Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Tools To Automate Checking of Software Design

Posted by Zonk on Fri Jun 02, 2006 04:32 PM
from the looks-good-chief dept.
Software Programming IT Technology
heck writes "Scientific American describes some of the work to develop tools for examining the design of software for logical inconsistencies. The article is by one of the developers of Alloy, but the article does reference other tools (open and closed source) in development. The author admits that widespread usage of the tools are years away, but it is interesting reading the approach they are taking regarding validation of design."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Tools To Automate Checking of Software Design 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • too hard. (Score:5, Insightful)

    by yagu (721525) * <yayagu@gmail.3.14159com minus pi> on Friday June 02 2006, @04:34PM (#15458140) Journal

    Back in the mid-80s I attended a seminar in Atlanta, it was about automated software engineering... and tools and workbenches that would take as input specifications and design parameters and would crank out entire suites of software/applications. (Heck, there was even a new acronym for it, can't remember what it was, but it was a hot, hot, hot button for a few years.) We were pretty much warned our careers were over, automation was here to generate what we as professionals had studied years to create.

    It never happened. It never came close to happening. We are as far away today or further from tools that can generate applications transcendentally.

    I was skeptical then, I'm skeptical now. Tools like the ones described are useful, but they're not foolproof, and they hardly supplant the intuition and "art" that is programming.

    At best tools are an adjunct to the software development process, not to be a replacement for common sense testing and design and code walkthroughs. I could construct many scenarios that logically would be consistent but have no relationship to the desired end of the application, i.e., a logic consistency tool would not detect a problem. Any poorly designed system with these "new" tools applied will merely be rigorously poor systems.

    As for the prime example (in the Scientific American article) of the Denver International Airport baggage handling debacle, I doubt logic analysis tools would have had much impact on the success or failure of that effort. I knew people involved in the project, and "logic consistency" in their software was the least of their problems. (I would have loved to been on a team to design and develop that system -- I think it was a cool concept, and ultimately VERY feasible... )

    I did get one benefit from the Atlanta Seminar -- I got a football signed by Fran Tarkenton (he was CEO of one of the startup companies fielding a software generating workbench).

    • CASE (Computer Aided/Assisted Software Engineering?)?
    • We are as far away today or further from tools that can generate applications transcendentally.

      True, but the fallout's been useful. Ever used Rational XDE? I see Sun has something similar in the latest Sun Studio 8 Enterprise, but I haven't used it. Basically, it's a round-trip UML modeler: lay out your class diagram, and XDE will generate the code for it. Update the generated skeleton with "real" code, and XDE will update your model from the changes. It's much nicer than trying to do things with Ratio

    • We were pretty much warned our careers were over, automation was here to generate what we as professionals had studied years to create.

      I vaguely recall that fad as well. A lot of executives were jazzed about the idea, as they seemed to assume that software was rote and procedural anyway. They viewed programmers as simple translators, not realizing that program code doesn't just facilitate the resulting software, but was the software. Regardless of how many tools you devise to commoditize the basic functions

      • By the same token, code checkers can't know what your intentions are for every variable and class relationship. They can tell you if you generate invalid or null variables, or if a function is orphaned, stuff that is strictly boolean. Beyond mistakes like that, you'll have to tell the checker in explicit manners what to look for, negating the benefit of the tool.

        If you state your intentions in a language that the code checker understands (preferrably a language designed to be expressive when it comes to mak
    • Yeah, that investigation was called the "AD/Cycle", and Fran Tarkenton was the CEO of Knowledgware at the time.

      The thing is, on an abstract level, "Designing Code from Logically-Proven Constructs" (the title of a book by James Martin) makes total sense: If the base elements are logically proven, and if the complex elements are constructed of base elements, then the output will have no un-proven output. However, the design of the programs needs to be at a meta-level to the operation. (Thanks, Goedel!) I coul

      • Re:too hard. (Score:5, Insightful)

        by AuMatar (183847) on Friday June 02 2006, @04:43PM (#15458194)
        UML is snakeskin oil in and of itself. Yes, its occasionally useful to draw a diagram. Yes, a simple common syntax for those can be good. But thats about all its useful for- designing in UML is a joke (it just doesn't, and never can, portray all the information that text can) and automatic code generation is even more of a joke (at absolute best, it saves you 5 minutesof typing boilerplate class skeletons).

