Register your product to gain access to bonus material or receive a coupon.
From software design and specification to the social impact of technology, few software engineers have had the insight -- or the impact -- of David L. Parnas. Now, two leaders of the software engineering community have selected, annotated, and brought together 30 of Parnas' best papers: a lifetime of best practices that will be invaluable to every software practitioner -- and anyone who cares about the deeper meaning of information technology. Every article in this collection addresses a key problem in software development -- and presents insights that are as valuable now as when Parnas first shared them.
Foreword.
Preface.
I. DESCRIPTION AND SPECIFICATION.
David Lorge Parnas, P.Eng.Introduction.
A FormalNotation for Specification Based on Traces.
Some Simple Examples.
Discussion of the Simple Examples.
A Compressed History of the Development of an Abstract Specification.
Conclusions.
2. Less Restrictive Constructs for Structured Programs (David L. Parnas and William Wadge).Abstract.
Introduction.
The State of a Computing Machine.
Programs.
Program Specifications.
Primitive Programs.
Control Constructs and Constructed Programs.
Defining the Semantics of Constructed Programs.
The Value of a Program.
The Syntax of the Constructs.
Notation.
Guard Semantics.
The Semantics of a Limited Component.
The Semantics of Limited Component Lists.
The Semantics of “;”.
The Semantics of “stop”, “go” and “init”.
Semantics of the Iterative Construct (it ti).
The Semantics of Parentheses.
The Value of “#”.
The Value Stack.
Exits and Entrances.
A Very Simple Example Done Three Ways.
The DEED Problem.
Conclusions.
3. Predicate Logic for Software Engineering (David Lorge Parnas).Abstract.
Introduction.
The Structure of This Paper.
Comparison with Other Work.
Basic Definitions.
The Syntax of Logical Expressions.
The Meaning of Logical Expressions.
Examples of the Use of This Logic in Software Documentation.
Conclusions.
4. Tabular Representations in Relational Documents (Ryszard Janicki, David Lorge Parnas, Jeffery Zucker).Abstract.
A Relational Model of Documentation.
Industrial Experience with Relational Documentation.
Why Use Tabular Representations of Relations?
Formalisation of a Wide Class of Tables.
Transformations of Tables of One Kind to Another.
Conclusions.
5. Precise Description and Specification of Software (D. L. Parnas).Abstract.
On Foundational Research.
Language Is Not the Issue.
A Polemic About Four Words.
Four Types of Software Products.
Programs and Executions.
A Mathematical Interlude: LD-Relations.
Program Construction Tools.
Describing Programs.
Specifying Programs.
Objects Versus Programs.
Descriptions and Specifications of Objects.
Conclusions.
6. Specifying Software Requirements for Complex Systems: New Techniques and Their Application (Kathryn L. Heninger).Abstract.
Introduction.
A-7 Program Characteristics.
Requirements Document Objectives.
Requirements Document Design Principles.
Techniques for Describing Hardware Interfaces.
Techniques For Describing Software Functions.
Techniques for Specifying Undesired Events.
Techniques for Characterizing Types of Changes.
Discussion.
Conclusions.
II. SOFTWARE DESIGN.
7. On the Criteria to be Used in Decomposing Systems into Modules (D. L. Parnas).Abstract.
Introduction.
A Brief Status Report.
Expected Benefits of Modular Programming.
What Is Modularization?
Example System 1: A KWIC Index Production System.
Hierarchical Structure.
Conclusions.
8. On a “Buzzword”: Hierarchical Structure (David Parnas).Abstract.
Introduction.
General Properties of All Uses of the Phrase “Hierarchical Structure”.
Summary.
9. Use of the Concept of Transparency in the Design of Hierarchically Structured Systems (D.L. Parnas and D.P. Diewiorek).Abstract.
Introduction.
The “Top Down” or “Outside In” Approach.
“Transparency” of an Abstraction.
Preliminary Example.
“Register” for Markov Algorithm Machine.
A Hardware Example.
An Unsolved Transparency Problem from the Operating System Area.
“Suggestive Transparency”.
“Misleading Transparency”.
Outside In and Bottom Up Procedures in Combination.
10. On the Design and Development of Program Families (David L. Parnas).Abstract.
Introduction.
Motivation for Interest in Families.
Classical Method of Producing Program Families.
New Techniques.
Representing the Intermediate Stages.
Programming by Stepwise Refinement.
Technique of Module Specification.
Comparison Based on the KWIC Example.
Comparative Remarks Based on Dijkstra's Prime Program.
Comparative Remarks Based on an Operating System Problem.
Design Decisions in Stage 1.
Stage 3.
How the Module Specifications Define a Family.
Which Method to Use.
Relation of the Question of Program Families to Program Generators.
Conclusions.
Historical Note.
11. Abstract Types Defined as Classes of Variables (D.L. Parnas, J.E. Shore, D.M. Weiss).Introduction.
Previous Approaches.
Motivations for Type Extensions.
A New Approach.
Applying These Concepts to Designing a Language.
12. Response to Undesired Events in Software Systems (D.L. Parnas, H.W. Wuerges).Abstract.
Introduction.
Difficulties Introduced by a “Leveled Structure”.
The Effect of Undesired Events on Code Complexity.
Impossible Abstractions.
Error Types and Direction of Propogation.
Continuation After UE “Handling”.
Specifying the Error Indications.
Redundancy and Efficiency.
Degrees of Undesired Events.
Examples.
Conclusions.
Appendix 12.A: Annotated Example of Module Design in Light of Errors.Abstract.
Introduction.
What Is a Well-Structured Program?
What Is a Module?
Two Techniques for Controlling the Structure of Systems Programs.
Results.
Error Handling.
Hierarchical Structure and Subsetable Systems.
Designing Abstract Interfaces.
Conclusions.
14. Designing Software for Ease of Extension and Contraction (David L. Parnas).Abstract.
Introduction.
Software as a Family of Programs.
How Does the Lack of Subsets and Extensions Manifest Itself?
Steps Toward a Better Structure.
Example: An Address-Processing Subsystem.
Some Remarks on Operating Systems: Why Generals Are Superior to Colonels.
Summation.
15. A Procedure for Designing Abstract Interfaces for Device Interface Modules (Kathryn Heninger Britton, R. Alan Parker, David L. Parnas).Abstract.
Introduction.
Objectives.
Definitions.
Design Approach.
Design Problems.
Summary.
16. The Modular Structure of Complex Systems (D.L. Parnas, P.C. Clements, D.M. Weiss).Abstract.
Introduction.
Background and Guiding Principles.
A-7E Module Structure.
Conclusions.
17. Active Design Reviews: Principles and Practices (David L. Parnas, David M. Weiss).Abstract.
Introduction.
Objectives of Design Reviews.
Conventional Design Reviews.
A More Effective Review Process.
Conclusions.
18. A Rational Design Process: How and Why to Fake It (David Lorge Parnas, Paul C. Clements).Abstract.
The Search for the Philosopher's Stone: Why Do We Want a Rational Design Process?
Why Will a Software Design “Process” Always Be an Idealization?
Why Is a Description of a Rational Idealized Process Useful Nonetheless?
What Should the Description of the Development Process Tell Us?
What Is the Rational Design Process?
What Is the Role of Documentation in This Process?
Faking the Ideal Process.
Conclusion.
19. Inspection of Safety Critical Software using Function Tables (David Lorge Parnas).Abstract.
Introduction.
Safety-Critical Software in the Darlington Nuclear Power Generating Station.
Why Is Software Inspection Difficult?
Functional Documentation.
Program-Function Tables.
The Inspection Process.
Hazard Analysis Using Functional Documentation.
Conclusions.
III. CONCURRENCY AND SCHEDULING.
20. Concurrent Control with “Readers” and “Writers” (P.J. Courtois, F. Heymans, D.L. Parnas).Abstract.
Introduction.
Problem 1.
Problem 2.
Final Remarks.
21. On a Solution to the Cigarette Smokers' Problem (Without Conditional Statements) (D.L. Parnas).Abstract.
Introduction.
Comments.
On Patil's Proof.
Patil's Result.
On a Complication Arising from the Introduction of Semaphore Arrays.
On the Yet Unsolved Problem.
On More Powerful Primitives.
22. On Synchronization in Hard-Real-Time Systems (Stuart R. Faulk and David L. Parnas).Abstract.
Introduction.
The Need for a Separation of Concerns.
A Two-Level Approach to Synchronization.
Considerations at the Lower Level.
The Lower-Level Synchronization Primitives.
Considerations at the Upper Level.
The STE Synchronization Mechanisms.
Implementation in Terms of the Lower-Level Mechanism.
The Pre-Run-Time Scheduler.
Why Another Synchronization Mechanism?
Experience and Results.
Summary.
23. Scheduling Processes with Release Times, Deadlines, Precedence, and Exclusion Relations (Jia Xu and David Lorge Parnas).Abstract.
Introduction.
Overview of the Algorithm.
Notation and Definitions.
How to Improve on a Valid Initial Solution.
Searching for an Optimal or Feasible Solution.
Empirical Behavior of the Algorithm.
Conclusions.
Appendix 23.A: An Implementation of the Procedure for Computing a Valid Initial Solution.IV. COMMENTARY.
24. Building Reliable Software in Blowhard (David L. Parnas).Introduction.
On “Building In”.
Four Views of a Programming Language.
Resolving Conflicts of Viewpoint in the Design of BLOWHARD.
What Is BLOWHARD?
Why This Farce?
25. The Impact of Money-Free Computer Assisted Barter Systems (David L. Parnas).Introduction.
Money Versus Barter as a Mechanism for Exchanging Our Current Goods and Services.
Money Versus Barter for Future Sales?
What Would Barter Mean for Foreign Trade?
Are CABS a Dream or Are They Current Technology?
Turning Theory into Practice.
What Would Be the Net Effect of the Use of CABS?
Can a Materialistic, “Rational”, System Be Humane?
CABS and the Moral Illnesses in the Bishop's Report.
26. Software Aspects of Strategic Defense Systems (David Lorge Parnas).Abstract.
Introduction.
Why Software Is Unreliable.
Why the SDI Software System Will Be Untrustworthy.
Why Conventional Software Development Does Not Produce Reliable Programs.
The Limits of Software Engineering Methods.
Artificial Intelligence and the Strategic Defense Initiative.
Can Automatic Programming Solve the SDI Software Problem?
Can Program Verification Make the SDI Software Reliable?
Is SDIO an Efficient Way to Fund Worthwhile Research?
27. SDI: A Violation of Professional Responsibility (David Lorge Parnas).Introduction.
SDI Background.
The Role of Computers.
My Decision to Act.
Critical Issues.
Broader Questions.
28. The Professional Responsibilities of Software Engineers (David Lorge Parnas).Abstract.
Personal Responsibility, Social Responsibility, and Professional Responsibility.
The Social Responsibility of Scientists and Engineers.
The Professional Responsibilities of Engineers.
What Are the Obligations of the Engineer?
Professional Practice in Software Development.
A Simple Example, Pacemakers.
Other Concerns.
The “Know How” Isn't There.
How to Improve the Level of Professionalism in Software Development.
29. Software Aging (David Lorge Parnas).Abstract.
What Nonsense!
The Causes of Software Aging.
Kidney Failure.
The Costs of Software Aging.
Reducing the Costs of Software Aging.
Preventive Medicine.
Software Geriatrics.
Planning Ahead.
Barriers to Progress.
Conclusions for Our Profession.
30. On ICSE's “Most Influential Papers” (David Lorge Parnas).Background.
What Are the Best Papers of Our Most Important Software Engineering Conference?
We Must Be Doing Something(s) Wrong!
We Need to Change Something.
Conclusions.
31. Teaching Programming as Engineering (David Lorge Parnas).Introduction.
Programming Courses and Engineering.
The Important Characteristics of Programming Courses.
The Role of Mathematics in Engineering.
