Y2K: The cost of test
- By James Brady
- June 26, 2001
Testing is projected to be one of the most time-consuming and expensive aspects
of the year 2000 (Y2K) remediation process. In fact, leading analysts have estimated
that code testing will amount to somewhere between 50% and 60% of the entire
project cost. How-ever, their projection assumes that code modifications will
be made in much the same manner that other types of code maintenance changes
have historically been made, and that the same type of testing is required to
achieve acceptable quality levels in production.
While testing is -- and will continue to be -- required to find and fix errors
introduced during the code-modification process, many of the costs projected
for year 2000-related code testing can be eliminated entirely. These major cost
reductions are accomplished by introducing automated testing techniques during
the renovation process that greatly reduce the need for unit test, component
test and system test phases after the code is modified.
This article examines the testing costs that have, to date, been associated
with year 2000 code renovation, and shows how automated testing techniques can
effectively collapse the time required for, and the costs incurred during, post-renovation
Various studies of software costs show that while initial investments in application
development (design, coding and testing) can be substantial, they are quickly
surpassed by the recurring cost of code maintenance (changing and improving
the code). Studies have shown that over a life cycle of six years, the cost
of maintenance is roughly 10 times the original cost of developing and testing
the code. Moreover, the cost of testing is a larger fraction of the overall
cost in the maintenance phase than it is in the new code development phase.
As a result, testing for most maintenance projects has amounted to somewhere
between 50% and 80% of the total project cost. Industry projections that year
2000 project testing will be 50% to 60% of the total project costs are consistent
with the lower range of these studies.
Developing economic models for year 2000 maintenance
Converting virtually every application in an enterprise to year 2000 conformance
is a task unprecedented in any corporation. The portfolio of Cobol business
applications alone, for example, comprises more than 200 billion lines of code
As software industry consultants began to develop economic models to estimate
the cost of year 2000 maintenance in the mid-1990s, they relied heavily on information
about traditional software maintenance. As a result, the assumptions that went
into these models included:
- The strategy used to change the code;
- The amount of change required;
- The quality of the code in the changes; and
- The quality required for putting the code back into production.
It is important to examine each of these assumptions and to calculate the costs
based on the true nature of the renovation approach being used, rather than
on historical methods of calculating the cost of testing.
THE STRATEGY USED TO CHANGE THE CODE. There are
at least two common techniques used to change code to operate correctly in the
year 2000 and beyond. The first, field expansion, expands all year fields from
two digits ("98") to four digits ("1998"). This technique
is the most effective in dealing with all possible year values, but requires
extensive changes to files and databases that currently contain two-digit year
values. Changing both the programs and the data represents not only a larger
risk, but a greater possibility that changes will be done incorrectly.
The second technique, windowing, utilizes the same two-digit fields that exist
in the applications today and that cause the programs to interpret the value
of the year field according to a specified 100-year window. If the window is
specified as 1980 to 2079, for example, a value of "22" will be interpreted
by the program as "2022." A window can be either fixed (always in
the same 100-year range) or sliding (the window moves each year to be a fixed
number of years before and after the current year). This means that in 1998
a sliding window of -18 to +81 would range from 1980 to 2079, while in 1999
it would range from 1981 to 2080.
Windowing is currently the most common change strategy used for renovating
application code. In that context, this
article will show ways to minimize both the time and cost of testing done in
the end-user environment when a windowing strategy is applied.
THE AMOUNT OF CHANGE REQUIRED. The amount of change
required for year 2000-related code renovation is typically determined by measuring
the date density in the programs being renovated. In reviewing published industry
averages, it appears that date density is approximately 6%. In other words,
for every 1,000 lines of code (KLOC), there are, on average, about 60 lines
of code that would either define a date field or perform a calculation on at
least one date field.
For windowing, existing Data Division statements do not need modification.
