0
Requirements engineering for  dependable systems Tutorial Joint Meeting of   DC/Baltimore SIGAda Chapter   DC Chapter of A...
Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature ...
What we will cover <ul><li>The nature of dependability </li></ul><ul><li>The nature and role of requirements </li></ul><ul...
Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature ...
Focus is on  dependability <ul><li>As defined by IFIP WG-10.4 </li></ul><ul><li>&quot;The trustworthiness of a computing s...
Some aspects of  reliance <ul><li>The system does not fail when a service is requested </li></ul><ul><li>Software users, s...
Dependability <ul><li>Characterizing  dependability  has been an important focus for years </li></ul><ul><li>e.g. , NASA’s...
Laprie Dependability Tree Avižienis, Algirdas, Jean-Claude Laprie, and Brian Randell. “Fundamental Concepts of Computer Sy...
Dependability attributes  (page 1 of 2) <ul><li>Availability  – the ability of the system to be ready for operation at any...
Dependability attributes  (page 2 of 2) <ul><li>Confidentiality  – the ability of the system to avoid disclosure of inform...
Information Assurance <ul><li>A newer thrust regarding dependability – IA – expands on the Dependability Tree </li></ul><u...
Acceptability  <ul><li>Overall, key focus is on what the stakeholders want and need </li></ul><ul><li>Defined through the ...
Acceptability Framework
Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature ...
What are  requirements ?  <ul><li>IEEE Std. 610.12-1990, IEEE Standard Glossary of Software Engineering Terminology </li><...
Analysis of definition <ul><li>IEEE definition is broad – term often used carelessly </li></ul><ul><li>Popular use often i...
Could you repeat that? <ul><li>I’m sorry – I must have missed something </li></ul><ul><li>Just because someone says ”I req...
<ul><li>IEEE Std 830-1998 – IEEE Recommended Practice for Software Requirements Specifications:  </li></ul><ul><li>“ A req...
Levels of systems <ul><li>But each such system could be part of a larger system </li></ul><ul><ul><li>Which has its own re...
Context of requirements <ul><li>All requirements are defined in context of a specific component ( e.g. , black box) </li><...
Major categories of requirements <ul><li>Behavioral  - externally visible behaviors of an item (aka  functional specificat...
Types of behavioral requirements   (1 of 3) <ul><li>Functional  - input-output behavior in terms of responses to stimuli <...
Types of behavioral requirements  (2 of 3) <ul><li>Resource utilization   - limitations on computer resources that can be ...
Types of behavioral requirements  (3 of 3) <ul><li>Usability  - how easy it is for an operator/user to make use of the sys...
Characteristics of behavioral requirements <ul><li>Often, behavioral requirements can be directly tested </li></ul><ul><ul...
Quality-of-construction requirements <ul><li>Qualitative attributes of an item </li></ul><ul><ul><li>Deal with how the pro...
Programmatic (contractual) requirements <ul><li>Terms and conditions imposed as a part of a contract exclusive of behavior...
Implementation requirements  (1 of 2) <ul><li>Restrictions placed on developers that limit design space </li></ul><ul><li>...
Implementation requirements   (2 of 2) <ul><li>Important note - an implementation constraint to a system may be a requirem...
Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature ...
Developing requirements <ul><li>Now we now what requirements are </li></ul><ul><li>But where do they come from </li></ul><...
Decision points for requirements definition <ul><li>Each step in progression involves deciding between alternative approac...
SW requirements analysis <ul><li>Requirements allocation to SW components is not the same as defining SW requirements </li...
SW requirements analysis techniques <ul><li>Different techniques/processes are used </li></ul><ul><ul><li>ad hoc, function...
When requirements are defined <ul><li>Often, requirements are not complete until product is complete </li></ul><ul><li>Dur...
Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature ...
Requirements quality factors <ul><li>So, how do I know that my system requirements are good enough? </li></ul><ul><li>IEEE...
Description of quality factors  (page 1 of 2) <ul><li>A requirements specification for a system is  complete  if all exter...
Description of quality factors  (page 2 of 2) <ul><li>A requirements specification is  traceable  if  </li></ul><ul><ul><l...
Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature ...
Common pitfalls <ul><li>Lack of prioritization of requirements </li></ul><ul><li>Over-specified / over-constrained / unbou...
Lack of prioritization of requirements <ul><li>Not all requirements are equal </li></ul><ul><ul><li>Some are more firm tha...
Over-specified / over-constrained / unbounded  <ul><li>Sometimes requirements are too ambitious, too restrictive, or too g...
Volatile and late-defined requirements  (1 of 4) <ul><li>Requirements always change </li></ul><ul><ul><li>Some don’t chang...
Volatile and late-defined requirements  (2 of 4) <ul><li>Depends on attributes of the requirement and its linkage to desig...
Volatile and late-defined requirements  (3 of 4) <ul><li>Important attributes (cont’d) </li></ul><ul><ul><li>If a requirem...
Volatile and late-defined requirements  (4 of 4) <ul><li>The following are recommendations to address requirements volatil...
Unknown “physics”  (1 of 2)   <ul><li>i.e. , the outside world </li></ul><ul><li>Sometimes we don’t know what the behavior...
Unknown “physics”  (2 of 2)   <ul><li>Sometimes, changes are to algorithms </li></ul><ul><li>In such a case, requirements ...
Mixing requirements and design   (1 of 2) <ul><li>Because of complex interrelationships among types of requirements, it is...
Mixing requirements and design  (2 of 2) <ul><li>What might happen... </li></ul><ul><ul><li>Inefficient and ineffective te...
Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature ...
