Slide 11.1 © The McGraw-Hill Companies, 2002 Object-Oriented and Classical Software Engineering Fifth Edition, WCB/McGraw-Hill, 2002 Stephen R. Schach

Slide 11.2 © The McGraw-Hill Companies, 2002 CHAPTER 11 SPECIFICATION PHASE

Slide 11.3 © The McGraw-Hill Companies, 2002 Overview l The specification document l Informal specifications l Structured systems analysis l Other semiformal techniques l Entity-relationship modeling l Finite state machines l Petri nets l Other formal techniques

Slide 11.4 © The McGraw-Hill Companies, 2002 Overview (contd) l Comparison of specification techniques l Testing during the specification phase l CASE tools for the specification phase l Metrics for the specification phase l Air Gourmet Case Study: structured systems analysis l Air Gourmet Case Study: software project management plan l Challenges of the specifications phase

Slide 11.5 © The McGraw-Hill Companies, 2002 Specification Phase l Specification document must be –Informal enough for client –Formal enough for developers –Free of omissions, contradictions, ambiguities

Slide 11.6 © The McGraw-Hill Companies, 2002 Specification Document l Constraints –Cost –Time –Parallel running –Portability –Reliability –Rapid response time

Slide 11.7 © The McGraw-Hill Companies, 2002 Specification Document (contd) l Acceptance criteria –Vital to spell out series of tests –Product passes tests, deemed to satisfy specifications –Some are restatements of constraints

Slide 11.8 © The McGraw-Hill Companies, 2002 Solution Strategy l General approach to building the product l Find strategies without worrying about constraints l Modify strategies in the light of constraints, if necessary l Keep a written record of all discarded strategies, and why they were discarded –To protect the specification team –To prevent unwise new “solutions” during the maintenance phase

Slide 11.9 © The McGraw-Hill Companies, 2002 Informal Specifications l Example “If sales for current month are below target sales, then report is to be printed, unless difference between target sales and actual sales is less than half of difference between target sales and actual sales in previous month, or if difference between target sales and actual sales for the current month is under 5%”

Slide © The McGraw-Hill Companies, 2002 Meaning of Specification l Sales target for January was $100,000, actual sales were only $64,000 (36% below target) –Print report l Sales target for February was $120,000, actual sales were only $100,000 (16.7% below target) –Percentage difference for February (16.7%) less than half of previous month’s percentage difference (36%), do not print report l Sales target for March was $100,000, actual sales were $98,000 (2% below target) –Percentage difference < 5%, do not print

Slide © The McGraw-Hill Companies, 2002 But Specifications Do Not Say This l “[D]ifference between target sales and actual sales” –There is no mention of percentage difference l Difference in January was $36,000, difference in February was $20,000 –Not less than half of $36,000, so report is printed l “[D]ifference … [of] 5%” –Again, no mention of percentage l Ambiguity—should the last clause read “percentage difference … [of] 5%” or “difference … [of] $5,000” or something else entirely? l Style is poor

Slide © The McGraw-Hill Companies, 2002 Informal Specifications (contd) l Claim –This cannot arise with professional specifications writers l Refutation –Text Processing case study

Slide © The McGraw-Hill Companies, 2002 Episode 1 l 1969 — Naur Paper Given a text consisting of words separated by blank or by nl (new line) characters, convert it to line-by-line form in accordance with following rules: (1) line breaks must be made only where given text has blank or nl ; (2)each line is filled as far as possible, as long as (3)no line will contain more than maxpos characters l Naur constructed a procedure (25 lines of Algol 60), and informally proved its correctness

Slide © The McGraw-Hill Companies, 2002 Episode 2 l 1970 — Reviewer in Computing Reviews –First word of first line is preceded by a blank unless the first word is exactly maxpos characters long

Slide © The McGraw-Hill Companies, 2002 Episode 3 l 1971 — London found 3 more faults –Including: procedure does not terminate unless a word longer than maxpos characters is encountered

Slide © The McGraw-Hill Companies, 2002 Episode 4 l 1975 — Goodenough and Gerhart found 3 further faults –Including—last word will not be output unless it is followed by blank or nl l Goodenough and Gerhart then produced new set of specifications, about four times longer than Naur’s

Slide © The McGraw-Hill Companies, 2002 Case Study (contd) l 1985 — Meyer detected 12 faults in Goodenough and Gerhart’s specifications l Goodenough and Gerhart’s specifications –Were constructed with the greatest of care –Were constructed to correct Naur’s specifications –Went through two versions, carefully refereed –Were written by experts in specifications –With as much time as they needed –For a product about 30 lines long l What chance do we have of writing fault-free specifications for a real product?

