A team of researchers has embarked on the loftiest of goals: To make software bugs and vulnerabilities a thing of the past. Can they possibly be succcessful? Constellation Research VP and principal analyst Steve Wilson isn't so sure. First, here are the key details from Princeton's website:
Funded by a $10 million, five-year grant from the National Science Foundation (NSF), Appel and fellow researchers at the University of Pennsylvania, Yale University and the Massachusetts Institute of Technology plan to develop integrated tools to eliminate uncertainty from the complex task of software development. A goal beyond the core research is to reshape the industry itself by erasing the gap between researchers, who have made significant strides in the fight against bugs, and educators who are teaching the next generation of programmers and engineers.
"In our interconnected world, software bugs and security vulnerabilities pose enormous costs and risks," said Appel, the Eugene Higgins Professor of Computer Science. "When you press the accelerator pedal or the brake in a modern car, for instance, you're really just suggesting to some computer program that you want to speed up or slow down. The computer had better get it right."
The researchers' initial challenge will be to dissect the overwhelming complexity of modern hardware and software to uncover the factors that determine how various computer components work together. The next step is to develop "deep specifications" — gritty, precise descriptions of the behavior of software based on formal logic (deductive reasoning, the use of syllogisms and mathematics) — that will enable engineers not only to build bug-free programs but to verify that their programs behave exactly as they should. Hence, the project's official name, Expeditions in Computing: The Science of Deep Specification (DeepSpec, for short).
The DeepSpec project is committed to revamping the business of software by promulgating its findings throughout the computer industry. The key will be changing what's taught in colleges and universities.
An Attainable Goal?
Obviously, the research consortium is thinking long-term. Even if progress is swift, it would take decades for the group's work to become standard practices for software development. Wilson offers a measured perspective on the consortium's plans, praising its goals but also providing counterpoints and cautions.
"Addressing complexity is a huge part of the problem," Wilson says. "That's a ripe area for comp-sci research. But formal specification languages are a real challenge. They're hard for stakeholders to use and review."
"In addition to complexity, a critical problem is professionalism," Wilson adds. "Many programmers prefer coding to engineering and all the responsibilities that go with that -- planning, design, review, documentation, testing. The reality of high reliability code involves attention to detail, and that grates on people.
I like to say that good quality code involves 50 percent design, 40 percent verification, and 10 percent actual coding."
When Wilson worked as a development manager, he developed an initiative that required programmers to turn off their computers for an entire day once per week, and work with pen and paper instead. "It forced more care and attention, and intra-team communication," he says. "Paradoxically, productivity can improve if you get programmers to slow down the mechanical coding, and engage their brains more deeply."
"Complexity if definitely a huge issue, and finding new ways to cut through, keep software simple and comprehensible would be great," he adds. "Let's just be aware that the human failings in coding are not only cognitive but they're also to do with over-confidence and a reluctance—in management as well as in the coders themselves—to put in the right care and attention to detail. The rush to release new product is overwhelming."
Reprints
Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, please contact Sales.
