today next lecture
play

Today & next lecture Aims of the course Introduction to issues - PowerPoint PPT Presentation

Apr 17, 2023 •45 likes •405 views

Chair of Software Engineering Chair of Software Engineering Software Verification Contracts, Trusted Components and Patterns Bertrand Meyer Manuel Oriol Till Bay ETH, Fall 2008 Today & next lecture Aims of the course Introduction to

  1. Chair of Software Engineering Chair of Software Engineering Software Verification Contracts, Trusted Components and Patterns Bertrand Meyer Manuel Oriol Till Bay ETH, Fall 2008

  2. Today & next lecture Aims of the course Introduction to issues of software quality Axiomatic semantics and program correctness (1) 2

  3. Aims of this course To provide a survey of  Reuse and component technology, with a special emphasis on object-oriented approaches  Techniques for quality components  Software verification techniques 3

  4. Topics  Quality issues in software engineering  Components and the notion of trusted component  Designing O-O libraries  Axiomatic Semantics and Program Correctness  Componentization: turning patterns into Components  Automatic component testing techniques  Program analysis  Model checking  Abstract interpretation  Separation logic (guest lectures by Cristiano Calcagno)  Proof-Carrying Code 4

  5. Basic references Clemens Szyperski, Component Software , Addison-Wesley, 1998 Bertrand Meyer, Object-Oriented Software Construction , 2nd edition, Prentice Hall, 1997 Bertrand Meyer, Reusable Software , Prentice Hall, 1994 Martin Abadi, Luca Cardelli: A Theory of Objects , Springer-Verlag, 1996 Robert V. Binder: Testing Object-Oriented Systems: Models, Patterns, and Tools , Addison-Wesley, 1999. Karine Arnout: From Patterns to Components , ETH Ph.D. thesis, 2004 Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides: Design Patterns: Elements of Reusable Object-Oriented Software , Addison-Wesley, 1995 5

  6. Organization Course page http://se.ethz.ch/teaching/2008-F/tc-0239/index.html Lectures: Monday: 2 hours Wednesday: 1 hour -- exercises and applications Assistant: Stephan van Staden Stephan.vanStaden@inf.ethz.ch All exercises are optional, but will be corrected. They are an important preparation for the exam and the project. Grading: Written exam on date of 15 December (lecture time): 70% Project (take-home exercise): 30% 6

  7. Reading assignment “Ariane” paper: http://tinyurl.com/xy3s Also read Ken Garlington’s criticism (link in the article) (and optionally) the official report on the Ariane crash Chapter 9 of “Introduction to the Theory of Programming Languages” 7

  8. PART 1: Introduction Issues of Software Quality 8

  9. Software quality: external vs internal External factors: visible to customers (not just end users but e.g. purchasers)  Examples : ease of use, extendibility, timeliness Internal factors: perceptible only to developers  Examples : good programming style, information hiding Only external factors count in the end, but the internal factors make it possible to obtain them. 9

  10. Software quality: product vs process Product: properties of the resulting software For example: correctness, efficiency Process: properties of the procedures used to produce and “maintain” the software 10

  11. External quality factors Product quality (immediate): Correctness Robustness Security Ease of use Ease of learning Efficiency Errors Hostility Specification Product quality (long-term): Extendibility Reusability Portability Process quality: Timeliness Cost-effectiveness Robustness Security Correctness 11

  12. Reliability Correctness: The systems’ ability to perform according to specification, in cases covered by the specification Robustness: The systems’ ability to perform reasonably in cases not covered by the specification Security (integrity): The systems’ ability to protect itself against hostile use 12

  13. Ariane 5, 1996 $500 million, not insured. 40 seconds into flight, exception in Ada program not processed; order given to abort the mission. Exception was caused by an incorrect conversion: a 64-bit real value was incorrectly translated into a 16-bit integer. • Not a design error. • Not an implementation error. • Not a language issue. • Not really a testing problem. • Only partly a quality assurance issue. Systematic analysis had “proved” that the exception could not occur – the 64-bit value (“horizontal bias” of the flight) was proved to be always representable as a 16-bit integer ! 13

  14. Ariane-5 (Continued) It was a REUSE error: • The analysis was correct – for Ariane 4 ! • The assumption was documented – in a design document ! With assertions, the error would almost certainly (if not avoided in the first place) detected by either static inspection or testing: integer_bias ( b : REAL ): INTEGER is require representable ( b ) do … ensure equivalent ( b , Result ) end 14

  15. NIST report on “testing” (2002) Monetary effect on Developers and User due to “insufficient testing infrastructure”: $59.5 billion (Financial sector: $3.3 billion, auto/aerospace $1.8 billion etc.) 15

