Document 12961143
advertisement
!# Virtually defect-free software can be generated at high productivity levels
by applying to software development the same process discipline used in
integrated circuit manufacturing.
" , 2'$ * 2$ 1 -2-0-* ," (,12(232$# (21 5$**:),-5, 1(6:
1(&+ .0-&0 + '(1 .0-&0 + 0$.* "$# 2'$ 9$0- $%$"21
1*-& , -% 2'$ $ 0*7 1 ,# **-5$# -2-0-* 2- 5(, 2'$ %(012
*"-*+ *#0(#&$ 5 0# %-0 /3 *(27 (, (,"$ 2'$,
+ ,7 -2'$0 "-+. ,($1 ' 4$ (,(2( 2$# 1(6:1(&+ .0-&0 +1
'$ 1(6:1(&+ .0-&0 + (1 ! 1$# -, 2'$ .0(,"(.*$ 2' 2 *-,&:
2$0+ 0$*( !(*(27 0$/3(0$1 &0$ 2$0 #$1(&, + 0&(, +-0$
0-!312 #$1(&, 1- 2' 2 2'$ .0-#3"2 " , $,#30$ 2'$ 120$11 -%
31$ 5(2'-32 % (*(,& '$ +$ 130$ %-0 #$2$0+(,(,& 2'$ 0-!312:
,$11 -% #$1(&, (1 ! 1$# -, 2'$ 12 ,# 0# #$4( 2(-, -0 1(&+ %-3,# (, 12 ,# 0# ,-0+ * #(120(!32(-, '(1 +$ 130$ (1
" **$# " . !(*(27 (,#$6 . 5'("' (1 #$%(,$# 1 2'$ 0 2(-% 2'$ + 6(+3+ **-5 !*$ #$1(&, 2-*$0 ,"$ *(+(21 2- 2'$
20 #(2(-, * ±:1(&+ 2-*$0 ,"$ *(+(21 '31 %-0 1(6:1(&+
#$1(&, *(+(2 . - (**3120 2$ 1(6:1(&+ " . !(*(27 "-,1(#$0 + ,3% "230(,&
.0-"$11 (, 5'("' 2'(, %(*+ -% &-*# +312 !$ 4 .-0:#$.-1(2$#
-, 1(*("-, 13!120 2$ 3..-1$ 2' 2 2'$ 2 0&$2 2'("),$11 -%
2'(1 %(*+ (1 ,&120-+1 ,# 2' 2 1 *(22*$ 1 ,&120-+1
-0 1 +3"' 1 ,&120-+1 (1 1 2(1% "2-07 % 1 1'-5, (,
(& 2'$ ±: ,&120-+ #$1(&, *(+(21 "-00$1.-,# 2- 2'$ 1(6:
1(&+ .-(,21 -% 2'$ ,-0+ * #(120(!32(-, -,*7 -,$ "'(. (,
220Å
235Å
250Å
!(**(-, 5(** !$ .0-#3"$# 5(2'
2-- 2'(")
%(*+ 2' 2 (1 $(2'$0 2-- 2'(, -0
, ,7 .0 "2(" * .0-"$11 2'$ .-1(2(-, -% 2'$ +$ , 5(** 4 07
2 (1 &$,$0 **7 113+$# 2' 2 2'(1 4 0( 2(-, (1 !-32 ± 1(&+ (2' 2'(1 1'(%2 (, 2'$ +$ , 1(6:1(&+ #$1(&, 5-3*# .0-:
#3"$ . 021 .$0 +(**(-, #$%$"2(4$ '(1 (1 "-,1(#$0$# 2- !$
1 2(1% "2-07 ,# (1 !$"-+(,& ""$.2$# 1 /3 *(27 12 ,# 0#
!*$ *(121 2'$ #$%$"2(4$ . 021 .$0 +(**(-, ..+ .-11(!*$
%-0 #(%%$0$,2 1(&+ 4 *3$1
2 %(012 2'$ 1(6:1(&+ +$ 130$ 5 1 ..*($# -,*7 2- ' 0#5 0$
0$*( !(*(27 ,# + ,3% "230(,& .0-"$11$1 2 5 1 13!1$/3$,2*7
0$"-&,(8$# 2' 2 (2 "-3*# *1- !$ ..*($# 2- 1-%25 0$ /3 *(27
,3+!$0 -% 1-%25 0$ #$4$*-.+$,2 +$2'-#-*-&($1 ' 4$
!$$, 1'-5, 2- .0-#3"$ 1(6:1(&+ /3 *(27 1-%25 0$ -11(!*7
2'$ +$2'-#-*-&7 2' 2 (1 2'$ $ 1($12 2- (+.*$+$,2 ,# (1 2'$
+-12 0$.$ 2 !*$ (1 2$"',(/3$ " **$# "*$ ,0--+ 1-%25 0$
$,&(,$$0(,& 5'("' 5 1 #$4$*-.$# 2 -0.-0 2(-,1
$#$0 * 712$+1 (4(1(-, #30(,& 2'$ $ 0*7 1 $ .:
.*($# 2'(1 +$2'-#-*-&7 (, *(+(2$# 5 7 (, 27.(" * $,4(0-,+$,2 ,# "'($4$# 0$+ 0) !*$ 0$13*21
265Å
280Å
Mean
–1.5
+1.5
Numerous Defects
(6210 Defective ppm)
Numerous Defects
(6210 Defective ppm)
Virtually No
Defects
(3.4 ppm)
–6
–4
–2
0
Four Sigma
Six Sigma
ppm = Parts Per Million
Virtually No
Defects
(3.4 ppm)
Part or Process Variation
3,$ $5*$22: ") 0# -30, *
2
4
6
, (**3120 2(-, -% 1(6:
1(&+ #$1(&, 1.$"(%(" 2(-, #$1(&, 1.$"(%(" 2(-, -% ± ,&:
120-+1 "-00$1.-,#1 2- ±:1(&+
#$1(&, *1- 1'-5, (1 2'$ ±
4 0( 2(-, %0-+ 2'$ +$ , 1
0$13*2 -% 4 0( 2(-,1 (, 2'$ .0-"$11
Table I
Defective ppm for Different Sigma Values
Sigma
ppm
1
697,700
2
308,733
3
66,803
4
6,210
5
233
6
3.4
7
0.019
When applied to software, the standard unit of measure is
called and sixĆsigma in this context means fewer than
3.4 failures (deviations from specifications) per million uses.
A use is generally defined to be something small such as the
single transaction of entering an order or command line.
This is admittedly a rather murky definition, but murkiness is
not considered to be significant. SixĆsigma is a very stringent
reliability standard and is difficult to measure. If it is
achieved, the user sees virtually no defects at all, and the
actual definition of a use then becomes academic.
Cleanroom software engineering has demonstrated the ability
to produce software in which the user finds no defects. We
have confirmed these results at HP. This paper reports our
results and provides a description of the cleanroom process,
especially those portions of the process that we used.
