Franco Gasperoni gasperoni@adacore.com http://libre.adacore.com/Software_Matters
Course Home page http://libre.adacore.com/Software_Matters - All the course slides are there (PDF and PowerPoint)
Copyright Notice © AdaCore under the GNU Free Documentation License Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; provided its original author is mentioned and the link to http://libre.act-europe.fr/ is kept. A copy of the license is included in available at: http://www.fsf.org/licenses/fdl.html
Course Objectives Show problems & pitfalls in C-derived languages
Interesting Books Programming in Ada 95 - by John Barnes (Addison Wesley)
High Integrity Ada: The SPARK Approach - by John Barnes (Addison Wesley)
Object-Oriented Software Construction - by Bertrand Meyer (Prentice Hall)
Objects Unencapsulated: Java, Eiffel, and C++ - by Ian Joyner (Prentice Hall)
C Traps and Pitfalls - by Andrew Koenig (Addison Wesley)
Effective C++ - by Scott Myers (Addison Wesley)
Interesting Links http://www.fsf.org - The site of the GNU project and the Free Software Foundation
http://libre.adacore.com - Interesting Free Software projects written in Ada 95
http://www.adahome.com/Tutorials/Lovelace/lovelace.htm - Lovelace, on line Ada 95 tutorial
http://www.adaic.com/whyada/ada-vs-c/cada_art.html
Course Assumptions You are interested in the field of software development You have written computer programs in at least one imperative languages - E.g. Ada, C, C++, Eiffel, Fortran, Java, Pascal, …
Have a basic knowledge of C - … for the section on problems & pitfalls in C-related languages
Background on Software Construction Processes
Software Development Phases
Software Processes A Software Process is - A set of activities (e.g. requirements, analysis, design, coding, testing) combined and sequenced in a particular fashion to produce software
Recent trend: Agile Software Development - Customer needs evolve with time
- Satisfying customers at delivery time (rather than at project initiation) is more important than conforming to initial customer requirements
Example of Software Processes
Software Phases Related to this Course
Your Software Development Experience What is the largest software system that you have built? How did you build it? - What process?
- What programming language?
- What tools?
- Did you use version control tools?
How long will the software be used for? - Who will fix, change, or adapt the software that you wrote?
A Small Software System Is … Understandable by 1 person Can be thrown away and rewritten to - Repair or extend it
- Port it to a new platform
Anything is OK for small systems The notion of small is programmer-dependent Typically something less than 10,000 lines of code is small
A Medium/Large Software System … Requires a team of people No single person knows all its aspects Has a long life-span (> 10 years) - Repair it or extend it
- Port it to new platforms
Requires organization, discipline, and the right tools
Software Dependability
Software Dependability
The Blue Screen of Death (BSOD)
More BSOD Embarrassments
Does Software Dependability Matter? Certainly at the marketing level - No vendor would say its software is undependable
- No team would say it produces undependable software
In practice there is plenty of software you cannot depend on Not all software needs to be dependable Useful but not very dependable software can be OK - If this machine crashes while doing this presentation I will reboot
- If your word processor crashes while you write an important document there is no harm if you save your document frequently
Software Dependability
Warning about Defect Rates 1 document/year lost while word-processing 2 accidents/month at the International Airport in London 22,000 checks/hour drawn from the wrong account in the US
Software Failures: Availability Denial-of-service attacks - Example: attack against GRC.com
- Attacked by 195 Windows 2000 servers running insecure versions of Microsoft's IIS web server. IIS was the apparent point of hacker entry into the system.
