Answers to Study Questions -- Chapters 1 and 3


What are the four important attributes which all software products should have ? Suggest four other attributes of software that you think are important for software engineering. Solution notes: For important attributes are maintainability, dependability, performance and usability. Other attributes that may be significant could be reusability (can it be reused in other applications), distributability (can it be distributed over a network of processors), portability (can it operate on multiple platforms) and inter-operability (can it work with a wide range of other software systems). Decompositions of the 4 key attributes e.g. dependability decomposes to security, safety, availability, etc. are also possible answers. 6.

Solution notes: Maintenance becomes difficult, because the only way to understand the product as a whole is to read the source code of the entire product. Also, the sole documentation on an individual module is the source code of that module. In addition, lack of documentation means that the chance of a regression fault increases. Explain what is wrong with the notion that software engineering is too time consuming and interferes with a programmer's productivity. Solution notes: Producing a lot of code quickly is not the object of software development. The software needs to perform correctly or it will need to be rewritten. Most software products must be maintained for many years after they are developed, the time spent documenting a program and planning for changes is easily justified over the product's lifetime. Studies have shown the later a change is introduced in the development process, the more costly it is to implement. Why are evolutionary models considered by many to be the best approach to software development in a modern context? Solution notes: Because time lines for the development of modern software are getting shorter and shorter, customers are becoming more diverse (making the understanding of requirements even harder), and changes to requirements are becoming even more common (before delivery), we need a way to provide incremental or evolutionary delivery. The evolutionary process accommodates uncertainty better than most process models, allows the delivery of partial solutions in an orderly and planned manner, and most importantly, reflects what really happens when complex systems are built. Answers to Study Questions -- Chapters 5 and 6

7. 2. Giving reasons for your answer based on the type of system being developed, suggest the most appropriate generic software process model which might be used as a basis for managing the development of the following systems: o a system to control Anti-lock braking in a car; o a virtual reality system to support software maintenance; o a university accounting system o an interactive railway timetable System Solution notes: Anti-lock braking system: Safety-critical system so method based on formal transformations with proofs of equivalence between each stage. o Virtual reality system: System whose requirements cannot be predicted in advance so exploratory programming model is appropriate. o University accounting system: System whose requirements should be stable because of existing system therefore waterfall model is appropriate. o Interactive timetable: System with a complex user interface but which must be stable and reliable. Should be based on throwaway prototyping to find requirements then either incremental development or waterfall model. Explain how both the waterfall model and prototyping model of the software process can be accommodated in the spiral model. Solution notes: The waterfall model is accommodated where there is a low specification risk and no need for prototyping etc. for risk resolution. The activities in the 2nd quadrant of the spiral model are skipped. The prototyping model is accommodated when the specification phase is limited and the prototyping (risk resolution) phase predominates. The activities in the 3rd quadrant of the spiral model are skipped or reduced in scope. 4. Explain why a software system that is used in a real-world environment must change or become progressively less useful. Solution notes: Systems must change because as they are installed in an environment the environment adapts to them and this adaptation naturally generates new/different system requirements. Furthermore, the system's environment is dynamic and constantly generates new requirements as a consequence of changes to the business, business goals and business policies. Unless the system is adapted to reflect these requirements, its facilities will become out-of-step with the facilities needed to support the business and, hence, it will become less useful. 5. Due to a fire accident, all documentation for a product is destroyed just before it is delivered. What is the impact of the resulting lack of documentation ?



Explain why it is desirable to draw a distinction between a requirements definition and a requirements specification. Solution notes: The requirements definition describes the software from the end-user's view whereas the requirements specification has details of interest to technical people. Since there are these different constituencies who may read the requirements we want to accommodate both groups. By providing a relatively high-level conceptual description we can allow endusers or client management to find out what will be provided. When it comes to specifying lower-level details we want to be much more precise to cater to the technical people on both sides.



Discuss ambiguities or omissions in the following statement of requirements for part of a ticket issuing system. An automated ticket issuing system sells rail tickets. Users select their destinations, and input a credit card and a PIN. The rail ticket is issued and their credit card account charged with its cost. When the user presses the start button, a menu display of potential destinations is activated along with a message to the user to select a destination. Once a destination has been selected, users are requested to input their credit card. Its validity is checked and the user is requested to input a PIN. When the credit transaction has been validated, the ticket is issued. Solution notes: Ambiguities and omissions include:

o o o o o

Can a customer buy several tickets for the same destination together or must they be bought one at a time? Can customers cancel a request if a mistake has been made? How should the system respond if an invalid card or PIN number is input? What happens if customers try to put their card in before selecting a destination (as they would in ATM machines)? Must the user press the start button again if they wish to buy another ticket to a different destination?


Should the system only sell tickets between the station where the machine is situated and direct connections or should it include all possible destinations? Using the technique suggested here where natural language is presented in a standard way, write plausible user requirements for the following functions: o A unattended petrol pump system that includes a credit card reader. The customer swipes the card through the reader, then specifies the amount of fuel required. The fuel is delivered and the customer's account debited. o The cash dispensing function in a bank ATM. o The spell checking and correcting function in a word processor. Solution notes: 1 . Fuel delivery system 1.1 The system should provide an unattended fuel delivery service where a specified amount of fuel is delivered to customers, The cost is deducted from the customer’s credit card account. 1.2 The sequence of actions to dispense fuel should be: 4. 5. 6. The customer selects the type of fuel to be delivered. The customer inputs either a cash limit or a maximum amount of fuel to be delivered The customer validates the transaction by providing credit card account details. Rationale: The amount of fuel allowed depends on the credit limit but customers may wish to ‘fill up’ rather than have a specified amount of fuel. By specifying a maximum, the system can check if credit is available. Note that the definition does not set out how credit card details should be provided. 4. 7. 8. The pump is activated and fuel is delivered, under customer control. The transaction is terminated either when the pump nozzle is returned to its holster for 15 seconds or when the customers fuel or cash limit is reached. Rationale: Termination should not be immediate when the nozzle is returned as the customer may wish to restart the transaction e.g. to fill a fuel can as well as the car fuel tank. If a pump display is available, it may be appropriate to issue a ‘Please wait for your receipt’ message. 9. A receipt is printed for the customer. 10. The fuel stock is updated. Specification: PUMP_SYS/FS. Section 1


13. If the amount breaches either of these limits, then a message is issued which tells the customer of the maximum amount allowed and the transaction is cancelled. 14. If the amount is within limits, the requested cash should be dispensed 15. The customer’s account balance and daily card limit should be reduced by the amount of cash dispensed. Specification: ATM/Customer functionality/FS. Section 2.1 7.2 Spell checking 7.2.1 The system shall provide a user-activated facility which checks the spelling of words in the document against spellings in the system dictionary and user supplied dictionaries. 7.2.2 When a word is found in the document which is not in any dictionary, a user query should be issued with the following options: 16. 17. 18. 19. 20. Ignore this instance of the word Ignore all instances of the word Replace the word with a suggested word from the dictionary Replace the word with user-supplied text Ignore this instance and add the word to a specified dictionary

7.2.3 When a word is discovered which is not in the dictionary, the system should propose 10 alternative words based on a match between the word found and those in the dictionaries. Specification: NewWP/Tools/FS. Section 7.2

Describe three different types of non-functional requirements that may be placed on a system. Give examples of each of these types of requirements. Solution notes: There are many possibilities here. Some suggestions are given below

2 . Dispensing cash 2.1 The system must provide a facility which allows a specified amount to cash to be issued to customers. The amount is requested by the customer but the system may reduce this amount if the customer’s daily limit or overdraft limit is reached. 2.1.1 The sequence of actions to dispense cash should be: 11. The customer inputs the amount of cash required 12. The system checks this against daily card limits and the customer’s overdraft limit.

data which the viewpoint might provide and events which control the delivery of these services. Library users have been separately identified as browsers and searchers as these operations typically require different types of services. title. o The software must be developed in such a way that it can be used by inexperienced users. only the date being processed by transactions current at the time of failure may be lost. The maximum response time for any user request should be 2 seconds. o Potential employers of students (who may require information from the system). Rewrite the following requirements so that they may be objectively validated. o The software system should provide acceptable performance under maximum load conditions. Identify the principal viewpoints which might be taken into account in the specification of this system and show their relationships using a viewpoint hierarchy diagram.Version 3. Events: Delivery of copy of new book order Delivery of new book Implementation The system design must be developed using an object-oriented approach based on the UML process. A software system is to be developed to automate a library catalogue. response time to user requests. those responsible for installing and maintaining the computer system are a viewpoint as well as library staff and library users. querying. Solution notes: Some possible rewrites are: o o o The response of the software system should always be less than 2 seconds to any user request. Usability Defines requirements which relate to the usability of the system by end-users. Solution notes: The viewpoints are given below.e. number of transactions processed per second. All operations which are potentially destructive must include an undo facility which allows users to reverse their action. Safety Safety requirements are concerned with the overall safe operation of the system. Solution notes: The stakeholders in a student records system include: Performance o University central administration including those responsible for registration. Defines specific standards or methods which must be used in the development process for the system. there should be a minimal loss of data. The system interface should be based on the ASCII character set and should not include non-ASCII characters. This system will contain information about all the books in a library and will be usable by library staff and book borrowers and readers. o If the system should fail in operation. o The system interface should use a character set as available on the standard terminal. The system must process at least 150transactions per second.g. If the system fails. These may be expressed in different ways depending on the type of system e. author. o The students whose details are recorded in the system. o Academic staff who use information from the system.Non-functional Requirement Description Examples o Reviews should be held and documented as defined in process standard 123. The system must be implemented in C++. and should provide facilities allowing users to send messages to library staff reserving a book which is loan. Explain why it is almost inevitable that the requirements of different stakeholders will conflict in some ways. Note that system management (i. examinations and assessment and graduation. Suggest who might be stakeholders in a university records system. o University departmental administrators who supply information to the system and use information from it. Solution notes: Possible viewpoints are: Viewpoint: Cataloging staff Services:Add book to catalogue Delete book from catalogue Amend classification details Find catalogue entry Check entry Data provided: Book details such as ISBN. etc. 7. etc. payment of fees. o Goto statements should not be used in any programs. You may make any reasonable assumptions about the requirements.0. o The time taken by users with no previous system experience to Performance requirements set out limits to the performance expected of the system. (This is an example of a functional requirement which is associated with a nonfunctional requirement) All operations which are potentially destructive must be highlighted in red in the system user interface. suggest services which might be provided to that viewpoint. The system should support catalogue browsing. o Data protection officers (local and national). date of publication. 5. (How do you measure this one?) 6. The system must be certified according to Health and Safety Regulations XYZ 123. All Viewpoints | | ----------------------------------------------------------| | | | | | System Library Library Management staff users | | | | -------------------------------------------------| | | | | | | | | | | | Library Cataloging Database Library Browsers Searchers Management Staff Administrator Assistants 8. For three of the viewpoints identified in the library cataloguing system. o Structured programming should be used for program development. . learn to use 75% of the system facilities should be less than 2 hours. o The software development process used should ensure that all of the required reviews have been carried out.