        • Re:too hard. (Score:5, Insightful)

          by Anonymous Coward on Friday June 02 2006, @05:14PM (#15458416)
          I agree completely with the code-generation ... it's useless.

          When I was young, stupid and without real-world experience, I also thought UML was crap. However, once you realize that the point of UML is not helping to design, but helping to communicate the design to other developers, it becomes useful (not ground-breaking, not amazing, not neccessary, just useful).

          It's like that: when you design a piece of software alone, you can use whatever system you want to model it (keep it all in your memory, write class-structure as pseudo-code etc.). If you need to communicate your design to others, it's good to have a system with defined semantics to formulate the design (visualization is not even the issue here), and one such system is UML; surely not the best, but one that a sufficient number of developers (software engineers, not programmers) are trained to understand.

          Lacking such a system of communication, you would first have to explain the meta-model (explain how the description of your design is to be understood) instead of just explaining the design-model itself.
        • Yes, UML cannot portray all the information text can, especially when you are specifying business rules. Yet text can be a very confusing way of decribing a class heirarchy or set of states and transitions or relationships in a set of database tables. For this sort of information a diagramming language like UML is very very useful.

          I also agree with you about code generation - it is a very minor feature of UML tools. What isn't so minor however is reverse engineering. Taking a legacy project and generating
        • There you go, blaming your tools...

          There are environments that have had great success implementing UML in their design process. My favorite example is from Nokia:

          http://www.powells.com/biblio?isbn=0521645301 [powells.com]

          I had trouble wrapping my head around UML until I read Jaaksi's books (there's more than one), and I've been using Rational Rose since 1996. I never found or developed a clear system for making it work until I read his books.

          A book that clearly describes the case for code generation (and the limits) is t

        • Re:too hard. (Score:4, Insightful)

          by deathy_epl+ccs (896747) on Friday June 02 2006, @06:45PM (#15459030)

          at absolute best, it saves you 5 minutes of typing boilerplate class skeletons

          The code generation from UML is only supposed to be the class skeletons, and I've got to ask... have you never written an application with more than a handful of classes? The time spent just building the skeletons for some of the applications I've written over the years has taken a helluva lot longer than 5 minutes.

          I personally find class diagrams darned useful. I also find use case diagrams useful not because they help the programmer, but because they help to make sure that we correctly understand what the user is asking for.

          From reading your post, though, I'm not entirely certain you have actually bothered to learn UML before you started to slam it. You say:

          it just doesn't, and never can, portray all the information that text can

          Anybody who knows UML knows that an incredible amount of the work is done in text. Sure, you can create state and activity diagrams for your use cases... or you can just attach textual documentation that is typically easier to create and much smaller than state or activity diagrams. This is what you are typically ENCOURAGED to do for anything but the most convoluted process... and when you have a very convoluted process, even text fails.

          There are times that it is very useful to have pictures with circles and arrows and a paragraph on the back of each one.

          UML is not the best solution for every development project, for very large projects with lots of developers involved, it can certainly make life easier.

        • I think something is missing here:
          - Diagrams are useful in design
          - Common syntax and standards are useful in technical artifacts (e.g.: code, documents)

          Ergo:
          - Designing in diagrams using an effective, standard syntax is a joke.

          Complaining about UML being insufficient for a complete design is like complaining that CGI is not enough to create a movie. It is both obviously true and obviously besides the point.

          Like any decent tool, it serves a particular task for which the alternatives are inferior or more cost
        • automatic code generation is even more of a joke (at absolute best, it saves you 5 minutesof typing boilerplate class skeletons).

          False.

          I have written a series of XML-based code-generators over the past five or six years, and found them increasingly useful. I started out with a big dream: represent an application as a narrative [supersaturated.com] and tie the document structure (DTD) to the program structure in a deep and powerful way.

          Like a lot of big dreams, it didn't survive contact with reality (or with other developers).
  • This may be great for catching some bugs, but I think the majority of problems within software are not from "conflicting" instructions, they come from the program doing to wrong thing (i.e. not what we wanted) or simply performing an illegal opearation in the process of getting the correct results. Neither of these cases is a logical inconsistancy. Now maybe if we all programmed in Prolog this would be more useful ...
    • This is why you really want to state clearly the assumptions made on entry to every function (the preconditions) and the consequences that logically follow from applying what you think the function does to the data passed in, given those preconditions (the postconditions).