The Role of Programming in Engineering, Business, and Science.
The Content of Most “Standard” Programming Courses.
Programming Courses Are Not Science Courses.
A New Approach to Teaching Programming.
The Mathematics Needed for Professional Programming.
Teaching Programming with This Mathematical Background.
Experience.
Conclusions.
32. Software Engineering: An Unconsummated Marriage (David Lorge Parnas).Software Engineering Education.
33. Who Taught Me About Software Engineering Research? (David Lorge Parnas, P.Eng.)Whom to Thank?
Everard M. Williams.
Alan J. Perlis.
Leo Aldo Finzi.
Harlan D. Mills.
Conclusions.
V. BIBLIOGRPAHY.
Bibliography.It is sometimes said that progress in a scientific discipline can be measured by how quickly its founders are forgotten. Software development, sometimes called software engineering, is not a scientific discipline and is still young: Many of those who formulated fundamental principles in the field are still active in it. Unfortunately, we have the worst of both worlds: Our founders seem dimly remembered, and we are making little progress towards becoming a discipline. Fundamental ideas, such as information hiding and abstraction, are only vaguely understood by those who need them most and are constantly reinvented. Those who practice software development and those who teach software engineering seem uneducated in, and unaware of, the history of their profession.
This book is our attempt to provide a view of the work of one of the grandmasters of our field, highlighting the fundamental ideas that he and his colleagues invented and expounded. We hope to provide a reference for those who teach and those who do, giving them both an historical record, a clear explanation of fundamental ideas that will help them in their work, and a set of examples to use and emulate. David L. Parnas is both a clear and creative thinker and an extraordinary expositor of seminal ideas. The issues that he addresses are at the heart of software engineering today; his explanations are still relevant and his solutions, trialed on real systems, transfer to today's software development organizations and environments.
Do you need to understand how to organize your software into modules so it can be easily maintained and so that your modules are reusable, whether they are expressed as classes, packages, or other forms? Dave Parnas identified the information hiding principle and showed how to to use it to construct workable, reusable modular structures that are stable over time. (See Chapters 2 and 16.)
Are you struggling to create APIs to make your software useful to application programmers? Dave Parnas devised the idea (and coined the term) for abstract interfaces, and showed how to design interfaces that provide services without revealing their implementations. (See Chapter 15.) Languages like C++ and Java directly support this idea with abstract classes.
Are you wondering how to create your software as a set of layers that define a hierarchical structure that meets your requirements, lets you build your system a few layers at a time, and lets others add to the structure that you have created? Dave Parnas clearly explained what a hierarchical structure is, what some of the important hierarchical structures that we use are, why people often confuse them, and how to create a layered structure that meets your needs. (See Chapter 8.)
Do you know that your software is going to exist in many different versions, but are having difficulty designing your software not just to accommodate the different versions, but to take advantage of your situation to make your development process more efficient? Dave Parnas defined program families to help with just this situation and showed how to create them in a cost-effective way. (See Chapters 10 and 14.)
Dave has been busy in more than just technical areas. His work includes commentary on the social responsibility of software engineers, both by exposition and by example. His stance on our inability to create trustworthy software for the Strategic Defense Initiative is represented (Chapters 26 and 27), as well as his thoughts on how to teach software engineering (Chapter 31 and 32), and how to make software engineering a profession (Chapters 28 and 33).
The preceding are just a few examples of the ideas described in the papers that constitute this book. Out of the more than two hundred papers that Dave has published, we selected thirty-two, plus one special one that he did not write, but strongly influenced. We picked technical papers that expressed fundamental ideas that were groundbreaking when they were published, that have an enduring message, and that are models of exposition, and nontechnical papers that had an influence on the opinions of the time. Some were controversial when published and remain so.
An outstanding aspect of Dave's career is his insistence that his ideas be tested on real problems, where one cannot define away the complexity of the world in the interest of devising an elegant solution. Perhaps the best known examples are the operational flight program (OFP) for the U.S. Navy's A-7E aircraft and the shut-down software for the Darlington nuclear power plant.
The A-7E project, also known as the Software Cost Reduction (SCR) project, was conducted by Dave and colleagues at the U.S. Naval Research Laboratory (NRL). It was a demonstration of how to apply ideas such as information hiding, abstraction, cooperating sequential processes, deterministic scheduling, program families, formal specification, hierarchical structuring, and undesired event handling to the design of a hard-real-time system. Many of the same approaches now appear in modern designs and modern languages under different names; a few diverse examples are exception handling (Chapter 12) and the observer pattern (Chapter 22).
Several years of Dave's time and effort were directed at making the SCR software and its documentation an engineering model of how to develop and document software. The papers derived from the project that appeared in the research literature; such as Chapters 6, 12, 15, 16, 17, 18, and 22, only tell part of the story. The complete set of requirements and design documentation (including what we now term architecture), was published as technical reports by NRL and serve as detailed guides and templates for those wishing to use the ideas.
This book contains thirty-three papers divided into four sections. Dave has written a short introduction to each section and we have invited a guest author to write an introduction to each paper.
Specification and Description contains six papers, focusing on the most important kinds of software engineering documentation and the roles that they play. Relational and tabular documentation are presented in depth, including both the underlying mathematical basis and practical notations suitable for use by working programmers.
Design contains thirteen papers, covering the principles and techniques that have been central to Dave's work for the past three decades. Information hiding is emphasized, including the role of information hiding in abstract interfaces, its application in complex systems, and its implications in the design of program families.
Concurrency and Scheduling contains two early papers on the use of semaphores and two more recent papers on new approaches to synchronization and scheduling. The latter focus on achieving both good performance and a module structure that supports maintainability and comprehensibility.
Finally, Commentary contains ten papers on a wide variety of topics including education, social issues, the role of the engineer, and the status of software engineering as an engineering profession.
In the interests of preserving the historical record and of leaving Dave's writing style unperturbed, we have tampered as little as possible with the papers that appear here, only correcting a few typographical errors in most papers.
The papers span the period from the 1970s through the 1990s. Some use old examples and notations that may not seem relevant to today's Internet world. We asked leading members of our field to write short introductions to the papers to explain the papers' historical and modern relevance. Right from the start, we knew that the introductions must be fun to read and worth reading. They must tell the reader something worth knowing that is not in the paper or is not obvious from reading the paper.
We were most fortunate in gathering an impressive collection of authors. Some have been involved with Dave since his work at NRL and earlier. Others participated in the SCR Workshops that continued the NRL work. Some have never directly collaborated with Dave. All are excellent writers with special insights about the significance of the papers both at the time of writing and today. All wrote with enthusiasm and skill. The thirty-three paper introductions are an important contribution in their own right. The fact that these people were all willing, indeed eager, to contribute speaks highly of Dave's work.
Dave collaborated with us on the selection of the papers in this book. On several occasions he commented that we were likely to get people angry once again. That is the nature of the man and his ideas: insightful, creative, stimulating, provocative. We hope you find that the papers in this book have the same qualities. It is our present to Dave on his sixtieth birthday.
We would like to say that we had the idea for this book on our own, but it actually originated with Brad Appleton. Thanks, Brad, for giving us the chance to carry out the idea. Organizational and production details for a book of this sort can get quickly out of hand without an experienced professional editor to guide you. Debbie Lafferty at Addison-Wesley has been a cheerful, steadfast guide for us, appreciating the idea for the book from the first, and working with us to make it happen. During the course of production, all of the papers contained herein were retyped. Dorene Brummel happily took on the job of proofreading them, for which we are very grateful.
Joanne Glazer Weiss showed outstanding forebearance and support when her husband plunged into this project immediately after finishing his first book. He thanks and loves her.
Duck Bay, British Columbia
September, 2000
Index
Note: Italicized page locators refer to figures.
A
Abbreviations, 219, 221
Aberdeen Proving Ground, 512
ABET
Computer Science Accreditation Board integrated into, 534
Absolute-value function, 49
Abstract data types, 138, 221, 471
Abstract decisions
representation of program development using, 196
Abstract interfaces, xxi, 111, 144, 260, 263-264, 298
defined, 300
designing for device interface modules, 291-293, 295-314
principle, 295
software designed with, 297
specifications, 407
Abstraction, xxi, 221, 275, 316, 403, 405
defined, 299
and design for change, 555
impossible, 234-235
and retroactive incremental modularization, 561
with STEs, 425
transparency of, 175
type extension and, 218
for upper-level mechanisms, 415
Abstraction function
and module internal structures, 363
Abstraction specification development, 19-26
current specification for T/L module, 25-26
flaws in first version of T/L module specification, 22-25
informal picture of T/L module, 19-21
Abstract machines, 162, 163, 179, 234, 410
Abstract specifications, 7
example of, 15, 17
Academic institutions
defense-related funding and role of, 529
Access functions, 302, 309
defined, 301
Access programs, 418
Accreditation, 534, 541, 546-547, 573, 595, 600. See also Education
Accuracy, 361, 366
ACM, 534, 593
ACM-SIGSOFT Outstanding Researcher Award
Parnas's receipt of, 597, 599
Action clusters, 200n4, 212
Active design reviews
conclusions about, 350
and conventional design reviews, 341-343
introduction to, 339-340
and more effective review processes, 343-350
objectives of, 340-341
principles and practices in, 337-351. See also Design
Acyclic directed graph, 79
ADA, 94
ADC. See Air Data Computer
Address file module, 280, 281, 283-284
Address information items, 279
Address input module, 282
Address output module, 282
Address-processing system example, 279-285
Address storage module, 280, 281, 283
Address translation tables, 19
Ad hoc notation
versus mathematics, 2-3
Adjusted release time, 445
AECB. See Atomic Energy Control Board
AECL. See Atomic Energy of Canada Limited
Aerospace
software engineering-related standards for, 535
AFM. See Address file module
Agent, 395, 396
Aging, software, 549-550, 551-567
AI. See Artificial intelligence
Aircraft Motion Module, 334
Aircraft operating conditions
consistent notation for, 123-124
Air Data Computer
development of abstract interface for, 303, 304, 305, 306
Air Information Management System
for Boeing 777 aircraft, 438
Algol 60, 94, 220, 223, 226, 398, 473, 513
Algorithm for scheduling processes, 439, 440-453
conclusions on, 452-453
empirical behavior of, 451-452
implementation of main, 457-459
improving on valid initial solution, 447-449
notation and definitions, 444-447
overview of, 442-443
searching for optimal/feasible solution, 449-451
Aliases, 5
Al Maghribi, Al Samawal Ibn Yahya Ibn Yahuda, 89, 90
Alphabetic orderings, 152
Alphabetizer module, 148, 150
ALPHARD, 471
Al Qiwami fil Hisab al Hindi (Al Maghribi), 89
ALTER, 20
definition of, 180
Ambiguities
and design errors, 340
American Scientist, 497, 522
Amputation, 561
Analog systems, 499, 500
Ancestors, 195, 196, 197
"Anchoring the Software Process" (Boehm), 353
Angle brackets
nonterminals in, 34
"Anonymous" process synchronization, 410
Antiballistic missile (ABM) system, 497
Applets, 191, 192
Applicability condition, 11
Application Data Type Module, 329-330
submodules within, 334
Application families, 191
Applied research
judgment of, 517
Arbitrary details, 117
Architecture review, 144
Arguments, 55
of function application, 57
of primitive expression, 57
Arithmetic expressions
and value of program, 34
Arms development
Einstein's view of, 520
Arms race, 520, 521
Arrays, 585
looking for common matching in three, 62
looking for matching elements in two, 62
Artificial intelligence, 498, 602
defined, 510
and Strategic Defense Initiative, 510-512
A-7 aircraft
design approach, 301-306
design problems, 307-313
document, 111
Navigation/Weapon Delivery System on, 112
redesigning flight software for, 295-296
system definitions, 29-301.See also A7E aircraft
A-7 aircraft avionics
embedded systems designed for, 291
software characteristics, 296
A-7 program
characteristics, 12-113
document conclusions, 132-133
requirements document objectives, 113-114
A-7 requirements table of contents, 115
A-7D aircraft, 68
A-7 device interface modules, 313
design procedure for, 303
A-7E aircraft, xxii, 68, 75, 107
active design reviews of specifications for, 337-351
experience/results with Onboard Flight Program for, 430-432
and HRT systems, 407
module guide for Onboard Flight Program for, 324, 325-334
Onboard Flight Program of, 320
requirements specifications, 414-415, 437
virtual radar device, example system, 416-418
A-7E module structure
notes on behavior-hiding module decomposition, 329
notes on hardware-hiding module decomposition, 328
notes on top-level decomposition, 325-326
second-level decomposition, 327-331
third-level decomposition, 331-334
A-7E software, 321
redesign of, 141
requirements, 108
ASM. See Address storage module
Aspect-oriented programming, 143
Assembly language, 403
Assertions, 12, 13
about equivalence of traces, 12
about trace legality, 12
about values returned by V-functions at end of traces, 12
Assignment
primitive expressions evaluated for given, 59
terms evaluated for given, 58
Associations of Professional Engineers, 541
Assumption list
final version, ADC abstract interface, 306
Assumptions
critical examination of, 393
embodied in program construct specifications, 302
explicit, in design, 344
questioning, 470
ASTRAL, 404
Atlantic Nuclear Services, 370
Atlee, J.