One possible model is shown below 4. I show a simple one below with only two levels. Draw state machine model for a CD-player. 5. Based on your experience with a bank ATM. Solution notes: One possible model of the data processing is shown below. A three-level .Chapters 7 and 8 1. Solution notes: Important non-functional attributes for the cataloging services might be: 3. Answers to Study Questions -. Solution notes: o o o Availability (because the system may be required at any time) Security (because the books data base musn’t be corrupted) Efficiency (because the system must respond quickly to each transaction) For the browsing services. Draw a context model for a patient information system in a hospital. Solution notes: There are obviously many different possibilities here depending on exactly what systems are included. draw a data-flow diagram modelling the data processing involved when a customer withdraws cash from the machine. Draw state machine model for an answering machine Solution notes: 2. Note that this DFD has to include some control data as this is an event-driven system. Develop an object model including a class hierarchy diagram and an aggregation diagram showing the principal components of a PC and its system software.Delivery of classification error form Delivery of request to delete book from stock Viewpoint: Browsers Services:Show classification structure Show library organisation Select item for browsing Show related items Display book details Data provided: Classification code Book title and author Events: None (not an event driven activity) 9. You may make any reasonable assumptions about the other hospital systems which are available but your model must include a patient admissions system and an image storage system for X-rays. Solution notes: There are many possible organizations for the class hierarchy. For the services identified in the above question. There are other alternatives depending on the details of the system. identify what might be the most important nonfunctional constraints. usability is also very important as these services should be easy to use without extensive training.

} 6.. } class ArticleStock { . OrderPosition giveOrderPos() { ..giveArticle()..reserve(art.. class OrderPosition { . void reserve(Article article.num) } .. Article giveArticle() { . } .giveOrderPos(). } class Order { .. The aggregation diagram shows the part-of relationships between objects... .. } int giveNumber() { .. further decomposition of the lowest level is possible... This is shown in Figure 7. Consider the following Java code and draw a sequence diagram to show the execution scenario of reserve(o) in ArticleReservation class. } ..giveNumber()... } .4.. int num = opos. Article art = opos.hierarchy would also be OK but more than that would be too much.... void reserve(Order order) { OrderPosition opos = order. Obviously. as. int number) { . class ArticleReservation { ArticleStock as....

Suggest difficulties that might arise when prototyping real-time embedded computer systems. Solution notes: Project planning can only be based on available information. o Develop the system using evolutionary prototyping with a prototyping language such as Smalltalk. the prototype is likely to be much more expensive to maintain (and will probably have to be scrapped after a relatively short time) and may not be reliable as a properly-engineered system. The process structure may also have to be prototyped and this may be impossible if the prototyping language does not include concurrent programming facilities. . o o o Fast development and rapid feedback from users. Solution notes: The problem which you are likely to face here is that customers have immediate requirements for a system and may be willing to accept long-term costs in return for short-term advantage. These problems can be partially addressed by also prototyping the hardware using a simulator. Prototyping reliability requirements is very difficult. You may wish to draw up some written agreement where you make clear that you do not take responsibility for system problems. and by using a model of time which corresponds to real-time but which is many times slower. there are no problems in delivering the prototype. Under what circumstances would you recommend that prototyping should be used as a means of validating system requirements ? Solution notes: When a system that is new or unfamiliar to the organisation is being developed. In those circumstances. it is recommended that prototypes should be "throw-away" prototypes. Answers to Study Questions -. At the beginning of a project. requirements stakeholders do not know what they require and appreciate the guidance they can get from a prototype system.} Solution notes: 7. it is a common criticism of programmers that they lack human communication skills) so it does not follow that good programmers can re-orient their abilities to be good managers. of course. she suggests that there is no need to develop another system but that you should deliver the prototype and offers an excellent price for the system. 8. large systems usually have a long lifetime and the problem with evolutionary prototyping is that it often leads to a system structure that is corrupted by change and is consequently hard to maintain. you should try to quantify the maintenance costs which are likely to be involved and warn the customer of the short lifetime of the system. 10. Modify the system accorind to the user's requests and deliver the modified prototype. Furthermore. more and more information becomes available and uncertainties are resolved. Readily adapted to evolving requirements. Likely to result in reasonable requirements. organisational skills and the ability to communicate with other project team members. However. 2. If possible. Known management strategy. Throwaway prototypes can be used to help develop and validate these requirements to increase confidence that these are appropriate. Evaluate this prototype then review requirements. should always be able to have what they are willing to pay for and. You know that there may be future problems with maintaining the system.1. You may find it helpful to base your answer on the list of management activities given in Sommerville's section 4. However. Discuss how you might respond to this customer. Rapid system delivery. Likely to be unstructured causing future maintenance problems.Chapters 4 and 22 o o o o o o 1. Solution notes: Large systems are usually developed by different teams and these require a common reference framework (the system requirements) for developing the system. Explain why the best programmers do not always make the best software managers. as a professional it is important that you make clear the problems which the customer is likely to face with the system and emphasise that the system was intended as a demonstrator rather than a finished system. You have developed a throw-away prototype system for a client who is very happy with it. As the project develops. for large systems development. Solution notes: Problems in prototyping real-time systems resolve around the fact that such systems must often interact with hardware (which may be unavailable). Lack of standards for portability etc. Solution notes: Management activities such as proposal writing. if an evolutionary approach to development is used then it is difficult to partition increments across the different teams that are involved in the system. Programming skills are distinct from these (indeed. A software manager is involved in a project development of a software design support system which is is intended to assist with the translation of sofware requirements to a formal software specification. In the long-tern. Develop using C and X-windows o o o Fewer problems with training. Explain why the process of project planning is an iterative one and why a plan must be continually reviewed during a software project. Requirements likely to be wrong so needs post-delivery modification. However. Needs multiple development languages. Evolutionary prototyping Fast feedback from users. project planning and personnel selection require a set of skills including presentation and communication skills. Explain why. The project plan therefore must be reviewed and updated regularly to reflect this changing information environment. Develop the final system using C and X-windows. o Develop the system from the existing requirements using C and X-windows then modify it to adapt to any changed user requirements. The system must run on a personal computer but may be developed on another system and ported to that machine. Three possible development strategies are: o Develop a throw-away prototype using a prototyping language such as Smalltalk. if there is no financial loss to the developer. Comment on the advantages and disadvantages of each of these development strategies. Solution notes: Throw-away prototyping o Costs more. Customers. there are many uncertainties in the available information and some information about the project and the product may not be available. Hard to manage. 9. 11. have timing requirements which cannot be replicated in a prototyping language and have very high reliability requirements.

Estimation: The difficult of the software is underestimated. T14 T15 4. Requirements: New non-functional requirements are introduced that require changes to the system arhcitecture. Solution notes: Other possible risks are: o o o o Solution notes: o o Technology: Communications network saturates before expected transaction limit is reached. the availability of alternative local employment. Tools: CASE tools cannot handle the volume of data available for large systems. do they have babies which don’t sleep well. Draw and activity chart and a bar chart showing the project schedule. Task T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 Duration (days) 10 15 10 20 10 15 20 35 15 5 10 20 35 10 20 10 Dependencies T1 T1. are people single parents. What factors might be significant in your decision? Solution notes: Issues which might be covered include the problems of finding a balance between family life and organisational demands. T9 T12.3. particular personal circumstances (e. T4 T3 T7 T6 Task bar chart T5.) Activity Chart . Discuss whether you should accept this demand from your manager or whether you should persuade your team to give their time to the organisation rather than their families.g. You are asked by your manager to deliver software to a schedule which you know can only be met by asking your project team to work unpaid overtime. T2 T3. All team members have young children. T9 T9 T10 T3. In addition to the risks shown in Figure 4. This perhaps implies working the number of hours required to complete some job but also implies that engineers should have a degree of autonomy about how they arrange their working lives (e.12. identify six other possible risks which are likely to arise in software projects. People: Level of skill of available people is lower than expected. the general company culture and attitude. etc.g. durations and dependencies. Organisational: Organisational changes mean that the project schedule is accelerated. The table below sets out a number of activities. 5. whether or organisations should expect people to behave as professionals. they may choose to work from home or their own working hours). T4 T8. Factors which affect this decision might be the financial state of the company.

