文档详细内容(约18页)
Software quality kqulitysofwarenstheproution of quaitr This book introduces a set of techniques which hold the potential for remarkable improvements in the quality of software products. Before studying these techniques,we must clarify their goals.Software quality is best described as a combination of several factors.This chapter analyzes some of these factors,shows where improvements are most sorely needed,and points to the directions where we shall be looking for solutions in the rest of our journey 1.1 EXTERNAL AND INTERNAL FACTORS We all want our software systems to be fast,reliable,easy to use,readable,modular, structured and so on.But these adjectives describe two different sorts of qualities. On one side,we are considering such qualities as speed or ease of use,whose presence or absence in a software product may be detected by its users.These properties may be called external quality factors. Under"users"we should include not only the people who actually interact with the final products,like an airline agent using a flight reservation system,but also those who purchase the software or contract out its development,like an airline executive in charge of acquiring or commissioning flight reservation systems.So a property such as the ease with which the software may be adapted to changes of specifications-defined later in this discussion as extendibility-falls into the category of external factors even though it may not be of immediate interest to such"end users"as the reservations agent. Other qualities applicable to a software product,such as being modular,or readable, are internal factors,perceptible only to computer professionals who have access to the actual software text. In the end,only external factors matter.If I use a Web browser or live near a computer-controlled nuclear plant,little do I care whether the source program is readable or modular if graphics take ages to load,or if a wrong input blows up the plant.But the key to achieving these extemal factors is in the internal ones:for the users to enjoy the visible qualities,the designers and implementers must have applied internal techniques that will ensure the hidden qualities
1 Software quality Engineering seeks quality; software engineering is the production of quality software. This book introduces a set of techniques which hold the potential for remarkable improvements in the quality of software products. Before studying these techniques, we must clarify their goals. Software quality is best described as a combination of several factors. This chapter analyzes some of these factors, shows where improvements are most sorely needed, and points to the directions where we shall be looking for solutions in the rest of our journey. 1.1 EXTERNAL AND INTERNAL FACTORS We all want our software systems to be fast, reliable, easy to use, readable, modular, structured and so on. But these adjectives describe two different sorts of qualities. On one side, we are considering such qualities as speed or ease of use, whose presence or absence in a software product may be detected by its users. These properties may be called external quality factors. Under “users” we should include not only the people who actually interact with the final products, like an airline agent using a flight reservation system, but also those who purchase the software or contract out its development, like an airline executive in charge of acquiring or commissioning flight reservation systems. So a property such as the ease with which the software may be adapted to changes of specifications — defined later in this discussion as extendibility — falls into the category of external factors even though it may not be of immediate interest to such “end users” as the reservations agent. Other qualities applicable to a software product, such as being modular, or readable, are internal factors, perceptible only to computer professionals who have access to the actual software text. In the end, only external factors matter. If I use a Web browser or live near a computer-controlled nuclear plant, little do I care whether the source program is readable or modular if graphics take ages to load, or if a wrong input blows up the plant. But the key to achieving these external factors is in the internal ones: for the users to enjoy the visible qualities, the designers and implementers must have applied internal techniques that will ensure the hidden qualities
SOFTWARE QUALITY $1.2 The following chapters present of a set of modern techniques for obtaining internal quality.We should not,however,lose track of the global picture;the internal techniques are not an end in themselves,but a means to reach external software qualities.So we must start by looking at extemal factors.The rest of this chapter examines them. 1.2 A REVIEW OF EXTERNAL FACTORS Here are the most important external quality factors,whose pursuit is the central task of object-oriented software construction. Correctness Definition:correctness Correctness is the ability of software products to perform their exact tasks, as defined by their specification. Correctness is the prime quality.If a system does not do what it is supposed to do, everything else about it-whether it is fast,has a nice user interface...-matters little. But this is easier said than done.Even the first step to correctness is already difficult: we must be able to specify the system requirements in a precise form,by itself quite a challenging task. Methods for ensuring correctness will usually be conditional.A serious software system,even a small one by today's standards,touches on so many areas that it would be impossible to guarantee its correctness by dealing with all components and properties on a single level.Instead,a layered approach is necessary,each layer relying on lower ones: Layers in Compiler software development Operating System In the conditional approach to correctness,we only worry about guaranteeing that each layer is correct on the assumption that the lower levels are correct.This is the only realistic technique,as it achieves separation of concerns and lets us concentrate at each stage on a limited set of problems.You cannot usefully check that a program in a high- level language X is correct unless you are able to assume that the compiler on hand implements X correctly.This does not necessarily mean that you trust the compiler blindly, simply that you separate the two components of the problem:compiler correctness,and correctness of your program relative to the language's semantics. In the method described in this book,even more layers intervene:software development will rely on libraries of reusable components,which may be used in many different applications
