i would like to know
play

I would like to know (empirically) Bertrand Meyer (SEAFOOD) - PowerPoint PPT Presentation

Nov 25, 2022 •209 likes •904 views

Two or three things I would like to know (empirically) Bertrand Meyer (SEAFOOD) - , 2010 Chair of Software Engineering 2 Supplementary topics Experiences in industry

  1. Two or three things I would like to know (empirically) Bertrand Meyer Конференция Сифуд (SEAFOOD) Санкт - Петербург, Июнь 2010 Chair of Software Engineering

  2. 2

  3. Supplementary topics  Experiences in industry and academic distributed development  Verification research at ETH Zurich 3

  4. Great ideas Structured programming Object-oriented programming Design by Contract Object-oriented analysis How do we know Seamless development they work? Test-driven development Model-driven architecture UML Use cases Pair programming Refactoring Scrum Aspect-oriented programming 4

  5. The Marco Polo principle (R. Lister) “I traveled far and saw wonderful things” 5

  6. Example statement (Dijkstra, 1968) “ For a number of years I have been familiar with the observation that the quality of programmers is a decreasing function of the density of go to statements in the programs they produce. More recently I discovered why the use of the go to statement has such disastrous effects, and I became convinced that the go to statement should be abolished from all “higher level” programming languages (i.e. everything except, perhaps, plain machine code). At that time I did not attach too much importance to this discovery; I now submit my considerations for publication because in very recent discussions in which the subject turned up, I have been urged to do so. ” 6

  7. Another example: the Agile manifesto 7

  8. How the rest of the world views software Software (IEC 62304): LIKELIHOOD = 100% ISO 14971 (medical devices): Risk = f ( LIKELIHOOD , Severity ) Source: C. Gerber, Stryker Navigation 8

  9. What the field needs Two complementary views:  Deductive: “ Try my approach! ”  Inductive: “ I tried this and it  Worked!  Didn’t work!” Cf physics:  Theoretical  Experimental 9

  10. A horror story Semicolon as:  Separator (Algol): p ; q ; r -- As in: f ( x, y, z )  Terminator (C): Wrong! p ; q; r ;  Syntax errors only  PL/I-trained programmers Why do Ada, C++, Java, C#...  In separator language, use terminator convention? extra semicolon is error! Answer: Gannon & Horning, Language Design for Programming Reliability , IEEE Trans. on S.E., June 1975 Experiment: programmers in language with terminator convention make fewer mistakes 10

  11. The mistakes that happen in practice ; while (e) a if (e) then a else ; b 11

  12. A horror story Semicolon as:  Separator (Algol): p ; q ; r -- As in: f ( x, y, z )  Terminator (C): Wrong! p ; q; r ;  Syntax errors only  PL/I-trained programmers Why do Ada, C++, Java, C#...  In separator language, use terminator convention? extra semicolon is error! Answer: Gannon & Horning, Language Design for Programming Reliability , IEEE Trans. on S.E., June 1975 Experiment: programmers in language with terminator convention make fewer mistakes 12

  13. Empirical software engineering Advocated for many years by such people as Barry Boehm, Vic Basili, Watts Humphrey, Walter Tichy, Andreas Zeller, … Aim: subject software engineering claims to rigorous experimental evaluation Many more papers recently: ICSE, ESEC, ESEM 13

  14. By the way… http://se.ethz.ch/laser 14

  15. Early empirical papers Industry: not reproducible University: not credible 15

  16. What has changed In the past ten years, the availability of large open-source project repositories has provided empirical software engineering researchers with a wealth of objective material that makes verifiable, repeatable analyses possible Some commercial software has also become available for examination, e.g. from Microsoft 16

  17. Simple sample questions 1. Do novice programmers produce more bugs (in Eclipse)? (Andreas Zeller) 2. Are more tested modules less bug-ridden? 3. Are goto-rich modules more bug-prone (in Eclipse)? (Andreas Zeller) 17

  18. Empirical SE papers, today Better than they used to be, but:  Often very disappointing, e.g. many studies ask people what they think instead of using objective measures  “ Threats to Validity ” section kills generalization 18

  19. Sample open questions: pair programming 1. Does it lead to fewer bugs? 2. Does it lead to shorter debugging times? 3. Are there good programmers who will not adapt to it? 4. Should it be applied throughout the programming phase? 5. Should it be applied to other tasks, e.g. pair specifying, pair testing? 6. Are there useful variants, e.g. programmer-tester pairing? 19

  20. Sample open questions: nominal values Cost Boehm (1981): • Nominal time • Nominal cost • Absolute limits Time 20

  21. Sample open questions: refactoring What is better:  Design?  Refactoring?  Some combination? 21

  22. Sample open questions: tests vs specs What works better:  Extensive specifications?  A test-driven process?  Some combination? 22