Summary <ul><li>Proper management and control of requirements is essential to the development of dependable systems </li><...
End <ul><li>Any questions?.... </li></ul>Contact information Dr. William Bail [email_address] (202) 781-1945
References and Suggested Readings  (1 of 3) <ul><li>Booch, Grady, James Rumbaugh, Ivar Jacobson.  The Unified Modeling Lan...
References and Suggested Readings  (2 of 3) <ul><li>Kovitz,  Practical Software Requirements - A Manual of Content & Style...
Upcoming SlideShare
Loading in...5
×

Requirement Engineering for Dependable Systems

2,223

Published on

Requirement Engineering for Dependable Systems

Published in: Technology, Education

Transcript of "Requirement Engineering for Dependable Systems"

  1. 1. Requirements engineering for dependable systems Tutorial Joint Meeting of DC/Baltimore SIGAda Chapter DC Chapter of ACM 11 October 2005 Dr. William Bail [email_address] The MITRE Corporation The authors’ affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions or view points expressed by these authors.
  2. 2. Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature of requirements </li></ul><ul><li>Developing requirements </li></ul><ul><li>Quality factors for requirements </li></ul><ul><li>Common pitfalls </li></ul><ul><li>Summary </li></ul>
  3. 3. What we will cover <ul><li>The nature of dependability </li></ul><ul><li>The nature and role of requirements </li></ul><ul><li>The various types of requirements, their role in development, their impact on system success </li></ul><ul><li>Important characteristics of requirements (quality attributes) </li></ul><ul><li>The different ways that requirements need to be handled </li></ul><ul><li>A set of common challenges and strategies for how to manage them </li></ul><ul><li>What we will not cover </li></ul><ul><ul><li>Particular approaches to requirements definition (such as specific tools and techniques) – this is beyond the scope (and time) </li></ul></ul>
  4. 4. Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature of requirements </li></ul><ul><li>Developing requirements </li></ul><ul><li>Quality factors for requirements </li></ul><ul><li>Common pitfalls </li></ul><ul><li>Summary </li></ul>
  5. 5. Focus is on dependability <ul><li>As defined by IFIP WG-10.4 </li></ul><ul><li>&quot;The trustworthiness of a computing system which allows reliance to be justifiably placed on the service it delivers “ http://www.dependability.org/ </li></ul><ul><li>Dependability is partially a concern of the systems’ specification which defines the services to be delivered </li></ul><ul><li>The specification defines (or should define) what aspects of the system need to be dependable (what services ) </li></ul><ul><ul><li>and what dependable means in the context of that specific system </li></ul></ul><ul><li>The nature of reliance must be defined </li></ul><ul><ul><li>Total conformance to spec, or </li></ul></ul><ul><ul><li>Degraded levels allowed, or </li></ul></ul><ul><ul><li>Optional feature, or…. </li></ul></ul>
  6. 6. Some aspects of reliance <ul><li>The system does not fail when a service is requested </li></ul><ul><li>Software users, selfishly so, expect the systems they use to be completely dependable </li></ul><ul><ul><li>But may be unwilling to pay the cost of developing such systems </li></ul></ul><ul><li>In practice, experienced users of specific systems learn the undependable features of the system and work around them </li></ul><ul><li>Sometimes, this is unacceptable </li></ul><ul><li>When developing the requirements for a system, the nature of the reliance must be clearly defined </li></ul><ul><ul><li>What do the users expect? </li></ul></ul><ul><ul><li>What do they need? </li></ul></ul><ul><ul><li>What will they tolerate? </li></ul></ul><ul><ul><li>Where are the risks and dangers? </li></ul></ul>
  7. 7. Dependability <ul><li>Characterizing dependability has been an important focus for years </li></ul><ul><li>e.g. , NASA’s HDCP – High Dependability Computing Project </li></ul><ul><ul><li>http://hdcp.org/ </li></ul></ul><ul><ul><li>HDCP “investigates and evaluates new approaches for improving NASA's ability to create dependable software for mission applications” </li></ul></ul><ul><ul><li>Participants: </li></ul></ul><ul><ul><ul><li>Carnegie Mellon University > University of Washington </li></ul></ul></ul><ul><ul><ul><li>Massachusetts Institute of Technology > NASA Ames Research Center </li></ul></ul></ul><ul><ul><ul><li>University of Maryland > University of Wisconsin-Milwaukee </li></ul></ul></ul><ul><ul><ul><li>University of Southern California </li></ul></ul></ul><ul><li>1970 – IEEE-CS TC on Fault-Tolerant Computing </li></ul><ul><li>1980 – IFIP WG 10.4 - Dependable Computing and Fault Tolerance </li></ul><ul><li>1985 - J.-C. Laprie dependability synthesis </li></ul><ul><li>1989 – IFIP Working Conference on Dependable Computing for Critical Applications </li></ul>
  8. 8. Laprie Dependability Tree Avižienis, Algirdas, Jean-Claude Laprie, and Brian Randell. “Fundamental Concepts of Computer System Dependability”. IARP/IEEE-RAS Workshop on Robot Dependability: Technological Challenge of Dependable Robots on Human Environments . May 21-22, 2001
