pptx by yaofenji

VIEWS: 0 PAGES: 28

									    Developing Risk Models
 Requires Mathematics, Domain
Knowledge and Common Sense,
although not Necessarily in that order

           Brendan Murphy
          Microsoft Research

               EDCC Valencia 2010
          Talk Content
Are People                         Metrics and
a problem?                        Measurements



 Models                           Interpretation




             EDCC Valencia 2010
    Tandem Systems availability
      1985 – 1990 (Jim Gray)
• Fault Tolerant Systems
• Highly trained System Managers and Service
  Engineers
• Systems sent failures to Tandem
• Findings
  – “Operations is a significant cause of outages,
    second only to software”
  – “Operators are people, they will not be less faulty
    in the future”
                      EDCC Valencia 2010
Monitoring DEC Server Systems
• Reality did not match the theory
  – System reality is impact by product quality
    therefore static
• System Reality is periodic
  – Daily
  – Weekly
  – Monthly
  – Quarterly
                    EDCC Valencia 2010
Monitoring DEC Server Systems
                                                                                             Cause Of System Interruptions
                                   Cause Of System Crashes
                                                                                                      7%
                                                                                                 2%
                         100%                                                               1%
                                                                                                                      Operator Shutdowns
                         90%                                                                                          Hardware Crashes
                         80%                                                                                          Software Crashes
 Percentage Of Crashes




                         70%                                                                                          Other Crashes
                                                                     Others
                         60%
                                                                     System Management
                         50%
                                                                     Softw are Failure
                         40%
                                                                     Hardw are Failure
                         30%
                         20%
                         10%
                          0%
                            1985                             1993

                                       Changes Over Tim e

                                                                                                             90%




         The underlying trend was operators                                              Crashes only represent 10% of all
             increasingly causing crashes                                                              Outages!
        System and Network complexity made                                                Availability driven by controlled
                   matters worse                                                                     shutdowns!
                                                                    EDCC Valencia 2010
Murphy Gent 1995 Q&RE
 Measuring OS on DEC Servers
                         Reliability of Operating Systems


                         Slow ARE im provem ents
                         identifies this vers ion as
                         being difficult to ins tall




                                              Vers ion A has a higher
                                              reliability than Vers ion B
                 ARE




                                                                            Version A
                                                                            Version B




                                     Pos t ins tallation Pe riod
            Goodne s s




        System reliability increases dramatically in the days
       following installation Reliability continues to improve
                       over the next 5 months
                                                 EDCC Valencia 2010
Murphy Gent 1995 Q&RE
   Reliability of Microsoft Software
                             0.09
                             0.08
                                                                         Model
                             0.07
                                                                         Data Average
              Failure Rate




                             0.06
                             0.05
                             0.04
                             0.03
                             0.02
                             0.01
                               0
                                    1   2   3    4    5     6    7   8   9   10   11
                                                 Number of months




Software reliability always improve in the months following installation
              Improvement not due to software patches
             Improvement due to changes in usage profile
                                                EDCC Valencia 2010
  Jalote, Murphy, Sharma TOSEM
  Do humans only impact failures
         due to usage.
• The reliability of the released system and
  software are heavily dependent on the
  usage profile.
• Is the underlying software quality based
  purely on development process?
  – Do human factors have a significant impact?
  – If so how do you feed this into a model?

                   EDCC Valencia 2010
                   Metrics and
                  Measurements


“The people who cast votes decide nothing. The people who count
the votes decide everything” Joseph Stalin




                         EDCC Valencia 2010
     Measurement Objectives
• Tracking the Project
  – Project Managers can interpret most data
• Identify Exceptions
  – Cross correlation of data to identify
    exceptions or gaming
• Predictions
  – Completion dates and release quality
  – Verify on past projects.

                     EDCC Valencia 2010
 Problems with tracking Metrics
• Metrics collected through software tools
  – Metrics often a By-Product
  – Tools evolved as do the metrics
     • Making historical comparisons difficult
• People / organizations adapt
  – Peoples behaviour changes based on the
    problem being addressed
  – People/ Organizations learn from past
    mistakes
                       EDCC Valencia 2010
             Software Churn
        Initial “Gold Standard” Metric
• Lehman and Belady identified its
  importance in 1960’s
• Measure code rather than Binary churn
• Key attributes
  – Churn frequency
  – Amount of churn
  – Frequency of repetitive churn
  – Late Churn
                    EDCC Valencia 2010
       Churn Correlates to Failures




