CSCI 260 – Software Design http://www.bowdoin.edu/~allen/courses/cs260/syllabus.html Instructor: Allen Tucker http://www.bowdoin.edu/~allen Background Course overview Course work Course resources References
Background: The Nature of Software...
Software is intangible
Software is easy to reproduce
Cost is in its development
The industry is labor-intensive
Hard to automate
Untrained people can hack something together
Quality problems are hard to notice
Software is easy to modify
Software does not ‘wear out;” it deteriorates over time
in ways not anticipated, thus making it complex
Much software has poor design and is getting worse
Demand for software is high and rising
We are in a perpetual ‘software crisis’
We have to learn to ‘engineer’ software
The Software Crisis:
Only 9% of all software projects are delivered on time and on budget. IEEE Software (April 1998).
E.g., the Ariane 5 disaster 
E.g., "Software Quality Is Still a Work in Progress, Offshore and in the U.S.” Computerworld (Sept 2003)
E.g., “ Why Software is so bad ,” MIT Technology Review, 2002.
E.g., the Therac-25 disaster
The Ariane 5 Disaster 
In 1996, the European Space Agency’s Ariane 5 launcher crashed on take-off: cost = $500 million.
Cause of the crash : failure of the on-board computer system.
Cause of the failure : conversion of 64-bit floating point value (called the horizontal_bias ) to a 16-bit integer produced an arithmetic overflow exception .
This exception was not trapped by the software (the designers had decided that it could not occur).
With “design by contract,” the following line of code could have prevented the disaster:
require horizontal_bias <= Max_horizontal_bias;
The software crisis has many contributors …
The nature of software itself
The software profession
Software is Pervasive
Transportation and Aeronautics
Process Control and Manufacturing
Electronic Commerce and Banking
Software is Complex
Millions of Lines of Code (LOC)
e.g., MS Word ~ 1m LOC
MS NT ~ 10m LOC
a pacemaker ~ 100k LOC
Number of States
e.g., an int has ~ 4.2m states (2 32 values)
a program with 5 int variables has 5x2 32 states
So what about MS Word?
So traditional testing methods can sample only a small fraction of a program’s state space.
Formal methods can provide a complement to testing.
What is Software Engineering?...
The process of solving customers’ problems by the systematic development and evolution of large, high-quality software systems within cost, time and other constraints
Solving customers’ problems
Sometimes the solution is to buy, not build (COTS)
An engineering process (IEEE/ISO standardization of practices)
Large, high quality software systems
Teamwork and co-ordination are required
Cost, time and other constraints
The benefit must outweigh the cost
Underestimation of cost and time have caused many project failures
Elements of a Software Engineering Project (Steps 1-6 = the “software lifecycle”)
Requirements and specifications
Systems engineering: hardware / software mix
Software architecture: Identifying subsystems and their interactions
Detailed design of each subsystem
User interface design
Testing and verification
Types of Software Engineering Projects:
Most projects are evolutionary or maintenance projects, involving work on legacy systems
Few are ‘Green field’ projects, involving entirely new applications
Some projects involve building on a framework or combining existing components.
A framework is an application that is missing some important details .
Benefit from reusing reliable components.
Provide some freedom to innovate as in green field projects
The majority view: mathematical rigor is unimportant in Software Design
Lethbridge : “Relatively little mathematics turns out to be important for software engineers in practice, and it tends to be forgotten.”
…“ If we continue to teach the amount and type of mathematics [that we now teach], we must justify it by other means than saying it is important to a software developer's work.”
Why Include Mathematical Rigor in Software Design?
… We can design more reliable software.
E.g., at Miami University , an elevator scheduling system was designed by 19 teams of students:
Six teams used formal methods and 13 teams used traditional design methods.
All had the same level of mathematics and computer science training.
Six sets of data were used to test the systems.
All the formal methods teams’ solutions executed all six sets of test data correctly.
only 6 of the 13 other teams' solutions did so.
More success stories…
Six software developers  reported that the use of formal methods creates more reliable, efficient, and maintainable code. Two reported a 40% reduction in post-delivery failures compared with traditional methods.
The use of formal methods in a system design  resulted in a failure rate of 0.04 defects per 1000 lines of code , far below the industry average.
The use of formal methods in the design, code proof, and validation phases of a safety-critical system  found 140 faults .
So in this course, we’ll study:
What is software?
What is the traditional software design process, and how can it be improved?
What new tools and techniques are available for software design?
UML – the “universal modeling language”
Design by Contract – a process model
JML – the “Java modeling language”
What benefits do they offer?
What are their drawbacks (costs)?
A study of the software design process, including:
tools for software modeling (UML)
Review logic and proof , and explore their use in software design
Use of formal methods (e.g., preconditions, postconditions, design by contract) for writing software specifications
Use of lab tools (e.g., Eclipse, UML, and JML) to model and implement our software specifications
A software design project to test our understanding of these ideas