Details

Preface. <p>Features and Organization.</p> <p>Practice Descriptions.</p> <p>Intended audience.</p> <p>Acknowledgements.</p> <p>Permissions.</p> <p>Disclaimer.</p> <p><b>1. The Case for Automated Defect Prevention.</b></p> <p>1.1 What is ADP?</p> <p>1.2 What are the goals of ADP?</p> <p>1.2.1 People: Stimulated and Satisfied.</p> <p>1.2.2 Product: High Quality.</p> <p>1.2.3 Organization: Increased Productivity and Operational Efficiency.</p> <p>1.2.4 Process: Controlled, Improved, and Sustainable.</p> <p>1.2.5 Project: Managed through Informed Decision Making.</p> <p>1.3 How is ASDP implemented?</p> <p>1.3.1 Principles.</p> <p>1.3.2 Practices.</p> <p>1.3.3 Policies.</p> <p>1.3.4 Defect Prevention Mindset.</p> <p>1.3.5 Automation.</p> <p>1.4 From the waterfall to modern software development process models.</p> <p>1.5 Acronyms.</p> <p>1.6 Glossary.</p> <p>1.7 References.</p> <p>1.8 Exercises.</p> <p><b>2. Principles of Automated Defect Prevention.</b></p> <p>2.1 Introduction.</p> <p>2.2 Defect Prevention: Definition and Benefits.</p> <p>2.3 Historical Perspective: Defect Analysis and Prevention in Auto Industry - What Happened to Deming?</p> <p>2.4 Principles of Automated Defect Prevention.</p> <p>2.4.1 Principle 1: Establishment of Infrastructure: "Build a strong foundation through integration of people and technology".</p> <p>2.4.2 Principle 2: Application of General Best Practices: "Learn from others' mistakes".</p> <p>2.4.3 Principle 3: Customization of Best Practices: "Learn from your own mistakes".</p> <p>2.4.4 Principle 4: Measurement and Tracking of Project Status: "Understand the past and present to make decisions about the future".</p> <p>2.4.5 Principle 5: Automation: "Let the computer do it".</p> <p>2.4.6 Principle 6: Incremental Implementation of ADP's Practices and Policies.</p> <p>2.5 Automated Defect Prevention based Software Development Process Model.</p> <p>2.6 Examples.</p> <p>2.6.1 Focus on Root Cause Analysis of a Defect.</p> <p>2.6.2 Focus on Infrastructure.</p> <p>2.6.3 Focus on Customized Best Practice.</p> <p>2.6.4 Focus on Measurements of Project Status.</p> <p>2.7 Acronyms.</p> <p>2.8 Glossary.</p> <p>2.9 References.</p> <p>2.10 Exercises.</p> <p><b>3. Initial Planning and Infrastructure.</b></p> <p>3.1 Introduction.</p> <p>3.2 Initial Software Development Plan.</p> <p>3.2.1 Product.</p> <p>3.2.2 People.</p> <p>3.2.3 Technology.</p> <p>3.2.4 Process.</p> <p>3.3 Best Practices for Creating People Infrastructure.</p> <p>3.3.1 Defining Groups.</p> <p>3.3.2 Determining a Location for Each Group's Infrastructure.</p> <p>3.3.3 Defining People Roles.</p> <p>3.3.4 Establishing Training Program.</p> <p>3.3.5 Cultivating a Positive Group Culture.</p> <p>3.4 Best Practices for Creating Technology Infrastructure.</p> <p>3.4.1 Automated Reporting System.</p> <p>3.4.2 Policy for Use of Automated Reporting System.</p> <p>3.4.3 Minimum Technology Infrastructure.</p> <p>3.4.4 Intermediate Technology Infrastructure.</p> <p>3.4.5 Expanded Technology Infrastructure.</p> <p>3.5 Integrating People and Technology.</p> <p>3.6 Human Factors and Concerns.</p> <p>3.7 Examples.</p> <p>3.7.1 Focus on Developer Ideas.</p> <p>3.7.2 Focus on Reports Generated by the Minimum Infrastructure.</p> <p>3.8 Acronyms.</p> <p>3.9 Glossary.</p> <p>3.10 References.</p> <p>3.11 Exercises.</p> <p><b>4. Requirements Specification and Management.</b></p> <p>4.1 Introduction.</p> <p>4.2 Best Practices for Gathering and Organizing Requirements.</p> <p>4.2.1 Creating the Product Vision and Scope Document.</p> <p>4.2.2 Gathering and Organizing Requirements.</p> <p>4.2.3 Prioritizing Requirements.