Unformatted text preview:

CS 350: Introduction to Software EngineeringSurvey resultsWhy GCS (Guidance and Control Software)?Comments on Real TimeSoftware ExperimentationN-version SoftwareFailure Probabilities - 1Failure Probabilities - 2Failure Probability CommentsN-version Software - 2Oracle Problem - 1Oracle problem - 2GCS GoalGCS Context - 2GCS Context - 3Bigger Context, DesignReading the spec - 1Reading the spec - 2Reading the spec - 3Format of GCS Soft Req. DocData Element DictionaryQuizViking LanderViking OrbiterGCS SystemPhysical Systems (cont.)Slide 27GCS_SIM_RENDEZVOUS PurposeNASA Testing Architecture:Testing arch (cont.)Testing arch. (cont.)Specification IntentSome NotationsProcesses (typical real-time sys)Process (cont.)TimingA Little Bit of FORTRANLevel 0 Spec (context diagram)Level 1 SpecLevel 2 SpecLevel 3 Spec Formatcp process stepsAssignmentProgramming AssignmentEventual ProjectOther requirementsCS 350: Introduction toSoftware EngineeringSlide Set 3C. M. OverstreetOld Dominion UniversityFall 2004Survey resultsBest language:C++: Java:depends on task: lisp:Preferred language:C++:  Java:Max size program you’ve written:< 500> 500 & < 1k:> 1k & < 10k:> 100kWhy GCS (Guidance and Control Software)?NASA & FAA interest in “ultra-reliable” softwareNASA/Langley lead in previous project (still core of knowledge about project)Complex but not too complexI like it because:Real-time systemApplication knowledge required (just like real life)Really messy in places (just like real life)~100 pg. req. doc.Bad features (just like real life)I’d do a bunch of things differently but we’re stuck with other people’s bad decisionsComments on Real TimeIn a real-time system:Computational tasks must complete by a deadlineOften cyclical: computations repeat at a specified frequencyOperating system considerationsMany OS’s allow you to schedule the start time for a task (see cron in UNIX). Much harder to guarantee that a task will complete by a deadline, particularly for interrupt driven systemsSoftware ExperimentationStd Problem is SE: many opinions, few factsPurpose of GCS: get some real dataStudy a software systems that:Doesn’t cost too much to buildSmall but not too smallIs in the “right” application domainFlight control, real timeCan be used for data collectionWant failure rate data (e.g. MTTF)Want to understand kinds of errors people makeN-version SoftwarePurpose: increase software reliabilityOne idea:Develop one requirements documentGive copies to several different development groups (say 5)Each group develops complete systemIndependently! No info exchange!!Run all five systems:Give each identical inputWait for each to produce required outputCompare 5 outputs & take majority as the correct outputQuestion: does this work?Failure Probabilities - 1In software reliability world, failures are treated as "random" events (even though they aren't)Each programs has "input space":The set of data the program will receive when running, including the fact that it will see some inputs frequently, others rarely.Failure Probabilities - 2Then probability of program failure is based on idea:Randomly pick a data value from the program's input space (where selecting particular values reflects how frequently they will be seen when the program really runs).Observe whether or not the program failsDo this for all values in input space (properly weighted).Pr(failure with a randomly selected input) = (number failures) / (number tests)Failure Probability CommentsSimple concept. But involves several potentially hard problems:What is the distribution of inputs the program will really encounter in use?Input space often too large to run all program with all possible inputsHow do you tell when the program fails (assuming it doesn't crash)?Typical industry interest is how often software will fail when used by their customers. This is a similar idea.Depends on both frequency of use and typical input dataN-version Software - 2Statistical concept: event independenceKnowing one event occurred doesn’t change probably of another event.Independence  Pr(A^B)=Pr(A)Pr(B)Often, this is not trueKey Question:Do separately developed versions really fail independently?Or if one fails, does that make it more likely that another will fail also?Oracle Problem - 1When testing software, how do you detect all erroneous outputs?Unsolved SE problem for many applicationsOracle problem - 2Federal Aviation Administration (FAA) specifies that the failure rate for commercial aircraft of less than 10-9.How many test cases should you run to determine this?Generally considered a statistical problem: if the software is given a "random" input, what is the likelihood of the program producing incorrect output (assuming it doesn't crash)?How do you check the answers?GCS GoalGenerate data for software reliability studyWhat types of mistakes to do programmers make?How often do different programmers make the same mistake?If “approved” software development procedures are used (here, RTCA/DO-178B--required by FAA), how reliable will the software be?GCS Context - 2Use n-versions to address the oracle problem:Assume, say, 5 complete versions of GCS are available.Give each a set of inputs.After all finish, compare outputs.If identical repeat (run another test)If at least one differsWe’ve found an errorDon’t know which program.May be a problem with ambiguous requirements.Does this solve the oracle problem?GCS Context - 3Execution context:V1V2V3 V4Sensor DataVoter/LoggerPhysics, Environ.SimulatorEngine CommandsSensorDataSeparateGCS versionsV2Bigger Context, DesignViking project was largeDone by teams, different teams for different phasesMain phases:Launch rocket (with Viking lander as payload)Fly payload to Mars, place into orbitStart decent of payload to target location; parachute deployedControl descent to surface of MarsConduct scientific mission & transmit data to EarthAnalyze data collectedOur part!Reading the spec - 1Read pp. 3-18, 89-123 for Thurs.Read as reference doc. That is, most important is to be aware of what is there and where there rather than to memorize lots of details.Point: when you get to code design, you will (we hope) remember that


View Full Document

ODU CS 350 - Lecture Notes

Download Lecture Notes
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture Notes and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture Notes 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?