SACHER ICT paper

Home

My homepage at Politecnico

The SACHER approach to requirements management

The SACHER team, c/o
Luigi Lavazza

CEFRIEL - Politecnico di Milano

Via Fucini, 2

20133 Milano (Italy)

e-mail: lavazza@cefriel.it

phone: +39-02-23954258

Abstract

The effective management of user requirements is of vital importance for any software development process. This activity spans from software procurement to project management, to the technical development activities. The aim of the SACHER project is to increase the efficiency of requirement management (and particularly requirement change management) in software development and maintenance. In particular, the SACHER project aims at enabling or improving the estimation of both technical and managerial consequences of given requirements (changes), and at defining and supporting an innovative approach to contract definition in software procurement.

The fundamental idea of SACHER is that the software process and product can be modelled and quantitatively characterised through proper measurement, in order to provide a sound basis for different kinds of analysis, including cost estimation, change impact and sensitivity analysis.

Introduction

Most industrial software-intensive systems are affected by unavoidable requirements changes, that —occurring in any phase of the software lifecycle— have strong impacts on technical and organisational issues of software project management.

Requirement specification and customer requirements management are the subject of requirements engineering [7]. However, requirement changes acquire particular relevance in software procurement, for both the procurer and the supplier (respectively the software end-users and the software producers). Procurers look for effective management of contractual practices, by quantifying clauses in the contracts and then assessing their accomplishment. Suppliers have in requirement management the key factor for customer management and business success, but they still lack the ability to estimate and control supply costs and this is often the main reason of supply failures.

The SACHER (Sensitivity Analysis and CHange management support for Evolving Requirements) ESPRIT Project is based on the idea that requirement change management is a key factor for successful cost-effective software development, and aims at:

	increasing the efficiency of requirement change management in software development and maintenance;
	improving cost estimation in software contract definition;
	defining and supporting an innovative approach to contract definition in software procurement.

The SACHER approach involves conceptual modelling of the software product and process in order to identify and maintain the traceability relations that allow impact analysis. Cost functions are defined for the process activities —according to the process model— and the parameters of these cost functions are evaluated and tuned through measurement.

The main project results will consist of the SACHER tool-set, supporting requirement change management through impact analysis, cost evaluation and cost sensitivity analysis, and the SACHER methodology, positioning the SACHER requirement management approach within a software process viewpoint and introducing a modern software procurement practice.

The project is still in its initial phase, having completed the user needs analysis, and is currently working at the definition of the conceptual framework for the SACHER methodology and tool-set.

The rest of the paper is structured as follows: Section 2 describes the SACHER approach in general, Section 3 reports about the SACHER methodology, while in Section 4 an operating scenario is described. The final section draws some conclusions and outlines the future evolution of the project.

The SACHER approach

The macro-objectives described in the introduction map onto the following concrete objectives of the SACHER project:

	To define a framework for modelling the software product and tracing requirements (with regard to both technical and organisational aspects), as a mean to estimate costs and time needed to accomplish such changes.
	To define an effective approach to technical and organisational impacts of requirement changes (impact analysis).
	To provide a reliable support for cost evaluation of requirements change, as well as the consequent economic impact on overall project costs.
	To provide the evaluation of system sensitivity against potential changes, as a new quality factor for the final product. Sensitivity indicates how much the whole set of software artifacts which form a product has to change in order to accomplish a given set of requirements changes.

The aforementioned achievements will be exploited in the definition of the following techniques to support the software procurement process:

An adaptable approach for accurate predictions of software development costs based on software requirements (taking into account potential requirement changes as well).

A new approach in software procurement for defining unambiguous customer product acceptance specifications.

Expected project results are:

The SACHER tool-set, managing requirement changes in software development and maintenance, and supporting impact analysis, cost evaluation and cost sensitivity analysis.
The SACHER methodology, placing the SACHER approach to requirement management in a software process management perspective, and introducing a modern software procurement approach based on objective software cost parameters.
The database of measurements, gathered through the user pilot experiments and constituting the flexible knowledge-base for cost evaluation within the SACHER tool-set.

The SACHER approach considers the software lifecycle and its products and, focusing on requirements, it concentrates on requirement changes which may occur during the development. Change requirements management is conceived as a sequence of steps, listed hereby:

modelling links among project artifacts and tracing requirement correspondences (product modelling)
evaluating the impact of requirement changes (impact evaluation)
evaluating the cost of performing a requirements change, in terms of resources and time needed (cost evaluation)

The SACHER approach to change management is also a way to define a new software procurement process, based on requirements, as explained in the following sections.

Product modelling

The "reasoning" capabilities of SACHER will be based on the model of the product being considered.

Figure 1: High-level view of the product model.

