Post on 19-Jan-2016
transcript
SE 3800NOTE 11QUALITY
Dr. Rob Hasker
Dr. Brad Dennis
Classic Quality Assurance Ensure follow process
Solid, reviewed requirementsReviewed designReviewed, passing tests
Why doesn’t “we did a good job” work? Why isn’t this model needed for Scrum? Why do we need something?
A little history
What’s the Hippocratic oath? Therac-25: medical linear accelerator
Generates high-energy beamsTargets tumors from multiple angles
June, 198561-year old woman receives radiation therapyShe received 15,000 to 20,000 rads
○ Typical therapeutic does: in range of 200 rads○ 1000 rads can be fatal
Her breast had to be removed, constant pain in arms Nov 3, 1985: patient dies after receiving 13,000 to
17,000 rads
A little history
March, April 1986Patient receives 16,500 to 25,000 rads in < 1 secWithin weeks: paralysis in an arm, legs, vocal cordsDied 5 months later
At least 3 other documented deaths Cause: poor software design
Interface assumed operators would type slowlyExperienced operators could type faster than SW
allowed, so data entry was setting a different field than shown on screen
Classic race condition: timing assumptions gone wrong
What is the root cause?
Simple root cause analysis: ask why 6 times
Multiple failures beyond designManufacturer: poor safety model
○ Relied on hardware reliability○ Reliability: likely to work ≠ safety: no harm
Hardware engineers: assumed SW worked○ Inadequate logs
SW Developers: poor specs, no processMedical authorities: slow to respond
But that can’t happen today, right?
July, 2015: Wired reports ability to remotely control JeepsSet radio blaringEngaged windshield
wipersDisabled acceleratorDisabled brakes
Method:Connect via cellularRewrite entertainment firmwareConnect to CAN busSend signals to engine, brakes, etc.
Software Quality Assurance Need a process to ensure SW well
designed, testedWho signs off on that in an agile model?What do they look for?
Open questions!!
SQA
Definition of software quality Goals Methods Quality metrics
CMMI
How can an organization establish it provides quality software?
One solution: capability maturity model
Another approach What can you accomplish by testing?
Showing the existence of bugsNOT: showing system has no bugs
Solution: prove system correctProvide formal specification
○ Basic tool: mathematics – esp. set theoryCan then prove theorems
LimitationsWriting specifications is difficultLimited support for theorems
Has been done for compilers, safety critical systemsEasy to dismiss, but strong limits to testing
Model-based Development
Proving code works
Z specification: