cse p503
play

CSE P503: Requirements and Specifications or Principles of You - PowerPoint PPT Presentation

Mar 16, 2023 •249 likes •932 views

CSE P503: Requirements and Specifications or Principles of You can't always get what you want Software But if you try sometime, yeah, Engineering You just might find you get what you need! --Jagger & Richards David Notkin When I

  1. CSE P503: Requirements and Specifications … or Principles of You can't always get what you want Software But if you try sometime, yeah, Engineering You just might find you get what you need! --Jagger & Richards David Notkin When I want to know what France thinks, I ask myself. --de Gaulle Autumn 2007 If you don’t know where you’re going, it doesn’t matter how you get there. --Anonymous

  2. Tonight: an experiment • A few interludes on questions and concerns that have been raised by the one-minute papers, email, etc. • What is an engineer? • An empirical software engineering research result • A cool tool David Notkin ● Autumn 2007 UW CSE P503 2

  3. Requirements & specification • More software systems fail because they don’t meet the needs of their users than because they aren’t implemented properly • Boehm – Verification: Did we build the system right? – Validation: Did we build the right system? David Notkin ● Autumn 2007 UW CSE P503 3

  4. Our plan of attack: this week • An overview of the key problems in requirements and specification • A brief history in proving programs correct – An expected panacea for software that didn’t pan out – But has provided some benefits – Is a basis for model-based specifications (below) • A look at formal specifications, with a focus on two forms – Model-based specifications (Z) – Overview of state machine based specifications David Notkin ● Autumn 2007 UW CSE P503 4

  5. Our plan of attack: next week • Analysis of state machine based specifications (model checking) • A brief overview of requirements engineering issues • MAYBE: Michael Jackson on video: ―The World and the Machine‖ David Notkin ● Autumn 2007 UW CSE P503 5

  6. Non-functional requirements • We’re simply going to ignore non -functional requirements – Performance, ease of change, etc. • I’m not proud of this, but there is relatively little known about this issue – Worthwhile concrete discussion: should an interface’s specification (documentation) specify the performance of the operations? • Pro: Sure, it’s a key property (and people will find it out anyway) • Con: No way, since I’m supposed to be able to change an implementation as long as it behaves the same • Topic worthy of a research paper David Notkin ● Autumn 2007 UW CSE P503 6

  7. Dogs and shoes  x  (OnEscalator(x)   y  (PairOfShoes(y)  IsWearing(x,y))  x  ((OnEscalator(x)  IsDog(x))  IsCarried(x) • Do dogs have to wear shoes? – What are the types of the variables? • What are dogs? What does it mean to wear shoes? – Designation: ―a recognition rule for recognizing some class of phenomenon that you could observe in a domain.‖ [M. Jackson] • Why do the formalizations say ―dogs are carried‖ and ―shoes are worn‖ while the signs say ―must be‖? – The formalizations are in the indicative mood: statements of fact – The signs are in the optative mood: statements of desire – Separating facts from desired behavior can reduce confusion David Notkin ● Autumn 2007 UW CSE P503 7

  8. Calvin and Hobbes: on designations • ―Explain Newton’s First Law of Motion in your own words.‖ … ―I love loopholes!‖ David Notkin ● Autumn 2007 UW CSE P503 8

  9. Pick your poison • Specification languages that are ―closer‖ to the user decrease the change of building the wrong system – But increase the chance of building the system wrong • And specification languages that are ―closer‖ to the program Specification do the opposite • Why might you pick one over the other? Program David Notkin ● Autumn 2007 UW CSE P503 9

  10. Formalism • In the mid- 1960’s, there was a set of software research — today we call it programming methodology — that was intended (in my view) to solve two problems – Decrease ambiguity through the use of mathematics to specify programs – Allow us to prove programs correct by showing that a program satisfies a formal specification • Turing Awards in this area include: Dijkstra (1972), Floyd (1978), Hoare (1980), Wirth (1984), Milner (1991), Pnueli (1996) David Notkin ● Autumn 2007 UW CSE P503 10

  11. Don’t be confused… • I don’t believe that this is a practical approach in most situations – It may be applicable in some situations • But it’s a useful basis for some other work – And the historical context is important – And the technical material is of value David Notkin ● Autumn 2007 UW CSE P503 11

  12. Interlude: what is engineering? Merriam-Webster National Academy of Engineering “2 a: the application of “Engineering has been science and mathematics by defined in many ways. It is which the properties of often referred to as the matter and the sources of „application of science‟ energy in nature are made because engineers take useful to people b: the abstract ideas and build design and manufacture of tangible products from complex products them. Another definition is <software engineering >” „design under constraint,‟ because to „engineer‟ a product means to construct it in such a way that it will do exactly what you want it to, without any unexpected consequences.” David Notkin ● Autumn 2007 UW CSE P503 12