  9. 9. Dependability attributes (page 1 of 2) <ul><li>Availability – the ability of the system to be ready for operation at any point in time </li></ul><ul><ul><li>Usually defined as the proportion of time that the system is ready for use, to the total time period of interest </li></ul></ul><ul><ul><li>e.g. if the goal is for the system to be available for use for all but 4 seconds per year, then the availability is 0.9999999 over the year. </li></ul></ul><ul><li>Reliability – the ability of the system to operate for a period of time without failure </li></ul><ul><ul><li>Defined as either the failure rate (failures per time period) or as the average operational time between failures (MTBF). A typical reliability requirement would be 100 hours, meaning that the system is required to operate continuously for 100 hours on the average before failing. </li></ul></ul><ul><li>Safety – the ability of the system to avoid actions that result in catastrophic actions that result in human injury, large financial loss, or damage to important assets </li></ul><ul><ul><li>Includes actions that are required as well as actions that must be avoided. </li></ul></ul>
  10. 10. Dependability attributes (page 2 of 2) <ul><li>Confidentiality – the ability of the system to avoid disclosure of information to unauthorized recipients </li></ul><ul><li>Integrity – the ability of the system to avoid being corrupted, including: </li></ul><ul><ul><li>the correctness and consistency of the software code and the data structures that contain the information being processed </li></ul></ul><ul><ul><li>the system’s ability to avoid corruption while it is executing, including protection against unauthorized modification or destruction of the information and the code. </li></ul></ul><ul><li>Maintainability – the ability of the system to be easily repaired, enhanced, or modernized </li></ul>
  11. 11. Information Assurance <ul><li>A newer thrust regarding dependability – IA – expands on the Dependability Tree </li></ul><ul><li>Availability </li></ul><ul><li>Integrity </li></ul><ul><li>Confidentiality </li></ul><ul><li>Authentication – A security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. </li></ul><ul><li>Non-repudiation – An assurance that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data. </li></ul>Department of Defense. Information Assurance - DoD Directive.8500.1. Oct 2002. as previously discussed
  12. 12. Acceptability <ul><li>Overall, key focus is on what the stakeholders want and need </li></ul><ul><li>Defined through the requirements </li></ul><ul><li>Generally willing to make tradeoffs among various system attributes </li></ul><ul><ul><li>Higher cost in exchange for more functionality </li></ul></ul><ul><ul><li>Late delivery just to get the system operational while it is still useful </li></ul></ul><ul><li>Tradeoffs can be expressed in an Acceptability Framework </li></ul><ul><ul><li>A classification of requirements and system attributes organized to permit making trade-offs to determine whether system is acceptable for use </li></ul></ul>
  13. 13. Acceptability Framework
  14. 14. Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature of requirements </li></ul><ul><li>Developing requirements </li></ul><ul><li>Quality factors for requirements </li></ul><ul><li>Common pitfalls </li></ul><ul><li>Summary </li></ul>
  15. 15. What are requirements ? <ul><li>IEEE Std. 610.12-1990, IEEE Standard Glossary of Software Engineering Terminology </li></ul><ul><ul><li>Requirement: </li></ul></ul><ul><ul><li>(1) A condition or capability needed by a user to solve a problem or achieve an objective. </li></ul></ul><ul><ul><li>(2) A condition or capability that must be met or possessed by a system or system component to satisfy a contract, standard, specification, or other formally imposed documents. </li></ul></ul><ul><ul><li>(3) A documented representation of a condition or capability as in (1) or (2). </li></ul></ul><ul><ul><li>See also: design requirement; functional requirement; implementation requirement; interface requirement; performance requirement; physical requirement. </li></ul></ul>
  16. 16. Analysis of definition <ul><li>IEEE definition is broad – term often used carelessly </li></ul><ul><li>Popular use often ignores this definition </li></ul><ul><ul><li>Anything that is “required” </li></ul></ul><ul><ul><li>Ranges from hopes to dreams to budgets to schedules... </li></ul></ul><ul><ul><li>“ This schedule is required”…”This budget is required”…“These software (SW) components must be used”…”These algorithms must be used”… </li></ul></ul><ul><li>Different types of requirements need to be handled differently </li></ul><ul><ul><li>because they affect system/SW development in different ways </li></ul></ul><ul><li>This section of the tutorial focuses on differentiating different types of requirements </li></ul><ul><ul><li>and on recommending how to handle them appropriately </li></ul></ul><ul><li>Remember that all types of requirements are important in some way </li></ul>Just because something is a requirement, does not mean that it is a requirement Huh?
