Dr. Michael Eichberg Software Engineering Department of Computer Science Technische Universität Darmstadt Software Engineering

Software Quality Software Quality

• Software Quality Factors B. Meyer; Object-oriented software construction; Prentice Hall, 1997 We distinguish between internal and external software quality factors. Software Quality | 3

• The internal quality factors can only be perceived by computer professionals • The external quality factors are ultimately the relevant ones, as they are perceived by the user However, the external quality factors depend on the internal quality factors. We distinguish between internal and external software quality factors. Software Quality - Major External Software Quality Factors | 4

• Correctness The user encompasses all • Robustness stake holders: • Extendibility - the owner, • Reusability - the “end user”, • Compatibility - the administrator, - ... • Efficiency • Portability • Ease of use • Functionality Correctness is the ability of software products to perform their tasks as defined by their specification. Major External Quality Factors | 5

• To achieve correctness a precise requirements definition is needed • Correctness is usually only conditional - we guarantee the correctness of our program on the assumption that the lower layers - upon which our product is built - are correct (E.g. we assume that a processor calculates correctly, that the compiler compiles our program correctly, …) Robustness is the ability of software systems to react appropriately to abnormal conditions. Major External Quality Factors | 6

• Robustness characterizes what happens “outside of the specification” • Robustness complements correctness Extendibility characterizes the ease of adapting software products to changes of the specification. Major External Quality Factors | 7

• Important principles to achieve extendibility: • Design simplicity A simple architecture is easier to adapt. • Decentralization Autonomous modules (modules which have minimal coupling to other modules → Software Engineering Design & Construction) are easier to change.

Change is pervasive in software development. Major External Quality Factors | 8

• Reusability is the ability of software elements to serve for the construction of many different applications • Compatibility is the ease of combining software elements with others • Portability characterizes the ease of transferring software products to various hardware and software environments (i.e., porting it from Android to iOS; porting it from Windows to Linux,…) Efficiency is the ability of a software system to place as few demands as possible on hardware resources. Major External Quality Factors | 9

• Resources are the processor time, the space occupied in internal and external memories, the bandwidth used in communication devices, ... … • Always try to use “good” algorithms over “bad” ones, because a computer that is twice as fast as a previous model can handle problem sizes near 2*N if the algorithm’s complexity is O(n). Do ask yourself: If the complexity is O(2n) a computer that is twice as fast can handle problems of size?

Do not worry how fast it is unless it is also right! Efficiency nearly always have to be balanced with other goals. Functionality characterizes the extent of possibilities provided by a system. Major External Quality Factors | 10

• Avoid featurism; remain consistent with existing features if you add new ones Ease of Use is the ease with which people of various backgrounds and qualifications can learn to use software products and apply them to solve problems. Major External Quality Factors | 11

IPhoto ‘06 IPhoto ’09 Software Quality

• … or the lack thereof. Software failures can be disastrous. Software Failures | 13 • Therac-25 People died due to an overdosis of radiation (1985) • Ariane 5 A system from Ariane 4 was reused but the specification was ignored (1996) • Mars Climate Orbiter There was some confusion about the units (i.e. metric system or english system) that are used (1999). • ... Software failures can be disastrous. Hessen erlebt Desaster mit neuer Schulsoftware von CSCSoftware | Home Failures - News| 14 - Themenüberblick - Business | TecChannel.de 10/12/2007 11:06 AM • hessische Schulsoftware LUSD “just” unusable (2007) • ...

Freitag, 12.10.2007 Premium-Login | Newsletter | RSS | Service | Mediadaten | Impressum

Suchbegri! hier eingeben in TecChannel.de suchen Sortierung Relevanz Datum Rubriken News Artikel Forum Blog