  16. From reliability to security Buffer overflow (Morris worm, most viruses) See http://www.cert.org Some_innocuous_public_command “Some message” (Or maybe just inputting text into a browser field) 16

  17. Buffer overflow Memory Setup Max 0 Stack frames Stack growth … Rout n Rout 1 Main Program Heap Stack Stack top Stack bottom 17

  18. Calling a routine Max 0 Stack frames Locals Args … of Rout n Rout 1 Main of Rout Rout Program Heap Stack Return address 18

  19. Calling a utility syslogd " Some error message “ finger Some_name some_command " some text " (Text input into some browser field) 19

  20. Allocating the buffer Max 0 Other locals Stack frames Args … Buffer of Rout n Rout 1 Main Rout Program Heap Stack Return address 20

  21. How was the routine coded? from i := 1 until i > input_size loop (1) buffer [ i ] := input [ i ] i := i + 1 end from i := 1 until i > input_size or i > buffer_size loop (2) buffer [i] := input [ i ] i := i + 1 end 21

  22. Allocating the buffer Max 0 Other locals Stack frames Args … Buffer of Rout n Rout 1 Main Rout Program Heap Stack Return address 22

  23. Getting close Max 0 Other locals Stack frames … Buffer Rout n Rout 1 Main Program Heap Stack Return address 23

  24. Getting closer Max 0 Other locals Stack frames … Buffer Rout n Rout 1 Main Available ! Program Heap Stack Return address 24

  25. Inserting the code Max 0 Modified Return Address Other locals Stack frames … Buffer Rout n Rout 1 Main Your Code Available ! Program Heap Stack Return address 25

  26. Buffer overflow: lessons Lack of specification Lack of specification enforcement Programming techniques Security concepts At the core, a programming methodology issue 26

  27. Software quality (through technology)  A priori (build it right) Object technology, formal development  A posteriori (validate and fix it) Testing, abstract interpretation, model checking 27

  28. Management aspects Process standards: CMMI, ISO 9001 Get software in source from, benefit from public scrutiny Metrics collection and application Code reviews? 28

  29. Today’s software is often good enough Overall: Works most of the time Doesn’t kill too many people Negative effects, esp. financial, are diffuse Significant improvements since early years: Better languages Better tools Better practices (configuration management) 29

  30. From “good enough” to good? Beyond “good enough”, quality is economically bad He who perfects, dies Quality Choose to release? Ideal Actual Time 1 2 3 4 30

  31. The economic argument Stable system:  Sum of individual optima = Global optimum Non-component-based development:  Individual optimum = “Good Enough Software”  Improvements: I am responsible! Component-based development:  Interest of both consumer and producer: Better components  Improvements: Producer does the job 31

  32. Quality through reuse The good news: Reuse scales up everything 32

  33. Quality through reuse The good news: Reuse scales up everything The bad news: Reuse scales up everything 33

  34. Trusted components Confluence of  Quality engineering  Reuse 34

  35. Classifying components by... Lifecycle role: Abstraction level: • Analysis • Functional (subroutine) • Design • Casual (package) • Implementation • Data (class) • Cluster (framework) • System (binary comp.) Flexibility: • Static Form of use: • Dynamic Economics: • Interface only • Replaceable • Free • Source only • Purchased • Source + hiding • Rented 35

  36. This is a broad view of components Encompasses patterns and frameworks Software, especially with object technology, permits “pluggable” components (“don’t call us, we’ll call you”), where client programmers can insert their own mechanisms. Supports component families 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 15 Logistics HW4 is due today HW5 posted today HW5 posted today Exam

Lecture 15 Logistics HW4 is due today HW5 posted today HW5 posted today Exam

Lecture 15 Logistics HW4 is due today HW5 posted today HW5 posted today Exam questions: to me Class feedback Last lecture Adders Today More on Adder timing issues (hard!) M Add ti i i (h d!) Summary

752 views • 14 slides
Lecture 17 No code files for today Reminder: Project 3 due today. Homework 5 (!) due on

Lecture 17 No code files for today Reminder: Project 3 due today. Homework 5 (!) due on

Lecture 17 No code files for today Reminder: Project 3 due today. Homework 5 (!) due on Monday. Questions? Friday, October 1 CS 215 Fundamentals of Programming II - Lecture 17 1 Outline Rules for dynamic classes Destructor,

521 views • 14 slides
ENGR/CS 101 CS Session Lecture 18 No computers today Today is the last day for the CS

ENGR/CS 101 CS Session Lecture 18 No computers today Today is the last day for the CS

ENGR/CS 101 CS Session Lecture 18 No computers today Today is the last day for the CS session for this group. Mingle during classtime on Friday. No class on Monday; no final exam. Good news, those that submitted Homework 3 by 10pm

392 views • 11 slides
Lecture 15 Logistics HW6 is out, due Wednesday Last lecture Continuing on basic

