Software Engineering, Facit, March 16, 2011.

Duration 08:00-13:00.

  1. During the course we discussed some software engineering processes (V-model, RUP, etc.). They all have advantages and disadvantages. What are desirable properties for a process?   (5 points, 2 pages)

    Reference: Figure 26.2.
    So that the process is actually used as intended, it should be understandable, acceptable and supported.
    So that the process is managable, it should be visible, robust and preferably also measurable.
    So that the process gives good results, it should be reliable, and rapid
    (other good points are user involvement, allow parallism, incremental, manage risks).

    Note: some answers start to explain the V-model, or the phases requirements, design, ... and so on.
    That is not answering the question.

  2. During the development of a new system, a throw-away prototype is being evaluated. The users like the system, and want to start using it immediately. Give 3 reasons why this may be a bad idea.   (3 points, 1.5 page)

    Reference: Section 2.3.1

  3. How does reuse-oriented software engineering differ from a development-oriented process (like the V-model)
    Reference: Figure 17.7, section 17.2.2 (not exclusively though)
    1. in the requirements phase?
      In development-oriented SE, the requirements need to be decided in sufficient detail to build the system.
      In reuse-oriented SE, the requirements are less detailed. Then there is a phase of identifying candidate components. These components will provide further detail. Usually, the requirements need to be adapted/negociated so that the components can fit in.
    2. in design and implementation?
      In development-oriented SE, the design is mostly top-down (divide and conquer problem solving). Much work is spent on implementing components.
      In reuse-oriented SE, there is a framework architectural design, but many parts of the design are bottom-up, fitting components together using glue code and wrappers. Realtively little work is spent on implementing components, but more on analysing them.
    3. in integration and testing?
      In reuse-oriented SE, there is less focus on unit testing. The components must be tested, but the tests focus on verifying if the component works in the new environment, in particular aspects like error-handling. (This may also be verified by other means than testing). So there is more focus on integration and system testing.
    (9 points, 3 pages)
    Note: I have not been selective in where you make your arguments. For instance "glue code" can be mentioned in implementation or integration.

  4. Describe and motivate at least 5 key principles of extreme programming (XP). 
    (5 points, 2 pages)  By "motivate" I mean: describe the expected benefit of this principle within XP.

    Reference: Figure 3.4 lists 10 principles and some motivation. Some central issues are
    Customer involvement to make sure that we are making the right system (validation)
    Short feedback loops to correct mistakes as soon as possible (small increments, pair programming, test-driven, continuous integration)
    Simplicity (make the simplest solution that works, handle change when it comes, refactoring) - avoid spending time and money on anticipated changes that never occur.
    People - keep them happy, healthy and "together" (sustainable pace, collective ownership, pair programming)
    While not wrong, refering to principles from "the agile manifesto" only is too general.

  5. What are the general purposes of making system models during requirements engineering?    (4 points, 2 pages

    Reference: Chapter 5, introduction (and the rest ...)
    The general purposes are
    For formal models, the answers to question 7 may also apply.

  6. Sometimes the safety of a system requires its availability. Sometimes safety and availability are conflicting requirements.
    1. Give an example of each case.  
    2. Point out the crucial difference between the two cases.
    (4 points, 1.5 page)

    b. If the system has a safe state, then when a problem arises you can bring the system to this state. In the safe state, availability may be low, but safety is ensured. If the system has no safe state, then a minimum of operations must be available in order to control the system.
    a. (Of course, many examples are possible here.)
    In a railway signalling system, you can switch all signals to red (and if there is no electricity, a signal that is unlit must be interpreted as red by the driver). This state is safe (at least for a few hours: trains cannot collide, but passengers may start to freeze/overheat/panic eventually), but the railway is not available for transportation. In an airplane, a basic landing system must be available, because at the end of a flight you cannot keep circling for very long.
    A nuclear reactor of the Fukushima/Forsmark type needs available power (electric or emergency diesel) to keep the cooling going (safety requires availability). There are reactor designs where the heat of the core itself keeps the cooling going. Such a reactor can be switched off, it's no longer available to generate power, but it's safe.