introduction by, 67
Atomic Energy Control Board, 373, 374, 378, 381
Atomic Energy of Canada Limited, 68, 370, 381
Attributes
of STE type, 418
Audit team
and inspection process at nuclear plant, 378
Australia
software engineering education in, 534
Automata theory, 583, 585
Automatic implementation, 7
Automatic programming, 498
feasibility of, 513
and SDI software problem, 512-514
Automatic type conversion, 221
Aviation Week, 301
Avionics computers, 327
await conditional, 422
await operations, 426, 427
await programs, 432
Axiom of reflection, 55, 64
B
Bad tape block, 254
Balzer, R.M., 152
BANKER
in T.H.E. system, 165
Barter, 468-469
money versus, for future sales, 484-486
Barter systems
impact of money-free computer assisted, 477, 479-492
and inflation, 482
Bartussek, Wolfram, 9
Base-displacement addressing, 185, 186
Base machine, 171, 175, 179, 180, 182
Basic, 590
Basili, Victor R.
introduction by, 549, 593
Bassett, P., 91
Battle-management satellites, 493
Battle-management software, 503-504
and artificial intelligence, 511
characteristics, 502
Battle-management systems
and automatic programming, 513-514
Battle stations, SDI, 526, 527
Bayesian mathematics, 510
Before/after descriptions, 101
LD-relations used as, 101-102
Before/after specifications, 103
LD-relations used for, 103
Behavioral descriptions, 1, 100-101
Behavioral specifications, 1
Behavior-hiding modules, 316, 317, 325, 328
Bell, Gordon, 171
Bell Labs (Columbus, Ohio), 74
Belpaire, G., 399, 400, 411, 412, 433
Bentley, Jon, xvii
BFM. See Block file module
Binary relations, 56, 72
Binding time, 143
Binomial formula, 89
BLISS, 152
Block file module, 280, 281, 283, 284
BLOWHARD, 471
building reliable software in, 473-475
defined, 475
as farce, 475
resolving conflicts of viewpoint in design of, 474-475
Body
LD-relation of, 37-38
Boehm, Barry
introductions by, 267, 353
Boeing 777 aircraft
Air Information Management System for, 438
Boolean expressions, 54
conditions described with, 413
in program function tables, 376, 377, 378
Borgida, A., 571
Borrowing
and "future sales," 485
Bottom line, 483
"Bottom up" design process, 175, 177
Bounded quantification, 55, 61, 63
Brackets
in documentation, 366
for mnemonic names, 117
tuples enclosed in, 56
Branch-and-bound technique, 443
British Columbia
software engineering licensing in, 534
Britton, Kathryn Heninger, 295
introductions by, 107, 337
Broad family of systems, 277
Brooks, F.P., Jr., 139, 336, 577
Bugs, 140, 229, 499, 506, 522
in military programs, 503
and retroactive documentation, 561
and software aging, 553, 554. See also Errors
"Building Reliable Software in BLOWHARD" (Parnas), 467
Built in software, 473
Business
role of programming in, 581-582
C
C, 94, 584, 589, 590
C++, xxi, 230
class interfaces in, 192
CABS. See Computer Assisted Barter Systems
Calculus, 581, 585
Canada
computer engineering programs in, 546
software engineering education in, 534
Canadian Council of Catholic Bishops
CABS and report by, 491-492
Canadian Nuclear Safety Commission, 369
Canadian University, 437
cand, 54
Capacity limitations, 237
"Capturing More World Knowledge in the Requirements Specification" (Greenspan, Mylopoulos, Borgida), 571
Carnegie-Mellon University, 171, 599
CASE tool, 370
Catching exceptions, 230
Cell connection graphs, 79, 81
types of, 80
Cells, 79
Censorship, 468
Central resource allocator, 165, 166
Challenger space shuttle, 519
Change
designing for, 269, 271, 273, 297-298, 555
in device state, 312
ease of, in requirements documentation, 114
planning for, 562-563
in requirements documents, 361
researchers, and need for, 575-576
and software aging, 549, 552, 553
techniques for characterizing types of, 131
Character codes, 152
Characteristic predicates, 56, 57
CHAR(I), 179
Chemical engineering, 575, 596
"Cigarette Smoker" problem, 384
on solution to, 393, 395-401
Circular shifter module, 147, 148, 150, 151-152, 153, 154
Civil engineering, 593
Clarity
in program structures, 211
Classical mathematical notation, 3
Class interfaces
module specifications versus, 192
Class of expressions
semantics of, 44-45
"Clean" decomposition, 154
"Clean" design, 138-139
Clements, Paul C., 319, 353, 354, 355, 571
introduction by, 157
CLU, 226, 471
Code, 157
complexity, 233-234
and retroactive incremental modularization, 561
sharing, 219, 221, 223, 225, 298
and software aging, 557
verification, 7
Code inspection team
and inspection process at nuclear plant, 378
Coding
and programming professionally, 587
Commas
use of, with tuples, 56
Comments section, 118
Commerce, 468-469
Commercial-off-the-shelf (COTS) components, 353
Communication protocols, 96
Comparison team
and inspection process at nuclear plant, 378
Competence set, 35, 73, 90, 99, 102
Compilers, 99, 220
Compile time checking
and redundancy, 219
Complete specifications, 12
Complete transparency, 175
Complex systems
modular structure of, 319-336
requirements specifications for, 107, 111
Component orientation, 138
Composition, 585
Compound conditions, 124
text macros for, 123, 124
Computations, 474
Computation time, 439
Computer Assisted Barter Systems, 477, 479
and currency supply, 481-482
dream or current technology?, 487
and economic planning, 485-486
and foreign trade, 486-487
gain/loss measurement with, 483-484
and inflation, 482
introduction to, 479
maintaining balance in system, 483
and "matching" service, 482-483
and money constraints on economy, 480-481
money versus barter for future sales, 484
and moral illnesses cited in Bishop's Report, 491-492
net effect of use of, 490
standards development/enforcement, 488
theory turned into practice, 488-490
Computer engineering
and accreditation issues, 546-547. See also Software engineering
Computers
role of, in SDI, 522-523
Computer science
departments, 577
education, 469, 583
research, 469-470
and software engineering, 541, 575, 596
Computer Science Accreditation Board
integration of, into ABET, 534
Computer scientists, 593
Computer specifications
in requirements documents, 360
Computer State Module, 332
Computer Structures: Readings and Examples (Bell and Newell), 171
Computer system
and system requirements document, 72
Computing courses
intellectual content of, 582
Computing machine
state of, 32
Computing Professionals for Social Responsibility, xviii, 493
Concurrency, 29, 316, 507
with conventional programming method, 505
and SDI software reliability, 515
why make special case of, 383
Concurrent control with "readers" and "writers," 387-392
problem 1, 389-390
problem 2, 390-391
Concurrent programming, 383, 387
Conditional await programs, 426
Conditions, 122, 413
for condition table, 126
and modes, 125
for periodic function form, 129
representing, 124
and text macros, 123
Condition tables, 125
mode, 126
Condition values, 413
Conference on Language Design for Reliable Software, 471, 473
Congressional Office of Technology Assessment, 494
Conjunctions
distributed over disjunctions, 85
Connections, 258, 259
Consistency
and T/L module, 26
Consistent relations on segments, 446
Consistent specifications, 12
Constant, 44
Constraints on implementation, 113
Constructed programs
control constructs and, 34
semantics of, 34
Constructive descriptions, 1, 4, 104
of programs, 100
Constructive specifications of programs, 104
Constructive versus behavioral distinction, 90
Constructs (or constructors), 99-100
structured, 31
syntax of, 34-35
Consumer goods
"market basket" certificates for, 489
Context switching, 428, 429, 440, 452
Continuous functions, 500
Control abstractions, 471
Control block module, 152
Control constructs
and constructed programs, 34
syntax of, 34-35
Controlled quantities, 72
Control state, 32
Convenience
use of word, 278-279
Conventional design reviews, 341-342
problems with, 342-343
Conventional software development
and reliable programs, 504-506. See also Software development
Cooperating sequential processes, 111, 429, 409, 507, 508
Core allocation
in operating system, 202-204
Correct programs, 229
Counter-trade, 486
Courtois, Pierre-Jacques, 389
introduction by, 387
CPU timesharing problem, 437-438
Crashes, 241
Critical regions, 412, 433
Currency, 468-469
and Computer Assisted Barter Systems, 479
and foreign trade, 486-487
and inflation, 482
supply, 481-482
Current entry, 19
CURRENT operation, 20
Cyclic executive construction problem, 438
"Cyclic executive" loops, 403
D
DA (Data Abstract) specifications, 10-12
Darlington Nuclear Power Generating Station (Ontario, Canada), xxii, 68
experience with relational documentation at, 74
functional documentation in inspection process at, 375-376
hazard analysis using functional documentation at, 380
inspection process at, 378-380
licensing process for, 372
program-function tables used at, 76, 77, 376-378
safety-critical software and, 373-374
Data Banker Module, 329, 330-331
Data hiding, 143
and design for change, 555
Data items
organization by, 116-117
symbolic names for, 117
Data portability, 219
Data representation, 118
for output data item, 120
Data state, 32
Data structure, 152
Data-transforming components
chain of, 272
Data Type Module, 331
Deadlines, 439, 440, 441, 443, 451, 452
and battle-management software, 503
and documentation, 558
in military programs, 502
scheduling, 428
and software aging, 556
Deadlocks, 241, 408
De Bruijn, N. G., 98, 102, 389
Debt, 485, 487
Decomposition, 255, 260
in KWIC index production system, 149-151
common, for compiler/interpreter for same language, 153
and hierarchical structure, 167-168
module, 322
into subprograms, 163
Decoys, 522, 523, 527
DEED problem, 41-42
Defective virtual machine, 236
Defense industry
unprofessional behavior in, 529
Defense projects/work
Parnas's views on, 520, 530
Defense-sponsored research, 497
Deficiency correction phase, of programming, 506
Definitions, 215
type, 217-218. See also Semantics
Delayed effects, 10, 11
DELETE(I,J), 179
DELETE operation, 20
Demand function, 121
completed form for, 128
Democracy
and informed public, 524
Denotation, 58
of predicate expressions, 59
of primitive expressions, 59
Denotational semantics
of programming languages, 94
Der Spiegel, 528
Descendant program, 195
Descriptions, 90, 96
defined, 95
of objects, 104-105
of programs, 93. See also Definitions
Design, 583, 589
of abstract interfaces, 263-264
of device interface modules, 297-298
through documentation, 335