Cleanroom software engineering (cleanroom") is a metaphor
that comes from integrated circuit manufacturing. LargeĆscale
integrated circuits must be manufactured in an environment
that is free from dust, flecks of skin, and amoebas, among
other things. The processes and environment are carefully
controlled and the results are constantly monitored. When
defects occur, they are considered to be defects in the proĆ
cesses and not in the product. These defects are characterĆ
ized to determine the process failure that produced them.
The processes are then corrected and rerun. The product is
regenerated. The original defective product is not fixed, but
discarded.
The cleanroom software engineering philosophy is analogous
to the integrated circuit manufacturing cleanroom process.
Processes and environments are carefully controlled and are
monitored for defects. Any defects found are considered to
be defects in one or more of the processes. For example,
defects could be in the specification process, the design
methodology, or the inspection techniques used. Defects are
not considered to be in the source file or the code module
that was generated. Each defect is characterized to determine
which process failed and how the failure can be prevented.
The failing process is corrected and rerun. The original prodĆ
uct is discarded. This is why one of the main proponents of
cleanroom, Dr. Harlan Mills, suggests that the most important
tool for cleanroom is the wastebasket.4
!
The life cycle of a cleanroom project differs from the tradiĆ
tional life cycle. The traditional 40Ć20Ć40 postinvestigation
life cycle consists of 40% design, 20% code, and 40% unit
testing. The product then goes to integration testing.
Cleanroom uses an 80Ć20 life cycle (80% for design and 20%
for coding). The unexecuted and untested product is then
presented to integration testing and is expected to work. If it
doesn't work, the defects are examined to determine how
the process should be improved. The defective product is
then discarded and regenerated using the improved process.
Unit testing does not exist in cleanroom. Unit testing is priĆ
vate testing performed by the programmer with the results
remaining private to the programmer.
The lack of unit testing in cleanroom is usually met with
skepticism or with the notion that something wasn't stated
correctly or it was misunderstood. It seems inconceivable
that unit testing should not occur. However it is a reality.
Cleanroom not only claims that there is no need for unit
testing, it also states that unit testing is dangerous. Unit testĆ
ing tends to uncover superficial defects that are easily found
during testing, and it injects deep" defects that are difficult
to expose with any other kind of testing.
A better process is to discover all defects in a public arena
such as in integration testing. (Preferably, the original proĆ
grammer should not be involved in performing the testing.)
The same rigorous, disciplined processes would then be
applied to the correction of the defects as were applied to
the original design and coding of the product.
In practice, defects are almost always encountered in integraĆ
tion testing. That seems to surprise no one. With cleanroom,
however, these defects are usually minor and can be fixed
with nothing more than an examination of the symptoms
and a quick informal check of the code. It is very seldom
that sophisticated debuggers are required.
When IBM was asked about the criteria for judging a module
worthy of being discarded, they stated that the basic criterion
is that if testing reveals more than five defects per thousand
lines of code, the module is discarded. This is a low defect
density by industry standards,5 particularly when it is considĆ
ered that the code in question has never been executed
even by an individual programmer. Our experience is that
any halfĆserious attempt to implement cleanroom will easily
achieve this. We achieved a defect density of one defect per
thousand lines of code the first time we did a cleanroom
project. It would appear that this discard the offending
module" policy is primarily intended to be a strong attention
getter to achieve commitment to the process. It is seldom
necessary to invoke it.
! Productivity is high with cleanroom. A trained cleanroom
team can achieve a productivity rate approaching 800 nonĆ
comment source statements (NCSS) per engineer month.
Industry average is 120 NCSS per engineer month. Most HP
entities quote figures higher than this, but seldom do these
quotes exceed 800 NCSS.
There is also evidence that the resulting product is signifiĆ
cantly more concise and compact than the industry average.6
June 1994 HewlettĆPackard Journal
• (% 2%35,4 /& )-0,%-%.4).' %!#( 3%'-%.4 -534 "% ! -/$5,%
4(!4 #!. "% #/-0,%4%,9 %8%#54%$ !.$ 4%34%$ /. )43 /7. ()3
-%!.3 4(!4 ./ 3%'-%.4 #!. #/.4!). 0!24)!,,9 )-0,%-%.4%$
&%!452%3 4(!4 -534 "% !6/)$%$ $52).' 4%34).' 4/ 02%6%.4
02/'2!- &!),52%
• (% 3%'-%.43 -!9 ./4 (!6% -545!, $%0%.$%.#)%3 /2 %8<
,%!.2//- )3 #/-0!4)",% 7)4( -/34 ).$53429<!##%04%$ "%34
!-0,% )4 )3 3!4)3&!#4/29 &/2 3%'-%.4 4/ 2%15)2% 4(% )-0,%<
02!#4)#%3 &/2 3/&47!2% '%.%2!4)/. 4 )3 ./4 .%#%33!29 4/ 5.<
-%.4!4)/. /& 3%'-%.4 4/ %8%#54% #/22%#4,9 4 )3 !335-%$
,%!2. !.94().' /-% /& 4(%3% "%34 02!#4)#%3 !2% 2%15)2%$
4(!4 3%'-%.4 7),, "% )-0,%-%.4%$ &)234 !.$ 7),, %8)34 4/
35#( !3 ! 3425#452%$ $%3)'. -%4(/$/,/'9 4(%23 35#( !3
3500/24 4(% 4%34).' /& 3%'-%.4 /7%6%2 )4 )3 ./4 3!4)3&!#<
3/&47!2% 2%53% !2% /04)/.!, "54 #/-0!4)",%
4/29 &/2 3%'-%.4 4/ 2%15)2% 3%'-%.4 4/ %8%#54% 02/0%2,9
3 -%.4)/.%$ !"/6% #,%!.2//- 2%15)2%3 3/-% 3/24 /& 3425#<
!4 4(% 3!-% 4)-%
452%$ $%3)'. -%4(/$/,/'9 4 (!3 "%%. 35##%33&5,,9 %-0,/9%$
(% 3425#452%$ 30%#)&)#!4)/.3 02/#%33 )3 53%$ "9 #,%!.2//53).' ! .5-"%2 /& $)&&%2%.4 $%3)'. !002/!#(%3 /34 2%#%.4,9
4/ &!#),)4!4% #/.42/, /& 4(% 02/#%33 "9 !,,/7).' 4(% $%6%,/0<
(/7%6%2 4(% #,%!.2//- /2)').!4/23 !2% 2%#/--%.$).' !
-%.4 4%!- 4/ &/#53 /. 3-!,, %!3),9 #/.#%045!,):%$ 0)%#%3 &/2- /& /"*%#4</2)%.4%$ $%3)'.
3%#/.$!29 "54 6%29 )-0/24!.4 %&&%#4 )3 4(!4 02/$5#4)6)49 )3
,, #,%!.2//- $%,)6%2!",%3 -534 "% 35"*%#4 4/ ).30%#4)/.3
).#2%!3%$ .#2%!3%$ 02/$5#4)6)49 )3 ! .!452!, %&&%#4 /& 4(%
#/$% 7!,+4(2/5'(3 /2 3/-% /4(%2 &/2- /& 2)'/2/53 0%%2
4%!-3 "%).' &/#53%$ !#( $%,)6%2!",% )3 3-!,, !.$ 4(% 4)-%
2%6)%7 4 )3 ./4 #2)4)#!, 7(!4 &/2- )3 !00,)%$ (!4 )3 #2)4)#!,
4/ 02/$5#% )4 )3 039#(/,/')#!,,9 3(/24 (% $%,)6%29 $!4% )3
)3 4(!4 /& !,, $%,)6%2!",%3 "% 35"*%#4%$ 4/ 4()3 0%%2<
4(%2%&/2% !,7!93 )--).%.4 !.$ !,7!93 3%%-3 4/ "% 7)4().