Lecture 15 Logistics HW6 is out, due Wednesday Last lecture Continuing on basic

Lecture 15 Logistics HW6 is out, due Wednesday Last lecture Continuing on basic building blocks for sequential logic Latches and flip-flops Clear/Preset State Diagram Asynchronous inputs Today Today

444 views • 9 slides
Lecture 31 No computer use today. Reminder: Project 5 is due today. Project 6 has been

Lecture 31 No computer use today. Reminder: Project 5 is due today. Project 6 has been

Lecture 31 No computer use today. Reminder: Project 5 is due today. Project 6 has been posted to the course webpage. No one has indicated a conflict, so Practical Exam 2 is scheduled for next Wednesday, November 10, 5-7pm.

461 views • 19 slides
ENGR/CS 101 CS Session Lecture 18 No computers today Today is the last day for the CS

ENGR/CS 101 CS Session Lecture 18 No computers today Today is the last day for the CS

ENGR/CS 101 CS Session Lecture 18 No computers today Today is the last day for the CS session for this group. On Friday, there will be a Mingle in KC- 137. NO CLASS on Monday. NO FINAL EXAM in this class. Good news is almost

318 views • 10 slides
Today, Lecture 26: Recursion By Elsamuko, Creative Commons Attribution-Share Alike 2.0

Today, Lecture 26: Recursion By Elsamuko, Creative Commons Attribution-Share Alike 2.0

Previous Lecture: OOP: Access modifiers & inheritance Today, Lecture 26: Recursion By Elsamuko, Creative Commons Attribution-Share Alike 2.0 Generic license Announcements: Last discussion section today/tomorrow work

522 views • 40 slides
Nested Lists and Dictionaries Announcements for This Lecture Readings Assignments Today:

Nested Lists and Dictionaries Announcements for This Lecture Readings Assignments Today:

Lecture 14 Nested Lists and Dictionaries Announcements for This Lecture Readings Assignments Today: Chapter 11 A3 is due today Survey is posted in CMS Next Week: Sec. 5.8-5.10 Late penalty 10%/day Prelim, Oct 12 th

268 views • 23 slides
Today, Lecture 3: Writing a program systematic problem solving Branching

Today, Lecture 3: Writing a program systematic problem solving Branching

Previous Lecture (and lab): Variables & assignment Built-in functions, input & output Good programming style (meaningful variable names; use comments) Today, Lecture 3: Writing a program systematic problem

507 views • 33 slides
Lecture 24 No files for today. Project 5 posted; due in two weeks, but start working on it

Lecture 24 No files for today. Project 5 posted; due in two weeks, but start working on it

Lecture 24 No files for today. Project 5 posted; due in two weeks, but start working on it now! Reminder: Project 4 due today. Questions? Wednesday, October 20 CS 215 Fundamentals of Programming II - Lecture 24 1 Outline

683 views • 15 slides
CSE 527 Lecture 7 Relative entropy Convergence of EM Weight matrix motif models Talk Today

CSE 527 Lecture 7 Relative entropy Convergence of EM Weight matrix motif models Talk Today

CSE 527 Lecture 7 Relative entropy Convergence of EM Weight matrix motif models Talk Today COMBI Seminar Today: Dr. David Baker Progress in High-Resolution Modeling of Protein Structure and Interactions Today, October 19, 2005

452 views • 15 slides
Scheduling and Timetabling, Lecture 4 Han Hoogeveen, Utrecht University 1 Lecture today

Scheduling and Timetabling, Lecture 4 Han Hoogeveen, Utrecht University 1 Lecture today

Scheduling and Timetabling, Lecture 4 Han Hoogeveen, Utrecht University 1 Lecture today Dividing additional driving time Buses in Rotterdam Single Depot Vehichle Scheduling problem (only buses) Planning the drivers (sequential

801 views • 21 slides
PHILOSOPHY 2018-2019 JELLE DE BOER Lecture 1 This lecture, today Practical matters

PHILOSOPHY 2018-2019 JELLE DE BOER Lecture 1 This lecture, today Practical matters

PHILOSOPHY 2018-2019 JELLE DE BOER Lecture 1 This lecture, today Practical matters Introduction Values Wellbeing, happiness Subjectivism Relativism Grade components Multiple Choice Exam: 60% Duo Essay: 40%

2.13k views • 166 slides
Lecture 11: Abstraction I ntro. to Programming, lecture 11: Abstraction 2 Topics for today

Lecture 11: Abstraction I ntro. to Programming, lecture 11: Abstraction 2 Topics for today

Chair of Softw are Engineering Einfhrung in die Programmierung Introduction to Programming Prof. Dr. Bertrand Meyer Lecture 11: Abstraction I ntro. to Programming, lecture 11: Abstraction 2 Topics for today Abstraction, especially

