Software Quality

1
Software Quality

 In 2005, ComputerWorld lamented that

 “bad software plagues nearly every organization that uses
computers, causing lost work hours during computer downtime,
lost or corrupted data, missed sales opportunities, high IT
support and maintenance costs, and low customer satisfaction.

 A year later, InfoWorld wrote about the

 “the sorry state of software quality” reporting that the quality
problem had not gotten any better.

 Today, software quality remains an issue, but who is to blame?

 Customers blame developers, arguing that sloppy practices lead
to low-quality software.
 Developers blame customers (and other stakeholders), arguing
that irrational delivery dates and a continuing stream of changes
force them to deliver software before it has been fully validated.

2
Software Quality

 The American Heritage Dictionary defines quality as

 “a characteristic or attribute of something.”
 For software, two kinds of quality may be encountered:
 Quality of design encompasses requirements, specifications,
and the design of the system.
 Quality of conformance is an issue focused primarily on
implementation.

 User satisfaction = compliant product + good quality + delivery

within budget and schedule

3
Quality – A Pragmatic View

 The transcendental view argues (like Persig) that quality is

something that you immediately recognize, but cannot explicitly
define.
 The user view sees quality in terms of an end-user’s specific goals.
If a product meets those goals, it exhibits quality.
 The manufacturer’s view defines quality in terms of the original
specification of the product. If the product conforms to the spec, it
exhibits quality.
 The product view suggests that quality can be tied to inherent
characteristics (e.g., functions and features) of a product.
 Finally, the value-based view measures quality based on how much
a customer is willing to pay for a product. In reality, quality
4
encompasses all of these views and more.
Software Quality
 Software quality can be defined as:
 An effective software process applied in a manner that creates a
useful product that provides measurable value for those who
produce it and those who use it.

 By IEEE
 The degree to which a system, component, or process meets
specified requirements.
 The degree to which a system, component or process meets
customer or user needs or expectations.

 By ISTQB
 quality: The degree to which a component, system or process
meets specified requirements and/or user/customer needs and
expectations.
 software quality: The totality of functionality and features of a
software product that bear on its ability to satisfy stated or
implied needs.
5
Software Quality

 In General
 Software quality is the degree of conformance to explicit or
implicit requirements and expectations.
 Explanation:
 Explicit: clearly defined and documented
 Implicit: not clearly defined and documented but indirectly
suggested
 Requirements: business/product/software requirements
 Expectations: mainly end-user expectations

 Note: Some people tend to accept quality as compliance

to only explicit requirements and not implicit requirements. We tend
to think of such people as lazy.
6
Software Quality Dimensions

Software Quality has many dimensions and below are some of them:
 Accessibility: The degree to which software can be used
comfortably by a wide variety of people, including those who
require assistive technologies like screen magnifiers or voice
recognition.
 Compatibility: The suitability of software for use in different
environments like different Operating Systems, Browsers, etc.
 Concurrency: The ability of software to service multiple requests
to the same resources at the same time.
 Efficiency: The ability of software to perform well or achieve a
result without wasted energy, resources, effort, time or money.
 Functionality: The ability of software to carry out the functions as
7
specified or desired.
Software Quality Dimensions

 Installability: The ability of software to be installed in a specified

environment.
 Localizability: The ability of software to be used in different
languages, time zones etc.
 Maintainability: The ease with which software can be modified
(adding features, enhancing features, fixing bugs, etc)
 Performance: The speed at which software performs under a
particular load.
 Portability: The ability of software to be transferred easily from
one location to another.
 Reliability: The ability of software to perform a required function
under stated conditions for stated period of time without any errors.
8
Software Quality Dimensions

 Scalability: The measure of software’s ability to increase or

decrease in performance in response to changes in software’s
processing demands.
 Security: The extent of protection of software against
unauthorized access, invasion of privacy, theft, loss of data, etc.
 Testability: The ability of software to be easily tested.
 Usability: The degree of software’s ease of use.