</p> <p>4.2.4 Developing Use Cases.</p> <p>4.2.5 Creating a Prototype to Elicit Requirements.</p> <p>4.2.6 Creating Conceptual Test Cases.</p> <p>4.2.7 Requirements Documents Inspection.</p> <p>4.2.8 Managing Changing Requirements.</p> <p>4.3 Best Practices in Different Environments.</p> <p>4.3.1 Existing Versus New Software Project.</p> <p>4.3.2 In-House Versus Outsourced Development Teams.</p> <p>4.4 Policy for Use of the Requirements Management System.</p> <p>4.4.1 The project manager should approve the final version of the vision and scope document, which should be entered into, and tracked in, the requirements management system.</p> <p>4.4.2 The architect should approve the final version of the requirements specification (SRS) document. The requirements from SRS should be entered into, and their changes tracked in, the requirements management system.</p> <p>4.4.3 The architect or lead developer should define the scope and test requirements for each feature to be implemented, and then enter those details in the requirements management system.</p> <p>4.4.4 The developer should create test cases for each feature she is assigned to implement, and add those test cases to the requirements management system.</p> <p>4.4.5 After the developer implements a feature, she should modify the test cases to verify the new feature, then, once the tests pass, she should mark the feature as "implemented".</p> <p>4.4.6 Measurements Related to Requirement Management System.</p> <p>4.4.7 Tracking of Data Related to the Requirements Management System.</p> <p>4.5 Examples.</p> <p>4.5.1 Focus on Customized Best Practice.</p> <p>4.5.2 Focus on Monitoring and Managing Requirement Priorities.</p> <p>4.5.3 Focus on Change Requests.</p> <p>4.6 Acronyms.</p> <p>4.7 Glossary.</p> <p>4.8 References.</p> <p>4.9 Exercises.</p> <p><b>5. Extended Planning and Infrastructure.</b></p> <p>5.1 Introduction.</p> <p>5.2 Software Development Plan.</p> <p>5.3 Defining Project Objectives.</p> <p>5.4 Defining Project Artifacts and Deliverables.</p> <p>5.4.1 The Vision and Scope document.</p> <p>5.4.2 SRS, describing the product key features.</p> <p>5.4.3 Architectural and detailed design documents and models.</p> <p>5.4.4 List of COTS (Commercial-Off-the-Shelf-Components) used.</p> <p>5.4.5 Source and executable code.</p> <p>5.4.6 Test plan.</p> <p>5.4.7 Acceptance plan.</p> <p>5.4.8 Periodic reports generated by the reporting system.</p> <p>5.4.9 Deployment plan.</p> <p>5.4.10 User and operational manuals.</p> <p>5.4.11 Customer training plan.</p> <p>5.5 Selecting a Software Development Process Model.</p> <p>5.6 Defining Defect Prevention Process.</p> <p>5.7 Managing Risk.</p> <p>5.8 Managing Change.</p> <p>5.9 Defining Work Breakdown Structure (WBS) - An Iterative Approach.</p> <p>5.10 Best Practices for Estimating Project Effort.</p> <p>5.10.1 Estimation by Using Elements of Wideband Delphi.</p> <p>5.10.2 Estimation by Using Effort Analogy.</p> <p>5.10.3 Estimation by Using Parametric Models.</p> <p>5.10.4 Estimations of Using COTS and Code Reuse.</p> <p>5.10.5 Estimation Quality Factor and the Iterative Adjustments of Estimates.</p> <p>5.11 Best Practices for Preparing the Schedule.</p> <p>5.12 Measurement and Tracking for Estimation.</p> <p>5.13 Identifying Additional Resource Requirements.</p> <p>5.13.1 Extending the Technology Infrastructure.</p> <p>5.13.2 Extending the People Infrastructure.</p> <p>5.14 Examples.</p> <p>5.14.1 Focus on the Root Cause of a Project Scheduling Problem.</p> <p>5.14.2 Focus on Organizing and Tracking Artifacts.</p> <p>5.14.3 Focus on Scheduling and Tracking Milestones.</p> <p>5.15 Acronyms.