if the group leader does not promote a culture of openness. Solution notes: Divide group into two namely those with previous experience of an imperative programming language and those without. CP and deputy do most of the design work with the remainder of the team doing routine tasks. Of course. Solution notes: A major advantage of having a true wizard in the team is that he may boost team productivity. If information is hidden. As a training manager. Senior management have given you an open-ended budget and you may choose a project team of up to five people from any other projects going on in the company. The trainees may be computer science graduates. recognise that this takes priority over other individual objectives. 8. Outline how you would go about explaining the advantages of formal specifications to sceptical. This is a particular problem when the person hiding the information is the group leader . If you try and teach both at one. individuals are much more likely to be able to keep this common objective in sight and to work together to solve the problems. If you try and teach semantic knowledge when its already known it is boring. then they will not be suspicious. Technical issues may get too much emphasis. the chief programmer is very highly skilled along with a deputy and an administrator. Other team members may profit from his knowledge and increase their own knowledge and skills. However. it is confusing. if people know that the information is there if they need to know it. Some but not all of the trainees have previous programming experience. working in the same area. generally. all members participate in decision make and share out the work by consensus. Describe two models of programming team organisation that might be used in this situation and make a choice of one of these models.Chapters 9 and 10 1. Solution notes: Advantages of letting people rotate between projects from different application domains are: o o o o Their "stock" of useful knowledge chunks increases. Critical problem so a democratic team brings a wide variety of expertise to it. Give reasons for your choice and explain why you have rejected the alternative model. The productivity and quality of their work increases as their knowledge of that domain grows. since their work has to be handed over to other people. Specialist help is drafted in as required. Although productivity can be as high or higher than with democratic team. a rival company. 9. Solution notes: In a cohesive group. 10. Answers to Study Questions -. They are more easily led to properly document things. This holds especially if the previous point is not adequately dealt with. which was designed for defence systems programming. Information hiding is important. Chief programmer makes all the decisions. none have previous experience in Ada. 2. is actively recruiting staff and several staff working for you company have left to join them. When there is good information exchange and a culture where problems and difficulties are shared. Explain how you would structure the programming training for this group of graduates. In a democratic team. this doesn’t mean that everyone has to know everything. you are responsible for the initial programming language training of a new graduate intake to your company whose business is the development of defence aerospace systems. The team may easily loose itself in beautiful technical solutions to problems that are hardly relevant to the users. the specification could be structured in some other way but then there is a problem of mapping the specification to the system structure. You are a programming manager who has been given the task of rescuing a project that is critical to the success of the company. Explain why keeping all members of a group informed about progress and technical decisions in a project can improve group cohesiveness. it is important to focus on what it brings to the . In a chief programmer team. since they are regularly confronted with new challenges. You have been given the task of 'selling' formal specification techniques to a software development organization. teach the other group concepts before confusing them with syntax. engineers or physical scientists. Proper procedures regarding documentation and configuration control may be discarded. Reason is because of knowledge organisation which separates syntactic and semantic knowledge. Of course. there is a tendency for people to think that those hiding the information are doing so because of personal objectives and so they are seen as not being a subscriber to the overall group objective. This serves to structure the specification as well as the system. Solution notes: Possible team models are democratic team and chief programmer team. all members have the same fundamental objective and. Teach the experienced group CHILL syntax by reference to known concepts such as assignments etc. the fact that a rival company is actively recruiting means that the loss of the CP or his/her deputy could critically damage the project. o The project may get into serious trouble if this person leaves the team. Chief programmer team should be rejected because it is too high risk. Discuss the pros and cons of letting people rotate between projects from different application domains as opposed to letting them true experts in one particular application domain. Solution notes: To explain the advantages of formal specification to practicing engineers. an atmosphere of suspicion is likely to arise. From a management point of view. The principal programming language used is Ada. Potential disadvantages (which should be counteracted by proper management attention!) are: 7. team members with about the same experience can be found. discuss possible pros and cons of having a technical wizard in your development team. They become less easily dissatis_ed with their position. the best option is the democratic team because: The major advantage of letting people become true experts in a given application domain is their increased expertise within that domain. o A less disciplined mode of operation may result. However. In this case. since the team guru has all the necessary knowledge in his head. Suggest why the architectural design of system should precede the development of a formal specification. Solution notes: The architectural design is a means of structuring the system into (relatively) autonomous parts which can be separately specified using formal or other techniques.o 6. practicing software engineers. o Wide selection of staff available.

They also derive account information from a central database and update that database on completion of a transaction. Using your knowledge of ATM operation. Name) -> Type Delete (Symbol_table. 2. N_2) = if N_1 == N_2 then T else Lookup (S. Delete. 2].199) determine the meaning of the following expressions. Solution notes: SYMBOL_TABLE (Name. y) Tail ([42. T_1). N_1. TYPE This specification defines a sort Symbol_table as might be used in a compiler. The Enter operation fails if the name is already in the table. an element to be pushed onto the stack (Push). Make sure at each stage you say which axiom you are using (number the axioms from 1 to 6 in the order given). Type) -> Symbol_table Lookup (Symbol_table. N_1. Advantages that might be stressed are: 5. 1)). the Enter operation puts a symbol into the table. o Push: add an element to the stack. N_2. The Lookup. 99) (axiom 6) = [99] (defn of []) o Head (Tail (Cons ([1. 2)) (axiom 2) = 2 (axiom 2) An abstract data type representing a stack has the following operations: o New: bring a stack into existence. 2). 1). 42). T2) = if N_1 == N_2 then Enter (S. N_2) = if N_1 == N_2 then S else Enter (Delete (S. Solution notes: STACK (Elem) sort Stack imports BOOLEAN 6. p. N. 99)) (axiom 6) = Cons (Create. o Lookup: return the type associated with a name in the table. the account number and the users PIN. 2). T2). Name) -> Symbol_table Replace (Symbol_table. 3)) (axiom 6) = Head (Cons (Create. The ability to mix formal and informal specifications. N_2. Name. V)) = False An abstract data type representing a Symbol_table has the following operations: o New: bring a symbol table into existence. +----BankAccount-----------------------------------| | CustomerNumber: N | AccountNumber: N 3. the Delete operation removes a name. the Lookup operation discovers the type associated with a name. 1). Assume the sort TYPE has an associated Undefined value. N_2). T). T_1)) ATMs rely on using information on the user's card giving the bank identifier. 99)) (defn of []) = Cons (Tail (Cons (Create. There are many different possibilities here depending on how much information is maintained. card validation and cash withdrawal. Elem) -> Stack Top (Stack) -> Elem Retract (Stack) -> Stack Is_empty (Stack) -> Boolean Top (New) = Undefined Top (Push (S. The unambiguous specification of interfaces. the Top of the stack to be evaluated (Top). 3)) (axiom 6) = Head (Cons (Cons (Tail (Cons (Create. 3))) o Length (Tail (Cons ([1]. o Replace: replace the type associated with a given name by the type specified as a parameter. 3))))) Solution notes: [x. Solution notes: The Z schemas are shown below. 2)). 3)) (axiom 6) = Head (Cons (Cons (Create. 3. The detailed analysis of the requirements that is necessary to produce a formal specification. Is_empty (New) = True Is_empty (Push (S. This specification defines a sort called Stack which specifies an abstract data type. 3))) (defn of []) = Head (Cons (Tail (Cons (Cons (Create. 99]) o Head (Tail (Cons ([1. This results in the discovery and resolution of ambiguities and errors at an early stage in the process. 3))) = Head (Tail (Cons (Cons (Cons (Create. N) = Undefined Delete (Create. Create -> Symbol_table Enter (Symbol_table. type pair from the table and the Replace operation replaces the type associated with a name. T2) else Enter (Replace (S. This is one of the simplest which assumes that customers may not withdraw money if there is an insufficient cleared balance in their account (a cleared balance is where all cheques paid in to the account have been cleared for payment). the top of the stack to be removed (Retract) and the stack to be tested to see if it is empty. New -> Stack Push (Stack. The operations on the stack allow a stack to be created (New). write Z schemas defining the state of the system. 99]) = Tail (Cons (Cons (Create.practice of software development rather than on more abstract advantages such as the ability to mathematically analyze the specification. T). Using the axioms given in the algebraic specification of sort List (Sommerville Figure 9. It requires the specification of sorts Name and Type which are assumed to be defined in the specifications NAME and TYPE. N_1. o Enter: enter a symbol and its type into the table. Name. V)) = V Retract (New) = New Retract (Push (S. Type) -> Symbol_table Lookup (Create. Define this abstract data type using an algebraic specification. Interface problems are one of the major problems in system integration and a reduction in such problems can significantly reduce software costs. o Top: evaluate the top element of the stack.y] == Cons (Cons (Create. V)) = S 1. . o Retract: remove the top element of the stack and return the modified stack. N) = Create Replace (Create. o Tail ([42. N_2. The Create operation brings a symbol table into existence. T) Replace (Enter (S. T) = Create Lookup (Enter (S. Replace operations fail if the name is not in the table. 2). given a name as input. o 4. N_1. N_1) Delete (Enter (S. Head (Cons ([2]. o Is_empty: returns true if there are no elements in the stack.7. The whole system need not be formally specified but only those parts where most benefit can be gained. o Delete: remove a name-type pair from the table. N_1. x). 2]. 42). Type) sort Symbol_Table imports NAME. Define this abstract data type using an algebraic specification.

o a computer controlled video conferencing system which allows audio. o o o Ticket issuing system: The most appropriate architectural model is a centralized model with a shared repository of route and pricing information. etc. suggest an appropriate control model for the following systems: o a batch processing system which takes information about hours worked and pay-rates and prints salary slips and bank credit information. Answers to Study Questions -. Giving reasons for your answer. video server. . Solution notes: The most appropriate control models for the systems suggested are: o o o o Salary system: Call return model of control. The reason for this is the need for a lot of local processing to handle multimedia data. The centralized system also allows global information and route use to be collected and processed. Solution notes: There are two major problems encountered when modifying systems.| DateOpened: Date | DateClosed: Date | CustomerPIN: N | Balance: Money | ClearedBalance:Money | AvailabletoWithdraw: Money +--------------------------------------------------| DateOpened < DateClosed | ClearedBalance >= Balance | AvailabletoWithdraw <= ClearedBalance +--------------------------------------------------- 9. Explain why adopting an approach to design that is based on loosely coupled objects that hide information about their representation should lead to a design which may be readily modified. +----Validate--------------------------------------| __ | \/ BankAccount | Account? N | PIN?: N | TransactionOK!: boolean +--------------------------------------------------| Account? = AccountNumber | PIN? = CustomerPIN | TransactionOK! +--------------------------------------------------- +----Withdraw--------------------------------------| __ | \/ BankAccount | Amount?: Money +--------------------------------------------------| Amount? <= ClearedBalance | Amount? <= AvailabletoWithdraw | Balance' = Balance . Solution notes: The architecture may have to be designed before specifications are written to provide a means of structuring the specification and developing different sub-system specifications concurrently. Video conferencing system: The most appropriate is a clientserver model. suggest an appropriate structural model for the following systems: o an automatic ticket issuing system used by passengers at a railway station. Solution notes: Ticket issuing system: Should have a centralized database with sub-systems to handle communications. Understanding which entities in a program are logically part of some greater entity. 8. o Robot floor cleaner: Should include a centralized repository with sensors adding information to it. display clients. decision systems taking information from it and actuators using sensor information to move the machine. a change to one entity has an undesirable effect on some other entity. there is no real advantage in a client-server architecture. This reduces that probability that chances to one part of the system will have undesirable effects on some other part. As little local processing is necessary. Giving reasons for your answer. Make reasonable assumptions about the system requirements. o a television controller which responds to signal from a remote control unit. Each operation involves identifying particular options then calling subroutines to retrieve or compute the required information. Television controller: Centralized (polling) control model. 10.Amount? +--------------------------------------------------7. Tools need not know which other tools are available and this approach allows tools which operate on different types of computers to work together. Each ticket machine should be connected to this. o a set of software tools which are produced by different vendors but which must work together. video and computer data to be visible to several participants at the same time. These should include a floor controller. Design an architecture for the above systems based on your choice of model. o Video conferencing system: Should include a network with a range of clients/servers on it. It also provides protection for entities declared within objects so that access from outside the object is controlled (the entity may not be accessible. Also sub-systems for statistical processing. to allow manufacture of hardware by sub-contractors and to provide a model for system costing. would be. Ensuring that changes do not have unanticipated side-effects ie. This means that changes are immediately available to all machines. Robot floor cleaner: The most appropriate model is a repository model where all subsystems place information in the repository for other sub-systems to use. This is the most appropriate approach as there is no need for the very rapid response required from interrupt driven systems. Explain why it may be necessary to design the system architecture before the specifications are written. The cleaner must be able to sense walls and other obstructions. o a robot floor cleaner which is intended to clean relatively clear spaces such as corridors. 1. its name may be accessible but not its representation or it may be fully accessible). There are no unexpected events to be processed Software toolset: Broadcast model of control is most appropriate. a special kind of repository called a blackboard is normally used. 2. In the case of AI systems as this Object-oriented development helps to reduce these problems as it supports the grouping of entities (in object classes) so therefore simplifies program understanding. route information and price information. Solution notes: Here are some suggestions.Chapters 12 and 14 1.

In the real-world. PUBLISHER. Solution notes: Concurrent objects may be used in a system that you know will be distributed or in a real-time system where objects are associated with autonomous sensors or actuators. Drivers swipe their credit card through a reader connected to the pump. The driver may then take the fuel required. Solution notes: Objects in the group diary and time management system 3. we would need to add another characteristic to the object class such as OWNER. The set of values assigned to the object characteristics may distinguish that object from all other objects but need not do so. A group diary and time management system is intended to support timetabling of meetings and appointments across a group of co-workers. When an appointment is to be made which involves a number of people. design the following object classes identifying their attributes and operations. If no common slots are available. the system finds a common slot in each of their diaries and arranges the appointment for that time. the drivers credit card account is debited with the cost of the fuel taken. explain the difference between an object and an object class. Object Diary Attributes year weeks_of_year days_of_week time_slots access_permissions Operations make_appointment cancel_appointment move_appointment make_group_appointment find_free_slot reserve_slots book_slots free_slots display_diary check_slot_status 4. If the credit card is invalid.2. o a bank account o a library catalogue Solution notes: +--------------------+ +-------------------+ +---------------------+ | Telephone | | PC_Printer | | Library_Catalogue | +--------------------+ +-------------------+ +---------------------+ | status_on_off_hook | | paper_tray_pos | | publication_records | | number_dialled | | paper_level | | transactions | | phone_number_list | | toner_level | | date_created | | | | error_status | | date_updated | +--------------------+ +-------------------+ +---------------------+ | ring | | print | | search | | dial | | display(message) | | add_record | | re_dial | | self_test | | delete_record | | mute | | on_off | | edit_record | +--------------------+ +-------------------+ +---------------------+ +--------------------+ +-------------------+ | Bank_Account | | Personal Stereo | +--------------------+ +-------------------+ | account_number | | volume | Appointment time duration place participants reason diary check_time_slot User Objects in the fuel delivery system Object Pump Attributes fuel_dispensed price hose_status trigger_status fuel_type card_number card_type Operations activate deactivate deliver_fuel stock_update Card_reader read_card check_status . Under what circumstances might it be appropriate to develop a design where objects execute concurrently. 1. The real-time system should be a 'soft' real-time system normally as it is often difficult to compute deadlines when object-oriented programming is involved because of the unpredictable overhead when methods are called. o a personal stereo system. TITLE. A petrol station is to be set up for fully automated operation. An example of an object class is a BOOK which has attributes (characteristics) such as AUTHOR. Objects are specific instances in the real-world or in a system where values have been assigned to the characteristics defined in the object class. You may make any reasonable assumptions about these systems. o a printer for a PC. When the fuel is delivered and the pump nozzle is returned to its holster.R. | type_of_account | | tape_status | | balance | | tape_type | | transaction_list | | power_source | +--------------------+ +-------------------+ | open | | play | | close | | fast_forward | | give_balance | | rewind | | give_statement | | stop | | debit | | set_tape_type | | credit | | set_power_source | +--------------------+ +-------------------+ 5. DATE OF PUBLICATION etc. Krishna Rao TITLE: Termination Characteristics of Logic Programs EDITION: 1 PUBLISHER: Tata Institute DATE: 1993 If we wished to define a book object which was distinct from all other objects. Using examples. In programs. we only see objects and construct object classes as abstract entities. Solution notes: An object class is generic description of a set of entities (or objects) which have common characteristics and which are recognizably the same in some or all respects. Using the UML notation. Identify possible objects (along with their attributes and operations) in the following systems: 0. the card is verified by communicating with a credit company computer and a fuel limit established. we often only define object classes and construct objects whose lifetime is no longer than the execution time of the program. o a telephone. it is returned by the pump before fuel is delivered. The credit card is returned after debiting.K. it interacts with the users to rearrange their personal diaries to make room for the appointment. An example of an object or instance of this object class is the specific book: AUTHOR: M.

code provides: open. Price_table lookup amend_price 6. Solution notes: The cost savings from reusing components are the cost savings from not having to write that component. o a component that implements version management facilities (see Ch 29). o a component implementing a Bank account . get-versionattributes. create-new-branch. Objects are aircraft sub-systems e. Solution notes: Warehouse assistant using a parts branch. the larger the component. Using the example of an Inventory management family shown in Figure 14. modify-version-attributes. o Manager manipulating a financial database. keyboards in different countries have different key organizations and different character sets. Therefore. locations. etc. add_fuel remove_fuel send_card_number return_card_status Communication_system number_dialled credit_limit card_number card_type max_delivery price_table fuel_delivered fuel_prices System_controller 9. If performance is critical. However. o Policeman using a patrol car system. o a manager manipulating a financial database.rename provides: add-version. o an airline pilot using an aircraft safety monitoring system. close. it is desirable to have short cuts. delete-version. the cost of changing the system to accommodate it also becomes relatively less so cost savings are greater. For small components. . Objects are other cars. investments. file. suggest operations that have to be added or changed to support the recording of inventory items when the level falls below some specified number.card_status credit_limit Fuel_tank current_fuel_level print_receipt 8. Suggest situations where it is unwise or impossible to provide a consistent user interface. It is suggested in Section 15. bonds. Solution notes: Inventory management system New operations: Monitor to check the level of an item against a specified level. In such systems. keyrepeat-rate. etc.Chapters 15 and 16 Answer questions 1. these reuse costs may actually be greater than the costs of rewriting the component so the cost savings are relatively small unless the component is very complex and difficult to write. Suggest the possible requires and provides interfaces for the following components. Delete should not do the checking as this would not be consistent with the operation. the overhead of finding and understanding the component becomes relatively less so cost savings increase. modify-link-attributes 1. the greater the cost saving. o a component implementing a language-independent keyboard. change-set. get-key-code. there are costs of reuse from finding and understanding components to changing other parts of the system to accommodate the reused components. o Airline pilot using a safety monitoring system.1 that the objects manipulated by users should be drawn from their domain rather than a computer domain. Explain why the savings in cost from reusing existing software is not simply proportional to the size of the components that are reused. reuse benefits are not simply proportional to size but increase as the reused component becomes larger.delete. balance. Solution notes: Bank account requires: customer.9. key-repeat-delay Version-manager requires: diff. retrieve-version. make-link. click-toggle. 7. types of incident. customer. Furthermore. The first is knowing which patterns actually have been documented and then finding these patterns . stock. a pattern is something that should appear in more than one application).the time taken to do this can be significant. get-link-attributes. Answers to Study Questions -.address. then a special-purpose tailored approach to a problem will almost always be more effective. file. there is a wide imbalance between the extent of usage of different commands so for frequently used commands. interest rates. There are two problems with patterns for reuse. Order to place an order for a number of new items Modified operations: Delete to call Monitor whenever an item is canceltransaction Keyboard requires: character-map provides: set-language.g. The second is that patterns are by their nature generalizations so their performance is likely to be limited. file. then consistency is impossible. part numbers. Therefore. the range of situations where this can be reused and the flexibility in its use is obviously less for a COTS product. o a policeman using a patrol car control system. 10. account-number. Objects are parts. get-character. 12 and at least 3 (any) of the remaining questions. credit. However. Solution notes: A consistent user interface may be impossible to produce for complex systems with a large number of interface options. Unless all commands have short cuts. Therefore. it is easier and quicker to establish if the COTS product can be reused and to reuse it. Suggest appropriate objects for the following types of user and system: o a warehouse assistant using an automated parts catalogue. delete-link. Why are Patterns an effective form of design reuse ? What are the disadvantages to this approach to reuse ? Solution notes: Patterns are an effective form of design reuse because the reflect accumulated wisdom that has been collected over several applications rather than a single application (By definition. o 2. the larger the component. What is the difference between an application framework and a COTS product as far as reuse is concerned ? Why is it some times easier to reuse a COTS product than an application framework ? Solution notes: An application framework is typically a source code entity whereas a COTS product is often simply a black-box with an external interface. engine sub-system and their performance parameters. As the component size increases. 3. 7. Objects are stocks. etc. debit.

However. This increases the chances of acceptance of the system. ystem users may be completely unfamiliar with technology and may make almost any kind of error in using the machine. etc. Bells and whistles can be identified as such. The argument for monitoring. is that it allows behaviour to be tracked and the system improved for users. Without monitoring. Some system users are likely to be intimidated by many options. 3. 2. etc. use mathematical symbols. Depending on the users. What they like/dislike about them. 5. Formal description and analysis of user interface. and the user interface is seen as a layer on top of this (so. real-life examples that users feel comfortable with. Are these all text.g. and that it takes a long time before the users `see' anything. 7. Advantages include: user involvement from the start. Whether the user is familiar with and uses other word processors. o o o o The experience of the word processor user. discussing formal specifications with users is not easy. Different people may understand the meaning of icons in different ways. 6. The interface must minimise the number of possible errors and must be resilient to any possible error. What they felt about the way in which the menus (if any) were arranged. Solution notes: In general. o Some machines only support single transactions . The principal problems perceived by the word processor user. if users know of the monitoring they may change their behaviour so therefore secret monitoring is justified. Users may not be able to speak the native language of the country where the machine is installed. It can also be argued that it is the system and not the users that is being monitored. if. On the other hand. o 4. and only then the user interface. People feel more closely involved with the project and the resulting system. 7. Most users will want to use the system for very simple functions (e. o Manually constructed scenarios with prospective users. how to document the results. A major disadvantage of the iterative prototyping is that longterm quality aspects (maintainability) tend to be neglected. A major advantage of formal descriptions is that they allow for formal evaluation. however. It also allows for a clear separation of concerns in the architecture. o developing the UI after the functional parts of the system are completed and accepted by the users. System users may be infirm. o formally describing and analyzing the UI prior to concurrent with the system design. users are almost certain to become lost. o prototyping screen displays and iteratively enhancing them. quick results. they may expect to use it for a wider range of banking services. Solution notes: Advantages are "at a glance" magnitude indication and relative magnitude indication. The biggest disadvantage is that the result need not match the real user needs. Iterative prototyping. expressed in the language of the user. the users are all employees of the same organisation then the situation is more difficult and monitoring may be permitted (see cases where employees who have downloaded pornography from the web have been sacked. If they used keyboard shortcuts. it remains to be seen whether the user interface requirements can be sufficiently captured formally.there is no way of saying I will be making several transactions and the same validation process is applicable to all of them. Discuss the pros and cons of the following approaches to UI development: o discussing manually constructed usage scenarios with prospective users. any improvements are simply guesses. Solution notes: There are many different ATM interfaces so each must be considered separately. Possible disadvantages include: the extent to which the scenarios cover everything needed. this approach has definite advantages when it comes to control progress. the process need not converge. o Whether they used the mouse or the keyboard to issue commands. Also. If the system has navigation options. no rework is needed because of wrong functionality). Develop functional parts first. Even MacOS which has attempted to be as consistent as possible has inconsistent operations that are liked by users. 6. Solution notes: The questionnaire should include questions which cover: o o 4. it is arguable whether monitoring is ethical at all in that individuals have a write to privacy and this includes how they use systems. which did they use? Did they have problems with these? Discuss whether it is ethical to instrument software without telling endusers that their work is being monitored. to delete a file it is dragged to the trash but dragging a disk image to the trash does not delete it but unmounts that disk. Design a questionnaire to gather information about the user interface of some tool with wihich you are familiar. and most developers are not familiar with formal techniques. Discuss the advantages of graphical information display and suggest four applications where it would be more appropriate to use graphical rather than digital displays of numeric information. Furthermore. An example of such a system is an operating system interface. Functionality is decided upon first. and the scenarios tend to be simple ones. From a managerial point of view. 3. . I do not think that it is ethical to monitor users without telling them that they are being monitored and without telling them the purpose of the monitoring.It may also be the case in complex systems that the entities manipulated are of quite different types and it is inappropriate to have consistent operations on each of these types. Some example problems are: When is it possible to cancel a transaction? What happens when I do so? What will I have to re-input if I restart the transaction? o There is not usually any way of saying give me the maximum amount of money I may withdraw today. What factors have to be taken into account when designing a menu-based interface for "walk-up-and-use" systems such as bank ATM machines? Write a critical commentary on the interface of an ATM that you use. What facilities they used most. If the users are members of the general public then I believe that this should hold. Real user requirements can (only) be identified when users have had the opportunity to work with the system. no big investments needed. withdraw cash from an ATM) and will want to do this as quickly as possible. o Where they felt that they made mistakes when using the system. o o o o o o 5. include text and graphics. The advantages include: The resulting system is more likely to fit real user needs. it is difficult to include dynamics. or disabled so will not be able to respond quickly to requests. The types of documents he/she produces. For example. Solution notes: Factors to be taken into account when designing 'walk up and use' systems are: 1. as users gain familiarity with the system. of course. Any applications where these are important might be mentioned: Temperature control Speed indicators Weather statistics Relative comparisons of cars. while working on the user interface.

explain the differences between an attack and a threat. 13. In computer security terms. An attack can lead to a threat if the exploitation of the vulnerability leads to a threat. Solution notes: An attack is an exploitation of a system vulnerability. o a Management report generator. Solution notes: Possible domestic appliances that may include safety-critical software include: Microwave oven Power tools such as a drill or electric saw Lawnmower Central heating furnace Garbage disposal unit Food processor or blender 11. An undependable system may lose or damage valuable data. it must be replaced or repaired before normal system services can be resumed. Most hardware system failures are a result of component failures due to faulty manufacture or because a component has come to the end of its normal life. o a system to control a refrigeration unit. users of a system have not normally read the system specification but have a set of expectations about what they expect from the system that is based on their past experience. The system may be in breach of laws on consumer protection and the fitness of goods for purpose. o a word processor. o a system which monitors patients in a hospital intensive care unit. The problem is compounded because different users use the system in different ways so a system may meet one user's expectation but not another's.Chapters 17 and 18 1. o a system to control braking in a car. then they may see the system as unreliable. Explain why ensuring system reliability is not a guarantee of system safety. The chosen . System failure may lead to a loss of business. formally. Further complications arise because the specification may be incorrect or incomplete. 12. 1. Suggest 6 reasons why dependability is important in critical systems.8. Why is it sometimes inappropriate to use hardware reliability metrics in establishing software systems reliability? Illustrate you answer with an example. o an automated Vending machine control system. Solution notes: System Solution notes: Possible hazard is delivery of too much radiation to a patient. If the software component fails in one specific circumstance then cash may not be delivered in that case but delivery could resume with the next transaction. However. 3. 4. This can arise because of a system failure where a dose greater than the specified dose is delivered or an operator failure where the dose to be delivered is wrongly input. Give reasons for your choice of metric. Possible software features to guard against system failure are the delivery of radiation in increments with a operator display showing the dose delivered and the requirement that the operator confirm the delivery of the Reliability metric Availability Suggested value System should be unavailable for less than 20 minutes Rationale Patient monitoring system The system needs to be continuously available as patients may be admitted or discharged at any time. To get you kick started. 10. some attacks can be successful but do not lead to threats as other system features protect the system. If the specification does not explicitly exclude dangerous behavior then a system can be reliable but unsafe. An example might be a bank teller system which includes a hardware component to open the door to deliver cash and a software component to deliver signals to that door. Alternatively. A threat is a circumstance that has the potential to cause loss or harm. 2. To reduce the probability of operator error. two different operators could be required to independently input the dose before the machine could operate. When the hardware component fails. Identify six consumer products which may contain. the whole system is out of action until that component is repaired. 9. they may see it as unreliable even if it is meeting its specification. Solution notes: Six reasons why dependability is important are: Users may not use the system if they don't trust it. Therefore. explain the difficulties of describing what software reliability means. Using an example. However. their training and what they've been told about the system. next increment. there could be a feature that requires confirmation of the dose to be delivered and that compares this to previous doses delivered to that patient. if the system behaves in a way that is different from their expectations. suggest one hazard that may arize and propose one software feature that may be used to ensure that the identified hazard does not result in an accident. An undependable system may damage its external environment. The component can continue to deliver normal service without repair. Solution notes: The problems of describing what reliability really means arise because. Hardware metrics such as "mean time to failure"are based on component life times and therefore cannot be applied directly to software systems. Suggest appropriate reliability metrics for the following classes of software system. In a medical system that is designed to deliver radiation to treat tumors. A possible example is a new release of an existing system where users expect features to be the same as in previous versions. an example is a microwave. most software failures are transient and are a consequence of design errors or timing problems. 5. Answers to Study Questions -. 2. or which may contain in the future. reliability is measured with respect to some specification (a system is reliable if it meets its specification). If these have changed. Solution notes: Ensuring system reliability does not necessarily lead to system safety as reliability is concerned with meeting the system specification (the system 'shall') whereas safety is concerned with excluding the possibility of dangerous behavior (the system 'shall not'). 0. Once a component has failed. The reputation of the company who produced the system may be damaged hence affecting other systems. This would not be revealed in a reliability testing process where the test set was derived from the specification. safety-critical software systems. Therefore. However. the system may fail in some way and therefore be seen as unreliable. Solution notes: It is not usually appropriate to use hardware reliability metrics because of the different types of failure which normally occurs in hardware.

A safety Critical System for treating cancer patients has two principal components: o a radiation therapy machine that delivers controlled doses of radiation to tumor sites. Comparison with delivery site in previous treatment. increased affluence so that safety protection that was once thought to be too expensive is now feasible and because of the influence of the media when reporting accidents and disasters. Discuss the possible contribution of o strongly-typed languages o goto-less programming. 6. If the maximum daily dose has already been set by the user then the new daily dose should be no more than 1. o a treatment database which includes details of the treatment given to each patient. Identify four hazards that may arise in this system. Patient asked to verify name. for negative dosages). For each hazard. Explain why the boundaries in the risk triangle (Fig 17.g. Solution notes: Hazards: 2. 20 minutes per month 5. This all adds to the reliability of the resulting programs. Establishment of a maximum monthly dose which may never be exceeded. critical system functions can be taken over manually. Light used to illuminate site of radiation delivery. Highlighting of differences in operator display. Confirmation of dose to be delivered by operator. 4. Refrigeration unit control Availability Non-stop system but not critical. firstly. Feasibility checks (e. Force machine operator to verify list and database consistency before starting machine. Solution notes: The change of the boundaries of the risk triangle with time and social attitudes is a result of. If the back pressure from the needle assembly is more than XX then the system should shut down and issue an audible and text warning. Solution notes: Possible user errors are: Maximum daily dose set wrongly Maximum single dose set wrongly Failure to replace empty insulin reservoir Insulin reservoir improperly fitted Needle improperly fitted o Strongly-typed languages lead to more robust programs. o abstract data types. Faults are unlikely to cause severe disruption Software protection: Comparison with previous doses delivered. the user has to change the needle and insulin supply at regular intervals and may also change the maximum single dose and the maximum daily dose that may be administered. the user should be asked to input the changed values twice. and o procedures having precondition `true' to the construction of reliable software. . o object-oriented programming languages. assignments. are detected by the compiler.per month. Locking of machine until information is consistent. Illegal combinations in operands.25 and no less than 0. Suggest 2 user errors that may occur and propose safety requirements that would avoid these errors resulting in an accident. (this caters for blocked needles as well as improperly fitted needles). Not a critical system. 4.75 of the previous maximum daily dose.. Not a critical system. Maintain separate list of patients to be treated each day and correlate with patient databases. 3. Continuous visual display of dose being delivered. figure is acceptable because. Incorrect dosage of radiation computed Radiation delivered to the wrong site on patient’s body Data for wrong patient used to control machine Data transfer failure between database and therapy machine 1. Competitive pressures from manufacturers (Car A is safer than Car B) is also a factor in giving safety a higher profile. Short periods of failure are not a real problem as temperature takes some time to rise. 2. In the insulin pump system. 7. Duplicate communication channels between machine and database. Use of check digits and other error checking codes in the data. Faults are unlikely to cause severe disruption Examples of safety requirements to avoid these errors are: When the maximum dose and the maximum daily dose is changed. Management report generator ROCOF 1 fault/100 hours of use 3. actual parameters. 9. Failure acceptable in 1:5000 demands The software should never fail within the predicted lifetime of the system. The insulin reservoir case should be designed so that it is only possible to fit the insulin bottle the right way and the case should not close unless the bottle is properly seated. Dual display of information in therapy machine and database. suggest a defensive requirement which will reduce the probability that these hazards will result in an accident. if necessary. 5. Vending machine controller POFOD Not a critical system so relatively high failure rate is OK Braking system controller POFOD Very critical system. address and age before machine starts by pressing button. 4. Clerical typing errors often result in either type mismatches or undeclared objects as well. Accidents such as railway accidents receive a high media profile so there is consequently a lot of public and political pressure to introduce new safety features. Issue patient with a personal treatment card which is handed over to identify patient. Failure is unacceptable at any time. Word processor ROCOF Failures resulting in loss of data should not occur more than once per 100 hours of use. 3. Operator confirmation of site before machine can operate. 8.7) are liable to change with time and with changing social attitudes. etc. Solution notes: 6.

