DREXEL UNIVERSITY, ISCHOOL INFO 630, DR. PETER GRILLO SPRING QUARTER, 2011 Cleanroom Software Engineering Stephenson, Chad Due: June 6/7/2011 Table of Contents INTRODUCTION ................................................................................................................................................. 3 BACKGROUND .................................................................................................................................................. 3 PRINCIPLES........................................................................................................................................................ 3 PROCESS ............................................................................................................................................................ 4 BOX OVERVIEW ................................................................................................................................................. 6 CONCLUSION: .................................................................................................................................................... 7 REFERENCES: ................................................................................................................................................... 8 CERTIFICATION ................................................................................................................................................. 9 INTRODUCTION “Lets do it right the first time” This is the basic philosophy of cleanroom software engineering. It is a process for developing high-quality software with certified reliability. “Cleanroom software engineering is a theory based, team oriented process for development and certification of highreliability software systems under statistical quality control” (Linger, Richard). The purpose is the development of software that has no failures in use. The name comes from hardware cleanroom. The emphasis of Cleanroom approach is on a rigorous engineering discipline and the focus is on defect prevention as opposed to defect removal. “The approach of cleanroom combines mathematical based methods of software specification, design and correctness verification with statistical, usage based testing to certify software fitness for use”. (Chetan and Ying) What it comes down tom, is having a strong design from the beginning that has no or few errors. Instead of developing software quickly then debugging, the Cleanroom approach is to spend more time (and money) upfront to prevent errors after it is developed. BACKGROUND Development of the cleanroom software engineering process was by Harlan Mills and Alan Hevner at IBM. It began its use in the mid 80s. Military use began in the early 90s. It has been used in many cases where reliability is very important. It is kind of interesting that the name Cleanroom would be used in software engineering. The use of the name came from the electronics world where everything must be clean. If it is not defect could be introduced into final products. Cleanroom does not follow a common software development process of code it and fix it. So instead of just writing the code, a programmer must design the code and algorithms by first fully understanding what it is it needs to do. A lot of time and money is spent upfront to prevent errors and issues later down the road. But that will later reduce the cost during development. This is done partly by using statistical methods. Cleanroom stresses that the design is certified by statistically testing and is mathematically correct. The main benefits of using Cleanroom approach is zero failures in the field, shorter development cycles and it tends to result in longer life of products. PRINCIPLES Cleanroom software engineering differs in that it is done using a box structured approach. It uses a technology that is object based. These are a box method that include clear, state and black boxes. (Chetan and Ying). Instead of saying that 100% of the project is 75% finished you would say 75% of the project is 100% done. The basic principles of the Cleanroom process are as follows, 1) Software development based on Mathematical Principles: Using mathematical functions is one of the main principles of Cleanroom Software Engineering. This differs then other traditional that are used such as the waterfall method. The Box Structured Method is used in Cleanroom Software Engineering. Specification and Design is used by this method. To insure that a design is a correct implementation of what is being specified, Cleanroom uses functional verification. Before any line of code is ever executed, correctness verification is done. This prevents developers to getting into debugging mode. 2) Incremental implantation under statistical quality control: Instead of looking at the project as a whole and finding errors from there, each state is looked. At. By using strict standers each process (or iteration) is measured for quality. Each stage is looked at as a whole. This is where the previous statement that x amount of the project is 100% complete. The project cannot move forward unless the strict standards are met. If the standards are not met, there must be a return to the design stage. 3) Software Development based on Statistical Principles: Statistics is used to try to figure out all possible uses of the software. In other words, a “sample” is used to draw conclusions about a “population.” Under a testing protocol that is faithful to the principles of applied statistics, a scientifically valid statement can be made about the expected operational performance of the software based on its test performance.” (Becker & Borris) PROCESS Cleanroom engineering follows a specific approach and steps. They are broken down into specification processes, development processes and certification process. They are as follows Cleanroom Specification Process 1) Requirements analysis: It this state a project manager or team would produce and review informal specifications. Finding out what the project/design needs to do and what needs to be done to meet the final needs of the end users. Function, usage, environment and performance would all be taken into consideration. After the requirements have been gathered the next step is to figure out how to make it work. In this step the requirements would be converted into state machines and functions 2) Function Specification: What is the software suppose to do. Everything about the software including what it does, who it is for is specified. The customer must agree with the function specification. 