CSE503: Software Engineering

Winter 2002
University of Washington
Department of Computer Science & Engineering

Last updated: Friday, February 15, 2002 09:44 AM

Instructor

• David Notkin (notkin@cs.washington.edu)

• Office: Sieg 114

  • 206-685-3798

  • Office hours: Mondays 4-4:30PM and Fridays 10-10:30AM (10:20-10:30, walking to Denny 216), or by appointment

Teaching assistant

• Jonathan Aldrich (jonal@cs.washington.edu)

• Office in Chateau 109a

• Office hours: Wednesdays 1-2PM, or by appointment

News and Information

• Recommended Text: David Parnas, Software Fundamentals. Available at the University Book Store ($50 new, $37.50 used).

• The course meets Monday, Wednesday, and Friday from 10:30-11:20 in Denny 216.  (New room effective 1/9/02.)

• Please subscribe to the cse503 mailing list by sending an email message with the line "subscribe cse503" in the body (not the subject) to majordomo@cs.washington.edu.

• Course mailing list archive

Tentative schedule	Monday	Wednesday	Friday
Week 1: January 7-11	Introduction 6-up pdf html	Proof of correctness (I)	Proof of correctness (II)
Week 2: January 14-18	Requirements/Specifications	Algebraic Specifications	Model-Based Specifications
Week 3: January 21-25	Holiday: No Class	Statechart-based Specifications	Model Checking 6-up pdf html
Week 4: January 28-February 1	Analyzing Object Models 6-up pdf html	Analysis/Tools (con't from Monday)	Design/Architecture 6-up pdf html
Week 5: February 4-8	Design/Architecture	Design/Architecture 6-up pdf html	Design/Architecture
Week 6: February 11-15	Design/Architecture 6-up pdf html	Evolution 6-up pdf html	Evolution 6-up pdf html
Week 7: February 18-22	Holiday: No class	Evolution	Evolution
Week 8: February 25-March 1	Architecture 6-up pdf	Architecture 6-up pdf	Test/Quality Assurance
Week 9: March 4-8	Test/Quality Assurance	Test/Quality Assurance	Miscellaneous
Week 10: March 11-15	Miscellaneous	Miscellaneous	Miscellaneous

Required work

• Homework #1: specifications
  • Assigned: January 14, 2002
    • Part I
    • Part II (made available 1/18/02)
  • Due: January 28, 2002 at 10:30AM
  • This accounts for 20% of the grade in the course
  • This may be done in pairs; students working in pairs share a grade.
  • Sample Solution
• Homework #2: analysis/tools/testing
  • Assigned: February 11, 2002
    • Part I
  • Due: March 4, 2002 at 10:30AM
  • This accounts for 20% of the grade in the course
  • This may be done in pairs; students working in pairs share a grade.
  • Sample Solution
• Do either (A and B) or C

