1
------CEN 5035 - Software Engineering ------
Exam 2 -- Spring 2008 – Solution Notes
- Potentially changeable design decisions are isolated (i.e., “hidden”)to minimize the impact of change.
- a. The UML (Unified Modelling Language) is the de factointernational
standard for OO modelling.
b. Several competing notations for OOD were proposed in the 1980s and
1990s. To avoid slowing the adoption of object technology, an
effort was undertaken to integrate these notations in the mid 90’s.
The initial standard was adopted by the Object Management Group, a
consortium of companies, in 1997.
c. UML is comprised of a number of different models that may be
produced during OO analysis and design (user view, structural view,
behavioural view, implementation view, etc.).
- Theinternal object state of an active object may be changed by the
object itself and not simply by external calls. (I.e., execution
activities in an active object need not be triggered by external calls
on its methods.)
- a. Cross-cutting concerns are program elements reflecting (functional
and non-functional) requirements that are distributed among a
number of system components. Aspects(are abstractions that)
encapsulate the code associated with a cross-cutting concern.
b. tangling: when a component in a system includes code that
implements different system requirements
advice: the code implementing a concern
join point:event in an executing program where the advice
associated with an aspect may be executed
- a. It models the sequence of interactions when the external mapping
system requests data from a weather station.
b. Vertically; time progresses down the dashed vertical lines.
c. Interactions between objects. (They are messages or events – not
dataflows.)
- The time when the corresponding object is the controlling object in the system.
- Components are often delivered as binary units so the buyer usually
does not have access to the implementation (i.e., source code).
7. (See page 419 of text.)
8. The level of required confidence depends on (1) the system’s purpose –
how critical the software is to an organization, (2) the expectations
of the system users – how willing they are to accept system failures,
and (3) the current marketing environment for the system – the number
and price of available competing products. (See pages 516 and 517 of
text for details.)
9. It means that the behaviour of a program when encountering a defect
during a test run (e.g., termination with an error message) may
prevent the observable manifestation of other program defects that
would otherwise be observable.
10. Are the resources required for each testing phase and activity
identified?Are the objectives and appropriate coverage criteria
clearly stated for each testing method identified? Are appropriate
entry and exit criteria identified for each test phase and activity?
11. a. The name was derived by analogy with semiconductor fabrication
units where defects are avoided by manufacturing in an ultra-clean
atmosphere. (The philosophy of Cleanroom software development is
defect avoidance rather than defect removal.)
b. Producing zero-defect software.
c. The development team is not allowed to undertake (dynamic) defect
(coverage) testing at any time in order to discourage the use of
“trial-and-error” based development strategy in which debugging is
employed to remove defects which are instead avoided using a
structured, formal approach to verification based on inspection of
code supplemented with correctness arguments.
12. Program inspection is a public process or error detection compared
with the more private component testing process. Inevitably, mistakes
that are made by individuals are revealed to the whole programming
team. Inspection team leaders must therefore be trained to manage the
process carefully and to develop a culture that does not provide
disincentives for finding errors. A management practice obviously
inconsistent with this would be usingpositive inspections results
(finding errors) in(negative) staff appraisals.
13. People naturally tend to avoid exposing work they are not confident
about to others for close scrutiny. Thus, a reader may be inclined to
gloss over parts of his/her work that are more likely to contain
errors.
14. If the input (initial state) satisfies pre-condition P and (if)
program S executes and terminates, then the output (final state) will
satisfy post-condition Q.
15. a. false, b. false, c.true, d. true, e. false, f.true
16. {P & b} S1 {Q}, {P b} S2 {Q}
------
{P} if b then S1 else S2 {Q}
{P & b} S1 {Q}: {Z=17& B>Z} Z := B {B>17& Z=B} Z=B Q
{P b}S2{Q}: {Z=17& B17}A := Z {Z=A=17 & B17} B17 Q
17. Causal Analysis: identifying the causes of errors in order to effect
process changes to eliminate future occurrences of those errors.
18. a. the presence of additional code reflecting functionality that is
not specified (e.g., a Trojan horse)
b. missing code reflecting unimplemented functions
19. a. P=>I, {I&b} S {I}, (I&~b)=>Q
b. P=>I: Does (N>=1 & Sum=0 & J=1) =>
Sum = (sum from k=1 to J-1) X[k]?
Yes, since 0 = Sum = (sum from k=1 to 0) X[k] = 0
{I&b} S {I}: {Sum = (sum from k=1 to J-1) X[k] & J>N+1}
Sum := Sum + X[J]
{Sum = (sum from k=1 to J) X[k] & J>N+1}
J := J+1
{Sum = (sum from k=1 to J-1) X[k] & J-1>N+1} => I
(I&~b)=>Q: Does Sum = (sum from k=1 to J-1) X[k] & J=N+1 =>
Sum = (sum from k=1 to N) X[k]?
Yes, since (N+1)-1 = N, yielding Q.
20.
Test cases 1 and 2 provide Branch Coverage, but not Condition
Coverage (since condition B has not been True). Thus, Branch
Coverage does not subsume Condition Coverage.
21. a. X>Y & X+1<=Y & X+1=Y-1 = X+2=Y
b. X>Y & X+1>Y & X+1>Y+2 & X+2>Y+2 & X+2=Y+4 = X=Y+2
22. Reliability of a system depends on how that system is used. For
example, the pattern of use in a particular environment may involve
regularly exercising "buggy" parts of a system that areonly rarely
exercised in some other environment.
Reliability testing takes such differences into account through the
generation of test cases based on "operational profiles" which reflect
expected usage patterns in a given environment.
23. a.
b. 2 X 2 X 2 X 2 = 16
c.
t1 t2 t3
------
c1 | T | T | T |
------
c2 | T | T | F |
------
c3 | T | F | T |
------
c4 | F | F | F|
======
e1 | T | T | T |
------
e2 | F | T | F |
------
24. From the top (“root”) module toward the bottom (“top-down”);
From bottom (“leaf”) modules toward the top (“bottom-up”);
By function (modules supporting key functions are integrated first);
Critical or high-risk modules first;
By availability
25.Focus is system behavior at or near overload conditions (i.e.,
"pushing the system to failure").In general, products should exhibit
"graceful" failures and non-abrupt performance degradation.
26. "Program evolution is a self-regulating process. System attributes
such as size, time between releases and the number of reported errors
is approximately invariant for each system release." This suggests
that large systems have a dynamic of their own that determines the
gross trends of the system maintenance process and limits the number
of possible system changes.
27. (See Figure 28.1, p. 667)
28. If the developers of a system have no contractual responsibility for
maintenance, there is no incentive to design for ease of future
change.
29. a. The Software Engineering Institute (SEI) is a DoD-funded organ-
ization (established in 1984 at CMU) to assess and improve the
capabilities of the US software industry.
b. The continuous representation enables comparisons across and among
organizations ona process-area-by-process-area basis; the staged
representation provides a single maturity rating that summarizes
appraisalresults over all process areas.