Today, I finally read "Zero Defect Project Design", which may be in my computer book, according to time / page, the longest time. Thin is 200 pages a half month. The period is mainly because of holiday It's too lazy to turn the book. However, longer time intervals can make me have enough time to experience the essence of clean room projects.
"Cascade Software Engineering", as a programmer, I have heard of this name, but I really understand that he is really much (a bit like my favorite python). I don't know the same time, this essay Finally, I plan to express my opinion on some of the opinions.
The core idea of clean room engineering is a process of manufacturing almost no defects in the process of software production. This method of improving software is very effective, usually a thousand lines of errors do not exceed 10, existing projects generally do 1 There is no about 0.5.
The core method of achieving this is "Verification": Proof code is correct, not by testing debug. To verify the software, you must formulate the code (not too much). Before all discussion First, this point of view: The code (also the program) is a function that transforms the input status to obtain an output status. The program design is based on the expected function. The program must "match" the corresponding expected function. For large expected functions can be broken down into several The simple part is verified (it is the Decomposition of the top down), and then according to the replacement principle, it is verified to the expected function (from bottom to top). Take a small example: (p32)
[CODE] [Y> X -> X, Y: = Y, X | True-> i] if (y> x) [x, y: = y, x] {int TEMP; TEMP = X; x = Y Y = Temp;} [/ code]
Tracking tables is a very important justice when verifying, which makes it easy to complicate more complicated.
With regard to the relationship between the verified procedures and expected functions, it should be called "match". The ability to process the verified program does not have to be completely complete and the expected function. Usually if the function is f (), the transformation made by the program is f * ( So: Usually D (f) is a subset of D (f *), the processing power of the program is greater than the expected function, and the function to be verified is equal to the expected function of the expected function, form: f * | d (F) = f.
The troubles of verification should be an iterative (still recursive) verification, but it can be converted to recursive in all iterations, and the verification of recursive functions has a mathematical method. The book tells a lot, essence is mathematics. Summary. 1. Verify the leader (we speak the high-album teacher like this, it is the first element of the first element, which is generally unsolicient, such as at 0)
2. Verify that when the assumption is set, the original proposition is established.
It is a bit blurred, but the people who know the inductive law understand what I am talking about. The verification of the procedure on the book is divided into these two steps.
Regarding the summary method, I will mention that the mathematics is divided into two types and second types (good UGLY name), and the sum of high school time is one type. The second step is assumed to assume N-1. Established, prove that the situation of N is also established. And the secondary summary method, the second step is assumed to assume that M, and whether college mathematics has been spent.
In addition, the foundation of the inductive method is the nature of the natural number. So it is not universal, so it is better to exceed this range. If you really encounter so complicated, I don't want to die. This kind of The complexity is basically coming from a complex algorithm. Its correctness, or the algorithm has proved, or if it is still not issued to do it.
Regarding the process of writing the program, I recommend writing the expected function, the code that matches the write and expected function, not to fall. Of course, the case of the existing code is the same as the case.
It is said that the core of the clean room engineering is like finishing, I thought it was when I read the book, but I didn't finish it.
The method of clean room engineering is to run through the entire software manufacturing process. The code is just the first step. The verification process reviews, requires a piece of code to verify his correctness together, this broken code is verified, his quality is These individuals are responsible, not just those who write code, point to code to read. You have verified the wrong mistake together, and a person tends to have the same mistake when verifying and encoding. So this is guaranteed code quality It is also important to step (also the author suggesting that this book is the reason why the best and companions learn together, :( It is not found.)
Since then, this book discusses authentication, abstract data type, object-oriented, recursive, and function language, etc. With the previous foundation, this part is easy to understand.
I thought this book will end in this plain mode, and Chapter 10, "Test", has made me a surprised discovery.
The role of the test: The test in the net chamber played the role of evaluating the net chamber process. If the BUG is greater than 10 during the test, then this clean room process is definitely not performed well. Based on the test : It is not a structured test, not the execution process of the program, but is sampled with the probability similar to actual implementation, test. Test. According to the author's point of view, this is most conducive to the improvement MTTF (Mean Time to Failure) The average fault time is also provided to the evaluation software quality provides a reliable basis. It is indeed a good method because f * as long as the D (f) is equal to F, whether there is a lot of extraction test? Of course there is improved The software quality method is still one, the author also believes that he has always opposed the unit test used in the clean room, and it can be used when necessary.
In addition, the description of the test data generator is very interesting, I have time.
Then the incremental development is also good, but the relationship with the clean room is not large.
Finally, the formal method is said that the clean room is one of the formal methods, and it is a non-formal form of formation. Or the sentence is moderately applied, no "silver bomb". Software design is not the best The method, the net chamber has defects, but through our comprehensive use of various methods, constantly accumulating experience, everything is slowly improved.
In addition, I found that Python can apply clean room projects. It is relatively easy. Very statement can correspond directly to the expected function. This code can be clearly expressed in this code.
PS: Writing is unknown, chaos, all can only be a reading note, the reference value is not big. My next net room engineering is "from the procedure from the standard". "I don't know if anyone is studying with me?