When someone says “This software is of a very high quality.”, you

might want to ask “In which dimension of quality?”

 In order to ensure software quality, we undertake Software Quality

Assurance and Software Quality Control.
9
Software Quality Attributes

10
Software Quality Assurance

By IEEE
 A planned and systematic pattern of all actions necessary to
provide adequate confidence that an item or product conforms to
established technical requirements.
 A set of activities designed to evaluate the process by which
products are developed or manufactured.
In General
 SQA is a set of activities for ensuring quality in software
engineering processes (that ultimately result in quality in software
products

11
Software Quality Assurance

 SQA includes the following activities:

 Process definition and implementation
 Auditing
 Training
 Various SQA Processes could be:
 Software Development Methodology
 Project Management
 Configuration Management
 Requirements Development/Management
 Estimation
 Software Design
 Testing etc..
12
Software Quality Assurance

 Once the processes have been defined and implemented, Quality

Assurance has the following responsibilities:
 identify weaknesses in the processes
 correct those weaknesses to continually improve the process
 The quality management system under which the software system
is created is normally based on one or more of the following
models/standards:
 CMMI
 Six Sigma
 ISO 9000
Note: There are many other models/standards for quality management
but the ones mentioned above are the most popular.
13
Software Quality Assurance

 Software Quality Assurance encompasses the entire software

development life cycle and the goal is to ensure that the
development and/or maintenance processes are continuously
improved to produce products that meet
specifications/requirements.

 The process of Software Quality Control (SQC) is also governed

by Software Quality Assurance (SQA).

 SQA is generally shortened to just QA.

14
Software Quality Control

 Software Quality Control (SQC) is a set of activities for ensuring

quality in software products.
 It includes the following activities:
 Reviews
 Requirement Review
 Design Review
 Code Review
 Deployment Plan Review
 Test Plan Review
 Test Cases Review

15
Software Quality Control

 Testing
 Unit Testing
 Integration Testing
 System Testing
 Acceptance Testing

 Software Quality Control is limited to the Review/Testing phases of

the Software Development Life Cycle and the goal is to ensure that
the products meet specifications/requirements.
 The process of Software Quality Control (SQC) is governed
by Software Quality Assurance(SQA).
 While SQA is oriented towards prevention, SQC is oriented
16
towards detection.
The Software Quality Dilemma

 If you produce a software system that has terrible quality, you lose
because no one will want to buy it.
 If on the other hand you spend infinite time, extremely large effort,
and huge sums of money to build the absolutely perfect piece of
software, then it's going to take so long to complete and it will be so
expensive to produce that you'll be out of business anyway.
 Either you missed the market window, or you simply exhausted all
your resources.
 So people in industry try to get to that magical middle ground where
the product is good enough not to be rejected right away, such as
during evaluation, but also not the object of so much perfectionism
and so much work that it would take too long or cost too much to 17
 “Good Enough” Software
 Good enough software delivers high quality functions and features that end-
users desire, but at the same time it delivers other more obscure or
specialized functions and features that contain known bugs.
 Arguments against “good enough.”
 It is true that “good enough” may work in some application domains and
for a few major software companies. After all, if a company has a large
marketing budget and can convince enough people to buy version 1.0, it
has succeeded in locking them in.
 If you work for a small company be wary of this philosophy. If you
deliver a “good enough” (buggy) product, you risk permanent damage to
your company’s reputation.
 You may never get a chance to deliver version 2.0 because bad buzz
may cause your sales to plummet and your company to fold.
 If you work in certain application domains (e.g., real time embedded
software, application software that is integrated with hardware can be
negligent and open your company to expensive litigation.

