RE: Formal methods



Date view Thread view Subject view Author view

Pete Mellor (pm(at)csr.city.ac.uk)
Thu, 7 Feb 2002 23:53:54 +0000 (GMT)


Martyn, I would like to question one of the common assumptions about software engineering. On Thu, 7 Feb 2002, Martyn Thomas wrote: [snip] > In commending the civil engineers' professionalism, I was considering three > things: > 1 The behaviour of bridge designs is modelled mathematically before they are > first built. > 2 The modelling techniques, assumptions etc reflect best practice and are > applied fairly consistently across the profession. > 3 When a failure occurs, the lessons are learned by the whole profession. > > Contrast that with software engineering, where there is fairly good agreement on > best practice among leading researchers, but very patchy adoption of these > practices by industry, much of which arrogantly assumes that it knows better (or > that its application area is unique). Few new designs are modelled > mathematically before they are built, so standard methods and assumptions have > little chance to evolve. When failures occur (and the great majority of > development projects fail, according to surveys) the lessons are learnt by the > customer and supplier (at best) and are usually concealed from competitors. > > It's the immaturity of a 50-year old profession, of course. Let's hope it > doesn't take *us* 3000 years to learn the lessons. I have also put forward the "immaturity" argument as a reason for our poor performance in creating software-based systems. I have repeated this many times to students in software engineering lectures, but recently, I have become less convinced by the logic. Whereas it is true that mankind has been building bridges for 3000 years or more, the construction of iron bridges has only been practised for a few hundred years, and of steel bridges (in particular, suspension bridges) for a considerably shorter time. However, the thing that caused me most doubt was the construction of aircraft (of the fixed-wing, heavier than air variety). The first flight can be precisely dated (although I always forget the date! :-) and by WW II, aircraft construction had progressed from string and sealing wax to mass production of comparatively reliable steel-framed aircraft. In fact, the time from first concept to routine manufacture was less than 50 years, probably more like 25. I think the causes of the "software crisis" (or rather, the chronic disease that afflicts software) must be sought elsewhere. I would suggest that the "invisibility" of software (due to its abstract nature) and its discontinuous behaviour are the primary causes of our difficulties. ---------------------------------------------------------------- Peter Mellor, Centre for Software Reliability, City University, Northampton Square, London EC1V 0HB Tel.: +44 (0)20 7040 8422 ) NOTE: Code recently changed from Fax.: +44 (0)20 7040 8585 ) 7477 to 7040 e-mail: Pete Mellor <p.mellor(at)csr.city.ac.uk> ----------------------------------------------------------------


Date view Thread view Subject view Author view