Software Engineering (phần 5) pdf

An important articl e regarding acceptance of correctness proofs by the software engineering comm unity - The IEEE 4 s standard for Software Reviews' ' IEEE 1028, 19971 is an excell ent

! ! Eàres that certainly looks right

.' It is far too easy to be fooled by plausible results

l

; '

!

I i E If programm ers are allowed to test their own code

,t hen there al ways is the danger

j : j that test be recorded A fter the test has been performed, the actual results should be

l i : 1 recorded and compared with the expected results.

I I, l !! ! ', Even in sm all organizations and with sm all products, it is im portant that this

l

j 1 ! ' j r ecor di ng be done i n machi ne- readabl e form,because test cases should never be

! : @ 1.! j t hrown away The reason for this is maintenance W hi le the product is being main-

I 1 I

,I

j

; ! ë j w ay that electronic valves were replaced by transistors Alternatively, a product still

l l l ) 1 j 1 may be useful , but t he cost of port ing it to new hardware or running it under a new

i j i :

operating system m ay be larger than the cost of constnlcting a new product, using

! ' l 1 '

.1 1 the old one as a prototype

so, tinally, the software product is decom m issioned andI

.The chapter begins with a descript ion of quality j :

li :

f l ( ' r ; i ssues ( Sect i on 6 1) Next , nonexecut i on- based t est i ng idescri bed ( Secti on 6 2), wi t h j

: a car ef ul di s cussi on of wal kt hr oughs and i ns pect i ons Thi s i s fol l owed by a def i ni - j 1

F

2

FoR FURTHER READING X@1 '

E ness proving is introduced and an example of such a proof is given in Section 6.5.1

:1 The role of correctness proofs in software engineering then is analyzed (Sections 6.5.2 :

I

; and 6 5 3) Another i mportant issue is that systemati c executi on-based testing must

T be performed by the i ndependent SQA group and not by the programmer (Secti on I

L r 6 6) Final ly, the issue of when testi ng can l inall y stop is discussed in Section 6 7.

i- The attitude of software producers to the testing process has changed over the years, '

S from viewing testing as a means of showing that a product runs correctly to the m odern l

e

. attitude that testing should be used to prevent requirem ent, specilication, design, and '

# ' implementation faults.This progression is described in gGelperi n and Hetzel, 19881.

warequali ty, i ncl uding (Tevonen, 19961 The November l 996 issue of IEEE Computer !

- also has articles on software quality Yet another series of articles on software quality l

!

i s in the June 1997 issue of the Communi cati ons oft he ACM Of part icul ar interest are ' ( Herbsl eb et al., l 9971, which describes the effect on software quali ty of improving

y t he soft ware process, and g Arthur, 19971, a description of how total qualit y manage- ;

e ment was used to im prove software quality within M cDonnell-Douglas A different

1 approach to achieving quality is descri bed in gonoma and Yamaura,19951 A way :

& of assessing the overall quali ty of a software product is descri bed in gBoloi x and

g Robil lard, 19951 M yt hs regarding software qual ity are discussed in g voas, 19991.

d Rel iabil ity i s discussed in a set of arti cl es in t he M ay 1995 i ssue of IEEE Software.

y ' g a , B ber 19871 a good i nt roduct i on t o pr ovi ng pr ogr ams corr ect One of he st an- i ! j

.

i dard techniques of correctness proving is using so-called Hoare logic, as described in : !

'

e g l- loare, 1969J An al ternative approach t o ensuring that products satisfy t heir

speci-hcations is to construct the product stepwise, checking that each step preserves

cor-r ectness This is described in g Di jkst ra, 1968a, and W i rth, 1 97 l 1 An important articl e

regarding acceptance of correctness proofs by the software engineering comm unity

-

The IEEE 4 s standard for Software Reviews' ' (IEEE 1028, 19971 is an excell ent E ësource of inform ation on nonexecution-based testing A paper on how to conduct 1

l

i nspect ions as well as thei reffecti veness is (Ackerman

, Buchwal d, and Lewski, 19891 2

1 Inspection of a very large software product (2 5 mil lion lines of code) is descri bed j

i n g Russel l, 19911 Other sources of i nformation on experi ence with inspections are ' y

h gDool an, 1992, and Well er, 19931 Cost issues, such as reducing the size of a team and l

! !:

- mi nimizing the t ime l ost whi le waiti ng for reviewers to meet, are descri bed in g volta, 2

t 19931 An experiment evaluating the costs and benefit s of inspecti ng a l arge-scale ;

.