  23. Sample question: RTC vs CTR Commit strategies:  Review Then Commit (Google, original Apache)  Commit To Review (Apache) See Rigby, German, Storey, Open Source Software Peer Review Practices: A Case Study of the Apache Server , ICSE 2008, but need studies on other projects and correlation with software quality measures! 23

  24. Sample open question: complexity measures Which measures correlate best to quality indicators?  SLOC  Function points  Specific O-O metrics  McCabe etc. 24

  25. Sample open question: testing When should we stop testing? 25

  26. Conditions for progress Better refereeing process  Experimental work acceptable  Reproducibility papers acceptable  “No surprise” dismissal not valid Openness  All code and data available on Web  All assumptions disclosed Reproducibility No exaggerated “Threats to Validity” excuses 26

  27. A plan Select ten questions Assemble panel of experts Publicize questions, invite answers Publication date: July 2010 (TOOLS) Submission date: February 2011 Workshop: July 2011 (TOOLS) 27

  28. Supplementary topics  Experiences in industry and academic distributed development  Verification research at ETH Zurich 28

  29. Verification research at ETH Zurich 29

  30. Our verification research Automatic testing: AutoTest  Manual testing (called “automatic testing” elsewhere, e.g. Junit)  Test generation  No manual test suites or test cases  No oracles (they come from the existing contracts)  Push-button  Test extraction: generate reproducible test cases from failures Automatic bug fixing: AutoFix Full specifications: EiffelBase 2 Proofs: Hoare-based Proofs: Object-oriented programs (the alias calculus) Proofs: Separation logic Proofs and tests: concurrency (SCOOP) 30

  31. VAMOC: Verification As A Matter Of Course Boogie Sep. logic Interactive AutoFix prover prover prover Arbiter Programmer Suggestions Test EVE (IDE) execution Test case generation Suggestions AutoTest Test results

  32. Not shown but important  Invariant generation (Carlo Furia)  Full contracts (Nadia Polikarpova)  Proof transformation (Martin Nordio)  Fix suggestions (Yi Wei, Yu Pei, joint work with Andreas Zeller)

  33. What makes it all possible Contracts throughout Try our techniques:  http://eiffel.com  http://se.ethz.ch 33

  34. Experiences in academic & industry software development 34

  35. Distributed Software Development Two case studies, lessons and challenges:  Industry: experience with distributed development at Eiffel Software  Academia: the distributed course project (DOSE) at ETH Zurich 35

  36. EiffelStudio development Eiffel Software, in Santa Barbara (Calif.), since 1985 Two-million line code base (almost all Eiffel, a bit of C) Major industry customers, mission-critical applications Open-source license, same code, vigilant user community 6-month release schedule since 2006 My role: more active in past two years Developer group ecosystem:  Small group (core is about 10 people)  Most young (25-35)  Highly skilled  Know Eiffel,O-O, Design by Contract  Strong company culture, shared values  Know environment, can work on many aspects  Distributed  Mostly, we live in a glass house 36

  37. Principle Every team needs a regular meeting Our solution: the weekly one-hour meeting Replaced a SB-only meeting (every Friday, until 2005) 37

  38. How do we organize a meeting? Santa Barbara: Shanghai: 23:00 8 AM Moscow:19:00 Zurich:17:00 France:17:00 38

  39. Meeting tools: now Webex for conference call management (Used X-Lite, gave up) Google Docs Wiki site (http://dev.eiffel.com) Skype: chat window only 39

  40. Meeting properties Top goal: ensure that we meet the release deadline Tasks: check progress, identify problem, discuss questions of general interest Not a substitute for other forms of communication Humans can multiplex! Time is strictly limited: one hour 40

  41. 41

  42. Principles Scripta manent: Organize meetings around shared documents 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mohamed Thahir Traditional and Open Relation Extraction Read the Web Relation Extraction

Mohamed Thahir Traditional and Open Relation Extraction Read the Web Relation Extraction

Mohamed Thahir Traditional and Open Relation Extraction Read the Web Relation Extraction Experimental Results Coupled learning of Predicates Challenges and ongoing work A relation is instantiated with a set of manually

550 views • 27 slides
August 4, 1997: Skynet goes online August 29, 1997, 2:14am ET: Skynet gains consciousness

August 4, 1997: Skynet goes online August 29, 1997, 2:14am ET: Skynet gains consciousness

August 4, 1997: Skynet goes online August 29, 1997, 2:14am ET: Skynet gains consciousness August 29, 1997: Judgement Day Terminator (1984) What features does T-800 have? What features does T-800 have? Vision/Perception

747 views • 62 slides
OpenSSLNTRU: experiences integrating a post-quantum KEM into TLS 1.3 via an OpenSSL ENGINE

