a quantitative software risk assessment model · 10 [ l~ _____ _ example -analyze test coverage of...
TRANSCRIPT
, ---. ,
I I
L_
Source of Acquisition NASA Johnson Space Center
A Quantitative Software Risk Assessment
Model
Alice Lee
https://ntrs.nasa.gov/search.jsp?R=20100036298 2020-03-27T13:10:26+00:00Z
r
I 1
2
Testability
---------~ ---
Likelihood (Exposure)
Complexity
Complexity
Interface Critical ity
Susceptibility I to 4
Maintainbil ity
I : most error proneness
A Risk Model
Instrument & Compi le
Test Cases (drivers, scripts)
Untested Code %
Consequences (Criticality)
Functional Criticality
Functional Designer User
Require-Input Input
ments
~t~
Safety Analys is Risk Assessment
Discrepancies
~ Functional Criticality Levell
I to 4 I: most criti cal
· ,
Risk Index: A Sample Result Call Grph PEG_Task Overa ll Tota l Test Functiona l I Ri sk Index S/W Number Components Susc eptibi lity Coverage % Crltlca lity Reli ab ili ty
(1 = bad) I (l=most Crl t) (0 to 1. 1=hlgh) 7 Current_Acc 4 72% 1 0.07 8 CALC_VRAT IO 4 73% 0.0675 9 Time_ To_Go 4 89% 0.0275 10 ThrusUnlegral 3.5 100% 1 0 11 Reference_ Thrust_Vectors 11 100% 0 12 Util_M idva l 4 70% 0075 13 UTIL_ V_Magnitude 3.5 0% 0375 14 Gmd_Pred_ Eq_Zero 4 90% 0025 15 UTIL MT 4 0% 025 16 UTI L_M1_ Times_M 2 3.5 0% 0375 17 UTIL_M_ Times_ V 3.5 0% 0.375 18 UTI L_MT _ Times_ V 3 0% I 0.5 19 UnltVector 4 93% 0.0175 20 H_Ell ipsoid 4 96% 001 21 AIl_Ge_ 400k <'1 0% 025 22 AIl_Lt_ 400K <'1 '-0% 025 23 All Il 600k 3 0% 05 24 Al t_Ge_600k 4 0% 0.25 25 Accel_Drag 3 0% 05 26 Drag_Aeeel 3 0% 05 27 Drag_Aeeel_Bypass 4 0% 0 25 28 delta_acceUmu 1 0% 1 29 no_delta_aceel 4 0% 0.25 30 Gmd_Pred_Not_Zero 3 0% 0.5 31 Ns teps_Stepsz 3 86% 0.07 32 Nstep_Do_Loop 1 23'1'0 0.77 33 Entry _Precise_Pred ictor 3 19% DAOS ' 34 IBurnout_Stale_ Veetor_Pred 3 42% 029 35 V_Magnitude 3.5 100% 0
3
36 \Send_Unit_ Vector 4 100% 0 37 Send_Zero_ Vector 4 '100% 0 38 UTIL_ V._Unl ti ze :3 68% o 16
I
Example Result of Complexity Study (1)
.\
HIND TRJB SORT SECA SAVS SAV/\ QAQB POKE NEWT MAIL OIlBA
•• _M:i ;;·
HMOE Aoca "
4 Application : newc o~e
Version: VERSIONl Lan~uage : fORTRAN
Call graph of root:
II
.-
Example' Result of Comple'xity Study (2)
subsys Ileo rb.lt
De orblt
PEG Task
[ m;"l Co ntlnue
VEL TO B Burnout Referene Thrust I
Converge VEL TO 0 I.TVC UTIL V U Entry Pr
/ ~ ~ "~S-~~:::==:::::::::::::::===----_ Converge SfUELD N D Gte Ze C K W R Magnlt Send Zee Send Unl V M,1gn lLi. Nstep Do Nsteps 5 Gmd P red Gmd P red ~ - - - - , - . -
utll Mid C I\ LC VRI\
Conv St e Pa ss J M GT MOO M LTE Mil
Dr ag_ flee --mTCMi _" / n UTIL MT _ / -v-==----__ _ I\ee el Dr 11 Elllps UTIL M T
~--------~======~------------I\lt Ge 6 I\lt It 6
=- 1 I\lt [,t 1 I\lt Ge 1 UTIL V M
5 ~pplication : SOU~CE Language: C Version: CURRENT VERSION
Calling/called components graph of the roo t
LTVC PEG
L •• _. _____ _
r \ l \ l I \ .
.a " c. "0
;:r
(T1
0 <
'""
.-
J '0
()
;0
0
.-J
:3
"0 o (1
) :J
rr
,., -0
.a
In
I-
' )-
0-
)-0
-
o ()
a :J
c.
••
f"
T ....
... )-
0-
0 o
0-.
:J
C'" c.
::J
<0
C
.:o
J '<
0
(1) .- "'1
0 ;0
-l
s: Z
". -'~~r
.