  17. 17. Could you repeat that? <ul><li>I’m sorry – I must have missed something </li></ul><ul><li>Just because someone says ”I require xxx” does not mean that this is a software requirement </li></ul><ul><ul><li>That is, it might not be a behavioral specification </li></ul></ul><ul><li>“ I require this product to be developed within 6 months” </li></ul><ul><ul><li>A constraint on development period but says nothing directly about product behavior </li></ul></ul><ul><ul><li>Important, but plays different role </li></ul></ul><ul><li>Our focus is on keeping different types of requirements separate </li></ul><ul><ul><li>and managed appropriately </li></ul></ul>Just because something is a requirement, does not mean that it is a requirement “ You get what you spec, not what you expect”
  18. 18. <ul><li>IEEE Std 830-1998 – IEEE Recommended Practice for Software Requirements Specifications: </li></ul><ul><li>“ A requirement specifies an externally visible function or attribute of a system ” </li></ul><ul><ul><li>We can see inputs and the outputs, but not what happens inside </li></ul></ul><ul><li>For any product (SW, HW, total system), the behavioral requirements for that product specify its externally visible behavior </li></ul><ul><ul><li>as seen by other systems outside </li></ul></ul>IEEE Std 830-1998 System
  19. 19. Levels of systems <ul><li>But each such system could be part of a larger system </li></ul><ul><ul><li>Which has its own requirements (externally visible behavior) </li></ul></ul>System
  20. 20. Context of requirements <ul><li>All requirements are defined in context of a specific component ( e.g. , black box) </li></ul><ul><ul><li>Which may consist of additional constituent components ( e.g. , subsystem, modules,...) </li></ul></ul><ul><ul><li>Hence there are multiple levels of requirements based on level of component </li></ul></ul><ul><ul><ul><li>System level, subsystem level, software configuration item (SCI) level, component level, software unit level,... </li></ul></ul></ul><ul><li>Component design (its architecture) consists of: </li></ul><ul><ul><li>The requirements for behavior of each constituent component </li></ul></ul><ul><ul><li>The interrelationships between the components </li></ul></ul><ul><li>Interaction of components produces the behavior of parent component </li></ul>Component A Requirements Output Input
  21. 21. Major categories of requirements <ul><li>Behavioral - externally visible behaviors of an item (aka functional specifications, functional requirements ) </li></ul><ul><li>Quality-of-construction - qualitative attributes of an item, such as maintainability and portability </li></ul><ul><ul><li>Often not directly observable </li></ul></ul><ul><ul><li>Usually deal with how product can be handled </li></ul></ul><ul><li>Programmatic - terms and conditions imposed as a part of a contract exclusive of behavioral requirements (e.g., costs, schedules, organizational structures) aka contractual </li></ul><ul><ul><li>Addresses development of product </li></ul></ul><ul><li>Implementation - aka implementation constraints, design constraints – restrictions placed on developers that limit design space </li></ul><ul><ul><li>e.g. , Use of specific software components (DII COE) </li></ul></ul><ul><ul><li>e.g. , Imposition of specific algorithms </li></ul></ul><ul><ul><li>e.g. , Customer-mandated architectures (e.g., Joint Technical Architecture (JTA)) </li></ul></ul>
  22. 22. Types of behavioral requirements (1 of 3) <ul><li>Functional - input-output behavior in terms of responses to stimuli </li></ul><ul><ul><li>Output = fn (input), e.g. , x    x 2 </li></ul></ul><ul><li>Interface - characteristics of component’s interfaces </li></ul><ul><ul><li>e.g. , interfaces with other components ( peer-to-peer ) </li></ul></ul><ul><ul><li>e.g. , appearance of operator screens ( user ) </li></ul></ul><ul><ul><li>e.g ., computing infrastructure attributes / APIs ( infrastructure ) </li></ul></ul><ul><li>Temporal - speed, latency, and throughput of functional behaviors </li></ul><ul><ul><li>e.g. , display refreshed screen every 0.5 sec, e.g., x    x 2 in 0.5 sec </li></ul></ul><ul><ul><li>e.g., transmit filtered data within 2 sec of receiving unfiltered data </li></ul></ul><ul><ul><li>e.g. , process 10,000 database requests per hour </li></ul></ul><ul><li>Capacity - amount of information that can be handled </li></ul><ul><ul><li>e.g. , 25 simultaneous users </li></ul></ul><ul><ul><li>e.g. , 20,000 employee records </li></ul></ul>
  23. 23. Types of behavioral requirements (2 of 3) <ul><li>Resource utilization - limitations on computer resources that can be used </li></ul><ul><ul><li>Memory and processor usage </li></ul></ul><ul><ul><li>e.g., limit of 5 gb disk memory for scratch storage </li></ul></ul><ul><ul><li>e.g., limit of 20% of total processor cycles (loading) </li></ul></ul><ul><li>Trustworthiness - degree of confidence in product’s delivery of functions </li></ul><ul><ul><li>Reliability - MTTF = 30 hrs </li></ul></ul><ul><ul><li>Availability – 99% over 30 days </li></ul></ul><ul><ul><li>Safety – e.g. , actions to avoid </li></ul></ul><ul><ul><li>Confidentiality – “ the system shall not allow access to system features unless operator first enters correct ID and password. ” </li></ul></ul><ul><ul><li>Integrity (partial) – “ the system shall not be vulnerable to spyware ” </li></ul></ul>
  24. 24. Types of behavioral requirements (3 of 3) <ul><li>Usability - how easy it is for an operator/user to make use of the system </li></ul><ul><ul><li>For system-to-system interfaces – deals with the complexity of the interfaces, their ease of implementation, and their efficiency of operation </li></ul></ul><ul><ul><ul><li>“ Use of system resources by other systems shall be facilitated by minimum messaging and handshaking ” </li></ul></ul></ul><ul><ul><li>For human operators – deals with the complexity of the interfaces relative to the how operators can operate with them, the ease of learning, and the efficiencies with which operators can exploit the system services </li></ul></ul><ul><ul><ul><li>“ Operators shall be able to use system services with minimum number of actions. ” </li></ul></ul></ul>