HOME FOKUS WHITEPAPER SICHERHEIT NETZWERK SERVER STORAGE PC+MOBIL KOMMUNIKATION WEBTECHNIK TEST+TECHNIK AKTUELL IM FORUM SERVICE Beratung zu IBM Aktuelle Themen News News-Archiv Newsletter PDF Newsletter PDA-News Webnews RSS Forum Stichwortverzeichnis Blog . Lenovo (Boy2006) THEMENÜBERBLICK / NEWS Weitere News WHITEPAPER-DOWNLOADS: WARNUNG VOR 1&1 Vom 14.09.2007 Eindringlingserkennung auf Web-Servern HORROR / PROBLEME Hessen erlebt Desaster mit neuer E-Mail-Exploits und ihre Gefahren (Dremml) Schulsoftware von CSC Umsetzung des Payment Card Industry Data Security sound & antivir Das Kultusministerium hat eine für 20 Millionen Euro Standard (PCI DSS) symbol fehlen im entwickelte Verwaltungssoftware an den Schulen Bedrohungsmanagement - Internet-Bedrohungen tray (hectorr) installieren lassen, die nicht funktioniert. Die Neuausrichtung der Unternehmenssicherheit im Fokus Outlook-Suche Bereits seit dem vergangenen Schuljahr versuchen rund 2000 hessische Schulen mit der Lookout zum weitere Downloads neuen Schulverwaltungssoftware LUSD (Lehrer- und Schülerdatenbank) zu arbeiten. Bis kostenlosen heute ist sie jedoch unbrauchbar. Entwickelt wurde die Schulsoftware von CSC. Start der Download Konzeption und der Entwicklung war der 1. Juni 2006. Mit der Implementierung in den (Ben.Kramer) Schulen hatte CSC im Oktober 2006 begonnen. Firma für ARTIKEL-PDF / IT-EBOOK WEITERE ERGEBNISSE BEI TECCHANNEL.DE: Patronennachfüllung Diesen Artikel als PDF-Datei (helscha) Zu Ihrer Google-Suchanfrage "hessische Schulsoftware" passende Themen: IT-eBook zusammenstellen Disk Boot Failure. Hessen erlebt Desaster mit neuer Schulsoftware von CSC Aktueller Inhalt: 0 Artikel 0 News Insert System Disk Diese News hinzufügen And Press Enter Weitere Treffer... IT-eBook öffnen (computar) Raid 1 Betriebsystem Frage (computar) LINK SETZEN Leidtragende der fehlerhaften Lösung sind vor allem die Sekretariate. Bislang erreichten RAID 1 Was ist hier mehr als 300 Beschwerden das Kultusministerium. "So viel Kaffee, wie man während del.icio.us digg Folkd defekt der unendlichen Wartezeiten bei der LUSD-Bearbeitung trinken kann, verträgt kein (boy_of_connemar) Mensch", heißt es beispielsweise in einer der Protest-Mails, von denen einige auch bei Mr. Wong Newstube Webnews Steve Ballmer warnt der Landtagsfaktion der Grünen eingingen. Die Schulsekretärinnen monieren, dass "die google Linkarena Red-Hat-Anwender neue LUSD den Schulen unausgereift aufgezwungen" worden sei. "Heute muss man (Moritz Jäger) sich erst anmelden, braucht ewige Zeit und viele Klicks, um das Gewünschte zu Yahoo Yigg bekommen. Mein Gott, in dieser Zeit ist man zehn Mal zum Aktenschrank gelaufen und Studie: Linux- weitere Infos hat sich die entsprechende gute alte Schülerakte oder den nötigen Ordner Rechner steuern herausgezogen!", schimpfte eine Anwenderin. Windows-Botnets (Moritz Jäger) Die Grünen haben eine Stellungnahme vom Kultusministerium eingefordert. "Mit der unausgegorenen neuen Verwaltungssoftware hat Kultusministerin Karin Wolff die Arbeit MEINUNGEN ZUM ARTIKEL an unseren Schulen weit gehend lahmgelegt", kritisierte der bildungspolitische Sprecher Ihre Meinung zu dieser Meldung der Grünen, Mathias Wagner, in Wiesbaden gegenüber dem Hessischen Rundfunk. Die AKTUELL IM BLOG SPD-Fraktion ereiferte sich vor allem über die verfrühte Einführung der Software: "Für uns ist es völlig unverständlich, wie ein solcher Super-GAU passieren kann. 2000 JOBSUCHE FÜR IT-EXPERTEN Irgendwie reichts Schulen mit über 800.000 Schülerinnen und Schülern eignen sich nicht für Experimente", Suchbegriff: jetzt, Apple! empörte sich die schulpolitische Sprecherin der SPD-Landtagsfraktion, Heike CloneDVD brennt Habermann. Informationstechnologie schnell / Grabbing sehr schnell Einsatzregion: Das Ministerium räumte Fehler ein. "Wir verstehen den Unmut der Schulen, auch wir Für Mathe-Geeks: National InternationalOrt oder PLZ: hatten andere Erwartungen an das bestellte Produkt", sagte Ministeriumssprecherin Fibonacci-Folge in Tatjana Schruttke. Jedoch könne ein System für mehr als 50.000 Lehrkräfte und Umkreis: Rocksong 800.000 Schüler nicht ohne erhebliche Kraftanstrengung in die Praxis übertragen 10 km werden. Erst Mitte 2008 rechnet sie mit einem fehlerfreien Betrieb. In einem Schreiben 20x auch mit an alle hessischen Schulen haben die Staatssekretäre Joachim Jacobi Ashampoo Burning (Kultusministerium/CDU) und Harald Lemke (Finanzministerium/parteilos) die Detailsuche Studio / Tevion grundlegende Überarbeitung des Systems angekündigt. "Das von der Entwicklerfirma DVD+R ? CSC gelieferte System entspricht leider noch nicht dem, was Sie und wir an TecChannel Partnerzone ANZEIGE Brennen mit 20fach? Funktionalität und Performance erwarten dürfen", heißt es darin.

Für die Landtagsfraktion der Grünen bedeutet die Millioneninvestition in die nicht funktionierende Software eine gigantische Verschwendung von Steuergeldern. Mit 20 Millionen Euro hätten 400 Lehrerinnen und Lehrer ein Jahr beschäftigt werden können, IP Vernetzung rechnet Wagner vor. Das Vertrösten der Schulen auf 2008 sei eine Unverschämtheit. "Die völlig genervten und überarbeiteten LUSD-Anwenderinnen und -Anwender Optimale Kommunikation durch IP- brauchen jetzt eine Lösung und nicht erst in einem Jahr." Den Versuch, die Vernetzung Verantwortung für die Probleme allein auf die in Hessen ansässige Entwicklungsfirma > mehr Infos CSC schieben zu wollen, bezeichnete Wagner als "schäbig". (Computerwoche/ala)

Mehr zum Thema: Schulsoftware , E-Government , CSC , Hessen

+++ Lesen Sie alles über reibungslose Kommunikation im Ges

Vorherige News Nächste News

http://www.tecchannel.de/index.cfm?pid=401&pk=1732014 Page 1 of 2 Lack of software quality. Software Quality | 15 • CampusNet error message shown to the end user (2010) Software Quality - FirstSpirit - 2009 | 16 Software Quality - FirstSpirit - 2009 | 17 Software Quality - FirstSpirit - 2009 | 18 Missing software quality in commercial software. Software Failures | 19 • Lufthansa Buchungssystem “Totalausfall” (2004) • ... Konsequenz aus System-Ausfall 14.10.2004