Slide © The McGraw-Hill Companies, 2002 Episode 5 l 1989 — Schach found fault in Meyer’s specifications –Item (2) of Naur’s original requirement (“each line is filled as far as possible”) is not satisfied

Slide © The McGraw-Hill Companies, 2002 Informal Specifications l Conclusion –Natural language is not a good way to specify product l Fact –Many organizations still use natural language, especially for commercial products l Reasons –Uninformed management –Undertrained computer professionals –Management gives in to client pressure –Management is unwilling to invest in training

Slide © The McGraw-Hill Companies, 2002 Structured Systems Analysis l Three popular graphical specification methods of ’70s –DeMarco –Gane and Sarsen –Yourdon l All equivalent l All equally good l Many U.S. corporations use them for commercial products l Gane and Sarsen used for object-oriented design

Slide © The McGraw-Hill Companies, 2002 Structured Systems Analysis Case Study Sally’s Software Store buys software from various suppliers and sells it to the public. Popular software packages are kept in stock, but the rest must be ordered as required. Institutions and corporations are given credit facilities, as are some members of the public. Sally’s Software Store is doing well, with a monthly turnover of 300 packages at an average retail cost of $250 each. Despite her business success, Sally has been advised to computerize. Should she? l Better question –What sections? l Still better –How? Batch, or online? In-house or out-service?

Slide © The McGraw-Hill Companies, 2002 Case Study (contd) l Fundamental issue –What is Sally’s objective in computerizing her business? l Because she sells software? –She needs an in-house system with sound and light effects l Because she uses her business to launder “hot” money? –She needs a product that keeps five different sets of books, and has no audit trail l Assume: Computerization “in order to make more money” –Cost/benefit analysis for each section of business

Slide © The McGraw-Hill Companies, 2002 Case Study (contd) l The danger of many standard approaches –First produce the solution, then find out what the problem is! l Gane and Sarsen’s method –Nine-step method –Stepwise refinement is used in many steps

Slide © The McGraw-Hill Companies, 2002 Case Study (contd) l Data flow diagram (DFD) shows logical data flow –“what happens, not how it happens”

Slide © The McGraw-Hill Companies, 2002 Step 1. Draw the DFD l First refinement l Infinite number of possible interpretations

Slide © The McGraw-Hill Companies, 2002 Step 1 (contd) l Second refinement l pending orders scanned daily

Slide © The McGraw-Hill Companies, 2002 Step 1 (contd) l Portion of third refinement

Slide © The McGraw-Hill Companies, 2002 Step 1 (contd) l Final DFD –Larger, But easily understood by client l Larger DFDs –Hierarchy –Box becomes DFD at lower level l Frequent problem –Process P at level L, expanded at level L+1 –Correct place for sources and destinations of data for process P is level L+1 –Clients cannot understand DFD—sources and destinations of data for P are “missing” l Solution –Draw “correct” DFD, modify by moving sources and destinations of data one or more levels up

Slide © The McGraw-Hill Companies, 2002 Step 2. Decide What Parts to Computerize l Depends on how much client is prepared to spend l Large volumes, tight controls –Batch l Small volumes, in-house microcomputer –Online l Cost/benefit analysis

Slide © The McGraw-Hill Companies, 2002 Step 3. Refine Data Flows l Data items for each data flow l Refine each flow stepwise l Refine further l Need a data dictionary

Slide © The McGraw-Hill Companies, 2002 Step 3. Refine Data Flows (contd) l Sample data dictionary entries

