top - metrics - download
⟦d350cdcf0⟧ Wang Wps File
Length: 15654 (0x3d26)
Types: Wang Wps File
Notes: FOREDRAG
Names: »3148A «
Derivation
└─⟦2a5bfc292⟧ Bits:30006223 8" Wang WCS floppy, CR 0221A
└─⟦this⟧ »3148A «
WangText
page
#…86…1
…02…
…02…
…02…
…02…
COMPLEXITY ISSUES
IN SOFTWARE DEVELOPMENT
- ADVANTAGE OR SYMPTOM
-
PRESENTED
BY
FLEMMING ENEVOLDSEN
SYSTEM ENGINEERING
MANAGER
CHRISTIAN ROVSING
A/S
DENMARK…86…W …02… …02… …02… …02…
…02…
1̲.̲ ̲I̲N̲T̲R̲O̲D̲U̲C̲T̲I̲O̲N̲
Christian
Rovsing
A/S,
a
Danish
Electronics
and
Computer
Manufacturer,
is
actively
engaged
in
the
areas
of
complexity
within
aerospace,
military,
and
civil
data
communication.
As
the
prime
contractor
to
NATO
for
CAMPS
-
Computer
Aided
Message
Processing
System
-
Christian
Rovsing
A/S
(CR)
is
charged
with
the
design,
development
and
implementation
of
a
versatile
and
efficient
Man-Machine-Interface
(MMI)
to
the
NICS-TARE
communication
network
for
SHAPE
member
countries
(fig.
1).
As
an
indication
of
CAMPS
versatilityt
the
system
can
be
interfaced
to
present
low-speed
telex
networks
or,
in
general,
to
any
system
by
means
of
standard
protocols
such
as
X.25
(e.g.
SCARS
and
CCIS).
The
point
of
view
expressed
today
regarding
"Complexity
Issues
in
Software
Development"
are
principally
the
result
of
experience
gained
in
the
CAMPS
programme,
and
the
experience
at
CR
in
the
development
of
complex
systems
will
be
highlighted.…86…W
…02…
…02…
…02…
…02…
2̲.̲ ̲H̲O̲W̲ ̲D̲O̲E̲S̲ ̲C̲O̲M̲P̲L̲E̲X̲I̲T̲Y̲
̲O̲C̲C̲U̲R̲?̲
What
is
the
origin
of
complex
software
and
who
is
responsible
for
it?
I
will
consider
two
origins:
First
the
case
where
the
nature
of
the
procedures
to
be
implemented
in
software
is
by
itself
complex,
and
the
second
case
where
the
way
the
implementation
is
performed
is
the
reason
for
the
complexity.
Implementation
of
complex
procedures
is
an
issue
we
must
live
with,
and
which
should
be
taken
as
a
challenge.
In
contrast
to
this,
the
way
in
which
we
do
the
implementation
is
an
area
where
we
must
strive
for
simplicity
wherever
possible.
Now,
with
respect
to
the
need
for
complex
system,
strangely
enough,
the
more
human
we
try
to
make
systems,
the
more
complex
they
must
become
to
match
the
flexibility
and
versatility
of
human
beings.
As
an
example,
preparation
of
a
message
to
be
transmitted
by
an
oldfashioned
telex
system
is
the
responsibility
of
the
communication
expert,
who
knows
all
the
rules
which
apply.
These
rules,
by
themselves,
are
very
complicated.
Within
NATO
the
communication
procedures,
called
ACP-127,
are
used
(fig.
2).
They
specify
how
messages
must
be
formatted,
i.e.
16
different
lines
with
various
parameters
in
each
line
are
set
up.…86…W
…02…
…02…
…02…
…02…
The
ACP-127
rules
are
the
result
of
many
years
experience
in
using
the
military
communication
system
in
the
most
efficient
way
under
the
expected
circumstances
during
crises
and
wartime.
They
consider
aspects
like
priority
and
security
diversification
or
distribution
of
messages
in
military
organization
based
on
a
subject
indicator
code.
In
CAMPS,
for
example
all
these
aspects
of
ACP-127
are
implemented
by
software
in
order
to
automate
the
message
handling.
This
means
that
CAMPS
is
able
to
receive
messages
in
ACP-127
format
and
act
accordingly.