Lufthansa will Check-In-Technik besser absichern

Nachdem das weltweiten Check-In-Systems bei der Lufthansa vor drei Wochen komplett ausgefallen ist zieht die Airline nun Konsequenzen. Geprüft werden Möglichkeiten zur besseren Absicherung. Eine Entscheidung darüber werde aber noch einige Monate dauern, sagte eine Unternehmenssprecherin am Donnerstag.… hatte in der Nacht ein Software- HB FRANKFURT. Der für die Technik zuständigen Konzerntochter Lufthansa Systems zufolge versagte bei dem Ausfall das vorhandene Reservesystem (Back-up) für die Check-In-Terminals, weil es an entscheidender Stelle auf das ausgefallene UpdateBetriebssystem zurückgreift. ausgeführt. Sechs Stunden lang wurdenIm Gefolge am 23. September weltweit die Fluggäste von Lufthansa und mehreren Partnergesellschaften von Hand eingecheckt. Neben zahlreichen Verspätungen wurden 60 innereuropäische Flüge gestrichen. Prinzipiell sei ein eigenständiges Parallelsystem denkbar,davon sagte Lufthansa kam Systems-Chef es Peterzu Franke. einem „So etwas ist natürlich nicht kostenneutral“, fügte er hinzu. Die Entscheidung für die Ausgestaltung des Back-up-Systems liege beim Kunden, in diesem Fall Systemabsturz,dem Lufthansa Geschäftsbereich Passage. weil eine Nach Einschätzung von Technikexperten hätte das Check-In mit einem Zweitsystem, das im Stand-by- Betrieb bereit stünde, binnen weniger als einer Stunde wieder funktionsfähig gewesen. Ein solches System würde rund zehn Mill. € zusätzlichSpeicherdatei kosten, hieß es am Rande eines Touristikfachkongresses vollgelaufen in war.… Köln bei Technikanbietern für den Luftfahrt- und Touristikbereich. Über möglichen Schadenersatz besteht bei Lufthansa noch keine Klarheit. „Ob und in welcher Höhe Schadenersatzforderungen geltend gemacht werden, wird momentan noch geprüft“, teilte die Unternehmens-Sprecherin mit. Eine Wiederholung der konkreten Ursache für den Check-In-Ausfall gilt mittlerweile als ausgeschlossen. „Es handelte sich um eine Verkettung von gleich drei Problemen“, sagte Systems-Chef Franke. Die US-Firma Unisys, deren Betriebssystem Lufthansa beim Check-In verwendet, hatte in der Nacht ein Software-Update ausgeführt. Im Gefolge davon kam es zu einem Systemabsturz, weil eine Speicherdatei vollgelaufen war. Missing software quality in commercial software. Software Failures | 20 • Lufthansa Buchungssystem “Totalausfall” (2009) • ... Computerpanne bei Lufthansa 30.09.2009, 12:26 Mit Zettel und Stift musste die Lufthansa heute ihre Passagiere einchecken. Eine Computerpanne hatte den Check-In lahmgelegt.

Mit Verspätungen muss wegen der Computerpanne noch bis morgen gerechnet werden. (Foto: ddp) Ein Ausfall des zentralen Lufthansa-Check-In-Systems hat weltweit zu Verzögerungen bei der Abfertigung sowie zu Verspätungen und einzelnen Flugausfällen geführt.

Das System kam kurz vor 04.00 Uhr während eines routinemäßigen Software-Updates zum Stillstand, wie ein Sprecher sagte. Zwar habe man den Server um 08.00 Uhr wieder starten können. Bis zum Mittwochabend könne es aber zu Verspätungen kommen.

Wegen des Systemausfalls musste die Lufthansa weltweit auf manuelles Einchecken umstellen. Passagiere wurden per Hand mit Stift und Papier eingecheckt werden, sagte Lufthansa-Sprecher[…] Missing software quality in commercial software. Nisus Writer Pro 1.4 - 2010 | 21 Missing software quality in commercial software. Duden Office Bibliothek - 2010 | 22 We distinguish between internal and external software quality factors. Software Quality - Internal Quality Factors | 23

• Internal quality factors • modular • readable This lecture series’ main subject • } … An example of missing internal quality. Internal Quality Factors | 24 ///

/// Turns true into false and false into true /// True of false /// False or true private bool trueandorfalse(bool _booInpt) { // I'm quite sure though there is a very // clever C# standard command doing this, // I just can't find it right now ... if (_booInpt == true) return false; return true; } An example of missing internal quality. Internal Quality Factors | 25 /** * Checks to see if Australia is typed into the other country box */ function checkContactCountry(inputBox) { var validator = new RegExp( /^(A|a)(U|u)(S|s)(T|t)(R|r)(A|a)(L|l)(I|i)(A|a) |(N|n)(E|e)(W|w)(Z|z)(E|e)(A|a)(L|l)(A|a)(N|n)(D|d) |(N|n)(E|e)(W|w) (Z|z)(E|e)(A|a)(L|l)(A|a)(N|n)(D|d)$/);