</p> <p>5.16 Glossary.</p> <p>5.17 References.</p> <p>5.18 Exercises.</p> <p><b>6. Architectural and Detailed Design.</b></p> <p>6.1 Introduction.</p> <p>6.2 Best Practices for Design of System Functionality and its Quality Attributes.</p> <p>6.2.1 Identifying Critical Attributes of Architectural Design.</p> <p>6.2.2 Defining the Policies for Design of Functional and Non-functional Requirements.</p> <p>6.2.3 Applying Design Patterns.</p> <p>6.2.4 Service Oriented Architecture.</p> <p>6.2.5 Mapping Requirements to Modules.</p> <p>6.2.6 Designing Module Interfaces.</p> <p>6.2.7 Modeling Modules and their Interfaces with UML.</p> <p>6.2.8 Defining Application Logic.</p> <p>6.2.9 Refining Test Cases.</p> <p>6.2.10 Design Document Storage and Inspection.</p> <p>6.2.11 Managing Changes in Design.</p> <p>6.3 Best Practices for Design of Graphical User Interface.</p> <p>6.3.1 Identifying Critical Attributes of User Interface Design.</p> <p>6.3.2 Defining the User Interface Design Policy.</p> <p>6.3.3 Identifying Architectural Patterns Applicable to the User Interface Design.</p> <p>6.3.4 Creating Categories of Actions.</p> <p>6.3.5 Dividing Actions into Screens.</p> <p>6.3.6 Prototyping the Interface.</p> <p>6.3.7 Testing the Interface.</p> <p>6.4 Examples.</p> <p>6.4.1 Focus on Module Assignments and Design Progress.</p> <p>6.4.2 Focus on the Number of Use Cases per Module.</p> <p>6.4.3 Focus on Module Implementation Overview.</p> <p>6.4.4 Focus on Customized Best Practice for GUI Design.</p> <p>6.5 Acronyms.</p> <p>6.6 Glossary.</p> <p>6.7 References.</p> <p>6.8 Exercises.</p> <p><b>7. Construction.</b></p> <p>7.1 Introduction.</p> <p>7.2 Best Practices for Code Construction.</p> <p>7.2.1 Applying coding standards throughout development.</p> <p>7.2.2 Applying the test-first approach at the service and module implementation level.</p> <p>7.2.3 Implementing service contracts and/or module interfaces before their internal functionality.</p> <p>7.2.4 Applying Test Driven Development for algorithmically complex and critical code units.</p> <p>7.2.5 Conducting white box unit testing after implementing each unit and before checking the code to the source control system.</p> <p>7.2.6 Verifying code consistency with the requirements and design.</p> <p>7.3 Policy for Use of the Code Source Control System.</p> <p>7.3.1 Each developer should have a local copy (sandbox) of files related to her current work.</p> <p>7.3.2 Each team should have a sandbox with copies of all files needed to build each application.</p> <p>7.3.3 Parallel development practices should be well defined and understood by participating developers.</p> <p>7.3.4 Each developer should check out only code that she is actively modifying.</p> <p>7.3.5 Each developer should check in to source control only code that complies with the required coding standards and passes the designated quality checks.</p> <p>7.3.6 Each developer should clean the sandbox and re-shadow relevant files after major changes.</p> <p>7.3.7 The entire team should store code for different software versions in physically independent locations of the source control systems.</p> <p>7.3.8 The entire team should use versioning features only for small variations within one software version.</p> <p>7.3.9 Measurements Related to Source Control.</p> <p>7.3.10 Tracking of Source Control Data.</p> <p>7.4 Policy for Use of Automated Build.</p> <p>7.4.1 Creating a special build account.</p> <p>7.4.2 Cleaning the build area before each build.</p> <p>7.4.3 Shadowing or cloning the source code to the build directory.