errors, 151
of hierarchically structured programming systems, 173
of module structure of A-7E flight software, 324, 325-334
and software aging, 549, 550
of software, for ease of extension and contraction, 267-290
and transparency, 181
of "uses" structure, 276-279. See also Design reviews; Rational design process; Software design
Design assumptions, explicit, 344
Design decisions
and modules, 154-155
in stage 1, 204-205
in stage 3, 205-208
Design documentation, 71
organizing for review, 345-346
Designers and reviewers, 339, 342, 349
Designing for change, 269, 271, 273, 297-298, 555
"Designing Software for Ease of Extension and Contraction" (Parnas), 571
Design property identification, 343-344
Design representation
redundant information included in, 345
reviewability of, 344-345
Design reviews, 316, 562
A-7E specifications, 337-351
conventional, 341-342
objectives of, 340-341
and software aging, 549, 550, 559, 560. See also Active design reviews
Deterrence
and SDI, 521
Development process description, 358
Device-access code
centralizing, 298
Device Interface Module, 297
abstract interfaces designed for, 291-293, 295-314
for A-7E, 327-328, 346
with characteristics that change independently, 307-308
decomposition, 332
defined, 300
design goals for, 297-298
information from software for, 312
and major variations among available devices, 307
reporting changes in device state, 312
reviews used for, 346
Device interface submodules, 332
Device interrupts, 411
Diagnostics Module, 332
Diagrams
uses relation, 285
Dictionaries
in documentation, 366. See also Definitions
Differential calculus, 51
Digital computers, 500
Digital systems, 499
Digital technology, 75
Dijkstra, E. W., 4, 11, 29, 54, 102, 153, 164, 173, 174, 200, 270, 384, 388
"cigarette smoker's problem" and Patil's evaluation of P/V operators, 393, 395-400
comparative remarks based on prime program of, 202
guarded commands of, 29, 584
"P" and "V" operations of, 389, 411, 412, 413, 432
prime program of, 198-199
primitives used by, in T.H.E., 186, 188
semaphores, 410
stepwise refinement introduced by, 198
structured programming ideas of, 211
synchronization work by, 430
T.H.E. system paper by, 162
DIMs. See Device Interface submodules
Discipline of Programming, A (Dijkstra), 270
Discrete state systems, 499, 500
Disjunctions
conjunctions distributed over, 85
Divide and conquer approach, 584, 587, 588
Documentation
active design reviews of, 337-351
avoiding problems with, 365-366
boring prose in, 364-365
confusing/inconsistent terminology in, 365, 366
conventional design reviews of, 341-342
design through, 335
functional, 375-376
importance of, 563
investment in, 4
language in, 95
and myopia, 365
and planning for change, 562
poor organization of, 364
problems with, 364-366
retroactive, 560-561
role of, 90, 364
and software aging, 553, 557-558. See also Module Guide; Relational model of documentation; Requirements documents; Software documentation
Documentation-driven tools, 3-5
DoD. See United States Department of Defense
Domain, 55
analysis, 191
of relation, 56
do od guarded command construct, 29
Dookhan, A., 5
d-operations, 411, 413, 427, 431, 433
Doppler and Ship Inertial Navigation Set, 310
down(s) operation, 412
Downward propagating undesired event, 235, 244
Drift rate, 309
Duplication
avoiding, 288
Durability
software engineering-related standards for, 535
Dynamically evaluated aliases, 5
E
Earliest-deadline-first strategy, 442, 443, 452
Earth Model Module, 334
Eastport Report, 526, 527
Easy guards, 35
eBay, 477
Economic planning
CABS for, 485-486
Economy
impact of CABS on, 479
money constraints on, 480-481
net effect of CABS on, 490
Education, 469, 541
engineering, 579-584
of programmers, 504-505
programming courses and engineering, 577-578, 579-592
software, 577
and software aging, 556
software engineering, 534, 547, 593, 595-596
and software engineering research, 599-605
Efficiency, 240, 426, 433, 484
Eiffel, 192
Einstein, Albert, 343, 520, 604
Electrical engineering, 593
and accreditation issues, 546-547
Electrical engineers, 595
Electronic commerce, 468
"Elegant" design, 138-139
Elementary equivalence of tables, 85
Elementary transformation, 84-85
Elevator problem, 353, 354
ELIGIBLE, 446
Embedded software
disadvantages with, 297
real-time, 295, 296
simplifying, 298
Embedded systems, 292
aircraft, 408
characteristics of, 114n1
military tactical, 407
Emden, Martin van, 49
EMPTY operation, 20
Encapsulation, 9, 275
Engineer
meaning of word, 599-600
Engineering
history behind, 574
management distinct from, 547, 604
and product obsolescence, 563
programming taught as, 577-578, 579-592
role of mathematics in, 581
and semantics, 575-576
software engineering as branch of, 575. See also Chemical engineering; Civil engineering; Electrical engineering; Software engineering
Engineering organizations/societies
importance of, 545, 546
lack of communication between software engineers and, 573-574
Engineering products classification, 499
Engineers
licensing of, 540-541
need for software engineers to be educated as, 593
obligations of, 541, 542-543. See also Software engineers
England
negligence suits in, 533
entier program, 40
Environmental quantities, 72
Equality, 64
and V-functions, 13
Equivalence assertions, 12
Equivalencing facility
need for, 225-226
Equivalent traces, 12, 14
Error handling, 139-140, 262
Error indications
specifying, 237-240
Errors, 229, 232, 264, 356, 505, 506
in ADC abstract interface, 303-304, 305
annotated example of module design in light of, 247-253
in battle-management software, 503
classification of, 340-341
and conventional design reviews, 342
in design reviews, 340, 350
finding during review process, 343
and inspection process at nuclear plant, 378
and lawsuits, 533
of mechanism, 239-240, 254
and pre-run-time scheduling, 440
in proofs, 515
reducing, 589
and software aging, 554
in software research, 516
with switch nomenclatures, 311
of usage, 254. See also Bugs; Undesired events
Error types
and direction of propagation, 235-236
Espionage
effect of, on SDI, 522
Essential characteristics, 117
Ethics
and software engineering, 493, 494, 534
Event-detecting processes, 415
Event observers, 404
Events, 122, 413
defined, 301
for demand function form, 128
for event table, 127
notation for, 124
real-time, 414-415
and text macros, 123
Event signalling processes, 415
Event tables, 127-128
example of, 127
Examples
address-processing subsystem, 279-285
degrees of undesired events, 241
Dijkstra's prime program, 198-199
function description, 128-130
of input data item description, 118
loss of transparency at hardware level, 182, 185-186
module design in light of errors, 247-253
module guide for A-7 OFP, 324, 325-334
output data item description, 119-121
pacemakers, 543-545
transparency, 175-177
UE messages passed between levels, 254
virtual radar device, 416-418
Wulf's KWIC index program, 199-200
Exception handling, 229
EXCLUDE relations, 443, 445, 446, 447, 449, 450, 455, 459
Exclusion constraints, 452
Exclusion relations, 429, 433, 439, 440, 453
Execution of program, 73, 98-99
Existential quantification, 60
EXLEFT operation, 20
Expert systems, 511-512
Expressions
notational conveniences with, 60
satisfaction of, 59
EXRIGHT operation, 20
Extended computer, 410, 411
Extended Computer Module, for A-7E, 327
Extensible languages
and data portability, 219
Extensions, 288
designing for, 288
manifestation of lack of, 271-273
within requirements, 286
at runtime versus during SYSGEN, 288-289
External behavior specification, 113
F
"Fail-soft" computer software, 503
Failure traps, 239
False expressions, 59
Families of programs. See Program families
Family of objects, 189
Farmer, William F., 54
Farrell, Dennis, 108
Faulk, Stuart, 407
introductions by, 229, 393, 403
Fault monitor, radar state, 417
Fault-tree analysis, 380
FD Module. See Function Driver Module
Feasible schedule, 445
Fifth root algorithm, 89
Financial planning
and software aging, 563
Finite sets, 578
mathematical logic based on, 585
Finite state machines, 98, 431, 578, 584-585
black box descriptions of, 104
defining, 418-419
object as, 104
Finzi, Leo Aldo, 597, 599
Parnas's tribute to, 602-603
Fire-control software, 503
Flexibility, software, 287
Flight control, 407
Flight Path Marker (FPM) symbol, 129
Flowcharts, 151, 154, 260
Floyd, R. W., 96
FLR. See Forward Looking Radar
Formal parameters
description of, for procedures, macros, and more, 226
Formal specifications, 7, 111, 407
FORTRAN, 94, 220, 513, 580, 582, 584, 589, 590
EQUIVALENCE statement in, 225
FORTRANSIT, 137n1
Forward Looking Radar, 311
Foundational research
Parnas on, 93-94
Free space list module, 207
"Front end" investment, 27
FSMs. See Finite state machines
Full tabular expression, 81
Function, 55, 56
Functional component, 259, 260
Functional documentation, 375-376
hazard analysis using, 380
Functional notation, 63
Functional safety
software engineering-related standards for, 535
Function application, 57
Function description examples, 128-130
Function Driver Module, for A-7E, 328
Function driver module decomposition, 333
Functions, 51, 52, 78, 585
characteristics of, in describing computer systems, 75
components performing more than one, 272-273
tabular descriptions of, 586
tabular representations of, 60, 82
and text macros, 123
Funding
academic institutions and, 529
and conflicts of interest, 521
SDI, software problems and, 493, 494
SDIO and, 516-518
and social responsibility, 539
Futures
money versus barter for, 484-486
reliability assurances for, 489
G
Garlan, D., 158
GAT, 137n1
GATE, 137n1
Gauss, Carl Friedrich, 574
Gauthier, Richard, 145
GDP. See Gross Domestic Product
Generality, software, 287
Go
semantics of, 36
Gold standard, 489
GOLEFT operation, 20
Goods and services, 480
CABS, foreign trade and, 486-487
impact of CABS on, 479
money versus barter for, 484-486
Gorn, Saul, 512
.g.relation, 424
Greenspan, S.J., 571
Griss, Martin, 191
Gross Domestic Product, 491
Guarded commands, 31, 40
restrictions on, 29-30
Guards
semantics for, 35
side effects in, 42
values, 35
Guindon, Raymonde
elevator control design by, 353, 354
Gulf War
Patriot Missile System in, 494
Guttag, John, 10, 11, 12, 18
H
"Habermann" hierarchy
in T.H.E. system, 164-165
Handshakes, 272
Handzel, 10
Hansen, Brinch, 388. See also Hansen, P.B.