A very simplified view of the product model is reported in Fig. 1. The product model includes both the product requirements and the artifacts (i.e. design documents, code, test plans, testing reports, user manuals, etc.) that are developed in order to build the required software system. It also represents the relationships which link requirements to artifacts, thus providing the traceability information which is needed to perform change impact and other types of analysis concerning the characteristics of changes.

There are a few important observations that are worth reporting:

	Products can be very different. This means that SACHER will not be based on a fixed model, but it will allow the customisation of the product model.
	The model is independent from the tools and methodologies used in the development process.

Project management artifacts (e.g., development plans and schedules, resource allocation, etc.) are also linked to requirements.

	The requirement specification can be formal, semiformal or informal (e.g., plain text). Depending on the formality level of requirements specification, more or less sophisticated automated reasoning will be possible.
	Requirements do not need to be modelled. SACHER should manage the real requirements and reason about them. On the contrary, SACHER does not need to have access to the real artifacts: on one hand it could be very complex to integrate the SACHER tool-set with the development environment, on the other hand SACHER just needs to know a few characteristics of the artifacts.

The product model is described by means of the UML [5] notation. Figure 2 reports a simplified example of part of the product model. In particular, Figure 2 is centred around the concept of feature. Feature engineering [6] makes requirements documentation more useful, by modularising requirements into coherent features. This allows to propagate the packaged results of requirement analysis to the other life-cycle activities in a disciplined way.

From the SACHER point of view, the variable abstraction level of features brings a relevant benefit. In fact, in order to assess the impact of a change, it is clear that the more precise the description of the existing requirements and of the change, the more precise the assessment. In particular, it is important that artifacts are linked to requirements at the correct granularity level.

For instance, in a CAD system, a change could concern the polygon drawing features (which are a proper subset of the global drawing features): the proper decomposition of features in sub-features at various granularity levels will allow to identify the artifacts that depend only on the polygon drawing features (excluding artifacts which are devoted to drawing, but not to polygon drawing).

On the other hand, the possibility of viewing features at different levels allows to express comprehensive changes. For instance, the request to change the language of the user interface is attached to the user interface feature, and affects all its parts.

The high degree of traceabily allowed by the features is also a prerequisite for impact analysis.

Figure 2: UML model of artifacts.

The model of the artifacts reported in Figure 2 is absolutely generic, and needs to be properly refined, if precise analysis has to be performed. For instance, if the product is developed according to object-oriented techniques, the "Module" described in Figure 2 will be modelled as a cluster of classes, which will be interconnected by relationships like usage, specialisation, aggregation.

The process model

The cost of changes is not determined simply by the kind of change and by the type of artifact changed. On the contrary, it depends mainly on which activities are carried out in order to accomplish the change, and how these activities are performed. Therefore, a process model is also needed. The process model will not need to be too detailed (for instance, we do not need dynamic —or control— information). In practice we need to know how the process is organized into activities. For each activities we shall give:

	the meaning of the activity;
	the input and output artifacts;
	the roles involved;
	the information that controls the activity (e.g., that triggers or terminates the activity);
	(optionally) how the activity is organized into sub-activities.

A data-flow model expressed by means of the IDEF0 notation [1], like the one reported in Figure 3, is a good starting point. In order to perform impact analysis, the description of the activities has to be enhanced with the indication of which subset of the outputs depend on which subset of the input flows, in which conditions.

Figure 3: Sample IDEF0 model of a process fragment.

The interesting characteristics of the process model are that:

	Each activity can be refined in order to include all the interesting details.
	Activities can be aggregated, in order to hide unnecessary details.
	It must be consistent with the product model. Every item described in the product model must appear in the activity model as an input and/or output flow. Vice-versa, every item in the product model has to be generated and/or consumed by an activity of the process model.

Project management activities can be modelled exactly as technical activities are.

The following observations apply:

	Processes can be very different. This means that SACHER will not be based on a fixed model, but it will allow the customisation of the process model.
	The model depends on the tools and methodologies used in the development process. For instance, an object-oriented development process model will be different from a traditional process.

Requirement change impact evaluation

When a potential requirement change occurs, the impact evaluation is performed, with respect to both technical artifacts and managerial ones. The impact of requirement changes is evaluated by the system depending on:

	The change specification (including which requirements are changed, and what type of change is to be performed).
	The process model.
	The current situation of the process. In fact, it is possible that the required change is performed in different ways, according to the situation of the process. For instance, a bug correction is carried out in different ways (and at different costs) if the process is in the system testing phase rather than still in the coding phase.

For instance, if the system is informed that requirement X will be updated, and X is a requirement of type C, then the system will compute the set of activities that in the current situation will manage an input of type C. In general, the computation will not be fully automated, since the user intervention could be needed to make choices among possible ways of carrying out the change.