...
t ~
m
>< Q) 3 -C - (t) ;:0
(t) en
t: - ... o --
-t\
("'") o 3 -C - (t) >< -- ...
. ,<
(J
) ... t: c..
'<
~l~
t>
'" I
P
t>
--.
I
7
L __ ~_~_~
Example - A "Green" module (Least Error Proneness)
.::: ,'. Low & lilgh Category Metric ::~:: thresholds Complexity Prog. length ·300 &. 400
Lines of Code 60 & 100 Cyclom::Complex. 1Q & 15 Essent-, Corn.plex, ~& 8
,:~-:
Testability Design Cornplex. 7 & 10 Cy>clorn .. Complex. 10 & 15 Pathol, Complex. 1 & 2
111= Complex. Desjgn Complex. 1 & 10 Maintainab. prog. Length 300 & 400
Susceptibility Level = 1.1
Metdc Metric Category . Value Eva!. . . EvaL ::'1-'
21 Green Green 6.,. Green Z" Green F' Green t: Green Green 2 Green 1 Green 2 Green Greeo
2-1 Green Green Prog. Vollime 1,500 & 2,000 82 Green Lines of Code 60 &.,1 00 1 ~% of Comments 0.2 & 0.8 Cycloro. Complex. 10 &1'5 Essen!.. Complex. 4 & 8 Pathol. Complex. 1 & 2 Normal. Cyclom. .28 & .60
Cotnplexlty '"
6 Green .74 Yel10w
2 Greeo :1 Green 1 Green. .:
.3f.: Yello~ ,.<:.A.
,--
8
\ L __
Example - A "Yellow" module (Medium Error Proneness)
Susceptibility Level = 2.2
Low & High Metric Metric Category Category Metric Thresholds Value Eval. Eval. Complexity Prog. Length 300 & 400 820 Red Red
Lines of Code 60 & 100 101 Red Cyclom. Complex. 10 & 15 41 Red Essen!. Complex. 4 & 8 1 Green
Testability Design Complex. 7 & 10 8 Yellow Yellow Cyclom. Complex. 10 & 15 41 Red Pat hoI. Complex. 1 & 2 1 Green
ifF Complex. Design Complex. 7 & 10 8 Yellow Yellow Maintainab. Prog. Length 300 & 400 820 Red Yellow
Prog. Volume 1,500 & 2,000 5,730 Red Lines of Code 60 & 100 101 Red 1 - % of Comments 0.2 & 0.8 .65 Yellow Cyclom. Complex. 10 & 15 41 Red Essen!. Complex. 4 & 8 1 Green Pathol. Complex. 1 & 2 1 Green Normal. Cyclom. .28 & .60 .41 Green
Complexity
•
(Most Error Proneness)
- 2.5
Metric Metric Category Category Metric Value Eva!. Eva!. Complexity Prog. Length 633 Red Red
Lines of Code 137 Red Cyclom. Complex. 41 Red Essen!. Complex. 4 & 30 Red
Testabili ty Design Complex. 7 & 10 Yellow Yellow Cyclom. Complex. 10 & 15 Pathol. Complex. 1 & 2
ifF Complex. Design Complex. 7 & 10 Maintainab. Prog . Length 300 & 400 633
Prog. Volume 1,500 & 2,000 4,431 Red
Lines of Code 60 & 100 137 Red 1 - % of Comments 0.2 & 0.8 .40 Yellow Cyclom. Complex. 10 & 15 41 Red Essen!. Complex. 4&8 30 Red Pathol. Complex. 1 & 2 1 Green Normal. Cyclom. .28 & .60 .30 Yellow
Complexity
9
l_
10
[
l~ _____ _
Example - Analyze Test Coverage of Code and Test Efficiency (1)
• cmp2.c, the most relevant function with date sorting, only has a 67% block coverage File Tool Options
V' by- type • by- file V' by- function
Sunmary TestCases Update GoBack Help
Disable Sort_ by
________ b_l_oc __ k_ coverage ..,!l.....ary by file over selected testcases
cmp1.c
• cmp2.c
main.c
misc.c
qsort.c
skip . c
sort.c
total
XATAC _------I
101 of 102
75 of 112
166 of 178
93 of 101
31 of 33
28 of 29
38 of 59
532 of 614
Coverage : I block ~
Files :
7 of 7
Test cases :
62 0 f 62
11
~-
Example - Analyze Test Coverage of Code and Test Efficiency (2)
File Tool Options Summary TestCases Update GoBack Help
::I'.
o do ++p; while (isalpha( ~p»; break;
case' 0' :
month = 11 ; do ++p ; while (isalpha( ~p»; b r e a k ;
defaul t: iiIiiIiI_
value = 0; nDigits = 0; while (isdigit( ~ p» {
++nDigits;
4 5 6 7
value = value ~ 10 + ~ p++ - '0';
if I I value> 31 I I nDigits > 2)
.... . . . . . u ••• u •• uuuuu.uu
else { if (nDigits == 2)
year = 1900 + value; else )
year = value; else return -1;
Covering this red block guarantees the execution of at least 8 additional blocks.