if(validator.test(inputBox.value)) { alert("Your Residential Address must be outside Australia. " + "Enter your residential address outside this country," + "or visit redacted-travel.com.au to make a booking if " + "you live in Australia."); inputBox.focus(); inputBox.select(); } } Internal quality. Internal Quality Factors | 26 def isAnnotatedWith( classFile: ClassFile, annotationTypes: Iterable[ObjectType]): Boolean = {

var bufferOutput: Iterable[Object] = Iterable.empty val runtimeVisibleAnnotations = classFile.runtimeVisibleAnnotations val runtimeInvisibleAnnotations = classFile.runtimeInvisibleAnnotations for (annotationType ← annotationTypes) { bufferOutput = bufferOutput ++ runtimeVisibleAnnotations.filter { case Annotation(`annotationType`, _) ⇒ true case _ ⇒ false } bufferOutput = bufferOutput ++ runtimeInvisibleAnnotations.filter { case Annotation(`annotationType`, _) ⇒ true case _ ⇒ false } }

annotationTypes.nonEmpty && !classFile.isAnnotationDeclaration && bufferOutput.nonEmpty }

Where is the issue/are the issues? Internal Quality Factors | 27

[...] Have you ever noticed that when someone checks in some complex and, oftentimes, horrific piece of code, the check-in is greeted with an almost deafening silence? […] “The explanation for why this occurs was first given by C. Northcote Parkinson […] He stated that if you were building something complex, then few people would argue with you because few people could understand what you were doing. If you were building something simple […] which most anyone could build, then everyone would have an opinion.

Just one reason for “bad code”... George V. Neville-Neil Painting the Bike Shed - A sure-fire technique for ending pointless coding debates; ACM Queue, ACM 2009 1542-7730/09/0600 If you want to study code with missing quality... Internal Quality Factors | 28

But, reading other people’s code - in particular if the code is good - is one of the best ways to learn to program. If you want to study code... Internal Quality Factors | 29 Software quality in commercial software. Internal Quality Factors | 30

Part of the source code for Comanche, build 055. It is part of the source code for the Command Module's (CM) Apollo Guidance Computer (AGC), Apollo 11.

http://googlecode.blogspot.com/2009/07/apollo-11-missions-40th-anniversary-one.html It is often not possible to improve all software quality attributes. Sometimes they are at odds. Software Quality | 31

Correctness Maintainability

Reusability …

Software Quality Attributes Software Quality

• Good Software Ian Sommerville; Software Engineering - Eighth Edition; Addison Wesley, 2007 Attributes of “good Software” Software Quality | 33 • Maintainability Software should be written in such a way that it may evolve to meet changing needs of customers. • Efficiency Software should not waste system resources; it includes: responsiveness, processing time, memory utilisation, etc. • Usability Software must be usable by the intended users. • Dependability (dt. Verlässlichkeit) Dependable software does not cause physical or economic damage in the event of system failure. Further properties: Repairability, Survivability, Error Tolerance... Some Aspects of Dependable Systems Software Quality | 34 Availability =dt. Verfügbarkeit Reliability =dt. Zuverlässigkeit Safety =dt. Betriebssicherheit Dependability Security =dt. Systemsicherheit

Availability Reliability Safety Security

The ability to The ability of the The ability of the The ability of the protect itself system to system to deliver system to deliver against operate without services when services as accidental or catastrophic required specified deliberate failure intrusion

this includes

correctness precision timeliness

Software Engineering; Ian Sommerville; 2007 Software Quality Assurance (SQA)

• Constructive vs. Analytical Fostering Software Quality by Means of… Constructive SQA and Analytical SQA Software Quality Assurance | 36

Programming Languages Software Architecture

Scalable Static Analyses Domain Specific Languages

Lightweight Formal Methods Metrics

Software Development Processes Machine Learning

… Type Systems (Language Based Security)

…. Integrated Development Environments Constructive SQA

Null Values… Programming Languages - Constructive Software Quality Assurance | 37

• found in java.nio.file.FileTreeWalker next() if (ioe != null) { ioe = e; } else { here, ioe is null ioe.addSuppressed(e); } Programming Languages - Constructive Software QualityConstructive Assurance SQA| 38 Complex Project

Processes Experiences Best Practices

Language Tools

Simple Project

Expressivity of the Programming A Few (Well Known) Static Analysis Tools Fostering Software Quality | 39

• FindBugs Lightweight static analyses on top of Java Bytecode. • PMD Lightweight static analyses on top of the AST using Java Visitors or XPath based rules. • CheckStyle Lightweight static analyses on top of the AST using Java Visitors. • CheckerFramework } Static analyses using pluggable types. • ConQAT Code Clone Detection. Software Inspections - Lightweight Static Software Analysis | 40 Software Inspections - Lightweight Static Software Analysis | 41 Software Inspections - Lightweight Static Software Analysis | 42 Software Inspections - Lightweight Static Software Analysis | 43 Software Inspections - Lightweight Static Software Analysis | 44 Software Inspections - Lightweight Static Software Analysis | 45 Software Inspections - Lightweight Static Software Analysis | 46 A Few (Well Known) Static Analysis Tools Fostering Software Quality | 47

• JDepend Structural analysis on top of Java Bytecode. • DependencyFinder Structural analysis on top of Java Bytecode. } • Stan4J Structural analysis on top of Java Bytecode. • Sonargaph (SonarJ) Analyzes the structure of applications. A Few (Well Known) Static Analysis Tools Fostering Software Quality | 48

• ESC/Java2 Formal verification using JML Annotations. • Key } Formal verification. • … Fostering Software Quality by means of Static Analyses | 49 violations of best practices/bug patterns Analytical SQA reusability maintainability correctness effort

lightweight static code clone detection ↓ ○ analyses ✓ ✓ -

semi formal methods ✓ ↓

formal methods ✓ ↑

structure analyses ✓ ✓ ↓

style conformance checking ✓ ↓

architecture conformance ✓ ✓ ○-↑ checking Classifying Found Issues Software Quality - Terminology | 50

• True and False Positives • True and False Negatives • Irrelevant True Positives • Perceived False Positives True and False Positives Software Quality - Terminology | 51

• a True Positive is the correct finding (of something relevant)

This is what static analyses should detect.

