CS 530 - Software Engineering

Quality Management

Reference: Sommerville, Software Engineering, 10 ed., Chapter 24

The big picture

Software quality management is concerned with ensuring that the required level of quality is achieved in a software product. Three principal concerns:

  1. At the organizational level, quality management is concerned with establishing a framework of organizational processes and standards that will lead to high-quality software.
  2. At the project level, quality management involves the application of specific quality processes and checking that these planned processes have been followed.
  3. At the project level, quality management is also concerned with establishing a quality plan for a project. The quality plan should set out the quality goals for the project and define what processes and standards are to be used.

Quality management provides an independent check on the software development process. The quality management process checks the project deliverables to ensure that they are consistent with organizational standards and goals The quality team should be independent from the development team so that they can take an objective view of the software. This allows them to report on software quality without being influenced by software development issues.

A quality plan sets out the desired product qualities and how these are assessed and defines the most significant quality attributes. The quality plan should define the quality assessment process. It should set out which organizational standards should be applied and, where necessary, define new standards to be used. Quality plans should be short, succinct documents; if they are too long, no-one will read them. Quality plan structure:

Quality management is particularly important for large, complex systems. The quality documentation is a record of progress and supports continuity of development as the development team changes. For smaller systems, quality management needs less documentation and should focus on establishing a quality culture. Techniques have to evolve when agile development is used.

Software quality

Quality, simplistically, means that a product should meet its specification. This is problematic for software systems because there is a tension between customer quality requirements (efficiency, reliability, etc.) and developer quality requirements (maintainability, reusability, etc.); some quality requirements are difficult to specify in an unambiguous way; software specifications are usually incomplete and often inconsistent. The focus may be 'fitness for purpose' rather than specification conformance.

Software fitness for purpose

The subjective quality of a software system is largely based on its non-functional characteristics. This reflects practical user experience - if the software's functionality is not what is expected, then users will often just work around this and find other ways to do what they want to do. However, if the software is unreliable or too slow, then it is practically impossible for them to achieve their goals.

Software quality attributes
Safety Understandability Portability
Security Testability Usability
Reliability Adaptability Reusability
Resilience Modularity Efficiency
Robustness Complexity Learnability

It is not possible for any system to be optimized for all of these attributes - for example, improving robustness may lead to loss of performance. The quality plan should therefore define the most important quality attributes for the software that is being developed. The plan should also include a definition of the quality assessment process, an agreed way of assessing whether some quality, such as maintainability or robustness, is present in the product.

The quality of a developed product is influenced by the quality of the production process. This is important in software development as some product quality attributes are hard to assess. However, there is a very complex and poorly understood relationship between software processes and product quality. The application of individual skills and experience is particularly important in software development. External factors such as the novelty of an application or the need for an accelerated development schedule may impair product quality.

Quality managers should aim to develop a 'quality culture' where everyone responsible for software development is committed to achieving a high level of product quality. They should encourage teams to take responsibility for the quality of their work and to develop new approaches to quality improvement. They should support people who are interested in the intangible aspects of quality and encourage professional behavior in all team members.

Software standards

Software standards define the required attributes of a product or process. They play an important role in quality management. Standards may be international, national, organizational or project standards. Encapsulation of best practices avoids repetition of past mistakes. They are a framework for defining what quality means in a particular setting i.e. that organization's view of quality. They provide continuity - new staff can understand the organization by understanding the standards that are used.

Product standards apply to the software product being developed. They include document standards, such as the structure of requirements documents, documentation standards, such as a standard comment header for an object class definition, and coding standards, which define how a programming language should be used. Product standards may include:

Process standards define the processes that should be followed during software development. Process standards may include definitions of specification, design and validation processes, process support tools and a description of the documents that should be written during these processes. Process standards may include:

Problems: Standards may not be seen as relevant and up-to-date by software engineers. They often involve too much bureaucratic form filling. If they are unsupported by software tools, tedious form filling work is often involved to maintain the documentation associated with the standards.

Practitioners should be involved in development of standards. Engineers should understand the rationale underlying a standard. Review standards and their usage regularly. Standards can quickly become outdated and this reduces their credibility amongst practitioners. Detailed standards should have specialized tool support. Excessive clerical work is the most significant complaint against standards. Web-based forms are not good enough.

An international set of standards that can be used as a basis for developing quality management systems. ISO 9001, the most general of these standards, applies to organizations that design, develop and maintain products, including software. The ISO 9001 standard is a framework for developing software standards. It sets out general quality principles, describes quality processes in general and lays out the organizational standards and procedures that should be defined. These should be documented in an organizational quality manual.

Basics of ISO 9001 certification:

The ISO 9001 certification is inadequate because it defines quality to be the conformance to standards. It takes no account of quality as experienced by users of the software. For example, a company could define test coverage standards specifying that all methods in objects must be called at least once. Unfortunately, this standard can be met by incomplete software testing that does not include tests with different method parameters. So long as the defined testing procedures are followed and test records maintained, the company could be ISO 9001 certified.

Reviews and inspections

Reviews and inspections involve a group who examines part or all of a process or system and its documentation to find potential problems. Software or documents may be 'signed off' at a review which signifies that progress to the next development stage has been approved by management. There are different types of review with different objectives:

Quality reviews involve a group of people who carefully examine part or all of a software system and its associated documentation. Code, designs, specifications, test plans, standards, etc. can all be reviewed. Software or documents may be 'signed off' at a review which signifies that progress to the next development stage has been approved by management.

