SOFTWARE QUALITY ENGINEERING

LECTURE 03
 LECTURE OVERVIEW

❖ Quality Assurance (QA)

❖ Classification Scheme for QA as Dealing with Defects
✓ Defect Prevention

✓ Defect Reduction (Defect Detection and Removal)

✓ Defect Containment
QUALITY ASSURANCE FROM THE
CORRECTNESS CENTERED VIEWPOINT

❖ To ensure that few, if any, defects remain in the

software system after its release
❖ The remaining defects cause minimal disruptions or
damages
❖ Survey different QA alternatives to prevent,
eliminate, reduce, or contain different types of
defects
CLASSIFICATION OF QA APPROACHES

1. Defect Prevention
2. Defect Reduction (Defect Detection and
Removal)
3. Defect Containment
DEFECT POREVENTION

1. Defect prevention Prevent faults from being injected

into the software
❖ Two generic ways:
1. Eliminating certain error sources, such as
eliminating ambiguities or correcting human
misconceptions
2. Fault prevention or blocking through the use of
certain tools and technologies, enforcement of
certain process and product standards etc.
 DEFECT PREVENTION TECHNIQUES

✓ Education and training

✓ Formal methods
✓ Process conformance and standards enforcement
✓ Tools and technologies
EDUCATION AND TRAINING

❖ If human misconceptions are the error sources,

education and training can help remove these error
sources.
❖ Education and training of software professionals
can help them control, manage, and improve the
way they work.
EDUCATION AND TRAINING

❖ Product and domain specific knowledge

If the people involved are not familiar with the
product type or application domain, there is a
good chance that wrong solutions will be
implemented
EDUCATION AND TRAINING

❖ Knowledge about the specific

development/testing tools used by the
Organization:
EDUCATION AND TRAINING

❖ General Software Development Knowledge

and expertise:
▪ For example lack of expertise with
requirements analysis and product specification
usually leads to many problems and rework in
design, coding and testing phases
EDUCATION AND TRAINING

❖ Development Process Knowledge used by

the organization:
▪ For example if the people involved in incremental
software development do not know how the
individual development efforts for different
increments fit together, the uncoordinated
development may lead to many interface or
interaction problems.
 FORMAL METHODS

 Formal specification and formal verification

 Example: Axiomatic approach
 Meaning of program statements is abstracted as
a set of axioms
 Rules are used to compose axioms to build up
proofs of entire program correctness
 Program behavior is explained as a set of pre-
conditions and post-conditions
OTHER DEFECT PREVENTION TECHNIQUES

 Ensuring appropriate process and conforming to it

 Configuration management can be used to have
consistencies
 Syntax directed editors
2. DEFECT REDUCTION

2. Defect reduction through fault detection and

removal
 Detect and remove faults once they have been
injected
 Two categories:
 Inspection of software code, design etc.
 Testing of programs by executing
INSPECTION

❖ Software inspections: critical examinations of

software artifacts by human inspectors aimed at
discovering and fixing faults in the software systems
❖ Mostly applied on software code
❖ Can also be applied on other software artifacts,
such as designs, product specifications, test plans,
etc.
INSPECTION

❖ Typically conducted by multiple human inspectors

❖ Multiple inspection phases or sessions might be
used.
❖ Faults are detected directly in inspection by
human inspectors, during their individual
inspections or various types of group sessions.
INSPECTION

❖ Identified faults need to be removed and their removal

also needs to be verified.
❖ The inspection processes vary, but typically include
some planning and follow-up activities in addition to
the core inspection activity.
❖ The formality and structure of inspections may vary,
from very informal reviews and walkthroughs, to fairly
formal variations of Fagan inspection
INSPECTION

❖ can be used throughout the development process,

particularly early in the software development
before anything can be tested.
❖ can be an effective and economical QA alternative
because of the much increased cost of fixing late
defects as compared to fixing early
TESTING

❖ Testing involves the execution of software and the

observation of the program behavior or outcome.
❖ If a failure is observed, the execution record is
then analyzed to locate and fix the fault(s) that
caused the failure.
TESTING:

❖ When can a specific testing activity be performed and

related faults be detected?
❖ What to check:
▪ external specifications (black-box)/functional
▪ internal implementation (white/clear-box)/structural
❖ When to stop testing:
▪ Coverage information (higher coverage information
means higher quality)
OTHER TECHNIQUES FOR DEFECT
REDUCTION

 Static:
 formal model analysis techniques
 Algorithm analysis, boundary value analysis, finite state machine,
control and data flow analysis, software fault trees etc.

 Dynamic:
 Simulation and prototyping
DEFECT CONTAINMENT

3. Defect containment through failure prevention and

containment
 Containing the failures to local areas
 Limiting the damage
 Two generic ways:
 Fault tolerance techniques to break the causal relation between local faults and global
failures( recovery blocks, NVP etc)
 Failure Containment measures to avoid catastrophic consequences when the failure does
occur.
FAULT TOLERANCE

1. Recovery blocks
2. NVP
RECOVERY BLOCKS

Recovery blocks use repeated executions for fault tolerance.

❖ If dynamic failures in some local areas are detected, a portion of the latest
execution is repeated, in the hope that this repeated execution will not lead to
the same failure.
❖ So, local failures will not propagate to global failures, although some time-delay
may be involved.
RECOVERY BLOCK MECHANISM
N- VERSION PROGRAMMING

❖ uses parallel redundancy, where N copies, each of

a different version, of programs fulfilling the same
functionality are running in parallel.
DEFECT/FAILURE CONTAINMENT

❖ Cannot eliminate software defects completely

❖ The remaining faults may be triggered under rare
conditions or unusual dynamic scenarios
❖ Contain the failures by reducing the resulting
damage
SAFETY ASSURANCE & FAILURE CONTAINMENT

❖ Develop ability to prevent accidents from happening,

❖ Accident is a failure with a severe consequence
❖ Even low failure probabilities for software are not tolerable
in some systems
❖ In addition to the already QA techniques, various specific
techniques are also used for safety critical systems
 SAFETY ASSURANCE & FAILURE CONTAINMENT

Hazard Elimination:
❖ Through substitution, simplification, decoupling, elimination
of specific human errors,
❖ Reduction of hazardous materials or conditions.
❖ These techniques reduce certain defect injections or
substitute non-hazardous ones for hazardous ones
SAFETY ASSURANCE & FAILURE CONTAINMENT

Hazard Reduction:
❖ Through design for controllability (for example, automatic
pressure release in boilers)
Hazard control:
❖ Through reducing exposure, isolation and containment (for
example, barriers between the system and the
environment)
SAFETY ASSURANCE & FAILURE CONTAINMENT

Damage control:
❖ Through escape routes, safe abandonment of products and
materials, and devices for limiting physical damages to
equipment or people.
REFERENCE

For further details study chapter 3 “Quality assurance” of the following book.
Book: Software Quality Engineering, Testing, Quality Assurance and Quantifiable
Improvement by Jeff Tian.