  13. ―Engineer‖ • The title ―engineer‖ is controlled by countries and, within the U.S., by states, in various ways • In the U.S., with some differences between states, Professional Engineers are registered or licensed, based on – a degree from an accredited four-year university engineering program – passing a standard Fundamentals of Engineering (FE) test on basic engineering principles – gaining engineering experience, of about four years, under the supervision of a Professional Engineer – passing the Principles and Practice in Engineering (PE) test in a specific engineering discipline (plus engineering ethics) • A Professional Engineer is authorized to "stamp" engineering documents for a studies, designs, etc. – This formally takes legal responsibility • Some states license per discipline, others in general, but… David Notkin ● Autumn 2007 UW CSE P503 13

  14. Software engineer • Some states protect all ―engineer‖ titles, some only ―Professional Engineer‖ • Washington State RCW 18.43.010 “In order to safeguard life, health, and property, and to promote the public welfare, any person in either public or private capacity practicing or offering to practice engineering or land surveying, shall hereafter be required to submit evidence that he is qualified so to practice and shall be registered as hereinafter provided; and it shall be unlawful for any person to practice or to offer to practice in this state, engineering or land surveying, as defined in the provisions of this chapter, or to use in connection with his name or otherwise assume, use, or advertise any title or description tending to convey the impression that he is a professional engineer or a land surveyor, unless such a person has been duly registered under the provisions of this chapter.” • Texas is the only state that requires, under some conditions, software engineers to be licensed – About two years ago there were 50,513 licensed professional engineers in Texas (some inactive) – Of those only 60 are primarily in software engineering, about .1% of the total – and of those, a fifth are in universities David Notkin ● Autumn 2007 UW CSE P503 14

  15. Basics of program correctness • In a logic, write down (this is often called the specification) – the effect of the computation that the program is required to perform (the postcondition Q ) – any constraints on the input environment to allow this computation (the precondition P ) • Associate precise (logical) meaning to each construct in the programming language (this is done per-language, not per- program) • Reason (usually backwards) that the logical conditions are satisfied by the program S • A Hoare triple is a predicate {P}S{Q} that is true whenever P holds and the execution of S guarantees that Q holds David Notkin ● Autumn 2007 UW CSE P503 15

  16. Examples • {true} y := x * x; {y >= 0} • {x <> 0} y := x * x; {y > 0} • {x > 0} x := x + 1; {x > 1} David Notkin ● Autumn 2007 UW CSE P503 16

  17. More examples • {x = k} if (x < 0) x := -x endif; { ? } • { ? } x := 3; { x = 8 } David Notkin ● Autumn 2007 UW CSE P503 17

  18. Strongest postconditions [example from Aldrich and perhaps from Leino] The following are all valid Hoare triples • {x = 5} x := x * 2 { true } • {x = 5} x := x * 2 { x > 0 } • {x = 5} x := x * 2 { x = 10 || x = 5 } • {x = 5} x := x * 2 { x = 10 } • Which is the most useful, interesting, valuable? Why? David Notkin ● Autumn 2007 UW CSE P503 18

  19. Weakest preconditions [example from Aldrich and perhaps from Leino] Here are a number of valid Hoare Triples • {x = 5 && y = 10} z := x / y { z < 1 } • {x < y && y > 0} z := x / y { z < 1 } • {y ≠ 0 && x / y < 1} z := x / y { z < 1 } • The last one is the most useful because it allows us to invoke the program in the most general condition • It is called the weakest precondition, wp(S,Q) of S with respect to Q – If {P} S {Q} and for all P’ such that {P’} P’ ⇒ P , then P is wp(S,Q) David Notkin ● Autumn 2007 UW CSE P503 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE P503: Requirements and Specifications or Principles of Man is the only animal whose

CSE P503: Requirements and Specifications or Principles of Man is the only animal whose

CSE P503: Requirements and Specifications or Principles of Man is the only animal whose desires increase as Software they are fed; the only animal that is never satisfied. --Henry George Engineering The designer of a new kind of system

776 views • 61 slides
CSE P503: Evolution Principles of There is in the worst of fortune the best of Software

CSE P503: Evolution Principles of There is in the worst of fortune the best of Software

CSE P503: Evolution Principles of There is in the worst of fortune the best of Software chances for a happy change. --Euripides Engineering He who cannot dance will say, The drum is bad --Ashanti proverb David Notkin The ruling power

1.45k views • 119 slides
CSE P503: Principles of Where do architects and designers get their ideas? The answer, of

CSE P503: Principles of Where do architects and designers get their ideas? The answer, of

Design CSE P503: Principles of Where do architects and designers get their ideas? The answer, of course, is mainly from other architects Software and designers, so is it mere casuistry to distinguish between tradition and plagiarism?

