Introduction to Software Construction Franco Gasperoni

Introduction to Software Construction

• Franco Gasperoni

• gasperoni@adacore.com

• http://libre.adacore.com/Software_Matters

Course Home page

• http://libre.adacore.com/Software_Matters

• All the course slides are there (PDF and PowerPoint)

Copyright Notice

• © AdaCore under the GNU Free Documentation License

• Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; provided its original author is mentioned and the link to http://libre.act-europe.fr/ is kept. A copy of the license is included in available at:

• http://www.fsf.org/licenses/fdl.html

Course Objectives

• Show problems & pitfalls in C-derived languages

• C, C++, Java

Interesting Books

• Programming in Ada 95

• by John Barnes (Addison Wesley)

• High Integrity Ada: The SPARK Approach

• by John Barnes (Addison Wesley)

• Object-Oriented Software Construction

• by Bertrand Meyer (Prentice Hall)

• Objects Unencapsulated: Java, Eiffel, and C++

• by Ian Joyner (Prentice Hall)

• C Traps and Pitfalls

• by Andrew Koenig (Addison Wesley)

• Effective C++

• by Scott Myers (Addison Wesley)

Interesting Links

• http://www.fsf.org

• The site of the GNU project and the Free Software Foundation

• http://libre.adacore.com

• Interesting Free Software projects written in Ada 95

• http://www.adahome.com/Tutorials/Lovelace/lovelace.htm

• Lovelace, on line Ada 95 tutorial

• http://www.adaic.com/whyada/ada-vs-c/cada_art.html

• Comparing Development Costs of C and Ada

Course Assumptions

• You are interested in the field of software development

• You have written computer programs in at least one imperative languages

• E.g. Ada, C, C++, Eiffel, Fortran, Java, Pascal, …

• Have a basic knowledge of C

• … for the section on problems & pitfalls in C-related languages

Background on Software Construction Processes

Software Development Phases

Software Processes

• A Software Process is

• A set of activities (e.g. requirements, analysis, design, coding, testing) combined and sequenced in a particular fashion to produce software

• Recent trend: Agile Software Development

• Customer needs evolve with time
• Satisfying customers at delivery time (rather than at project initiation) is more important than conforming to initial customer requirements

Example of Software Processes

Software Phases Related to this Course

Your Software Development Experience

• What is the largest software system that you have built?

• How did you build it?

• What process?
• What programming language?
• What tools?
• Did you use version control tools?

• How long will the software be used for?

• Who will fix, change, or adapt the software that you wrote?

A Small Software System Is …

• Understandable by 1 person

• Can be thrown away and rewritten to

• Repair or extend it
• Port it to a new platform

• Anything is OK for small systems

• The notion of small is programmer-dependent 

• Typically something less than 10,000 lines of code is small

A Medium/Large Software System …

• Requires a team of people

• No single person knows all its aspects

• Has a long life-span (> 10 years)

• CANNOT throw it away and replace it to

• Repair it or extend it
• Port it to new platforms

• Requires organization, discipline, and the right tools

Software Dependability

Software Dependability

The Blue Screen of Death (BSOD)

More BSOD Embarrassments

Does Software Dependability Matter?

• Certainly at the marketing level 

• No vendor would say its software is undependable
• No team would say it produces undependable software

• In practice there is plenty of software you cannot depend on

• Not all software needs to be dependable

• Useful but not very dependable software can be OK 

• If this machine crashes while doing this presentation I will reboot
• If your word processor crashes while you write an important document there is no harm if you save your document frequently

Software Dependability

• Dependability Usability

• E.g. word processor

Warning about Defect Rates

• 1 document/year lost while word-processing

• Great 

• 2 accidents/month at the International Airport in London

•  

• 22,000 checks/hour drawn from the wrong account in the US

•  

Software Failures: Availability

• Denial-of-service attacks

• Example: attack against GRC.com
• Attacked by 195 Windows 2000 servers running insecure versions of Microsoft's IIS web server. IIS was the apparent point of hacker entry into the system.

