In the book Surely You’re Joking, My Feynmn!, Richard Feynman tells an amusing story of engineers showing him complicated blueprints and him pointing to them and asking “what happens if this valve sticks?”
The engineers were astonished. They pored over their blueprints and realized that they had a design flaw. What’s amusing about the story is that Mr. Feynman was bluffing. He didn’t know if he was pointing to a valve or not and assumed the engineers would gently correct his misunderstanding. By mere chance, a serious problem was averted.
In yet another anecdote I read, a contractor finished building a hospital but its opening was delayed because somehow nobody realized that they had forgotten to have phones in the building. Oops.
Today, these sorts of problems are less likely to occur because engineers, architects and others have sophisticated software tools which can alert them to potential problems. But what about “software engineers”?
An article in the latest issue of Scientific American entitled Dependable Software By Design explores this issue in some detail, but rather than just lament on the poor state of software development, this article details relatively recent software innovations that can allow software designers to truly earn the title “engineer”.
The article mentions several software packages which can help detect design flaws, but it focuses specifically on a free software package named Alloy. Alloy provides a declarative programming language (think “Prolog”) which allows the software designer to describe their software model, what it does, what it shouldn’t do, and Alloy attempts to find “counter-examples” which illustrate flaws in the software design (not in the software itself — that’s what tests are for).
The basic steps are fairly simple:
- Define your objects
- Model the operations
- Specify requirements
- Find and fix flaws
As an example of Alloy code, here are the basic object definitions they listed for testing directory moving code:
module filesystem
abstract sig Object []
sig File, Dir extends Object []
sig FS {
dirs: set Dir,
files: set File,
contains: dirs -> (dirs + files)
}
(Note that in the above, “set” refers to a set of objects, not setting a value)
The above notation is fairly simple and easy to read. In the examples provided in the article, they test moving a directory from one directory to another. The model states that after a move, the directory must not be in the old directory, it must be in the new directory, and nothing else must change. Further, there is a constraint that after the move, all directories must be reachable from the root directory.
Seems pretty simple, right? How could someone screw up code like that? Well, when Alloy is run, it finds a counter-example: a directory which is moved to itself. When that happens, the directory winds up being unreachable from root, therefore there’s a software flaw. Variants of this flaw are very common. A friend told me just yesterday that if she creates a folder named “Desktop” on her Windows Desktop, her version of Windows gets confused.
Software modeling is an important tool and many attempts at solving this problem in the past have produced cumbersome software products which are difficult to use. Some attempt to turn specifications directly into the software (which doesn’t do much good when the specification is flawed) and others attempt to analyze all possible paths through the software (which scales terribly). Alloy is content to merely look for counter-examples which demonstrate design flaws.
The Alloy Web site looks interesting. You can download the software for free for Mac OS X, Windows (requires Cygwin), Linux and NetBSD. The site has a quickstart, an online tutorial, a reference guide, numerous links to papers and a FAQ. Can Alloy and similar tools be the turning point in software design? I think it’s a great step in the right direction.
Interesting post. Thanks for the reference to Alloy. I have been doing software testing for a while now. Most of the companies that I have worked for are not actually interested in software testing or QA. They see it as slowing them down. So even the best tools will not get used.
Maybe I should try working at Boeing?
look up "pored" and "poured" in the dictionary, please? Unless the engineers spilled their coffee over the blueprints ...
Gary: Fixed, thank you! I sometimes tease people about their spelling and grammar and I deserve to be hoist on my own petard for that one.
Why software engineering is fundamentally different
It's 'hoist by my own petard'. The phrase was coined by Shakespeare in Hamlet, where it meant 'blown up by my own bomb'.
