Presentation is loading. Please wait.

Presentation is loading. Please wait.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

Published byLizbeth Summers Modified over 9 years ago

Similar presentations

Presentation on theme: "©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development."— Presentation transcript:

1 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development

2 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 2 Objectives l To explain how fault tolerance and fault avoidance contribute to the development of dependable systems l To describe characteristics of dependable software processes l To introduce programming techniques for fault avoidance l To describe fault tolerance mechanisms and their use of diversity and redundancy

3 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 3 Software dependability l In general, software customers expect all software to be dependable. However, for non-critical applications, they may be willing to accept some system failures. l Some applications, however, have very high dependability requirements and special software engineering techniques may be used to achieve this.

4 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 4 Dependability achievement l Fault avoidance The system is developed in such a way that human error is avoided and thus system faults are minimised. The development process is organised so that faults in the system are detected and repaired before delivery to the customer. l Fault detection Verification and validation techniques are used to discover and remove faults in a system before it is deployed. l Fault tolerance The system is designed so that faults in the delivered software do not result in system failure.

5 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 5 Diversity and redundancy l Redundancy Keep more than 1 version of a critical component available so that if one fails then a backup is available. l Diversity Provide the same functionality in different ways so that they will not fail in the same way. l However, adding diversity and redundancy adds complexity and this can increase the chances of error. l Some engineers advocate simplicity and extensive V & V is a more effective route to software dependability.

6 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 6 Diversity and redundancy examples l Redundancy. Where availability is critical (e.g. in e-commerce systems), companies normally keep backup servers and switch to these automatically if failure occurs. l Diversity. To provide resilience against external attacks, different servers may be implemented using different operating systems (e.g. Windows and Linux)

7 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 7 Fault-free software l Current methods of software engineering now allow for the production of fault-free software, at least for relatively small systems. l Fault-free software means software which conforms to its specification. It does NOT mean software which will always perform correctly as there may be specification errors. l The cost of producing fault free software is very high. It is only cost-effective in exceptional situations. It is often cheaper to accept software faults and pay for their consequences than to expend resources on developing fault-free software.

8 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 8 Fault-free software development l Dependable software processes l Quality management l Formal specification l Static verification l Strong typing l Safe programming l Protected information

9 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 9 Development costs l Costs of fault-free development are very high and increase exponentially as the number of faults in the system lessens. l As faults are removed during development, more and more effort must be expended to discover and remove remaining elusive faults

10 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 10 Fault removal costs a

11 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 11 Dependable processes l To ensure a minimal number of software faults, it is important to have a well-defined, repeatable software process. l A well-defined repeatable process is one that does not depend entirely on individual skills; rather can be enacted by different people. l For fault detection, it is clear that the process activities should include significant effort devoted to verification and validation.

12 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 12 Process diversity and redundancy l You should not assume that your process activities (e.g. testing) are fault-free. Therefore, for a dependable process you need diverse and redundant process activities Redundancy. Use different methods to address the same problem - e.g. static analysis and program reviews. Diversity. Use techniques that are different - natural language specification and formal specification.

13 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 13 Dependable process characteristics

14 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 14 Validation activities l Requirements inspections. l Requirements management. l Model checking. l Design and code inspection. l Static analysis. l Test planning and management. l Configuration management, discussed in Chapter 29, is also essential.

15 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 15 Dependable programming l Use programming constructs and techniques that contribute to fault avoidance and fault tolerance Design for simplicity; Protect information from unauthorised access; Minimise the use of unsafe programming constructs.

16 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 16 Information protection l Information should only be exposed to those parts of the program which need to access it. This involves the creation of objects or abstract data types that maintain state and that provide operations on that state. l This avoids faults for three reasons: the probability of accidental corruption of information is reduced; the information is surrounded by ‘firewalls’ so that problems are less likely to spread to other parts of the program; as all information is localised, you are less likely to make errors and reviewers are more likely to find errors.

17 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 17 A queue specification in Java

18 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 18 Signal declaration in Java

19 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 19 Safe programming l Faults in programs are usually a consequence of programmers making mistakes. l These mistakes occur because people lose track of the relationships between program variables. l Some programming constructs are more error-prone than others so avoiding their use reduces programmer mistakes.

20 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 20 Structured programming l First proposed in 1968 as an approach to development that makes programs easier to understand and that avoids programmer errors. l Programming without gotos. l While loops and if statements as the only control statements. l Top-down design. l An important development because it promoted thought and discussion about programming.

21 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 21 Error-prone constructs l Floating-point numbers Inherently imprecise. The imprecision may lead to invalid comparisons. l Pointers Pointers referring to the wrong memory areas can corrupt data. Aliasing can make programs difficult to understand and change. l Dynamic memory allocation Run-time allocation can cause memory overflow. l Parallelism Can result in subtle timing errors because of unforeseen interaction between parallel processes. l Recursion Errors in recursion can cause memory overflow.

22 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 22 Error-prone constructs l Interrupts Interrupts can cause a critical operation to be terminated and make a program difficult to understand. l Inheritance Code is not localised. This can result in unexpected behaviour when changes are made and problems of understanding. l Aliasing Using more than 1 name to refer to the same state variable. l Unbounded arrays Buffer overflow failures can occur if no bound checking on arrays. l Default input processing An input action that occurs irrespective of the input.

23 ©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 23 l Dependability in a system can be achieved through fault avoidance, fault detection and fault tolerance. l The use of redundancy and diversity is essential to the development of dependable systems. l The use of a well-defined repeatable process is important if faults in a system are to be minimised. l Some programming constructs are inherently error- prone - their use should be avoided wherever possible. Key points

Download ppt "©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development."

Similar presentations

1 Note content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. Critical Systems Development IS301.

1 Note content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. Critical Systems Development IS301.
Critical systems development

Critical systems development
Chapter 13 – Dependability engineering

Chapter 13 – Dependability engineering
Chapter 13 – Dependability engineering Lecture 1 1Chapter 13 Dependability Engineering.

Chapter 13 – Dependability engineering Lecture 1 1Chapter 13 Dependability Engineering.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
©Ian Sommerville 1995/2000 (Modified by Spiros Mancoridis 1999) Software Engineering, 6th edition. Chapter 18 Slide 1 Dependable software development l.

©Ian Sommerville 1995/2000 (Modified by Spiros Mancoridis 1999) Software Engineering, 6th edition. Chapter 18 Slide 1 Dependable software development l.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Rapid software development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Rapid software development.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Critical systems development

Critical systems development
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.

Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation.
Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

Modified from Sommerville’s originals Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.

Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.
Software evolution.

Software evolution.

Similar presentations

Ads by Google