2%6)%7 02/#%33 !.$ 4(!4 )4 "% $/.% ). 3-!,, 15!.4)4)%3 /2
2%!#( /2!,% )3 '%.%2!,,9 ()'( "%#!53% 2%!, 02/'2%33 )3
).34!.#% )4 )3 2%#/--%.$%$ 4(!4 ./ -/2% 4(!. 4(2%% 4/ &)6%
6)3)",% !.$ )3 !#()%6!",%
0!'%3 /& ! #/$% -/$5,% "% ).30%#4%$ !4 ! 3).',% ).30%#4)/.
425#452%$ 30%#)&)#!4)/.3 !,3/ /&&%2 ! 6%29 $%&).)4% 02/*%#4
-!.!'%-%.4 !$6!.4!'% (%9 3%26% 4/ !#()%6% 4(% &2%15%.4,9
15/4%$ -!8)- 4(!4 7(%. ! 02/*%#4 )3 #/-0,%4% /&
. !$$)4)/. 4/ 4(% 34!.$!2$ 3/&47!2% %.').%%2).' 02!#4)#%3
)43 &%!452%3 3(/5,$ "% #/-0,%4% ).34%!$ /& /& )43
-%.4)/.%$ !"/6% 4(%2% !2% ! .5-"%2 /& #,%!.2//-<30%#)&)#
&%!452%3 "%).' #/-0,%4% 2/0%2 -!.!'%-%.4 6)3)"),)49
02/#%33%3 4(!4 !2% 2%15)2%$ /2 !2% 2%#/--%.$%$ (%3%
!.$ 4(% !"),)49 4/ #/.42/, $%,)6%29 3#(%$5,%3 $%0%.$ 50/.
02!#4)#%3 ).#,5$% 3425#452%$ 30%#)&)#!4)/.3 &5.#4)/.!, 6%2)&)<
4()3 -!8)-3 "%).' 425%
#!4)/. 3425#452%$ $!4! !.$ 34!4)34)#!, 4%34).' 425#452%$
30%#)&)#!4)/.3 !2% !00,)%$ 4/ 4(% 02/*%#4 "%&/2% $%3)'. "%').3
425#452%$ 30%#)&)#!4)/.3 !2% 6%29 3)-),!2 4/ ).#2%-%.4!,
()3 342/.',9 !&&%#43 4(% $%,)6%29 3#(%$5,% !.$ 4(% 02/*%#4
02/#%33%3 $%3#2)"%$ ). /4(%2 -%4(/$/,/')%3 "54 /&4%. 4(%
-!.!'%-%.4 02/#%33 5.#4)/.!, 6%2)&)#!4)/. )3 !00,)%$ $52<
0520/3%3 !.$ "%.%&)43 3/5.$ 15)4% $)&&%2%.4 /2 ).34!.#% ).
).' $%3)'. #/$).' !.$ ).30%#4)/. 02/#%33%3 425#452%$ $!4! /.% #!3% 4(% 3425#452%$ 30%#)&)#!4)/.3 02/#%33 )3 #!,,%$ evoluĆ
)3 !00,)%$ $52).' 4(% $%3)'. 02/#%33 ).!,,9 34!4)34)#!, 4%34<
tionary delivery. (% 02)-!29 "%.%&)4 #,!)-%$ &/2 %6/,54)/.<
).' )3 4(% ).4%'2!4)/. 4%34).' -%4(/$/,/'9 /& #(/)#% )' !29 $%,)6%29 )3 4(!4 )4 !,,/73 ;2%!, #534/-%23 4/ %8!-).%
35--!2):%3 4(% #,%!.2//- 02/#%33%3
%!2,9 2%,%!3%3 !.$ 02/6)$% &%%$"!#+ 3/ 4(!4 4(% 02/$5#4 7),,
()3 &524(%2 %.(!.#%3 02/$5#4)6)49 /4 /.,9 )3 4(% 02/$5#4
02/$5#%$ !4 ! ()'( 34!4%-%.4<0%2<-/.4( 2!4% "54 4(% 4/4!,
.5-"%2 /& 34!4%-%.43 )3 !,3/ 3-!,,%2
425#452%$ 30%#)&)#!4)/.3 )3 ! 4%2- !00,)%$ 4/ 4(% 02/#%33
53%$ 4/ $)6)$% ! 02/$5#4 30%#)&)#!4)/. ).4/ 3-!,, 0)%#%3 &/2
)-0,%-%.4!4)/. 4 )3 ./4 #2)4)#!, %8!#4,9 (/7 4()3 $)6)3)/.
)3 !##/-0,)3(%$ !3 ,/.' !3 4(% 2%35,43 (!6% 4(% &/,,/7).'
#(!2!#4%2)34)#3
• !#( 30%#)&)#!4)/. 3%'-%.4 -534 "% 3-!,, %./5'( 3/ 4(!4 )4
#!. "% &5,,9 )-0,%-%.4%$ "9 4(% $%6%,/0-%.4 4%!- 7)4().
$!93 /2 7%%+3 2!4(%2 4(!. -/.4(3 /2 9%!23
%6/,6% ).4/ 3/-%4().' 4(!4 2%!,,9 3!4)3&)%3 #534/-%2 .%%$3
3500/243 4()3 !002/!#( !.$ (!3 #,!33%3 4/ 4%!#( 4(%
%6/,54)/.!29 $%,)6%29 02/#%33 4/ 3/&47!2% $%6%,/0%23
2/- 4(% $%3#2)04)/. *534 ')6%. )4 7/5,$ !00%!2 4(!4 %!#(
%6/,54)/.!29 2%,%!3% )3 0,!#%$ ).4/ 4(% (!.$3 /& 2%!, #534/-<
%23 ()3 )-0,)%3 4/ -!.9 0%/0,% 4(!4 4(% %.4)2% 2%,%!3% 02/<
#%33 )3 2%0%!4%$ /. ! &2%15%.4 -/.4(,9 "!3)3 ).#% -5,4)0,%
2%,%!3%3 !.$ 4(% 3500/24 /& -5,4)0,% 6%23)/.3 !2% #/.3)$%2%$
(%!$!#(%3 &/2 02/$5#4 3500/24 4()3 3#%.!2)/ )3 &2/7.%$
Cleanroom Processes
Structured
Specifications
(Divide Product
Specification
into Manageable
Pieces)
Structured Data
(Treat Random
Data Access)
Intellectual
Control
Before Design
Design
5.% %7,%44<!#+!2$ /52.!,
Statistical
Testing
(Measure
Quality in
Sigma Units)
Functional
Verification
(Formal Checks
for Correctness)
Legal
Primitive
Evaluation
Analytical
Proof
Design, Coding, and Inspection
Integration Testing
(% 02/#%33%3 2%#/-<
-%.$%$ &/2 3/&47!2% #,%!.2//%.').%%2).'