Here's some views on the net room on the 9CBS:
Lizhli (small 3) reputation: 100 2003-03-21 12: 05: 44Z score: 5
Static chamber software engineering, for each place, it is necessary to use mathematical prove to be correct, it is used in high reliability. The problem is how to ensure that your prove is correct, doing math issues will be wrong. If it is not possible to ensure that the process is correct, how can it guarantee the result of proven, that is, the procedure is correct? Of course, the proven thing, now artificial intelligence is already able to do some degree, use computer certificate should It can be relatively correct, Hector. This big brother's point of view is typical. "Static chamber software engineering, you need to use mathematics to each place to be correct, very slow" To pay attention to the time (and cost) of software development to a large extent It is dependent on the test time, while the net chamber may be unhappy at the time of the encoding, but can greatly reduce the test time. The net room software engineering is much most faster than other methods, this is not certain, fast 1.5 ~ 5 times, the degree of acceleration is not stable enough But one thing can be sure he will not slow than other methods. "The problem is how to ensure that your prove is correct, doing math questions will be wrong." At least mathematics method is more accurate than mathematics, and as long as Really understanding the math questions will not be wrong. (Even deeply, how many people in the counsel, more than 95 points, more than 95 points, more than one?) "Of course, the proven thing, now artificial intelligence can already do some degree It should be comparable to the computer, Heph. "According to my knowledge, the machine prove has not been strong to this extent, the mathematician is to find various proofs to maintain the livelihood. If the computer is so strong, the rice bowl can't keep it. (I can't do not want to have no food in the future.)
3GCDMA () Reputation: 99 2003-03-21 13: 00: 03Z score: 0
Static chamber method is too high for the requirements of the implementation, unrealistic
The net chamber method does require a trainer, but it will never be more troublesome than any new technique. My feeling is much simpler than UML (of course the two is completely different).
Gelenbertang Reputation: 100 2003-03-21 17: 32: 41Z score: 5
It is designed to design each of the prior art steps that can be implemented from existing technical means, and it is designed. Checking the engineering drawings not lacking. Take the photo construction this is still a compartment software? I think that there is such a conclusion that the compartment of the compartment project is to make all possible problems in advance, and the technology is non-critical factor, and there is no high-level technology. , I am afraid that I only use compilation, I personally think that most people can do some of the static compartment software after a year or two, of course, is a small project and it is an experienced project. The clean room software project is very cost-effective, but the design document can be understood in his hand. UML seems to be very clear. If industrialization is programmed, design professional, software division is clearer, the ability to fight, the battle, the battle, is a good industrial structure, but it is unfortunate that this industry becomes too fast, unstable structure is appropriate The status quo is also suffering from new human.唉 ~~~ "Unfortunately, this industry becomes too fast, unstable structure is appropriate, and it has suffered from new human. Hey ~~~" China software industry problem, good things will never change The net room is not new. Reply to: KLBT (Happy White Rabbit) () Reputation: 100 2003-11-09 01: 53: 52Z Score: 0 A lot of mathematical knowledge is required.
"Many mathematical knowledge needs to be used." As long as you have high school mathematics levels, it is enough to deal with daily verification.
Take a look at the front comment:
Quicmous () Reputation: 100 2003-03-22 22: 31: 03Z score: 0 to gprogramer: The method of the clean room is based on the mathematical model to ensure the correctness of the method. It does not require programmers to argue with mathematical methods.
To Saucerman: Oh, practicality is also verified to have a saying .... Recently Write Small Controls If you don't need this method, you may have finished writing (which may contain unpredictable errors), 嗬嗬, learn the total cost of new things.
To lizhli (small 3): My current understanding is the mathematical model of the compartment method guarantees the completeness, consistency and correctness of the design plan, and does not need to argue one by one. Due to the actual operating scenario, the design can only be established based on the reasonable abstraction of the input scenario. The verification of the procedure is given to a certain confidence in a certain confidence.
Zhf_karen (zhf) may be ERP, I also make this line. I think more and more need to learn the theory of the use value in software engineering technology. Otherwise, it will really let the project are exhausted.
In short, I just saw a few days, I realized a little bit, I hope some peers have more guidance.
Say my heart :)
Smilemac () () reputation: 100 2003-03-28 00: 13: 10Z score: 0 In fact, more common views is that CR is valuable is its box protocol, controlling the tape and statistical test method, many people even think Can only use its idea. Although it has been born for nearly 20 years, it is also very limited even foreign abroad. I actually learned its test method based on the usage model in a project, which has achieved a more good effect. In fact, software that is too simple to require high software or reliability is not suitable for use CR. Test I am afraid that there is a meaningful experience. As for the reuse requirements, there is no relationship with CR. At the point of view, Cr is a relatively poor, less than RUP, because pure CR is not allowed to do Refactoring, and its statute is strict primary level. The design development process of RUP is iterative, and the iteration of CR is an iteration between different projects. It is the iteration of the same software high version (I am absorbing this idea in the current project to reduce risk). CR is the most difficult in the first iteration, and it will be good in the future.
