SE 3800NOTE 11QUALITY

Dr. Rob Hasker

Dr. Brad Dennis

Classic Quality Assurance Ensure follow process

Solid, reviewed requirementsReviewed designReviewed, passing tests

Why doesn’t “we did a good job” work? Why isn’t this model needed for Scrum? Why do we need something?

A little history

What’s the Hippocratic oath? Therac-25: medical linear accelerator

Generates high-energy beamsTargets tumors from multiple angles

June, 198561-year old woman receives radiation therapyShe received 15,000 to 20,000 rads

○ Typical therapeutic does: in range of 200 rads○ 1000 rads can be fatal

Her breast had to be removed, constant pain in arms Nov 3, 1985: patient dies after receiving 13,000 to

17,000 rads

A little history

March, April 1986Patient receives 16,500 to 25,000 rads in < 1 secWithin weeks: paralysis in an arm, legs, vocal cordsDied 5 months later

At least 3 other documented deaths Cause: poor software design

Interface assumed operators would type slowlyExperienced operators could type faster than SW

allowed, so data entry was setting a different field than shown on screen

Classic race condition: timing assumptions gone wrong

What is the root cause?

Simple root cause analysis: ask why 6 times

Multiple failures beyond designManufacturer: poor safety model

○ Relied on hardware reliability○ Reliability: likely to work ≠ safety: no harm

Hardware engineers: assumed SW worked○ Inadequate logs

SW Developers: poor specs, no processMedical authorities: slow to respond

But that can’t happen today, right?

July, 2015: Wired reports ability to remotely control JeepsSet radio blaringEngaged windshield

wipersDisabled acceleratorDisabled brakes

Method:Connect via cellularRewrite entertainment firmwareConnect to CAN busSend signals to engine, brakes, etc.

Software Quality Assurance Need a process to ensure SW well

designed, testedWho signs off on that in an agile model?What do they look for?

Open questions!!

SQA

Definition of software quality Goals Methods Quality metrics

CMMI

How can an organization establish it provides quality software?

One solution: capability maturity model

Another approach What can you accomplish by testing?

Showing the existence of bugsNOT: showing system has no bugs

Solution: prove system correctProvide formal specification

○ Basic tool: mathematics – esp. set theoryCan then prove theorems

LimitationsWriting specifications is difficultLimited support for theorems

Has been done for compilers, safety critical systemsEasy to dismiss, but strong limits to testing

Model-based Development

Proving code works

Z specification: