Software engineering sommerville 9th pdf free download

This has reduced the number of chapters in the book and allows the author to focus on core material in each chapter. Complete restructuring to make it easier to use the book in teaching software engineering. The book now has four rather than eight parts and each part may be used on its own or in combination with other parts as the basis of a software engineering course.

The four parts are an introduction to software engineering, dependability and security, advanced software engineering and software engineering management. Several topics from previous editions are presented more concisely in a single chapter, with extra material moved onto the Web.

Additional web chapters, based on chapters from previous editions that are not included in the ninth edition, are available on the Web. The content in all chapters is updated and revised. New chapters on agile software development and embedded systems are included. A new case study on a patient record system for patients who are undergoing treatment for mental health problems is used in several chapters.

About the Author s. Previous editions. Software Engineering: Update , 8th Edition. Several topics from previous editions are presented more concisely in a single chapter, with extra material moved onto the Web. Additional web chapters, based on chapters from previous editions that I have not included here, are available on the Web. I have updated and revised the content in all chapters.

I have added new chapters on agile software development and embedded systems. A new case study on a patient record system for patients who are undergoing treatment for mental health problems has been used in several chapters. I have designed the book so that it can be used in three different types of softwareengineering courses:. Are tools available in house or will they have to be purchased. The likely lifetime of the software that you are developing.

MDA is most suitable for long-lifetime systems 4. Requirements for high performance or throughput MDA relies on code generation that creates code which may be less efficient than hand written code 5. The long term benefits of using MDA are there real cost savings from this approach 6. The enthusiasm of the software developers. The architecture may have to be designed before specifications are written to provide a means of structuring the specification and developing different sub- system specifications concurrently, to allow manufacture of hardware by sub- contractors and to provide a model for system costing.

Fundamentally, to provide availability, you need to have a replicated components in the architecture so that in the event of one component failing, you can switch immediately to a backup component. You also need to have several copies of the data that is being processed. Security requires minimizing the number of copies of the data and, wherever possible, adopting an architecture where each component only knows as much as it needs to, to do its job. This reduces the chance of intruders accessing the data.

Therefore, there is a fundamental architectural conflict between availability replication, several copies and security specialization, minimal copies. The system architect has to find the best compromise between these fundamentally opposing requirements.

You also have to look at how these services are used in particular toolsets. Generally, IDEs are tightly integrated systems and all parts of the reference model may not be applicable. In this case, comparisons would be drawn using: 1.

Data repository services. What kind of data management is supported? Data integration services. How well can data be interchanged with other tools and what support is provided for configuration management?

User interface services. What facilities are supported to allow presentation integration? How well integrated at the user interface level are different parts of the systems?

Task management services. This is really for general purpose environments so is probably inapplicable to Java IDEs. Message services. How do different components of the IDE communicate?

Students should consider the levels in the information system and should identify components that might be included at each level. You should make reasonable assumptions about the functionality that is required here.

System: Weather station Use case: Report status Actors: Weather information system, weather station Data: The weather station sends a status update to the weather information system giving information about the status of its instruments, computers and power supply.

Stimulus: The weather information system establishes a satellite link with the weather station and requests status information.

Response: A status summary is uploaded to the weather information system Comments: System status is usually requested at the same time as the weather report. System: Weather station Use case: Reconfigure Actors: Weather information system, weather station Data: The weather information station sends a reconfiguration command to the weather station. This places it into remote control mode where further commands may be sent from the remote system to update the weather station software. Stimulus: A command from the weather information system.

Response: Confirmation that the system is in remote control mode Comments: Used occasionally when software updates have to be installed. Use your own experience to decide on the attributes and operations that should be associated with these objects. However, I am only really looking for simple objects which encapsulate the principal requirements of these artefacts.

Possible designs are shown in the above diagram. The group diary communicates with the diaries of the participants in turn, modifying the window accordingly as there availability is known. D2 is then contacted with that availability, not the original window. If there are no mutually available dates in the window, the system reports this to the organizer. Otherwise, a date is selected, entered in all diaries and confirmed to the organizer.

Without configuration management it is easy to lose track of the changes that each developer makes to code and for changes made by one programmer to overwrite changes made by another programmer. For example, one programmer may change a component to improve its performance whilst another may correct a bug in the functionality of the component. Without CM, whoever writes the component last to the shared component store will overwrite and so lose the previous component changes.

Furthermore, systems are usually composed of multiple components, each of which exists in multiple versions, where each version as a specific purpose.

For example, there may be a versions of a system for different platforms such as Windows, Linux and MacOS. These versions have some specific components and some shared components and it is potentially error prone if these versions are assembled without CM tool support. It is very easy to include the wrong component in a version and this is likely to lead to subsequent software failure. New customers usually have specific requirements to be incorporated into their system, and they pay for these to be developed.