;, software product is described in (Porter, Siy, Toman, and Votta, l 9971 A vari ety of I

2 useful papers on inspect ions appears i n g W heel er, Brykczynski , and M eeson, 19961 1

j l ! The M ay 1989 issue of IEEE Software has a wi de variety of papers on testing

1 ; issues Both execution-based and nonexecution-based testing are covered The pro- **1P %i

, I ô l You are a member of he SQA gr oup at Ye Ol de Fas hi oned Soft ware You s ugges t o s

l I i ! your m anager that inspections be introduced. He responds that he sees no reason why

or1

; - i

'

j four people shoul d wast e their ti me l ooking for faul ts when one person can run t est t

! ! 1 cases on the sam e piece of cod

e How do you respond?

( 'i !

I '

PROBLEM: %*a ' è

.

r :

i3n, ' buying a new type of tax preparation package for use throughout the organization g '

' Before authorizing the purchase of the package, you decide to test ithoroughly.W hat : 7

'

i '

781 . ô.g All 154 branches of Tex's Taxes are now to be connected by a com munications i '

1 i network A sales representati ve offers you a 4-week free t rial to experiment with the '

rel, com munications package he is trying to sell.W hat sort of software tests would you

.9 You are a vice-admiral of the N avy of the Republic of Clarem ont in charge of devel

-ted op ngi the software for controlling the new ship-t o-shi p missil e (Probl em l 3) The

7 iS has been delivered to you for acceptance testing

.W hat properties of thesoftware

é.1 1 Assume that you have some experience with loop invariants and that you know that '

;

' i nvariant (6 4) is t he correct invariant for the loop of Figure 6 6 Show that output

specifi cation (6 3) is a natural consequence of the Ioop i nvariant ;:.12 Consider the follow ing code fragm ent: '

t prove that this code fragm ent correctly com putes g = n! if n is a positive integer

aft- é *1a can correctness proving solve the problem that the product as delivered to the client

ain : ' t be what the client really needs? Give reasons for your answer .

may no:.14 How should Di jkstra's statement (Secti on 6 3) be changed t o apply to correctnesstell proofs rather than testing? Bear in m ind the case study of Section 6.5.2

é.15 Desi gn and implement a soluti on to the Naur t ext -processi ng problem (Secti on 6 5 2) è

) using the language specihed by your instructor Execute it against test data and record

.1é (Term Project) Explain how you would test t he utilit y, reli abi lity, robustness, per- :L54 form ance, and correctness of the Broadlands Area Children's Hospital product in i 1'

i !i

'k :

I

i

!

. j ! ' ' f.1 7 ( Readi ngs i n Sof t war e Engi neeri ng) Your i nst ruct or wi l di s ri but e copi es of Whi t 1

! ) t aker, 20001 Br ooks ( Sect i on 2 9) consi der s four di fcul t es of sof t war e t o be essen- ,

r j ! gBaber, l9871 R L BABER The Spine ofsohware: Designing Provably CorrectSoftware: (

1 l : j é Theoty and Practi ce, John Wil ey and Sons, New York, l 987 (

1 1, : gBeizer,19901 B BEIZER, Software Testing Techniques, 2nd ed., Van Nostrand Reinhold, (1l

! Thoughts on Why They Are Successful , in: Formal Met hods and Software

1 l h Developmentb Proceedings ofthe lnternationalJointConference on W/lcory and Practice E1:. '

j k ' ofsoftware Development, Volume 2, Springer-verlag, Berlin, 1985 pp 17-28 ;

E ' i. , ' ' ; r oe B hm l984a1 B.W BOBHM, çtverifying and Validating Software Requirements and Design (1

l;j I i Jet Propulsion Laboratory, Proceedings ofthe 12th International Conference on

i 1I l Software Engi neering, Ni ce, Fr ance, March I 990, pp.19* 99 11

j

'