• a False Positive is a finding that is just incorrect

False positives are typically caused by the weaknesses of the analysis. Example of a True Positive Software Quality - Terminology | 52 Let’s assume that we have a “basic” analysis to detect object accesses (o.xyz) that appear in a guarded context (if (o != null)) and also outside a guarded context. guard void printIt(String args[]) { if (args != null) { System.out.println(“number of elements: " + args.length); } for (String arg : args) { guarded & System.out.println(arg); } unguarded } access Example of a False Positive Software Quality - Terminology | 53 Let’s assume that we have a “basic” analysis to detect object accesses (o.xyz) that appear in a guarded context (if (o != null)) and also outside a guarded context.

guard void printReverse(String args[]) { int argscount = 0; if (args != null) { guarded & argscount = args.length; unguarded access } for (int i = argscount - 1; i >= 0; argscount--) { System.out.println(args[i]); } } implicit guard True and False Negatives Software Quality - Terminology | 54

• a True Negative is the correct finding of no issue. • a False Negative is an issue that is not reported.

Generally, only relevant in the context of formal approaches. Irrelevant True Positives Software Quality - Terminology | 55

• Irrelevancy is context-dependent… • Issues related to Serialization are irrelevant when your application doesn’t use Serialization at all. • A violation of the hashCode-equals contract may be completely irrelevant for an (inner) class that is never put in a collection that uses hashes. • … Irrelevant True Positives Software Quality - Terminology | 56 boolean handleIt(int i) { if (i < 0 || i > 2) throw new IllegalArgumentException();

switch (i) { case 0: They are typically related to: case 1: return true; • default cases in switch statements • assertions case 2: • a test that leads to an AssertionError return false;

default: throw new UnknownError(); } } Perceived False Positives Software Quality - Terminology | 57

GeneralPath result = new GeneralPath(GeneralPath.WIND_NON_ZERO); … if (dx != 0 || dy != 0) { AffineTransform tx = AffineTransform.getTranslateInstance(dx, dy); result = (GeneralPath)tx.createTransformedShape(result); } This cast will always fail!

java.awt.font.TextLayout - Line 2404ff Perceived False Positives Software Quality - Terminology | 58

GeneralPath result = new GeneralPath(GeneralPath.WIND_NON_ZERO); … if (dx != 0 || dy != 0) { AffineTransform tx = AffineTransform.getTranslateInstance(dx, dy); result = (GeneralPath)tx.createTransformedShape(result); }

public Shape createTransformedShape(Shape pSrc) { if (pSrc == null) { return null; } return new Path2D.Double(pSrc, this); }

interface Shape

class Path2D implements Shape, Cloneable java.awt.font.TextLayout - Line 2404ff /*inner*/ class Double extends Path2D implements Serializable Perceived False Positives Software Quality - Terminology | 59

GeneralPath result = new GeneralPath(GeneralPath.WIND_NON_ZERO); … if (dx != 0 || dy != 0) { AffineTransform tx = AffineTransform.getTranslateInstance(dx, dy); result = (GeneralPath)tx.createTransformedShape(result);Perceived false positives are the result of } issue reports related to complex issues public Shape createTransformedShape(Shape pSrc) { if (pSrcand/or == null)related { to reports that are not easy return null; to comprehend. } return new Path2D.Double(pSrc, this); }

interface Shape

class Path2D implements Shape, Cloneable java.awt.font.TextLayout - Line 2404ff /*inner*/ class Double extends Path2D implements Serializable Perceived False Positives Software Quality - Terminology | 60

protected Icon getIconForType(int messageType) { if(messageType < 0 || messageType > 3) return null; String propertyName = null; switch(messageType) { case 0: propertyName = “OptionPane.errorIcon"; break; case 1: propertyName = “OptionPane.informationIcon"; break; case 2: propertyName = “OptionPane.warningIcon"; break; case 3: propertyName = “OptionPane.questionIcon"; break; } if (propertyName != null) { return (Icon)DefaultLookup.get(optionPane, this, propertyName); } return null; } Dead Code!

javax.swing.plaf.basic.BasicOptionPaneUI Refactored

Perceived False Positives Software Quality - Terminology | 61

protected Icon getIconForType(int messageType) { String propertyName = null; switch(messageType) { case 0: propertyName = “OptionPane.errorIcon"; break; case 1: propertyName = “OptionPane.informationIcon"; break; case 2: propertyName = “OptionPane.warningIcon"; break; case 3: propertyName = “OptionPane.questionIcon"; break; default: return null; } return (Icon)DefaultLookup.get(optionPane, this, propertyName); }

javax.swing.plaf.basic.BasicOptionPaneUI Cryptic True Positives Software Quality - Terminology | 62 boolean process() throws Exception { boolean done = false; do { Thread.sleep(500); done = (System.currentTimeMillis() % 100l == 0l); } while (!done); return !done; Dead Edge! }

Refactored: return false;

if (done) done = false else done = true return done Software Quality Assurance | 63

A Holistic View is required.