Slide © The McGraw-Hill Companies, 2002 Step 4. Refine Logic of Processes Have process give educational discount –Sally must explain discount for educational institutions –10% on up to 4 packages, 15% on 5 or more l Translate into decision tree

Slide © The McGraw-Hill Companies, 2002 Step 4 (contd) l Advantage of decision tree –Missing items are quickly apparent l Can also use decision tables –CASE tools for automatic translation

Slide © The McGraw-Hill Companies, 2002 Step 5. Refine Data Stores l Define exact contents and representation (format) –COBOL: specify to pic level –Ada: specify digits or delta l Specify where immediate access is required –Data immediate access diagram (DIAD)

Slide © The McGraw-Hill Companies, 2002 Step 6. Define Physical Resources l For each file, specify –File name –Organization (sequential, indexed, etc.) –Storage medium –Blocking factor –Records (to field level)

Slide © The McGraw-Hill Companies, 2002 Step 7. Determine Input/Output Specs l Specify input forms, input screens, printed output

Slide © The McGraw-Hill Companies, 2002 Step 8. Perform Sizing l Numerical data for Step 9 to determine hardware requirements –Volume of input (daily or hourly) –Size, frequency, deadline of each printed report –Size, number of records passing between CPU and mass storage –Size of each file

Slide © The McGraw-Hill Companies, 2002 Step 9. Hardware Requirements l DASD requirements l Mass storage for back-up l Input needs l Output devices l Is existing hardware adequate? l If not, recommend buy/lease

Slide © The McGraw-Hill Companies, 2002 However l Response times cannot be determined l Number of I/O channels can only be guessed l CPU size and timing can only be guessed l Nevertheless, no other method provides these data for arbitrary products l The method of Gane and Sarsen/De Marco/Yourdon has resulted in major improvements in the software industry

Slide © The McGraw-Hill Companies, 2002 Entity-Relationship Diagrams l Semi-formal technique l Widely used for specifying databases l Used for object-oriented analysis

Slide © The McGraw-Hill Companies, 2002 Entity-Relationship Diagrams (contd) l Many-to-many relationship l More complex entity-relationship diagrams

Slide © The McGraw-Hill Companies, 2002 Formality versus Informality l Informal method –English (or other natural language) l Semiformal methods –Gane & Sarsen/DeMarco/Yourdon –Entity-Relationship Diagrams –Jackson/Orr/Warnier, –SADT, PSL/PSA, SREM, etc. l Formal methods –Finite State Machines –Petri Nets –Z –ANNA, VDM, CSP, etc.

Slide © The McGraw-Hill Companies, 2002 Finite State Machines l Case study A safe has a combination lock that can be in one of three positions, labeled 1, 2, and 3. The dial can be turned left or right (L or R). Thus there are six possible dial movements, namely 1L, 1R, 2L, 2R, 3L, and 3R. The combination to the safe is 1L, 3R, 2L; any other dial movement will cause the alarm to go off

Slide © The McGraw-Hill Companies, 2002 Finite State Machines (contd) l Transition table

Slide © The McGraw-Hill Companies, 2002 Extended Finite State Machines l Extend FSM with global predicates l Transition rules have form state and event and predicate  new state

Slide © The McGraw-Hill Companies, 2002 Elevator Problem A product is to be installed to control n elevators in a building with m floors. The problem concerns the logic required to move elevators between floors according to the following constraints: 1.Each elevator has a set of m buttons, one for each floor. These illuminate when pressed and cause elevator to visit corresponding floor. Illumination is canceled when corresponding floor is visited by elevator 2.Each floor, except the first and the top floor, has 2 buttons, one to request an up-elevator, one to request a down-elevator. These buttons illuminate when pressed. The illumination is canceled when an elevator visits the floor, then moves in the desired direction 3.If an elevator has no requests, it remains at its current floor with its doors closed

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: FSM l Two sets of buttons –Elevator buttons—in each elevator, one for each floor –Floor buttons—two on each floor, one for up-elevator, one for down-elevator EB(e, f): Elevator Button in elevator e pressed to request floor f