Furthermore. o There must be a way of distinguishing incorrect from correct states . are not important. The problem may be a numeric error which has not been explicitly trapped. Remaining defects are such that they are recoverable and a recovery function that causes minimum user disruption is available. o Abstract data types offer means for a clear description of the interfaces between the ADTs and the program using those ADTs. Discuss the differences between verification and validation and explain why validation is a particularly difficult process. this adds to the reliability of those programs. On the other hand. Discuss the following claim: `reliability assessment is more important than testing. reliability assessment helps to assess the operational quality of the system. 11. Therefore. Explain why it is not necessary for a program to be completely free of defects before it is delivered to its customers. Answers to Study Questions -. rather than having to tinker with existing code.telephone system where a problem in a call will result in disconnection and the system state being restored to before the call started. for instance because they are located in a piece of code that never gets executed. Why is backward fault recovery is used more often than forward fault recovery ? Give two examples of classes of systems where backward fault recovery may be used. we know that their use will never pose any problems. To what extent can testing be used to validate that the program is fit for its purpose? Solution notes: A program need not be completely free of defects before delivery if: 1. Also. program changes can often be accommodated through the addition of a new subclass. It has been suggested that the control software for a radiation therapy machine should be implemented using N-version programming. the mutual dependencies between program elements is decreased. Give two reasons why all the different system versions in an N-version programming may all fail in a similar way.' Can you think of reasons why both are needed ? Solution notes: Ultimately. thus adding to the reliability of the system as a whole. Examples . structures that are easier to comprehend and test. Increased complexity increases the probability of error Improvement in reliability in practice is limited because of the possibility of common errors made by different development teams. This increases possibilities for independent testing of program units and decreases mutual dependencies between program units. Solution notes: Verification is demonstrating conformance to the specification whereas validation is checking that the system meets the customer's needs. Thus. Recovery blocks are really a form of forward error recovery. rebuilding pointers in a list) and may involve re-reading data which has been input. Backward error recovery is more commonly used because it simply means restoring the state before the operation whereas forward error recovery requires that there is some alternative way of computing what the state should be. At a later stage. needs change as a system is developed so the needs as identified when the system was specified may be different by the time that the system is tested. 9. o Object-oriented programming languages offer the advantage that less code needs to be written because of explicit code sharing between program entities. Again. though. structures that are less complex. What pre-conditions must hold before forward error recovery can be implemented in a fault-tolerant system? Is forward error recovery possible in interactive systems ?` Solution notes: Forward error recovery involves setting the system state to a correct state which is comparable with (although perhaps a degraded form of) the state which would have been reached if the operation has terminated correctly. 10. o o There must be a function which can transform the state before the operation plus the given data to a correct state. both testing and reliability assessment are needed. and provides for systematic means to assess software quality. 8. Again. Faults that never show up. if started early on in the project. The pre-conditions that must hold are: 2.7. can help to prevent errors. The specification may be slightly ambiguous and interpreted wrongly by both teams. It would not be a good design strategy for this type of software. 2. Update transaction in a database where the transaction need not be committed if a fault has occurred. Goto-less programming leads to clearer program structures. Testing.Chapters 19 and 20 1. The problem with forward error recovery in interactive systems is the need (possibly) to re-read information. Solution notes: There may be a specification error which is reflected in both versions. o If procedures have precondition true and have been adequately tested in isolation. There is no need for high availability and the increased complexity and cost would make the overall cost of the machine too high. Solution notes: Backward error recovery restores system state to a known correct state which existed before the fault occurred. Remaining defects are minor defects that do not cause system corruption and which are transient i. Forward error recovery attempts to correct the damaged system stage and compute what it should have been using some other approach.g.e. This may not be replicated exactly. a system that meets one user's needs may not meet the needs of a different user. Undo in a word processor or other editing system is another example. Comment on whether or not you think this is a good suggestion. ADTs hide representation details. particularly if timing considerations are involved. details that cannot be (mis) used by the calling program. Usually. Solution notes: Advantages of N-version programming Increases design diversity so probability of faults that result in failures should be reduced Increases availability of the system Disadvantages Increased cost because of the need to use independent development teams Increased software complexity because of the need for a fault tolerant controller. the actual occurrences of failures are what counts. Validation is difficult because there are many different stakeholders who may use the system with different needs. Next to that. this involves more computation than the normal operation (e. Briefly describe forward and backward recovery strategies. which can be cleared when new data is input. A fault in a piece of code that gets executed many times a day is important. an assessment of the actual frequency of failure occurrences (= reliability) may be deemed more important than testing. This is only possible in a small number of cases.

C++. However. In an ATM system there are various limits that might be tested ranging from a large number of ATMs trying to perform transactions at the same time to o 4. It may be discovered. This can't be checked by a compiler. However. C or some other programming language. Explain why program inspections are an effective technique for discovering errors in a program. Bottom-up testing is more appropriate for object-oriented systems as individual objects can be tested and. that the interface must be augmented in some way. 5. As these details inevitably change between deciding to procure a system and deploying that system. the tests are derived from the system or component specification whereas in structural testing knowledge of the structure of the source code is also used to design system tests.7 can also be specialised for each particular programming language e. Discuss the differences between black-box and structural testing and suggest how they can be used together in the defect testing process. The interface to the module may have been incorrectly specified. when integrated with other modules. That is. . Use of incorrect constants (e. They can find several faults in one pass without being concerned about interference between program faults. Solution notes: The list in Figure 19. in most object-oriented systems there is some reuse of objects and so strict bottom up testing is impossible. 2. 2. What testing problems might arise in numerical routines designed to handle very large and very small numbers ? Solution notes: Testing problems can arise because multiplying or dividing very large or very small numbers can result in numeric overflow or underflow. it may sometimes be difficult or expensive to generate appropriate test cases using very large or very small numbers especially if these are normally generated by some other program. o Interface testing can reveal omissions in the interface design. Women often feel intimidated by competitive cultures and may therefore opt out of the process. Testing cannot completely validate that a system is fit for its intended purpose as this requires a detailed knowledge of what that purpose will be and exactly how the system will be used.g. When objects are loosely integrated into subsystems there is no obvious top to the system. Solution notes: An organisation with a competitive elitist culture is unlikely to find that program inspections are effective for the following reasons: Program authors are unlikely to be open about their program because it exposes them to competition. it is practically impossible for all except trivial system to have a complete test set that covers all possible ways that the system is likely to be used. the team approach offers greater coverage than any individual can bring. Visibility faults where names that should be declared as private are actually public. Rather. While competition can sometimes be helpful. Use of incorrect conditions e. Exhaustive testing of all input domain values is not necessary. they are a loosely integrated collection of objects any one of which may be in control at any one time. to some extent. To some extent these are languageindependent but the extent of the compiler checking varies from one language to another. Inheritance from the wrong super-class (a problem if the inheritance is not from the root of the class hierarchy). Test cases are derived from combinations of elements from each equivalence class.g. in general. elitist culture would probably find it difficult to introduce program inspections as a V & V technique. are likely to try to compete with each other to find the most errors. The types of errors that inspections are unlikely to find are specification errors or errors that are based on a misunderstanding of the application domain (unless there are domain experts in the team). 8. 6. < rather than <=. are unlikely to want to be involved in inspections. essentially. It is important to test for this occurrence and not simply to test the accuracy of the numerical operations. Using your knowledge of Java. The benefits to the customer's business from the system exceed the problems that might be caused by the remaining system defects. in particular. The best programmers. Hence. 3. 9.3. Top-down testing is an inherent part of top-down development which is. Solution notes: Top-down testing is not appropriate for OO systems because these systems do not. derive a checklist of common errors (not syntax errors) which could not be detected by a compiler but which might be detected in a program inspection.this often reveals errors or misunderstandings. 7. 3. Explain why bottom-up and top-down testing may be inappropriate testing strategies for object-oriented systems. the testing will be necessarily incomplete. most suitable for functionoriented development. o The assumptions made by other modules about the behaviour of a given module (A say) in response to particular interface stimuli may be incorrect. The validation process is based on this specification rather than actual usage of the module or sub-system. Explain why interface testing is necessary given that individual units have been extensively validated through unit testing and program inspections. in this situation if someone is obviously falling behind they may then stop participating actively in the inspection. Furthermore. have a hierarchical structure. Solution notes: Stress testing involves stretching the limits of the system. In addition. 3. Solution notes: There are several reasons why interface testing is a necessary stage after unit testing: 5. Explain why an organisation with a competitive. 1.g. What is equivalence partitioning as it applies to software testing? Solution notes: A black-box testing technique in which the input domain is divided into classes of equivalent data items. 3. They can obviously be used together with the developer of the code (who understands the structure) developing structural tests and an independent testing team developing black box tests. They bring a number of people with different experience of different types of errors. individual methods within objects can be tested in isolation. They force the program author to re-examine the program in detail . storage management faults need to be checked for in C and C++ but not in Java. the details of these objects may be unknown so the reused objects cannot be tested in a bottom-up fashion. 2. The inspection team. Initialisation of a variable to the wrong value (the compiler can check for initialisation but not the right initialisation). these modules expect A to behave in a way in which it was never designed to operate. Describe how you might stress test a bank ATM system. 1. 11. 10. What types of errors are unlikely to be discovered through inspections? Solution notes: Program inspections are effective for the following reasons: 1. previous-value instead of current-value where previous-value and current-value are of the same type). Potential programming errors. rather than being cooperative. 4. Solution notes: In black-box testing.