return year .. 10000 + month ~ 100 + day;
XATAC File: cmp2.c J
Line: J 121 of 151
Coverage: J block
Highlightin~ I all prioriti~
'" 60 Q,) l. ::l - 50 .-~
~ '-0 40
:;t: Q,) ;, 30 :0 ~ -::l 20 E ::l
U 10
12
Software Reliability: Basic Concepts
2 3 4 5
Time
c 'Vi c: Q,)
Q Q,) l. ::l -.-~
~
CUlTent Failure Rate
Failure Rate Objective
I . _ . _ . _ . _ . _ l_ . _ . _ . _ ._. _ . _ . _ . _ . ~~ ... ~. -=_,.,.,.,... ___ _
I
I
~ T ime required to complete ~ testing
Date/Time
r.
Software Reliability: Example (1)
Musa's Basic Execution Time Model
20 I u u
1 U . '
~ --------------~ lG t ~ .---' , 11\ •
0 12 • 0
0 0
B 10 . u Predicted
{P [) .
~ 0 0 Actual Z G J 0
----1-____ 1 ____ --1 1--- --- - 1
'1 G u 10 1:. 11\ 1[; III
Execution time
13
F ~~ -:
:l'"1!1O~
-~
c -"
0 0
-0
0 c
-0
a 0
X
0 0
c 0
0 0
0 0
0 - o
en
0 ,.I.' ~
Q) .., (1)
c:
:::a
(1) - --
tTl
Q)
><
t:r
(1)
CJ
-()
c --
~.
-0
• --
:::l
... .-.
'<
§.
(1)
• •
- c m
>< Q
) ~
3 "I
"'C - (1) ..
,-..
.-
I\J
-=-~
] . I ~
: C
~ ~
~ c
1 l t
r.
-~
0
( --
------.-
-I
I c:
: o
,~
.J,.
~
~ --J
, -~
-
" .)
"'.
-. '
. ;
'.~
" i I I I \' I I I. I I I I I'~ - I' ' I r l f-"
t I,'
~~.
~ ~,~~~~~,----~
t:/-
; ",.
u=
--";
~
/...
:.
.. :""
, -
-/
'7 ~. c~-
· II
<:
c'
-_. _. -_. ~ '<
• • m
>< Q) 3 -c -
-~---..
.'
16
Software Reliability: Example (4)
.... :..: .. .... ~;: . : .. ",',
••.• J:, .•
. r:'-~' ~: . .
. ,',
~~;.~ " l,~?j: • r ' ,J ......... .
ioo6ob i
i;' 5,f~L~; ':(~1t~"o~~ ~; .'~ .. ', '-·~~w·~ '-\',i,""\"'; ;','
I ~ . . .
r fl jill r fI l/l to /I ~ I't Y V I' J • r:xoclltlol " limo ((X(JOlloll tllll ,MocJpl)
-
--_. --- ('~d.uilv. y .. ~l(..:'; I:",
<j~lf~(~fd';. , . •. , ' \ 0 .1,
I' I 1
,, ___ ' ____ ' ,: 1 .
. ' ... "".Iu,.., .0tuI"1
• J!v.i'~i'; •
..,
:?~;\~~ii;~~tr:::~~, '; .. t·; "':":~j:?~~r.~;;::J.' " ~ .. '
:, \ t~~. -!'" P \. . t;
- --:--- --+'1---- ---,---~--k .\ (ill
:~,' A i f~<;:(t~\Vf; ';'~ XJ : 5 14 , OR/(1')/t)() r ... " "rl ,; !. ,' .... t al f:~@.~r ,l q l ,j Sf' !lil'sa [;OV
", ~" '\~<:I7r ~r!;:
,i· , ....
\ O· \. L 111
!:xc 'cullo/l TIIIlO
, ,
I.
17
Life Cycle Application of the Risk Model
Reguirementphase - Safety A~sessment -.Functioll,al Criticality
-v -:-:. ~:: ~: ;]~. "
De·sign ~~GodingPhase •••.• ;,"$.
.::::'
.. Quality Slsse~ment - Code complexity measurement
" Su bsystemTestPhase - Test cd'vet age analysis 1-1 -----,
1;;::::; 9<e.$ L9,as~~ suggesti ons. .... ':~~:-:-:.» ~ .-:'
r Integration Test,Phase - Test coverage analysis - Software relialJ,pity ~tiwati9n ~ prediction
If :'=l .:':
User Acceptance ~R:i sk index
-------.~---------------
- Software re1iabilityindex
----.----
r ., ,
18
l \ .
---.-- _._--, '
Software Capability Maturity Level
Level
I. Initial
II. Repeatable
III. Defined
IV. Managed
V. Optimizing
Characteristics
Ad hoc, few processes are defined
Basic project Inanagement processes are established to track cost, schedule, and functionality
Process for both management & engineering activities is institutionalized
Process and product quality are quantitatively understood and controlled
Improvelnent is enabled by quantitative feedback from the piloting of innovative ideas and technologies