Outline Software design · Goals History of software design ideas Design principles Design methods Life belt or leg iron? Budgen copyright Nancy Leveson, Sept. 1999
. Outline: Software Design Goals History of software design ideas Design principles Design methods Life belt or leg iron? (Budgen) Copyright c Nancy Leveson, Sept. 1999 �
A Little History At first, struggling with programming languages, small programs math algorithms Worried about giving instructions to machine(efficiency) Think like a computer Found that life cycle costs depend far more on how well communicates with people than how fast it runs Separated the two and more emphasis began on How to write software to communicate algorithms and structure to humans How to structure design process itself Copyright Nancy Leveson, Sept 1999
A Little History ... At first, struggling with programming languages, small programs, math algorithms. Worried about giving instructions to machine (efficiency) "Think like a computer" Found that life cycle costs depend far more on how well communicates with people than how fast it runs. Separated the two and more emphasis began on How to write software to communicate algorithms and structure to humans How to structure design process itself. c Copyright Nancy Leveson, Sept. 1999 �
Structured Programming Goal: mastering complexity Dijkstra, Hoare, Wirth Construction of correct programs requires that programs be intellectually manageable Key to intellectual manageability is the structure of the program itself Disciplined use of a few program building blocks facilitates correctness arguments
Structured Programming Goal: mastering complexity Dijkstra, Hoare, Wirth: Construction of correct programs requires that programs be intellectually manageable Key to intellectual manageability is the structure of the program itself. Disciplined use of a few program building blocks facilitates correctness arguments. Copyright c Nancy Leveson, Sept. 1999 �
Structured Programming(2 Restricted control structures Levels of abstraction · Stepwise refinement ° Program families ° Abstract data types System structure Programming-in-the-large Vs. programming-in-the-small Modularization Minimizing connectivity Copyright Nancy Leveson, Sept 1999
Structured Programming (2) Restricted control structures Levels of abstraction Stepwise refinement Program families Abstract data types System structure: Programming-in-the-large vs. programming-in-the-small Modularization Minimizing connectivity Copyright Nancy Leveson, Sept. 1999 c �
Restricting Control structures Dijkstra 3 main mental tools Enumerative reasoning Mathematical induction Abstraction( e.g., variable, procedure, data type) 1. Restrict programs to constructs that allow us to use these mental aids Sequencing and alternation(enumeration) Iteration and recursion(induction) Procedures, macros, and programmer-defined data types SESX Small procedures 2. Make program structure fit problem structure ght Nancy Leveson, Sept 1999
Restricting Control Structures Dijkstra: 3 main mental tools Enumerative reasoning Mathematical induction Abstraction (e.g., variable, procedure, data type) 1. Restrict programs to constructs that allow us to use these mental aids. Sequencing and alternation (enumeration) Iteration and recursion (induction) Procedures, macros, and programmer-defined data types SESX Small procedures 2. Make program structure fit problem structure. Copyright Nancy Leveson, Sept. 1999 c �
Levels of abstraction 1968: Dijkstra paper on his experiences with T.H. E Multiprograming system Designed using "levels of abstraction System design described in layers Higher levels could use services of lower levels Lower levels could not access higher levels Lowest level implemented first Provided a virtual machine"for implementation of next level Process continued until highest level completed a bottom up"technique Copyright Nancy Leveson, Sept 1999
Levels of Abstraction 1968: Dijkstra paper on his experiences with T.H.E. Multiprograming system Designed using "levels of abstraction" System design described in layers Higher levels could use services of lower levels Lower levels could not access higher levels Lowest level implemented first Provided a "virtual machine" for implementation of next level Process continued until highest level completed. A "bottom up" technique Copyright Nancy Leveson, Sept. 1999 c �
Stepwise Refinement Wirth(1971): Divide and conquer A top-down technique for decomposing a system from preliminary design specification of functionality into more elementary levels Program construction consists of sequence of refinement steps Use a notation natural to problem as long as possible Refine function and data in parallel Each refinement step implies design decisions. Should be made explicit cy Leveson, Sept 1999
Stepwise Refinement Wirth (1971): "Divide and conquer" A top-down technique for decomposing a system from preliminary design specification of functionality into more elementary levels. Program construction consists of sequence of refinement steps. Use a notation natural to problem as long as possible. Refine function and data in parallel. Each refinement step implies design decisions. Should be made explicit. Copyright Nancy Leveson, Sept. 1999 c �
ancy Leveson, Sept. 1999 Prime Number Program begin var table p fill table p with first 1000 prime numbers print table p end Assumes type"table"and two operators Design decisions made All primes developed before any printed Always want first 1000 primes Decisions not made Representation of table Method of calculating primes Print format
c Copyright Nancy Leveson, Sept. 1999 Prime Number Program begin var table p; fill table p with first 1000 prime numbers print table p end Assumes type "table" and two operators Design decisions made: All primes developed before any printed Always want first 1000 primes Decisions not made: Representation of table Method of calculating primes Print format �
Program Families right Nancy Leveson, Sept. 1999 Basic premise: Software will inevitably exist in many versions Different services for slightly different markets Different hardware or software platforms Different resource tradeoffs(speed vs space) Different external events and devices Bug fixes Think of development as a tree rather than a line Never modify a completed program Always begin with one of intermediate forms Continue from that point making design decisions Order of decisions important in how far have to back ul Make early decisions only those that can be shared by all family members Put off decisions as long as possible
Program Families Copyright c Nancy Leveson, Sept. 1999 Basic premise: Software will inevitably exist in many versions Different services for slightly different markets Different hardware or software platforms Different resource tradeoffs (speed vs. space) Different external events and devices Bug fixes Think of development as a tree rather than a line Never modify a completed program Always begin with one of intermediate forms Continue from that point making design decisions Order of decisions important in how far have to back up. Make early decisions only those that can be shared by all family members Put off decisions as long as possible. �
Abstract Data Types Copyright Nancy Leveson, Sept 1999 Defines a class of objects completely characterized by operations available on those objects Really just programmer-defined data type Built-in types work same way Allows extending the type system Pascal, Clu, Alphard, Ada Want language to protect from foolish uses of types (strong typing or automatic type conversion) Criteria: 1. Data type definition must include definitions of all operations applicable to objects of the type 2. User of ADT need not know how objects of type are represented in storage 3. User of ADT may manipulate objects only through defined operations and not by direct manipulation of storage representation
c Abstract Data Types Copyright Nancy Leveson, Sept. 1999 Defines a class of objects completely characterized by operations available on those objects. Really just programmer-defined data type Built-in types work same way Allows extending the type system Pascal, Clu, Alphard, Ada Want language to protect from foolish uses of types (strong typing or automatic type conversion) Criteria: 1. Data type definition must include definitions of all operations applicable to objects of the type. 2. User of ADT need not know how objects of type are represented in storage 3. User of ADT may manipulate objects only through defined operations and not by direct manipulation of storage representation. ���