3-How to Write Good Requirements 2.pdf

Full Transcript

SWE 216: Software Requirements Engineering

Lecture 3
How to Write Good Requirements
 Course Topics
Why Requirements Engineering?
Introduction to Requirements
How to write good requirements
RE in Software Development Life Cycles
System Vision, Context, and RE Framework
Requirements Discovery
Fundamentals of Goal Orientation
Fundamentals of Scenarios
Agile Estimation and Feature Prioritization
Requirements Conflicts and Negotiation
Requirements Validation
Fundamentals of Requirements Management
Prototyping
Usability requirements
3

Lecture Objectives

✓ Learn how to write good requirements
✓ Learn about writing requirements pitfalls
✓ Learn about quality measurements
4

Anatomy of a Good Requirement

Defines the system under discussion Verb with correct identifier (shall or may)

The Online Banking System shall allow the Internet user
to access her current account balance in less than 5 seconds.

Defines a positive end result Quality criteria

✓ The challenge is to seek out the system under discussion,
end result, and success measure in every requirement
5

Standard for Writing a Requirement
Each requirement must first form a complete sentence
Not a bullet list of buzzwords, list of acronyms, or sound bites on
a slide
Each requirement contains a subject and a predicate
Subject: a user type (watch out!) or the system under discussion
Predicate: a condition, action, or intended result
Verb in predicate: “shall” / “will” / “must” to show mandatory
nature; “may” / “should” to show optionality

The whole requirement provides the specifics of a desired end goal
or result
Contains a success criterion or other measurable indication of the
quality
6

Standard for Writing a Requirement
Several standards define precisely how to use keywords (verbs and
adjectives) in their documents.

Example: IETF RFC 2119: Key words for use in RFCs to Indicate
Requirement Levels
▪ MUST, REQUIRED or SHALL: mean that the definition is an
absolute requirement of the spec.
▪ MUST NOT or SHALL NOT: absolute prohibition
▪ SHOULD or RECOMMENDED: think twice about not doing
it!
▪ SHOULD NOT or NOT RECOMMENDED: think twice
about doing it!
▪ MAY or OPTIONAL: truly optional
7

Standard for Writing a Requirement
Look for the following characteristics in each requirement
▪ Feasible (not wishful thinking)
▪ Needed (provides the specifics of a desired end goal or result)
▪ Testable (contains a success criterion/other measurable indication of
quality)
▪ Clear, unambiguous, precise, one thought
▪ Prioritized
▪ ID

Note: several characteristics are mandatory (feasible, needed, testable)
whereas others improve communication
8

Writing Pitfalls to Avoid
Never describe prematurely how the system is going to achieve
something (over-specification), always describe what the system is
supposed to do
○ Refrain from designing the system prematurely
Danger signs: using names of components, materials,
software objects, fields & records in the user or system
requirements
○ Designing the system too early may possibly increase system
costs
○ Do no mix different kinds of requirements (e.g., requirements
for users, system, and how the system should be designed,
tested, or installed)
9

Writing Pitfalls to Avoid
○ Do not mix different requirements levels (e.g., the system and
subsystems)
Danger signs: high level requirements mixed in with
database design, software terms, or very technical terms
○ Beware: may depend on the level of abstraction…
Your what is my how!
10

Writing Pitfalls to Avoid

▷ “What versus how” test

The system shall use Microsoft Outlook to send an
X
email to the customer with the purchase confirmation.
The system shall inform the customer
that the purchase is confirmed.
11

Writing Pitfalls to Avoid
Avoid ambiguity
○ Write as clearly and explicitly as possible
○ Ambiguities can be caused by:
The word or to create a compound requirement
Poor definition (giving only examples or special cases)
The words etc., …and so on (imprecise definition)
Example: “With your meal you have a choice of soup or salad and rice”

Do not use vague indefinable terms
○ Many words used informally to indicate quality are too vague to be
verified
○ Danger signs: user-friendly, highly versatile, flexible, to the maximum
extent, approximately, as much as possible, minimal impact
The EasyEntry System shall be easy to use and require X
a minimum of training except for the professional mode.
12