! r (DeM illo, Lipton, and Perlis 19791 R A DEM II-LO, R J LlpvroN, ANI) A J PERLIS, 'social

l i t l ! prooesses and Proofs of Theor

ems and Programs, ' Communi cati ons of ll l e ACM 22 ' I 1 1 t l

t p 2 p g oi jkst r, 19681 E. W DIJKSTRA. G'A Constructive Approach to the Problem of Program (1

j j r , fDool an, 19921 E P DooLAx Experi ence wi th Fagan s I nspect ion Method,

! ! ' ;q ' Sopware- practice and Experience 22 (Febrtlary l992) pp l73-82 (h

i ! g Fagan, 19761 M E FAGAN, ' resi gn and Code Inspecti ons to Reduce Errors in Program

, and dramatic new discovery of the m id-lgsos, a revolutionary alternative to the then popular structured

: par and the 1980s, adi gm That and obi not he ects were simply a logi case Ins t ead, he t heor cal y devel of modul opment wi ar i y underwent thin t he theory of modul eady progres s arity (but see the duri ng t he 1 970: j g

Just i n Cas e You Want ed t o Know box on page 168) Thi s chapt er descr i bes obj ect s wi t hi n t he cont ext of : $

.

! This approach i s taken because i t is extremely diffi cul t to use objects correctly wi thout understandi ng r

extrem ely difécult; for another programm er to understand it is virtually impossible I

' The solution is to break the product into sm aller pieces, called modules W hat is i

a module? ls the way a product is broken into m odules im portant in itself or is it I

important only to break a large product into sm aller pieces of code? @ i

j '

An early attempt to dcscribe modules is by Stevens

, Myers, and Constantine, i (

. who defined a module as A set of one or more contiguous program stat( em ents hav- ';I

Ii

ng a name by whi ch other parts of t he system can invoke i t, and preferably having j

. its own disti nct set of vari abl e names' ' Ist evens, M yers, and Constantine, l 9741 In : !'

. other words, a module consists of a single block of code that can be invoked in the l

way that a procedure, function, or m ethod is invoked This definition seem s to be

. extrem ely broad It includes procedures and functions of all kinds whether

inter-, nal or separately com piled lt includes CO BO L paragraphs and sections, even though

1ô7

)

j l ! was too radical for practi cal use,so it lay dorm ant un- later, w hen encapsulation and abstract data types had

1 l I t iI t he earl y l980s, when i t essential l y was reinvent ed become part of soft war e engi neeri ng.

l , !

j

j

' ' j ' i wi t hi n t he cont ext of t he heor y of modul ar i y I s eems t hat we human bei ngs adopt new i deas

I I j 7 Ther e ar e ot her exampl es i n t hi s chapt er of onl y when we ar e eady t o use hem, not neces sar i y 2

l they cannot have their ow n variables, because the detinition states that the property ;

'q 1 ( of possessi ng a distinct set of variable names is merely ç ç preferable.' It also includes

1 ! contiguous sequence of program st at ements, bounded by boundary elements, havi ng

-j l I j by the previous det initi on but i s broad enough to be used t hroughout this book ln

j El '' j; q r particular, procedures and funetions of the d assical paradigm are m odules In the '

T 1 ' are conneeted together in a sim ple fashion N ow, our architect friend decides that the

! J ircuit should be fabricated on three silicon chips

,so he designs the three chips shown

I ! j j and the third is for the registers At this point John vaguely recalls that someone in cor

i ! it is best to build chips so that they have only one kind of gate

Flgvre KI Design of a FIgue* Ya Computer of Figure 7, i

comput er f abr i at ed on hr ee chi ps j

,and three other chips

.

1Aents

, edge of digital Iogic imm ediately will know that the chips in Figure 7.2 form an ë

O R ALU a shifter, and a set of registers However, even a leading hardware expert will @

D

,lown have trouble understanding the function of the various AND O R, and NOT gates in

j

! 1 ! : second, corrective maintenance of the circuits shown in Figure 7.3 is difficult.