Hansen, P.B., 186
Hard real time systems, 407, 412, 439
Hardware devices
virtual devices not corresponding to, 313
Hardware families, 193
Hardware-hiding modules, 316, 317, 325
Hardware interfaces, 132
inconsistencies in, 310-311
techniques for describing, 116-121
Hardware interrupts, 411
Hardware level
loss of transparency at, 182, 185-186
Hardware "traps"
for error detection/recovery, 230
Hazard analysis
and safety-critical software, 371, 372
using functional documentation, 380. See also Safety-critical software
Headers, 79
in program function tables, 377
Head-up displays, 113, 310
Heart pacemaker, 543-545
Heninger, Kathryn L., 111, 414. See also Britton, Kathryn Heninger
Heuristic programming, 510, 511
Hewlett-Packard 2116, 182
partial list of micro-operations for, 184
simplified block diagram for, 183
timing diagram for rotation of A register, 184
Heymans, Frans, 387, 389
"Hidden" functions, 11, 18, 19
Hidden information, 245. See also Information hiding
Hidden modules, 323
Hierarchically structured systems, 173, 233
Hierarchical structures, xxii, 144, 153-154, 157-158
and decomposition into modules, 167-168
general properties of uses of phrase, 161-168
Parnas on, 161-170
relating to resource ownership/allocation, 165-166
and subsetable systems, 263
Hierarchies
and top down design methodology, 167
History
engineering, 574
Hoffman, Daniel
introduction by, 577
Honesty, 537, 538, 542
Horning, James
introductions by, 255, 471
HRT. See Hard real time
Hu, J., 5
HUDs. see Head-up displays
Human Factors Module, 334
Hybrid systems, 499
Hydra, 166, 286
I
i
semantics of, 36
IBM system/360, 171
ICBMs. See Intercontinental ballistic missiles
Identity, professional
cross industry, 564
IEEE Collection of Software Engineering Standards (1999), 535
IEEE Computer Society, 534, 593
IEEE Transactions on Software Engineering, 572
Implementation, 13
of main algorithm for scheduling processes, 457-459
and policy choice, 203
of procedure for computing valid initial solution, 455-456
of signal and await, 428
of STE types, 426
and transparency, 175
verification before, 27
Implication, 60
Impossible abstractions, 234-235
"Impossible" state, 236n3, 239
IMS models. See Inertial Measurement Set models
Incidents, 241
Incompleteness
and T/L module, 22
Inconsistencies
and design errors, 340
Inconsistent relations on segments, 446
Incorrect behavior, 229
Index sets, 61, 62, 79
Indivisibility, 432
versus regions, 412-413
Industrial reviewers
and documentation, 558
Inefficiencies
and design errors, 340
Inequations, 481n1
Inertial Measurement Set models, 307, 309
Infinite sets, 578
Inflation
impact of CABS on, 479
problem of, 482
and savings, 485
Inflexibilities
and design errors, 340
Informal specifications, 7
Information distribution, excessive, 272
Information flow, tabular, 79
Information hiding, xxi, 107, 111, 212, 229, 267, 403, 405
and abstraction, 218
benefits of, 143
and clean/elegant design, 138, 139
in complex systems, 335
and decomposition, 151
and design for change, 555, 556
and error handling, 262
in exportation of functions, 171
and goals of modular structure, 322
and hard real-time system, 315
interface and module definition, 274-275
and module guide, 319,
modules, 144, 207, 320, 407
module structure description based on, 321, 324
in PMDS device interface module, 308
principle, 9
and retroactive incremental modularization, 561
Init
semantics of, 36, 37
"Initial states"
programs as, 586
Initial valid solution, 450
IN_MODE, 344-345
Inner ring procedures, 166
Input alphabet, 98
Input data items, 118, 124
completed form for, 119
describing as resources, 118
Input modules, 147, 148, 150, 153
Input/output interfaces
in requirements document, 360
Input values, 122
INSERT(I,J), 179
INSERT operation, 20
Inspections
software, 140
tables useful in, 77. See also Reviewers; Safety-critical software
Institute for Advanced Studies, 604
Instruction sequence, 118
Instruction Set Architecture, 171
Instruction Set Processor, 171
Insurance
and CABS, 486
Integer arrays, 223
Integer queue
example, 15, 18
Integer values
stack for (example), 15
Integral calculus, 51
Intellectual isolation costs, 564
Interactive systems, 97
Intercontinental ballistic missiles
and SDI, 520
Interest rates, 485
Interface, 299
Interface definition
and information hiding, 274-275
Interface design, 316
Intermediate values, 122
Intermodule interfaces, 275
International Conference on Software Engineering, 316
"Most Influential Paper" award at, 569
Parnas's acceptance speech for Influential Papers award, 571-576
International trade, 469
barter's role in, 477
Interprocess synchronization
with STEs, 425-426
Interrupts, 411
and errors, 186
handling, 277
Intersection operation, 585
"Introduction to the Construction and Verification of Alphard Programs, An" (Wulf, London, Shaw), 571
Inversion
of two-dimensional 3 x 3 normal table, 83
Inverted tables, 76
defining g, 78
function, 82
normalizing, 82, 83-84
ISA. See Instruction Set Architecture
"Is Automatic Programming Feasible?" (Gorn), 512
ISO
committee for software engineering standards, 535
ISP. See Instruction Set Processor
IT, 137n1, 513
Iterative construct (it ti), 29, 30
body of, 40
semantics of, 37-38
J
Jacobson, Ivar, 191
Janicki, Ryszard, 3, 71
Janson, P.A., 288
Java, xxi, 230
class interfaces in, 192
Jerusalem Post, 530
Jini Connection Technology, 292
"Job shops," 385
Johnson, Ralph
introduction by, 191
Jonsson, Patrik, 191
K
Kaiser, C., 241
Kemmerer, Richard
introduction by, 569
"Kernel" approach to OS design, 286
Kirchoff's laws, 574
Knight, John, 109
Knuth, D.W., 389
Koot, C. W., 174n1
Korea
nuclear power plants in, 381
Krakowiak, S., 241
KWIC index
example, 139, 144, 201-202
program, 260, 262
KWIC index production system
comparison of two modularizations, 149-151
modularization 1, 146-148
modularization 2, 148-149
L
Lai, Chi Tau Robert, 139
Language
design, 226-227, 471
hierarchical structure and levels of, 168
Parnas on, 94-95
theory, 583. See also Definitions; Semantics; Syntax
"Language-neutral" lectures, 588, 589
"Language of critical sections," 412
Language researchers
and documentation, 557
Lateness of schedule, 444
Lateness of segment, 444
Latest segment, 444
Law
and software engineering, 533-534
LD-relations, 30, 33, 34, 44, 46-47, 73, 90, 91, 99, 105, 586
and before/after descriptions/specifications, 101-102, 103
and module internal structures, 363
notation for, 35
and program function tables, 376
and programs, 47
Legality of sequences
notation for describing, 14
Legal traces, 11-12, 17
for T/L module, 25, 26
Lehman, Manny, 549
LENGTH operation, 179
"Leveled structure"
difficulties introduced by, 233
Level of abstraction, 287, 288
Levels
modules, subprograms as distinct from, 287
Liability law, 533
Licensing of engineers, 540-541
Limited component semantics, 36
Limited component lists, 40
Limited domain
composition of, 46
theorems about, 47
union of two, 46
Limited domain relations. See LD-relations
Line storage modules, 148, 151, 153
Linked lists of small arrays
register as, 179
Linked list with index
register as, 179
Lipton, Richard, 399
Lists
of undesired events, 130
Livelocks, 408
Lockheed, 370
Logic, 501, 578
not designed for partial functions, 61
Parnas on, 49
with partial functions, 53
Logical correctness, 385
Logical expressions
meaning of, 58-60
syntax of, 57-58
London, Ralph L., 571
Loops, 29
in "uses" relation, 273
Los Alamos, 528
Loss of transparency, 175, 179, 180
Loveland, Donald, 93n1
Lower bound function
for valid initial solution, 448, 449
Lower-level mechanism
implementation in terms of, 426-427
M
Macros, 165
description of formal parameters for, 226
Maintainability, 542-543
Maintenance
and rational design process, 363-364
Maintenance programmers
and documentation, 557
and retroactive documentation, 560-561
Makowski, Janusz, 530
Management
engineering distinct from, 547, 604
and software aging, 555, 556
Manufacturers
and laws of negligence, 533, 534
"Market basket" certificates, 489
Markov algorithm translator, 153
Markov algorithm machine register, 178-182
Master control module, 147, 149
Mathematical logic
based on finite sets, 585
Mathematical methods
for software development, 67
Mathematical models, 95-96
Mathematical notation
and tabular representations, 75
Mathematical tools, 500
Mathematics, 577, 578, 583, 584, 596, 600, 602
ad hoc notation versus, 2-3
importance of, in engineering, 600, 602, 603
for professional programming, 584-586
role of, in engineering, 581
and software documentation, 558
teaching programming and, 587-598
M.B.L.E. laboratory, 387, 388
McLean, John
introduction by, 7
McMaster University, 68, 82, 579
Table Tools Project at, 370
Mealy, G.H., 152
Medical applications
software engineering-related standards for, 535
Medium table skeleton, 79, 80
Memory allocation
and software aging, 553
Memory load, 259, 260
Memory reference instruction
ISP for fetch portion of, 186
and loss of transparency, 185
Message passing, 384-385, 430
Mili, Ali
introduction by, 89
Military funding
and conflicts of interest, 521
Military/industrial complex
and "people of conscience," 520
Military software
inadequate programming approach to, 504, 506
Military systems
gap between theory and systems in, 507
Mills, Harlan, 42, 98, 102, 508, 578, 597, 599
Parnas's tribute to, 603-604
Minimal extensions, 269, 274
Minimal increments of system, 274
Minimal independent incremental functions, 286
Minimal subsets, 269, 274, 286, 317
Minimum lateness schedule, 451, 459
Misleading transparency, 188-189
Missile defence systems
comment on (Parnas), 468
MIT, 437
Mnemonic names, for modes, 125
Mode condition tables, 125
example of, 126
section from navigation, 126
Mode Determination Module, 333
Model, 90, 96
defined, 95
products, 566
programs, 93
value of, 289
Mode monitor, radar state, 417
Modes
belonging to more than one type, 224-225
and condition tables, 125, 126, 127
for demand function form, 128
for event table, 127
for organizing and simplifying, 124-125
for periodic function form, 129
types as classes of, 221
types consisting of, that are invocations of parameterized mode descriptions, 223-224
types consisting of, with identical externally visible behavior, 222
types consisting of, with identical representations, 222-223
types consisting of, with some common properties, 224
of variable, 220-221
Modular coupling, 7
Modular decomposition, 144, 316
Modularity, 111, 171, 255, 267
Modularization, 229, 403
comparison of, in KWIC index production system, 149-151
defined, 146
effectiveness of, 145
retroactive incremental, 561
Modular programming, 147, 527
advances in, 146
benefits of, 146
philosophy of, 145
Modular structure
design principle underlying, 321
goals of, 322-323
"Modular Structure of Complex Systems, The" (Parnas, Clements, Weiss), 571
Module definition
and information hiding, 274-275
Module design
document, 363
in light of errors, 247-253
specifications, 211
Module Guide, 316, 319, 323-324, 361
and module interfaces, 362
for NRL's version of A-7E flight software, 324, 325-334, 335
Module interfaces
designing/documenting, 362
Module internal structures
designing/documenting, 363
Modules, 9, 97, 361
and decomposition, 143-144, 322
defined and discussed, 259-260
and design decisions, 154-155
hierarchical structure and decomposition into, 167-168
interchangeability of, 279
for Markov algorithm interpreter/compiler, 178
subprograms, levels as distinct from, 287