Use of Relative Code churn measures to predict System Defect Density, ICSE 2005
                            Nagappan, Ball (Microsoft)
                                    EDCC Valencia 2010
 Metrics Monitored in Windows
• Test Coverage
  – Arc / Block coverage reflecting testing
  – Testing focuses on problem areas so may be
    symptomatic rather than a predictor of quality!
• Bugs
  – Identified through in-house testing and Beta feedback
  – Difficulty in identifying bug severity!
  – Beta testers not necessarily reflecting user base
• Code Complexity
  – OO and non OO metrics
  – Measures often reflect ease of testing!
                       EDCC Valencia 2010
  Metrics Monitored in Windows
• Dependencies
   – Direct and indirect dependencies reflect impact of change
   – Binaries cluster into three categories
• Architectural Layering
   – Does not distinguish hardware interfaces
• Code Velocity
   – Time code exists in the system before being checked into
     the main branch
   – Process rather than quality measure
• Legacy Code
   – Legacy code is either very good or a potential time bomb!

                         EDCC Valencia 2010
Organizational Structure Metrics
• Propose eight measures that quantify
  organizational complexity capturing issues
  such as
  – Organizational distance of the developers
  – The number of developers working on a component
  – Component changes within the context of an
    organization
• Organizational structure not taken literally
  – Structure reflects logical rather than actual structure

                        EDCC Valencia 2010
                      Models




“The ability to foretell what is going to happen tomorrow, next week,
next month, next year. And to have the ability afterwards to explain
why it didn’t happen” Winston Churchill on politicians


                            EDCC Valencia 2010
          Building the Models
• Various methods have been used to build the
  models
  – Bayesian, Step- wise regression
     • Technique applied does not make that big a difference
• Train and verify the model on a past product,
  apply to future products
• Initial focus was developing models for Vista
  – Pre usage of People data

                        EDCC Valencia 2010
  Initial results of the Risk Model
                           Training data
               Win 2003 Win XP SP1 Win XP SP2
Win 2003         73%                    60%   67%
Win XP SP1       64%                    76%   64%
Win XP SP2       71%                20%       89%
Win 2003 SP1     78%                96%       70%
RC
                   EDCC Valencia 2010
  Initial Interpretation of Results
• Variation in the objectives of releases
  – Main Releases are feature focused
     • New features create usage issues
  – Service Packs are risk adverse
• Variations between client and server software
  – Management, usage profile and hardware
• Ignoring vital areas
  – Engineers
                       EDCC Valencia 2010
 Developing Models using Vista
• Developed models for predicting product
  status
  – Achieved accuracy late in the development cycle
• Developed Organizational Metrics
  – Focus is to enhance Churn Metrics
• Verify the predictability of the Organizational
  Metrics
  – Predict the post release failure rate based on
    single metrics
                     EDCC Valencia 2010
Accuracy of Metrics as Predictors
  Each attribute characterized by a set of metric
      All metrics correlated against failures
     Model            Precision         Recall

  Organization          86.2%           84.0%
   Structure
     Churn              78.6%           79.9%
  Complexity            79.3%           66.0%
 Dependencies           74.4%           69.9%
   Coverage             83.8%           54.4%
Pre-Release Bugs        73.8%           62.9%
                   EDCC Valencia 2010
             Interpretation




“I was gratified to be able to answer promptly and I did. I said I
didn’t know” Mark Twain, Life on the Mississippi.


                            EDCC Valencia 2010
        Why Org Structure Matter
                                             Org B
    Org A


Low                                                  Binary

 Risk                                     High       Bug Fix
                                                     New
                                          Risk       Feature

        High Risk                        Known
        Unknown
                                         Org D
Org C
                    EDCC Valencia 2010
  Applied Models to Windows 7
• Tracking Project Status
  – Knowledge gained from cross correlating metrics
• Providing Real Time Data
  – No point identifying historical risk!
• Risk Assessment
  – Adapt to changes in Org structure and project
    management
• Verification of models once failure profile is
  known
                       EDCC Valencia 2010
Problem in Building Risk Models
• Predicting the Future
• Telling good Engineers something they
  don’t already know
  – Known Problematic area
    • Areas interfacing with hardware
       – Win 7 must work with existing hardware and not all
         hardware follows specs!
    • New complicated areas
    • Areas with a track record of problems
                        EDCC Valencia 2010
                        Summary
• Humans impact reliability
• Building knowledge is more important than models
   – Getting papers into conf/ Journals is far easier than getting
     engineers to value your results.
• Developing accurate risk models is difficult
   – Ensuring they provide useful and timely data is the real problem
• Writing complex software is difficult
   – So its highly unlikely that a simple model will capture that
     complexity!



                             EDCC Valencia 2010
QUESTIONS?


  EDCC Valencia 2010

								
To top