</p> <p>7.4.4 Building the application at regularly scheduled intervals after cleaning the build directory and shadowing or cloning the source code.</p> <p>7.4.5 Completely automating the build process.</p> <p>7.4.6 Creating hierarchies for Makefiles and/or other build files.</p> <p>7.4.7 Parameterizing scripts and build files.</p> <p>7.4.8 For n-tier applications, establishing and creating a build on a staging area as well as a production area.</p> <p>7.4.9 Fully integrating automated builds with the source control system.</p> <p>7.4.10 Integrating testing into the automated build process.</p> <p>7.4.11 Measurements Related to Automated Builds.</p> <p>7.4.12 Tracking of Data Related to Automated Builds.</p> <p>7.5 Examples.</p> <p>7.5.1 Focus on a Customized Coding Standard Policy.</p> <p>7.5.2 Focus on Features/Tests Reports.</p> <p>7.6 Acronyms.</p> <p>7.7 Glossary.</p> <p>7.8 References.</p> <p>7.9 Exercises.</p> <p><b>8. Testing and Defect Prevention.</b></p> <p>8.1 Introduction.</p> <p>8.2 Best Practices for Testing and Code Review.</p> <p>8.2.1 Conducting White Box Unit Testing: Bottom-Up Approach.</p> <p>8.2.2 Conducting Black Box Testing and Verifying the Convergence of Top Down and Bottom Up Tests.</p> <p>8.2.3 Conducting Code Reviews as a Testing Activity.</p> <p>8.2.4 Conducting Integration Testing.</p> <p>8.2.5 Conducting System Testing.</p> <p>8.2.6 Conducting Regression Testing.</p> <p>8.2.7 Conducting Acceptance Testing.</p> <p>8.3 Defect Analysis and Prevention.</p> <p>8.4 Policy for Use of Problem Tracking System.</p> <p>8.4.1 During development, problem tracking systems should be used to store only severe defects, feature requests and developer ideas.</p> <p>8.4.2 After a code freeze, the problem tracking system should be used to record all defect reports and all feature requests.</p> <p>8.4.3 During release planning, recorded feature requests should be prioritized and their implementation scheduled.</p> <p>8.4.4 Measurements of Data Related to the Problem Tracking System.</p> <p>8.4.5 Tracking of Data Related to Problem Tracking System.</p> <p>8.5 Policy for Use of Regression Testing System.</p> <p>8.5.1 Configuring the regression system so that it provides detailed result information.</p> <p>8.5.2 Executing regression tests automatically after each build.</p> <p>8.5.3 Reviewing regression test results at the beginning of each work day and updating the test suite as needed.</p> <p>8.5.4 Using regression results to assess the deployment readiness of the system.</p> <p>8.5.5 Measurements Related to the Regression Testing System.</p> <p>8.5.6 Tracking of Data Related to the Regression Testing System.</p> <p>8.6 Examples.</p> <p>8.6.1 Focus on Defect Tracking Reports.</p> <p>8.6.2 Focus on Test Type Reports.</p> <p>8.6.3 Example of a Root Cause Analysis of a Design and Testing Defect.</p> <p>8.7 Acronyms.</p> <p>8.8 Glossary.</p> <p>8.9 References.</p> <p>8.10 Exercises.</p> <p><b>9. Trend Analysis and Deployment.</b></p> <p>9.1 Introduction.</p> <p>9.2 Trends in Process Control.</p> <p>9.2.1 Process Variations.</p> <p>9.2.2 Process Stabilization.</p> <p>9.2.3 Process Capability.</p> <p>9.3 Trends in Project Progress.</p> <p>9.3.1 Analyzing Features/Requirements Implementation Status.</p> <p>9.3.2 Analyzing Source Code Growth.</p> <p>9.3.3 Analyzing Test Results.</p> <p>9.3.4 Analyzing Defects.</p> <p>9.3.5 Analyzing Cost and Schedule.</p> <p>9.4 Best Practices for Deployment and Transition.</p> <p>9.4.1 Deployment to a Staging System.</p> <p>9.4.2 Automation of the Deployment Process.</p> <p>9.4.3 Assessing Release Readiness.</p> <p>9.4.4 Release: Deployment to the Production System.</p> <p>9.4.5 Non-intrusive Monitoring.