! ' : ' should there be a design fault in the computer and anyone capable of com ing up

! k I j j whet her i t appears to be in the way the ALU works, the way the shifter works, or

' t i ' the way t he registers work Similarl y, if the computer of Fi gure 7 2 breaks down, i t

j ë.

i l l ë is relatively easy to determ ine which chip to replace; if the com puter in Figure 7.3

, l 1 i

! h ! 1 breaks down, it is probably best to replace al l three chi ps.

' l 1 Thi rd,the com puter of Figure 7.3 is difficult to extend or enhance If a new type '

: l 11

l

i i of ALU is needed or if faster registers are required

, itis back to the drawing board But C

,the chips of Figure 7.3 cannot be reused in any new product

i , ! ' can be util ized for any product other than the one for which they were designed In a1 l

1 l ; pro bability the , three chips of Figure 7.2 can be reused in other products that require

;i of mai ntenance, the major component of the total software budget, as pointed out in

l ' 1 l Chapter 1.The m aintenance effort, whether corrective, perfective, or adaptive, is re- :' i

.some aut hors have used the t erm bi nding in place of

! j ' i now uses t he term co es

' l ë ! coupling.Unfortunately, binding also is used in other contexts in com puter science,

! '; 1 such as the binding of values to variables

.But coupling does not have t hese overt ones

u COHESION In :

lt that module For example, module m is used to com pute the square root of a double :

lp precision integer A key point in C/SD is that the nam e assigned to a m odule is its

le action and not its logic or its context Therefore, in C/SDS m odule m should be nam ed i

lt com pute square roof; its logic and its context are irrelevant from the viewpoint of !L

P' Myers del ined seven categories or levels of cohesion (Myers, 1978b1 In the light of

't modern theoretical computer science,M yers's irst tw o levels are considered equally

CS good.M ore precisely, as w i11 be shown functi onal cohesion is optimal for the struc- I

tl1 tured paradigm,whereas informational cohesion is optimal for the object -oriented

re g paradigm The resulting ranking is shown in Figure 7.4 This is not a linear scale of

)any sort

.It is m erely a relative ranking, a way of determ ining which types of cohesion ;

re

ip ' To understand what constitutes a m odule with high cohesion

.it is necessary to l

' t

ar start at the other end and consider the lower cohesion levels i

1 '

t tl

! 0

p st

in A m odule has coincidental cohesion if it perform s m ultiple,com pletely unrelated :e- actions An example of a m odule with coincidental cohesion is a m odule named

m pri nt next Ii ne, reverse i he string of charact ers compri sing the second crgument,

i add 7 t o t he f i hh ar gument , convert t he f our t h or gument f o f l oat i ng poi nt An :

er O bvious question is, How can such modules possibl y arise in practi ce? The most ' (

common cause i s as a consequence of rigidly enforci ng rules such as tç every modul e 1

!

E a shall consist of between 35 and 50 executable statements.' lf a software organization 1'S, insists that m odules m ust be neither too big nor too small,then two undesirable things

n will happen First, two or more otherwise ideal sm aller modules have to be lum ped

W together to create a larger module with coincidental cohesion Second, pieces hacked j

II

, E

l'

j

l k, : from well-designed m odules that m anagem ent considers too large are combined,

1 1 i again result ing i n modul es wi th coincidental cohesion.

. j uct, b0th corrective m aintenance and enhaneem ent From the view point of trying to ' 1

ct, modularization wi th coincidental cohesion i s worse than no 1

( l ' l l (. whi ch i s sel ect ed by t he eal l ng modul e Al l t he f ol l owi ng are exampl es of modul es '

l I j wi t h l ogi cal eohes i on:

1 l C, t he comment lines, three of t hem are not needed if funcli on code is equal to Z This

1 1I ': 1 , , degrades readability,w ith the usual implications for m aintenance, both corrective and

j I j ' j Exampl e 4 A modul e wi t h l ogi cal cohesi on i n an ear l y versi on of OS/ VS2 per- '

l l formed 13 different acti ons; i ts interface contains 2 l pieces of data (Myers, l 978b1.