Software Process Model … Development Environment Traceability Tools Static/Dynamic Analysis Tools (High-Level) Documentation Modeling Languages Domain Specific Languages { Programming Language } Software Quality

• Summary Does distributed development affect software quality? An empirical case study of Windows Vista | 65

International Conference on Software Engineering Proceedings of the 2009 IEEE 31st International Conference on Software Engineering Year of Publication: 2009 ISBN:978-1-4244-3453-4

Does Distributed Development Affect Software Quality? An Empirical Case Study of Windows Vista

Christian Bird1,NachiappanNagappan2, Premkumar Devanbu1, Harald Gall3,BrendanMurphy2

1University of California, Davis, USA 2Microsoft Research 3University of Zurich, Switzerland cabird,ptdevanbu @ucdavis.edu nachin,bmurphy @microsoft.com [email protected] { } { }

Abstract tributed collaboration imposes many challenges not inher- ent in collocated teams such as delayed feedback, restricted It is widely believed that distributed software develop- communication, less shared project awareness, difficulty of ment is riskier and more challenging than collocated de- synchronous communication, inconsistent development and velopment. Prior literature on distributed development in build environments, lack of trust and confidence between software engineering and other fields discuss various chal- sites, etc. [22]. While there are studies that have examined lenges, including cultural barriers, expertise transfer dif- the delay associated with distributed development and the ficulties, and communication and coordination overhead. direct causes for them [12], there is a dearth of empirical We evaluate this conventional belief by examining the over- studies that focus on the effect of distributed development all development of Windows Vista and comparing the post- on software quality in terms of post-release failures. release failures of components that were developed in a dis- In this paper, we use historical development data from tributed fashion with those that were developed by collo- the implementation of Windows Vista along with post- cated teams. We found a negligible difference in failures. release failure information to empirically evaluate the hy- This difference becomes even less significant when control- pothesis that globally distributed software development ling for the number of developers working on a binary. leads to more failures. We focus on post-release failures We also examine component characteristics such as code at the level of individual executables and libraries (which churn, complexity, dependency information, and test code we refer to as binaries) shipped as part of the operating sys- coverage and find very little difference between distributed tem and use the IEEE definition of a failure as “the inability and collocated components to investigate if less complex of a system of component to perform its required functions components are more distributed. Further, we examine the within specified performance requirements” [16]. software process and phenomena that occurred during the Using geographical and commit data for the developers Vista development cycle and present ways in which the de- that worked on Vista, we divide the binaries produced into velopment process utilized may be insensitive to geography those developed by distributed and collocated teams and ex- by mitigating the difficulties introduced in prior work in this amine the distribution of post-release failures in both popu- area. lations. Binaries are classified as developed in a distributed manner if at least 25% of the commits came from locations other than where binary’s owner resides. We find that there 1. Introduction is a small increase in the number of failures of binaries writ- ten by distributed teams (hereafter referred to as distributed Globally distributed software development is an increas- binaries) over those written by collocated teams (collocated ingly common strategic response to issues such as skill binaries). However, when controlling for team size, the dif- set availability, acquisitions, government restrictions, in- ference becomes negligible. In order to see if only smaller, creased code size, cost and complexity, and other resource less complex, or less critical binaries are chosen for dis- constraints [5, 10]. In this paper, we examine develop- tributed development (which could explain why distributed ment that is globally distributed, but completely within Mi- binaries have approximately the same number of failures), crosoft. This style of global development within a single we examined many properties, but found no difference be- company is to be contrasted with outsourcing which in- tween distributed and collocated binaries. We present our volves multiple companies. It is widely believed that dis- methods and findings in this paper.

ICSE’09, May 16-24, 2009, Vancouver, Canada 978-1-4244-3452-7/09/$25.00 © 2009 IEEE 518 Browser Security: Lessons from Google Chrome | 66

ACM Queue Volume 7 , Issue 5 (June 2009) 8&#
4&$63*5: Distributed Computing Year of Publication: 2009 ISSN:1542-7730 #SPXTFS
4FDVSJUZ