Check that modifications have been made. Such is not very attractive to the developing organization. the company is developing database products for microcomputers so: Answers to Study Questions -. Individual preparation . etc. and some serious problem crops up. The organisation is interested in quantifying its software development so may collect metrics about its products and about its processes. Follow-up . the maximum number of power outages that can be properly handled per day. new review arrangements if necessary. Other sorts of limits that could be stressed might be limits on the number of accounts that the system can manage.where will the review be held. accepted comment) 8. the standard should focus on the report organisation. 3. it is important that the system does not corrupt the database. Why should software quality assurance organzation be independent of the development organzation. Review meeting .Chapters 24 and 25 1. In this case. A concluding chapter which critically assesses the solution Where appropriate. 7. What are the stages involved in the review of a software design ? Solution notes: Stages in a design review are similar to the stages in a program inspection. Date change made 11. Date change checked Briefly describe possible standards which might be used for reports to be submitted for a term project in a university. Configuration dependent problems may occur. Person responsible for change 10. Issues which should be addressed include: Document structure: The document must include the following sections: 1. Design an electronic form that may be used to record review comments and which could be used to mail comments electronically to reviewers. when the user complaints that the system is not fast (enough). o o As they are shrink-wrapped products. The type of software which is developed is important as the metrics should take into account its characteristics. Such a requirement does not give the developer guidance either. a typical example of a non-quantified quality requirement. Total number of measured faults detected by testing Total number of faults which resulted in database corruption Total number of system failures which forced a system restart Number of database transactions processed per unit time Time to read/write large DB records Process metrics Number of different configurations used for system testing Number of fault reports submitted Average time required to clear fault after it is reported Time required to run system regression tests 5. Solution notes: Obviously there is no right and wrong answer to this question. Title page: The title page must include the following information o o o o o Project title Course identifier Author name(s) Date of submission Name of instructor . 2. 5. the maximum number of transactions per day. they will run on many different system configurations. who will be the chair. Other information may be included in the header and footer if appropriate. by themselves. 6. As term projects cover a wide range of topics. Such a requirement also easily gives rise to debates later on. The SQA people may then get crunched between these opposing interests. 4. 6. centred on the page and a footer including the page number and the version of the document submitted. Such a requirement can not be tested. which may delay delivery of the system. the general approach adopted in the solution and problems encountered during the development of the solution Chapters giving a detailed description of the approach used. They are: Planning . Suppose the SQA organization is not independent from the developing organization. Page organisation: Each page must include a header giving the title of the project. Assume you work for an organization developing database products for microcomputer systems. 4. it is very difficult to say what quality really means and it is certainly related to many different program attributes. Write a report suggesting appropriate metrics. some remedial action is required. From an SQA point of view. This organization is interested in quantifying its software development. Solution notes: Because quality metrics assume that quality is only related to what can actually be measured (such as coupling). there is no way to tell whether the test `succeeds' or not. System change proposed 9. It is important that the system should not hang the machine on which it is running. modifications made as proposed at the review 6. Such a requirement is useless. 2. Why is it important to quantify quality requirements ? Solution notes: Suppose one of the quality requirements is `The system should be fast'. 7. or limits on the number or size of transactions that individuals can do (per day or otherwise).more local things like pressing lots of buttons on the keypad at the same time. The situation is like that of an accounting department who is responsible for its own auditing. Explain why design metrics are. Pre-meeting of review team (optional) where an overview of the design is presented 3. Solution notes: Again. o o o o o Title page identifying the project and its author Introduction describing the problem being solved. who is involved. 1. invalid comment. 3. In fact.reviewers work on the design documents 4.walkthrough the design 5. Product metrics Product metrics should be used to judge the quality and efficiency of the software. The importance of these attributes varies from system to system and from organisation to organisation. As they are database products. Solution notes: The primary task of the SQA organization is to check whether work gets done the way it should be done. an inadequate method for predicting design quality. Solution notes: The fields in the review form might include: Name of person raising review comment Date comment raised Contact phone number or e-mail address The review comment itself Name of comment assessor Date of comment assessment Action taken from comment (Return for clarification. appendices listing the source code of the solution and user documentation. no right or wrong answer. Rework .

User interfaces should not be friendly. Give reasons. The amount of resources used.g. The retention of system knowledge over time (memorability). Solution notes: A methodical process is a process that is based on the application of some defined method such as OMT (object oriented) or SSADM (function oriented). On the other hand. One quality requirement often stated is that the system should be `userfriendly'. 2. § o o o o o The time needed to learn to use the system (learnability). Writing a small (50 line) program. Give one example each. 6. and A subjective assessment by real users. scrollbars. Explain why a methodical process is not necessarily a managed process as defined in section 25. Lighting a wood fire. A managed process is a process that has a defined process model and process checks and documentation to ensure that the process model is being followed. buttons. the effort required to test a module. this is not necessarily a managed process. How long it takes to do something. 2. While it is sometimes (not always) the case that methods have an associated process model. 1. 4. tests can be devised to determine whether these requirements are met. Describe two metrics that have been used to measure programmer productivity. etc. Solution notes: Metrics that have been used for productivity measurement are: o o o Lines of source code produced per unit time Object code instructions per unit time Pages of documentation per unit time Other possibilities are: . The activities can also. Therefore. 10 and at least 4 (any) of the remaining questions. 9. 5. Process visualisation tools which present different process views. Solution notes: The developer's view of user-friendliness is likely to be determined by technical properties of the interface: use of windows. discuss possible differences between the developer's point of view and the user's point of view in defining this notion. Answers to Study Questions -. the user's main concern is to get his job done in the most effective way.8. Comment briefly on the advantages and disadvantages of these metrics. they should effectively support the user at work. Solution notes: Tools to capture process data from management information. So-called `userfriendly' systems may turn out to score well on these scales. Many possible examples e. 3. the very management-dominated approach of the SEI model would be a very high process overhead. <\ol> Suggest two application domains where the SEI process model is unlikely to be appropriate. Obviously. Cooking a three course meal. although a methodical approach is being used. Requirements for these characteristics can be expressed in measurable terms. Solution notes: Here is a simple sequence of activities. Important ways to measure the usability of a system are: 1. Also.g. Furthermore. Solution notes: 0. Events which occur. E.g. Changes are implemented quickly. Solution notes: Application domains where the SEI process model is unlikely to be appropriate include: AI software development. Think of alternative ways to define system usability in measurable terms. there is scope for alternative descriptions such as parallelism etc. pop-up menus. Although some of the practices are appropriate in this case. of course. these are often very weak and poorly defined and users of the methods rarely follow them exactly. be decomposed Lighting a wood fire Assemble a pile of dry wood Collect easily combustible material (tinder) Arrange some or all of the dry wood around the tinder Strike match Light tinder Provide oxygen to fire and shield from drafts Cooking a three course meal Decide on menu for meal Check store cupboard for items in stock Prepare list of groceries required Buy groceries Prepare food to be cooked Cook food Serve food Writing a small program Read and understand program specification Decide on data types and structures which are required Decide on processing algorithm required Prepare a rough program design Code program Review program for errors Compile program. § Small-scale embedded software in appliances such as washing machines.5. The developer is inclined to look at user-friendliness from the inside. Tools to manage a process training program. In this case. E. video recorders. Describe three types of software process metric that may be collected as part of a process improvement activity. Suggest process models for the following processes: 0. etc. the software development might be seen as part of the hardware development process.Chapters 23 and 26 Answer questions 3. Resource utilisation. The number of defects discovered after a system has been delivered. there may not be checks in place to ensure that the method process model is followed. Elapsed time. Suggest three specialised software tools which might be developed to support a process improvement programme in an organization. The time needed to perform typical user tasks (efficiency). Repeat until syntax errors removed Prepare test data Test program 10. Process model editing tools. 1. time taken to carry out design review. The rate with which errors are made (safety). but such is not a priori clear.

Suppose you are managing a project which is getting behind schedule. 1981]. with corresponding savings during maintenance. a higher-quality product could have been delivered. On the other hand. Solution notes: Legacy systems may be critical for the successful operation of a business for two basic reasons 4. possibility of tool purchase. adding people to the project and softening quality requirements. o Avoiding rework. When there are organisational reasons. software engineers whose experience is not ideal may be available so they may be used rather than recruit new staff. According to [Boehm. The effort multipliers for the development schedule are somewhat more surprising: both acceleration and stretchout of the nominal schedule incur higher cost. . intellectual tasks. The impact of softening quality requirements on the time schedule could be estimated (for instance. How may early cost estimates influence the way in which a project is executed ? Solution notes: An early cost estimate gives a target to aim at. suffer from the same problem as other metrics. Eliminate `gold plating' if necessary. best and most likely cost estimates using simple model. for written documentation instead of face to face communication. stretchout of the schedule primarily implies spending a longer time with a smaller frontend team to thoroughly develop and validate requirements and specifications. generate more costing information and iterate until the estimates converge. we may be inclined to sacrifice quality in order to meet the corresponding deadline. o For those parts of the system which are hard to estimate. Possible actions include: renegotiating the time schedule. This would thus result-in productivity gains. use of high-level languages. develop a prototype to find out what problems are likely to arise. increases as well. The multi-site cost driver was not present in COCOMO.g. o o o o 5. and regular feedback to customers (validation). It is known that programmers with adequate secretarial support and sufficient oorspace are significantly more productive than their colleagues that are worse off. o Reuse software to reduce the amount of estimation required and to reduce overall costs. of course. that is. resulting in a leaner system. Suggest four ways in which the risk in a cost estimate can be reduced. The chance for miscommunication. etc. some approach which is relatively more expensive may be chosen. and the like. a system which better fits real user needs. If a more realistic cost estimation were given. The use of software tools allows the developer to concentrate on his real. with associated communication and learning cost. o Better working environments and other incentives for employees. In which ways can these actions shorten the time schedule ? Can you think of other ways to finish the project in time. multi-site development projects were not very common at that time. this incurs extra costs: for traveling. possibility of hardware upgrade. it will influence the project. schedule): Write less code (reuse. test plans and draft users' manuals. o Adopt a design to cost approach to development where the system functionality is adapted to a fixed cost. Solution notes: Possible techniques of risk reduction include: Obtain a number of independent estimates using different estimation techniques. by a conscious attention to user requirements right from the start. Cost estimates are inherently risky irrespective of the estimation technique used. It is interesting to note the differences in cost drivers between COCOMO and COCOMO 2. Identify process and product variables such as team experience. Solution notes: 7. If we know that the project is estimated to cost 10 person months. o Partition software requirements into critical. Multi-site development. and thus for rework. they don't take quality into account. Explain why Legacy systems may be critical for the successful operation of a business. Solution notes: Different languages and development tools Different ways of counting lines of code Subjective complexity estimates to adjust results Different historical cost databases (e. concentration on essential features and ignoring bells and whistles). Maintenance will then suffer. 8. Give three reasons why algorithmic cost estimates prepared in different organizations are not directly comparable. while all kinds of bookkeeping duties are taken care of by the tools at his disposal. If these are widely divergent. Adding people to the project should be done with care. several of these turn up as cost drivers in models like COCOMO). a tight effort estimate may force developers to ignore implementation of bells and whistles. o Employing (more powerful) tools. If development takes place at more than one site. and its role as a cost driver has consequently disappeared. this has become common practice. This would then translate into higher-quality products and/or less maintenance. therefore. o Employing better people. and Required development schedule. Solution notes: Both adding people to the project and softening quality requirements may shorten development time. Conversely. Suggest a situation where managers may choose an approach that is not based on the lowest project cost. For example. That acceleration of the schedule incurs higher costs is quite plausible: it requires more people. o o o o o Use of software tools. desirable and `gold plating'. Build a spreadsheet model allowing the effects of these variables on the cost estimates to be computed. Other ways to finish the project in time can be discerned by considering the various factors that influence cost (and. o o o Produce worst.o o o o Number of data dictionary entries made per unit time (may be useful if CASE tools are used) Number of mathematical definitions produced per unit time (formal specification) Number of requirements written per unit time Number of design diagrams produced per unit time 6. since size is the major determining cost factor. COCOMO had a cost driver `use of modern programming practices' (in particular information hiding). apparently. different activities costed against projects) Explain how the algorithmic approach to cost estimation may be used by project managers for option analysis. As such. 3. 2. Can you give an intuitive rationale for the values of the COCOMO 2 cost drivers relating to project attributes ? Solution notes: COCOMO 2 mentions three cost drivers that relate to project attributes: All of these.

the processing is often data driven based on the value of a field of a record and this data can then be used to select the function to execute. This is a particular problem with early 4GLs where. o 12. suggest the most appropriate strategy for providing access to these systems. 10. Does the process involve generating paperwork that is rarely used? 9. If a model exists. Solution notes: Ten possible questions are: 1. 1. Sommerville 26. and hence have a coherent role in a system architecture. When a business process is changed and new software is required to support the process. Two major international banks with different customer information databases merge and decide to provide access to all customer information from all bank branches. How do people cope with the missing parts of the model? 6. 7. the organisation loses valuable knowledge. The processing of each transaction or record is independent of the previous transaction and record so no system state (as would normally be held in objects) need be maintained. the vendors are no longer in business. etc. Give some reasons why software maintenance can't be avoided. What problems arise with the software support for the process? There are many other possible questions that could be valid answers here. a mail server. This will involve significant conversion costs anyway so the opportunity might be taken to rewrite the software. Answers to Study Questions -. Are there parts of the process that involve repetitive. Obviously there are many variations to this. the usefulness of the system declines. Therefore. what is missing from the model? 5. a university has a student admissions process and systems which support this are critical. o The external legal and political environment for the system changes and generates new requirements. routine work? 10. Explain why this approach to design may be more appropriate for these systems than object-oriented design strategy. o They may incorporate organisational and business knowledge which is simply not documented elsewhere. it is simplistic to relate maintainability simply to complexity.6. 4. Furthermore. Explain the difficulties of measuring Program maintainability. Solution notes: Assuming that neither of the databases is accessible through the Internet already. 2. Solution notes: A function-oriented approach to design may be appropriate because many legacy systems are concerned with either transaction processing or with processing records from a file. 6. They must be maintained. 10 and at least 4 (any) of the remaining questions. They may be an intrinsic part of one or more processes which are fundamental to the operation of a business. 2. These include: o Control complexity o Data complexity o Program naming o Program comments o System documentation o Background of the maintainer o Programming language used o Programming language constructs used o Programming language style Because it is probably the case that the importance of these factors vary from program to program. o The business in which the system is used changes in response to market forces and this also generates new system requirements. Solution notes: Systems must change or become progressively less useful for a number of reasons: o The presence of the system changes the ways of working in its environment and this generates new requirements. Solution notes: A possible data flow diagram for 'Compute salary' is shown below. Without this system. Does the process involve repetition of work that has been done by someone else such as entering data. Under what circumstances might an organisation decide to scrap a system when the system assessment suggests that it is of high quality and high business value ? Solution notes: There is no hard and fast answer to this as obviously it depends on local circumstances. the simplest solution to this problem is to provide a common 11. If these are not satisfied. Is there a defined process model? Who is responsible for updating and maintaining the model? Do people follow the model or do they develop their own process? 4. Examples of where software might be scrapped and rewritten are: o o o When the cost of maintenance is high and the organisation has decided to invest in new hardware. .Chapters 27 and 29 Answer questions 3. 3. When support for the tools and language used to develop the software is unavailable. Giving reasons. For example. Explain why encapsulating a mainframe legacy system and using it as a server should only be considered as a short-term solution to the problem of architectural evolution.9. Solution notes: Servers should serve a single purpose such as a database server. Why is it simplistic to measure maintainability in terms of complexity ? Solution notes: Program maintainability is difficult to measure because the maintainability is related to several different factors. exceptions on student admissions may simply have been coded directly into the system with no paper record of these. in many cases. functions are a suitable processing abstraction. Are there delays in the process that could be avoided? 8. Suggest ten questions that might be put to end-users of a system when carrying out a business process assessment. If a mainframe system is encapsulated then it is multi-purpose (database + application logic + maybe user interface) so either there is duplication of function (if the practical use of the encapsulated legacy system is as a database) or logically related functions are split across the encapsulated system and other components of the architecture. 3. For example. Most legacy systems use a function-oriented approach to design.

retesting the program. o During development. Excessive use of inheritance is likely to make the system really difficult to comprehend and maintain. rather than any particular solution to that problem. Discuss the differences and similarities between configuration management during development and maintenance. In both cases. the operational baseline must be thoroughly separated from the version that is being changed because of bugs reported or changes that need to be incorporated. Derived elements may be reused by maintaining a derived element pool which associates descriptors with derived elements. in a traditional model. use the compiled version rather than re-compiling. The files to be processed are down-loaded to this machine before processing. most change requests will come from users. usually one or only a few such variants are in use. o During maintenance. o (control) In evolutionary development. changes are made to existing artifacts (design descriptions. changes to programs can be realized through subclasses. control. Older versions remain available. The overall model is as shown Below. If the cost of activity i is Ci per line of code. rather than through tinkering with existing code. the main differences between a traditional development model and an evolutionary model are: o (identification) In an evolutionary model. 7. and 3. This should help to reduce maintenance effort. . continuation of the system's operation is a major criterion. and auditing. Additional support for building executables both optimizes this process (unchanged components need not be compiled anew) and helps to get the right executables (those that contain the most recent version). Solution notes: During maintenance. 2. Smaller programs require less maintenance. Discuss advantages of Software configuration control support during software maintenance. Finally. systems written in OO languages tend to be shorter because of the code sharing that results from inheritance. Describe 5 factors which must be taken into account by engineers during the process of building a release of a large software system. Solution notes: The title should not be used as it is not a unique identifier (several documents from different sub-projects could have the same title). this effort is hardly. Subtasks 1 and 3 require an effort proportional to the length of the program. encapsulate each database as a separate server then use some middleware to sort out which database is actually being accessed. when a build is initiated. Major differences between SCM during development and maintenance are: o Most of the identification and definition of configuration items takes place during development. code. Discuss the possible contributions of object-oriented software development to software maintenance. 6. making the change. change requests are issued by both developers and users. 9. and the results of audits must be promulgated timely to baselines in use and in development. 5. version control plays an even more important role during maintenance. Baselines change rapidly. A possible numbering scheme could have the form :::::: 11. usually. if at all. Solution notes: Two ways of optimising the system building process are: Reuse of derived elements. choosing a machine from this list. then a 10% change in a 200 LOC program is the more costly one if: 200C1 + 20C2 + 200C3 > 100C1 + 20C2 + 100C3 This inequality is true for any nonnegative value of C1 to C3. In traditional development. The GUI to character convertor changes the original character interface into a webbased GUI interface so that there is no need to alter the actual code in the database application. Subtask 2 may be expected to incur a cost proportional to the size of the change. Thus. Parallel building. hence the slogan `Inheritance is the goto of the 1990's'.internet interface to both databases. and volatile functionality is implemented through operations on objects. etc). 10. affected by the size of the change. Solution notes: Software configuration management (SCM) is concerned with: identification. and multiple versions of components and baselines are under development simultaneously. Discuss the possible differences between configuration management in waterfall development and evolutionary development. because the thread of control is more difficult to discern. Software configuration management helps keep track of revision histories and versions. one version of each component. it must ensure that changes are properly implemented and reported to interested parties. In both cases. with its multivariate product in various simultaneous stages of development and deployment. o (status accounting) Is challenged as well in evolutionary development. These descriptors uniquely identify the source element used to create the derived element so different versions of the derived element can be maintained in the derived element pool. This results in different versions of those documents. During maintenance. Solution notes: Object-oriented software development emphasizes the modeling of a problem. Solution notes: The major tasks of software configuration management (SCM) are the same during development and maintenance. so that changes can be undone. there is one baseline and. For these activities. status accounting. Stable entities are the focus of attention. The structure of the resulting system should then better reflect the structure of the problem domain. Describe two ways in which system building tools can optimise the process of building a system from its components. Solution notes: Have all components been included? Is the right version of all components been included? Are all configuration/data files included? Is the right version of the system building tools used? Are there any problems with full path name references? 12. If an element has already been compiled. On the negative side: OO programs may be more difficult to comprehend. Can you think of reasons why a 10% change in a 200-line program would take more effort than a 20% change in a 100-line program ? Solution notes: Changing a program involves three subtasks: 1. Suggest a document identification scheme that may be used for all projects in an organization. and the revision history itself can be of help during maintenance. 8. o (auditing) Has to be done frequently and quickly in evolutionary development. SCM must be able to distinguish between all those variants. Parallel building is supported by maintaining a list of possible build platforms and. comprehending the program. Explain why you should not use the title of a document to identify the document in a software configuration management system. Different components of the system can be built on different nodes of the network. At the code level. there are many variants of components in use at the same time. o During development. the assessment and handling of change requests is impacted by the necessary orderly progress of development. During maintenance. SCM is concerned with identifying and controlling changes. multiple versions of baselines are deployed at the same time. The inheritance mechanism may make it more difficult to decide which parts of the system `apply' at a given point.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.