  25. 25. Characteristics of behavioral requirements <ul><li>Often, behavioral requirements can be directly tested </li></ul><ul><ul><li>Functional, interface, temporal, capacity </li></ul></ul><ul><ul><li>Apply input, observe input, compare with oracle </li></ul></ul><ul><li>For some requirements, analysis of test results required </li></ul><ul><ul><li>“ Every 10 minutes the average of the room temperatures over the previous 10 minutes will be displayed” </li></ul></ul><ul><li>For others, direct testing might not be feasible (or possible) </li></ul><ul><ul><li>“ System will have 0.9999999 availability (down 4 sec/year)” </li></ul></ul><ul><ul><li>“ System shall run for 100 years without failure” </li></ul></ul><ul><li>or be practical </li></ul><ul><ul><li>“ System shall be able to handle 1000 users simultaneously” </li></ul></ul><ul><li>Some are qualitative – cannot be tested directly </li></ul><ul><ul><li>Trustworthiness and usability </li></ul></ul>
  26. 26. Quality-of-construction requirements <ul><li>Qualitative attributes of an item </li></ul><ul><ul><li>Deal with how the product can be handled </li></ul></ul><ul><ul><li>Not usually directly measurable or observable </li></ul></ul><ul><ul><li>We have measures that can give us insight into these qualities </li></ul></ul><ul><ul><ul><li>to help us to infer level of quality </li></ul></ul></ul><ul><ul><ul><li>Based on related quantitative attributes of systems </li></ul></ul></ul><ul><ul><li>Evaluation of these requirements tend to be based on subjective and heuristic criteria. </li></ul></ul><ul><li>Examples: </li></ul><ul><ul><li>Portability – ease with which component can be ported from one platform to another </li></ul></ul><ul><ul><li>Maintainability – ease with which product can be fixed when defects are discovered </li></ul></ul><ul><ul><li>Extensibility – ease with which product can be enhanced with new functionality </li></ul></ul><ul><ul><li>Integrity (shared with behavioral) – resistance to unauthorized change </li></ul></ul>
  27. 27. Programmatic (contractual) requirements <ul><li>Terms and conditions imposed as a part of a contract exclusive of behavioral requirements </li></ul><ul><li>Address development aspects of product </li></ul><ul><li>Examples </li></ul><ul><ul><li>Costs </li></ul></ul><ul><ul><li>Schedules </li></ul></ul><ul><ul><li>Organizational structures </li></ul></ul><ul><ul><li>Key people </li></ul></ul><ul><ul><li>Locations </li></ul></ul><ul><li>While these are required characteristics of development effort, they are not characteristics of the product </li></ul><ul><li>Such requirements may directly affect ability to achieve desired levels of dependability </li></ul><ul><ul><li>e.g., not enough money or time </li></ul></ul>
  28. 28. Implementation requirements (1 of 2) <ul><li>Restrictions placed on developers that limit design space </li></ul><ul><li>Two important types: </li></ul><ul><ul><li>Product design and implementation constraints – restrictions on design styles and coding </li></ul></ul><ul><ul><li>Process and development approach constraints – restrictions on processes and techniques </li></ul></ul><ul><li>Examples </li></ul><ul><ul><li>Use of specific software components (can also be viewed as interface requirements depending on context) </li></ul></ul><ul><ul><li>Imposition of specific algorithms </li></ul></ul><ul><ul><ul><li>But sometimes algorithms can be used to define functionality </li></ul></ul></ul><ul><ul><li>Required use of specific designs </li></ul></ul><ul><ul><li>Imposition of specific coding styles </li></ul></ul><ul><ul><li>Requirement to use specific fault tolerance mechanisms </li></ul></ul><ul><ul><li>Requirement to employ an object-oriented development approach </li></ul></ul>
  29. 29. Implementation requirements (2 of 2) <ul><li>Important note - an implementation constraint to a system may be a requirement to a SW component within that system </li></ul><ul><ul><li>Paul Simon: “One man’s ceiling is another man’s floor.” </li></ul></ul><ul><li>Implementation constraints are (in one sense) independent of the required system behavior </li></ul><ul><li>Generally, there are many different ways that a specific set of requirements could be implemented </li></ul><ul><li>Implementation constraints narrow this design freedom </li></ul><ul><ul><li>Reduce the degrees of freedom available to the developers </li></ul></ul><ul><li>Sometimes, for dependable systems, constraints are essential </li></ul><ul><ul><li>Constrain design to certain patterns known for enhancing dependability ( e.g. , fault tolerance, exception handling) </li></ul></ul><ul><ul><li>Enforce use of certain algorithms which have been verified to provide effective solutions </li></ul></ul>
  30. 30. Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature of requirements </li></ul><ul><li>Developing requirements </li></ul><ul><li>Quality factors for requirements </li></ul><ul><li>Common pitfalls </li></ul><ul><li>Summary </li></ul>
  31. 31. Developing requirements <ul><li>Now we now what requirements are </li></ul><ul><li>But where do they come from </li></ul><ul><ul><li>and how do we define them? </li></ul></ul><ul><li>Requirements grow out of user needs </li></ul><ul><li>These needs are analyzed, and approaches to satisfying them are defined </li></ul><ul><li>Approaches are refined into specific requirements for a system that will provide needed services </li></ul><ul><li>Note that a system can consist of </li></ul><ul><ul><li>Software – that is our job </li></ul></ul><ul><ul><li>Hardware – we have yet to figure out how to get rid of it </li></ul></ul><ul><ul><li>People – the hardest piece to the puzzle – they are soooo unpredictable </li></ul></ul>
