to analyze the

April 1993

"We will see massive changes [in computer use] over the next few years, causing the initial personal computer revolution to pale into comparative insignificance"

[Cliff Jones, Professor at U. of Manchester]

[Gibbs94]

to analyze the

April 1993

[Mary Shaw, Professor at Carnegie Mellon]

to analyze the

April 1993

"It is not clear that the methods that are currently used for producing safety-critical software, such as nuclear reactors or in cars, will evolve and scale up adequately to match our future expectations. On the contrary, for real-time systems I think we are at a fracture point."

[Gilles Kahn, sci. director of France's INRIA reseach lab]

April 1993

"there is a better word than integration, from old Royal Air Force slang: namely, 'to graunch,' which means 'to make to fit by the use of excessive force.' "

April 1993

[Brian Randell, U. of Newcastle upon Tyne]

April 1993

There is "an order of magnitude growth in system size every decade--for some industries, every half-decade." Program-mers will have to change the way they work to keep up with this pace. "You can't build skyscrapers using carpenters."

• For every six new large-scale software systems put into operation, two are canceled.

• The average software development project overshoots its schedule by half. Larger software development projects do worse.

• Three quarters of all large systems are "operating failures" that either do not function as intended or are not used at all.

• By 1994 the ten year effort required

• 1 million lines of code

• distributed over 100s of computers

• code embedded into new hardware

• round-the-clock response

` • handle unpredictable real-time events

• any error was a potential threat to public safety

• FAA hired respected software dev. leader, IBM Federal Systems Company (now Loral)

• FAA administrator David R. Hinson in June 1994, because of cost overruns and unreliability of system, canceled two of the four major parts of the AAS and scaled down the 3rd.

• $144 Million had been invested in the failed parts.

[See G. Stix, "Aging Airways," Scientific American, May 1994]

[Gibbs94]

Real-Time System

Software Related Failure of the

• Mission was to test targeting software for future use in a space-based missile defense system

• Department of Defense applied rigorous testing standards to ensure reliability of mission-critical software.

• A bug in the software caused the satellite to fire maneuvering thrusters incorrectly, run out of fuel, lose maneuverability and miss rendezvous with asteroid Geographos.

• Real-time systems errors are hard to find and reproduce because they occur only when under certain conditions.

• In 1987 the California Department of Motor Vehicles decided to "simplify" its system and implement one-stop renewal kiosks within a five year period by merging the state's driver registration system and the vehicle registration system.

• Projected cost rose to 6.5 x expected price and the delivery date was pushed back to 1998. In December 1993, the agency pulled the plug and walked away from an investment of

• seven years, and

• $44.3 million.

[Gibbs94]

• In 1970, the $2-billion American Airlines flight reservation system, SABRE, became part of the travel industry's infrastructure and contributed to making American the largest airline in the world.

• In 1990's American tried to integrate its flight reservation technology with the Marriott and Hilton's hotel reservation systems, and Budget car rental reservation system.

• In 1992, after an $165-million investment, the failed system integration project was abandoned because of litigations.

[Gibbs94]

• 24 leading companies that developed large distributed systems

• There were no figures on the reliability of the completed programs.

• Intuition is slowly yielding to analysis as programmers begin using quantitative measurements of the quality of software

• Researchers are working on expressing program designs in algebraic forms that make it easier to avoid serious mistakes.

• Academics are starting to address their failure to produce a solid corps of software professionals.

• Industry is starting to turn its attention toward inventing the technology and market structures needed to support interchange-able, reusable software parts.

[Gibbs94]

• Research innovation typically requires 18 years to be included in the repertoire of standard programming techniques.

• Industry does not uniformly apply well-known best practice.

[Gibbs94]

(a) Software is exploding in size as society relies on increasingly powerful computers.

(b) Most large software projects fail to meet their schedules.

[Gibbs94]

• The amount of code in most consumer products is doubling every two years.

- Television can contain 500Kbytes of SW

- Electric shaver -- 2Kbytes

- General Motor power trains--30K lines

An Brief Overview of the

• The Software Engineering Institute (SEI) is a software think tank at Carnegie Mellon University funded by the military

• In 1991 SEI proposed CMM to rank a programming team's ability on a 1-5 scale to create predictably software that meets its customers' needs

• U.S. Air Force requires its software develo-pers to reach level 3 of the CMM by 1998.

• In 1988 at CMM level 1, launched a "soft-ware engineering initiative" investing $1-million/year into

• By 1991, the division ranked CMM level 3

• By 1994 most projects, including complex radar and air-traffic control systems:

[Gibbs94]

• Bugs found early in the development process rarely seriously impact the schedule or budget. The impact increases as bugs are not detected until the final stages of development.

• Some mass-market software vendors rely on a large number of volunteers to test a faulty "beta" version, e.g. Microsoft Windows. This is effective but inefficient and expensive; and impractical for software that is not for the mass-market.

[Gibbs94]

• Formal methods, theoretical tools based on set theory and predicate calculus.

• Hard to write and hard to read the mathematical formal descriptions.

• There are several research and commercial efforts to automate formal methods

• Odyssey Research Associates, Ithaca NY

• GEC and Digilog in France (B tools)

[David A. Fisher, National Inst. of Standards and Tech.]

• Cleanroom software engineering approach

• "We are not seeing any increases [in software productivity over the past two decades]"

[David A Fisher, Nat. Inst. of Standards & Tech.]

• "There has been improvement, but everyone uses different definitions of productivity."

[Richard A. DeMillo, professor at Purdue University and

head of the Software Engineering Research Consortium]

• "No one really knows how productive software developers are" [Gibbs94]:

• Many innovations turn out to be irreproducible or unscalable. Handbooks need to be developed, similar to those in more mature engineering disciplines, that contain proven solutions so that even novices can consistently handle routine designs. [Mary Shaw of Carnegie Mellon]

• If software engineering is to be an experimental science it needs laboratories. [Victor Basili, U. of Maryland]

• Software Engineering Lab, consortium of NASA's Goddard Space Flight Center, Computer Sciences Corp. and the U. of Maryland founded in 1976

[Gibbs94]

• Develop component-based software

• Need to develop:

[Gibbs94]

• "In the future, professional people in most fields will use programming as a tools, but won't call themselves programmers or think of themselves as spending their time programming. They will think they are doing architecture, or traffic planning or film making,"

• With everyone programming, qualification to program life-critical, safety-critical or mission-critical systems. Certification of software engineers seems inevitable, as in other engineering fields, but certification helps only if programmers are properly trained to begin with.