Introduction Software Quality Assurance
- According to one news report in 2004, Millions of bank accounts were impacted by errors due to installation of inadequately tested Software Quality Assurance code in the transaction processing system of a major North American bank. In this news it was mentioned that it took two weeks to fix all the resulting errors and that the total cost of this software failure exceeded $100 million.
- In March of 2002 it was reported that software bugs in Britain’s national tax system resulted in more than 100,000 erroneous tax overcharges. The problem was due to lack of testing in the integration of multiple systems.
- Y2k problem!!!
These and many such incidents are there to share with you when we talk about software quality. Today, software quality is the most buzz word in the software industry!! We have seen that software testing is a process of making the software bug-free. Testing involves operation of a system or application under controlled conditions and evaluating the results. The controlled conditions may involve valid and invalid inputs both. But simply well tested software is not today’s need. It is very much necessary to have quality in the software product. The quality software has to be bug free, should be delivered within the specified time and it should be within the budget. It should meet the requirements and last but not least it should be maintainable. However, quality is a subjective term it and depends upon the customer. Many software companies have separate department as quality assurance and testing (rather it is becoming specialized stream in software engineering!) to superfine the developed software.
The focus of this chapter is ‘quality’. In this chapter, we will understand some fundamental aspects of quality such as quality concept, quality assurance and quality control. We will also discuss one popular quality standard: ISO 9000.
Basic Concepts of Software Quality
There are many definitions of software quality. In simple words, the Software Quality Assurance means ‘how well the software works’. Furthermore, we can also state that controlling the variation or differences is the key to high quality software product. Let us see “what is software quality?”
Software quality can be defined as “the conformance to explicitly stated functional and performance requirements, explicitly documented development standards, and implicit characteristics that are expected of all professionally developed software”.
Software Quality Management
Software quality management provides independent checks development process. For small system development, by making an informal communication with the team members the software quality management is done. But on software for large system development there are three activities that can be conducted under software quality management –
- Quality Assurance
Under this activity a framework for the quality is established which includes the organisational procedures and standards. Quality assurance is conducted get ensured about high quality software.
Under this activity, appropriate procedures and standards from the framework are selected and adapted for implementing the software project.
- Quality Control
Under this activity is gets ensured that the software is developed using quality procedures and standards.
The quality management checks whether or not the software being developed is as per the organisational goals and standards. There is a separate team for software quality management which reports the project manager about the software quality.
Process and Product Software Quality Assurance
- The quality of development process directly affects the quality of delivered product. That means the product quality is related to the development process.
- In software development the relationship between the process and product quality is very complicated. However, there is a close link between process and product.
- Software product quality can not be measured. However, it is observed that if there is high quality in software development process then the errors get reduced in the developed product. The process-based approach for bringing the quality in the product is illustrated by following
- Software quality management is done using following activities –
- Define the standards for conduction of development process and software reviews.
- Monitor the software process in order to get ensured about the standards.
- Report the development of the software process to the management team.
Quality Assurance and Standards
- Definition of quality assurance: It is planned and systematic activities ‘necessary to provide a high degree of confidence in the quality of a product. It provides quality assessment of the quality control activities and determines the validity of the data or procedures for determining quality.
- The primary task of quality assurance is to define or select the standards. There are two types of standards defined for quality assurance
This standard is developed for the software product being developed. It includes document and documentation standards. The document standard the standard for the structure of requirements document. And means documentation standard represents the standard comment header and coding standard (i.e. how to write the code in systematic manner).
- Process standards
This standard is developed to define various processes that should occur during the software development process. In this standard – the definition of specification, design and validation processes and description of document for every process must be given.
Thus, product standard is applied to output of software process and process standard defines specific process activities.
Why software standard is important?
Following are some reasons that represent the importance of software standard –
- Use of software standards by the company is useful in avoiding the past mistakes. The standard helps in capturing the necessary and important things that are required for development of software.
- The standards provide the solid framework for quality assurance processes.
- The standards help the next person to continue previous person’s work without breaking any continuity. Thus, if a new employee joins the ongoing software project then his learning efforts get reduced due to the software standards.
For conducting the quality assurance activity normally, a separate team is maintained. This is called as quality assurance team. This team defines the software standards based on organisational, national and international standards. They maintain a handbook for this process and product standards. For example
What are the problems faced by quality assurance team?
- Software engineers sometimes think that the product standard which is set by the company is irrelevant. Hence they become reluctant in adopting these standards.
- Some standards may require tedious form feeling and work recording activity. Hence technical persons always try to find some good reasons for making such standards inappropriate.
To avoid these problems in establishing the product standards following are some possible solutions –
- Involve software engineers in developing the product standard so that they can understand the need of particular standard.
- Review and modify the standard periodically in order to adopt the new changes.
- Make use of automated software tool to support the standard whenever possible.
Sometimes, it is just not possible to layout specific process standard because different types of software may require different processes to be followed. Hence it will be inappropriate to dictate particular way of working. Hence it is the responsibility of project manager to define the process standard as per the requirement of the process.