Great post, Curtis. I'd argue, though, that we are engineers....or at least we can be. I spend my day split between working on an embeddedish application and a data processing server application. On the embeddish side, I'm working on integrating our app with a new piece of hardware. I spent literally hours just going over the existing code trying to wrap my head around it fully, beginning the mental design process for the integration, and checking any other "touch points" in the code base before writing a single line of code. Couple of interesting points here. 1) There wasn't that much code to go over, but I need to do things right. Not because imperfection is not tolerated. Because that's how I'm wired. 2) I've thoroughly tested my code and it's not even ready to go to QA yet. I would consider both of these points to be at least "engineering inclined" dispositions.
So, my point is the same one that James made by posting the link he did. We're a young discipline. We lack the maturity of mechanical engineering or architecture or .... whatever. We are also fundamentally different in that there is no physical building process and therefore a software design flaw can be cheaper to fix than, say, a bridge design flaw after the bridge is built. (Notice I said "can be", not "is".)
I'll have to look into Alloy. This may be a type of tool that pushes Software Engineering further along in the evolution of becoming a fully engineering compliant discipline in the traditional sense of the word.
Again, great post. Thanks! And thanks for the reference to Alloy.
A few things "software engineers" typically don't have to worry about:
Differential equations
Partial differential equations
Taguchi analysis
LaPlace (Heavyside) transforms
Steam tables (dating myself)
All of Newton and Einstein
Maxwell's equations
Navier-Stokes
perturbation theory
physics
mechanics of materials
finite element analysis
thermodynamics
boundary layers
Von Karmen vortex streets
related rates (chemistry)
variation analysis
Fast Fourier Transforms
Vibrations
Acoustics
plasticity
just to name a few...
Didn't Shakespeare write "Hoist with his own petar" using neither on nor by? I agree, however, that the phrase is typically rendered using by.
> Von Karmen vortex streets
It is Von Karman.
Yes, software engineers do not need to study materials and objects of the physical world. (Unless, of course, they deal with hardware, electronics, electricity, light, et cetera.) So what's your point?Mechanical engineers don't need to worry about NP-completeness, or cache effects, or error correction, or data compression, or cryptography, or parallel computation, or so forth. People deal with what they need to deal. One can of course define "engineering" to be engineering only if it deals with physical concrete things.
Could engineering be... "the application of mathematics"?
That to me has always been its beauty... and software definitely falls in that category.
Being a Computer Systems Engineering student on a polytech school its interesting and in times confusing.
You get along with different engineer students, mostly in studying the "common engineering majors" (Civil, Electrical, Mechanical) and in some time of your carreer someone from those majors will tell you sometime like: "Systems Eng (or Soft Eng) isn't an engineering at all! every engineer knows how to program and in fact you dont mess with FFT, strenght of materials, finite element analysis, Multi Body Dynamics ... etc"
I agree with Mike Tung (http://vcmike.blogspot.com/2006/03/engineering-software.html): "I say software engineering is fundamentally different from other types of engineering, because the field itself is still in its prenatal state" (hey we are building are houses since ever)
and with JHI: "One can of course define "engineering" to be engineering only if it deals with physical concrete things " (If you dont see it doesnt means it doesnt exist!)
In conclusion the truth is that soft eng is a step further from the common engineering (here im not trying to say that is better, im saying that is different!), because of the level of abstraction it requires to be understood and furthermost because it deals with people and/or code that people writes.
In the book Surely You’re Joking, My Feynmn!, Richard Feynman tells an amusing story of engineers showing him complicated blueprints and him pointing to them and asking “what happens if this valve sticks?”
I do not agree. Go to http://www.freeworkz.info/adjectival_Netherlands/disuse_Holland/seven_Amsterdam_1.html
Vlad wrote:Could engineering be... "the application of mathematics"?
That to me has always been its beauty... and software definitely falls in that category.
Vladimir Orlt | June 8, 2006 10:13 AM
But if physics translates to electrical engineering, and chemistry to chemical engineering, then what form of engineering does political science or economics (dismal science)?
I think the latter must be estimators and the former either in contracts or the guys who think they actually bend space-time by the length of a line on Primavera Project Planner.