3.-, *#,0--+ "-#1 ,-2 +)# '2 .0'-0'27 2- .*!# #!&
12%# -$ 2&# .0-"3!2 ',2- 2&# &,"1 -$ 0#* !312-+#01
--)',% 2 2&# "#$','2'-, -$ 0#* !312-+#0 ', 2&# #4-*32'-,:
07 "#*'4#07 .0-!#11 7-3 0#*'8# 2&2 0#* !312-+#0 !-3*"
# 2&# #,%',##0 2 2&# ,#62 "#1) , .0!2'!# 2&# .0-"3!2
!,,-2 # "#*'4#0#" 2- +-0# 2&, &,"$3* -$ *.& -0 #2
2#12#01 3,2'* 2&# .0-"3!2 '1 0#*#1#" 2- 2&# $3** +0)#2 &'1
27.# -$ 0#*#1# 1&-3*" ,-2 -!!30 ,7 +-0# -$2#, 2&, ,-0+*
, $!2 1',!# !*#,0--+ .0-"3!#1 &'%&:/3*'27 .0-"3!21 2&#
,3+ #0 -$ 0#*#1#1 0#/3'0#" $-0 .0-"3!2 0#.'0 '1 1'%,'$'!,2*7
0#"3!#"
,-2&#0 27.# -$ 1203!230#" 1.#!'$'!2'-,1 2#!&,'/3# 5&'!&
'1 ..*'#" 2- ',$-0+2'-, 2#!&,-*-%7 "#4#*-.+#,2 31#1
',$-0+2'-, #,%',##0',% 2'+# -6#1
'+# -6#1 0# 31#"
1 +#,1 -$ .0#4#,2',% #,"*#11 $#230# !0##. 5&'*# #,130:
',% 2&2 2&# .0-"3!2 ', 2&'1 !1# , ',$-0+2'-, .0-"3!2
12'** &1 $*#6' '*'27 ," ".2 '*'27 2- !&,%',% 31',#11
0#/3'0#+#,21
&1 "-.2#" 2#!&,'/3# !**#" short interval scheduling
1 .0-(#!2 +,%#+#,2 ..0-!& &-02 ',2#04* 1!&#"3*',%
0#)1 2&# #,2'0# .0-(#!2 ',2- :2-::5##) !&3,)1 #!& 5'2&
'21 -5, 1#2 -$ "#*'4#0 *#1 &-02 ',2#04* 1!&#"3*',% !, #
..*'#" 2- -2&#0 .0-(#!21 #1'"#1 2&-1# ',4-*4#" ', 1-$250#
"#4#*-.+#,2 &'1 '1 , ',1'%&2 2&2 '1 ,-2 - 4'-31 ', -2&#0
2#!&,'/3#1
** -$ 2&#1# +#2&-"1 0# 4#07 1'+'*0 2- 2&# 1203!230#" 1.#!':
$'!2'-,1 2#!&,'/3# 1 "'$$#0#,2 1 2&#7 1-3," 2&#7 ** 1#04#
2- 0#) 2&# 21) ',2- '2#:1'8#" .'#!#1 5&'!& '1 2&# %-* -$
2&# 1203!230#" 1.#!'$'!2'-,1 .-02'-, -$ !*#,0--+
3,!2'-,* 4#0'$'!2'-, '1 2&# &#02 -$ !*#,0--+ ," '1 .0':
+0'*7 0#1.-,1' *# $-0 !&'#4',% 2&# "0+2'! '+.0-4#+#,2
', /3*'27 .-11' *# 5'2& !*#,0--+ 2 '1 1#" -, 2&# 2#,#2
2&2 %'4#, 2&# .0-.#0 !'0!3+12,!#1 2&# &3+, ',2#**#!2 !,
"#2#0+',# 5&#2&#0 -0 ,-2 .'#!# -$ *-%'! '1 !-00#!2 ," '$ '2
'1 ,-2 !-00#!2 "#4'1# +-"'$'!2'-, 2- $'6 '2 3,!2'-,* 4#0'$':
!2'-, &1 2&0## *#4#*1 ',2#**#!23* !-,20-* *#%* .0'+'2'4#
#4*32'-, ," ,*72'!* .0--$
,2#**#!23* !-,20-* 0#/3'0#1 2&2 2&# .0-%0#11'-, $0-+ 1.#!':
$'!2'-,1 2- !-"# # "-,# ', 12#.1 2&2 0# 1+** #,-3%& ,"
"-!3+#,2#" 5#** #,-3%& 1- 2&2 2&# !-00#!2,#11 -$ #!& 12#.
'1 - 4'-31 &# 5-0)',% 2#0+ &#0# '1 9- 4'-31 &# 0#4'#5#0
1&-3*" # 2#+.2#" 2- 17 9$ !-301# 2&'1 0#$',#+#,2 *#4#*
$-**-51 !-00#!2*7 $0-+ '21 .0#"#!#11-0 &7 #* -0 2&#
.-',2 $ 2&# 0#4'#5#0 '1 ,-2 2#+.2#" 2- 17 2&'1 '2 +7 #
"4'1 *# 2- 0#"#1'%, 2&# 0#$',#+#,2 *#4#* -0 2- "-!3+#,2 '2
+-0# !-+.*#2#*7
#%* .0'+'2'4# #4*32'-, #,&,!#1 ',2#**#!23* !-,20-* 7
.0-4'"',% +2&#+2'!**7 "#0'4#" 1#2 -$ /3#12'-,1 $-0
.0-4',% ," 2#12',% 2&# 113+.2'-,1 +"# ', 2&# "#1'%,
1.#!'$'!2'-,1 ,*72'!* .0--$
#,&,!#1 *#%* .0'+'2'4#
#4*32'-, 7 ,15#0',% 2&# /3#12'-, 1#21 +2&#+2'!**7
,*72'!* .0--$ '1 4#07 0'%-0-31 ," 2#"'-31 !-00#!2,#11
.0--$ ," '1 4#07 00#*7 31#"
# &4# "#+-,1202#" &#0# 2 2&2 ',2#**#!23* !-,20-*
*-,# '1 !. *# -$ .0-"3!',% !-"# 5'2& 1'%,'$'!,2*7 '+:
.0-4#" "#$#!2 "#,1'2'#1 !-+.0#" 2- 1-$250# "#4#*-.#" 5'2&
-2&#0 20"'2'-,* "#4#*-.+#,2 .0-!#11#1 ..*'!2'-, -$ 2&#
!-+.*#2# !*#,0--+ .0-!#11 5'** .0-4'"# ,-2&#0 25- 22&0## -0"#01 -$ +%,'23"# '+.0-4#+#,2 ', "#$#!2 "#,1'2'#1
," 5'** .0-"3!# 1'6:1'%+ !-"#
Intellectual Control. &# &3+, ',2#**#!2 $**' *# 2&-3%& '2 +7
# '1 *# 2- 11#11 !-00#!2,#11 5&#, .0#1#,2#" 5'2& 0#:
1-, *# "2 ', 0#1-, *# $-0+2 Testing is far inferior to
the power of the human intellect. &'1 '1 2&# )#7 .-',2 **
1'6:1'%+ 1-$250# .0-!#11#1 0#4-*4# 0-3," 2&'1 .-',2 2 '1
+72& 2&2 1-$250# +312 !-,2', "#$#!21 &'1 +72& '1 1#*$:$3*$'**',% .0-.&#!7 ," .0#4#,21 "#$#!2:$0## 1-$250#
$0-+ #',% 0-32',#*7 .0#1#,2#" 2- 2&# +0)#2.*!# &#
.0#4*#,!# -$ 2&# "#$#!2 +72& '1 2&# 0#13*2 -$ ,-2&#0 +72&
5&'!& '1 2&2 2&# !-+.32#0 '1 13.#0'-0 2- 2&# &3+, ," 2&2
!-+.32#0 2#12',% '1 2&# #12 57 2- #,130# 0#*' *# 1-$250#
# 0# 2-*" 2&2 2&# &3+, ',2#**#!2 !, -,*7 3,"#012,"
!-+.*#6'2'#1 5&#, 2&#7 0# *',)#" 2-%#2&#0 ', !*-1# 1'+.*#
0#*2'-,1&'.1 &'1 *'+'22'-, !, # +"# 2- 5-0) $-0 31 $
'2 '1 '%,-0#" '2 5-0)1 %',12 31 ," &,"'!.1 -30 !0#2'4#
'*'27 )',% 2&'1 *'+'22'-, 5-0) $-0 31 '1 2&# 1'1 -$
$3,!2'-,* 4#0'$'!2'-,
&# 1'1 $-0 ',2#**#!23* !-,20-* ," $3,!2'-,* 4#0'$'!2'-, '1
1203!230#" "#4#*-.+#,2 &'#00!&7 -12 -$ 31 0# $+'*'0
5'2& 0#.0#1#,22'-, -$ &'#00!&7 *')# 2&# -,# +-"#*#" ',
'% &'1 !-3*" # , '**31202'-, -$ &-5 2- .0-%0#11 $0-+
"#1'%, 1.#!'$'!2'-,1 2- !23* !-"# 31',% ,7 -,# -$
* This tenet is also the definition of intellectual control.
Specifications
1
2
1.1
1.2
Code
Code
2.1
3
2.2
4
Code
4.1
Code
2.1.1
2.1.2
4.1.1
4.1.2
Code
Code
Code
Code
4.2
4.3
Code
Code
27.'!* 0#.0#1#,22'-, -$
&'#00!&'!* "'%0+ , 2&'1
!1# 2&# 0#.0#1#,22'-, '1 $-0 1-$250# "#1'%,
3,# #5*#22:!)0" -30,*
2&# !300#,2*7 .-.3*0 ',"31207:!!#.2#" #12 .0!2'!#1 $-0
"#1'%, !& -$ 2&#1# .0!2'!#1 &1 1-+# $-0+ -$ 12#.5'1#
0#$',#+#,2 !& 0#)1 "-5, 2&# 1.#!'$'!2'-,1 ',2- #4#0
%0#2#0 "#2'* &# 0#13*2 '1 .0-%0+ !-,2',',% 1#2 -$
!-++,"1 ', 1-+# .0-%0++',% *,%3%#
&# "'$$#0#,!# #25##, 2&# "'$$#0#,2 1-$250# "#1'%, +#2&:
-"1 '1 0#$*#!2#" ', 2&# ',2#0.0#22'-, -$ 5&2 2&# 1/30#1 ,"
2&# !-,,#!2',% *',#1 ', '% 0#.0#1#,2 $ 2&# "#4#*-.#0 '1
31',% 1203!230#" "#1'%, 2#!&,'/3#1 2&#7 5-3*" +#, "2
," !-,20-* !-,,#!2'-,1 ," '$ 2&# "#4#*-.#0 '1 31',% - (#!2:
-0'#,2#" "#1'%, 2&#7 5-3*" 0#.0#1#,2 - (#!21 ', , - (#!2:
-0'#,2#" &'#00!&7
3,!2'-,* 4#0'$'!2'-, "-#1 ,-2 !0# 5&2 2&#1# 17+ -*1
0#.0#1#,2 , ,7 -$ 2&#1# +#2&-"1 2&# 1/30#1 ,"
0# 13..-1#" 2- "#1!0' # $3**7 2&# $3,!2'-,*'27 -$ 2&#
1.#!'$'!2'-,1 2 2&2 *#4#* '+'*0*7 2&0-3%& $3**7
"#1!0' # 2&# $3,!2'-,*'27 -$ 1/30# ," 2&# !-"# -$ 1/30#
$3**7 '+.*#+#,21 2&# $3,!2'-,*'27 -$ 1/30# ,2#**#!23*
!-,20-* !, # !&'#4#" 5'2& ,7 -$ 2&#+ 7 "&#0',% 2- 2&#
$-**-5',% $'4# .0',!'.*#1
Principle 1. -!3+#,22'-, +312 # !-+.*#2# &# $'012 )#7
.0',!'.*# '1 2&2 2&# "-!3+#,22'-, -$ 2&# 0#$',#+#,2 *#4#*1
+312 # !-+.*#2# 2 +312 $3**7 0#$*#!2 2&# 0#/3'0#+#,21 -$
2&# 120!2'-, *#4#* '++#"'2#*7 -4# '2 -0 ',12,!# '2
+312 # .-11' *# 2- *-!2# 5'2&', 2&# "-!3+#,22'-, -$
1/30#1 2&0-3%& ', -30 #6+.*# #4#07 $#230# "#1!0' #"
', 2&# 1.#!'$'!2'-,1
$ "-!3+#,22'-, '1 !-+.*#2# ',2#**#!23* !-,20-* '1 ,#0*7
32-+2'! , 2&# !1# "#1!0' #" -4# 2&# "#1'%,#0 ',23:
'2'4#*7 5-0)1 2- +)# 2&# "-!3+#,22'-, ," 2&# 1.#!'$'!:
2'-,1 !-,1'12#,2 5'2& #!& -2&#0 &# ',1.#!2-01 ',23'2'4#*7
123"7 2- !-,$'0+ 2&# !-00#!2,#11
-2# 2&2 '2 '1 ,-2 *571 ,#!#1107 2- 0#.0-"3!# 2&# 1.#!'$':
!2'-,1 5-0" $-0 5-0" 2 5'** -$2#, # .-11' *# 2- 1'+.*7
122# 9&'1 +-"3*# $3**7 '+.*#+#,21 2&# .0-4'1'-,1 -$ 1.#!'$':
!2'-, 1#!2'-, : &# ',1.#!2-01 ,##" -,*7 !-,$'0+ 2&2 '2
+)#1 1#,1# $-0 1#!2'-, : 2- # 20#2#" ', 1',%*# +-"3*#
2&#0 2'+#1 '2 +7 # ,#!#1107 2- "#$',# !-,1'"#0 *7 +-0#
2&, 5&2 '1 ', 2&# 1.#!'$'!2'-,1 $#230# 2&2 '1 1.0#"
-4#0 1#4#0* +-"3*#1 0#/3'0#1 1.#!'$'! "#1!0'.2'-, -$ 5&'!&
