Professional Documents
Culture Documents
תשע"ח
באר שבע יום א 10:00 – 13:00
17:00 - 14:00
אשדוד יום ב 11:00 – 14:00
11,12,14 שיטות פיתוח ובדיקות בסביבות מתקדמותIoT ,Mobile DevOps - 11
Scrum KanBan
Pre-defined roles of Scrum master, Product owner and team No prescribed roles
member
Timeboxed sprints Timeboxed sprints
Work is pulled through the system in batches (the sprint Work is pulled through the system (single piece flow)
backlog)
No changes allowed mid-sprint Changes can be made at any time
Velocity Cycle time
More appropriate in situations where work can be prioritized More appropriate in operational environments with a
in batches that can be left alone high degree of variability in priority
8
4.1 Software Quality Measurements buildup processes
4.2 Static /Dynamic code analysis
9
These four terms are often used interchangeably, but they can have
subtle differences
Measure
Provides a quantitative indication of the extent, amount,
dimension, capacity, or size of some attribute of a product
or process
Measurement
The act of determining a measure
Metric
(IEEE) A quantitative measure of the degree to which a
system, component, or process possesses a given attribute
Indicator
A metric or combination of metrics that provides insight into
the software process, a software project, or the product
itself
10
Formulation
The derivation (i.e., identification) of software measures and metrics appropriate for the
representation of the software that is being considered
Collection
The mechanism used to accumulate data required to derive the formulated metrics
Analysis
The computation of metrics and the application of mathematical tools
Interpretation
The evaluation of metrics in an effort to gain insight into the quality of the representation
Feedback
Recommendations derived from the interpretation of product metrics and passed on to the
software development team
11
Simple and computable
It should be relatively easy to learn how to derive the metric, and its computation should not demand
inordinate effort or time
Empirically and intuitively persuasive
The metric should satisfy the engineer’s intuitive notions about the product attribute under
consideration
Consistent and objective
The metric should always yield results that are unambiguous
When to stop
testing? Is the testing
efficient
Have we caught
Trend sufficient
Analysis defects
יחידות בסיס
לאיסוף
Taken from:
An Information Model for Software Quality Measurement with ISO Standards - Alain Abran Et. Al 15
Quality attributes division
Taken from:
An Information Model for Software Quality Measurement with ISO Standards - Alain Abran Et. Al
16
ISO/IEC/IEEE 29119 Software Testing is an internationally agreed set of standards for
software testing that can be used within any software development life cycle or
organisation. By implementing these standards, you will be adopting the only
internationally-recognised and agreed standards for software testing, which will provide
your organisation with a high-quality approach to testing that can be communicated
throughout the world. There are currently five standards:
•ISO/IEC 29119-1: Concepts & Definitions (published September 2013)
•ISO/IEC 29119-2: Test Processes (published September 2013)
•ISO/IEC 29119-3: Test Documentation (published September 2013)
•ISO/IEC 29119-4: Test Techniques (at DIS stage)
•ISO/IEC 29119-5: Keyword Driven Testing (at WD stage)
Plus, based on the processes defined in ISO/IEC/IEEE 29119-2:
•ISO/IEC 33063: Process Assessment Model (at DIS stage)
17
Testing Techniques
Specification-Based Structure-Based Experience-Based
Equivalence Partitioning Statement Testing Error Guessing
Classification Tree Method Branch Testing Exploratory
Boundary Value Analysis Decision Testing Checklist based
State Transition Testing Condition Testing Attacks
Decision Table Testing Data Flow Testing
Cause-Effect Graphing
Syntax Testing
Combinatorial Test
Scenario Testing (including
Use Case Testing)
Random Testing
18
At least two out of the five statements, but possibly more A[] B[]
than two share equivalents of the meaning:
Establish software quality requirements
Mark the only statements that share equivalent
meaning Identify software quality metrics
Explain briefly the reason you have selected these Implement the software quality metrics
items Analyze the software metrics results
Validate the software quality metrics
C [] D [x] E [x ]
Measure - Provides a quantitative indication of
the extent, amount, dimension, capacity
Measurement - determining a measure
Metric - A quantitative measure of the degree to
which a system, component,
Indicator - A metric or combination of metrics
that provide insight into the software, product,
project
19
Static analysis is performed in a non-runtime environment. Typically a
static analysis tool will inspect program code for all possible run-time
behaviors and seek out coding flaws, back doors, and potentially
malicious code.