Writing Pitfalls to Avoid
Do not make multiple requirements
○ Keep each requirement as a single sentence
○ Conjunctions (words that join sentences together) are danger signs:
and, or, with, also
Do not ramble (talk too much)
○ Long sentences with arcane (mysterious) language
○ References to unreachable documents

The Easy Entry Navigator module shall consist of order X
entry and communications, order processing, result
processing, and reporting. The Order Entry module shall be
integrated with the Organization Intranet System and
results are stored in the group’s electronic customer record.
13

Writing Pitfalls to Avoid
Do not speculate
○ There is no room for “wish lists” – general terms about things that
somebody probably wants
○ Danger signs: vague subject type and generalization words such as
usually, generally, often, normally, typically
Do not express suggestions or possibilities
○ Suggestions that are not explicitly stated as requirements are invariably
ignored by developers
○ Danger signs: may, might, should, ought, could, perhaps, probably
Avoid wishful thinking
○ Wishful thinking means asking for the impossible (e.g., 100% reliable,
safe, handle all failures, fully upgradeable, run on all platforms)

The Easy Entry System may be fully adaptable to all X
situations and often require no reconfiguration by the user.
14

Typical Mistakes
Noise = the presence of text that
Wishful thinking = text that defines a
carries no relevant information to any
feature that cannot possibly be validated
feature of the problem
Silence = a feature that is not covered Jigsaw puzzles = e.g., distributing
requirements across a document and
by any text
then cross-referencing
Over-specification = text that Inconsistent terminology = inventing
describes a feature of the solution,
and then changing terminology
rather than the problem
Contradiction = text that defines a Putting the onus on the development
staff = i.e., making the reader work hard
single feature in several incompatible
to decipher the intent
ways
Ambiguity = text that can be Writing for the hostile reader (fewer
of these exist than friendly ones)
interpreted in >=2 different ways
Forward reference = text that refers
to a feature yet to be defined
Source: Steve Easterbrook, U. of Toronto
 Patterns for Functional Requirements:
15

Easy Approach to Requirements Syntax (EARS)
A Ubiquitous requirement is continually active and takes the form The
shall
A State-driven requirement is active while some precondition remains true
and takes the form WHILE the shall

An Event-driven requirement is activated when a triggering event is
detected at the system boundary and takes the form WHEN
the shall
An Option requirement is used for systems that include a particular feature
and take the form WHERE the
shall
An Unwanted Behavior requirement defines the required system response
to an unwanted external event and takes the form IF THEN
the shall
16

Rate these Requirements
The Order Entry system provides for quick, user- X
friendly and efficient entry and processing of all orders.

Invoices, acknowledgments, and shipping notices shall
be automatically faxed during the night, so customers
X
can get them first thing in the morning.

Changing report layouts, invoices, labels, and form
letters shall be accomplished.
X
The system shall be upgraded in one whack. X
The system has a goal that as much of the IS data as X
possible be pulled directly from the T&M estimate.
17

Quality Measurements
Non-functional requirements need to be measurable
Avoid subjective characterization: good, optimal, better...

Values are not just randomly specified
Must have a rationale (e.g., why 25% less time instead of 20%, 30%?)
Stakeholder must understand goals and trade-offs

Precise numbers are unlikely to be known at the beginning of the
requirement process
Do not slow down your initial elicitation process
Ensure that quality attributes are identified
Negotiate precise values later during the process

Make the desirable direction of values known
Very few requirements actually need one specific value.
The game’s frame rate shall be higher or equal to 60 fps
18

Performance Measures
Lots of measures
Response time, number of events processed/denied in
some interval of time, throughput, capacity, usage ratio,
jitter, loss of information, latency...
Usually with probabilities, confidence interval

Examples
In case of peak load, the system shall have a minimal
transaction rate of 100 payments per second.
In standard workload, the CPU usage shall be less than
50%.
Production of a simple report shall take less than 20
seconds for 95% of the cases.
Scrolling one page up or down in a 200 page document shall
take at most 250 milliseconds.
19

Performance Measures: Patterns (1)

In case of peak load, the system shall have a minimal transaction rate of 100 payments per second.
20

Performance Measures: Patterns (2)
21

Reliability Measures

Measure of the degree to which the system performs during a
request
Ability to perform a required function under stated
conditions for a specified period of time
Very important for critical, continuous, or scientific systems