OpenSSLNTRU: experiences integrating a post-quantum KEM into TLS 1.3 via an OpenSSL ENGINE

OpenSSLNTRU: experiences integrating a post-quantum KEM into TLS 1.3 via an OpenSSL ENGINE Speaker: Daniel J. Bernstein Joint work with: Billy Bob Brumley, Ming-Shing Chen ( libsntrup761 leader), Nicola Tuveri ( engntru leader)

509 views • 9 slides
Using Local Neighborhoods to Find Subspace Clusters Emin Aksehirli with Bart Goethals, Emmanuel

Using Local Neighborhoods to Find Subspace Clusters Emin Aksehirli with Bart Goethals, Emmanuel

Using Local Neighborhoods to Find Subspace Clusters Emin Aksehirli with Bart Goethals, Emmanuel Mller and Jilles Vreeken High Dimensional Data ? 2 High Dimensional Data 3 High Dimensional Data 4 High Dimensional

690 views • 34 slides
CN Computer Networks Research Group G R Department of Computer Science University of New

CN Computer Networks Research Group G R Department of Computer Science University of New

Closed-Form Expression for the Collision Probability in the IEEE EPON Registration Scheme Swapnil Bhatia (with Dr. Radim Barto s) CN Computer Networks Research Group G R Department of Computer Science University of New Hampshire This

1.06k views • 29 slides
Input/Output Streams Marco Chiarandini Department of Mathematics & Computer Science

Input/Output Streams Marco Chiarandini Department of Mathematics & Computer Science

DM560 Introduction to Programming in C++ Input/Output Streams Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark [ Based on slides by Bjarne Stroustrup ] Outline 1. Input and Output Streams 2.

609 views • 36 slides
Imperative Programming Exercises 12.1 Compile-time complexity is a minor issue. In the case

Imperative Programming Exercises 12.1 Compile-time complexity is a minor issue. In the case

12 Imperative Programming Exercises 12.1 Compile-time complexity is a minor issue. In the case insensitive case, the Lexer can map all upper case letters into lower case. The rest of the compiler then remains ignorant of the issue. Having case

406 views • 6 slides
Enforcing constraints using Correla1on Clustering CompSci 590.03

Enforcing constraints using Correla1on Clustering CompSci 590.03

Enforcing constraints using Correla1on Clustering CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 20 : 590.02 Spring 13 1 Summary of Hash-based

704 views • 33 slides
Chris Murphy Ryan Overbeck Lauren Wilcox Joeng Kim Introduction

Chris Murphy Ryan Overbeck Lauren Wilcox Joeng Kim Introduction

Chris Murphy Ryan Overbeck Lauren Wilcox Joeng Kim Introduction AWK What is MOHAWK? A programming language for processing tabular data from text files Largely based on AWK Runtime Architecture

476 views • 14 slides
Input/Output Streams Based on materials by Bjarne Stroustrup

Input/Output Streams Based on materials by Bjarne Stroustrup

Input/Output Streams Based on materials by Bjarne Stroustrup www.stroustrup.com/Programming Overview n Fundamental I/O concepts n Files n Opening n Reading and wri>ng

1.03k views • 59 slides
Models and Algorithms for Programmable Matter Christian Scheideler Joint work with Theory of

Models and Algorithms for Programmable Matter Christian Scheideler Joint work with Theory of

Theory of Distributed Systems Models and Algorithms for Programmable Matter Christian Scheideler Joint work with Theory of Distributed Systems Motivation Scene with T1000 from Terminator 2 Movie: Primitives? Algorithms? 2 Theory of

809 views • 31 slides
Panel on libraries The Coq Workshop 2020 online 1 / 1 HoTT & the Future of Formalization

Panel on libraries The Coq Workshop 2020 online 1 / 1 HoTT & the Future of Formalization

Moderator: Bas Spitters Andrej Bauer Cyril Cohen Robbert Krebbers Guillaume Melquiond Anders Mortberg Karl Palmskog Panel on libraries The Coq Workshop 2020 online 1 / 1 HoTT & the Future of Formalization

215 views • 17 slides
Unification by Narrowing Mircea Marin West University of Timisoara mmarin@info.uvt.ro May 20,

Unification by Narrowing Mircea Marin West University of Timisoara mmarin@info.uvt.ro May 20,

Unification by Narrowing Mircea Marin West University of Timisoara mmarin@info.uvt.ro May 20, 2014 Marin Unification by Narrowing What is narrowing? Narrowing sound and complete method for solving E -unification problems in theories

1.06k views • 69 slides
Term Rewriting Systems All sentences are unit equations ( is implicit). AUTOMATED

Term Rewriting Systems All sentences are unit equations ( is implicit). AUTOMATED

14ai Term Rewriting Systems All sentences are unit equations ( is implicit). AUTOMATED REASONING Problem is usually to show that two terms are equal modulo equations. Although this could be done using paramodulation .... To cut