.-02'-, '1 20#2#" ', #!& +-"3*# ," #6!2*7 &-5 2&# +-":
3*#1 ',2#0!2 5'2& #!& -2&#0 2 +312 # .-11' *# $-0 2&# ',:
1.#!2-01 2- *--) 2 ** 2&# +-"3*#1 1 5&-*# ," "#2#0+',#
2&2 2&# $#230# '1 .0-.#0*7 '+.*#+#,2#" ', 2&# $3** +-"3*#
-0!&#1202'-,
&'1 .0',!'.*# '1 !-++-,*7 4'-*2#" ** ',"31207:!!#.2#"
#12 "#1'%, .0-!#11#1 #,!-30%# $3** "-!3+#,22'-, 32 '2 '1
12'** ,-2 "-,# #!31# 2&#1# "#1'%, .0-!#11#1 -$2#, *!) 2&#
.#01.#!2'4# ," 2&# 0#1.#!2 $-0 ',2#**#!23* !-,20-* 2&2 '1
.0-4'"#" 7 2&# .0',!'.*#1 -$ $3,!2'-,* 4#0'$'!2'-, -0 2&#7
0# ',13$$'!'#,2*7 !-+.#**',% 2- !-,4#7 2&'1 0#1.#!2 &# !-,:
!#.2 -$ ',2#**#!23* !-,20-* '1 -$2#, *-12 7 +,7 "#1'%, .0-:
!#11#1 #!31# 2&# +', #+.&1'1 '1 -, 2&# +#!&,'!1 -$
2&# 1.#!'$'! +#2&-"-*-%7
&# 0#13*2 '1 2&2 $0#/3#,2*7 2&# "-!3+#,22'-, $-0 2&# $'012
*#4#* -$ 2&# 1712#+ 1.#!'$'!2'-,1 '1 ,-2&',% +-0# 2&, 2&#
,+#1 -$ 2&# +-"3*#1 #% 2 1# !!#11 -"3*#
,:',# ."2# -"3*# ,'2'*'82'-, -"3*# 1#0
,2#0$!# -"3*# 2 '1 *#$2 2- 2&# ',1.#!2-01 2- %3#11 1#"
3,# #5*#22:!)0" -30,*
-, 2&# ,+#1 5&2 .-02'-,1 -$ 2&# 1.#!'$'!2'-,1 5#0#
',2#,"#" 2- # ', 5&'!& +-"3*#
4#, 5&#, 2&#0# '1 , 22#+.2 2- !-,$-0+ $3**7 2- 2&# +#2&:
-"-*-%7 ," .0-4'"# $3** "-!3+#,22'-, ,#'2&#0 2&# "#1'%,#0
,-0 2&# ',1.#!2-01 1##+ 2- 5-007 -32 2&# !-,2',3'27 2&2 '1
0#/3'0#" 7 $3,!2'-,* 4#0'$'!2'-, -0 #6+.*# $#230#
0#/3'0#" ', 2&# "#1'%, 1.#!'$'!2'-, +'%&2 1&-5 3. $'012 ',
*#4#* -0 ', 2&# !-"# 11-!'2#" 5'2& *#4#* 5'2&-32
#4#0 &4',% ##, 0#$#0#,!#" ', *#4#*1 -0 -+#2'+#1
2&# !&-1#, "#1'%, +#2&-"-*-%7 "-#1 ,-2 13$$'!'#,2*7 ',"':
!2# 2&2 2&'1 '1 ",%#0-31 ,!# %', 2&'1 '1 2&# 0#13*2 -$ $'*30# 2- ..0#!'2# ," 0#1.#!2 2&# !-,!#.2 -$ ',2#**#!23*
!-,20-*
$ .0-.#0 "-!3+#,22'-, .0!2'!#1 0# $-**-5#" 2&# 0#13*2 -$
#!& ',1.#!2'-, '1 !-,$'"#,!# 2&2 #!& *#4#* $3**7 12'1$'#1
2&# 0#/3'0#+#,21 -0 #6+.*# 1/30#1 2&0-3%& ', '% $3**7 '+.*#+#,2 2&# 2-.:*#4#* 1.#!'$'!2'-,1 -2&',% '1 *#$2
-32 "#$#00#" 3,"#$',#" -0 ""#" ," ,- 0#/3'0#+#,21 0#
4'-*2#" '+'*0*7 2&0-3%& $3**7 12'1$7 2&# .0-4'1'-,1
-$ ," ," $3**7 12'1$7 '2& 2&#1# !-,"'2'-,1 +#2 ',1.#!2'-,1 -$ 2&0-3%& 1&-3*" -,*7 0#/3'0# 0#$#0#,!# 2- 2&# "#$','2'-, $-0 1/30# 2- !-,$'0+ 2&2 2&0-3%& 12'1$7 $ 22#+.21 2'+.*#+#,2 $#230# -$ 2&# 1.#!'$'!2'-,1 2&2 '1 ,-2 #6.*'!'2*7
-0 '+.*'!'2*7 0#$#0#,!#" ', '2 '1 "#$#!2 ," 1&-3*" #
*-%%#" 1 13!& ', 2&# ',1.#!2'-, +##2',%
Principle 2. %'4#, "#$','2'-, ," ** -$ '21 ,#62:*#4#*
0#$',#+#,21 +312 # !-4#0#" ', 1',%*# ',1.#!2'-, 1#11'-,
&'1 +#,1 2&2 1',%*# ',1.#!2'-, 1#11'-, +312 !-4#0
1/30# ," ** -$ '21 ,#62:*#4#* 0#$',#+#,21 2&0-3%&
*2-%#2&#0 2&0-3%& 1&-3*" ,-2 # +-0# 2&,
-32 $'4# .%#1 -$ +2#0'* -0# 2&, $'4# .%#1 5-3*"
',"'!2# 2&2 2-- +3!& 0#$',#+#,2 51 22#+.2#" 2 -,# 2'+#
," ',2#**#!23* !-,20-* .0- *7 !,,-2 # +',2',#" &#
-$$#,"',% *#4#* 1&-3*" # 0#"-,# 5'2& 1-+# -$ 2&# ',2#,"#"
0#$',#+#,2 "#$#00#" 2- *-5#0 *#4#*
Principle 3. &# $3** *'$# !7!*# -$ ,7 "2 '2#+ +312 # 2-2**7
"#$',#" 2 1',%*# 0#$',#+#,2 *#4#* ," +312 # !-4#0#" ',
1',%*# ',1.#!2'-,
&'1 '1 2&# )#7 .0',!'.*# 2&2 **-51 31 2- # *# 2- ',1.#!2
," ," -,*7 # !-,!#0,#" -32 2&#'0 0#!2'-,
5'2& #!& -2&#0 ," 2&# 57 2&#7 '+.*#+#,2 &#0# '1
,- ,##" 2- "#2#0+',# $-0 #6+.*# '$ 2&#7 ',2#0!2 !-00#!2*7
5'2& -0 &'1 .0',!'.*# '1 0#)2&0-3%& !-,!#.2 ," - *'2#02#1 -,#
-$ 2&# +-12 20-3 *#1-+# 1.#!21 -$ *0%#:1712#+ +-"'$'!:
2'-, ,# 1##+1 ,#4#0 2- # 2-2**7 1#!30# +)',% !-"#