However, Procedure Division code is modified and some temporary variables are
inserted. Experience in renovating Cobol code has shown that the Procedure Division
is about 50% of the code, or 500 lines per KLOC. Six percent of the Procedure
Division, or 30 lines, involve dates. In reviewing modified code, it appears
that 10% of the lines involving dates, or three lines, require modification
for renovation using windowing .
Modifications that are done manually or with early-generation automated tools
vary widely in the amount of code they add. Some may add as few as eight to
10 lines of code per line modified; others will add as many as 25 to 30 lines
of code per line modified. If we pick a number somewhere in the middle -- 16
lines of code changes per modification, which is not unusual -- and multiply
it by the three lines of Procedure Division code to be changed per KLOC, it
results in 48 lines of code changed per KLOC.
THE QUALITY OF THE CODE IN THE CHANGES. The normal
bug rate for new application development prior to entering unit test ranges
from 30 bugs per KLOC (implying a very good development process) to several
hundred bugs per KLOC (implying a poor development process). A typical error
rate at this stage is 100 bugs per KLOC, which we will use to extrapolate the
bug rates for maintenance code.
Using the statistics on maintenance programming from the book Practical Software
Maintenance by Thomas Pigoski (New York: Wiley Computer Publishing, 1997), it
is estimated that the bug rate in maintenance code (new, deleted and changed
lines of code) is up to 7.5 times the bug rate in new code. This amounts to
750 bugs per KLOC (7.5 x 100 bugs per KLOC). Assuming that maintenance to date-sensitive
code may be less error-prone, we will use half of that rate (375 bugs per KLOC,
or .375 bugs per LOC) for our analysis purposes. The 48 changed lines per KLOC
described above would then result in about 18 bugs per KLOC (48 changed lines
of code per KLOC x 0.375 bugs per changed line of code) for code changes done
manually or using first-generation automated systems. We will examine the differences
in first-generation, second-generation and more advanced automated systems,
as well as their effect on the cost of testing, later in this article.
THE QUALITY REQUIRED FOR PUTTING CODE BACK INTO PRODUCTION.
The final assumption of the industry code model is that a certain number of
bugs are permissible in production software. To date, there are no large software
systems that have proven to be bug-free. Ultimately, this means that code going
into production has residual bugs in it. In the many software projects this
author has studied, the residual bugs in production code encompassed a broad
range (from a low of three bugs per KLOC up to 60 bugs per KLOC, with 30 bugs
per KLOC being normal). It is important to note that residual bugs can be tolerated
because they are in code that deals with rarely seen conditions.
All of the various software-failure models in existence confirm that the time
and cost required to remove a bug during any testing stage increases exponentially
to the time and cost of removing that same bug at a previous stage. The typical
quality level for normal code, 30 bugs per KLOC, will be used as our target
quality level. However, the examples will work at any desired quality level.
Given that the typical quality level of production code is 30 bugs per KLOC
before year 2000 renovation, and that the typical manual renovation process
introduces approximately 18 bugs per KLOC, almost all of the bugs introduced
by renovation must be removed to get the code back to its acceptable (pre-renovation)
quality level. This translates into significant testing on the part of the user.
Achieving "production quality"
The purpose of testing is to ensure that when software goes into production,
the number of residual bugs represent a reasonable risk to the enterprise using
the software. In testing, the cost of identifying and removing bugs is exponentially
higher at each successive testing phase.
Naturally, there are several software testing models. A commonly used testing
model, which does testing in four distinct phases, is described below.
- Unit test is the testing done by an individual programmer prior to testing
a particular code unit with other code units. Bugs internal to that code are
removed, but unit testing is not effective in removing bugs in the code's
interfaces with other code units.
- Component test is the testing of two or more code units done prior to that
code becoming part of a system. Component testing removes bugs in the code's
interfaces with other code units, as well as internally within a code unit.
However, removal of bugs internal to the code unit during component test is
far more costly than removing them during unit test. Additionally, component
test is not effective in removing bugs that span multiple code units.
- System test is the testing of a complete application done prior to production.
It removes bugs in the code-processing data that spans multiple code units,
but is not cost-effective in removing bugs that could have been found in either
unit or component tests.