Software Failures: Reliability January 15, 1990: 9 hour nation-wide telecom shutdown - 1 month earlier ATT updated its software in 114 switching stations
- Cause: 1 misplaced “break” statement in a C program
January 2001: 230,000 units new Internet-enabled mobile phone recalled - Users reported that their phones were freezing after accessing certain Web sites, and when they were powered back on, all stored information (addresses, e-mails, bookmarks, memos) had been lost
Matracom 6500 PABX (telephone switch) - Random phone messages are garbled
- Long phone calls are cut
Windows 95/98/ME/2000 - September 1997: propulsion system of the USS Yorktown ship failed
- Cause: Windows NT 4.0 crashed
- An amusing story: Installed an HP scanner on a SONY VAIO with Windows 2000. Now machine cannot enter suspend mode and when it tries the screen disappears until powered-off (with loss of work )
Software Failures: Safety 1986: Therac 25 radiation machine kills several patients - Cause: poor testing of the software
June 4, 1996: 1st flight of Ariane 5 aborted: Ariane 5 destroyed - Cause: Code from Ariane 4 guidance system was reused in Ariane 5 but not tested.
2000: Deadly accident in French highway - Cause: Software malfunction in car braking system. Car manufacturer acknowledges responsibility.
Software Failures: Security November 2, 1988 Internet Worm - A self-replicating program was released upon the Internet
- This program (a worm) invaded VAX and Sun computers running versions of Berkeley UNIX, and used their resources to attack still more computers.
- Within the space of hours this program had spread across the U.S., infecting thousands of computers and making many of them unusable due to the burden of its activity.
- Cause: undetected buffer overflow in C routine gets()
Many interesting virus stories especially on Windows
… And 30% of Software Projects Don’t Even Get to That Stage US Internal Revenue Service Modernization - $4 Billion, dropped in early 1997
FBI Fingerprint system Bell Atlantic 411 - Nov 1996, outage, backed out of upgrade
Software Criticality
Software & Criticality Business-critical - Software failure may result in the business shutting down
- E.g. Bank trading system
Mission-critical - Software failure may result in mission failure
- E.g. Pathfinder on Mars
Safety-critical - Software failure may result in injury, loss of life or major environmental damage
- E.g. Plane
RTCA/EUROCAE DO-178B - The international avionics standard for safety critical software
IEC 880 - Standard for software in nuclear power stations
IEC61508 / DEF STAN 00-55/56 - European safety standards
Development Guidelines for Vehicle Based Software - Safety standard promoted by the Motor Industry Software Reliability Association (MISRA)
…
DO-178B Software Criticality Levels
IEC61508 Safety-Complexity-Integrity Levels (SCIL)
MISRA Integrity Levels
Software & Security
Software Security Standards TCSEC (Orange Book) - Trusted Computer Security Evaluation Criteria
Common Criteria For Information Technology Security Evaluation (ISO/IEC 15408-1) - Evaluation criteria for IT security
- 7 security levels
Evaluation Assurance Levels (EALs)
Software Evolution
Software Needs to Evolve Bug Fixes - Software lasts for a long time
- Most useful software outlives the hardware it was designed to run on
- When new hardware becomes available it’s cheaper to port existing applications than rewrite everything from scratch
Enhancements & new features - E.g. Dos, Windows 3.1, Windows 95/98/ME, Windows NT/2000/XP
Software Investment Costs in 2001 Typical software productivity is: - Between 2 and 20 lines of working code (LOC) per programmer per day
Average cost of a programmer per day (loaded with all costs): - Between 150 and 500 USD/day
Average cost to write a line of code (LOC) Cost to develop a 100,000 LOC application - Typically between 1 M USD to 5 M USD
Software Evolution is a Must You cannot just throw away software and redo it - Cost is one thing
- But time-to-market is usually even more important
Your software might not need to be very dependable, but… … it must be capable to evolve Examples - The GNU Ada/C/C++ compiler is over 2 M LOC
- Emacs editor is approx 1.4 M LOC
- GNU/Linux is approx 4 M LOC
Software Trend Software is increasingly developed by extending and modifying existing systems
Summary Depending on your application domain Some or all of the software dependability parameters are probably important - availability, reliability, safety, security
… but in almost all cases software evolution is fundamental
Dostları ilə paylaş: |