Can be measured using
Defect rate
Degree of precision for computations

Examples
Function X’s precision of calculations shall be at least
1/106.
The system defect rate shall be less than 1 failure per 1000
hours of operation.
22

Availability Measures (1)

Definition: Proportion of time that the system is up and running
correctly
Probability that the system is there when needed!
Can be calculated based on Mean-Time to Failure (MTTF) and
Mean-Time to Repair (MTTR)
MTTF : Average duration between operation start and
failure
MTTR : Average duration needed to resume operation after
a failure
Availability = MTTF/(MTTF+MTTR)
May lead to architectural requirements
Redundant components (lower MTBF)
Modifiability/Substitutability of components (lower MTTR)
Special types of components (e.g., self-diagnostic)
23

Availability Measures (2)
Examples
The system shall meet or exceed 99.99% uptime over a year.
The system shall not be unavailable more than 1 hour per
1000 hours of operation. (This is a MTBF requirement)
Less than 20 seconds shall be needed to restart the system
after a failure 95% of the time. (This is a MTTR
requirement)

Availability Downtime
○ 90% 36.5 days/year
○ 99% 3.65 days/year
○ 99.9% 8.76 hours/year
○ 99.99% 52 minutes/year
○ 99.999% 5 minutes/year
○ 99.9999% 31 seconds/year
24

Security Measures (1)
There are at least two measures:
1. The ability to resist unauthorized attempts at usage
2. Continue providing service to legitimate users while under
denial of service attack (resistance to denial of service
attacks)
Measurement methods:
Success rate in authentication
Resistance to known attacks (to be enumerated)
Time/efforts/resources needed to find a key (probability of
finding the key)
Probability/time/resources to detect an attack
Percentage of useful services still available during an attack
Percentage of successful attacks
Lifespan of a password, of a session
Encryption level
25

Security Measures (2)
May lead to architectural requirements
Authentication, authorization, audit
Detection mechanisms
Firewall, encrypted communication channels

Examples of requirements
The application shall identify all of its client applications
before allowing them to use its capabilities.
At least 99% of known intrusions shall be detected within
10 seconds.
26

Privacy Measures
It is insufficient to cite appropriate laws… “The system
shall comply with The Personal Information Protection
and Documents Act (PIPEDA)” does not help much (too
coarse-grained)!
Consider the relevant parts of laws, as well as other sources
and standards. For example: US Fair Information Practice
Principles (FIPPs) guidelines (source:
http://player.slideplayer.com/18/6144807/#)
27

Usability Measures (1)
In general, concerns ease of use and of training end users. The
following more specific measures can be identified:
Learnability: proportion of functionalities or tasks mastered
after a given training time
Efficiency
Acceptable response time
Number of tasks performed or problems resolved in a given
time
Number of mouse clicks needed to get to information or
functionality
Memorability: number (or ratio) of learned tasks that can still be
performed after not using the system for a given time period
Error avoidance
Number of error per time period and user class
Number of calls to user support
28

Usability Measures (2)
Error handling: mean time to recover from an error and be able to
continue the task
User satisfaction
Satisfaction ratio per user class
Usage ratio
Examples
The system should enable at least 80% of users to book a guest
within 5 minutes after a 2-hour introduction to the system.
The system shall enable novice users to perform tasks X and Y in
less than 15 minutes.
The system shall enable expert users to perform tasks X and Y in less
than 2 minutes.
The satisfaction level of the system shall be “very good” or better for
at least 80% of customers polled after a 3 months usage period.
29

Maintainability Measures
Measures ability to make changes quickly and cost effectively
Extension with new functionality
Deleting unwanted capabilities
Adaptation to new operating environments (portability)
Restructuring (rationalizing, modularizing, optimizing, creating
reusable components)
Examples
Every program module must be assessed for maintainability
according to procedure XYZ.
At least 70% of the program modules assessed according to
procedure XZY must obtain “highly maintainable”
0% of the program modules assessed according to procedure
XZY must obtain “poor”.
The cyclomatic complexity of the system code must not exceed 7.
No method in any class may exceed 200 lines of code.