18
Cost of Quality
 Prevention costs include
 quality planning
 formal technical reviews
 test equipment
 Training
 Internal failure costs include
 rework
 repair
 failure mode analysis
 External failure costs are
 complaint resolution
 product return and replacement
 help line support
 warranty work

19
Quality Management

1
Topics covered

 Software quality
 Software standards
 Reviews and inspections
 Software measurement and metrics

2
Software quality management

 Concerned with ensuring that the required level of quality

is achieved in a software product.
 Three principal concerns:
 At the organizational level, quality management is concerned
with establishing a framework of organizational processes and
standards that will lead to high-quality software.
 At the project level, quality management involves the application
of specific quality processes and checking that these planned
processes have been followed.
 At the project level, quality management is also concerned with
establishing a quality plan for a project. The quality plan should
set out the quality goals for the project and define what
processes and standards are to be used.
3
Quality management activities

 Quality management provides an independent check on

the software development process.
 The quality management process checks the project
deliverables to ensure that they are consistent with
organizational standards and goals
 The quality team should be independent from the
development team so that they can take an objective
view of the software. This allows them to report on
software quality without being influenced by software
development issues.

4
Quality management and software development

5
Quality planning

 A quality plan sets out the desired product qualities and

how these are assessed and defines the most significant
quality attributes.
 The quality plan should define the quality assessment
process.
 It should set out which organisational standards should
be applied and, where necessary, define new standards
to be used.

6
Quality plans

 Quality plan structure

 Product introduction;
 Product plans;
 Process descriptions;
 Quality goals;
 Risks and risk management.
 Quality plans should be short, succinct documents
 If they are too long, no-one will read them.

7
Scope of quality management

 Quality management is particularly important for large,

complex systems. The quality documentation is a record
of progress and supports continuity of development as
the development team changes.
 For smaller systems, quality management needs less
documentation and should focus on establishing a
quality culture.

8
Software quality

 Quality, simplistically, means that a product should meet

its specification.
 This is problematical for software systems
 There is a tension between customer quality requirements
(efficiency, reliability, etc.) and developer quality requirements
(maintainability, reusability, etc.);
 Some quality requirements are difficult to specify in an
unambiguous way;
 Software specifications are usually incomplete and often
inconsistent.
 The focus may be ‘fitness for purpose’ rather than
specification conformance.
9
Software fitness for purpose

 Have programming and documentation standards been

followed in the development process?
 Has the software been properly tested?
 Is the software sufficiently dependable to be put into
use?
 Is the performance of the software acceptable for normal
use?
 Is the software usable?
 Is the software well-structured and understandable?

10
Software quality attributes

Safety Understandability Portability

Security Testability Usability
Reliability Adaptability Reusability
Resilience Modularity Efficiency
Robustness Complexity Learnability

11
Quality conflicts

 It is not possible for any system to be optimized for all of

these attributes – for example, improving robustness
may lead to loss of performance.
 The quality plan should therefore define the most
important quality attributes for the software that is being
developed.
 The plan should also include a definition of the quality
assessment process, an agreed way of assessing
whether some quality, such as maintainability or
robustness, is present in the product.

12
Process and product quality

 The quality of a developed product is influenced by the

quality of the production process.
 This is important in software development as some
product quality attributes are hard to assess.
 However, there is a very complex and poorly understood
relationship between software processes and product
quality.
 The application of individual skills and experience is particularly
important in software development;
 External factors such as the novelty of an application or the need
for an accelerated development schedule may impair product
quality.
13
Process-based quality

14
Software standards

 Standards define the required attributes of a product or

process. They play an important role in quality
management.
 Standards may be international, national, organizational
or project standards.
 Product standards define characteristics that all software
components should exhibit e.g. a common programming
style.
 Process standards define how the software process
should be enacted.

15
Importance of standards

 Encapsulation of best practice- avoids repetition of past

mistakes.
 They are a framework for defining what quality means in
a particular setting i.e. that organization’s view of quality.
 They provide continuity - new staff can understand the
organisation by understanding the standards that are
used.

16
Product and process standards

Product standards Process standards

Design review form Design review conduct
Requirements document Submission of new code for
structure system building
Method header format Version release process
Java programming style Project plan approval process
Project plan format Change control process
Change request form Test recording process

17
Problems with standards

 They may not be seen as relevant and up-to-date by

software engineers.
 They often involve too much bureaucratic form filling.
 If they are unsupported by software tools, tedious form
filling work is often involved to maintain the
documentation associated with the standards.