Cost assessment

The cost of a change is a function of the computed impact. When the set of changes is known, and the activities that will accomplish those changes is known as well, it is sufficient to apply the cost function to each activity and sum the partial costs.

The cost function will simply assign a cost to an activity on the basis of:

	The activity definition.
	The input flow.
	Who performs the activity.
	The change specification.

Clearly it could be the case that no data are available for the specific conditions specified (e.g., it is the first time that a relevant change is made on a big piece of complex code using a given tool). In these cases the user could be asked to supply the cost parameters according to his own estimate.

Derivation of cost parameters through measurement

A methodology is required to estimate cost data in a reliable way. GQM [2] will be used to determine a set of metrics for evaluating the development process and product characteristics, together with factors influencing them. During the SACHER project, relevant metrics on ongoing software development processes will be gathered, and the knowledge database for cost evaluation will be populated.

The choice of GQM descends from the familiarity of consortium members with the method, and from the availability of the GQM-Tool supporting the method.

The definition of the metrics relies on the process model. In fact, measurement aims at characterising quantitatively every activity. For instance, consider the activity of changing a piece of code, as described in Figure 3. The cost depends on:

	The activity definition: are inspections and/or testing required, what development tools are available, are configuration management and/or change control performed, etc.
	The input flow: how complex is the source code, in which language it is coded, is it well modularized, etc.
	Who performs the activity: how skilled is the person, how well is the input known by the responsible, etc.
	The change specification: how accurate is the required change, how big is the change (i.e., how many lines should be changed, etc.).

The SACHER methodology will contain a customisable version of the GQM plans (i.e., metrics definitions) developed within the projects. Together with the plans, SACHER will also provide the data collected by the pilot projects. However, as mentioned before, the definition and results of metrics are strictly dependent on the underlying process. SACHER users should thus carefully adapt the metrics definitions, and selectively apply the available results, according to their own process.

Architecture

The SACHER project will extend an existing tool for requirement management. In particular, the original tool will be enhanced by means of:

	A modelling module, responsible for managing product and process models.
	Analysis modules, like the impact evaluation module, responsible for performing different types of analysis on the models.
	A cost evaluation module.
	A set of "filter" modules which will import the information relevant to SACHER from development tools.

The measurement tool and the metrics database will be separate. The cost function parameters will be extracted from the database through suitable queries and fed to the SACHER tool.

The SACHER methodology

The SACHER requirement change management represents also a mean to support a new approach to software procurement, in the initial contractual phases, during potential contract revisions and at supply acceptance, allowing:

	the supplier to estimate accurately the software development costs, referring to given requirements
	the procurer to specify the system’s requirement change sensitivity as an acceptance clause of the supply
	procurer and supplier to agree (and specify within the contract) the degree of requirement changeability which can be requested by the former to the latter

The SACHER methodology will provide guidelines on these issues.

The SACHER methodology will give guidelines on the SACHER approach and on how to adopt this technology in order to achieve effective requirement management within the software development process and the software procurement process. The need for providing a methodological support to the tool users and for positioning SACHER within a process view descends from these observations:

	tools alone do not solve the problems connected with software development; instead, they need to be used in the context of a global process view. In this context, the final software product quality is just as good as the process it is originated from.
	Requirements management is considered (e.g. in the CMM [3] model) one of the very basic practices to be established in order to obtain a reliable and effective development process.
	The phenomenon of creeping requirements (i.e., the "physiological" change in requirements, generally estimated about 1% per month) is related to development process, rather than to a specific project.

The SACHER methodology addresses three different levels of detail:

The "process awareness" level: this is concerned with showing potential users how their software process could benefit from the application of SACHER in the requirement management activities. In this case the methodology provides a general set of concepts relating clearly the capability and features of SACHER to the key practices and improvement areas identified by various process-related methods (e.g., CMM, SPICE, Bootstrap, ami). The aim is to provide process-aware organisations and consultants with a methodology that explains how a process assessment and improvement initiative can take into consideration SACHER and possibly end up with the decision to adopt this technology.

The "procurer-supplier" process level: this part of the methodology explains how SACHER can affect the definition of different kinds of contracts, and how it can be used to support the management of such contracts. The SACHER methodology will support different contract management strategies. For instance, SACHER could be used jointly by the procurer and the supplier, acting as a sort of judge to evaluate the relevance of the requirement change and consequent impact. Alternatively, the supplier could keep SACHER hidden from the procurer (e.g., because the procurer has not the software culture to understand it). In any case, it is quite clear that SACHER provides a solid base to evaluate concepts (like the "amount" of changes or the types of changes, or the software "sensitivity" to changes) which were previously very difficult to express.