In order to bring quality in the product and service, many organizations are the adopting the quality assurance system. The quality assurance systems are organizational structures that are used to bring quality in responsibilities, procedures, processes and resources. ISO 9000 is a family of quality assurance system. It can be applied to all types of organizations. It doesn’t matter what size they are or what they do. It can help both product and service-oriented organizations to achieve standards of quality. ISO 9000 is (maintained by ISO, the International Organization for Standardization and is administered by accreditation and certification bodies. In ISO 9000, company’s quality System and operations are scrutinized by third-party auditors for a compliance to the Standard and effective operation. This process is called registration to ISO 9000. On Successful registration, the company gets a certification from accreditation bodies of ISO. Such a company is then called “ISO certified company”.
ISO 9001:2000 is a quality assurance standard which is applied to software engineering systems. It focuses on process flows, customer satisfaction, and the Continual improvement of quality management systems. ISO 9001:2000 specifies requirements for a quality system that can be applied to any size or type of organization. The guideline steps for ISO 9001:2000 are:
- Establish quality management system – Identify and manage the processes in the quality management system.
- Document the quality management system
- Support the quality
- “Satisfy the customers
- Establish quality policy
- Conduct quality, planning
- Control quality systems
- Perform management reviews
- Provide quality resources
- provide quality personnel
- Provide quality infrastructure
- Provide quality environment
- Control realization planning
- Control customer processes
- Control product development
- Control purchasing functions
- Control operational activities
- Control monitoring devices
- Control non confirming products
- Analyze quality information
- Make quality improvement
The ISO 9000 helps in creating organisational quality manuals. These quality manuals identify the organisational quality processes. Using these quality manuals, the project quality plan can be prepared for every individual project. Thus, project quality management can be done.
This is illustrated by following figure – Documentation Standard
Documentation standards are useful for representing the software and software processes. There are three types of documentation standards
- Documentation Process standard: It defines the standard processes that needs to be executed.
- 2. Document standards: It defines the format of document.
- Document interchange standards: It ensures that all the copies of the documents are as per the standard. While, deciding the document standard there must be flexibility and all types of documents must be accepted.
The documentation process is illustrated by following image. It is performed in three stages – creation, refining and production. The document creation is an iterative process in which after creation of initial draft, it is reviewed and modified until the acceptable quality is achieved.
- Quality planning can be defined as the process in which the quality plan for the project is prepared. It must include the desired software qualities and description on how to access these qualities.
- Quality plan must be helpful in producing high quality software.
- Quality plan must select appropriate organisational standards for the software product.
- Humphrey had outlined the structure of quality plan and it is as given below
In this section the product description must be given. The end user of this product, and expected qualities of the product must also be mentioned.
Product schedule and deadlines must be specified in this section. Responsibilities for the product along with the plan can also be mentioned under this section.
The development and service processes required for the product development and management must be described under this section.
- Quality Goals
Under this section quality goals and plans for the product are specified. Along with this, justification for the attributes of critical product can also be given.
- Risk identification and management
The key risks that can affect the quality of the product must be identified and specified under this section. Along with these risks there should be the description of the corrective actions for managing such risks.
- The quality plan must be as short as possible.
- Following are some quality attributes that must be required during quality
Quality control is the activity of monitoring the software development process so that software procedures and standards can be ensured for their quality. The quality of the product can be checked using following approaches –
1) Software Review – The software review is conducted by the group of people. This group checks whether or not the software getting developed is as per the quality standards. If any variations are presented from the standard then software reviewers note them and are informed to the project manager.
2) Automated Software assessment – The software and software documents can be produced by automated programs and are compared to the standards. The Software attributes can also be measured in this assessment.
- This is the common method of validating the quality of software product. The software quality review is carried out by group of people. Then its conclusions are formally noted and passed to the responsible person.
- Various types of review are
- Program inspection
The program must be examined and a checklist of possible errors is created for review.
- Progress reviews
The progress of the project must be reported. This review must consider the project schedule, cost and plan.
- Quality reviews
In this review, technical analysis of the product and documentation is done. Review expects that there should not be any mismatch of the quality standards for software design, code and documentation.
- Review team consists of three to four members. One of the members is senior designer and can take major technical decisions. The project members can also take part in the software review. But they may be involved only in the review of the affected part. For effective review of the software, it is necessary that the review team must understand the software documents.
- Review should be relatively short. During the review the chair person must ensure that all the written comments are discussed. Then he/she must sign the record of comments and associated actions upon. If major changes are suggested in the software then further follow-on review must be conducted.
Software metric is type of software measurement which is related to software system, process or related documentation. Software measurement derives a numeric value for some attribute of software product or software process. This value is then compared to the standards for drawing the conclusion about the quality of software product. For examples total number of lines in the code or total number of faults in the delivered product can be considered as software measure.
Software metric can be a control metric or a predicator metric. The control metrics are associated with software processes. For example, the average effort estimation required for repairing the defects.
- Predicator metrics are associated with software products. For example, the average number of operations associated with some product or component.