Slide © The McGraw-Hill Companies, 2002 Elevator Buttons (contd) l Two states EBON(e, f):Elevator Button (e,f) ON EBOFF(e,f):Elevator Button (e,f) OFF –If button is on and elevator arrives at floor f, then light turned off –If light is off and button is pressed, then light comes on

Slide © The McGraw-Hill Companies, 2002 Elevator Buttons (contd) l Two events EBP(e,f):Elevator Button (e,f) Pressed EAF(e,f):Elevator e Arrives at Floor f l Global predicate V(e,f): Elevator e is Visiting (stopped at) floor f l Transition Rules EBOFF(e,f) and EBP(e,f) and not V(e,f)  EBON(e,f) EBON(e,f) and EAF(e,f) Þ EBOFF(e,f)

Slide © The McGraw-Hill Companies, 2002 Floor Buttons l Floor buttons FB(d, f): Floor Button on floor f that requests elevator traveling in direction d l States FBON(d, f):Floor Button (d, f) ON FBOFF(d, f):Floor Button (d, f) OFF –If floor button is on and an elevator arrives at floor f, traveling in correct direction d, then light is turned off –If light is off and a button is pressed, then light comes on

Slide © The McGraw-Hill Companies, 2002 Floor Buttons (contd) l Events FBP(d, f):Floor Button (d, f) Pressed EAF(1..n, f):Elevator 1 or … or n Arrives at Floor f l Predicate S(d, e, f):elevator e is visiting floor f Direction of motion is up (d = U), down (d = D), or no requests are pending (d = N) l Transition rules FBOFF(d, f) and FBP(d, f) and not S(d, 1..n, f)  FBON(d, f) FBON(d, f) and EAF(1..n, f) and S(d, 1..n, f)  FBOFF(d, f), d = U or D

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: FSM (contd) l State of elevator consists of component substates, including: –Elevator slowing –Elevator stopping –Door opening –Door open with timer running –Door closing after a timeout

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: FSM (contd) l Assume elevator controller moves elevator through substates –Three elevator states M(d, e, f):Moving in direction d (floor f is next) S(d, e, f):Stopped (d-bound) at floor f W(e,f):Waiting at floor f (door closed) –For simplicity, three stopped states S(U, e, f), S(N, e, f), and S(D, e, f) are grouped into one larger state

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: FSM (contd)

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: FSM (contd) l Events DC(e,f):Door Closed for elevator e, floor f ST(e,f):Sensor Triggered as elevator e nears floor f RL:Request Logged (button pressed) l Transition Rules If elevator e is in state S(d, e, f) (stopped, d-bound, at floor f), and doors close, then elevator e will move up, down, or go into wait state DC(e,f) and S(U, e, f)  M(U, e, f+1) DC(e,f) and S(D, e, f)  M(D, e, f-1) DC(e,f) and S(N, e, f)  W(e,f)

Slide © The McGraw-Hill Companies, 2002 Power of FSM to Specify Complex Systems l No need for complex preconditions and postconditions l Specifications take the simple form current state and event and predicate  next state

Slide © The McGraw-Hill Companies, 2002 Power of FSM to Specify Complex Systems l Using an FSM, a specification is –Easy to write down –Easy to validate –Easy to convert into design –Easy to generate code automatically –More precise than graphical methods –Almost as easy to understand –Easy to maintain l However –Timing considerations are not handled

Slide © The McGraw-Hill Companies, 2002 Who Is Using FSMs? l Commercial products –Menu driven –Various states/screens –Automatic code generation a major plus l System software –Operating system –Word processors –Spreadsheets l Real-time systems –Statecharts are a real-time extension of FSMs »CASE tool: Rhapsody

Slide © The McGraw-Hill Companies, 2002 Petri Nets l A major difficulty with specifying real-time systems is timing –Synchronization problems –Race conditions –Deadlock l Often a consequence of poor specifications

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l Petri nets –Powerful technique for specifying systems with potential timing problems l A Petri net consists of four parts: –Set of places P –Set of transitions T –Input function I –Output function O