diffcult to understand, Exam ple 1 is a case in point, and com prehensibility of the :

gfer ' module as a whole m ay suffer as a result Second, the code for m ore than one action E

I '

od- m ay be intertwined, leading to severe maintenance problem s For instance, a m odule

to that perform s all input and output may be structured as shown in Figure 7.5 If a new '4

no tape unit is installed, it m ay be necessary to modify the sections num bered 1, 2, 3, 4, :not 6, 9,and 10 These changes m ay adversely affect other form s of input-output, such as

the laser printer output, because the laser printer w ill be affected by changes to sections

1 and 3 This intertwined property is characteristic of m odules w ith logical cohesion

; so A further consequence of this intertwining is that it is difficult to reuse such a m odule

Id be called perf orm i ni ùi al i zati on.

(7sD, such a module wou

ë

!1

. Code for aII input and output I

I j 1 country where it previously has not done business

, a number of modules wi ll have

i l ' ' form ed on the same data

.Two examples of modul es wi th communicat ional cohesion E 1

l ! ! ' t o ref er o t empor al , procedur al, and comm unicational cohesion, because the actions A

j I j 1 ( perf ormed by such modul es ar e adjacent n t he pr oduct iowchart Ber ry, 1 9781 The it

7a CQHESION lF5 '

:

y to cohesion because, in addition to being perform ed in selies, the actions are perform ed

zed on the same data, and therefore i t is natural that t hese actions should be adjacent in

rber A m odule thatperforms exactly one action or achieves a single goal has functional

co-l be hesion Exampl es of such modules are get temperature of furnace; comput e orbi t al

f el edron; writ e t o diskeqe; and cal cul ate sal es commi ssi on '

hen A module with functional cohesion often can be reused because the one action

Eely that it perform s often needs to be perform ed in other products A properly designed, :

thoroughly tested, and well-docum ented m odule with functional cohesion is a valu- 'abl e (economic and technical ) asset t o any software organi zation and shoul d be reused !

as often as possi ble (but see Section 7.5).

M aintenance is easier to perform on a m odule with functional cohesion First,functional cohesion leads to fault isolation If it is clear that the tem perature of the !

the furnace is not being read correctly, then the fault almost certainly is in m odule gel

ivith i emperature of furnace Simil arly, if theorbi tal of anelectron is comput edincorrectly, :

d t hen the first place to look i s comput e orbi t al of el edron ' '

Once the fault has been localized to a single module, the next step is to m ake I

tted the required changes Because a module with functional cohesion perform s only one

!

and action, such a m odule generally is easier to understand than a module with lower I ;

E !

q to cohesion This ease in understanding also sim plihes the maintenance Finally, when j

king the change is m ade, the chance of that change affecting other modules is slight,

especi all y if the coupl ing between modules is low (Secti on 7 3) i

le when a product has to be extended For ex- iFunctional cohesion also is valuab

am ple, suppose that a personal com puter has a 10 M b hard drive but the m anufacturer 'now w ishes to marketa m ore powerfulm odel of the computer with a 30 M b hard drive !

!1i

ns t ad Rea di ng hr ough he i of modul es , he ma i nt e na nce pr ogr ammer nds l

l y module named wri t e t o hard dri ve. The obvious t hi ng to do is to replace that module y

ler- with a new one called w rite to

kon ln passing, it should be pointed out that the three çém odules'' of Figure 7.2 have

lew functionalcohesion,and the arguments made in Section 7 for favoring the design of

use Figure 7.2 over thatof Figure 7.3 are precisely those made in the preceding discussion :

ons A module has inform ational cohesion if it perform s a number of actions, each with t

h action,a1lperform ed on the same irhe its ow n entry point, w ith independent code for eac j

ged data structure An exam ple is given in Figure 7.6 This does not violate the tenets I

hm of structured programm ing' each piece of code has exactly one entry point and one

k nal exi t point A major di fference between l ogical cohesion and i nformational cohesion j

!