The company has an opportunity to bid for a new contract, which would more than double its customer base. The new customer also wishes to have some involvement in the configuration of the system.

Explain why, in these circumstances, it might be a good idea for the company owning the software to make it open source.

The key benefits of open source are is that it opens up development to a wide range of developers and so accelerates the development and debugging of the product.

Doubling the customer base places immense strains on a small company of they have to take on a lot of new staff and so going open source means that the costs of expansion are reduced. In this case, because the product is specialized to the needs of different users, the company that own the software can still charge these users to make the changes to the system.

Hence the loss in revenue from selling the software is compensated by the additional effort available to service more customers.

Furthermore, large companies are often reluctant to buy from small companies who may go out of business, To some extent, open source provides reassurance to customers that, even of the original owners of the software are unavailable, they can get access to the source code and hence continue to maintain their system.

Assume that exhaustive testing of a program, where every possible valid input is checked, is impossible true for all but trivial programs. Test cases either do not reveal a fault in the program or reveal a program fault.

If they reveal a program fault then they demonstrate the presence of an error. If they do not reveal a fault, however, this simply means that they have executed a code sequence that — for the inputs chosen — is not faulty. The next test of the same code sequence — with different inputs — could reveal a fault.

Explain how the use of automated tests and a testing framework such as JUnit simplifies regression testing. Regression testing is the process of running tests for functionality that has already been implemented when new functionality is developed or the system is changed. Regression tests check that the system changes have not introduced problems into the previously implemented code.

Automated tests and a testing framework, such as JUnit, radically simplify regression testing as the entire test set can be run automatically each time a change is made.

The automated tests include their own checks that the test has been successful or otherwise so the costs of checking the success or otherwise of regression tests is low. A possible scenario for high-level testing of the weather station system is: John is a meteorologist responsible for producing weather maps for the state of Minnesota. These maps are produced from automatically collected data using a weather mapping system and they show different data about the weather in Minnesota.

John selects the area for which the map is to be produced, the time period of the map and requests that the map should be generated. While the map is being created, John runs a weather station check that examines all remotely collected weather station data and looks for gaps in that data — this would imply a problem with the remote weather station.

There are many possible alternative scenarios here. They should identify the role of the actors involved and should discuss a typical task that might be carried out by that role. Stress testing is where you deliberately increase the load on a system beyond its design limit to see how it copes with high loads. The system should degrade gracefully rather than collapse.

To stress test the system, you need to arrange for a many different clinics to try and access the system at the same time and b Large numbers of records to be added to the system. This may involve using a simulation system to simulate multiple users. Systems must change or become progressively less useful for a number of reasons: 1.

The presence of the system changes the ways of working in its environment and this generates new requirements. If these are not satisfied, the usefulness of the system declines. The business in which the system is used changes in response to market forces and this also generates new system requirements. The external legal and political environment for the system changes and generates new requirements. New technologies become available that offer significant benefits and the system must change to take advantage of them.

Suggest how you might set up a program to analyze the maintenance process and determine appropriate maintainability metrics for the company. This is a very open question, where there are many possible answers. Basically, the students should identify factors which affect maintainability such as program and data complexity, use of meaningful identifiers, programming language, program documentation etc. They should then suggest how these can be evaluated in existing systems whose maintenance cost is known and discuss problems of interaction.

The approach should be to discover those program units which have particularly high maintenance costs and to evaluate the cost factors for these components and for other components. Then check for correlations. Why is it sometimes difficult to distinguish between them? The three main types of software maintenance are: 1. Corrective maintenance or fault repair.

The changes made to the system are to repair reported faults which may be program bugs or specification errors or omissions. Adaptive maintenance or environmental adaptation. Changing the software to adapt it to changes in its environment e. Perfective maintenance or functionality addition. This involves adding new functionality or features to the system.

They are sometimes difficult to distinguish because the same set of changes may cover all three types of maintenance. The new software may have additional functionality and as part of the adaptive maintenance, new features may be added to take advantage of this. Examples of where software might be scrapped and rewritten are: 1.

When the cost of maintenance is high and the organisation has decided to invest in new hardware. This will involve significant conversion costs anyway so the opportunity might be taken to rewrite the software. When a business process is changed and new software is required to support the process. When support for the tools and language used to develop the software is unavailable. This is a particular problem with early 4GLs where, in many cases, the vendors are no longer in business.

When would you normally replace all or part of a system rather than continue maintenance of the software? The strategic options for legacy system evolution are: 1. Abandon maintenance of the system and replace it with a new system.

Continue maintaining the system as it is. Perform some re-engineering system improvement that makes the system easier to maintain and continue maintenance. Encapsulate the existing functionality of the system in a wrapper and add new functionality by writing new code which calls on the existing system as a component. Decompose the system into separate units and wrap them as components. This is similar to the solution above but gives more flexibility in how the system is used.

You would normally choose the replacement option in situations where the hardware platform for the system is being replaced, where the company wishes to standardize on some approach to development that is not consistent with the current system, where some major sub-system is being replaced e.

Illustrate your answer with a different example from that used in this chapter. Other systems in the system's environment can have unanticipated effects because they have relationships with the system over and above whatever formal relationships e.

For example, the system may share an electrical power supply and air conditioning unit, they may be located in the same room so if there is a fire in one system then the other will be affected etc. The notion of a system failure is a judgment on the part of the observer of the failure, depending on their experience and expectations. Users of a system never read the specification so it is pointless to define failures as a deviation from a specification.

User 1 is a doctor who has extensive experience of mental health care. If these conditions do not appear in the menu then he or she may consider this to be a system failure. User 2 is a doctor who has recently graduated and has only limited experience of mental health care. When selecting the menu of options, they assume that these reflect the conditions which the system can handle so they classify the patient according to these conditions.

They do not observe a system failure. The system should provide users with the facility to view 3-D models of ancient Greece through a standard web browser and should also support an immersive virtual reality experience. What political and organizational difficulties might arise when the system is installed in the museums that make up the consortium?

A range of answers is possible here. Possible issues covered in the solution might be: 1. Museums are conservative places and some staff may resent the introduction of new technology. Existing museum staff may be asked to deal with problems of the equipment not working and may not wish to appear unable to deal with this.

Other areas of the museum may oppose the system because they see it as diverting resources from their work. Different museums may have different preferred suppliers for the equipment so that all equipment used is not identical thus causing support problems.

The new displays take up a lot of space and this displaces other displays. The maintainers of these displays may oppose the introduction of the system. Some museums may have no mechanism for providing technical support for the system. Suggest three sociotechnical issues that may cause difficulties in the system integration process. System integration is particularly critical because it is at the integration stage that incompatibilities between the different sub-systems or components may come to light.

Generally, the first view that a customer has of a system is after integration. Sociotechnical difficulties that may arise are: 1. Refusal of parts of the team to recognise problems. Some developers may refuse to recognise that their software is faulty and may try to pass the blame for integration problems to people in different organisations.

Different organizations in the integration team are, essentially, trying to transfer the costs to other organizations. Cultural problems due to different organizational approaches to integration.

Integration is perhaps the first time that teams have had to work closely together and their organizations may use different processes for system integration. Reconciling these processes can be difficult. Organizations may be at different stages in their project involvement. For some organizations, integration may be their last project activity and their objective is simply to complete and sign off the process as quickly as possible. For other organizations, there may be later work to be done so they may have a longer-term perspective and wish to spend more time on the integration process.

Legacy systems may be critical for the successful operation of a business for two basic reasons 1. They may be an intrinsic part of one or more processes which are fundamental to the operation of a business.

For example, a university has a student admissions process and systems that support this are critical. They must be maintained. They may incorporate organizational and business knowledge which is simply not documented elsewhere.

For example, exceptions on student admissions may simply have been coded directly into the system with no paper record of these. Without this system, the organization loses valuable knowledge.

Six reasons why dependability is important are: 1. Users may not use the system if they don't trust it. System failure may lead to a loss of business. An undependable system may lose or damage valuable data. An undependable system may damage its external environment. The reputation of the company who produced the system may be damaged hence affecting other systems.

The system may be in breach of laws on consumer protection and the fitness of goods for purpose. A computer-controlled scalpel: Safety as safety-related failures can cause harm to the patient.

An personal finance management system: Security because of potential losses to users. Possible domestic appliances that may include safety-critical software include: Microwave oven Power tools such as a drill or electric saw Lawnmower Central heating furnace Garbage disposal unit Vacuum cleaner Food processor or blender Describe the most important distinction between these attributes and explain why it is possible for a reliable system to be unsafe and vice versa.

Ensuring system reliability does not necessarily lead to system safety as reliability is concerned with meeting the system specification the system 'shall' whereas safety is concerned with excluding the possibility of dangerous behavior the system 'shall not'. If the specification does not explicitly exclude dangerous behavior then a system can be reliable but unsafe. This can arise because of a system failure where a dose greater than the specified dose is delivered or an operator failure where the dose to be delivered is wrongly input.

Software features that may be included to guard against system failure are the delivery of radiation in increments with a operator display showing the dose delivered and the requirement that the operator confirm the delivery of the next increment. To reduce the probability of operator error, there could be a feature that requires confirmation of the dose to be delivered and that compares this to previous doses delivered to that patient.

Alternatively, two different operators could be required to independently input the dose before the machine could operate. Suggest three user errors that might occur and propose safety requirements that would avoid these errors resulting in an accident. Possible user errors are: 1. Maximum daily dose set wrongly 2. Maximum single dose set wrongly 3. Failure to replace empty insulin reservoir 4.

Insulin reservoir improperly fitted 5. Needle improperly fitted Examples of safety requirements to avoid these errors are: 1. When the maximum dose and the maximum daily dose is changed, the user should be asked to input the changed values twice. If the maximum daily dose has already been set by the user then the new daily dose should be no more than 1. The insulin reservoir case should be designed so that it is only possible to fit the insulin bottle the right way and the case should not close unless the bottle is properly seated.

If the back pressure from the needle assembly is more than XX then the system should shut down and issue an audible and text warning.

This allows for blocked needles as well as improperly fitted needles. This machine is controlled by an embedded software system. Treatment requirements are entered in this database and are automatically downloaded to the radiation therapy machine.

Identify three hazards that may arise in this system. For each hazard, suggest a defensive requirement that will reduce the probability that these hazards will result in an accident.

Explain why your suggested defense is likely to reduce the risk associated with the hazard. Hazards: 1. Incorrect dosage of radiation computed 2. Data for wrong patient used to control machine 4. Data transfer failure between database and therapy machine Software protection: 1. Comparison with previous doses delivered. Establishment of a maximum monthly dose which may never be exceeded.

Feasibility checks e. Confirmation of dose to be delivered by operator. Continuous visual display of dose being delivered. Comparison with delivery site in previous treatment. Light used to illuminate site of radiation delivery. Operator confirmation of site before machine can operate. Patient asked to verify name, address and age before machine starts by pressing button. Issue patient with a personal treatment card which is handed over to identify patient.

Maintain separate list of patients to be treated each day and correlate with patient databases. Force machine operator to verify list and database consistency before starting machine.

Dual display of information in therapy machine and database. Highlighting of differences in operator display. Locking of machine until information is consistent. Use of check digits and other error checking codes in the data. Duplicate communication channels between machine and database. Give reasons for your choice of metric. Predict the usage of these systems and suggest appropriate values for the reliability metrics. Note that the values in this table are really quite arbitrary and you need to know more about the domain to set accurate values.

Any values which take into account the type of system involved are equally good. Reliability System Suggested value Rationale metric The system needs to be continuously System should be available as patients may be admitted or unavailable for Patient monitoring discharged at any time. The chosen Availability less than 20 system figure is acceptable because, if minutes per necessary, critical system functions can month. Non-stop system but not critical.

Short Refrigeration unit 20 minutes per Availability periods of failure are not a real problem control month as temperature takes some time to rise. Giving reasons for your answer, chose a reliability metric that might be used to specify the required reliability for such a system.

This is the probability that the system will respond correctly when a request is made for service at a given point in time. This metric is used for protection systems where demands for service are intermittent and relatively infrequent over the lifetime of the system.

Assuming that the signal status and the speed limit for the track segment are transmitted to on-board software on the train before it enters the track segment, propose five possible functional system requirements for the onboard software that may be generated from the system safety requirements.

There are several different possibilities here. Some examples: 1. The system shall ensure that the train brakes are applied when a 'red signal' is received. The system shall sound an alarm in the driver's cabin when a 'red signal' is received. The system shall compare the train speed with the segment speed limit once per second. If the train speed exceeds the segment speed limit and the train throttle position is not zero then the throttle position should be reset to zero.

If the train speed exceeds the segment speed limit and the train deceleration is less than the comfortable decleration limit then the train brakes should be applied. The common characteristics of all styles to support fault tolerance is that there are multiple separate implementations of system functionality and some error detection mechanism that can detect possible software failures.

The origins of the term "software engineering" have been attributed to various sources. All rights reserved. Manufactured in the United States of America. This publication is protected by copyright, and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. To obtain permission s to use material from this work, please submit a written request to Pearson Education, Inc.

Many of the designations by manufacturers and seller to distinguish their products are claimed as trade-marks.

View larger. Download Preface. This material is protected under all copyright laws, as they currently exist. No portion of this material may be reproduced, in any form or by any means, without permission in writing from the publisher. Pearson offers affordable and accessible purchase options to meet the needs of your students. The shaven-headed simitci boy behind them sneered at what he perceived to be the irrationality of such an ancient form of transport.