If
the
message
is
sent
with
a
high
priority
(e.g.
flash)
then
CAMPS
will
interpret
this
immediately
and
act
accordingly,
placing
the
received
message
in
the
corresponding
priority
queue
to
all
the
recipients
of
the
message.
The
effect
of
implementing
complex
procedures
in
systems
like
CAMPS
is
very
promissing,
since
it
takes
several
months
to
educate
a
communication
expert
who
knows
all
the
peculiarities
of
ACP-127.
In
contrast
to
this
it
will
only
take
a
few
hours
to
train
a
user
in
preparation
and
reception
of
messages
using
the
Man
Machine
Interface
of
CAMPS.…86…W
…02…
…02…
…02…
…02…
3̲.̲ ̲S̲E̲C̲U̲R̲I̲T̲Y̲
The
implementation
of
military
security
procedures
in
modern
commucication
systems
gives
rise
to
many
problems.
How
does
one
secure
a
system?
If
a
solution
is
installation
in
a
safe
and
well
garded
place,
then
you
will
have
to
clear
all
persons
who
will
have
access
to
the
system
to
the
same
level
as
the
material
handled
by
the
system;
this
is
very
tedious
and
puts
many
restrictions
on
the
usage
of
the
system.
This
situation
is
known
from
many
existing
installations.
Systems
to
be
implemented
in
the
future,
like
CAMPS,
will
solve
these
security
aspects
by
implementing
the
security
procedures
by
means
of
software.
Future
systems
will
have
to
be
in
accordance
with
very
strict
security
requirement.
The
US
DOD
has
defined
requirements,
termed
Multilevel
Security
Requirememts
that
will
ensure
that
systems
implemented
in
accordance
with
these
requirements
can
operate
safely
in
an
environment,
where
information
of
different
classification
levels
can
be
handled
by
user
having
differentiated
security
clearances,
with
the
system
ensuring
that
only
information
up
to
one's
level
of
classification
can
be
accessed.
It
will
be
the
responsibility
of
the
system
itself
(including
both
hardware
and
software)
to
accomplish
the
nessary
segregation
of
different
classified
information,
and
users
with
different
security
classification.
Systems
will
have
to
be
tested,
from
a
security
point
of
view,
by
an
organization
other
than
the
developing
company.…86…W
…02…
…02…
…02…
…02…
This
independent
organization
will
perform
a
penetration-study
by
studying
the
system
with
access
to
all
its
documentation.
Only
if
a
system
can
survive
this
security
penetration
attempt,
will
it
be
accepted
security
wise.
CAMPS
will
meet
many
of
the
requirements
to
be
found
in
DOD's
"Multilevel
Security"
Requirements
and
it
will
be
tested
by
a
penetration
study
before
going
into
operation,
by
TRW.
I
would
like
to
present
an
example
of
security
enforcement
in
a
communication
system
like
CAMPS.
If
a
user
wants
to
retrieve
a
message
from
the
data
base
he
must
first
get
access
to
a
terminal,
have
the
physical
key
needed
to
unlock
the
VDU,
sign
on
by
entering
his
identification
code
and
his
password.
All
this
will
give
him
access
to
the
system,
but
even
if
he
has
a
high
security
rank
he
cannot
automatically
get
access
to
all
information
within
the
system.
The
principle
of
"need-to-know"
is
implemented
on
top
of
the
abovementioned
security
features
(fig.
3).
In
parallel
with
enforement
of
security
procedures
the
system
must
be
user-friendly;
the
system
must
assist
the
user
in
his
work.
In
a
typical
search
situation
the
user
does
not
know
exactly
what
he
is
looking
for.
For
example,
he
may
recall
that
the
message
he
wants
to
retrieve
was
first
received
on
a
certain
day,
or
he
may
also
know
from
which
headquarters
the
message
was
sent.…86…W
…02…
…02…
…02…
…02…
He
can
then
enter
this
information
into
the
system,
and
it
will
automatically
search
its
files
and
display
the
requested
message
itself,
or
display
a
small
catalogue
of
all
messages
fulfilling
the
search
criteria.
The
two
examples
of
complex
issues
have
their
origin
in
the
nature
of
the
manual
procedures
to
be
implemented
in
software.
They
are
complex
because
they
must
incorporate
many
features
normally
found
only
in
non-automated
procedures.
4̲.̲ ̲S̲Y̲S̲T̲E̲M̲ ̲A̲R̲C̲H̲I̲T̲E̲C̲T̲U̲R̲E̲
Another
area
which
involves
complex
issues
in
software
development
does
not
directly
stem
from
implementation
of
complex
procedures,
but
is
more
connected
to
the
way
we,
as
a
system
house,
try
to
solve
the
customers
need.
The
need
for
more
reliable
systems
is
very
rapidly
increasing
in
these
years,
especially
within
the
military.
Instead
of
waiting
for
more
reliable
components,
chips,
etc.
from
the
hardware
manufacturer,
Christian
Rovsing
A/S
implemented
the
graceful
degradation
principle
on
our
hardware
by
using
software
to
control
the
hardware.
This
involves
development
of
very
complex
software,
but
also
allows
a
very
reliable
system
to
be
put
into
operation.…86…W
…02…
…02…
…02…
…02…
The
concept
we
have
developed
for
implementation
of
graceful
degradation
is
the
n
+
1
principle,
where
n
parallel
processor
units
are
active
while
one
is
available
as
a
stand
by
for
any
of
the
active
processor
units.
A
small
micro
computer
acts
as
a
watch
dog,
which
constantly
monitors
all
active
units
and
initiates
a
switchover
to
the
spare
stand-by
unit
(fig.
4).
The
illustration
shows,
how
the
stand-by
processor
unit
PU
has
access
to
all
CU's
and
hence
is
able
to
replace
any
active
PU
is
case
of
a
failure.
Immediately
after
the
stand-by
unit
has
become
active
and
taken
over
the
failed
units
responsibility,
special
diagnostic
software
analyses
the
failed
unit
and
reports
which
module
within
the
unit
has
to
be
replaced
in
order
to
reestablish
the
failed
unit
as
a
unit
ready
for
operation.
The
actual
repair
of
the
unit
can
be
done
by
replacing
any
failed
module
with
a
fresh
module
without
removing
power
from
the
unit.
The
repaired
unit
is
then
returned
to
active
operation,
and
the
original
stand-by
unit
will
go
back
to
the
stand-by
mode.
In
many
cases
a
hardware
failure
within
a
processor
unit
will
not
require
a
total
switch-over
from
one
unit
to
another,
because
module
redundancy
exists
within
the
unit
itself.
This
is
the
case
where
more
than
one
CPU
module
are
put
into
the
same
unit
in
order
to
get
higher
throughput
than
one
single
CPU
could
provide.
Up
to
5
CPU
modules
can
be
incorporated
in
the
same
unit
used
by
Christian
Rovsing
A/S
to
implement
systems
like
CAMPS.…86…W
…02…
…02…
…02…
…02…
In
the
use
of
discs
the
Christian
Rovsing
computer
CR80
also
allows
utilization
of
mirrored
discs,
which
means
that
all
information
is
written
on
two
discs.
If
one
disc
fails,
the
second
disc
can
continue
operation,
while
the
failed
one
serviced.
Upon
reactivation,
the
repaired
(or
replaced)
disc
then
receives
a
copy
of
all
information
collected
on
the
disc
which
did
not
fail.
The
restoration
of
the
two
mirrored
disc
is
done
while
the
total
system
is
still
active
and
with
at
most
only
minor
disturbance
to
the
user.
All
the
above
mentioned
features
are
built
into
the
operating
system
software
called
DAMOS,
Distributed
Advanced
Multiprocessor
Operating
System.
In
implementation
of
huge
on-line
data
base
management
system
with
high
availability
requirement,
a
redundency
principle
like
the
mirrored
disc
concept
is
a
necessity.
Many
other
complex
issues
have
been
encountered
and
solved
in
the
development
of
the
DAMOS
operation
system
software.
5̲.̲ ̲F̲U̲T̲U̲R̲E̲ ̲S̲O̲F̲T̲W̲A̲R̲E̲ ̲I̲M̲P̲L̲E̲M̲E̲N̲T̲A̲T̲I̲O̲N̲
̲P̲R̲O̲C̲E̲D̲U̲R̲E̲S̲
̲
What
can
we
do
about
the
software
complexity
issue?
Software
development
is
not
yet
an
exact
science,
like
many
other
engineering
tasks,
e.g.
in
construction
of
a
bridge,
the
dimensions
of
all
the
subcstructures
can
be
found
by
a
large
set
of
equations
which
can
be
solved
by
modern
computer
technique.