-FTTPOT
GSPN
(PPHMF
$ISPNF

(PPHMF
$ISPNF
EFWFMPQFST
GPDVTFE
PO
UISFF
LFZ
QSPCMFNT
UP
TIJFME
UIF
CSPXTFS
GSPN
BUUBDLT

$IBSMFT
3FJT
(PPHMF
"EBN
#BSUI
6$
#FSLFMFZ

$BSMPT
1J[BOP
(PPHMF

/ iÊ7iLÊ >ÃÊLiVœ“iʜ˜iʜvÊÌ iÊ«Àˆ“>ÀÞÊÜ>ÞÃÊ«iœ«iʈ˜ÌiÀ>VÌÊÜˆÌ ÊÌ iˆÀÊVœ“«ÕÌiÀÃ]ÊVœ˜˜iV̈˜}Ê «iœ«iÊÜˆÌ Ê>Ê`ˆÛiÀÃiʏ>˜`ÃV>«iʜvÊVœ˜Ìi˜Ì]ÊÃiÀۈViÃ]Ê>˜`Ê>««ˆV>̈œ˜Ã°Ê1ÃiÀÃÊV>˜Êw˜`ʘiÜÊ>˜`Ê ˆ˜ÌiÀiÃ̈˜}ÊVœ˜Ìi˜Ìʜ˜ÊÌ iÊ7iLÊi>ȏÞ]ÊLÕÌÊÌ ˆÃÊ«ÀiÃi˜ÌÃÊ>ÊÃiVÕÀˆÌÞÊV >i˜}i\ʓ>ˆVˆœÕÃÊ7iL‡ÃˆÌiÊ œ«iÀ>̜ÀÃÊV>˜Ê>ÌÌ>VŽÊÕÃiÀÃÊÌ ÀœÕ} ÊÌ iˆÀÊ7iLÊLÀœÜÃiÀÃ°Ê ÀœÜÃiÀÃÊv>ViÊÌ iÊV >i˜}iʜvʎii«ˆ˜}ÊÌ iˆÀÊ ÕÃiÀÃÊÃ>viÊÜ ˆiÊ«ÀœÛˆ`ˆ˜}Ê>ÊÀˆV Ê«>ÌvœÀ“ÊvœÀÊ7iLÊ>««ˆV>̈œ˜Ã°Ê ÀœÜÃiÀÃÊ>ÀiÊ>˜Ê>««i>ˆ˜}ÊÌ>À}iÌÊvœÀÊ>ÌÌ>VŽiÀÃÊLiV>ÕÃiÊÌ iÞÊ >ÛiÊ>ʏ>À}iÊ>˜`ÊVœ“«iÝÊÌÀÕÃÌi`Ê Vœ“«Ṏ˜}ÊL>ÃiÊÜˆÌ Ê>Ê܈`iʘiÌܜÀŽ‡ÛˆÃˆLiʈ˜ÌiÀv>Vi°ÊˆÃ̜ÀˆV>Þ]ÊiÛiÀÞÊLÀœÜÃiÀÊ>ÌÊܓiÊ«œˆ˜ÌÊ >ÃÊ Vœ˜Ì>ˆ˜i`Ê>ÊLÕ}ÊÌ >ÌʏiÌÊ>ʓ>ˆVˆœÕÃÊ7iL‡ÃˆÌiʜ«iÀ>̜ÀÊVˆÀVՓÛi˜ÌÊÌ iÊLÀœÜÃiÀ½ÃÊÃiVÕÀˆÌÞÊ«œˆVÞÊ>˜`Ê Vœ“«Àœ“ˆÃiÊÌ iÊÕÃiÀ½ÃÊVœ“«ÕÌiÀ°Ê Ûi˜Ê>vÌiÀÊÌ iÃiÊÛՏ˜iÀ>LˆˆÌˆiÃÊ>ÀiÊ«>ÌV i`]ʓ>˜ÞÊÕÃiÀÃÊVœ˜Ìˆ˜ÕiÊ ÌœÊÀ՘ʜ`iÀ]ÊÛՏ˜iÀ>LiÊÛiÀȜ˜Ã°xÊ7 i˜ÊÌ iÃiÊÕÃiÀÃÊۈÈÌʓ>ˆVˆœÕÃÊ7iLÊÈÌiÃ]ÊÌ iÞÊÀ՘ÊÌ iÊÀˆÃŽÊœvÊ >ۈ˜}ÊÌ iˆÀÊVœ“«ÕÌiÀÃÊVœ“«Àœ“ˆÃi`°Ê i˜iÀ>ÞÊëi>Žˆ˜}]ÊÌ iÊ`>˜}iÀÊ«œÃi`Ê̜ÊÕÃiÀÃÊVœ“iÃÊvÀœ“ÊÌ ÀiiÊv>V̜ÀÃ]Ê>˜`ÊLÀœÜÃiÀÊÛi˜`œÀÃÊV>˜Ê i«ÊŽii«ÊÌ iˆÀÊÕÃiÀÃÊÃ>viÊLÞÊ>``ÀiÃȘ}Êi>V ʜvÊÌ iÃiÊv>V̜ÀÃ\Ê UÊÊ/ iÊÃiÛiÀˆÌÞʜvÊÛՏ˜iÀ>LˆˆÌˆiÃ°Ê ÞÊÃ>˜`LœÝˆ˜}ÊÌ iˆÀÊÀi˜`iÀˆ˜}Êi˜}ˆ˜i]ÊLÀœÜÃiÀÃÊV>˜ÊÀi`ÕViÊÌ iÊ ÃiÛiÀˆÌÞʜvÊÛՏ˜iÀ>LˆˆÌˆiðÊ->˜`LœÝiÃʏˆ“ˆÌÊÌ iÊ`>“>}iÊÌ >ÌÊV>˜ÊLiÊV>ÕÃi`ÊLÞÊ>˜Ê>ÌÌ>VŽiÀÊÜ œÊ iÝ«œˆÌÃÊ>ÊÛՏ˜iÀ>LˆˆÌÞʈ˜ÊÌ iÊÀi˜`iÀˆ˜}Êi˜}ˆ˜i°Ê UÊÊ/ iÊ܈˜`œÜʜvÊÛՏ˜iÀ>LˆˆÌÞ°Ê ÀœÜÃiÀÃÊV>˜ÊÀi`ÕViÊÌ ˆÃÊ܈˜`œÜÊLÞʈ“«ÀœÛˆ˜}ÊÌ iÊÕÃiÀÊiÝ«iÀˆi˜ViÊ vœÀʈ˜ÃÌ>ˆ˜}ÊLÀœÜÃiÀÊÕ«`>ÌiÃ]ÊÌ ÕÃʓˆ˜ˆ“ˆâˆ˜}ÊÌ iʘՓLiÀʜvÊÕÃiÀÃÊÀ՘˜ˆ˜}ʜ`ÊÛiÀȜ˜ÃÊÌ >Ìʏ>VŽÊ ÃiVÕÀˆÌÞÊ«>ÌV iÃ°Ê UÊÊ/ iÊvÀiµÕi˜VÞʜvÊiÝ«œÃÕÀi°Ê ÞÊÜ>À˜ˆ˜}ÊÕÃiÀÃÊLivœÀiÊÌ iÞÊۈÈÌʎ˜œÜ˜Ê“>ˆVˆœÕÃÊÈÌiÃ]ÊLÀœÜÃiÀÃÊV>˜Ê Ài`ÕViÊÌ iÊvÀiµÕi˜VÞÊÜˆÌ ÊÜ ˆV ÊÕÃiÀÃʈ˜ÌiÀ>VÌÊÜˆÌ Ê“>ˆVˆœÕÃÊVœ˜Ìi˜Ì°Ê >V ʜvÊÌ iÃiʓˆÌˆ}>̈œ˜Ã]ʜ˜ÊˆÌÃʜܘ]ʈ“«ÀœÛiÃÊÃiVÕÀˆÌÞ°Ê/>Ži˜Ê̜}iÌ iÀ]ÊÌ iÊLi˜iwÌÃʓՏ̈«ÞÊ>˜`Ê i«ÊŽii«ÊÕÃiÀÃÊÃ>viʜ˜Ê̜`>Þ½ÃÊ7iL°Ê ˜ÊÌ ˆÃÊ>À̈Vi]ÊÜiÊ`ˆÃVÕÃÃÊ œÜʜÕÀÊÌi>“ÊÕÃi`ÊÌ iÃiÊÌiV ˜ˆµÕiÃÊ̜ʈ“«ÀœÛiÊÃiVÕÀˆÌÞʈ˜Êœœ}iÊ Àœ“i°Ê7iÊ œ«iʜÕÀÊwÀÃ̇ >˜`ÊiÝ«iÀˆi˜ViÊ܈Êà i`ʏˆ} Ìʜ˜ÊŽiÞÊÃiVÕÀˆÌÞʈÃÃÕiÃÊÀiiÛ>˜ÌÊ̜Ê>Ê LÀœÜÃiÀÊ`iÛiœ«iÀðÊ