Phases in the review process:

The processes suggested for reviews assume that the review team has a face-to-face meeting to discuss the software or documents that they are reviewing. However, project teams are now often distributed, sometimes across countries or continents, so it is impractical for team members to meet face to face. Remote/distributed reviewing can be supported using shared documents where each review team member can annotate the document with their comments.

Program inspections are peer reviews where engineers examine the source of a system with the aim of discovering anomalies and defects. Inspections do not require execution of a system so may be used before implementation. They may be applied to any representation of the system (requirements, design, configuration data, test data, etc.). They have been shown to be an effective technique for discovering program errors.

Checklist of common errors should be used to drive the inspection. Error checklists are programming language dependent and reflect the characteristic errors that are likely to arise in the language. In general, the 'weaker' the type checking, the larger the checklist. Examples: Initialisation, Constant naming, loop termination, array bounds, etc.

Quality management and agile development

Quality management in agile development is informal rather than document-based. It relies on establishing a quality culture, where all team members feel responsible for software quality and take actions to ensure that quality is maintained. The agile community is fundamentally opposed to what it sees as the bureaucratic overheads of standards-based approaches and quality processes as embodied in ISO 9001.

Good agile practices:

The review process in agile software development is usually informal. In Scrum, there is a review meeting after each iteration of the software has been completed (a sprint review), where quality issues and problems may be discussed. In Extreme Programming, pair programming ensures that code is constantly being examined and reviewed by another team member.

Pair programming is an approach where 2 people are responsible for code development and work together to achieve this. Code developed by an individual is therefore constantly being examined and reviewed by another team member. Pair programming leads to a deep knowledge of a program, as both programmers have to understand the program in detail to continue development. This depth of knowledge is difficult to achieve in inspection processes and pair programming can find bugs that would not be discovered in formal inspections. Pair programming weaknesses include:

When a large system is being developed for an external customer, agile approaches to quality management with minimal documentation may be impractical. If the customer is a large company, it may have its own quality management processes and may expect the software development company to report on progress in a way that is compatible with them. Where there are several geographically distributed teams involved in development, perhaps from different companies, then informal communications may be impractical. For long-lifetime systems, the team involved in development will changeWithout documentation, new team members may find it impossible to understand development.

Software measurement

Software measurement is concerned with deriving a numeric value for an attribute of a software product or process. This allows for objective comparisons between techniques and processes. Although some companies have introduced measurement programs, most organizations still don’t make systematic use of software measurement. There are few established standards in this area.

Software metric is any type of measurement which relates to a software system, process or related documentation: lines of code in a program, the fog index (a code readability test), number of person-days required to develop a component. Allow the software and the software process to be quantified. May be used to predict product attributes or to control the software process. Product metrics can be used for general predictions or to identify anomalous components. Process metrics include:

Software measurements can be used to:

Software metrics assumptions:

Problems with measurement in industry:

Software measurement and metrics are the basis of empirical software engineering. This is a research area in which experiments on software systems and the collection of data about real projects has been used to form and validate hypotheses about software engineering methods and techniques. Research on empirical software engineering, this has not had a significant impact on software engineering practice. It is difficult to relate generic research to a project that is different from the research study.

A quality product metric should be a predictor of product quality. Classes of product metrics:

Dynamic metrics are closely related to software quality attributes. It is relatively easy to measure the response time of a system (performance attribute) or the number of failures (reliability attribute). Static metrics have an indirect relationship with quality attributes. You need to try and derive a relationship between these metrics and properties such as complexity, understandability and maintainability.

System components can be analyzed separately using a range of metrics. The values of these metrics may then compared for different components and, perhaps, with historical measurement data collected on previous projects. Anomalous measurements, which deviate significantly from the norm, may imply that there are problems with the quality of these components.

When you collect quantitative data about software and software processes, you have to analyze that data to understand its meaning. It is easy to misinterpret data and to make inferences that are incorrect. You cannot simply look at the data on its own. You must also consider the context where the data is collected.

Processes and products that are being measured are not insulated from their environment. The business environment is constantly changing and it is impossible to avoid changes to work practice just because they may make comparisons of data invalid. Data about human activities cannot always be taken at face value. The reasons why a measured value changes are often ambiguous. These reasons must be investigated in detail before drawing conclusions from any measurements that have been made.

Software analytics is analytics on software data for managers and software engineers with the aim of empowering software development individuals and teams to gain and share insight from their data to make better decisions. The automated collection of user data by software product companies when their product is used. If the software fails, information about the failure and the state of the system can be sent over the Internet from the user's computer to servers run by the product developer. The use of open source software available on platforms such as Sourceforge and GitHub and open source repositories of software engineering data. The source code of open source software is available for automated analysis and this can sometimes be linked with data in the open source repository.

Software analytics is still immature and it is too early to say what effect it will have. Not only are there general problems of 'big data' processing, our knowledge depends on collected data from large companies. This is primarily from software products and it is unclear if the tools and techniques that are appropriate for products can also be used with custom software. Small companies are unlikely to invest in the data collection systems that are required for automated analysis so may not be able to use software analytics.