In
the
future,
many
engineering
tools
will
turn
software
development
into
a
…86…W
…02…
…02…
…02…
…02…
more
exact
science.
Modern
programming
techniques,
like
structured
programming
as
described
by
Jackson
and
others,
have
demonstrated
in
a
very
elegant
way
how
traditional
sequential
files
can
be
merged
and
updated
and
how
reports
can
be
created
from
one
or
more
files
by
programs
constructed
in
a
very
strict
way.
The
essence
of
this
technique
is
that
by
describing
the
structure
of
all
wanted
output
data
and
the
structure
of
all
necessary
input
data,
the
structure
of
the
program
which
takes
the
input
in
order
to
prepare
the
requested
output,
will
have
a
structure
derived
by
combining
the
abovementioned
two
structures.
After
having
established
the
structure
of
the
program,
it
is
a
rather
straight-forward
job
to
produce
the
individual
software
statements.
Unfortunately
this
structuring
technique
is
not
yet
so
refined
that
it
can
solve
the
earlier
mentioned
complexity
issues,
which
we
are
now
implementing
in
user-friendly
real
time
system
like
CAMPS.
The
structuring
techniques
can
today
only
be
used
on
the
lower
level
of
software
development,
i.e.
the
programming
of
the
individual
programs.
On
the
higher
level
other
techniques,
which
are
more
management
techniques
that
engineering
techniques,
have
been
used
with
great
success
at
Christian
Rovsing
A/S
on
large
projects
like
CAMPS.…86…W
…02…
…02…
…02…
…02…
Most
large
computer
system
projects
are
now
implemented
in
accordance
with
well
defined
phases.
First
a
System
Requirements
Specification
document
is
established.
This
document
specifies
in
plain
language
what
the
requirements
to
the
system
are.
The
System
Requirement
Specification
is
agreed
upon
by
the
customer
and
the
contractor
before
the
next
phase
is
begun.
The
next
phase
is
the
system
design
specification,
where
the
overall
system
is
designed
using
plain
language
description
and
diagrams.
In
the
following
phases,
the
Preliminary
Design
and
the
Detailed
Design,
the
software
portion
of
the
system
is
designed
and
described
in
greater
and
greater
detail
(fig.
5).
In
all
these
phases,
the
documentation,
which
has
been
produced,
must
be
reviewed
and
corrected,
so
that
all
errors
and
ambiguities
are
removed.
The
better
you
are
to
remove
errors
in
the
specification
and
the
design
phases,
the
fewer
errors
you
will
experience
in
the
programming,
integration
and
operational
phase.
In
the
CAMPS
project,
we
have
in
cooperation
with
the
customer,
been
able
to
disclose
many
errors
in
the
early
phases.
A
diagram,
which
compares
actual
figures
from
CAMPS
with
industry
figures
show
how
Christian
Rovsing
A/S
in
cooperation
with
the
customer
have
been
able
to
disclose
more
errors
in
the
System
Requirement
phase
than
earlier
(fig.
6
&
7).
In order not to loose requirements between the phases a very strict verification procedure
is used. First, all descriptions of the requirements in the System Requirements Specification
are identified down to paragraph level by a unique indexing scheme. Similarly all documentation
in the following phases are identified to a detailed level.
A unique document called a VCD, Verification Control Document, then identifies all paragraph
indices in the SRS and gives a reference to the place in the relevant design documentation,
where the individual requirement is handled.
A similar treatment is given to all test cases, meaning that every unit of requirement will
have at least one test procedure chained ot it in the various testing phases, i.e. unit test,
subsystem test and system test.…86…W …02… …02… …02… …02…
6̲.̲ ̲C̲O̲N̲C̲L̲U̲S̲I̲O̲N̲
It has been the experience of Christian Rovsing A/S that although development of advanced
real time systems like CAMPS entails many complex issues in software development, modern
engineering and management techniques can cope with these problems, even though it has to
be accepted that the techniques are still to be refined in the future.
It is our belief that the magnitude of these complexity issues will increase in the future
because thay are very closely related to the intellectual behavior of human being, and our
attempt to automate many human procedures by a user-friendly Man-Machine Interface. However,
it is also our belief that new and better techniques to handle these complex issues are evolving.
Concepts like expert systems, smart system or even artificial intelligence are no longer
expressions only from science fiction.