</p> <p>9.5 Acronyms.</p> <p>9.6 Glossary.</p> <p>9.7 References.</p> <p>9.8 Exercises.</p> <p><b>10. Managing External Factors.</b></p> <p>10.1 Introduction.</p> <p>10.2 Best Practices for Managing Outsourced Projects.</p> <p>10.2.1 Establishing A Software Development Outsource Process.</p> <p>10.2.2 Phase 0: Decision to Outsource.</p> <p>10.2.3 Phase 1: Planning.</p> <p>10.2.4 Phase 2: Implementation.</p> <p>10.2.5 Phase 3: Termination.</p> <p>10.3 Best Practices for Facilitating IT Regulatory Compliance.</p> <p>10.3.1 Section 508 of the US Rehabilitation Act.</p> <p>10.3.2 Sarbanes-Oxley Act of 2002.</p> <p>10.4 Best Practices for Implementation of CMMI.</p> <p>10.4.1 Capability and Maturity Model Integration (CMMI).</p> <p>10.4.2 Staged Representation.</p> <p>10.4.3 Putting Staged Representation Based Improvement into Practice Using ASDP.</p> <p>10.4.4 Putting Continuous Representation Based Improvement into Practice Using ASDP.</p> <p>10.5 Acronyms.</p> <p>10.6 Glossary.</p> <p>10.7 References.</p> <p>10.8 Exercises.</p> <p><b>11. Case Studies: Automation as an Agent of Change.</b></p> <p>11.1 Case Study I: Implementing Java Coding Standards in a Financial Application.</p> <p>11.1.1 Company Profile.</p> <p>11.1.2 Problems.</p> <p>11.1.3 Solution.</p> <p>11.1.4 Data Collected.</p> <p>11.1.5 The Bottom Line Results - Facilitating Change.</p> <p>11.1.6 Acronyms.</p> <p>11.1.7 Glossary.</p> <p>11.1.8 References for Case Study I.</p> <p>11.2 Case Study II: Implementing C/C++ Coding Standards in an Embedded Application.</p> <p>11.2.1 Introduction.</p> <p>11.2.2 C/C++ Coding Standards.</p> <p>11.2.3 Considerations on Choosing a Coding Standards Checker.</p> <p>11.2.4 Experiences Using the Checker.</p> <p>11.2.5 Lessons Learned.</p> <p>11.2.6 Conclusion.</p> <p>11.2.7 References for Case Study II.</p> <p><b>Appendix A: A Brief Survey of Modern Software Development Process Models.</b></p> <p>A.1 Introduction.</p> <p>A.2 Rapid Application Development (RAD) and Rapid Prototyping.</p> <p>A.3 Incremental Development.</p> <p>A.4 Spiral Model.</p> <p>A.5 Object Oriented Unified Process.</p> <p>A.6 Extreme and Agile Programming.</p> <p>A.7 References.</p> <p><b>Appendix B: Mars Polar Lander (MPL), Loss and Lessons.</b></p> <p>B.1 No Definite Root Cause.</p> <p>B.2 No Mission Data.</p> <p>B.3 Root Cause Revisited.</p> <p><b>Appendix C: Service-Oriented Architecture: Example of an Implementation with ADP Best Practices.</b></p> <p>C.1 Introduction.</p> <p>C.2 Web Service Creation: Initial Planning and Requirements.</p> <p>C.2.1 Functional Requirements.</p> <p>C.2.2 Non-Functional Requirements.</p> <p>C.3 Web Service Creation: Extended Planning and Design.</p> <p>C.3.1 Initial Architecture.</p> <p>C.3.2 Extended Infrastructure.</p> <p>C.3.3 Design.</p> <p>C.4 Web Service Creation: Construction and Testing Stage 1 : Module Implementation.</p> <p>C.4.1 Applying Coding Standards.</p> <p>C.4.2 Implementing Interfaces and Applying a Test-first Approach for Modules and Sub-modules.</p> <p>C.4.3 Generating White Box Junit Tests.</p> <p>C.4.4 Gradually Implementing the Sub-module until all Junit Tests Pass and Converge with the Original Black Box Tests.</p> <p>C.4.5 Checking Verified Tests into the Source Control System and Running Nightly Regression Tests.</p> <p>C.5 Web Service Creation: Construction and Testing Stage 2: The WSDL Document Implementation.</p> <p>C.5.1 Creating and Deploying the WSDL Document on the Staging Server as Part of the Nightly Build Process.</p> <p>C.5.2 Avoiding Inline Schemas when XML Validation Is Required.</p> <p>C.5.3 Avoiding Cyclical Referencing, when Using Inline Schemas.