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l Set of places P is {p 1, p 2, p 3, p 4 } l Set of transitions T is {t 1, t 2 } l Input functions: I(t 1 ) = {p 2, p 4 } I(t 2) = {p 2 } l Output functions: O(t 1 ) = {p 1 } O(t 2 ) = {p 3, p 3 }

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l More formally, a Petri net is a 4-tuple C = (P, T, I, O) l P = {p 1, p 2,…,p n } is a finite set of places, n ≥ 0 l T = {t 1, t 2,…,t m } is a finite set of transitions, m ≥ 0, with P and T disjoint I : T  P ∞ is input function, mapping from transitions to bags of places O : T  P ∞ is output function, mapping from transitions to bags of places l (A bag is a generalization of sets which allows for multiple instances of element in bag, as in example above) l Marking of a Petri net is an assignment of tokens to that Petri net

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l Four tokens, one in p 1, two in p 2, none in p 3, and one in p 4 –Represented by vector (1,2,0,1) l Transition is enabled if each of its input places has as many tokens in it as there arcs from the place to that transition

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l Transition t 1 is enabled (ready to fire) –If t 1 fires, one token is removed from p 2 and one from p 4, and one new token is placed in p 1 l Important: Number of tokens is not conserved l Transition t 2 is also enabled

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l Petri nets are indeterminate –Suppose t 1 fires l Resulting marking is (2,1,0,0)

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l Now only t 2 is enabled –It fires l Marking is now (2,0,2,0)

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l More formally, a marking M of a Petri net C = (P, T, I, O) is a function from the set of places P to the non-negative integers N M : P  N l A marked Petri net is then 5-tuple (P, T, I, O, M )

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l Inhibitor arcs –Inhibitor arc is marked by small circle, not arrowhead l Transition t 1 is enabled –In general, transition is enabled if at least one token on each (normal) input arc, and no tokens on any inhibitor input arcs

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net l Product is to be installed to control n elevators in a building with m floors –Each floor represented by place F f, 1  f  m –Elevator represented by token –Token in F f denotes that an elevator is at floor F f

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net (contd) l First constraint 1.Each elevator has a set of m buttons, one for each floor. These illuminate when pressed and cause the elevator to visit the corresponding floor. The illumination is canceled when the corresponding floor is visited by an elevator l Elevator button for floor f is represented by place EB f, 1  f  m l Token in EB f denotes that the elevator button for floor f is illuminated

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net (contd) l A button must be illuminated the first time button is pressed and subsequent button presses must be ignored l If button EB f is not illuminated, no token in place and transition EB f pressed is enabled –Transition fires, new token is placed in EB f l Now, no matter how many times button is pressed, transition EB f pressed cannot be enabled

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net (contd) l When elevator reaches floor g, token is in place F g, transition Elevator in action is enabled, and then fires –Tokens in EB f and F g removed –This turns off light in button EB f –New token appears in F f –This brings elevator from floor g to floor f

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net (contd) l Motion from floor g to floor f cannot take place instantaneously –Timed Petri nets

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net (contd) l Second constraint 2.Each floor, except the first and the top floor, has 2 buttons, one to request an up-elevator, one to request a down-elevator. These buttons illuminate when pressed. The illumination is canceled when the elevator visits the floor, and then moves in desired direction l Floor buttons represented by places FB u f and FB d f

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net (contd)

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net (contd) The situation when an elevator reaches floor f from floor g with one or both buttons illuminated –If both buttons are illuminated, only one is turned off –(A more complex model is needed to ensure that the correct light is turned off)

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Petri Net (contd) l Third constraint C 3.If an elevator has no requests, it remains at its current floor with its doors closed l If no requests, no Elevator in action transition is enabled

Slide © The McGraw-Hill Companies, 2002 Petri Nets (contd) l Petri nets can also be used for design l Petri nets possess the expressive power necessary for specifying timing aspects of real-time systems

Slide © The McGraw-Hill Companies, 2002 Z (“zed”) l Formal specification language l High squiggle factor l Z specification consists of four sections: –1.Given sets, data types, and constants –2.State definition –3.Initial state –4.Operations