Dynamic analysis adopts the opposite approach and is executed while a
program is in operation. A dynamic test will monitor system memory,
functional behavior, response time, and overall performance of the
system. This method is not wholly dissimilar to the manner in which a
malicious third party may interact with an application. Having originated
and evolved separately, static and dynamic analysis have, at times, been
mistakenly viewed in opposition
20
Static analysis, with its white box visibility, is certainly the Static code analysis is done
more thorough approach and may also prove more cost- without executing any of the
code;
efficient with the ability to detect bugs at an early phase of dynamic code analysis relies
the software development life cycle. For example, if an error is on studying how the code
spotted at a review meeting or a desk-check. Had the error behaves during execution.
become lodged in the system, costs would multiply. Static
Code
analysis can also unearth future errors that would not emerge
in a dynamic test. Analyze
Dynamic analysis, on the other hand, is capable of exposing a
subtle flaw or vulnerability too complicated for static analysis instrument
alone to reveal and can also be the more expedient method of
Execute
testing. A dynamic test, however, will only find defects in the
part of the code that is actually executed. Analyze
21
At least two out of the five statements, but possibly A[] B [ x]
more than two share equivalents of the meaning: Analyzing code without executing it.
Mark the only statements that share equivalent
meaning
Generally used to find bugs or ensure
Explain briefly the reason you have selected these conformance to coding guidelines or other
items specification given to the tool
C[] D[] E [x ]
Static analysis tools should be used when A software verification activity in which
they help maintain code quality. If they're source code is analyzed for quality, safety,
used, they should be integrated into the build and security. This analysis enables software
process, otherwise they will be ignored. developers and testers to identify and
diagnose various types of bugs/errors such as
overflows, divide by zero, memory and
pointer errors, run-time errors ..
22
5.1 Structural code design Principles
5.2 Naming conventions rules - how to identify issues
5.3 Measurement and entities in OO programs
23
Procedural programming is a programming paradigm, derived from structured programming, based
upon the concept of the procedure call. Procedures, also known as routines, subroutines, or functions
(not to be confused with mathematical functions, but similar to those used in functional programming),
simply contain a series of computational steps to be carried out. Any given procedure might be called at
any point during a program's execution, including by other procedures or itself.
Code Pascal
Fortran
Compile
Cobol
Traditional procedural programming is far less
link C
dogmatic: you have data. You have functions.
You apply the functions to the data. If you want Ada
to organize your program somehow, that's your Execute
problem, and the language really isn't going to Go
help you
24
Programming paradigm aimed on improving the clarity, quality, and
development time of a computer program by making extensive use
of subroutines, block structures and for and while loops—in contrast to
using simple tests and jumps such as the goto statement which could
lead to "spaghetti code" which is both difficult to follow and to maintain.
25
בדרך כלל מכילה הסתכלות ותכנון מלמעלה למטה ( ) Top downכאשר
המפתח מגדיר סט של רוטינות ופונקציות המקודדות בנפרד שמשמעותו שהקוד
יכול להיות מועמס לתוך הזיכרון בצורה יעילה והשימוש החוזר ברוטינות אלו
הוא חלק חשוב בעיצוב התוכנה .עיצוב שכזה מקל על בדיקת הקוד כל רוטינה
בנפרד ( ) Unit Testוהאינטגרציה ביניהם כתהליך בדיקה עצמאי
26
At least two out of the five statements, but possibly A [x ] B[]
more than two share equivalents of the meaning: Structured programming frequently employs Programming paradigm aimed on improving
Mark the only statements that share equivalent
meaning
a top-down design model, in which the clarity, quality, and development time of
Explain briefly the reason you have selected these developers map out the overall program a computer program by making extensive use
items structure into separate subsections of subroutines, block
structures and for and while loops
C [ x] D[] E [x ]
27
Naming convention is a set of rules for choosing the character sequence
to be used for identifiers which denote variables, types, functions, and
other entities in source code and documentation.
CamelCase is the practice of writing compound words or phrases in which
Elements that influence most if the words are joined without spaces and are capitalized within the
not all naming conventions in compound like BreakFast, myName etc. CamelCase is so named because
each word in the identifier is put together without spaces, but with the first
common use today.
letter of each word captilised, looking like humps of a camel. There are two
Length of identifiers
varieties in CamelCase- UpperCamelCase and lowerCamelCase. In java
Letter case and numerals
variables, references, method names are declared in lowerCamelCase.