1 i

! E '. , stract data type, as explained in Section 7.5,and aIlthe advantages of using an abstract

j :i 2 i !, '. data type are gained when a module with inform ational cohesion is used. Because

l i ' 1 i both have been label ed as having coi nci dent al cohesion, rather than temporal

cohe-l 1 ! : 1 : i ' S - i on Fi r st,consider modul e i ni t ali ze sums and open fi l es. It performs two actions

t j rel ated in time, i n that both have t o be done before any cal culations can be performed,

; 1 ? i ther factor is involved.Initializing the sum s is related to the problem ,

, i calculat on, ano

: but opening hles is a hardware issue that has nothing to do with the problem itself

I j I ; The rule when tw o or m ore different levels of cohesion can be assigned to a m

od-l i ( ul e i s t o as si gn t he l owest possi bl e l evel Thus, becaus e i ni t al i ze s ums ond open f es

!1 , r ! The di scussi on i n t hi s par ogr aph ossumes t hat he obst r act dot o t ype or obi ect wel l desi gned I fa e met hods

! 1 : I l ofan obiect perform completely unreled actions, then tne obiecthas coincidental cohesion '

j ' - 1

!

:

xa CoupuNG 1yF

: '

coincidental functional functional coincidental

initialize sum s create new store close files and 'and tem perature tem perature print average

open fies record record tem peratures

f unct i onal functi onal I

d in site, store record @rea

a could have either tem poral or coincidental cohesion

, the low er of the two levels of ,ohesion coincidental i s assigned t hat module That al so i s the reason why cl ose

)- Recall that cohesion is the degree of interaction within a module Coupling is the

ls degree of interaction between two m odules As before, a number of levels can be

â, distinguished, as shown in Figure 7.8 To highlight good coupling, the various levels

! I

'

i2 I l

l

i

i

t q Two modules are content coupled if one directly references the contents of the other.

j 5 AlI the followi ng are examples of cont ent coupl ing:

i I I This practice is not rest ri cted to assembl y language programming

.The ol ierverb, now l

( 7 i ! Suppose t hat module p and module q are content coupled One of t he many

i i i dangers is t hat almost any change to q, even recompili ng q wi th a new compil er or

:

'

Furtherm ore it is im possible to reuse module p in

i i

ë'

I) g ! som e new product without reusing module q as well W hen two modules are content

' ! ' coupled, they are inextricably interlinked.

l l Il j I 1 Two modules are com m on coupled if both have access to the same global data. The

1 I ' ' situation is depi ct ed in Figure 7.9. Instead of com m unicating w ith one another by

) y : 1 coupling, it is necessary that both modules can read and wlite to the database', ithe

l l database access mode is read-onl y, then this is not common coupli ng But there are

1 ë : ) ' p module cal led by them Determini ng under what conditi ons t he loop termi nates then : t

j is a nontrivial question; if a run-tim e failure occurs, it m ay be difhcult to reconstruct (

V Flgure %* Common coupling. Flgvee K1@ Fseudocode

l Third,i f a maintenance change is made in one module to the declarati on of ,

-a global variable, then every m odule that can access that global variable has to be ,I

c ha n ge d Fur t he r mor e al l hang es mus t be cons i e nt J

y A fourth problem is that a comm on-coupled module is difhcult to reuse because I

;

r ' the identical list of global variables has to be supplied each tim e the module is reused

i

n The fifth problem is potentially the m ostdangerous As aconsequence of com m on

k ' coupling, a m odule m ay be exposed to more data than it needs This defeats any ;

attem pts to controldata access and ultim ately may lead to com putercrime M anytypes

z such access will be exclusively in read-only m ode, thus precluding the programm er

making unauthorized changes to his or her m onthly salary To make such changes,thef

1 , programmer has to fi nd another dishonest employee, one wit h access to the relevant I

n records in update mode But if the product has been badl y desi gned and every modul e l

à daring of readers from using common coupli ng

,there are situations where comm on k

coupling mi ght seem to be preferabl e to the al ternatives Consi der, for example, a 1

s product that performs computer-aided design of petrol eum storage tanks (Schach

and Stevens-Guill e, 19791 A tank is specihed by a large number of descript ors such

, as hei ght diameter, maxi mum wind speed to which the t ank will be subjected, and

; insulation thickness The descriptors have to be initialized but do not change in value :.