      You then want the automated tool to map out the paths through the code, substituting every variable for an equivalent expression consisting of the inputs that would go into producing that variable, for each path. (This works for loops, so

  • For members of IEEE with a subscription to IEEE Computer Society's Transactions on Software Engineering, the last issue (April) has a very interesting article related to this stuff titled: Interactive Fault Localization Techniques in a Spreadsheet Environment [computer.org]. Basically, the article explains how they have worked to develop and test techniques that allow "end-user programmers" (people who create formulas in spreadsheets and such) to use automated fault localization testing tools to help debug their "applications" (spreadsheets) at runtime. Pretty interesting stuff that they found in their analysis. (It's easier for you to just go read it than for me to attempt to summarize it at the end of my work week. ;)
  • From what I'm reading it looks like these programs preform all sorts of different executions, thats great and all, but they probably dont behve like real people do. The average user isn't going to create a file and then (in the middle of that) start running the delete file interface. Also I doubt these tests include other common user issues (like clicking the same function over and over again if it doesn't respond immedietly). Maybe I'm just not understanding what these do... but if I'm even half right, rea

    • From what I'm reading it looks like these programs preform all sorts of different executions, thats great and all, but they probably dont behve like real people do. The average user isn't going to create a file and then (in the middle of that) start running the delete file interface. Also I doubt these tests include other common user issues (like clicking the same function over and over again if it doesn't respond immedietly). Maybe I'm just not understanding what these do... but if I'm even half right, rea

    • But it's still important to test those kind of things. A user MAY do that. Apple used to have a way of testing things that was rather ingenious. They used it to get rid of the bugs in the original Mac OS. Check out the story at Folklore.org [folklore.org].

  • LWN - Lock Checker (Score:4, Interesting)

    by MBCook (132727) <foobarsoft@foobarsoft.com> on Friday June 02 2006, @04:48PM (#15458230) Homepage
    LWN [lwn.net] just did a piece on a lock validator that just went into the kernel. The article [lwn.net] is currently subscriber only and won't be visible to non-subscribers until next Tuesday, IIRC.

    It was a very interesting piece. It talked about the problems of locking (more locks makes deadlocks easier, but they get harder to track down) and the way the code went about finding problems. Basically it remember when any lock was taken or released, which locks were open before that, etc. Through this it can produce warnings. For example if lock B needs lock A, but there is a situation where lock B is taken without A being taken it will flag that.

    The article has MUCH better descriptions. But through the use of this the software can find locking bugs that may not be triggered on a normal system under normal loads. Here is summary bit:

    "So, even though a particular deadlock might only happen as the result of unfortunate timing caused by a specific combination of strange hardware, a rare set of configuration options, 220V power, a slightly flaky video controller, Mars transiting through Leo, an old version of gcc, an application which severely stresses the system (yum, say), and an especially bad Darl McBride hair day, the validator has a good chance of catching it. So this code should result in a whole class of bugs being eliminated from the kernel code base; that can only be a good thing."

    It was a piece of code from Ingo Molnar, you should be able to find it on the kernel mailing-list and read about it.

    Kudos, by the way, to LWN for the great article.

  • software snake oil (Score:4, Insightful)

    by penguin-collective (932038) on Friday June 02 2006, @04:50PM (#15458241)
    None of those tools have ever been demonstrated to be cost-effective means of making software more dependable. It's an article of faith that adding a complex notation and another complex set of tools to the development process makes the product any better.

  • Finding Nemo Architecture (Score:5, Interesting)

    by Anonymous Coward on Friday June 02 2006, @04:57PM (#15458287)
    This reminds me of my previous job. One day the owner of the company came up with a brilliant idea. He had just watched the movie "Finding Nemo" and asked me, "have you ever seen finding nemo? You know those little silver fish? I think we should design a system based on those little silver fish. If we get enough small components they can be combined into any piece of software. Eventually we wouldn't need any more components and thus no more software developers. All of our software would be made by sales guys who could just combine these components into any software we need." I remember thinking to myself that we could just start with quarks and we could build everything in the universe. But I didn't say anything and was just happy to not be chosen to be on the team creating the silver fish.

    6 years later, dozens of programmers, and millions of dollars, the finding nemo architecture has been a bust. The owner of the company refuses to give up on the idea. They currently have created components of "and" and "or" gates and use "wires" to put them together. It reminds me of entry level electrical engineering. Back before they tell you that writing software on flash is usually easier and cheaper than wiring together dozens of IC's. In any case, I eventually did get sucked into the project and promptly left the company.