+-"'$'!2'-, &#0#1 *571 2&# !-,!#0, 2&2 1-+#2&',%
+7 # %#22',% 0-)#, 1-+#5&#0# #*1# &'1 $#0 '1 , ',23:
'2'4# !),-5*#"%+#,2 2&2 ',2#**#!23* !-,20-* '1 ,-2 #',%
+',2',#"
3!& 90#+-2# 0#)',% !, -,*7 -!!30 #!31# -$ ',!-,1'1:
2#,2 "2 +,%#+#,2 4#, 20-3 *#1-+# .0- *#+1 11-!':
2#" 5'2& ',..0-.0'2# ',2#003.2 '*'27 -0 -%31 0#!301'-,
0# !31#" 7 ',!-,1'12#,2 "2 +,%#+#,2 ,2#**#!23*
!-,20-* 0#/3'0#1 #620#+# 0#1.#!2 $-0 "2 +,%#+#,2
4'1' '*'27
•
•
•
•
•
*+5 8+5+$+.+6; %#0 $' /#+06#+0'& $; '0574+0) 6*#6 '#%* &#6#
+6'/ +5 (7..; &'(+0'& 10 # 5+0).' #$564#%6+10 .'8'. #0& 616#..;
567&+'& +0 # 5+0).' +052'%6+10 5'55+10 6 5*17.& $' %.'#4
"*'4' #0& 9*; 6*' &#6# +6'/ %1/'5 +061 ':+56'0%'
"*#6 '#%* &#6# +6'/ +5 +0+6+#.+<'& 61 #0& 9*;
19 #0& 9*'4' '#%* &#6# +6'/ +5 75'& #0& 9*#6 '(('%65
1%%74 #5 # 4'57.6 1( +65 75'
19 #0& 9*'4' '#%* &#6# +6'/ +5 72&#6'& #0& 61 9*#6 8#.7'
"*'4' 9*; #0& *19 '#%* &#6# +6'/ +5 &'.'6'&
16' 6*#6 %#4'(7. #&*'4'0%' 61 6*+5 24+0%+2.' %1064+$76'5 5+)>
0+(+%#06.; 61 %4'#6+0) #0 1$,'%6>14+'06'& 4'57.6 '8'0 +( 6*#6 +5
016 6*' +06'06 1( 6*' &'5+)0'4 *+5 24+0%+2.' +5 #.51 10' 1(
6*' 4'#5105 9*; %.'#0411/ .'0&5 +65'.( 51 9'.. 61 1$,'%6>
14+'06'& &'5+)0 /'6*1&1.1)+'5
0%' 6*' +052'%6+10 6'#/ +5 (7..; 5#6+5(+'& 6*#6 6*' &#6#
/#0#)'/'06 +5 %105+56'06 #0& %144'%6 6*'4' +5 01 0''& 61 $'
%10%'40'& #$176 +06'4#%6+105 14 +056#0%' 6*' .+(' %;%.' (14
&#6# 6*#6 +5 ).1$#. 61 6*' '06+4' /1&7.' 917.& $' (7..; &'>
5%4+$'& #0& +052'%6'& 9*'0 537#4'5 #0& 9'4' +0>
52'%6'& 37#4' 6*'0 616#..; &'(+0'5 +65 190 2146+10 1( 6*+5
/#0#)'/'06 #0& #0& 0''& 10.; $' %10>
%'40'& 6*#6 6*'; #4' 2412'4.; +/2.'/'06+0) 537#4' 5 2#46
1( 6*+5 &'(+0+6+10 37#4'5 #0& %#0 6#-' %#4' 1( 6*'+4
190 2146+10 9+6* 01 9144; #$176 6*' '(('%65 10 &*'4'0%' 61 24+0%+2.' /'#05 6*#6 +6 +5 016 0'%'55#4; 61
+052'%6 #0; .1)+% 16*'4 6*#0 6*#6 9*+%* +5 24'5'06'& +0 6*'
+052'%6+10 2#%-'6 *'4' +5 01 +06'..'%67#..; 70%10641..'&
4'37+4'/'06 61 ':'%76' 6*' '06+4' 241)4#/ /'06#..; 61
&'6'4/+0' 9*'6*'4 14 016 +6 914-5
Principle 4. !2&#6'5 /756 %10(14/ 61 6*' 5#/' /'%*#0+5/5
+0%' '8'0 6*' $'56 2155+$.' &'5+)0 241%'55'5 #4' (#..+$.' +6
+5 .+-'.; 6*#6 70#06+%+2#6'& 4'37+4'/'065 9+.. .#6'4 $' &+5%18>
'4'& 70%6+10#. 8'4+(+%#6+10 &1'5 016 24'%.7&' 6*+5 14 +0>
56#0%' +6 /#; $' &+5%18'4'& 6*#6 +6 +5 0'%'55#4; 61 6'56 #
).1$#. (.#) +0 6*' %1&' (14 9*+%* +0 6740 /756 $' 5'6 +0
6*' %1&' (14 *+5 +5 # %1//10 1%%744'0%' #0& 6*' 6;2+>
%#. 4'52105' +5 5+/2.; 61 %4'#6' 6*' ).1$#. (.#) (14 #0&
6*'0 72&#6' 61 5'6 +6 2412'4.; 7) (170& 7) (+:'&
8'4;6*+0) 914-5 (+0'
19'8'4 9' *#8' ,756 &'5641;'& 6*' #$+.+6; 61 /#-' 57$5'>
37'06 /1&+(+%#6+105 61 6*+5 /'%*#0+5/ +0 #0 +06'..'%67#..;
%10641..'& 9#; 7674' +06'..'%67#. %10641. 4'37+4'5 6*#6 6*+5
0'9 +06'4(#%' $' 4'641(+66'& +061 6*' *+)*'4 #$564#%6+10 .'8>
'.5 *' .+(' %;%.' 1( 6*+5 (.#) /756 $' (7..; &'5%4+$'& #6 6*'
537#4' 6*417)* .'8'. 0 6*#6 10' &1%7/'06 6*' 537#4' 6'56 #0& 6*' 537#4' 72&#6' /756 $' &'5%4+$'& #0& 6*'0
6*' #224124+#6' 2146+105 1( 6*+5 &'(+0+6+10 /756 $' 4'2'#6'&
#0& 4'(+0'& +0 #0& #0& 1( %1745' #.. 1( 6*+5
5*17.& $' 57$,'%6 61 # (7.. +052'%6+10
Principle 5. 06'..'%67#. %10641. /756 $' #%%1/2#0+'& $;
$1661/>72 6*+0-+0)
*'5' 24+0%+2.'5 %#0 .7.. 2'12.' +061 $'.+'8+0) 6*#6 6*'; *#8'
+06'..'%67#. %10641. 9*'0 +0 (#%6 +06'..'%67#. %10641. +5 016
2155+$.' 06'..'%67#. %10641. +5 $; +65 0#674' # 612>&190
