Testing the Code
Is 2000 a leap year? It is, but many people, including some programmers, think otherwise. And that's just one reason why a lot of seemingly cleaned-up software code will fail on or after January 1, 2000.
The typical year 2000 (Y2K) remediation effort finds and corrects about 1,000 to 1,500 errors per 100,000 lines of software code, according to IT advisory firm GartnerGroup Inc. But after remediation, anywhere from 10 to 100 errors per 100,000 lines will remain, predicts Gartner. Either some instances of the Millennium Bug will have escaped detection, or the cleanup effort will have introduced new bugs--such as failing to account for February 29, 2000.
This depressing prospect underscores the importance of a methodology known as independent validation and verification, or IV&V. Independent validation and verification relies on a combination of programming, tools, and testing to catch errors introduced or overlooked during Y2K remediation.
One company that invested in an IV&V tool is Pratt & Whitney, the East Hartford, Conn., division of United Technologies Corp. "We finished our Y2K remediation ahead of schedule and on budget, and we're delighted that we have some time to make sure we didn't introduce or overlook some additional problems," says John Watkins, CIO of the jet- engine maker.
Pratt & Whitney is using CodeEyes, from Crystal Systems Solutions Ltd. (www.cry- sys.com). This tool tests remediated Cobol code for date-related errors by simulating execution of the code, line by line. The licensing fee for CodeEyes is 5 to 12 cents per line of legacy code, depending on how much consulting support the vendor provides.
The results so far at Pratt & Whitney? "We ran a pilot of 400 programs, a mix of remediated and unremediated programs," reports Dennis Blanchfield, director of P&W's Y2K program. (The unremediated programs were those in which no date dependencies were found.) "We found that 3 percent of the remediated programs had an additional change required, but no errors were found in the unremediated programs," he says.
Blanchfield notes that all bugs uncovered in testing were minor. In all, P&W will test about 4,500 programs. "We have a [deadline] of the end of June--we have completed 99 percent of our remediation and testing," he says.
BTM Information Services Inc., the IT subsidiary of Bank of TokyoMitsubishi N.A., is using another IV&V tool, TicToc, from Isogon Corp. (www.isogon.com). This tool works with any software and costs from $10,000 to $30,000. It convinces legacy software to accept any desired date as the current date, making it possible to test-run a remediated application on various dates.
"The [Federal Reserve] has very strict guidelines for banks with respect to testing their software in advance to make sure it will work on certain dates," notes William Graber, assistant vice president for BTM Information Services.
Don't Sweat the Small Stuff
Companies that started Y2K remediation too late to meet the 1/1/2000 deadline are focusing on mission-critical applications and contingency planning. Matt Hotle, a GartnerGroup analyst, says there's room for optimism: "If you look at the amount of remediation that most companies are doing, we think 90 percent of remaining errors will be fixable within three days after they're noticed--which is a good thing."
----------------------------------------------- --------------------------------- The Year 2000 Problem
The Millennium Bug isn't just for mainframes. Many desktop machines and network servers are going to have problems on 1/1/2000, too--both hardware and software.
For starters, the bug can affect a PC's BIOS (basic input/output system, which controls the machine's fundamental hardware operations) and real-time clock. The BIOS in older PCs may not be able to automatically correct the wrong year generated by the machine's real-time clock on January 1, 2000.
Several commercial tools are available for testing the BIOS, and a free BIOS tester can be downloaded from the National Software Testing Labs Inc. Web site (www.nstl.com). In some cases, these programs can repair a faulty BIOS.
Detecting bugs in PC software is a tougher problem, but again, a number of tools can come to the rescue. Norton 2000, from Symantec Corp. (www. symantec.com), is an example. This $49.95 tool searches your computer's hard disk for all application software, compares the applications with a database of Y2K-compliant and -noncompliant software, and prepares a report. Norton 2000 also checks spreadsheet files and other data files for problem dates and date references.
Large corporations with many PCs might consider the Year 2000 Network Advisor, a subscription-based service that lists more than 35,000 hardware and software products for desktop, network, and enterprise systems.
The service, which is accessed over the Internet, tracks which products are Y2K compliant, which can (and cannot) be fixed, and what fixes the manufacturer recommends. The Year 2000 Network Advisor is offered by Infoliant Corp. (www.infoliant.com) for a base price of $15,000.
If a PC program isn't Y2K compliant, it can simply be upgraded to a compliant version. That, however, can lead to a falling-domino situation.
"If you upgrade the application, you might need a Microsoft Windows upgrade," points out Debra Jones, director of the year 2000 project office for the state of North Carolina. "And then, do you need more memory and more hard disk space? And do you have to hire labor to do this upgrade for 20,000 workstations, because your internal staff can't do it?"
Collectively, North Carolina's various agencies operate about 100,000 PCs. Jones says that the state is running what-if scenarios to determine whether it's more cost-effective to upgrade older machines or to replace them. The state is using two tools for BIOS testing and PC compliance: Check 2000, from Greenwich Mean TimeUTA, LC (www.check-2000.com); and the TF2000 Millennium Software Package, which is sold by Boxware Inc. (www.boxware inc.com).
Test results indicate that about 2 percent of the state's PCs, all manufactured prior to 1995, have a non-Y2K-compliant BIOS that can't be repaired. These machines have to be replaced, says Jones, at an estimated average cost of $1,800.
Meanwhile, North Carolina is using the Y2K problem as an opportunity to improve IT planning. Agencies, on a voluntary basis, will use Asset Insight, from Tangram Enterprise Solutions Inc. (www.tangram.com). Asset Insight is an asset management tool that tracks an organization's PCs and servers, including hardware configurations and installed software. It costs $30 to $50 per seat, depending on the VAR and the service provided.
"By tracking the configurations and the top applications that are used across the state, we'll be able to leverage economies of scale to do volume purchases," says Jones. "Especially now, when a number of agencies need to upgrade or replace both their computers and their applications because of the Y2K problem."
----------------------------------------------- --------------------------------- Dangerous Dates
January 1, 2000 isn't the only date that can wreak havoc on a legacy software application. Here are other dates to watch out for:
July 1, 1999
Start of fiscal year 2000 for many state governments.
August 21, 1999
Start of the year 2000 for any software that uses the Global Positioning System satellites.
September 9, 1999
Date used by many programmers in the 1960s and 1970s as a signal to indicate the last record in a file.
October 1, 1999
Start of fiscal year 2000 for the federal government.
February 29, 2000
Some programmers don't know that 2000 is a leap year.