    Note: most examples that involve security are flawed in some way:
    A system is available if it is ready to perform the functions that it is supposed to perform. Since a system is not supposed to be accessible (available??) for hackers, there is no inherent conflict between security and availability. There may occur such a conflict, for instance if the system detects an intrusion and shuts down (= goes to a secure state).
    Secondly, security is not safety. Some students argue that a security system (like a camera) needs to be available to ensure safety. Well, it may be needed to ensure security, but since the camera itself cannot cause any damage, it has no effect on safety. (An extreme case would be a security system that automatically shoots intruders. Its "secure state" would be to shoot everyone, but its "safe state" would be not to shoot.)

  7. What benefits can the making of a formal requirements specification have? Name at least three benefits and motivate why they can be achieved through formal specification.    (3 points, 1 page)

    Reference: guest lecture slides (slide 9 in particular), Section 12.5

  8. Explain what is meant by statistical testing, and why it is meaningful to perform statistical testing on a deterministic system. Use a concrete example. (4p, 1 page)

    Reference: 15.2
    Statistical testing draws its test cases from a usage profile in a statistically valid way. That is, we assume that we know how users "normally" use the system, and our test cases should represent such "normal" behaviour. So the system may be deterministic, but the usage is not. The two goals of statistical testing are
    (Plenty of examples possible, as long as there is user interaction. Word processor, reservation system ...)

  9. Consider this function written in JAIL (Just Another Imperative Language):

    real function exponent(real a, int b);
    // compute ab
    real result := 1.0;
    if b < 0 then
          b := -b;
          a := 1.0/a;
    end if;
    while b > 0 loop
          b := b-1;
          result := result*a;
    end loop;
    return result

    1. Show what steps must be taken to find test cases for coverage testing, using this program as an example. Show the distinction between statement coverage and branch coverage.   (5 points, 2 pages)

      Reference: slides
      1. Draw a flow-chart of the program (picture)
      2. Identify statements/branches
      3. Find paths that cover all statements/branches
      4. Find inputs that make the program follow the paths (if this fails, go back to 3 and choose different paths).
      In the example, only the choice of input b determines the path.
      Statement coverage requires only one test case, with b < 0.
      Branch coverage requires two test cases, one with b < 0 and one with b >= 0.

    2. Explain briefly the concept of boundary value testing, and show that it would probably reveal an error (or shortcoming) in the program. (3 points, 1 page)

      Reference: 8.1.2
      Boundary value testing is a black box method. From the specification, it derives different cases, and tests values that are close to the boundaries of these cases. In the current example, we could choose
      a: -<high number>, -1, -<small fraction> 0, <small fraction>, 1, <high number>
      b: -<high number>, -1, 0, 1, <high number>

      One can point out 3 different errors/shortcomings - note that there are no assumptions on a and b:
      1. overflow could easily occur (a and b are high numbers)
      2. division by 0 (a = 0, b < 0)
      3. the result of 00 = 1.0 (a = 0, b = 0).

    3. Explain why inspection would probably reveal the error.  (1 point, 2 lines)

      Reference: 24.3.2
      Inspection certainly has "division by 0" and "overflow" on the inspection checklist, as they are common errors.
      The specification should state how to handle 0b when b =< 0.

  10. Describe four different methods to estimate the cost of a project. What input does each method need (i.e., what information do you need in order to apply each method)?
    (4 points, 1.5 page)

    Reference: 23.5-in:
    If the cost is determined by the requirements, we have
    If the cost is determined by the available resources (we try to make as good a product as we can):

  11. Consider the CMMI model.
    1. What are the 5 (or 6) stages of the model?
    2. What is the model supposed to measure?
    3. Why is it sometimes preferable to remain at "level 3" instead of aiming for "level 5"?
    (6 points, 2 pages)

    Reference: 26.5
    a. Initial/Incomplete, (Performed), Managed, Defined, Quantitatively managed, Optimizing
    (I don't require that you remember the exact terminology, a reasonable description of the levels (as on page 724) is good enough.)
    b. The maturity of an organisation in managing its processes.
    c. There is a cost involved in moving up to level 5, both in actual work and in "acceptance" by the employees. This cost should be motivated, either by a better running operation, or by customers requiring this level of maturity. If neither motivation exist, you may be better off at level 3. In the continuous model, you should set goals for each "area of operation".

  12. Quality management standards and processes often have their roots in manufacturing industry. Discuss what assumptions underlie such standards and processes, and to what extent these assumptions are valid in software engineering.    (4 points, 2 pages)

    Reference: 26-in
    The main assumptions are that product quality is determined by process quality, and that a standardized process leads to a stable product quality. There are differences between manufacturing and software engineering that undermine these assumptions.