Page 171 - DCAP305_PRINCIPLES_OF_SOFTWARE_ENGINEERING
P. 171

Unit 8: Detailed Design



            inform the caller that an error has occurred. The calling module can then check the error flag for   Notes
            successful completion of the called module. It should be unnecessary for the caller to check the
            other module outputs. It is possible for a subordinate to fail to return control. Modules should
            normally set a ‘timeout’ when waiting for a message, a rendezvous to be kept, or an event flag
            to be set. Modules should always act appropriately after a timeout (e.g. retry the operation).
            The principle of immediate detection means that possible errors should be checked for
            immediately.  If  the  reaction  is  not  immediate,  the  error  should  be  flagged  for  later  action.
            Conventions for taking action after detection of an error should be established. Normally error
            control responsibilities of a module should be at the same level as normal control responsibilities.
            Error logging, if done at all, should be done at the point where action is taken, and not at the
            point of error detection, since the significance of the error may not be apparent at the point of
            detection. It may be appropriate to insert diagnostic code at the point of detection, however.
            Only the top level module should have responsibility for stopping the program. Developers
            should always check that there are no ‘STOP’ statements lurking in an otherwise apparently
            useful module. It may be impossible to reuse modules that suddenly take over responsibility
            for the control flow of the whole system. Halting the program and giving a trace back may be
            acceptable in prototype software (because it helps fault diagnosis), but not in operational software.
            In detailed design, redundancy considerations can lead designers to include checksums in records
            and identity tags to confirm that an item is really what it is assumed to be (e.g. header record).
            Myers also makes a useful distinction between ‘passive fault detection’ and ‘active fault detection’.
            The  passive  fault  detection  approach  is  to  check  for  errors  in  the  normal  flow  of  execution.
            Examples are modules that always check their input, and status codes returned from system
            calls. The active fault detection approach is to go looking for problems instead of waiting for
            them  to  arise.  Examples  are  ‘monitor’  programs  that  continuously  check  disk  integrity  and
            attempts  to  violate  system  security.  Often  most  system  code  is  dedicated  to  error  handling.
            Library modules for error reporting should be made available to prevent duplication of error
            handling code. When modules detect errors, they should call error library modules to perform
            standard error handling functions such as error logging and display.
            Defensive  design  principles  have  influenced  the  design  of  most  modern  languages.  Strong
            type-checking languages automatically check that the calling data type matches the called data
            type, for example. Analysis and design algorithm goes further and builds range checking into
            the language. The degree to which a language supports defensive design can be a major factor
            in its favours.

            8.1.6 Optimization
            Conventionally,  optimization  earnings  to  make  the  best  compromise  between  opposing
            tendencies. Improvement in one area is often associated with degradation in another. Software
            performance is often traded-off against maintainability and portability, for example.
            The optimization process is to:
               •  Define the attributes to change (e.g. execution time);
               •  Measure the attribute values before modifying the software;
               •  Measure the attribute values after modifying the software;
               •  Analyze the change in attribute values before deciding whether to
               •  Modify the software again.
            Optimization can stop when the goals set in the SRD have been met. Every change has some
            risk, and the costs and benefits of each change should be clearly defined. The law of diminishing
            returns can also be used to decide when to stop optimization. If there are only slight improvements
            in the values of attribute values after optimization, the developers should stop trying to seek
            improvements.



                                             LOVELY PROFESSIONAL UNIVERSITY                                   165
   166   167   168   169   170   171   172   173   174   175   176