  32. 32. Decision points for requirements definition <ul><li>Each step in progression involves deciding between alternative approaches </li></ul>Decision Process SW Reqs SW Reqs SW Reqs SW Reqs System Dsn System design Software design Decision Process Capabilities Set A Capabilities Set C System Reqs System Reqs System Reqs System Reqs System Dsn System Dsn Decision Process System Concept Set A Decision Process Capabilities Set B System Concept Set C Decision Process Mission Needs System Concept Set B
  33. 33. SW requirements analysis <ul><li>Requirements allocation to SW components is not the same as defining SW requirements </li></ul><ul><li>Once requirements allocated to components, SW requirements analysis (SRA) needed to: </li></ul><ul><ul><li>Derive SW requirements </li></ul></ul><ul><ul><li>Place into form suitable for implementation </li></ul></ul><ul><li>Involves trade-off analyses </li></ul>Draft SRSs “ Final” SRSs Final SCIs SW Reqs Anl SW Dsn SW Impl SW Test Software Engineering Systems Engineering Sys Reqs Anl Sys Dsn Skipping SRA is very risky
  34. 34. SW requirements analysis techniques <ul><li>Different techniques/processes are used </li></ul><ul><ul><li>ad hoc, functional, object-oriented, formal </li></ul></ul><ul><li>New processes arrive every day </li></ul><ul><ul><li>Agile Unified Process, Extreme Programming, Cleanroom Software Engineering </li></ul></ul><ul><li>Many tools exist </li></ul><ul><ul><li>DOORS, Analyst Pro, Rational Rose, … </li></ul></ul><ul><li>Many notations exist with which requirements may be expressed </li></ul><ul><ul><li>UML, Z, State charts, English, Latin, … </li></ul></ul><ul><li>Whatever technique is used, goal is to develop a set of well-defined requirements that clearly describe what the system is to do </li></ul><ul><ul><li>or the component, or the unit,… </li></ul></ul><ul><li>All should produce the same result – a description of behavior of the system </li></ul><ul><li>Important to select technique to be appropriate to system </li></ul>
  35. 35. When requirements are defined <ul><li>Often, requirements are not complete until product is complete </li></ul><ul><li>During systems definition phase </li></ul><ul><ul><li>Usually at a general level </li></ul></ul><ul><li>During system design phase </li></ul><ul><ul><li>Detail added, capabilities become functions </li></ul></ul><ul><li>During SW requirements analysis </li></ul><ul><ul><li>More detail added, more specific behaviors and formats </li></ul></ul><ul><li>During SW design/implementation </li></ul><ul><ul><li>Refinement / clarification / more detail </li></ul></ul><ul><ul><ul><li>e.g., GUI details often deferred until later </li></ul></ul></ul><ul><ul><li>Changes / adaptations </li></ul></ul><ul><ul><li>Additions (e.g., evolutionary development) </li></ul></ul>
  36. 36. Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature of requirements </li></ul><ul><li>Developing requirements </li></ul><ul><li>Quality factors for requirements </li></ul><ul><li>Common pitfalls </li></ul><ul><li>Summary </li></ul>
  37. 37. Requirements quality factors <ul><li>So, how do I know that my system requirements are good enough? </li></ul><ul><li>IEEE Std 830-1993 ( IEEE Recommended Practice for Software Requirements Specifications) provides a set of quality factors for requirements specifications for systems </li></ul><ul><li>Contains nine criteria against which a requirements set can be assessed </li></ul><ul><li>Absence of these qualities is strongly correlated to subsequent problems in software development, i.e. , ignore at your own risk </li></ul><ul><li>These factors are particularly crucial for developing dependable systems: </li></ul><ul><ul><li>Complete </li></ul></ul><ul><ul><li>Unambiguous </li></ul></ul><ul><ul><li>Correct </li></ul></ul><ul><ul><li>Consistent </li></ul></ul><ul><ul><li>Verifiable </li></ul></ul><ul><ul><li>Modifiable </li></ul></ul><ul><ul><li>Traceable </li></ul></ul><ul><ul><li>Ranked for importance </li></ul></ul><ul><ul><li>Ranked for stability </li></ul></ul>
  38. 38. Description of quality factors (page 1 of 2) <ul><li>A requirements specification for a system is complete if all external behaviors are defined </li></ul><ul><li>A requirement is unambiguous if it has one and only one interpretation </li></ul><ul><li>A requirements specification is correct if every requirement stated in the specification is one that the software shall meet </li></ul><ul><li>A requirements specification is consistent if </li></ul><ul><ul><li>It agrees with its baseline, foundation specification ( e.g. , system specification) </li></ul></ul><ul><ul><li>No subset of requirements within the specification conflict with each other </li></ul></ul><ul><li>A requirements specification is verifiable if every requirement contained in the specification can be verified </li></ul><ul><li>A requirements specification is modifiable if changes can be made to the requirements without major disruption of the structure of the specification </li></ul>
  39. 39. Description of quality factors (page 2 of 2) <ul><li>A requirements specification is traceable if </li></ul><ul><ul><li>the origin of each requirement is clear, and </li></ul></ul><ul><ul><li>the structure of the specification facilitates the referencing each requirement within lower-level documentation </li></ul></ul><ul><li>A requirement is ranked for importance if it is assigned a rating of its criticality to the system, based on negative impact should requirement not be implemented or fail during execution </li></ul><ul><li>A requirement is ranked for stability if its likelihood to change is identified, based on changing expectations or level of uncertainty in its description </li></ul>
  40. 40. Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature of requirements </li></ul><ul><li>Developing requirements </li></ul><ul><li>Quality factors for requirements </li></ul><ul><li>Common pitfalls </li></ul><ul><li>Summary </li></ul>