    • Well, he didn't totally have the wrong idea, he just took it too far and went the wrong way. Reusable components are good. If you can just download a library that can do X, write a bit of glue code, and be done your productivity has skyrocketed. But there will always be glue code to write. And the idea isn't to write every component you'll ever need first, its to write/find libraries as you need them, being careful to write them in a reusable fashion. You'll never have your sales guys as your main code

      • Re:Finding Nemo Architecture (Score:5, Interesting)

        by TapeCutter (624760) on Friday June 02 2006, @10:13PM (#15459981) Journal
        "If you can just download a library that can do X, write a bit of glue code, and be done your productivity has skyrocketed."

        When I worked for IBM in the 90's the CEO made the pronouncement: "All code has been written, it just needs to be managed". We all thought he was clueless, nevertheless here I am 10yrs later writing "glue code" for somebody else and IBM is still the largest "software as a service" company on the planet.
    • That story showcases the weakest component in the software design process: humans. In this case, the owner of the company.
    • I don't think the idea is bad, but your boss/company seems to equate the "magic" of schools of fish to their small size, whereas it's their capability to self-organize using simple rules. Ala the game of life, cellular automata, etc.

    • It is six years since Finding Nemo was released? Looks like it was yesterday I saw the movie. [quick googling "finding nemo year release"] 2003. How long would it have taken the "tool" to find this contradiction in your posting?
    • Fish school through autonomous intaraction with the state of their observable surroundings. Most times, the local heuristic on movement is not very linear, and the swarm folds on itself, moves randomly, changes volume and surface topology.

      When this type of intelligence is directeted toward some more concrete goal, such as getting away from a predator (for fish), it turns out that the average path can be near optimal if the proper heuristics can be chosen.

      http://en.wikipedia.org/wiki/Swarm_intelligence [wikipedia.org]
    • Yep.

      If we get enough small components they can be combined into any piece of software. Eventually we wouldn't need any more components and thus no more software developers.

      the key is that phrase "can be combined" although my second pick is "eventually". your finding nemo system will have to be self-organizing because is too vast to have organization imposed from without. You already have that kind of system today anyway. So if you have a self organizing system, two questions are a) how does it arise and b)
  • Now a computer can discover the flaws in the design of a piece software, and advise the developers of them. Who, if they're in any way involved in design of games, will promptly ignore them and release a post-release patch to fix the issues they knew were there anyway. But hang on.. just how will you check for inconsistencies in the design of the analysis tools?
  • These types of algorithmic testing tools are useful for small, truly critical functionality that has to work perfectly. It's not cost effective to try to model typical complex software in a manner that supports testing as described in the article. Most programming is not about designing the next great single algorithm, it's about integrating data, interacting with users, and providing all the logic to handle the myriad special cases that make up user requirements. Rarely is such a testing tool going to cov

  • Crutch for bad developers (Score:3, Insightful)

    by cryptomancer (158526) on Friday June 02 2006, @05:08PM (#15458363)
    Sounds like some producer wants a magic-bullet program to replace some bad-performing designer. Even in the case of a 'useful' tool to apply to projects, this is likely to become an excuse for when an inconsistency is found later on by QA- "the program said it was good!"

    It's not going to find everything, let alone fix it. See Turing: the halting problem.
    • It's not going to find everything, let alone fix it.
      OTOH, it may find plenty of things that would otherwise be missed. Of course, people will misuse it some times and blame the results on the software. That's not a reason to think the software is a bad idea -- its not like not having automated validation software will stop people from doing inadequate QA, or poor design.

  • Detecting too late (Score:3, Interesting)

    by Doctor Memory (6336) on Friday June 02 2006, @05:13PM (#15458403) Homepage
    If they're checking the software design for inconsistencies, then they're too late. What is needed is some way to formally specify user requirements, so that they can be checked for completeness and consistency. Use cases are nice, but they're not sufficiently rigorous to capture absolutely all the requirements. I know there have been some schemes tossed around for requirements validation, but none that I've seen have really been general-purpose enough for the average project.
    • There are formal methods such as Z Notation [wikipedia.org] for specifying the behavior of a general-purpose (not even necessarily computer-based) system in a provable, checkable way. Unfortunately, precisely specifying the behavior of a nontrivial system is a lot of work, as is learning how to use a formal method in the first place. Theoretically, someday tools will make it easier, but specifying the intended behavior ahead of time will still be time-consuming and often difficult to justify to management.

