1CS 580: Software SpecificationsCourse OverviewSlides originally Copyright 2001, Matt Dwyer, John Hatcliff, and Rod Howell. The syllabus and all lectures for this course are copyrighted materials and may not be used in other course settings outside of Kansas State University in their current form or modified form without the express written permission of one of the copyright holders. During this course, students are prohibited from selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of one of the copyright holders. Used with permission and altered by Robert Stehwien2Introduction Why software specification useful Why more important in future• Testing, Validation, and Verification Different topics• Formal methods defined• Alloy• UML and OCL• Test Driven Development• Design Patterns• Mini-Topics3Software is ...One of the most complex man made artifacts Phone system Sky Scrapers Planes Ships Bridges Space shipsMillions of interacting components… Now add software to them24Traditional Engineering:Bridge Building Look at (long) history of bridges There are 5-10 basic bridge designs Pick basic design (class) based on• Load• Site• Physical constraints Customize bridge for specific needs (instantiate)5Software Engineering Can reuse code Only now uncovering basic building blocks• Patterns• Architecture• User interaction usability Don’t reuse effort in architecture Not invented here syndrome6Software is ...One of the most complex man made artifacts“I believe the [spreadsheet product] I’m working on now is far more complex than a 747 (jumbo jet airliner)”-- Chris Peters (Microsoft, 1992)“It’s different [from other engineering disciplines] in that we take on novel tasks every time. The number of times [civil engineers] make mistakes is very small. And at first you think, what’s wrong with us? It’s because it’s like we’re building the first skyscraper every time.”-- Bill Gates (Microsoft, 1992)37How complex is software? Microsoft Word – 1 million lines of code Microsoft NT operational – 16 million lines of code• +9 million for lines for testing Pacemakers – 100 thousand lines of code• Control heart rate by adjusting stimuli• Record data for diagnosis8Measuring Software Complexity Lines of code not that accurate Each line could• Change value of data• Introduce new data• Be run multiple times Number of possible states a better measure of complexity9States >> SLOC The size of a system is sometimes more accurately expressed using a semantic point of view• the number of different states a system can reach• … an integer has 4.2 billion possible values• … an object with 2 ints and a boolean field has 40 thousand quadrillion values How about Windows?• Queues, Buffers, Locks, Handles, Threads of control410Software is…Critical to modern life Process Control (oil, gas, water, …) Transportation (air traffic control, …) Health Care (patient monitoring, device control …) Finance (automatic trading, bank security …) Defense (intelligence, weapons control, …) Manufacturing (precision milling, assembly, …)Failing software costs money and lives!11Failing Software Costs Money Thousands of dollars for each minute of factory down-time Huge losses of monetary and intellectual investment• Rocket boost failure (e.g., Arianne 5 lost billions) Business failures associated with buggy software (Ashton-Tate dBase)12Failing Software Costs Lives Potential problems are obvious:• Software used to control nuclear power plants• Air-traffic control systems• Spacecraft launch vehicle control• …. A well-known and tragic example• Therac-25 radiation machine failures513Therac-25 Radiation machine Old system had hardware interlocks Mechanical system ensured radiation door could not be opened until dosage set Replaced with software interlocks Race condition such that before dosage was set, the door could open Resulted in several deaths and injuries Could more rigorous software development practices prevented this?14Software is ...Becoming the dominant component of society’s infrastructureIn the Future… Everything will be monitored/controlled• networked watches, clothes, …• autonomous vehicles, intelligent highways, …• virtual X rather than physical X These systems may not have manual backup• Replaced with software and unjustified confidence• no workarounds for y2k-like problems A failure that only occurs in one million runs can still happen often if run enough Failures will be very costly and dangerous15Priorities are changing …From: Bill Gates Sent: Tuesday, January 15, 2002 2:22 PM To: Microsoft and Subsidiaries: All FTE Subject: Trustworthy computing …Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony. …In the past, we've made our software and services more compelling for users by adding new features and functionality…We've done a terrific job at that, but all those great features won't matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security. …These principles should apply at every stage of the development cycle of every kind of software we create…Bill616Software is ...What you will be building You’ll be developing systems in 2020+• in the context we just mentioned Given the importance of software• you may be regulated, licensed• you may be liable for errors• your job may depend on your ability to produce reliable systems17Software Development CycleRequirementsAnalysisDesignCode andUnit TestSubsystemTestSystemTestWaterfall Model18Agile/Rigorous/Iterative DevelopmentPlanningDeploymentRequirementsImplementationEvaluationTestingDesign719Current Software Development Methods Are Insufficient Testing Systematic Inspections Rigorous/Agile development processes20Testing Samples execution behavior but misses some Massive number of possible states• Complex interaction with environment (GUI)• Multiple Concurrent Executions (Embedded Controls) Hard to partition possible input Difficult to cover thoroughly21Systematic Inspections Software inspection• Team follow defined formula to