18
Standards development

 Involve practitioners in development. Engineers should

understand the rationale underlying a standard.
 Review standards and their usage regularly.
Standards can quickly become outdated and this
reduces their credibility amongst practitioners.
 Detailed standards should have specialized tool
support. Excessive clerical work is the most
significant complaint against standards.
 Web-based forms are not good enough.

19
ISO 9001 standards framework

 An international set of standards that can be used as a

basis for developing quality management systems.
 ISO 9001, the most general of these standards, applies
to organizations that design, develop and maintain
products, including software.
 The ISO 9001 standard is a framework for developing
software standards.
 It sets out general quality principles, describes quality processes
in general and lays out the organizational standards and
procedures that should be defined. These should be
documented in an organizational quality manual.

20
ISO 9001 core processes

21
ISO 9001 and quality management

22
ISO 9001 certification

 Quality standards and procedures should be

documented in an organisational quality manual.
 An external body may certify that an organisation’s
quality manual conforms to ISO 9000 standards.
 Some customers require suppliers to be ISO 9000
certified although the need for flexibility here is
increasingly recognised.

23
Key points

 Software quality management is concerned with ensuring that

software has a low number of defects and that it reaches the
required standards of maintainability, reliability, portability and
so on.
 SQM includes defining standards for processes and products
and establishing processes to check that these standards
have been followed.
 Software standards are important for quality assurance as
they represent an identification of ‘best practice’.
 Quality management procedures may be documented in an
organizational quality manual, based on the generic model for
a quality manual suggested in the ISO 9001 standard.
24
Quality Management

25
Reviews and inspections

 A group examines part or all of a process or system and

its documentation to find potential problems.
 Software or documents may be 'signed off' at a
review which signifies that progress to the next
development stage has been approved by
management.
 There are different types of review with different
objectives
 Inspections for defect removal (product);
 Reviews for progress assessment (product and process);
 Quality reviews (product and standards).

26
Quality reviews

 A group of people carefully examine part or all

of a software system and its associated
documentation.
 Code, designs, specifications, test plans,
standards, etc. can all be reviewed.
 Software or documents may be 'signed off' at a
review which signifies that progress to the next
development stage has been approved by
management.

27
The software review process

28
Reviews and agile methods

 The review process in agile software development is

usually informal.
 In Scrum, for example, there is a review meeting after each
iteration of the software has been completed (a sprint review),
where quality issues and problems may be discussed.
 In extreme programming, pair programming ensures that
code is constantly being examined and reviewed by
another team member.
 XP relies on individuals taking the initiative to improve
and refactor code. Agile approaches are not usually
standards-driven, so issues of standards compliance are
not usually considered.
29
Program inspections

 These are peer reviews where engineers examine the

source of a system with the aim of discovering
anomalies and defects.
 Inspections do not require execution of a system so may
be used before implementation.
 They may be applied to any representation of the system
(requirements, design,configuration data, test data, etc.).
 They have been shown to be an effective technique for
discovering program errors.

30
Inspection checklists

 Checklist of common errors should be used to

drive the inspection.
 Error checklists are programming language
dependent and reflect the characteristic errors that are
likely to arise in the language.
 In general, the 'weaker' the type checking, the larger the
checklist.
 Examples: Initialisation, Constant naming, loop
termination, array bounds, etc.