      Other posters

      • Maybe what is needed is a dual source code -- one source code specifying what is supposed to happen (specification) and another source code specifying how it is supposed to happen (algorithm). If you had a complete specification, you would think you could automatically generate the algorithm, but in that case, your specification would be a form of programming and would have to be airtight.

        But why does the specification have to be a one-to-one mapping into the algorithm? Couldn't the specification be of

  • PHP security checker (Score:3, Funny)

    by roger6106 (847020) on Friday June 02 2006, @05:14PM (#15458409)
    Making a tool to check most programs for errors sounds extremely complicated, but wouldn't it be possible to make a more simple tool that checks the security of a PHP/MySQL website?

  • Good Software Design (Score:5, Insightful)

    by KidSock (150684) on Friday June 02 2006, @05:14PM (#15458413)
    A good design correctly models the concept of what it is you're trying to achive with the program. Ultimately this means the programming interfaces (APIs) for each concept are correct [1]. Don't design interfaces around procedures. Don't design interfaces around the physical world. Design to *concepts* and *ideas*. This is superior because you will never discover at a later time that the code is fundamentally flawed and needs to be totally re-written. If the interface correctly models the concept, by definition, it CANNOT be wrong. If it is wrong then you simply didn't understand the concept well enough or you failed to translate that concept into a suitable interface and you just need to think more and type less. If you do get things right you'll find that major peices dovetail together perfectly [2]. The implementation can be wrong and may need to be re-written but if the interface correctly represents the concept the re-write will be localized to one library or part of a library. That is a much more straight forward matter than using a bad design and finding half way through a project that the required changes transcend the whole system.

    And thus you cannot validate a design because that would require representing a concept and determining if an interface suitably models it. That is HARD. If that were possible you would effectively have a thinking, rationalizing, brain (Artifical Intelligence) in which case you wouldn't be dorking around with validating programs, you would be dynamically generating them.

    [1] Frequently people advocate that interfaces are "well defined". That just means there are no holes in the logic of it's use. Personally I think a well defined interface is useless if it does not correctly model a concept. You can always go back and fill in the holes later.
    [2] Although this is also when you discover that you didn't get the concept right and need to adjust the interface (hopefully not by much)

    • A well defined interface means that if you build 1 million holes in a plank and I deliver 1 million pegs, when they "meet" they fit.

      A square hole and a round hole, one 1 inch in diameter and one 1 foot wide, all of them model the concept, but are utterly useless.

      You can always go back and fill in the holes later.

      No you cannot, otherwise we would all use Dvorak keyboards, not this stupid Qwerty. And we would have had HDTV 15 years ago. And...

  • Why is this billed as software help? (Score:3, Interesting)

    by lilnobody (148653) on Friday June 02 2006, @07:13PM (#15459191)
    The article sounded good, so I went to the alloy site. Having just read through the tutorials, and some of the docs, I can't imagine what possible use this software could have in the majority of software development.

    It's basically a nifty, graphical declarative programming language. Anyone familiar with Prolog and set theory will breeze through the docs, only to ask "Why?" at the end.

    One of the tutorials, for example, is a way to get Alloy to create a set of actions for the river crossing problem, and list them. Thus, alloy has saved the poor farmer's chicken. It's actually quite a cool set of toys for set theory, and it generates all possible permutations of a system with rules and facts based on how many total entities there are in the system, and checks the system for consistency. There are doubtless uses for this, but software development is, at the moment, not one of them.

    The other tutorial is about how to set up the concept of a file system. The tutorial sets up a false assertion (assertion = something for Alloy to test), which fails. Here is the reasoning, with summary to follow for disinterested:

    Why can this happen? First, let's note that both delete functions cause the rows of the contents relation in the post-state to be a subset of the rows in the pre-state. And we know the FileSystem appended facts "objects = root.*contents" and "contents in objects->objects" constrains the root of the file system to be the root of the contents relation. So if the post-state has a non-empty contents relation, it will have the same root as the pre-state. However if delete function causes the post-state to have an empty contents relation, then the root is free to change arbitrarily, to any directory available. Bet you didn't see that coming. Good thing we wrote a model!

