What kinds of functions are used by Cleanroom Software Engineering approach?

Harlan Mills and his colleagues namely Linger, Poore, Dyer in the year of 1980 developed a software process that could promise building zero error software at IBM. This process is now popularly known as the Cleanroom software engineering. The process was named in accordance with an analogy with the manufacturing process of the semiconductors. 

The Clean room software engineering process makes use of the statistical process and its control features. The software systems and applications thus produced have certified software reliability. The productivity is also increased as the software has no defects at delivery. 

Below mentioned are some key features of the Cleanroom software engineering process:

1. Usage scenarios
2. Incremental development
3. Incremental release
4. Statistical modeling
5. Separate development
6. Acceptance testing
7. No unit testing
8. No debugging
9. Formal reviews with verification conditions

Basic technologies used by the CSE approach are:

1. Incremental development
2. Box structured specifications
3. Statistical usage testing
4. Function theoretic verification

- The incremental development phase of the CSE involves overlapping of the incremental development and from beginning of specification to the end of the test execution it takes around 12 – 18 weeks.

- Partitioning of the increments is critical as well as difficult. 

- Formal specification of the CSE process involves the following:

1. Box structured Designing: Three types of boxes are identified namely black box, state box and clear box.
2. Verification properties of the structures and
3. Program functions: These are one kind of functions that are used by the clean room approach.

- State boxes are the description of the state of the system in terms of data structures such as sequences, sets, lists, records, relations and maps. 

- Further, they include specification of operations and state in-variants.

- Each and every operation that is carried out needs to take care of the invariant. 

- The syntax errors present in a constructed program in clean-room are checked by a parser but is not run by the developer.

- A team review is responsible for performing verification which is driven by a number of verification conditions. 

- Productivity is increased by 3–5 times in the verification process as compared to the debugging process. 

- Proving the program is always an option with the developers but it calls for a lot of math intensive work.

- As an alternate to this, clean room software engineering approach prefers to use a team code inspection in terms of two things namely:

1. Program functions and
2. Verification conditions

- After this, an informal review is carried out which confirms whether all conditions have been satisfied or not. 

- Program functions are nothing but functions describing the prime program’s function.

- Functional verification steps are:

1.    Specifying the program by post and pre-conditions.

2.    Parsing the program in to prime numbers.

3.    Determining the program functions for SESE’s.

4.    Defining verification conditions.

5.    Inspection of all the verification conditions.

- Program functions also define the conditions under which a program can be executed legally. Such program functions are called pre-conditions.

- Program functions can even express the effect the program execution is having up on the state of the system. Such program functions are called the post conditions.

- Programs are mostly expressed on terms of the input arguments, instance variables and return values of the program. 

- However, they cannot be expressed by local program variables. 

- The concept of nested blocks is supported by a number of modern programming languages and structured programs always require well nesting. 

- The process determining SESE’s also involves parsing rather than just program functions.

What is a Cleanroom approach?

In this article we discuss the cleanroom approach in detail. The size of the team is usually small and is divided in to following three sub – teams:

1. Specification team: This team is responsible for the development and maintenance of the specifications.
2. Development team: This team is responsible for the development and verification of the software.
3. Certification team: This team is responsible for the development of statistical tests and reliability growth models. 

The incremental development is always carried out under statistical quality control so that the performance can be assessed at the end of every iteration using the following measures:

1. Errors per KLOC
2. Rate of growth in MTTF
3. Number of sequential error free tests.

The software development in cleanroom approach is purely based up on the mathematical principles whereas the testing is based up on the statistical principles. 

- Firstly, the system to be developed is formally specified and an operational profile is created. This profile and the formal specifications are then used to define the software increments which are then used for the two purposes namely:

1. Construction of a structured program
2. Designing of statistical tests: These tests also contribute to the first purpose.

- The constructed program is then formally verified and integrated with the increment.

Below mentioned is the flow of cleanroom approach:

1. Software requirements specification
2. Software design and development
3. Incremental software delivery
4. Incremental statistical testing
5. Regression testing
6. Software reliability measurement
7. Process error diagnosis and correction

- The incremental development planning is divided in to two parts namely:

1. Functional specification: It involves formal design correctness verification.
2. Usage specification: It involves statistical test case generation.

- Both these processes then merge down to statistical testing which then follows quality certification model and MTTF estimates.

- The whole cleanroom project develops around the incremental strategy. 

- Requirements are gathered from the customers and elicited and refined via the traditional methods.

- The definition of the data, its behavior and procedures are isolated and separated by the box structures at every level of refinement. 

- Specifications or the black boxes when iteratively refined become state boxes i.e., architectural designs and clear boxes i.e., the component–level designs.

- Formal inspections are carried out to make sure that the code confirms to standards, it is syntactically correct and its correctness has been verified. 

- Statistical usage planning involves creation of tests cases that match with the probability distribution of the usage pattern

- In place of the exhaustive testing, a sample of all the test cases is employed. 

- Once the programmers are done with all 3 activities (i.e., verification, inspection, usage testing, and defect removal) the increment is considered to be certified and ready to be integrated. 

- For developing a right system, customer feedback and involvement are 2 necessary elements throughout the process. 

- Increment planning is required so that the customer’s system requirements can be clarified. 

- There is a requirement of management of resources and control of complexity which is also achieved through incremental planning.

- In order to develop a quality product a control over the software development cycle and process measurement is very much required.

- Following are the benefits of concurrent planning:

1. Concurrent engineering
2. Step wise integration
3. Continuous quality feedback
4. Continuous customer feedback
5. Risk management
6. Change management

- All of the above benefits are achieved respectively by:

1. Certification and scheduling parallel development
2. Testing cumulative increments
3. Statistical process control
4. Through actual use
5. Treatment of the high risk elements in early phases
6. Systematic accommodation of the changes

Design verification advantage allows the cleanroom teams to verify each and every line of code.