  41. 41. Common pitfalls <ul><li>Lack of prioritization of requirements </li></ul><ul><li>Over-specified / over-constrained / unbounded </li></ul><ul><li>Volatile and late-defined requirements </li></ul><ul><li>Unknown “physics” </li></ul><ul><li>Mixing requirements and design </li></ul>
  42. 42. Lack of prioritization of requirements <ul><li>Not all requirements are equal </li></ul><ul><ul><li>Some are more firm than others </li></ul></ul><ul><ul><li>Some are more important than others </li></ul></ul><ul><ul><li>Others may be guesses and have flexibility about final behavior </li></ul></ul><ul><li>Need to provide info to developers about where </li></ul><ul><ul><li>Requirements may change </li></ul></ul><ul><ul><li>Less firm requirements exist </li></ul></ul><ul><ul><li>Areas of flexibility </li></ul></ul><ul><ul><li>Areas of firmness </li></ul></ul><ul><li>Recommendations </li></ul><ul><ul><li>Define rigidity of requirements and ranges of acceptance </li></ul></ul><ul><ul><ul><li>Thresholds and objectives </li></ul></ul></ul><ul><ul><ul><li>“ Must haves” versus “wanna haves” versus “wouldn’t it be nice” </li></ul></ul></ul>
  43. 43. Over-specified / over-constrained / unbounded <ul><li>Sometimes requirements are too ambitious, too restrictive, or too general </li></ul><ul><li>Too ambitious – results in gold-plating </li></ul><ul><ul><li>Unneeded capabilities created, unattainable functions defined </li></ul></ul><ul><li>Too restrictive – results in narrow, point solutions </li></ul><ul><ul><li>System rapidly becomes outdated when mission changes </li></ul></ul><ul><li>Too general – results in inefficient system that does everything but not well </li></ul><ul><li>Result is wasted resources </li></ul><ul><li>Recommendations (these are very general but important) </li></ul><ul><ul><li>Focus on prioritization of requirements </li></ul></ul><ul><ul><li>Ensure what is needed is emphasized </li></ul></ul><ul><ul><li>Build system in a series of increments </li></ul></ul><ul><ul><ul><li>With most critical functions completed early </li></ul></ul></ul>
  44. 44. Volatile and late-defined requirements (1 of 4) <ul><li>Requirements always change </li></ul><ul><ul><li>Some don’t change, but are defined late </li></ul></ul><ul><li>Not necessarily bad but careful management necessary to avoid </li></ul><ul><ul><li>expensive rework (and cost and schedule impact) </li></ul></ul><ul><ul><li>compromises to functionality </li></ul></ul><ul><li>Crucial to associate levels of risk to levels of change </li></ul><ul><ul><li>Some changes are low-risk </li></ul></ul><ul><ul><li>Other may be high risk </li></ul></ul><ul><ul><li>Related to amount of rework require </li></ul></ul><ul><li>Developers better able to design defensively if they know </li></ul><ul><ul><li>Which requirements are likely to change </li></ul></ul><ul><ul><li>Degree of change that could be expected </li></ul></ul>
  45. 45. Volatile and late-defined requirements (2 of 4) <ul><li>Depends on attributes of the requirement and its linkage to design </li></ul><ul><ul><li>Some can be defined early or late </li></ul></ul><ul><ul><li>Some must be defined early </li></ul></ul><ul><ul><li>Some should be defined later </li></ul></ul><ul><li>Important attributes (i.e., how to decide…) </li></ul><ul><ul><li>If level of understanding of desired behavior is low (exact behaviors not well understood or unknown) – delay in definition may reduce risk </li></ul></ul><ul><ul><ul><li>If defined and frozen early, later changes may impact design and cause rework </li></ul></ul></ul><ul><ul><li>If high likelihood that requirement will change – delay in definition may reduce risk </li></ul></ul><ul><ul><ul><li>Avoids rework due to late changes </li></ul></ul></ul>
  46. 46. Volatile and late-defined requirements (3 of 4) <ul><li>Important attributes (cont’d) </li></ul><ul><ul><li>If a requirement has high or complex external component dependencies – early resolution may reduce risk </li></ul></ul><ul><ul><ul><li>Late changes likely to affect external systems/components </li></ul></ul></ul><ul><ul><li>If a requirement has strong internal design dependencies – early resolution may reduce risk </li></ul></ul><ul><ul><ul><li>Late changes may force extensive rework due to design dependencies </li></ul></ul></ul>Level of understanding of desired behavior Likelihood that requirement will change External component dependencies Internal design dependencies Early definition low high high low complex simple weak strong Late definition
  47. 47. Volatile and late-defined requirements (4 of 4) <ul><li>The following are recommendations to address requirements volatility: </li></ul><ul><ul><li>Define requirements with priorities and likelihood to change </li></ul></ul><ul><ul><ul><li>Allows designers to insulate themselves from unexpected change </li></ul></ul></ul><ul><ul><li>Ensure design accommodates expected changes </li></ul></ul><ul><ul><li>Where possible, allow run-time reconfiguration to allow changing behavior without changing requirements </li></ul></ul><ul><ul><ul><li>e.g. , screen color options </li></ul></ul></ul><ul><ul><li>Correlate with assessment of late definitions </li></ul></ul><ul><ul><li>Assess dependencies between requirements and design </li></ul></ul><ul><ul><ul><li>Some requirements deeply affect design globally </li></ul></ul></ul><ul><ul><ul><li>Others have limited design impact (GUI formats) </li></ul></ul></ul><ul><ul><li>Ensure requirements dependencies are well understood </li></ul></ul><ul><ul><li>Define and monitor requirements stability with metrics </li></ul></ul><ul><ul><ul><li>Track immature requirements, undefined requirements, and changing requirements </li></ul></ul></ul>