Module specification, 3, 191, 192, 210
family defined by, 208-209
stepwise refinement contrasted with, 209-210
technique of, 200-201
Module structure
A-7E system, 321
designing/documenting, 361-362
Mok, Aloysius, 441
introduction by, 437
Money
barter versus, for future sales, 484-486
constraints by, on economy, 480-481
problem solving and, 480
as rationing mechanism, 491
and trade imbalances, 483
Money-free computer assisted barter systems
impact of, 477, 479-492
Money supply, 481
Monitored quantities, 72
Monitors, 409
Moore-Mealy model, 585
Moral illness, 491, 492
MULTICS system, 161, 166-167
Multidimensional notations, 3
Multi-person programming, 260
solo-programming versus, 257-258
Multiple entry/exit programs, 31, 39-40
Multiprocessing effects, 505
Multiversion programmers, 210
Multi-version programs/programming, 194, 257, 258
Mutex, 390
Mutual exclusion, 409, 410
Mutual exclusion relations, 438
Mylopoulos, J., 571
Mythical Man Month effect, 365
N
"Naive" set theory, 54
NASA, 370
NATO, 521, 541, 595
NAT relation, 72
Natural language documents, 71
Naur, P., 200n4, 212
Naval Research Laboratory. See United States Naval Research Laboratory
Naval Weapons Center (China Lake, Calif.), 107, 108, 315, 507
active design reviews at, 337
ADC abstract interface review at, 304, 305
Negation, 585
Negligence suits
four elements in, 533
Newell, Allen, 171
"New Math of Computer Programming, The" (Mills), 604
Noise-filtering techniques, 503
Nondeterministic programs, 29, 32, 99, 101
Nonhierarchical systems, 163
Nonprimitive ordering relations, 64
Non-procedural programs, 32
Non-safety-critical software, 564. See also Safety-critical software
Nonsymmetric exclusion relations, 412
Nonterminating execution, 98
Nonterminating programs, 383, 384
Nontrivial hierarchy
disadvantage of, 165
Norbert Wiener award, xviii
Normal form traces, 12, 13, 25
Normal function tables, 82
Normalization
of two-dimensional inverted table, 84
Normal table, 79
defining f, 78
inverting, 82-83
Nortel Networks, 370
Notation, 35, 133, 141
for aircraft operating conditions, 123-124
for describing legality of sequences, 14
for describing syntax, 13
for describing traces, 13-14
for describing values of V-functions at end of traces, 14
and software documentation, 558. See also Symbols; Syntax
NRL. See United States Naval Research Laboratory
Nuclear missiles
and deterrence measures, 521. See also Strategic Defense Initiative
Nuclear power
software engineering-related standards for, 535. See also Darlington Nuclear Power Generating Station
Nuclear weapons, 504, 520
and SDI, 519
"Nucleus" approach to OS design, 286
NWC. See Naval Weapons Center
Nyquist, 574
O
Object code
source code distinct from, 409
Object orientation, 138
and design for change, 555
Object-oriented programming, 8, 191
Objects
created by modules, 97-98
descriptions and specifications of, 104-105
versus programs, 104
Obligations of engineer, 542-543
Obsolescence issues, 563
Office of the U.S. Secretary of Defense
Strategic Defense Initiative Organization within, 497, 519
O-functions, 10, 11, 12
for Table/List Module, 20
Old age care
and CABS, 486
Onboard Flight Program
of A-7E aircraft, 320
One-way linked list
register as, 179
Ontario Hydro, 68, 370, 379, 380, 381
"On the Criteria" (Parnas), 157
"On the Design and Development of Program Families" (Parnas), 191, 193-213
Operating system area
unsolved transparency problem from, 186-188
Operating system problem
comparative remarks based on, 202-204
Operating systems
remarks on, 286
Operational flight program, xxii
for A-7E aircraft, 315, 316, 317, 339
Operations research, 442
Operator precedence, 45, 60
Optimal schedule, 445
Order of operations
restrictions on, 237-238
Outer rings, 166
Out-of-date directory, 254
Output alphabet, 98
Output data items, 121
completed form, 120
describing in terms of effects on external hardware, 119
example of description for, 119-121
Output module, 147, 149, 153
Output values
as functions of conditions/events, 122-123
specifying in requirements documents, 360
and values in standard units, 120
"Outside in" approach, 167, 173, 174, 189
P
Pacemakers, 543-545
Palindromes
relational description of program checking for, 62
Panel on Computing in Support of Battle Management
Parnas resigns from, 497
"Parallel" operations, 399-400
Parameterized mode
descriptions (param-types), 223-224
syntax for, 226
Parameters
bindings, 226
formal, for procedures, macros, and more, 226
limitations on values of, 237
Parentheses
for operator precedence, 45
semantics of, 38
Parker, R. Alan, 295
Parnas, David Lorge, xvii, 7, 9, 10, 11, 29, 31, 67, 90, 107, 109, 171, 215, 229, 295, 353, 354, 404, 437, 438
ACM-SIGSOFT Outstanding Researcher Award acceptance speech by, 597, 599
on logic, 49
"Most Influential Paper" award received by, 569, 571
predicate logic for software engineering, 51-65
resignation of, from U.S. Defense Dept. Committee advising on SDI, 519, 524, 537
SDI funding position of, 493
"Parnas Tables," 67, 68, 69
Partial functions, 51, 52, 55, 56, 58, 60, 63, 64, 585
logic not designed for, 61
logic with, 53
PASCAL, 220, 223, 226, 451, 582
Pascal compilers, 99
Patil, Suhas, 393
"cigarette smoker's problem," evaluation of, 395-400
Patriot Missile System
failures of, in Gulf War, 494
Pattern recognition, 518
Pentagon, 520. See also United States Department of Defense
Performance
and software aging, 554
Periodic function, 121, 122
completed form for, 129
condition tables in descriptions of, 127
Periodic processes, 429, 431, 440
"cyclic executive" for set of, 437
Perl, 30
Perlis, Alan J., 597, 599, 604
Parnas's tribute to, 601-602
Personal responsibilities
of software engineers, 537, 538
Perspective, shortage of, 90
Perspective-based reading, 550
Petri nets
and Patil's "cigarette smoker's problem," 395, 397
Philips Computer Industries (The Netherlands), 387
Physical Model Module, 329, 330
Physical Model Module Decomposition, 334
Physical models, 96
Planning
and software aging, 562-563
PMDS. See Projected Map Display Set
PMS. See Processor, Memory, Switch
Point-solution design, 267
Policy, 202, 203
Political education
versus weapons technology, 520
Pont, Stephen, 145
P operations (Dijkstra's), 384, 387, 389, 411, 413
Position data, 307
Poverty, 491
P/P (Precondition-Postcondition) specification techniques, 10
Practitioners
changing communication patterns between researchers and, 575
gap between researchers and, 573
Precedence constraints, 452
Precedence relations, 438, 439, 440
PRECEDE relations, 443, 445, 446, 447, 449, 450, 452, 455, 459
Precondition, 10
Predicate calculus, 585, 586
Predicate cells, 79, 81
Predicate expressions, 51, 52, 57-58, 59
Predicate logic, 78
for software engineering, 49-50, 51-65
Predicates, 55
primitive functions and, 57
Predicate transformers, 200, 270
PREEMPT relations, 446, 447, 450, 452, 455, 459
Pre-run-time scheduler, 428-430, 433
Pre-run-time scheduling, 404, 432, 439, 440, 452, 503
Price, W. R., 11
Pricing, 469
Primary secrets, 324
of Computer State Module, 332
of Data Type Module, 331
of Device Interface Module, 328
of Extended Computer Module, 327
in hardware-hiding module for A-7E, 325
of Mode Determination Module, 333
of Physical Model Module, 330
of System Generation Module, 331
of Virtual Memory Module, 332
Prime program, Dijkstra's
comparative remarks based on, 202
Primitive expressions, 57
denotation of, 59
evaluating, 58, 59
Primitive functions
and predicates, 57
Primitive operators, 55
Primitive predicates, 55
Primitive programs, 33, 99
Primitives
lower-level synchronization, 411-413
Patil on more powerful, 399-400
Priority of traps, 238
Problem solving
and engineering, 542, 583. See also Examples
Procedures
description of formal parameters for, 226
Processor, Memory, Switch, 171
Process segments, 439, 440
Process structure
A-7E system, 321
Process synchronization primitives, 186-188
Process synchronization routines, 111
Production control, 407
Productivity measures, 484
Product lines, 139
Product-line software, 191
Professional liability law, 533
Professional programming
mathematics and, 584-586
Professional responsibilities, 581
Parnas's view on, 519
of software engineers, 537, 538, 540-541
Program construction, 587-588
Program constructors
simple language of, 588-589
Program Design Notation, 589
Program families, 139, 143, 191, 194, 211, 316
choosing methods to use for, 209-210
classical method of producing, 194-195
comparative remarks based on Dijkstra's prime program, 202
comparative remarks based on operating system problem, 201-204
comparison based on KWIC example, 201-202
conclusions about, 210-211
design decisions in stage 1, 104-205
differences among, 270
historical note on, 211-212
and module specification, 200-201
module specifications defining of, 208-209
motivation for interest in, 194
new techniques, 196-197
relation of, to program generators, 210
representing intermediate stages, 197
restructuring, 561-562
software as, 270-271
stage 3, 205-208
and stepwise refinement, 198-200
Program function tables, 376-378
inspection of safety-critical software using, 369-381
use of, at Darlington Nuclear Power Station, 76
Program generators
program families related to, 210
Programmers
and documentation, 557
education of, 501, 504-505
gap between researchers and, 570, 572
and reviews, 559. See also Engineers
Programming, 601
automatic, 512-514
deficiency correction phase of, 506
and engineering, 595, 596
and engineering practices, 543, 544, 545
new approach to teaching, 584, 587-591
professional, 587
role of, in engineering, business and science, 581-582
by stepwise refinement, 198-200
teaching, 137-138, 577-578, 579-591, 595-596
Programming assignment specification, 587
Programming courses
content of "standard," 582
and engineering, 579
important characteristics of, 580
science courses distinct from, 582-583
Programming environments
research in, 509
Programming languages
simplifications in, 509
view of, 471, 474
Program(s), 32, 34
behavioral descriptions of, 100-101
construction tools for, 99-100
constructive descriptions of, 100
constructive specifications of, 104
correctness proofs for, 259
criteria for use of, by other programs, 278
describing, 73, 100-102
as descriptions of state sequences, 586
designs turned into, 589
and executions, 98-99
hierarchy for, 162-163
as "initial states," 586
LD-relations and, 47
multiple entry/exit, 39-40
nondeterministic, 99
objects versus, 104
other kinds of behavioral descriptions of, 102
primitive, 33
"pure" relational alternative, 102
real-time, 403
relational description of, checking for palindromes, 162
relational description of, searching B for value of x, 231
specifying, 3, 32-33, 102-104
tables in inspection of, 77
terminating, 97
value of, 34
"Program Slicing" (Weiser), 571
Program verification
and mathematics used in documentation, 71
and SDI software reliability, 514-515
Projected Map Display Set, 307, 308
Proofs, faith in, 515
Protection hierarchies
in MULTICS system, 166-167
Prototype, 90, 95, 96
Pseudocode, 4, 7, 363, 589
"Pulling Together" (ICSE-19), 569
PUSH operations, 17
Q
Quality
software engineering-related standards for, 535
Quantification, 60
Questionnaires
designing, 349
reviewer, 347, 349
and software design review, 339, 343
Quine, W.V.O., 49
Quotes
characters enclosed in, 34
R
Radar
conditions defining states of, 417
externally visible events, and detection processes, 418
states, 416
states of, r, 419
Radar set module, 417