1 thereafter, and m ost of the m odules in the product need access to the values of the : '

t descriptors Suppose that there are 55 tank descriptors If all these descriptors are : ë

! ) passed as arguments to every module, then the interface to each m odule will consist ;E

of at least 55 argum ents and the potential for faults is huge Even in a language like

' ' Ada which requires strict type checking of argum ents, two arguments of the sam e @ '

l ' type still can be interchanged, a fault that would not be detected by a type checker r '

1 I

r One soluti on is to put all the tank descri ptors in a dat abase and design the product ; j

ë ' in such a way that one m odule initializes the values of all the descriptors, whereas : 1

i i

al l the other modul es access the database excl usively in read-only mode However, !1

i 1

!

! 1 an alternative is to use com m on coupling but in a controlled way

.That is, the productI

! ; t

. should be designed so that the 55 descriptors are initialized by one module, but none

: !

5 i of the other m odules changes the value of a descriptor This program m ing style has

.1 I ( t t : t o be ent orced by management , unl i ke t he dat abase s ol ut i on, wher e cnf orcement

' : ' imposed by the software.Therefore, in situations where there is no good alternative

2 j , t o compl et e my t ask; accor di ngl y, wr i e err or message ABCI 2379 t hen p and q ar e 4

t ; control coupled.In ot her words, if q passes i nformation back t o p and p deci des what I

I ; ; : 1 Consi der, for exampl e, the call cal cul at e wi thhol di ng (empl oyee record) It is :

'

j( ''

, wit hout readi ng the enti re cal cul ot e wi t hhol dinq modul e, whi ch l ields of

' 1g , : jI the empl oyee record the modul e accesses or changes Passing t' he employee s salary,

f

j (

nn obviously is essential for com puting the w ithholding, but it is difhcult to see how the

cn ' employee's hom e telephone num ber is needed for this purpose lnstead, only those

I 1

lct fields that itactually needs for com puting the withholding should be passed to module 1

ne '' ccl cul at e wi thhol di ng Not onl y is the resul ti ng modul e, and part icul arly i ts int erface, 11

i t

L as easier to understand,i is Iikely to be reusable in a variety of other products that also : !

)

i need to compute wit hhol ding (See the Just in Case You W anted to Know box bel ow ,

ve for another perspective on this.)

ne ' Perhaps even more important, because the call col cul ate wit hhol di ng ( empl oyee

ng ' record) passes more data than i s strictly necessary, the probl ems of uncontrol led data

access, and conceivably com puter crim e, once again arise This issue was discussed: in Section 7.3.2

i Nothing is at al1 wrong wi th passing a data strtl ct ure as an argument, provided that I

I I

all the components of the data structure are used by the called m odule.For exam ple,

call s like i nvert matri x (originol matri x, invert ed matri x) or print invent ory record ' h d) ass a data structure as an argument, but t he called modul es l

1 er ( war e ouse recor p

j

le operate on a1l the com ponents of that data structure Stamp coupling is present when

on a data structure is passed as an argument, but only some of the components are used

is by the called module

A subt le form of stamp coupling can occur in I anguages like C or C++ when a 1

le poi nter to a record is passed as an argument Consider t he call check ol ii tude (poi nt er ' ' 1

t o posi t on r ecor d) At hr sti ght , what bei ng pass ed i s a s i mpl e var i abl e But he t 7

l ed modul e has access t o al l of t he f i el ds i n t he posi l on r ecor d poi nt ed t o by l

Passing four or five different fields to a module may be any kind, including for performance reasons gKnuth

. slower than passing a complete record This situation 19741

leads to a larger issue: W hat should be done when op- But what if optimization really is required? ln this

ie ' timization issues (such as response time or space con- case,Knuth'sSecondLaw of O ptim ization applies.The

i :

ny straints) clash with what generally is considered to be Second Law (labeled for experts only) is: Not yet? ln .

Lts good software engineering practice? other words, first com plete the entire productusing ap- l

s ln m y experience, this question frequently turns propriate software engineering techniques.Then,if op- 1

I

1

'