4 SOFTWARE QUALITY §1.2 The following chapters present of a set of modern techniques for obtaining internal quality. We should not, however, lose track of the global picture; the internal techniques are not an end in themselves, but a means to reach external software qualities. So we must start by looking at external factors. The rest of this chapter examines them. 1.2 A REVIEW OF EXTERNAL FACTORS Here are the most important external quality factors, whose pursuit is the central task of object-oriented software construction. Correctness Correctness is the prime quality. If a system does not do what it is supposed to do, everything else about it — whether it is fast, has a nice user interface… — matters little. But this is easier said than done. Even the first step to correctness is already difficult: we must be able to specify the system requirements in a precise form, by itself quite a challenging task. Methods for ensuring correctness will usually be conditional. A serious software system, even a small one by today’s standards, touches on so many areas that it would be impossible to guarantee its correctness by dealing with all components and properties on a single level. Instead, a layered approach is necessary, each layer relying on lower ones: In the conditional approach to correctness, we only worry about guaranteeing that each layer is correct on the assumption that the lower levels are correct. This is the only realistic technique, as it achieves separation of concerns and lets us concentrate at each stage on a limited set of problems. You cannot usefully check that a program in a highlevel language X is correct unless you are able to assume that the compiler on hand implements X correctly. This does not necessarily mean that you trust the compiler blindly, simply that you separate the two components of the problem: compiler correctness, and correctness of your program relative to the language’s semantics. In the method described in this book, even more layers intervene: software development will rely on libraries of reusable components, which may be used in many different applications. Definition: correctness Correctness is the ability of software products to perform their exact tasks, as defined by their specification. Layers in software development Application system Compiler Operating System Hardware
$1.2 A REVIEW OF EXTERNAL FACTORS 5 Layers in a development process that Application library includes reuse ..More libraries... Base library Kernel library Compiler Operating System The conditional approach will also apply here:we should ensure that the libraries are correct and,separately,that the application is correct assuming the libraries are. Many practitioners,when presented with the issue of software correctness,think about testing and debugging.We can be more ambitious:in later chapters we will explore a number of techniques,in particular typing and assertions,meant to help build software that is correct from the start-rather than debugging it into correctness.Debugging and testing remain indispensable,of course,as a means of double-checking the result. It is possible to go further and take a completely formal approach to software construction.This book falls short of such a goal,as suggested by the somewhat timid terms“check”,“guarantee'”and"“ensure”used above in preference to the word"prove'”. Yet many of the techniques described in later chapters come directly from the work on mathematical techniques for formal program specification and verification,and go a long way towards ensuring the correctness ideal. Robustness Definition:robustness Robustness is the ability of software systems to react appropriately to abnormal conditions. Robustness complements correctness.Correctness addresses the behavior of a system in cases covered by its specification;robustness characterizes what happens outside of that specification. Robustness versus SPECIFICATION correctness Correctness Robustness
§1.2 A REVIEW OF EXTERNAL FACTORS 5 The conditional approach will also apply here: we should ensure that the libraries are correct and, separately, that the application is correct assuming the libraries are. Many practitioners, when presented with the issue of software correctness, think about testing and debugging. We can be more ambitious: in later chapters we will explore a number of techniques, in particular typing and assertions, meant to help build software that is correct from the start — rather than debugging it into correctness. Debugging and testing remain indispensable, of course, as a means of double-checking the result. It is possible to go further and take a completely formal approach to software construction. This book falls short of such a goal, as suggested by the somewhat timid terms “check”, “guarantee” and “ensure” used above in preference to the word “prove”. Yet many of the techniques described in later chapters come directly from the work on mathematical techniques for formal program specification and verification, and go a long way towards ensuring the correctness ideal. Robustness Robustness complements correctness. Correctness addresses the behavior of a system in cases covered by its specification; robustness characterizes what happens outside of that specification. Definition: robustness Robustness is the ability of software systems to react appropriately to abnormal conditions. Application system Application library Operating System … More libraries … Base library Kernel library Hardware Compiler Layers in a development process that includes reuse Robustness versus correctness SPECIFICATION Correctness Robustness
6 SOFTWARE QUALITY $1.2 As reflected by the wording of its definition,robustness is by nature a more fuzzy notion than correctness.Since we are concerned here with cases not covered by the specification,it is not possible to say,as with correctness,that the system should "perform its tasks"in such a case;were these tasks known,the abnormal case would become part of the specification and we would be back in the province of correctness. This definition of "abnormal case"will be useful again when we study exception On exception handling.It implies that the notions of normal and abnormal case are always relative to a handling see certain specification;an abnormal case is simply a case that is not covered by the chapter 12. specification.If you widen the specification,cases that used to be abnormal become normal-even if they correspond to events such as erroneous user input that you would prefer not to happen."Normal"in this sense does not mean "desirable",but simply "planned for in the design of the software".Although it may seem paradoxical at first that erroneous input should be called a normal case,any other approach would have to rely on subjective criteria,and so would be useless. There will always be cases that the specification does not explicitly address.The role of the robustness requirement is to make sure that if such cases do arise,the system does not cause catastrophic events;it should produce appropriate error messages,terminate its execution cleanly,or enter a so-called "graceful degradation"mode. Extendibility Definition:extendibility Extendibility is the ease of adapting software products to changes of specification. Software is supposed to be sofi,and indeed is in principle;nothing can be easier than to change a program if you have access to its source code.Just use your favorite text editor. The problem of extendibility is one of scale.For small programs change is usually not a difficult issue;but as software grows bigger,it becomes harder and harder to adapt. A large software system often looks to its maintainers as a giant house of cards in which pulling out any one element might cause the whole edifice to collapse. We need extendibility because at the basis of all software lies some human phenomenon and hence fickleness.The obvious case of business software("Management Information Systems"),where passage of a law or a company's acquisition may suddenly invalidate the assumptions on which a system rested,is not special;even in scientific computation,where we may expect the laws of physics to stay in place from one month to the next,our way of understanding and modeling physical systems will change Traditional approaches to software engineering did not take enough account of change,relying instead on an ideal view ofthe software lifecycle where an initial analysis stage freezes the requirements,the rest of the process being devoted to designing and building a solution.This is understandable:the first task in the progress of the discipline was to develop sound techniques for stating and solving fixed problems,before we could worry about what to do if the problem changes while someone is busy solving it.But now
6 SOFTWARE QUALITY §1.2 As reflected by the wording of its definition, robustness is by nature a more fuzzy notion than correctness. Since we are concerned here with cases not covered by the specification, it is not possible to say, as with correctness, that the system should “perform its tasks” in such a case; were these tasks known, the abnormal case would become part of the specification and we would be back in the province of correctness. This definition of “abnormal case” will be useful again when we study exception handling. It implies that the notions of normal and abnormal case are always relative to a certain specification; an abnormal case is simply a case that is not covered by the specification. If you widen the specification, cases that used to be abnormal become normal — even if they correspond to events such as erroneous user input that you would prefer not to happen. “Normal” in this sense does not mean “desirable”, but simply “planned for in the design of the software”. Although it may seem paradoxical at first that erroneous input should be called a normal case, any other approach would have to rely on subjective criteria, and so would be useless. There will always be cases that the specification does not explicitly address. The role of the robustness requirement is to make sure that if such cases do arise, the system does not cause catastrophic events; it should produce appropriate error messages, terminate its execution cleanly, or enter a so-called “graceful degradation” mode. Extendibility Software is supposed to be soft, and indeed is in principle; nothing can be easier than to change a program if you have access to its source code. Just use your favorite text editor. The problem of extendibility is one of scale. For small programs change is usually not a difficult issue; but as software grows bigger, it becomes harder and harder to adapt. A large software system often looks to its maintainers as a giant house of cards in which pulling out any one element might cause the whole edifice to collapse. We need extendibility because at the basis of all software lies some human phenomenon and hence fickleness. The obvious case of business software (“Management Information Systems”), where passage of a law or a company’s acquisition may suddenly invalidate the assumptions on which a system rested, is not special; even in scientific computation, where we may expect the laws of physics to stay in place from one month to the next, our way of understanding and modeling physical systems will change. Traditional approaches to software engineering did not take enough account of change, relying instead on an ideal view of the software lifecycle where an initial analysis stage freezes the requirements, the rest of the process being devoted to designing and building a solution. This is understandable: the first task in the progress of the discipline was to develop sound techniques for stating and solving fixed problems, before we could worry about what to do if the problem changes while someone is busy solving it. But now Definition: extendibility Extendibility is the ease of adapting software products to changes of specification. On exception handling see chapter 12