Software Quality Attributes
There are two types of software attributes –
- External Attribute
- External attributes are those attributes that can be seen by the user as well as by developer. These attributes depict the basic characteristics of qualitative software. For example : Maintainability, understandability and usability are external attributes.
- These attributes are affected by many other factors and they cannot be measured directly.
- Internal Attribute
- Internal attributes are those attributes that can eb measured directly. For example size of software in terms of lines of code, total number of procedure parameters.
There exists a relationship between external and internal attributes.
Step 3: Measure the components characteristics
Measure the selected components in order to obtain the values of software metric associated with this component. Compare this value with other component’s metric and with previous project’s metric.
Stap 4: Identify anomalous component
If we obtain the software metric value of the analysed component which is too high or too low than the other component’s software metrics then such a component is considered to be anomalous component.
Step5: Analyse anomalous component
If we obtain some anomalous components, then that component needs to be analysed in more detail to check whether the quality of it was compromised or not.
Various characteristics of the product can be measured using product metric. There are two types of product metrics –
- Dynamic metrics
This type of metric is collected during the program execution. During the dynamic measurement, how much time is required by some function to execute is calculated. Thus, it helps to compute the efficiency and reliability of program. Dynamic metrics can have direct relationship with quality attribute. Dynamic metric is related to system efficiency.
- Static metrics
This type of metric is collected during, design, coding or documentation phase. The static metric helps to access the complexity, understandability and maintainability of software system. The static metric have indirect relationship with quality attributes.
Various static product metrics are
- a) Fan-in and Fan-out : High value of fan-in means called function is tightly coupled with rest of the system design. Any changes made in the system design may affect the called function. High value of fan-out means the calling function is complex and high level of control logic is required.
- b) Length of code : This component denotes the size of the software component. If there is a large number of lines of code then that means the corresponding software component is complex and error prone. Thus length of the code represents the reliability of the code.
- c) Length of identifiers : This attribute denotes the length of the identifier which is present in the program. If the length of the identifier is long then it indicates
that the identifier name is meaningful. And meaningful identifiers enhance the understandability of the code.
- d) Cyclomatic complexity: It represents the control complexity of the program. The control complexity is related to the program understandability.
- e) Depth of conditional nesting: This measure represents how deep is the nested if statement. If the nested if statements are very deep then program becomes hard to understand and it becomes error-prone.
- f) Fog index: It represents total number of words and sentences in the software document. If fog index is high then that means the document is lengthy and hard to understand.
Many software companies think that software improvement as the way of enhancing the software quality. Process improvement means understanding the existing process and changing these processes to increase the product quality, to reduce the cost and/or to reduce the development time in order to accelerate the project.
Following are process attributes focusing on the concept of process improvement-
“Is the process definition easy to understand?” -this aspect is focused for understandability.
“Do the process activities happen in such a manner that the progress of process is visible?” – this aspect is focused for visibility.
“Is the process design in such a manner that the process errors are avoided before introduced in the product as the product error?” – this aspect is focused for reliability.
“To what extent the CASE tools support the process activities?” – this aspect is focused.
“Will the system continue to work even if some unexpected errors occur?” – this aspect is focused.
“is the desired process acceptable for producing the software product?” – this aspect is focused.
“How fast the processes can be delivered into the system?” – this aspect is focused.
“Can the process evolve if any changes or modifications occur in the system? this aspect is focused.
Process improvement is the crucial activity and involves following stages –
- Process Improvement
Current project attributes are measured. Then identify the process that needs to be improved.
- Process Analysis
The identified process is analysed to obtain the bottlenecks and weaknesses.
- Process Change
After the analysis phase some processed need to get changes. In this phase the requirement changes are incorporated in the process.
Process and Product Quality
If processes are improved for avoiding the defects, then it will lead to better products. Software quality is dependant upon the design process. In design process individual human capabilities are of great importance. Hence people involved in the process are sometimes more important than the process.
There are four main factors that affect the product and those are –
1) Process quality
2) Development technology
3) People skills
4) Project cost and schedule
There are four classes of software processes – software quality assurance
- Informal Processes
In this category there is no formal process model defined. Rather the development team decides the procedures and the relationship between the procedures.
- Managed Processes
In this category a formal process model is used for software development. The procedure, the relationship among the procedures and process schedule is well defined by the process model.
- Methodical processes
In software development process certain methods (such as structured methods or object oriented methods) can be used. There are some CASE tools that support the standard processes. Hence design and analysis process can be carried out with the help of such case tools.
- Improving processes
For improving the existing process some budget may be decided and software development occurs for improving the identified process.
Process Analysis and Modelling
The process analysis and design modelling is concerned with studying the existing processes. There are two types of process models used for analysis of process – software quality assurance
1) Abstract process model
2) Detailed process model
Abstract Process model
- In the initial stage of process analysis,software quality assurance formal process model can be used. The formal process models are abstract and define only principle process activities and deliverables. Formal process model makes use of following two techniques for analysis of the process.