  48. 48. Unknown “physics” (1 of 2) <ul><li>i.e. , the outside world </li></ul><ul><li>Sometimes we don’t know what the behavior of the software should be </li></ul><ul><ul><li>Because of our lack of knowledge of real world </li></ul></ul><ul><ul><li>Typical for embedded systems </li></ul></ul><ul><li>Results in changing or late-defined requirements </li></ul><ul><ul><li>Also may need to change internals of systems (algorithms, design structures) </li></ul></ul><ul><li>Sometimes need to use the software system to explore its operational environment </li></ul><ul><ul><li>and determine its correct behavior </li></ul></ul><ul><ul><li>and update SW based on discoveries </li></ul></ul><ul><li>Frequently, discoveries are at fine grain level </li></ul><ul><ul><li>Adjustments to constants </li></ul></ul>
  49. 49. Unknown “physics” (2 of 2) <ul><li>Sometimes, changes are to algorithms </li></ul><ul><li>In such a case, requirements statements must explicitly recognize situation </li></ul><ul><ul><li>Design (and process) must allow for experimentation / exploration </li></ul></ul><ul><ul><li>Product is also a prototype used for requirements elicitation </li></ul></ul><ul><li>Mitigation strategies include: </li></ul><ul><ul><li>Use of executable models and prototypes </li></ul></ul><ul><ul><li>Use of simulations to depict external environment </li></ul></ul><ul><ul><li>Use of data logging functions to collect relevant data </li></ul></ul><ul><ul><li>Iterative development of system, and use of iterations to probe and explore the environment </li></ul></ul>
  50. 50. Mixing requirements and design (1 of 2) <ul><li>Because of complex interrelationships among types of requirements, it is crucial to identify them and keep them separate </li></ul><ul><li>Why? </li></ul><ul><li>Behavioral specs deal with external entities (mutual dependencies) </li></ul><ul><ul><li>Other systems </li></ul></ul><ul><ul><li>Hardware </li></ul></ul><ul><ul><li>People </li></ul></ul><ul><li>Changing them affects external entities </li></ul><ul><ul><li>Not always possible to make changes </li></ul></ul><ul><ul><li>May involve negotiation </li></ul></ul><ul><li>Implementation requirements deal with internal design </li></ul><ul><ul><li>No direct external dependencies </li></ul></ul><ul><li>Typical implementation constraints </li></ul><ul><ul><li>Algorithms </li></ul></ul><ul><ul><li>Flow charts </li></ul></ul>
  51. 51. Mixing requirements and design (2 of 2) <ul><li>What might happen... </li></ul><ul><ul><li>Inefficient and ineffective testing </li></ul></ul><ul><ul><ul><li>Software testing is based on SRS </li></ul></ul></ul><ul><ul><ul><li>If SRS contains design as well as behavior, either </li></ul></ul></ul><ul><ul><ul><ul><li>Testers must separate design from behavior before testing, or </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Testers must test for design as well as behavior, requiring breaking into internals of SW </li></ul></ul></ul></ul><ul><ul><li>Inefficient processing </li></ul></ul><ul><ul><ul><li>If algorithm is specified as part of SRS, designers might not have flexibility to optimize </li></ul></ul></ul><ul><ul><li>Excessive CM effort – design changes require CM authority at SRS level </li></ul></ul><ul><li>Recommendations: </li></ul><ul><ul><li>Place all design information (including. algorithms) into separate volume </li></ul></ul><ul><ul><ul><li>e.g., Algorithm Design Document (ADD) </li></ul></ul></ul><ul><ul><li>Ensure all requirements are externally visible and can be tested without examining design/construction </li></ul></ul>
  52. 52. Agenda <ul><li>Introduction to tutorial content </li></ul><ul><li>Dependability and requirements </li></ul><ul><li>Nature of requirements </li></ul><ul><li>Developing requirements </li></ul><ul><li>Quality factors for requirements </li></ul><ul><li>Common pitfalls </li></ul><ul><li>Summary </li></ul>
  53. 53. Summary <ul><li>Proper management and control of requirements is essential to the development of dependable systems </li></ul><ul><li>requirements form the foundation of all systems, and are especially crucial for systems that must be dependable </li></ul><ul><li>Attention must be placed on capturing the areas of required dependability in the specification </li></ul><ul><li>There are many requirement-based techniques that can be applied to mitigate risks and enhance dependability of system </li></ul>
  54. 54. End <ul><li>Any questions?.... </li></ul>Contact information Dr. William Bail [email_address] (202) 781-1945
  55. 55. References and Suggested Readings (1 of 3) <ul><li>Booch, Grady, James Rumbaugh, Ivar Jacobson. The Unified Modeling Language User Guide. Addison-Wesley. 1999 </li></ul><ul><li>Capability Maturity Model ® Integration (CMMI SM ), Version 1.1. Software Engineering Institute. December 2001 </li></ul><ul><li>Davis, Alan M. Software Requirements - Objects, Functions, & States . Prentice Hall. 1993 </li></ul><ul><li>IEEE Standard for Software Verification and Validation Plans. IEEE Standard 012-1986, IEEE Computer Society. 1968 </li></ul><ul><li>IEEE Recommended Practices for Software Requirements Specifications. IEEE Std 830-1998, IEEE Computer Society. October 20, 1998 </li></ul><ul><li>Institute of Electrical and Electronics Engineers. Glossary of Software Engineering Terminology. IEEE Std. 610.12-1990. </li></ul>
  56. 56. References and Suggested Readings (2 of 3) <ul><li>Kovitz, Practical Software Requirements - A Manual of Content & Style . Manning Publications. 1999. </li></ul><ul><li>Military Standard Specification Practices. MIL-STD-490A, Department of Defense, USA. June 4, 1985 </li></ul><ul><li>Prowell, Stacy J., Carmen J. Trammell, Richard C. Linger, Jesse H. Poore. Cleanroom Software Engineering - Technology and Process. The SEI Series in Software Engineering. 1999. </li></ul><ul><li>Risky Requirements. CrossTalk, The Journal of Defense Software Engineering. April 2002 </li></ul><ul><li>Rosenberg, Doug. Use Case Driven Object Modeling with UML - A Practical Approach. Addison-Wesley. 1999 </li></ul><ul><li>Dr. Young, Ralph, Effective Requirements Practices, Addison-Wesley, 2001. </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×