$1.2 A REVIEW OF EXTERNAL FACTORS 7 with the basic software engineering techniques in place it has become essential to recognize and address this central issue.Change is pervasive in software development: change of requirements,of our understanding of the requirements,of algorithms,of data representation,of implementation techniques.Support for change is a basic goal ofobject technology and a running theme through this book. Although many of the techniques that improve extendibility may be introduced on small examples or in introductory courses,their relevance only becomes clear for larger projects.Two principles are essential for improving extendibility: Design simplicity:a simple architecture will always be easier to adapt to changes than a complex one. Decentralization:the more autonomous the modules,the higher the likelihood that a simple change will affect just one module,or a small number of modules,rather than triggering off a chain reaction of changes over the whole system The object-oriented method is,before anything else,a system architecture method which helps designers produce systems whose structure remains both simple (even for large systems)and decentralized.Simplicity and decentralization will be recurring themes in the discussions leading to object-oriented principles in the following chapters. Reusability Definition:reusability Reusability is the ability of software elements to serve for the construction of many different applications. The need for reusability comes from the observation that software systems often follow similar patterns;it should be possible to exploit this commonality and avoid reinventing solutions to problems that have been encountered before.By capturing such a pattern,a reusable software element will be applicable to many different developments. Reusability has an influence on all other aspects of software quality,for solving the reusability problem essentially means that less software must be written,and hence that more effort may be devoted (for the same total cost)to improving the other factors,such as correctness and robustness. Here again is an issue that the traditional view of the software lifecycle had not properly recognized,and for the same historical reason:you must find ways to solve one problem before you worry about applying the solution to other problems.But with the growth of software and its attempts to become a true industry the need for reusability has become a pressing concern. Chapter 4. Reusability will play a central role in the discussions of the following chapters,one of which is in fact devoted entirely to an in-depth examination of this quality factor,its concrete benefits,and the issues it raises
§1.2 A REVIEW OF EXTERNAL FACTORS 7 with the basic software engineering techniques in place it has become essential to recognize and address this central issue. Change is pervasive in software development: change of requirements, of our understanding of the requirements, of algorithms, of data representation, of implementation techniques. Support for change is a basic goal of object technology and a running theme through this book. Although many of the techniques that improve extendibility may be introduced on small examples or in introductory courses, their relevance only becomes clear for larger projects. Two principles are essential for improving extendibility: • Design simplicity: a simple architecture will always be easier to adapt to changes than a complex one. • Decentralization: the more autonomous the modules, the higher the likelihood that a simple change will affect just one module, or a small number of modules, rather than triggering off a chain reaction of changes over the whole system. The object-oriented method is, before anything else, a system architecture method which helps designers produce systems whose structure remains both simple (even for large systems) and decentralized. Simplicity and decentralization will be recurring themes in the discussions leading to object-oriented principles in the following chapters. Reusability The need for reusability comes from the observation that software systems often follow similar patterns; it should be possible to exploit this commonality and avoid reinventing solutions to problems that have been encountered before. By capturing such a pattern, a reusable software element will be applicable to many different developments. Reusability has an influence on all other aspects of software quality, for solving the reusability problem essentially means that less software must be written, and hence that more effort may be devoted (for the same total cost) to improving the other factors, such as correctness and robustness. Here again is an issue that the traditional view of the software lifecycle had not properly recognized, and for the same historical reason: you must find ways to solve one problem before you worry about applying the solution to other problems. But with the growth of software and its attempts to become a true industry the need for reusability has become a pressing concern. Reusability will play a central role in the discussions of the following chapters, one of which is in fact devoted entirely to an in-depth examination of this quality factor, its concrete benefits, and the issues it raises. Definition: reusability Reusability is the ability of software elements to serve for the construction of many different applications. Chapter 4