167 views • 12 slides
Scheduling and Timetabling, Lecture 3 Han Hoogeveen, Utrecht University 1 Lecture today Finding

Scheduling and Timetabling, Lecture 3 Han Hoogeveen, Utrecht University 1 Lecture today Finding

Scheduling and Timetabling, Lecture 3 Han Hoogeveen, Utrecht University 1 Lecture today Finding a timetable for the trains Routing trains through stations Dividing additional driving time Branch-and-bound (brush up) Is the first assignment

478 views • 36 slides
Lecture 23 Logistics HW8 due today, HW9 is due Friday All lab must be done by 6/5 Thu

Lecture 23 Logistics HW8 due today, HW9 is due Friday All lab must be done by 6/5 Thu

Lecture 23 Logistics HW8 due today, HW9 is due Friday All lab must be done by 6/5 Thu 6pm All lab must be done by 6/5 Thu 6pm. Last lecture State encoding One-hot encoding Output encoding Today: Optimizing

250 views • 11 slides
Why Check an R Package? Aime Gott Education Practice Lead, Mango Solutions DataCamp

Why Check an R Package? Aime Gott Education Practice Lead, Mango Solutions DataCamp

DataCamp Developing R Packages DEVELOPING R PACKAGES Why Check an R Package? Aime Gott Education Practice Lead, Mango Solutions DataCamp Developing R Packages What Should You Check? An R package check includes: If the package can be

670 views • 23 slides
Requirements and Framework of VPN-oriented Data Center Services

Requirements and Framework of VPN-oriented Data Center Services

Requirements and Framework of VPN-oriented Data Center Services http://datatracker.ietf.org/doc/draft-so-vdcs/ Ning So ning.so@verizonbusiness.com Paul Unbehagen paul.unbehagen@alcatel-lucent.com Linda.dunbar@huawei.com Linda Dunbar

386 views • 9 slides
Stat 8931 (Aster Models) Lecture Slides Deck 7 Charles J. Geyer School of Statistics University

Stat 8931 (Aster Models) Lecture Slides Deck 7 Charles J. Geyer School of Statistics University

Stat 8931 (Aster Models) Lecture Slides Deck 7 Charles J. Geyer School of Statistics University of Minnesota June 7, 2015 Simulation What cannot be done by theory can be done by brute force and ignorance. If you can simulate a probability

972 views • 69 slides
Night life and road safety: a comparison of 7 Italian cities Giovanni Luca Ciampaglia WARNING:

Night life and road safety: a comparison of 7 Italian cities Giovanni Luca Ciampaglia WARNING:

Night life and road safety: a comparison of 7 Italian cities Giovanni Luca Ciampaglia WARNING: NO networks in this talk! Genesis TBDC 15: The data 7 major Italian cities: (Rome, Naples, Milan, Turin, Venice, Bari, Palermo) North to

577 views • 23 slides
zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA PR18 Initial Consultation RDG Working Group

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA PR18 Initial Consultation RDG Working Group

zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA PR18 Initial Consultation RDG Working Group 19 May 2016 zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA 2 PR18 Initial Consultation We have published our first major document,

657 views • 7 slides
MLMC for transmission problems with geometric uncertainties Laura Scarabosio QUIET 2017 SISSA,

MLMC for transmission problems with geometric uncertainties Laura Scarabosio QUIET 2017 SISSA,

MLMC for transmission problems with geometric uncertainties Laura Scarabosio QUIET 2017 SISSA, Trieste, July 18-21. Model transmission problem ( (( y )) u ) 2 (( y )) u = 0 in D in ( y ) D out,R out ( y ) ,

455 views • 4 slides
FASER: F orw A rd S earch E xpe R iment at the LHC work with Jonathan Feng, Iftah Galon and

FASER: F orw A rd S earch E xpe R iment at the LHC work with Jonathan Feng, Iftah Galon and

FASER: F orw A rd S earch E xpe R iment at the LHC work with Jonathan Feng, Iftah Galon and Sebastian Trojanowski arXiv: 1708.xxxxx Felix Kling DPF 2017 August 3rd 2017 Introduction transverse region: high pT

171 views • 15 slides
Switch Codes for Computer Networks Hui Zhang Joint work with Yeow Meng Chee, Fei Gao and Samuel

Switch Codes for Computer Networks Hui Zhang Joint work with Yeow Meng Chee, Fei Gao and Samuel

Switch Codes for Computer Networks Hui Zhang Joint work with Yeow Meng Chee, Fei Gao and Samuel Tien Ho Teo Institute of Computer Science University of Tartu Oct. 3, 2015 Network Switches 1 1 Image from http://www.cisco.com/c/en/us/support/docs/

613 views • 22 slides

More recommend