Multiple-word identifiers
Delimiter-separated words
if (one_of_our_conditions_is_true())
Letter-case separated words
{
call_one_of_our_functions();
CallSystemFunction(); 28
}
Do use PascalCasing for class names and method Avoid using Abbreviations. Exceptions: abbreviations
names.
commonly used as names, such as Id, Xml, Ftp, Url
Why: consistent with the Microsoft's .NET
Framework and easy to read. Why: consistent with the Microsoft's .NET Framework
and prevents inconsistent abbreviations.
Do use camelCasing for method arguments and
local variables.
Why: consistent with the Microsoft's .NET Do use: PascalCasing for abbreviations 3 characters or
Framework and easy to read. more (2 chars are both uppercase)
Do not use Hungarian notation or any other type Why: consistent with the Microsoft's .NET Framework.
identification in identifiers Caps would grap visually too much attention.
Why: consistent with the Microsoft's .NET
Framework and Visual Studio IDE makes determining Do not use Underscores in identifiers. Exception: you can
types very easy (via tooltips).
prefix private static variables with an underscore.
Do not use Screaming Caps for constants or Why: consistent with the Microsoft's .NET Framework
readonly variables
and makes code more natural to read (without 'slur').
Why: consistent with the Microsoft's .NET
Framework. Caps grap too much attention Also avoids underline stress (inability to see underline).
29
At least two out of the five statements, but possibly A[] B[]
more than two share equivalents of the meaning: A set of rules for choosing the character
Mark the only statements that share equivalent
meaning
sequence to be used for identifiers which
Explain briefly the reason you have selected these denote variables, types, functions, and other
items entities in source code and documentation.
C [x ] D[] E [ x]
Create uniform coding habits among CamelCase; also known as camel caps or
software personnel in the engineering more formally as medial capitals) is the
department so that reading, checking, and practice of writing compound words or
maintaining code written by different phrases such that each word or abbreviation
persons becomes easier. in the middle of the phrase begins with a
capital letter, with no intervening spaces or
punctuation
30
In a procedural program, modules interact by reading and writing state that is
stored in shared data structures.
In a procedural program, the code is king and the data is subordinate. In other
words, you have programs which act on data and they're not usually tightly bound.
In the OO world, objects are the primary thing of interest. An object consists of data
and the code that is allowed to act on that data, and they are very tightly bound. It
is the concept of encapsulation, the hiding of information.
http://stackoverflow.com/questions/530741/whats-the-difference-between-a-procedural-program-and-an-object-oriented-program 31
Object-oriented design and development are popular
concepts in today's software development
environment.
Object oriented development requires not only a
different approach to design and implementation, it
requires a different approach to software metrics.
Thus, the approach to software metrics for object
oriented programs must be different from the
standard metrics set. 32
There are several main types of OO metrics:
Coupling Metrics
Cohesion Metrics
Inheritance related measures
Object A
Object D
Shared
Inherited Object B
Parameters
from
Object C
33
Coupling metrics are the counts of interactions between
classes
Main metrics:
CBO (coupling between object classes)
For a class, is defined as the number of other classes to which it is
coupled.
RFC (response set for class(
The number of methods in the set of all methods that can be
invoked in response to a message sent to an object of a class.
34
Class 2DPoint
{
שאלה
כמה
RFC (response set for class(
private int x;
? יש בקוד שאנחנו רואים
private int y;
public 2DPoint(int x,int y){
this.x = x; The only method that can be invoked
as a result of a method invocation is :
this.y = y; }
dinstanceFromOrigin. Thus, RFC = 1.
public distance(int x1,int y1){
return Math.sqrt(Math.pow((x-x1),2) + Math.pow((y-y1),2)); }
public dinstanceFromOrigin(){
return this.distance(0,0); }
}
35
Cohesion metrics measure how well the methods of a class are related to each
other.
Main metrics:
LCOM (Lack of Cohesion)
Measures the dissimilarity of methods in a class by instance
variable or attributes.
TCC (tight class cohesion(
Ratio of number of similar method pairs to total number of method pairs in the class.
NP = maximum number of possible connections.
NDC = number of direct connections.
TCC = NDC/NP.
TCC<0.5 considered non-cohesive classes.
36
Main metrics:
DIT (depth of inheritance tree)
Maximum inheritance path from the class to the root class.
The deeper a class is in the hierarchy, the more methods and variables it is likely to
inherit, making it more complex.
NOC (number of children)
Number of immediate sub-classes of a class.
NOC measures the breadth of a class hierarchy, where DIT measures the depth.
Depth is generally better than breadth, since it promotes reuse of methods
through inheritance.
High NOC has been found to indicate fewer faults.