</p> <p>C.5.4 Verifying WSDL document for XML Validity.</p> <p>C.5.5 Avoiding "Encoded" Coding Style by Checking Interoperability.</p> <p>C.5.6 Creating Regression Tests for the WSDL documents and Schemas to Detect Undesired Changes.</p> <p>C.6 Web Service Creation: Server Deployment.</p> <p>C.6.1 Deploying the Web Service to a Staging Server as Part of the Nightly Build Process.</p> <p>C.6.2 Executing Web Service Tests that Verify the Functionality of the Web Service.</p> <p>C.6.3 Creating "Scenario-Based" Tests and Incorporating them Into the Nightly Test Process.</p> <p>C.6.4 Database Testing.</p> <p>C.7 Web Service Creation: Client Deployment.</p> <p>C.7.1 Implementing the Client According to the WSDL Document Specification.</p> <p>C.7.2 Using Server Stubs to Test Client functionality - Deploying the Server Stub as Part of the Nightly Deployment Process.</p> <p>C.7.3 Adding Client Tests into the Nightly Test Process.</p> <p>C.8 Web Service Creation: Verifying Security.</p> <p>C.8.1 Determining the Desired Level of Security.</p> <p>C.8.2 Deploying Security Enabled Web Service on Additional Port of the Staging Server.</p> <p>C.8.3 Leveraging Existing Tests: Modifying Them to Test for Security and Incorporating Them into the Nightly Test Process.</p> <p>C.9 Web Service Creation: Verifying Performance through Continuous Performance/Load Testing.</p> <p>C.9.1 Starting Load Testing As Early As Possible and Incorporating it into the Nightly Test Process.</p> <p>C.9.2 Using Results of Load Tests to Determine Final Deployment. Configuration.</p> <p><b>Appendix D: AJAX Best Practice: Continuous Testing.</b></p> <p>D.1 Why AJAX?</p> <p>D.2 AJAX Development and Testing Challenges.</p> <p>D.3 Continuous Testing.</p> <p><b>Appendix E: Software Engineering Tools.</b></p> <p>Glossary.</p> <p>Index.</p>

<p>Dorota Huizinga, PhD, is the Associate Dean for the College of Engineering and Computer Science and Professor of Computer Science at California State University, Fullerton. Her publication record spans a wide range of computer science disciplines and her research was sponsored by the National Science Foundation, California State University System, and private industry.</p> <p>Adam Kolawa, PhD, is the cofounder and CEO of Parasoft, a leading provider of Automated Error Prevention software solutions. Dr. Kolawa is a coauthor of Bulletproofing Web Applications, has contributed to or written more than 100 commentary pieces and technical papers, and has authored numerous scientific papers.</p>

<p>Improve Productivity by Integrating Automation and Defect Prevention into Your Software Development Process</p> <p>This book presents an approach to software management based on a new methodology called Automated Defect Prevention (ADP). The authors describe how to establish an infrastructure that functions as a software "production line" that automates repetitive tasks, organizes project activities, tracks project status, seamlessly collects project data, and sustains and facilitates the improvement of human-defined processes. Well-grounded in software engineering research and in industry best practices, this book helps organizations gain dramatic improvement in both product quality and operational effectiveness.</p> <p>Ideal for industry professionals and project managers, as well as upper-level undergraduates and graduate-level students in software engineering, Automated Defect Prevention is complete with figures that illustrate how to structure projects and contains real-world examples, developers' testimonies, and tips on how to implement defect prevention strategies across a project group.</p>

US