radar type, 419, 421, 422
RAL instruction execution
ISP code for, 182
Range, 55
of relation, 56
type, 297
Ranging, radar state, 416, 421
Rapid prototyping, 7
Rational design process, 356, 362
desirability of, 355
discussion about, 358-364
documentation role in, 364-366
faking ideal process, 366-367
how/why to fake it, 353-368
idealized description for, 357
maintenance, 363-364
module interfaces designed/documented, 362
module internal structures designed/documented, 363
module structures designed/documented, 361-362
program writing, 363
requirements document for, 358-361
uses hierarchy designed/documented, 362
Raw table skeleton, 79, 81
RC4000 system, 161, 165, 187, 286
Reactivity control systems, 373
Readability, 5
Readers, 389, 390
"Readers" and "Writers"
concurrent control with, 387-392
problem, 384
Reagan, Ronald, 519, 520, 521
quoted, on strategic defense system requirements, 498
and SDI, 493, 501, 527
Real-time events, 414-415
Real-time processes, 404
Real-time programs, 403
Real-time schedules
and battle-management software, 503
Real-time systems, 97
Recognition algorithms, 503
Reconfiguration interfaces, 309
Record keeping
and software aging, 557-558
Recursive calls, 167
Recursive programming, 163
Redundancy, 240
and compile time checking, 219
in design representation, 345-346
eliminating checks for, 244
and safety-critical software, 372
Reference tools
requirements documentation as, 114. See also Documentation; Module Guide
Reflection
and undesired events, 235, 244
Regions
versus indivisibility, 412-413
Regions relations
advantages with, 429
Registers
in HP 2116, 182
for Markov algorithm machine, 178-182
Relational component, 99
Relational composition, 585
Relational documentation
industrial experience with, 73-74
Relational documents
tabular representations in, 71-87
Relational model of documentation, 71-73
program descriptions, 73
relation of NAT, 72-73
relation of REQ, 73
system requirements document, 72
Relational operators, 54, 55
Relation attributes, 420, 422
Relation cells, 79, 81
Relation components, 35
Relation inquiry programs, 421
Relation NAT, 72
Relation parameter, 418
Relation REQ, 73
Relations, 51, 55, 63, 64, 79, 585, 586
defined, 56
synchronization on, 422-423
tabular descriptions of, 586
Releases
and software aging, 558
timing of, 439, 440, 452
Reliability
and safety-critical software, 371, 372
and software aging, 554
Reliability monitor, radar state, 417
"Rendezvous" operators, 409
Representation-dependent programs, 223
Rep-types, 222-223, 225
REQ relation, 73
Requirements, 267
subsets and extensions in, 286-287
Requirements definition
identifying subsets first, 273-274
and undesired events, 114
Requirements documents
for A-7 program, 113-114
contents, 359
design principles, 114-116
discussion about, 131-132
mathematical model behind, 360
need for, 358-359
organization of, 360-361
techniques summary for, 132-133
writers, 360
Requirements specifications, 109, 315-316
for complex systems, 107, 111
Requirements table of contents, 53
Requirements team
and inspection process at nuclear plant, 378
Research
alternative funding for, 518
computer science, 469-470
judging, 517
SDIO and funding of, 516-518
software engineering, 506-507
Researchers
changing communication patterns between practitioners and, 575
critique of methods followed by, 572-575
gap between programmers and, 570, 572
need for rethinking audience by, 565
and publishing outside specialty, 467-468
Resource monitors, 111
Resources
impact of CABS on, 479
Restricted modules, 323
Restrictions
on order of operations, 237-238
Restructuring, program families, 561-562
Retirement savings, 484
Retroactive documentation, 560-561
Retroactive incremental modularization, 561
Reusable software, 191, 335
Reviewable designs, 343-344, 542
Reviewers, 350
characteristics of, for DIM abstract interfaces, 348
classifying, 347-349
and conventional design reviews, 342
correspondence of reviews and, 348
and designers, 339, 342, 349
detailed design coverage by, 341
errors found by, 340
questionnaire for, 347, 349
and review types, 346
Reviews, 555
conducting, 349-350
correspondence of reviewers and, 348
effective, 343-350
and software aging, 558-559, 560
Review type identification, 346
Revision, 555
Rigour
and safety-critical software, 371, 372
Rings, 166
RISC architectures, 172
Robotics, 407
Robust programs
and SDI software, 515
Rochkind, Marc J., 571
Rows
in condition tables, 125-127
Rule-based programming, 510
Run-time
context switching, 429
device-dependent characteristics varying at, 309
Run-time errors
and information hiding, 262
in software systems, 231
Run time scheduling, 429
pre-run-time scheduling compared to, 440
Run-time type checking, 272, 273
S
Safe set, 73
Safety-critical applications, 534
Safety-critical real-time systems, 438, 440
Safety-critical software, 403, 407, 564
inspection of, using program-function tables, 369-381
Safety-critical software inspection
at Darlington Nuclear Power Generating Station, 373-374
difficulties with, 374-375
and functional documentation, 375-376
Saltzer, G., 186
Salutation, 292
Sampling periods, 503
Sandia National Laboratories, 528
Sandwiching, 278
Satellites
and SDI, 523
Savings and investment, 480, 484
targeting to needs and inflation-free, 485
Scalability
of LD-relations, 91
Scheduling, 385, 444
algorithm for problem solving, 439-454
and battle-management software, 503
examples 1-5, 460-465
of processes with release times, deadlines, precedence, and exclusion relations, 439-454
Science, 539, 596
role of programming in, 581-582
Science courses
programming courses distinct from, 582-583
Scientists
social responsibility of, 538-539
SCR. See Software Cost Reduction
SDI. See Strategic Defense Initiative
SDIO. See Strategic Defense Initiative Organization
SDIO Panel on Computing in Support of Battle Management, 493, 519
Eastport group within, 525, 528
Secondary secrets, 324
of Data Type Module, 331
of Physical Model Module, 330
of System Generation Module, 331
of Virtual Memory Module, 332
Secrets, 274, 280, 316, 324
of Data Type Module, 331
defined, 300
in hardware-hiding module for A-7E, 325, 326
of System Value submodule, 333. See also Primary Secrets; Secondary secrets
Semantics, 95
of class of expressions, 44-45
of constructed programs, 34
of go, 36
for guards, 35
of "i," 36
of init, 37
of iterative construct (it ti), 37-38
of limited component, 36
of limited component lists, 36
of parentheses, 38
of stop, 36. See also Language; Syntax
Semaphores, 396, 409, 410, 411, 413, 415, 429, 432
arrays, 397, 398
closing/opening operations, 412
overflow, 397
passages, 411, 412, 427
Sensors, 522, 527
within heart pacemakers, 544, 545
Separation of concerns, 366, 385, 433
and design for change, 555
need for, 408-410
preserving, 415
processes used for achieving, 409-410
in requirements documentation, 116, 360, 361
with STEs, 425
Sequences, state, 175
Sequencing decisions
and stepwise refinement, 209
Sequential completion method, 194
representation of development by, 195
Sequential development, 193
Sequential programs, 383
set attribute, 422, 424
Set inquiry programs, 421-422
Set of all segments, 444
Set of processes, 444
Set of segment units, 444
Set parameter, 418
Set theory, 585
Sexagesimal notation, 89
Shared Services Module
for A-7E, 329
Shared Services Module Decomposition
modules within, 333
Shared variables, 430
Shaw, Mary, 158, 571
Shore, John
introductions by, 215, 477, 597
Shutdown systems, nuclear plants, 373, 375
Side-effects, 34
in boolean expressions, 31
in guards, 42
Siewiorek, Daniel, 173
introduction by, 171
Simple n-tuple, 55
Simple tuple, 55-56
Single-purpose programs, 284
"Smart" weapons/satellites, 408
Social responsibilities
of software engineers, xxii, 537, 538-539
Soft modules, 288
Software, 2
classes of specifications for, 10
complaints about systems of, 269
designing for ease of extension and contraction, 267-290
devices requiring information from, 312
evolution, 549
as family of programs, 270-271
geriatrics, 559-562
hierarchical structure in systems of, 263
quality assurance, 140
reducing life-cycle cost of, 264
resusable, 91, 335
system structures, 157
types of, 97-98
understanding, 501. See also Program families
Software aging, 549-550, 551-567
barriers to progress, 563-565
causes of, 552-553
costs of, 553-554
inevitability of, 559
and partitioning of people/industries, 564, 565
planning ahead, 562-563
preventive medicine for, 555-559
reducing costs of, 554-555
Software architecture, 158
Software Cost Reduction, 141, 315n2
Software Cost Reduction model, 107, 108, 109
Software Cost Reduction Project, xxii, 339, 507
at Naval Research Laboratory, 437
Parnas's leadership of, 520
precepts underlying basis for, 507-508
"Software crisis," 563-564, 577
Software decision hiding modules, 316, 317
Software decision module
for A-7E, 325, 326, 329
Software design, 137-142
"clean" or "elegant," 138-139
conclusions about, 141
error handling, 139-140
for hard-real-time systems, 407
as idealization, 356-357
introduction to, 137-138
new approaches to, 339
other structural design decisions, 140-141
program families or product lines, 139
role of specifications in, 9
and software inspections, 140
Software designer
and family of programs, 270
Software developers
and documentation, 71
and foundational research, 93
Software development, xxi
and information hiding, 143
mathematical methods for, 51, 67
professional practice in, 543, 546-547
slowing rapid pace of, 562
and software aging, 549, 551
and software education, 577
"Software Development Based on Module Interconnection" (Tichy), 571
Software documentation, 1-2
examples of logic used in, 60-63
Table Tool System for, 4
Software engineering, xxi, xxii, 67, 157, 499
barriers to progress in, 563-565
as branch of engineering, 575
and defense-sponsored research, 497
defined, 257
and documentation, 557-558
educational programs for, 547
and ethics, 493, 494
gap between principles and practice of, 319-320
gap between programmers and researchers, 572
history behind, 90-91, 541
and legal principles, 533-534
limits of methods, 506-510
mathematical notation and, 71
predicate logic for, 49-50, 51-65
principles, 255, 257-266
professionalization of, 534-535, 566
reasons for hardness of, 508
and semantics, 576
"Software Engineering as a Profession," 534
Software engineering education, 593, 595-596
Software engineering program accreditation, 546-547
Software engineering research
defined/discussed, 506-507
education, 599-605
and SDI goals, 509
Software engineers, 51
education of, as engineers, 593
need for communicating with engineering organizations by, 573-574
professional responsibilities of, 537-548
Software functions
organization by, 121-122
techniques for describing, 121-130
Software generality
software flexibility versus, 287
Software Productivity Consortium, 338
Software reliability, 471, 473
and automatic programming, 513
challenges to, 508
enhancing, 298
Software research
alternative funding for, 518
judging, 517
SDIO and funding of, 516-518
Software technology
SDI and limits of, 522
Software unreliability, 498, 499-504
and education of programmers, 501
introduction about, 499
and mathematical tools, 500
system types, 499
understanding software, 501
Software Utility Module, 329, 331
Solo-programming, 257, 258
Source code
object code distinct from, 409
"Source Code Control System, The" (Rochkind), 571
Soviet Union. See U.S.S.R.