3) Usage Specification: In this process the use of the software is identified. In addition the types of environments is also identified. Again this is another part of the certification process and it must come with an agreement from the customer on the specified usage. 4) Architecure Specification: This process uses three key dimensions of architecture which are conceptual, module and execution. The Black Box (later discussed) method is used. 5) Increment Process: The software architecture is put together in this phase by using allocating the customer requirements that were provisory defined. In the incremental process a schedule is defined and resources are allocated. “In the incremental process, a software system grows from initial to final form through a series of increments that implement user functions, execute in the system environment and accumulate into the final system” (Linger & Trammell) Cleanroom Development Processes 6) Software Reengineering: One benefit of the Cleanroom Process is that it can be used in situations for software reuse where it was not previously used. The purpose is to prepare reused software (which previously may not have been Cleanroom). When software is going to be reused it must first be understood. It may be necessary to use correctness verification during this process. Again certification is a necessary part of this phase. 7) Increment Design: Using the Cleanroom principles, code is designed. Mathematical models . and box structure decomposition help to create the code that is going to be used. Part of doing the box structure method is paralling the design and specification. Increments are designed and implemented as usage hierarchies. If a software application or design is going to be designed using cleanroom approach, compiling code or unit testing would not be allowed. In this state code is developed and are verified using informal methods. During high level design code is written in increments. After each section test cases are generated. 8) Correctness Verification: Using mathematically based techniques the correctness of the software is verified. “Black box specifications are verified to be complete, consistent, and correct. State box specifications are verified with respect to black box specifications, and clear box procedures are verified with respect to state box specifications. “ (Linger & Trammell) Questions are asked and if necessary a change is made which requires revivification. During verification results are validated by compiling code, linking it and testing it. Cleanroom Certification Processes 9) Usage Modling and Test Planning: This is another important part of the process that requires customer agreement for certification. The creation of usage models are used for testing of the software as well as defining test plans. Again statistics are used, in this situation for testing. 10) Statistical Testing and Certification: The final state in verifying that the software is doing what it is intended to do. Decision are made on whether to do further testing, to revisit prior steps or to certify the software up to that point. BOX OVERVIEW Box Types 1) Black box - specifies a set of transition rules that describe the behavior of system components as responses to specific stimuli. (Chetan & Ying). The black box hides data implementation and process implementation. This is usually arranged into hierarchies based on usage. 2) State box – Within this box state machine are generalized. In addition objects may be encapsulated. Basically it is showing data implementation. State box hides process implementation. 3) Clear box – Box becomes fully visible. Shows both data implementation and process implementation. The clear box is fully a fully developed procedure. The first step is to create the black box which is specified and validated. Within this system boundaries are established. After mapping rules are created the owners and users must validate. Second a state box is specified and validated. Because this is showing data implementation, transition functions must be shown. Behaviors from the black box is derived. Last is designing and verifying the clear box. Controls and operations are put into this box. Figure1: Example of Black Box Method (Chetan and Ying) CONCLUSION: Cleanroom is all about and stresses good design. Instead of just throwing something together and finding out what’s wrong with it later, errors are prevented before, so you don’t have to fix them later. A typical software lifecycle might include 40% design, 20%code and 40% testing (to find the errors). With a cleanroom approach we might now say that it is 80% design and 20% coding (testing sometimes not necessary because the finished product is error free). With cleanroom errors are found in earlier stages thus reducing errors later down the road. With Cleanroom Software Engineering, quality is achieved by design, not testing. It can also be used for new or existing systems. REFERENCES: Kale, Chetan & Jin Ying (2004) Cleanroom Software Development, Becker, Shirley & Beizer Borris; Cleanroom Software Engineering; Retrieved on 6/1/2011; http://www.uta.edu/cse/levine/fall99/cse5324/cr/clean CLEANROOM SOFTWARE ENGINEERING REFERENCE MODEL. VERSION 1.0. (n.d.). Retrieved from http://quanterion.com/Documents/Documents.asp?ArgVal=708 Cleanroom Software Development. (n.d.). Retrieved from http://www.khambatti.com/mujtaba/ArticlesAndPapers/Cleanroom%20Software%20Develo pment.pdf Cleanroom Software Engineering – Reference Model Version 1.0 by Richard C. Linger, Carmen J. Trammell 1996 CERTIFICATION I certify that: This assignment is entirely my own work. I have not quoted the words of any other person from a printed source or a website without indicating what has been quoted and providing an appropriate citation. I have not submitted any of the material in this document to satisfy the requirements of any other course. Chad D Stephenson