On software quality and engineering

Simon Fowler simon at himi.org
Sat Nov 2 10:53:10 EST 2002

On Sat, Nov 02, 2002 at 10:33:42AM +1100, Tomasz Ciolek wrote:
> Brad,
> > A concept that has been missed in all of this is that all things are designed 
> > to meet acceptable risk. The Pinto example is where they mis-defined what 
> > level of risk was acceptable.
> I think that you raised an important point, with regard to engineering
> as a whole. I agree that complex system will fail. Howevere there
> appears to be a very major difference in the culture of engineering
> material objects and software.
> That difference appears to be this:
> When in the physical world, a particular wiget A is designed, it carries with it a set of specifications that say "it was designed to operate in such and such conditions under such and such a minimum and maximum loads, etc... " and has some safety margins built in. In most cases of software desing I am yet to see doco on a module that states that: "this module implements function X, it has these input ranges, these output ranges and produces this error otherwise".
Well, that's the idea behind "Design by Contract", which is
something Bertrand Meyer has been p1mping for many years . . . It's
doable, but the effort involved is /massive/, and it puts a very
heavy load on anyone who's simply changing the software - you have
to redo all the contracts, and ensure that they're correct, and
ensure that no one else breaks them, and then fix the things that
do, and change /their/ contracts if necessary, and so on . . . . . 

I think that kind of thing is a /big/ area of research at the
moment. Ultimately, though, until it can be automated sufficiently
that the average developer can use it without it costing them an
inordinate amount of time, it won't be much use for anything except
systems that require extremely high reliabiliy (the software driving
the space shuttle is a classic example). 


PGP public key Id 0x144A991C, or http://himi.org/stuff/himi.asc
(crappy) Homepage: http://himi.org
doe #237 (see http://www.lemuria.org/DeCSS) 
My DeCSS mirror: ftp://himi.org/pub/mirrors/css/ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20021102/0e2a4d7f/attachment.bin

More information about the linux mailing list