Space-based defense systems/weaponry, 493, 519. See also Strategic Defense Initiative
Space Technology, 301
"Spaghetti code," 138, 140
Spatial Relations Module, 334
Special-purpose compilers
eliminating need for, 288
Specifications, 13, 71, 90, 96, 255, 601
analysis, 7
defined, 9-10, 95
history of work on (brief), 10-11
of information hiding modules, 193
lack of, for SDI, 514-515
language, 94
of modules, 260, 261
of objects, 104-105
program, 32-33, 93, 102-104
role of, in software design, 9. See also Documentation
Spec-types, 222, 225
Splitting, 278
Spooling, 277
SS Module. See Shared Services Module
STAC
alternative formal specifications for, 17
Stack overflow example, 16
Standby, radar state, 416, 421
Starting states, 98, 586
Start time of segment, 444
"Star Wars" program, 493, 519, 520, 537
comment on (Parnas), 468. See also Strategic Defense Initiative
State inquiry operations, 421-422
State parameter, 418
State sequences, 175
programs as descriptions of, 586
State Transition Event Module, 334
State Transition Event mechanism, 404, 431
summary, 432-433
types, 420, 422
values, 419
variables, 418. See also STE synchronization mechanisms
State transitions
operations, 420-421
representing, 419-420
STE. See State Transition Event mechanism
Stepwise refinement, 191, 192, 193, 202, 207, 210, 218
module specification contrasted with, 209-210
programming by, 198-200
STE synchronization mechanisms, 417, 418-426
combined operations, 424-425
finite state machine defined, 418-419
interprocess synchronization with STEs, 425-426
set synchronization programs, 424
state inquiry operations, 421-422
state transition operations, 420-421
state transition representation, 419-420
synchronization operations, 422-423
Stop
semantics of, 36
Stopping states, 586
Strategic Defense Initiative, xxii, 468, 493
background, 520-521
critical issues surrounding, 524-528
difficulties with software for, 522-523
and expert systems, 511-512
funding of, and conflicts of interest, 521
and "loose coordination" distraction, 525-526
and "90%" distraction, 525
Parnas's opposition to, 519-530
Parnas's resignation from Defense Dept. committee advising, 519, 524, 537
pursuit of, for other reasons?, 529-530
and software issues, 501-504, 514-515
role of computers in, 522-523
software engineering research and attainability issues, 509
and trustworthiness issues, 521, 522, 530
Strategic Defense Initiative Organization, 494, 497, 517-518, 519, 520, 528
and funding, 516-518
quality of work in, 528
reaction by, to Parnas's resignation from advising committee, 524
Strategic defense systems
and artificial intelligence, 510-512
and automatic programming, 512-514
conventional software development and lack of reliable programs, 504-506
program verification and SDI software reliability, 514-515
reasons for untrustworthiness of SDI software system, 501-504
requirement, 498
SDIO and funding research for, 516-518
software aspects of, 493, 497-518
software engineering limits and, 506-510
why software is unreliable, 499-501
Strategic software engineering, 144
"Stream of consciousness" writing, 364, 365
"Stream of execution" writing, 364, 365
Structure
meaning of, 258
steps for better, 273-279
of systems programs, 260-261
Structured constructs, 31
Structured programming, 31, 157, 218
assumptions about, 231-232
Dijkstra's papers on, 162
value of, in producing programming families, 206-207
Subclasses, 191, 192
Subexpressions, 54
Subfamilies, 197, 205, 209
Submodules, 361, 363
Subprograms, 162, 163
modules, levels as distinct from, 287
Subroutines, 259, 260, 287, 474, 561
Subsetable systems
and hierarchical structure, 263
Subsets, 163, 277, 278, 288
designing for, 288
identifying, 273-274
manifestation of lack of, 271-273
picking, 284
within requirements, 286
use of, 209
Success
designing for, 557
and software aging, 552
Sufficiency
and trap conditions, 238
Suggestive transparency, 188
Support software
reducing need for, 288
Swansea University, 85
Switches
with hardware side effects, 311
nomenclatures, 118, 311
Symbols
#, 34, 38-39, 45
in event tables, 127, 128
Flight Path Marker, 129
Synchronization, 384, 385, 387, 388, 430
combined operations, 424-425
lower level considerations, 410-411
primitives, 412
two-level approach to, 410
upper level considerations, 413-418
summary of operations, 423. See also STE synchronization mechanisms
Synchronization in hard-real-time systems, 403-405, 407-435
considerations at lower level, 410-411
considerations at upper level, 413-418
experience and results, 430-432
implementation in terms of lower-level mechanism, 426-428
introduction to, 407-408
lower-level synchronization primitives, 411-413
need for separation of concerns, 408-410
pre-run-time scheduler, 428-430
reason for another synchronization mechanism, 430
STE synchronization mechanisms, 418-426
summary on, 432-433
two-level approach to, 410
Syntax
checker, 589
of constructs, 34-35
definition, 13
of logical expressions, 57-58
notation for describing, 13
of program design notation, 588
of specification, 12. See also Language; Semantics
SYSGEN
eliminating need for, 284, 288
extension at runtime versus during, 288-289
System Data Type Module, 334
System Generation Module, 329, 331
System generation programs, 210
System requirements document, 72
Systems programs
two techniques for controlling structure of, 260-261
System Value Module, 333
T
Table holder, 85
Table of contents
A-7 requirements, 115
Table predicate rule, 80, 81
Table relation rule, 80, 81
Tables, 75, 586
condition, 125-127
defining, f, 78
dimensionality changes in, 82
discovering first, 75
fomalisation of wide class of, 77-81
for precision and completeness, 125-128
program function, 376-378
transformations of, from one kind to another, 82-85
use of at Darlington Nuclear Power Station, 76
Table Tools Project, at McMaster University, 370
Table Tool System, 4
Tabular expressions, 3, 4
Tabular representations
in relational documents, 71-87
Taxation, 489, 490, 493, 529
TC-2 assembly code, 431
Teaching
programming, 137-138, 577-578, 579-591, 595-596
software engineering research, 599-605. See also Education
Teams
and inspection process at nuclear plant, 378, 379
Technical writers
and documentation, 557
Technion Institute, 530
Technocrats
research in DoD judged by, 517
Technology, 539, 574
Technology transfer problem, 5, 107, 108
Templates
for value descriptions, 117-118
Terminating programs, 97
Terms, 57
evaluating for given assignment, 58
Test case generation, 7
Testing, 4, 500, 522, 555, 574, 575, 581
Tests
in programming courses, 589, 590
Texas
software engineering licensing in, 534
Text macros, 123-124
for conditions, 124
T.H.E. system, 161, 167, 277
BANKER in, 165
Dijkstra's paper on, 162
"Habermann" hierarchy in, 164-165
primitives from, 187, 188
Thinking
tables aid in, 76-77
Three exit program, 40
Three-valued logics, 54
Throwing exceptions, 230
Tichy, Walter F., 571
Timers, 411
Timing considerations section
for output data item, 121
Timing constraints
in requirements document, 361
T/L ("table/list") module
conclusions about, 26-27
current specification for, 25-26
flaws in first version of specification for, 22-25
informal picture of, 19-21
with unlimited capacity, 24-25
"Top down" approach, 157, 167, 173
Total functions, 56, 63, 64
Trace Assertion Method, 2
Trace-based methods, 5, 18
Trace-based specifications, 8
Trace legality
assertions about, 12
Traces, 11, 104
assertions about equivalence of, 12
formal notation for specification based on, 12-14
notation for describing, 13
techniques, 7-8
and T/L module, 21, 22, 25
Tracking, radar state, 416, 421
track (RS) operation, 423
Trade
and Computer Assisted Barter Systems, 479
deficits, 487
imbalances, 483, 487
and inflation, 482
and money supply, 481-482
surpluses, 483, 487
systems of, 468-469
Traffic control, 407
Trajectory computations, 518
Transformations of tables
interrelationship between, 84-85
Transparency, 171
of an abstraction, 175
example, 175-177
and flexibility of design, 181
misleading, 188-189
suggestive, 188
unsolved problem, from operating system area, 186-188
Traps, 238
conditions, 162
and error types, 235-236
failure, 239
priority of, 238
state after, 239
and undesired events, 233-234
Trap vector size, 238-239
Tree-structured hierarchies, 323
Tripp, Leonard
introduction by, 533
"True concurrency," 384
True expressions, 59
TRW Software Productivity System, 267
TTS. See Table Tool System
Tuples, 55-56, 75
Turing machines, 578
Turing Prize, 599
Two-dimensional inverted table, 84
Two-dimensional tableaux, 586
Two-dimensional 3 x 3 table, 83
Two-entrance program, 41
Two-linked list
register as, 179
Two-valued logics, 54
Type extensions
motivations for, 218-220
Types
approaches to defining, 217-218
as classes of modes, 221
consisting of modes as invocations of parameterized mode descriptions, 223-224
consisting of modes with identical external visible behavior, 222
consisting of modes with identical representations, 222-223
consisting of modes with some common properties, 224
modes belonging to more than one, 224-225
U
UEs. See Undesired events
UMLs. See Undefined modeling languages
Unconditional await programs, 426, 427
Unconventional decompositions, 145
Undefined information requests, 237
Undefined modeling languages, 141
Undesired event handling
continuation after, 236-237
in requirements document, 361
Undesired event messages
passed between levels, 254
Undesired events, 229, 230, 232, 262
assumptions, defined, 300
classification, 130
conclusions about, 244-245
degrees of, 241-244
effect of, on code complexity, 233-234
factors determining degrees of, 242
lists of, 130
and module internal structures, 363
order of actions and, 243
order of aims and, 242-243
order of degrees of, 242
redundancy, efficiency and, 240-241
and requirements definition, 114
response to, in software systems, 231-246
and specifying error indications, 237-240
techniques for specifying, 130
upward propagating, 235
Unemployment, 491
impact of CABS on, 479
Uniform pricing, 469
Union operation, 585
United Kingdom
software engineering education in, 534
United States
negligence suits in, 533
and SDI, 493, 521
software engineering education in, 534
United States Department of Defense
judging research done within, 517
and overfunding problem, 530
Parnas's consultancy with, 520
and SDIO funding, 516-518
United States General Accounting Office, 494
United States Naval Research Laboratory (Washington, D.C.), xxii, 107, 111, 215, 303, 315, 319, 370
A-7 aircraft redesign at, 295
A-7E flight software produced by, 324
Software Cost Reduction Project at, 339, 407, 437, 507, 520
United States Navy, 516
Universal Plug and Play, 292
Universal quantification, 62, 63
UniversitŽ du QuŽbec ˆ Hull, 85, 370
University of British Columbia, 68
University of Maryland, 578
University of North Carolina, 577
University of Victoria, 487
UNIX, 509
Updates
and software aging, 552
Upper level considerations, 413-418
desirable characteristics of upper-level mechanism, 415-416
example system, 416-417
real-time event, 414-415
up (s) operation, 412
Upward propagating undesired event, 235
User-defined data types, 217
User programs, 297
"Uses" hierarchy, 263, 277-278, 286, 362
"Uses" relation, 269, 276-277, 278, 284
between component program, 285
loops in, 273
"Uses" structure
A-7E system, 321
designing, 276-279
U.S.S.R.
and SDI, 493, 521
u-tuple, 58
V
Valid initial solution, 446
implementation of procedure for computing, 455-456
improving on, 447-449
Valid schedule, 445
Value description templates, 117-118
Values
encoding, 118
of functions, 56
guard, 35
of programs, 34
symbolic names, 117
Value stack, 39
van Emden, Martin
introduction by, 49
van Schouwen, A. John
introduction by, 369
Variables, 44, 218
mode of, 220-221
STE, 418
Variant-types, 224
Varney, R.C., 165
VDI (Association of German Engineers), 575
VDM model, 102
Vector economics, 484
Velocity increments, 307
Venus, 277
Verification
and documentation, 558
before implementation, 27
and safety-critical software, 372
Versions
and software aging, 560. See also Releases
V-functions, 10, 11, 12, 18
and assertions, 12, 13
assertions about values returned by, at end of traces, 12
notation describing values of, at end of traces, 14
for Table/List Module, 20, 25, 26
Virtual devices, 297, 298
assumption list characterizing, 301-302
with changeable characteristics, 308-309
interconnections between, 309-310
not corresponding to hardware devices, 313
Virtual machine, 171, 173, 175, 176, 179, 181, 186, 474
concept of, 275-276
defective, 236
and misleading transparency, 188-189
and suggestive transparency, 188
Virtual machine approach
advantages of, 287
Virtual memory, 172, 277
Virtual Memory Module, 332
Virtual panels, 121
Virtual radar
conditions defining states of, 417
VM. See Virtual machine
Von Neumann, John von, 604
V operations (Dijkstra's), 384, 387, 389, 412, 413
W
Wadge, William
introduction by, 29
wait conditional, 422
Wait conditional on membership, 424
wait on call operation, 423
Wait on set, 424
Waldo, James
introduction by, 291
Warheads, 522, 527
Warsaw University, 85, 370
Weapon Behavior Module, 334
Weapons, 522, 527
space-based, 493
Weapons development, 497
Parnas's view on, 520
Weapons systems, 468
battle-management software system characteristics, 502
Weiser, Mark, 571
Weiss, David M., 139, 141, 217, 319, 338, 339, 571
introductions by, 143, 315, 493
Well-done table skeleton, 80
examples of, 81
Well-structured programs
discussion about, 258-259
producing, 260-261
when clause, 414
Whistle blowers, 519
Williams, Everard M., 597, 604
Parnas's tribute to, 599-601
Wilmotte, J.P., 399, 400, 411, 412, 433
"Windows on the World," 569
Wodon, P., 400
World Wide Web, 172
WOW. See "Windows on the World"
Writers, 389, 390
Wulf, William A., 199-200, 201, 571
WŸrges, Harald, 140, 229, 231
X
Xu, Jia, 404, 437, 438, 439
Y
Year-2000 problem, 595
York University, 437
Z
Zermelo-Fraenkel Set Theory, 50
Zucker, Jeffrey, 71