1.04k views • 76 slides
CSE P503: Principles of Shoes must Software be worn Engineering David Notkin Autumn 2007

CSE P503: Principles of Shoes must Software be worn Engineering David Notkin Autumn 2007

CSE P503: Principles of Shoes must Software be worn Engineering David Notkin Autumn 2007 Dogs must be carried [Example from Michael Jackson] Principle 0: Establish communication Tommy, can you hear me? Do you copy? Can you hear me

999 views • 62 slides
Local Nontermination Detection for Parallel C++ Programs Vladimr till Ji Barnat Masaryk

Local Nontermination Detection for Parallel C++ Programs Vladimr till Ji Barnat Masaryk

Local Nontermination Detection for Parallel C++ Programs Vladimr till Ji Barnat Masaryk University Brno, Czech Republic 20th Septempler 2019 Motivation Would you trust a program which was verified, but not tested? 1 / 14

583 views • 45 slides
ACP System Description for CoCo 2014 Takahito Aoto and Yoshihito Toyama (Tohoku University) ACP

ACP System Description for CoCo 2014 Takahito Aoto and Yoshihito Toyama (Tohoku University) ACP

ACP System Description for CoCo 2014 Takahito Aoto and Yoshihito Toyama (Tohoku University) ACP (Automated Confluence Prover) A confluence tool for first-order TRSs developed in Toyama-Aoto group in Tohoku University Written in Standard

338 views • 7 slides
Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell

Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell

Mining Algorithms for New Applications: the case of Depth-First Search Sanjoy Dasgupta Russell Impagliazzo Ragesh Jaiswal Credit: Some of todays slides are due to Miles Jones CSE 101, Spring 2020, Week 2 Algorithm Mining Algorithms

866 views • 73 slides
The Snapshot Algorithm Two rules: Marker sending Rule Marker receiving rule The thing to

The Snapshot Algorithm Two rules: Marker sending Rule Marker receiving rule The thing to

The Snapshot Algorithm Two rules: Marker sending Rule Marker receiving rule The thing to remember is that the algorithm is channel based. The idea is to record the state of all the channels in the system as well as the states of the

518 views • 8 slides
r tr r rt t

r tr r rt t

r tr r rt t r r rt Ptr r

585 views • 33 slides
Confluence up to Garbage 13th International Conference on Graph Transformation Graham Campbell

Confluence up to Garbage 13th International Conference on Graph Transformation Graham Campbell

Introduction Confluence up to Garbage Putting Everything Together Confluence up to Garbage 13th International Conference on Graph Transformation Graham Campbell Detlef Plump School of Mathematics, Statistics and Department of Computer

385 views • 37 slides
American Mobility and the Expansion of Schools and Public Education Mobility over the 20th

American Mobility and the Expansion of Schools and Public Education Mobility over the 20th

American Mobility and the Expansion of Public Education John Parman, Northwestern University Introduction American Mobility and the Expansion of Schools and Public Education Mobility over the 20th century Constructing the Dataset John

610 views • 39 slides
Typing and ML Typing and ML A name for a set of values and some operations which can be

Typing and ML Typing and ML A name for a set of values and some operations which can be

Typing Typing Typing and ML Typing and ML A name for a set of values and some operations which can be performed on that set of values. CSC324 A collection of computational entities that share some common property. Winter 2007

412 views • 9 slides
In tro duction to F unctional Programming: Lecture 3 1 In tro duction to F unctional

In tro duction to F unctional Programming: Lecture 3 1 In tro duction to F unctional

In tro duction to F unctional Programming: Lecture 3 1 In tro duction to F unctional Programming John Harrison Univ ersit y of Cam bridge Lecture 3 ML's t yp e system T opics co v ered: Wh y t yp es?