31
An inspection checklist (a)

Fault class Inspection check

Data faults  Are all program variables initialized before their values are used?
 Have all constants been named?
 Should the upper bound of arrays be equal to the size of the
array or Size -1?
 If character strings are used, is a delimiter explicitly assigned?
 Is there any possibility of buffer overflow?
Control faults  For each conditional statement, is the condition correct?
 Is each loop certain to terminate?
 Are compound statements correctly bracketed?
 In case statements, are all possible cases accounted for?
 If a break is required after each case in case statements, has it
been included?
Input/output faults  Are all input variables used?
 Are all output variables assigned a value before they are output?
 Can unexpected inputs cause corruption?
32
 An inspection checklist (b)

Fault class Inspection check

Interface faults  Do all function and method calls have the correct number
of parameters?
 Do formal and actual parameter types match?
 Are the parameters in the right order?
 If components access shared memory, do they have the
same model of the shared memory structure?
Storage management  If a linked structure is modified, have all links been
faults correctly reassigned?
 If dynamic storage is used, has space been allocated
correctly?
 Is space explicitly deallocated after it is no longer
required?
Exception management  Have all possible error conditions been taken into
faults account?

33
Agile methods and inspections

 Agile processes rarely use formal inspection or peer

review processes.
 Rather, they rely on team members cooperating to check
each other’s code, and informal guidelines, such as
‘check before check-in’, which suggest that programmers
should check their own code.
 Extreme programming practitioners argue that pair
programming is an effective substitute for inspection as
this is, in effect, a continual inspection process.
 Two people look at every line of code and check it before
it is accepted.
34
Software measurement and metrics

 Software measurement is concerned with deriving a

numeric value for an attribute of a software product or
process.
 This allows for objective comparisons between
techniques and processes.
 Although some companies have introduced
measurement programmes, most organisations still don’t
make systematic use of software measurement.
 There are few established standards in this area.

35
Software metric

 Any type of measurement which relates to a software

system, process or related documentation
 Lines of code in a program, the Fog index, number of person-
days required to develop a component.
 Allow the software and the software process to
be quantified.
 May be used to predict product attributes or to control
the software process.
 Product metrics can be used for general predictions or to
identify anomalous components.

36
Predictor and control measurements

37
Use of measurements

 To assign a value to system quality attributes

 By measuring the characteristics of system components, such as
their cyclomatic complexity, and then aggregating these
measurements, you can assess system quality attributes, such
as maintainability.
 To identify the system components whose quality is sub-
standard
 Measurements can identify individual components with
characteristics that deviate from the norm. For example, you can
measure components to discover those with the highest
complexity. These are most likely to contain bugs because the
complexity makes them harder to understand.

38
Metrics assumptions

 A software property can be measured.

 The relationship exists between what we can
measure and what we want to know. We can only
measure internal attributes but are often more interested
in external software attributes.
 This relationship has been formalised and
validated.
 It may be difficult to relate what can be measured to
desirable external quality attributes.

39
Relationships between internal and external
software

40
Problems with measurement in industry

 It is impossible to quantify the return on investment of

introducing an organizational metrics program.
 There are no standards for software metrics or standardized
processes for measurement and analysis.
 In many companies, software processes are not standardized
and are poorly defined and controlled.
 Most work on software measurement has focused on code-
based metrics and plan-driven development processes.
However, more and more software is now developed by
configuring ERP systems or COTS.
 Introducing measurement adds additional overhead to
processes.
41
Product metrics

 A quality metric should be a predictor of product quality.

 Classes of product metric
 Dynamic metrics which are collected by measurements made of
a program in execution;
 Static metrics which are collected by measurements made of the
system representations;
 Dynamic metrics help assess efficiency and reliability
 Static metrics help assess complexity, understandability and
maintainability.

42
Dynamic and static metrics

 Dynamic metrics are closely related to software quality

attributes
 It is relatively easy to measure the response time of a system
(performance attribute) or the number of failures (reliability
attribute).
 Static metrics have an indirect relationship with quality
attributes
 You need to try and derive a relationship between these metrics
and properties such as complexity, understandability and
maintainability.