- Acceptance test is testing that is done by, or on behalf of, the end user
to demonstrate that the code is ready for production. If the system test is
done correctly, the acceptance test should not reveal bugs. Acceptance test
is not part of the bug-finding test process.
In a normal code-development process, where three phases of testing consume
50% of the cost of development, each test phase removes 60% to 80% of the remaining
bugs. For illustration purposes, we will use a 70% removal rate for each phase
of testing (not including acceptance test). Thus, the 18 bugs per KLOC introduced
by a typical manual year 2000 renovation process will be reduced by unit test
to 5.4 bugs, then reduced by component test to 1.6 bugs, and finally reduced
by system test to 0.5 bugs when entering production.
Therefore, the renovated code returned to the customer's environment for acceptance
test will contain the 0.5 year 2000 bugs per KLOC that survived the testing,
plus the residual bugs contained in the original pre-renovation code.
Consequently, industry estimates for the cost of year 2000 testing based on
the experience of conventional software maintenance models will likely be a
good estimate for any year 2000 effort based on manual modification of code.
However, advanced, second-generation automated processes now on the market have
several significant differences that result in a substantially different model
and much lower overall project costs.
Code renovation tools
In the mid-1990s, the need for a more automated approach to handling year 2000
code changes was recognized, and the first generation of automated tools was
developed. First-generation tools rely on text scanning, often using customer-provided
"date seeds," and the code modification is manually assisted. The
person performing the renovation still has to make a decision about whether
to make a change, and what type of change to apply from an extensive library
of changes. While this decreases the amount of time required to make changes,
it does not substantially reduce the likelihood of missing dates or making erroneous
A second generation of more sophisticated code renovation tools became available
that improved the situation. Second-generation tools are characterized by a
rules-based, date-finding process coupled with rules-based modification algorithms.
In second-generation renovation products, date variables are determined not
just by scanning the text, but by a detailed analysis of how the suspect variable
interacts with other classified variables. The best tools are able to analyze
variable interaction across program boundaries (or program edges) as well as
within the program. These second-generation tools use rule algorithms to make
the code changes, reducing the likelihood of an error.
Today, there are advanced second-generation tools available that not only automate
the date-finding and modification steps, but also have the ability to apply
automated testing techniques throughout the renovation process itself. As one
might expect, this will have a tremendous positive effect on the overall cost
of any given renovation project: first, because bugs will be "caught"
sooner (when they are less expensive to fix); and second, because automated
renovation processes, by definition, introduce fewer bugs than manual (or manually
directed) renovation processes.
Yet code quality of an automated "fix" by itself does not address
the business requirements needed to demonstrate due diligence. While an automated
renovation process can reduce the cost of unit, component and system tests,
it cannot eliminate them. When you add automatic testing to automated fixing
the result is a much higher intrinsic quality. Moreover, it demonstrates the
due diligence required to decrease the liabilities as-sociated with year 2000
Not surprisingly, the ability to put fewer bugs "in" and take more
bugs "out" during renovation translates into a reduced need for testing
on the customer's part. In fact, when automated testing occurs throughout the
renovation process -- assuming it is done properly and thoroughly -- the customer's
testing should involve only acceptance-level testing to determine that the renovated
code is production-ready.
By introducing automated testing techniques during the renovation process that
do the work of the unit test, component test and system test, it is possible
to effectively condense the time required for -- and eliminate much of the cost
involved in -- post-renovation testing. So, for those using second-generation
processes to renovate their code, the old adage that "testing is 50% to
60% of total project cost" no longer applies.
Of course, year 2000 solutions on the market today offer widely varying levels
of automation in the renovation process. This means that post-renovation testing
may be minimal (as with advanced second-generation processes that have integrated
automated testing), or it may be the majority of the total project cost (as
with manual processes). Given this disparity, companies should make total project
cost, and not simply code conversion cost, the basis of comparison among potential
year 2000 renovation solutions.