Software Failures: Reliability

• January 15, 1990: 9 hour nation-wide telecom shutdown

• 1 month earlier ATT updated its software in 114 switching stations
• Cause: 1 misplaced “break” statement in a C program

• January 2001: 230,000 units new Internet-enabled mobile phone recalled

• Users reported that their phones were freezing after accessing certain Web sites, and when they were powered back on, all stored information (addresses, e-mails, bookmarks, memos) had been lost

• Matracom 6500 PABX (telephone switch)

• Random phone messages are garbled
• Long phone calls are cut

• Windows 95/98/ME/2000

• September 1997: propulsion system of the USS Yorktown ship failed
• Cause: Windows NT 4.0 crashed
• An amusing story: Installed an HP scanner on a SONY VAIO with Windows 2000. Now machine cannot enter suspend mode and when it tries the screen disappears until powered-off (with loss of work )

Software Failures: Safety

• 1986: Therac 25 radiation machine kills several patients

• Cause: poor testing of the software

• June 4, 1996: 1st flight of Ariane 5 aborted: Ariane 5 destroyed

• Cause: Code from Ariane 4 guidance system was reused in Ariane 5 but not tested.

• 2000: Deadly accident in French highway

• Cause: Software malfunction in car braking system. Car manufacturer acknowledges responsibility.

Software Failures: Security

• November 2, 1988 Internet Worm

• A self-replicating program was released upon the Internet
• This program (a worm) invaded VAX and Sun computers running versions of Berkeley UNIX, and used their resources to attack still more computers.
• Within the space of hours this program had spread across the U.S., infecting thousands of computers and making many of them unusable due to the burden of its activity.
• Cause: undetected buffer overflow in C routine gets()

• Many interesting virus stories especially on Windows

… And 30% of Software Projects Don’t Even Get to That Stage

• US Internal Revenue Service Modernization

• $4 Billion, dropped in early 1997

• FBI Fingerprint system

• $500 million, dropped

• Bell Atlantic 411

• Nov 1996, outage, backed out of upgrade

Software Criticality

Software & Criticality

• Business-critical

• Software failure may result in the business shutting down
• E.g. Bank trading system

• Mission-critical

• Software failure may result in mission failure
• E.g. Pathfinder on Mars

• Safety-critical

• Software failure may result in injury, loss of life or major environmental damage
• E.g. Plane

Safety-Critical Software Standards

• RTCA/EUROCAE DO-178B

• The international avionics standard for safety critical software

• IEC 880

• Standard for software in nuclear power stations

• IEC61508 / DEF STAN 00-55/56

• European safety standards

• Development Guidelines for Vehicle Based Software

• Safety standard promoted by the Motor Industry Software Reliability Association (MISRA)

• …

DO-178B Software Criticality Levels

IEC61508 Safety-Complexity-Integrity Levels (SCIL)

MISRA Integrity Levels

Software & Security

Software Security Standards

• TCSEC (Orange Book)

• Trusted Computer Security Evaluation Criteria

• Common Criteria For Information Technology Security Evaluation (ISO/IEC 15408-1)

• Evaluation criteria for IT security
• 7 security levels

Evaluation Assurance Levels (EALs)

Software Evolution

Software Needs to Evolve

• Bug Fixes

• Port to new architectures

• Software lasts for a long time
• E.g. Y2K problem
• Most useful software outlives the hardware it was designed to run on
• E.g. VAX/VMS
• When new hardware becomes available it’s cheaper to port existing applications than rewrite everything from scratch
• E.g. Intel IA-64

• Enhancements & new features

• E.g. Dos, Windows 3.1, Windows 95/98/ME, Windows NT/2000/XP

Software Investment Costs in 2001

• Typical software productivity is:

• Between 2 and 20 lines of working code (LOC) per programmer per day

• Average cost of a programmer per day (loaded with all costs):

• Between 150 and 500 USD/day

• Average cost to write a line of code (LOC)

• Between 10 and 50 USD

• Cost to develop a 100,000 LOC application

• Typically between 1 M USD to 5 M USD

Software Evolution is a Must

• You cannot just throw away software and redo it

• Cost is one thing
• But time-to-market is usually even more important

• Your software might not need to be very dependable, but…

• … it must be capable to evolve

• In a timely fashion
• At a reasonable cost

• Examples

• The GNU Ada/C/C++ compiler is over 2 M LOC
• Emacs editor is approx 1.4 M LOC
• GNU/Linux is approx 4 M LOC

Software Trend

• Software is increasingly developed

• by extending and modifying existing systems

Summary

• Depending on your application domain

• Some or all of the software dependability parameters are probably important

• availability, reliability, safety, security

• … but in almost all cases

• software evolution is fundamental