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Z l 1. Given Sets l Sets that need not be defined in detail –Names appear in brackets –Here we need the set of all buttons –Specification begins [Button]

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Z (contd) l 2. State Definition l Z specification consists of a number of schemata –Schema consists of group of variable declarations, plus –List of predicates that constrain values of variables

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Z (contd) l Four subsets of Button –The floor buttons –The elevator buttons –buttons (the set of all buttons in the elevator problem) –pushed (the set of buttons that have been pushed)

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Z (contd) l Schema Button_State

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Z (contd) l 3. Initial State l State when the system is first turned on Button_Init  [Button_State' | pushed' =  ] –(In the above equation, the  should be a = with a ^ on top. Unfortunately, this is hard to type in PowerPoint!)

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Z (contd) l 4. Operations l Button pushed for first time is turned on, and added to set pushed l Without third precondition, results would be unspecified

Slide © The McGraw-Hill Companies, 2002 Elevator Problem: Z (contd) l If elevator arrives at a floor, the corresponding button(s) must be turned off l The solution does not distinguish between up and down floor buttons

Slide © The McGraw-Hill Companies, 2002 Analysis of Z l Most widely used formal specification language –CICS (part) –Oscilloscope –CASE tool –Large-scale projects (esp. Europe)

Slide © The McGraw-Hill Companies, 2002 Analysis of Z (contd) l Difficulties –Symbols –Mathematics l Reasons for great success –Easy to find faults in Z specification –Specifier must be extremely precise –Can prove correctness –Only high-school math needed to read Z –Decreases development time –“Translation” clearer than informal specification

Slide © The McGraw-Hill Companies, 2002 Other Formal Methods l Anna –Ada l Gist, Refine –Knowledge-based l VDM –Denotational semantics l CSP –Sequence of events –Executable specifications –High squiggle factor

Slide © The McGraw-Hill Companies, 2002 Comparison of Specification Techniques l We must always choose the appropriate specification method l Formal methods –Powerful –Difficult to learn and use l Informal methods –Little power –Easy to learn and use l Trade-off – Ease of use versus power

Slide © The McGraw-Hill Companies, 2002 Comparison of Specification Techniques (contd)

Slide © The McGraw-Hill Companies, 2002 Newer Methods l Many are untested in practice l Risks –Training costs –Adjustment from classroom to actual project –CASE tools may not work properly l However, possible gains may be huge

Slide © The McGraw-Hill Companies, 2002 Which Specification Method to Use? l Depends on the –Project –Development team –Management team –Myriad other factors l It is unwise to ignore the latest developments

Slide © The McGraw-Hill Companies, 2002 Testing during the Specification Phase l Specification inspection –Checklist l Doolan [1992] –2 million lines of FORTRAN –1 hour of inspecting saved 30 hours of execution-based testing

Slide © The McGraw-Hill Companies, 2002 CASE Tools for the Specification Phase l Graphical tool l Data dictionary –Integrate them l Specification method without CASE tools fails –SREM

Slide © The McGraw-Hill Companies, 2002 CASE Tools for the Specification Phase l Typical tools –Analyst/Designer –Software through Pictures –System Architect

Slide © The McGraw-Hill Companies, 2002 Metrics for the Specification Phase l Five fundamental metrics l Quality –Fault statistics –Number, type of each fault –Rate of detection l Metrics for “predicting” size of target product –Total number of items in data dictionary –Number of items of each type –Processes vs. modules

Slide © The McGraw-Hill Companies, 2002 Air Gourmet Case Study: Structured Sys. Anal. l Data flow diagram reflects centrality of SPECIAL MEAL DATA l See Appendix E for remainder of structured systems analysis

Slide © The McGraw-Hill Companies, 2002 Air Gourmet Case Study: SPMP l The Software Project Management Plan is given in Appendix F

Slide © The McGraw-Hill Companies, 2002 Challenges of the Specification Phase l A specification document must be –Informal enough for the client; and –Formal enough for the development team l The specification phase (“what”) should not cross the boundary into the design phase (“how”) l Do not try to assign modules to process boxes of DFDs until the design phase