3&%6$*/(
76-/&3"#*-*5:
4&7&3*5:
˜Ê>˜Êˆ`i>ÊܜÀ`]Ê>ÊÜvÌÜ>Ài]ʈ˜VÕ`ˆ˜}ÊLÀœÜÃiÀÃ]ÊܜՏ`ÊLiÊLÕ}‡vÀiiÊ>˜`ʏ>VŽÊiÝ«œˆÌ>LiÊ ÛՏ˜iÀ>LˆˆÌˆiðÊ1˜vœÀÌ՘>ÌiÞ]ÊiÛiÀÞʏ>À}iÊ«ˆiViʜvÊÜvÌÜ>ÀiÊVœ˜Ì>ˆ˜ÃÊLÕ}ðʈÛi˜ÊÌ ˆÃÊÀi>ˆÌÞ]ÊÜiÊ V>˜Ê œ«iÊ̜ÊÀi`ÕViÊÌ iÊÃiÛiÀˆÌÞʜvÊÛՏ˜iÀ>LˆˆÌˆiÃÊLÞʈ܏>̈˜}Ê>ÊLÀœÜÃiÀ½ÃÊVœ“«iÝÊVœ“«œ˜i˜ÌÃÊ>˜`Ê Ài`ÕVˆ˜}ÊÌ iˆÀÊ«ÀˆÛˆi}iÃ°Ê œœ}iÊ Àœ“iʈ˜VœÀ«œÀ>ÌiÃÊÃiÛiÀ>Ê>ÞiÀÃʜvÊ`ivi˜ÃiÃÊ̜ʫÀœÌiVÌÊÌ iÊÕÃiÀÊvÀœ“ÊLÕ}Ã]Ê>ÃÊà œÜ˜Êˆ˜Ê w}ÕÀiÊ£°Ê7iLÊVœ˜Ìi˜ÌʈÌÃivʈÃÊÀ՘ÊÜˆÌ ˆ˜Ê>Ê>Û>-VÀˆ«ÌÊۈÀÌÕ>Ê“>V ˆ˜i]ÊÜ ˆV Ê>VÌÃÊ>Ãʜ˜iÊvœÀ“ÊœvÊ>Ê Ã>˜`LœÝÊ>˜`Ê«ÀœÌiVÌÃÊ`ˆvviÀi˜ÌÊ7iLÊÈÌiÃÊvÀœ“Êi>V ÊœÌ iÀ°Ê7iÊÕÃiÊiÝ«œˆÌÊL>ÀÀˆiÀÃ]ÊÃÕV Ê>ÃÊ>``ÀiÃÇ  Software Quality | 67

Recall the “fifteen principles of Software Engineering”.

Take responsibility! There are no excuses. If you develop a system, it is your responsibility to do it right. Take that responsibility. Do it right, or don’t do it at all. Goal of the Lecture | 68

The goal of this lecture is to enable you to systematically carry out small(er) software projects that produce quality software.

• Software quality is not just about the (internal) quality of the source code. • Software quality means different things to different stake holders. • To produce quality software a holistic view on a software project is required. Goal of the Lecture | 69 • The goal of this lecture is to enable you to systematically carry out small(er) commercial or open-source projects.

Software Quality

Software Project Management

Project Project Start End

Requirements Management Domain Modeling