303 views • 7 slides
Well-typed programs cant be blamed Philip Wadler University of Edinburgh Robert Bruce Findler

Well-typed programs cant be blamed Philip Wadler University of Edinburgh Robert Bruce Findler

Well-typed programs cant be blamed Philip Wadler University of Edinburgh Robert Bruce Findler University of Chicago A repeated theme Thatte (1988): Partial types Henglein (1994): Dynamic typing Findler and Felleisen (2002): Contracts

565 views • 41 slides
H1 FY18 EARNINGS November 7, 2017 1 Yves Guillemot, President and Chief Executive Officer Alain

H1 FY18 EARNINGS November 7, 2017 1 Yves Guillemot, President and Chief Executive Officer Alain

H1 FY18 EARNINGS November 7, 2017 1 Yves Guillemot, President and Chief Executive Officer Alain Martinez, Chief Financial Officer D I S C L A I M E R This statement may contain estimated financial data, information on future projects and

569 views • 29 slides
4/14/2016 Disclosures Medtronic Spectranetics 2016 Tenaxis Medical SAB UCSF

4/14/2016 Disclosures Medtronic Spectranetics 2016 Tenaxis Medical SAB UCSF

4/14/2016 Disclosures Medtronic Spectranetics 2016 Tenaxis Medical SAB UCSF Vascular Symposium Societal, Clinical, and Radiographic Volcano Corporation Definition of Venous Stenosis: W.L. Gore James J Zimmerman, M.D. A

480 views • 5 slides
Well-typed programs cant be blamed (ESOP 2009) Robert Bruce Findler Northwestern University

Well-typed programs cant be blamed (ESOP 2009) Robert Bruce Findler Northwestern University

Well-typed programs cant be blamed (ESOP 2009) Robert Bruce Findler Northwestern University Philip Wadler University of Edinburgh Aussois, 1418 October 2013 Part I Evolving a program An untyped program let x = 2 f = y. y + 1 h =

537 views • 35 slides
Overlapping Rules and Logic Variables in Functional Logic Programs Michael Hanus

Overlapping Rules and Logic Variables in Functional Logic Programs Michael Hanus

ICLP 2006 Overlapping Rules and Logic Variables in Functional Logic Programs Michael Hanus Christian-Albrechts-Universit at Kiel (joint work with Sergio Antoy, Portland State University) F UNCTIONAL L OGIC L ANGUAGES Approach to amalgamate

681 views • 42 slides
Maude-NPA: Tutorial Catherine Meadows, Naval Research Laboratory (USA) Jos e Meseguer,

Maude-NPA: Tutorial Catherine Meadows, Naval Research Laboratory (USA) Jos e Meseguer,

Maude-NPA: Tutorial Catherine Meadows, Naval Research Laboratory (USA) Jos e Meseguer, University of Illinois at Urbana-Champaign (USA) Santiago Escobar, Universidad Polit ecnica de Valencia (Spain) P ROTOCOL E X CHANGE , J ANUARY 23, 2008

385 views • 37 slides
DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT:

DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT:

DOT: Dependent Object Types Semester Project, Spring 2012 Nada Amin EPFL Nada Amin (EPFL) DOT: Dependent Object Types 1 / 21 Introduction What is DOT? DOT: Dependent Object Types type-theoretic foundation of Scala and languages like it

346 views • 21 slides
The Maude-NRL Protocol Analyzer Santiago Escobar 1 Catherine Meadows 2 e Meseguer 3 Jos Sonia

The Maude-NRL Protocol Analyzer Santiago Escobar 1 Catherine Meadows 2 e Meseguer 3 Jos Sonia

The Maude-NRL Protocol Analyzer The Maude-NRL Protocol Analyzer Santiago Escobar 1 Catherine Meadows 2 e Meseguer 3 Jos Sonia Santiago 1 Ralf Sasse 3 1 Universidad Polit ecnica de Valencia (Spain) 2 Naval Research Laboratory (USA) 3

939 views • 75 slides
A plan to slow down traffic on West Bay Drive by reducing the lane widths is facing

A plan to slow down traffic on West Bay Drive by reducing the lane widths is facing

A plan to slow down traffic on West Bay Drive by reducing the lane widths is facing opposition from some commission members. The proposal also includes the addition of bike lanes in the space saved by the lane reductions. The West Bay

275 views • 3 slides
Probability Theory Probability Models for random phenomena Phenomena Non-deterministic

Probability Theory Probability Models for random phenomena Phenomena Non-deterministic

Probability Theory Probability Models for random phenomena Phenomena Non-deterministic Deterministic Deterministic Phenomena There exists a mathematical model that allows perfect prediction the phenomenas outcome.

1.47k views • 113 slides

More recommend