The "software environment" level: the methodology also takes into account rather low-level issues, that are of fundamental importance for the practical applicability of the method. For instance the methodology addresses issues concerning the deployment of the tool (how to integrate it into an existing software development environment, how to customise it, etc.). In order to set-up SACHER in an effective and seamless way, a new user has to:

	Understand how SACHER is positioned in the process (this means to identify which are the input to SACHER, the output, which activities are performed with the help of SACHER, which are monitored by SACHER, etc.).
	Customise SACHER in order to take into account the specificity of the actual production and product. This implies at least customising the SACHER process and product model, making them consistent with the actual software process. Moreover, metrics have to be defined and collected, in order to provide a correct quantitative characterisation of the process model
	Actually integrate the SACHER tool-set in the existing hardware/software environment. This implies tool integration, translation of software requirements from the user’s formalism into SACHER notation, etc.

A specific part of the methodology concerns the quick start. In fact, in order to use SACHER at its best, the user should first customise it, as described above. This might be a long process, therefore we provide guidelines for a quick start. These include high-level modelling of the process and product, in order to have only a few coarse-grain parameters to insert in SACHER, possibly consistent with popular methods, like COCOMO [4].

The SACHER scenario

The SACHER scenario is represented in Figure 4, where thin lines represent data flow and thick lines represent logical correspondence.

Figure 4: The SACHER system.

The scenario described in Figure 4 has to be interpreted as follows:

The procurer supplies a requirement change, which is formalised by the SACHER user and provided to the system.
The system (which has been previously loaded with the product and process models) computes the impact of the given change, in terms of artifacts which have to be modified, and activities which have to be carried out in order to implement the required change. Note that in this activity the SACHER tool will in general require the assistance of the user, since some impacts could be difficult to estimate.
The estimated impact is evaluated through a cost function, according to cost parameters which are either derived from the measurement base or supplied directly by the user.
The result is provided to the SACHER user and is also recorded in the measurement base. Recording the estimations computed by the system allows to assess the precision of the system, and to "tune" the GQM plans accordingly.

Note that the above scenario is only a partial example of the usage of SACHER. In fact, this example does not show how the information produced by the system is used in the procurer-supplier negotiation.

Moreover, the cost evaluation part is optional: the user could employ SACHER just to estimate the impact of changes from a technical point of view. Different kinds of analysis (not necessary related to efforts and costs) can be defined on top of the SACHER models: for instance, the user could assess the impact of a requirement change on the architecture of the system.

Finally, it is interesting to note that SACHER can be applied not just to changes in requirements of existing products, but also to new developments,. In fact, the difference between the two cases is that in the former the artifacts were built when implementing the original requirements, while in the latter they do not exist. This is not a big problem, since SACHER reasons on product and process models, not on the real artifacts. In order to apply SACHER, it is thus only necessary to supply it with the model of the to-be artifacts. This activity can be integrated within the regular development process, since the models developed for use by SACHER can be refined and become the real software artifacts. In any case, it is also possible to keep the SACHER models at a high level of abstraction, thus minimising the effort devoted to defining them.

Conclusion and future work

The SACHER project is an ambitious attempt to manage software requirements, and especially requirements changes, in an innovative way. The SACHER approach aims at using objective and reliable models to reason on software development corresponding to new requirements or to changes in the requirements of existing or under-construction products. Therefore, this approach implies the integration of product modelling techniques, process modelling techniques, requirement representation and management techniques, and measurement definition, collection and analysis techniques.

The SACHER project is now in its initial phase. The project is expected to finish in October 1999.

Up to now, some fundamental choices have been made. In particular, the main characteristics and objectives of the product and process models have been identified. The user needs have been explored, and the specifications of the SACHER tool-set are being written.

The implementation of the SACHER tool-set will start in May 1998, and will provide a first prototype in October 1998. This prototype will be available to SACHER partners for carrying out pilot projects, which will provide feedback for further developments and refinements of the tool-set.

References

[1] Integration Definition for Function Modeling, IDEF0. Federal Information Processing Standards Publications, December 1993.

[2] V. Basili, H.D. Rombach, The TAME Project: Towards Improvement-Oriented Software Environments, IEEE Transactions on Software Engineering, 14 (1988), p.758-773

[3] Software Engineering Institute, The Capability Maturity Model. Guidelines for Improving the Software Process, Addison-Wesley, 1995

[4] B. W. Boehm, Software Engineering Economics, Prentice Hall, 1981.

[5] http://www.rational.com/uml

[6] C. Reid Turner, Alfonso Fuggetta, Alexander L. Wolf "Foundations for Feature Engineering of Software Systems", Technical Report CU-CS-830-97, Department of Computer Science, University of Colorado, 1997.

[7] P. Hsia, A.M. Davis, D.C. Kung Status Report: Requirements Engineering, IEEE Software, 10(6), November 1993.