    Basically this says that in a 2-node scenario, i.e. a root directory with one subdirectory, they delete the subdirectory with their delete function. The way they defined the delete function basically meant that the 'deleted' node could, in theory, be the root of the file system after the deletion operation occured, since there was no constraint on which node of the file system was root after the change. They basically said under these constraints, it was possible to define a 'delete' function that deletes the subdirectory in a 2-node filesystem and then makes that same subdirectory the root of the filesystem.

    Good thing we built a model, indeed! A bug in the programming of your model is by no means a valid use for spending a significant amount of effort modeling a concept in set theory. The best part is that all of your effort amounts to mental masturbation--there are no tools for turning this into a programming contract, test cases, or anything. Some projects are in the works in the links area, but they aren't there yet, and only for Java. I don't see how the amount of effort that would be required to model a large scale, realistic project in this obtuse set notation would be worth it for absolutely no concrete programming payoff. Writing HR's latest payroll widget, or even their entire payroll system, is just not going to get any benefit from this.

    All that aside, it's concievable that this sort of model programming could find use in complicated systems in which high reliability is paramount. The usual suspects, such as satellites, space, deep sea robots or whatever come to mind--this system could prove, for example, that a given system for firmware upgrades cannot leave a robot in mars in an inoperable state, unable to download new, non-buggy firmware.

    But it still can't prove the implementation works. *slaps forehead*

    nobody

  • Although you should design at this level, many problems hit LONG before design. The big problems I've seen have been in the analysis stage where you gather customer requirements and translate them into a very detailed requirements document.

    If your non-trivial project lacks such a document, it will probably fail.

    The only way to overcome a lack of requirements is to have a heroic effort by one or more engineers, and even then you end up with many of the same problems.

    The problems will stem from missing a few
  • FTA: More recently, researchers have adopted a very different approach, one that harnesses the power of today's faster processors to test every possible scenario. This method, known as model checking, is now used extensively to verify integrated-circuit designs.

    The problem with this is that algorithmic software does not work like ICs. The only way to solve the crisis is to abandon the algorithmic software model and embrace a non-algorithmic, signal-based, synchronous model. This is the model used in hardwar
  • One of my friends did a project for masters. Some simple code that will read the submitted source, count the number of code lines, comment lines, average number of lines per function etc and print out some stats about "quality of the code". His prof ran his project code source itself as the input! It flunked itself for not having enough comments, for having functions that were too long, not breaking up large source files, for using too many nested levels of code etc

    Microsoft sells collaboration software a

  • Formal Modeling/Model Checking (Score:5, Informative)

    by aeroz3 (306042) on Friday June 02 2006, @09:56PM (#15459929)
    The point of these tools, is to simply verify the consistency of a design, not to execute or examine existing source code. The steps involved are:
    1) Come up with software design
    2) Implement software design in one of these tools (model it in Z, or as a state machine using fsp/ltsa)
    3) Use said tool to verify the consistency of the design.

    Now, this activity, of course, takes a lot of time, and is unlikely to ever be of any use to your average J2EE/Ajax/Enterprise application. Areas where they CAN be of use are in things such as life-critical systems. For instance medical devices, or air plane control systems. Using something like FSP/LTSA you can model, check, and verify that your design does not every allow the system to enter into an invalid state. Now, remember, this says nothing about the final code, there is a separate issue of the code not matching the design, but it is possible to verify that the design does not ever lead to invalid states.
  • ...science of abstraction physics.

    yes the software industry is still playing with magic potients and introductary alchemy.

    Why is a simple answer to give.

    money, job security and social status.

    Someone posted that they were warned that their jobs would become extinct upon automated software development.
    but the fact is.... who but those who have their job to risk....are in a position to employ such tools?

    snake oil software development is a self supported dependancy... far from genuine computer software science (of which we haven't really seen since the US government held the money carrot up for code breakers during WWII.

  • For more information... (Score:3, Informative)

    by dwheeler (321049) on Friday June 02 2006, @11:33PM (#15460216) Homepage Journal
    The referenced article has a lot about formal methods tools (including "light" formal methods tools). See the paper High Assurance (for Security or Safety) and Free-Libre / Open Source Software (FLOSS)... with Lots on Formal Methods [dwheeler.com] for FLOSS programs that support this. For a list of some tools that look for security vulnerabilities, see the FlawFinder web site [dwheeler.com], which links to others.

    Alloy is a cool tool, if it does something you want done. But nobody should be fooled into thinking that you can just run Alloy and suddenly your code is perfect. Alloy just helps you check out a model based on set theory, etc... it's a long distance from models like that to the actual code.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.