43
Static software product metrics

Software metric Description

Fan-in/Fan-out Fan-in is a measure of the number of functions or
methods that call another function or method (say X).
Fan-out is the number of functions that are called by
function X. A high value for fan-in means that X is tightly
coupled to the rest of the design and changes to X will
have extensive knock-on effects. A high value for fan-out
suggests that the overall complexity of X may be high
because of the complexity of the control logic needed to
coordinate the called components.
Length of code This is a measure of the size of a program. Generally, the
larger the size of the code of a component, the more
complex and error-prone that component is likely to be.
Length of code has been shown to be one of the most
reliable metrics for predicting error-proneness in
components.

44
Static software product metrics

Software metric Description

Cyclomatic complexity This is a measure of the control complexity of a program.
This control complexity may be related to program
understandability. I discuss cyclomatic complexity in
Chapter 8.
Length of identifiers This is a measure of the average length of identifiers
(names for variables, classes, methods, etc.) in a
program. The longer the identifiers, the more likely they
are to be meaningful and hence the more
understandable the program.
Depth of conditional This is a measure of the depth of nesting of if-statements
nesting in a program. Deeply nested if-statements are hard to
understand and potentially error-prone.
Fog index This is a measure of the average length of words and
sentences in documents. The higher the value of a
document’s Fog index, the more difficult the document is
to understand.
45
 The CK object-oriented metrics suite

Object-oriented Description
metric
Weighted methods This is the number of methods in each class, weighted by the complexity of each
per class (WMC) method. Therefore, a simple method may have a complexity of 1, and a large
and complex method a much higher value. The larger the value for this metric,
the more complex the object class. Complex objects are more likely to be difficult
to understand. They may not be logically cohesive, so cannot be reused
effectively as superclasses in an inheritance tree.
Depth of This represents the number of discrete levels in the inheritance tree where
inheritance tree subclasses inherit attributes and operations (methods) from superclasses. The
(DIT) deeper the inheritance tree, the more complex the design. Many object classes
may have to be understood to understand the object classes at the leaves of the
tree.
Number of children This is a measure of the number of immediate subclasses in a class. It measures
(NOC) the breadth of a class hierarchy, whereas DIT measures its depth. A high value
for NOC may indicate greater reuse. It may mean that more effort should be
made in validating base classes because of the number of subclasses that
depend on them.

46
The CK object-oriented metrics suite

Object-oriented Description
metric
Coupling between Classes are coupled when methods in one class use methods or instance
object classes variables defined in a different class. CBO is a measure of how much coupling
(CBO) exists. A high value for CBO means that classes are highly dependent, and
therefore it is more likely that changing one class will affect other classes in the
program.
Response for a RFC is a measure of the number of methods that could potentially be executed
class (RFC) in response to a message received by an object of that class. Again, RFC is
related to complexity. The higher the value for RFC, the more complex a class
and hence the more likely it is that it will include errors.
Lack of cohesion in LCOM is calculated by considering pairs of methods in a class. LCOM is the
methods (LCOM) difference between the number of method pairs without shared attributes and the
number of method pairs with shared attributes. The value of this metric has been
widely debated and it exists in several variations. It is not clear if it really adds
any additional, useful information over and above that provided by other metrics.

47
Software component analysis

 System component can be analyzed separately using a

range of metrics.
 The values of these metrics may then compared for
different components and, perhaps, with historical
measurement data collected on previous projects.
 Anomalous measurements, which deviate significantly
from the norm, may imply that there are problems with
the quality of these components.

48
The process of product measurement

49
Measurement surprises

 Reducing the number of faults in a program leads to an

increased number of help desk calls
 The program is now thought of as more reliable and so has a
wider more diverse market. The percentage of users who call the
help desk may have decreased but the total may increase;
 A more reliable system is used in a different way from a system
where users work around the faults. This leads to more help
desk calls.

50
Key points

 Reviews of the software process deliverables involve a

team of people who check that quality standards are
being followed.
 In a program inspection or peer review, a small team
systematically checks the code. They read the code in
detail and look for possible errors and omissions
 Software measurement can be used to gather data
about software and software processes.
 Product quality metrics are particularly useful for
highlighting anomalous components that may have
quality problems.
51