174 views • 15 slides
in Programming Languages (1) http://www4.in.t um .d e/l eh re /v orl es un ge n/t yp

in Programming Languages (1) http://www4.in.t um .d e/l eh re /v orl es un ge n/t yp

T yp es in Programming Languages (1) http://www4.in.t um .d e/l eh re /v orl es un ge n/t yp es /WS 06 07 / Christian Urban Wednesdays 10.15 11.45, Zuse Munich, 18. October 2006 p.1 (1/1) Quotes Robin Milner in

1.12k views • 58 slides
Compiling Techniques Lecture 9: Semantic Analysis: Types Christophe Dubach 10 October 2017

Compiling Techniques Lecture 9: Semantic Analysis: Types Christophe Dubach 10 October 2017

Type Systems Inference Rules Implementation Compiling Techniques Lecture 9: Semantic Analysis: Types Christophe Dubach 10 October 2017 Christophe Dubach Compiling Techniques Type Systems Inference Rules Implementation Table of contents 1

640 views • 32 slides
INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types

INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types

INF5110 Compiler Construction Types and type checking Spring 2016 1 / 43 Outline 1. Types and type checking Intro Various types and their representation Equality of types Type checking 2 / 43 Outline 1. Types and type checking Intro

1.11k views • 43 slides
All Aboard the Type Train All Aboard the Type Train Kadi Kraman Kadi Kraman @kadikraman

All Aboard the Type Train All Aboard the Type Train Kadi Kraman Kadi Kraman @kadikraman

All Aboard the Type Train All Aboard the Type Train Kadi Kraman Kadi Kraman @kadikraman Formidable Why this talk? Why this talk? Why add types to JavaScript? Why add types to JavaScript? Should you use Flow or TypeScript? Should you use

323 views • 21 slides
Making Strongly-typed NETCONF Usable Ryan Goulding Colin Dixon The goals of YANG Strongly

Making Strongly-typed NETCONF Usable Ryan Goulding Colin Dixon The goals of YANG Strongly

Making Strongly-typed NETCONF Usable Ryan Goulding Colin Dixon The goals of YANG Strongly typed Machine consumable (Automatically) Catch errors early tl;dr Standard libraries should do lots of the work (serialization,

394 views • 26 slides
Architecting Social: Supporting the Exploration of Socio-Technical Dependencies through an

Architecting Social: Supporting the Exploration of Socio-Technical Dependencies through an

Architecting Social: Supporting the Exploration of Socio-Technical Dependencies through an Architectural Lens John Georgas 1 Team Collaborative effort Anita Sarma, Adithya Relangi (University of Nebraska, Lincoln) 2 Context Software

252 views • 12 slides
Getting to Know Scala Getting to Know Scala for Data Science for Data Science @TheTomFlaherty

Getting to Know Scala Getting to Know Scala for Data Science for Data Science @TheTomFlaherty

Getting to Know Scala Getting to Know Scala for Data Science for Data Science @TheTomFlaherty Bio: Bio: I have been a Chief Architect for 20 years, where I fi rst become enamored by Scala in 2006. I wrote a symbolic math application in Scala

613 views • 36 slides
Programming Language Concepts Principles of Programming Languages Colorado School of Mines

Programming Language Concepts Principles of Programming Languages Colorado School of Mines

Programming Language Concepts Principles of Programming Languages Colorado School of Mines https://lambda.mines.edu CSCI-400 explanation for how 2 or , create a great member is showing? of code your group the problem for a piece better way

1.01k views • 34 slides
Hi, my name is Lcio Ferro Good Morning. Thank you for being here. Im here today to tell you

Hi, my name is Lcio Ferro Good Morning. Thank you for being here. Im here today to tell you

Hi, my name is Lcio Ferro Good Morning. Thank you for being here. Im here today to tell you a story, how to bring software development to a wider audience. 1 But le me start by presenting myself Im one of the OutSystems founders,

409 views • 26 slides
Programming Language Concepts: Lecture 19 Madhavan Mukund Chennai Mathematical Institute

Programming Language Concepts: Lecture 19 Madhavan Mukund Chennai Mathematical Institute

Programming Language Concepts: Lecture 19 Madhavan Mukund Chennai Mathematical Institute madhavan@cmi.ac.in http://www.cmi.ac.in/~madhavan/courses/pl2009 PLC 2009, Lecture 19, 01 April 2009 Adding types to -calculus The basic

946 views • 79 slides
Digital Objects the core of the complex Data Market Peter Wittenburg Max Planck Computing

Digital Objects the core of the complex Data Market Peter Wittenburg Max Planck Computing

Digital Objects the core of the complex Data Market Peter Wittenburg Max Planck Computing &amp; Data Facility RDA Europe/Germany 1. Digital Objects 2. Complex Data Market for sharing/trading 3. Persistent Identifiers Wh Why th this

523 views • 19 slides

More recommend