure that Implemented malntcnan C requests do not havt" unintended '§I de
dfcc!> o n olher parts of the system .
A tYP ical ma.intenance process starts with eu tamers provi din g co mm ent on enhancementS
and defect s through the help desk . The care wrinen up as Maintenance Requ e ts (MRs ) MRs are
reg ularly rcvie,y"d and prioritized , often by a change control board (CCS ). The CC B . composed of
stakeholde r g ro ups suc h as development , use r documentati o n, marketing , quality assurance , and
customer support .
An impact anal ysi i performed on incoming MRs that assesses the sco pe of the change to product
artifacts that arc required in order to impiement the MR. Each group represented by the CCB prov.des
inpUt.
Root·cause analysis is a process conducted after complet ing the repair of a defect MR. It purpo e is to
determine the underlying reason that a defect has occurred . This information is then u ed to .mplement
process improvements so that si milar defects are prevented from occurring on the future .
IEEE Std 1219-1998 describes an iterative process for managing and execut.ng software maintenance
activities. The standard defines seven phases that an MR flows through , similar to the pha ses that Occur during
new product development, MR identification and prioritization , analysis, design , .mplementation , testing,
and delivery. Each phase has six attributes associated with it that describe the activitie and data for that
phase, input , process, control , output, quality factors , and metrics.
As software systems evolve , they become more complex and less understood. Freque ntl y, much of the
original documentation is lost or outdated, and man y if not all of the o ngonal devel opers are no longer
available . Reverse engineering is a process that reconstructs system documentation, such as cnhan ed, mort"
readable code, or class diagrams, from existing source code . An understand ing of software arc hitecture and
de ign is then constructed from the new documentation .
Periodically, organizations take a fresh look at the whole design of a ystcm , with the goal of reducing
its complexity, increaSing its efficiency, and making it more cost effective to maintain . Changong to the
software architecture and design to meet these goals is referred to as reengineering. This IS especially needed
for older systems whose design has deteriorated over time.
It is common for organizations to define specinc malOtenance goal and then de t or create metri
that measure the organization's degree ofswccess in attaining those goals. For example. of a goal is to ",tn i mi~
defects. metrics would be collected to measure the complexity of the code. with a goal of retactonng tho
areas that have the highest complexity.
EXERCISES 151
29.9 EXERCISES
2 D~cri~ in your own words four types of software maintenance. Is there an example of a
maintenance request that might overlap two of the categories1
3. Give examples of corrective, adaptive, perfective, and preventive c hanges for the Encounter case
study.
4 . Suppose that a proposal is made to change the le ngth of an array in an application to accommodate
requirements that were not previously satisfied. What activity is reqUIred before actual changes in
the code can be made)
5. Describe a practical scenario in which the rather lengthy maintenance now illustrated in Figure
29 6 might need to be circumvented)
6 . A propo al has been made to implement the following requirement for the Encounter ca e study,
which was initially designated optional.
PlayerCharacter Requirement [desirable] ("Player character image") The player shall have the
option to choose the image representing her main c haracter from at least 4 elF files
a. Convert a simu lation of the operations of a bank into an automated bank security ys tem .
b. Add to a simulation of the operations of a bank so that it handles the moveme nts of security
personnel.
c . Modify an online tutoring ystem 0 that it ca n to provide multiple-choice quizzes at any time to
permit tudents to asses their understanding of what they are currentl y reading.
8. There are many co mmercial rever e engineering too ls that automatically genera te docu ·
mentati o n from source code. Using Inte rnet resea rch , Identify two suc h tools and descnbe
the types of documentation the y generate , Explain h ow the documentati o n c1arines the source
code
Maintenance
(a) Obtaon projec t specdica tl o n, from twO o the r teams Ir. the la" Propo e at least une 01 c. h of the
fo llOWing type, o f mo dification" orrec tl ve, adaptive, pcrfee.ivc , and preventive
(ill Anothe r learn Will have proposed four ~uLh modir, tlo n< to your pro)c l. Develo p an Imp3 t
asses~ment on your prOJect of each 0 1 the< mOOlnCatlOI1<
758 CHAPTER 29 SOFlWARE MAINTENANCE
( ) NegotlJte with the tca m proposin~ modifica tions to your project to make them reasonable In terms
of the resources required , then Implement these modiAca tions.
(d ) Implement, tcst, and measure your modifications
BIBLIOGRAPHY
I ·,EEE St3ndard C losSilry or Soft""'Jr(' EngmC'cring Tc:munology,· IEfE Sid 6fO 12 · 19 90, Dccc:mbcr 1990
2 Foster, ) . Cost FJClo,,", In Softwa re M.,imcnancc, Ph D thesIs, Umversity of Durham. NC. Computer Science Dept, 1994 . as noted
on [9)
3. Pigosk •• Th oma .. M . Practical Sojfll."Jrt Ma'"'1'lt4lfCC en, ProClted for A14Jlfagmg
Your SofrlD~rr !.mrs,.".ett', John Wiley &; Sons, 1996
.. LLhman, M , "Program .. , Life Cycles, and the: Laws of Software Evolulion," ProcrrJ'"9s IEEE, No 19, 1980, pp. 1060-1076
5 Lehman , M . "Progr3m Evolution Inlo m1311 on Procc~'SinJ.: Management: ProcttJilf9s fEEf. No. 20, 1984 , pp 19-36
6 Lentz, !knnt'n J> . and E. Bunon Swanso n, "Sofh"nrr Mn i"fnlaflCt MDrur9011ntl," Addison·Wc:slc:y, 1980.
7. Llcntz, Bennctt P., E. Bunon Sw;)nson, and G<:ny E Tompkins, ·Char"ctcri'stics or Apphcallon5 Softwa re: Maintenance,·
0!ft"'111'11 {"aho"~ oj the ACAI (CA CM), No 21 , 1978, pp. 466-471.
8. Bennet!, K.,"Soh",arc Malntcnance, A T ulOnal: Softw3 rc Engin("cn ng. IEEE Com/lIlla Soclrty, November 1999, as notcd In [Dorfman
.lnd Tha yer. 19'-)9 J
9 Rakltl n, Stcvcn R.. "SofhDtJrt Vcnjicallon a"d Validation fot PraChlrontr1 lind MII"agrn:," Artcch H ou~c Publishers. 200 I "
10. McConnell. StC'Ve. "'Rapul Dnxfo"",ml To".ing Wild SojhDlH( 5<IKJuIN," Microroh Pr~s . 1996.
11 Arthur, lowcll J. , Improving Sohwarc QU.1liry An Insidds GUide to TQM. John Wilcy & Sons. 1993.
12. "IEEE Standard for olrwarc j\'1amtcnance,- IEEE SlJ 12 / p·199Jf, 1998.
13 Ch,korsky. 8hotLJ , and James H Cross II . "Rt'Vcrse Engmeenn~ and Dcslgn Recovery: A Taxonomy," IEEE Sof'lI'Ort, Vol. 7, no. I,
1990, pp 13-17
I.. Stark , Cc-orgc E , 3nd LOUIlOC C. Kcm, aA Sohwarc Metric Sel for Progr"m Maintenance Managcmcnt,- )(}uTMI of SYJf""S lIMd Sof'~IIIT.
No 24. 1994 , pp 239- 249.
1S. Opc:nOfAcc. hup:I/qa.opc-nofncc:.orgt. z_slatl.ak,hlml lacccsscd November 18, 2009).