This may be due to high reuse, which is desirable. 37
At least two out of the five statements, but possibly A[] B [x ]
more than two share equivalents of the meaning: With OO software code quality measurement Shared variables or control information
Mark the only statements that share equivalent have become more complex and sophisticate
meaning
exchange lead to tight coupling.
since new relation and affiliations are introduced
Explain briefly the reason you have selected these
items
– also the dynamic nature of execution makes it
even harder to estimate the possible impact of
each measurement.
C[] D [ x] E[]
Modular decomposability; Coupling Metrics
Modular composability;
Modular understandability; Cohesion Metrics
Modular continuity;
Inheritance related measures
Modular protection.
38
6.1 What is Cyclometic complexity
6.2 Complexity in OO code
6.3 Challenges and complexity in Microservices architecture
39
?מה עוד )כמה (בואו נספור
) (מקייב מסבך לנו את החייםComplexity סיבוכיות LOC- line of code
Cyclomatic complexity מספר ההתפצלויות
Reachability
# of object declared in source file
Looping depth
# of class declared in source file
מתאים לסטנדרט tested
מובנה אובייקטים כלולים בכל קלאס מוצהר
מכסה Data members in a class
תיעוד פנימי ? הצעות נוספות
40
מה מציעים לנו לסקור בקוד
:) מציע לנו לשאול עצמנו לסיכום הבדיקהGlenford J. Myers( מאיירס
Was the program easy to understand?
Was the high-level design visible and reasonable?
בספר (אומנות בדיקות3.2 ו3.1 בטבלאות
Was the low-level design visible and reasonable? התוכנה) ישנה רשימה חלקית של בעיות
) סוגי תקלות50 שניתן לזהות בקוד ( כ
Would it be easy for you to modify this program?
Would you be proud to have written this program?
42
Cyclomatic Complexity – סיבוכיות סיבובית
Cyclomatic Complexity reflects the decision-making structure of the program. It is
recommended that for any given module the metric should not exceed ten. This value should
be used as an indicator of modules which may benefit from redesign. It is a measure of the
size of the directed graph,
e – )edges( קשתות
n - )vertices( קודקודים I) v(G)~l.
p - רכיבים מחוברים 2) v(G) is the maximum number of linearly independent
Definition 1: The cyclomatic number paths in G; it is the size of a basis set.
V(G) of a graph G with n vertices, e 3) Inserting or deleting functional statements to G does not affect v(G).
edges, and p connected components is: 4) G has only one path if and only if v(G) = I.
5) Inserting a new edge in G increases v(G) by unity.
v(G) = e - n + p 6) v(G) depends only on the decision structure of G.
43
סיבוכיות בהגדרה שונה
44
הקשר בין מורכבות לכמות הבאגים
45
At least two out of the five statements, but possibly A[] B [x ]
more than two share equivalents of the meaning: It is a software metric (measurement), used
Mark the only statements that share equivalent
meaning
to indicate the complexity of a program. It is
Explain briefly the reason you have selected these a quantitative measure of the number of
items linearly independent paths through a
program's source code
C[] D [x ] E[]
Graph: Usually the control flow graph (CFG) The Cyclomatic number V(G) of a graph G v(G) is the maximum number of linearly
Node coverage: Execute every statement with n vertices, e edges, and p connected independent paths in G; it is the size of a basis set.
Edge coverage: Execute every branch components is calculated by: Inserting or deleting functional statements to G
Loops: Looping structures such as for loops, v(G) = e -n + p. does not affect v(G).
G has only one path if and only if v(G) = I.
while loops, etc.
Inserting a new edge in G increases v(G) by unity.
Data flow coverage: Augment the CFG v(G) depends only on the decision structure of G.
46
Fan-in = number of ingoing dependencies
Fan-out = number of outgoing dependencies
48
Client
classes
Façade
50
Many smaller (fine grained), clearly scoped
services
Single Responsibility Principle
Domain Driven Development
Bounded Context
Independently Managed
Clear ownership for each service
Attribution: Adrian Cockroft, Martin Fowler … 51
Monolithic Microservices
53
מה היה בשיעור זה
מה להתכונן
מדדי איכות של תוכנה –
לשיעור הבא
4 .Software Quality measurements oהאורקל של הבדיקות
מה לומדים מהקוד – oבדיקות יחידה
?5.What can we learn from the code
אתגרי הסיבוכיות והמורכבות –
6. Challenges and complexity - looking at the code
זרימה והתנהלות הקוד – יועבר בתרגול הקרוב
7. Flow and other control charts derived from the code
66
להתראות בשבוע הבא
67