1. A 10-15 page term paper on a one of the subjects found below (or by negotiation with the instructor and TA) [30%]
   • The objective of this paper is to take the topic, do some added reading and research into it, and provide a scholarly assessment of the state-of-the-art in the area, including open issues.
   • The paper must be written with other members of the class as the intended audience.
   • This must be done alone.  (It's fine to talk to others about the ideas and issues, but the work must be your own.)
   • Possible topics include
     • What is the state of model checking as applied to models extracted automatically from source code?
     • What are the key tradeoffs in the different underlying computational models (e.g., model checking, SAT solvers) for finding counterexamples in Nitpick and the Alcoa systems?
     • What is state-of-the-art in automated theorem provers and/or in proof assistants?
     • What is the state-of-the-art for proofs of program correctness for programs that include [side effects, exceptions, etc. --- pick one or two such language features]?
     • What is the state-of-the-art for proving correctness of object-oriented programs (not "just" abstract data type programs)?
   • Other students are looking at various issues in design patterns, extreme programming, automatic inference of invariants, etc.
   • Here are some model term papers from the first assignment:
     • Nicholas Deibel. On the Automatic Detection of Loop Invariants
     • Dan B. Goldman. Refactoring Tools for Extreme Programming: an Overview
     • Andrew M. Schwerin. Principles and Patterns for Security
     • Wilmot Li. Applications of Predicate Abstraction to Software Analysis
2. A tool evaluation [30%]
   • Choose a tool from our list:
     • Rigi is a reverse-engineering tool that is designed to help programmers understand and reengineer large C programs.
     • "Jinsight is a tool for visualizing and analyzing the execution of Java programs. It may be useful for performance analysis, memory leak diagnosis, debugging, or any task in which you need to better understand what your Java program is really doing."
     • Daikon is a tool for dynamically detecting likely invariants in Java and C/C++ programs.
     • ESC/Java is a tool for finding errors in Java programs. It uses static analysis to find errors such as null dereference errors, array bounds errors, type cast errors, and race conditions at compile time. It supports pre- and post-condition style reasoning.
     • Bandera is a tool for verifying properties of Java programs using model-checking.
     • SLAM is a tool for verifying that clients of an interface use that interface correctly. It looks like SLAM is not currently available, although we could contact people at MSR if someone really wants to use this tool
     • Purify is a tool for detecting memory errors in C/C++ programs at runtime, or debugging garbage-collection related problems in Java. A free trial version of this commercial product is available.
     • NORA/RECS is a tool for restructuring code.
     • Lackwit is a tool that helps programmers with reverse engineering or restructuring tasks. The tool can detect abstraction violations, identify unused variables, functions, and fields of data structures, and detect simple errors of operations on abstract datatypes (such as failure to close after open).
     • Hyper/J is a tool that supports better separation of concerns that cross-cut standard class and method boundaries.
     • Java PathFinder is a model checker for Java programs.
     • Ajax is an infrastructure for building analysis tools. You could apply the built-in analysis tools to programs (finding dead code, checking downcasts for safety, identifying unused fields) or use the infrastructure to build your own code analysis.
     • Splint (formerly LCLint) is a tool for statically checking C programs for security vulnerabilities and coding mistakes.
     • ArchJava is a small extension to Java (developed here at UW!) that lets programmers express the software architecture of a Java program within the source code. The compiler verifies that the code conforms to that architecture.
     • you may request that we allow you to use an alternative tool.
     • Note: we will be vetting these tools to make sure they are reasonably usable; stay tuned
   • Apply the tool to one or more realistic programs with the intent of developing a qualitative assessment of the strengths and weaknesses of the tool.
   • The assessment must be written with other members of the class as the intended audience; it may be written as a document or a web page.
   • This may be done in pairs; students working in pairs share a grade.
   • Here are some model tool evaluation papers from the first assignment:
     • Amol Prakash and Mausam. Tool Evaluation : DAIKON
     • Miryung Kim and Andrew Petersen. An Evaluation of Daikon: A Dynamic Invariant Detector
     • Gang Zhao and Xin Dong. Tool Evaluation of Rational Purify
     • Bart Niswonger. Tool Evaluation: ESC/Java
3. An extensive project with a significant implementation component [60%]
   • This option requires my permission and explicit agreement on a topic.
   • Only recommended for those with a strong background both in software engineering and in system implementation.
   • This must be done alone.  (It's fine to talk to others about the ideas and issues, but the work must be your own.)

• If you do the project (C), it is due on Wednesday March 20, 2002 at 11:00am (when the final would start if we were having one).
• If you do the term paper and tool evaluation (A and B), you may do them in either order with one of them due on Monday February 25, 2002 at 10:30AM and the other due on Wednesday March 20, 2002 at 11:00AM

Reading

• Proving programs correct
  • I've been unable to find good overviews of papers for this topic
  • Instead, I refer you to the following web sites for some reasonable material; these are not required readings, but may be of interest as a variant on my lectures on this material and as a reference for questions on the homework.
    • Notes and more notes from David Stotts; includes some interactive examples of proofs
    • Some slides from Doron Peled
    • Some notes from Michael Gordon (all in .dvi format)
    • There are numerous other sites, but the material is similar
    • Absolutely not required, but here's the original paper by Hoare if you want to read it: An Axiomatic Basis for Computer Programming, CACM 12,10 (October 1969).
    • I haven't yet found good (readable) material for proofs of abstract data types, but I will.
  • The following paper is required reading (by Monday 1/14/02): Social Processes and Proofs of Theorems and Programs, R. A. DeMillo, R. J. Lipton and A. J. Perlis, CACM 22, 5 (May 1979).
• Requirements and specification
  • The Z Notation: A Reference Manual.  J.M. Spivey.  Chapter 1 only.  http://spivey.oriel.ox.ac.uk/~mike/zrm/
  • Statecharts: A Visual Formalism for Complex Systems.  D. Harel.  http://www.wisdom.weizmann.ac.il/~harel/Statecharts87.pdf.  Please read Sections 1-3 with some care, and skim the remainder of the article.
• Tools and analysis
  • Model checking large software specifications.  R.J. Anderson et al.  FSE 1996.  pdf.
  • Finding Bugs with a Constraint Solver.  D. Jackson and M. Vaziri.  ISSTA 2000.  http://sdg.lcs.mit.edu/~dnj/pubs/issta00.pdf
• Design
  • On the Criteria To Be Used in Decomposing Systems into Modules.  D.L. Parnas.  Communications of the ACM, 15, 12, December 1972 pp. 1053 - 1058
• Architecture
  • An Introduction to Software Architecture. David Garlan and Mary Shaw.
  • Optional reading: ArchJava: Connecting Software Architecture to Implementation. Jonathan Aldrich, Craig Chambers, and David Notkin. To appear in ICSE 2002.