241%'55 #0& +5 '0&#0)'4'& $; # 2+6(#.. 6*#6 6*4'#6'05 #.. 612>
&190 &'5+)0 241%'55'5 6*' 6'0&'0%; 61 2156210' 4'#. &'%+>
5+105 +0&'(+0+6'.; 1 #81+& 6*+5 2+6(#.. 6*' &'5+)0'45 /756 $'
#.'46 61 216'06+#. =#0&>6*'0>#>/+4#%.'>*#22'05 5+67#6+105
0;6*+0) 6*#6 .11-5 5752+%+175.; 64+%-; 5*17.& $' 241616;2'&
#5 5110 #5 2155+$.' .. 6*' 612>&190 &'5+)0 &+5%+2.+0' +0
6*' 914.& 9+.. 016 5#8' # 241,'%6 6*#6 &'2'0&5 7210 # ('#>
674' 6*#6 +5 $';10& 6*' %744'06 56#6' 1( 6*' #46 7%* # ('#674'
/#; 016 $' 4'%1)0+<'& 706+. 8'4; .#6' +0 6*' &'8'.12/'06
%;%.' +( 612>&190 &'5+)0 +5 #..19'& 61 $.+0& 6*' &'8'.12'45
61 +65 ':+56'0%'
The Key Word Is “Obvious.” 6 /756 $' 4'/'/$'4'& 6*#6 6*'5'
(+8' 24+0%+2.'5 #4' (1..19'& (14 6*' 5+0).' 274215' 1( /#-+0)
+6 1$8+175 61 6*' /1&'4#6'.; 6*1417)* 1$5'48'4 6*#6 6*'
&'5+)0 +5 %144'%6 4#%6+%#.+6; /756 $' 57((+%+'06.; &'/10>
564#6'& &1%7/'06#6+10 /756 $' 57((+%+'06.; %1/2.'6' 6*'
&'5+)0 /756 $' 6#%-.'& +0 57((+%+'06.; 5/#.. %*70-5 #0& &#6#
/#0#)'/'06 /756 $' 57((+%+'06.; %.#4+(+'& .. 1( 6*'5' /756
$' 51 1$8+175.; 57((+%+'06 6*#6 6*' 4'8+'9'4 +5 6'/26'& 61
5#; =( %1745' 65 10.; 1$8+175 "*; $'.#$14 +6 ( 6*+5 +5
016 6*' %#5' # 4'&'5+)0 +5 +0&+%#6'&
74 ':2'4+'0%' 57))'565 6*#6 6*' #%*+'8'/'06 1( 57%* #
56#6' 1( 1$8+1750'55 +5 016 # 2#46+%7.#4.; %*#..'0)+0) 6#5- 6
4'37+4'5 %#4' $76 +( 6*'5' 24+0%+2.'5 #4' 9'.. 70&'45611&
6*+5 %#4' +5 #./156 #761/#6+%
')#. 24+/+6+8' '8#.7#6+10 '0*#0%'5 +06'..'%67#. %10641. $;
2418+&+0) # /#6*'/#6+%#..; &'4+8'& 5'6 1( 37'56+105 (14 '#%*
.')#. ;-564# 24+/+6+8' ') If-Then-Else While-Do '6% 14
'#%* 24+/+6+8' 6*' &'5+)0'45 #0& 6*' 4'8+'9'45 #5- 6*' 5'6
1( 37'56+105 6*#6 #22.; 61 6*#6 24+/+6+8' #0& %10(+4/ 6*#6
'#%* 37'56+10 %#0 $' #059'4'& #((+4/#6+8'.; ( 6*+5 +5 6*'
%#5' 6*' %144'%60'55 1( 6*' 24+/+6+8' +5 '0574'&
4+)14175 &'4+8#6+10 1( 6*'5' 37'56+105 %#0 $' (170& '.5'>
9*'4' *'4' +5 +057((+%+'06 52#%' *'4' 61 )1 6*417)* 6*'5'
&'4+8#6+105 +0 &'6#+. $76 9' %#0 +..7564#6' 6*' 241%'55 #0& +65
/#6*'/#6+%#. $#5+5 $; 75+0) # 5*146 0104+)14175 #0#.;5+5 1(
10' 1( 6*'5' 5'65 6*' While-Do 24+/+6+8' 7'56+105 #551%+#6'&
9+6* 6*' 16*'4 24+/+6+8'5 #4' )+8'0 10 2#)' *' While-Do %105647%6 +5 &'(+0'& #5 (1..195
S = [While A Do B;]
9*+%* /'#05
S +5 (7..; #%*+'8'& $; [While A Do B;]
*' 5;/$1. S &'016'5 6*' 52'%+(+%#6+10 6*#6 6*' 24+/+6+8' +5
#66'/26+0) 61 5#6+5(; 14 6*' (70%6+10 +6 +5 #66'/26+0) 61 2'4>
(14/ *' 5;/$1. A +5 6*' 9*+.' 6'56 #0& B +5 6*' 9*+.' $1&;
5 #0 ':#/2.' S %17.& $' 6*' 52'%+(+%#6+10 = *' '064; +5
#&&'& 61 6*' 6#$.' *' 24'&+%#6' 4'24'5'06'& $; A 917.&
6*'0 $' #0 #224124+#6' 241%'55 61 '0#$.' 6*' 241)4#/ 61
2'4(14/ #0 +6'4#6+10 #0& 61 &'6'4/+0' +( 6*' 12'4#6+10 +5
%1/2.'6' B 917.& $' 6*' 241%'55+0) 4'37+4'& 61 #%%1/2.+5*
6*' #&&+6+10 61 6*' 6#$.' "' *#8' %*15'0 61 75' # While-Do
$'%#75' 24'57/#$.; 9' 6*+0- +6 /#-'5 5'05' "' /#; $'
+06'0&+0) 61 #%%1/2.+5* 6*' '064; #&&+6+10 $; 5%#00+0) 6*'
6#$.' 5'37'06+#..; 706+. #0 #224124+#6' +05'46+10 21+06 +5
(170& #0& 6*'0 52.+%+0) 6*' '064; +061 6*' 6#$.' #6 6*#6 21+06
"*'6*'4 14 016 6*+5 /#-'5 5'05' &'2'0&5 7210 6*' -0190
%*#4#%6'4+56+%5 1( 6*' '064; #0& 6*' 6#$.' 6 #.51 /#; &'2'0&
7210 6*' ':2.+%+6 14 +/2.+%+6 ':+56'0%' 1( # (746*'4 2#46 1(
6*' 52'%+(+%#6+10 57%* #5 =…9+6*+0 /5
1 +08'56+)#6' 9*'6*'4 +6 *#5 $''0 %1&'& %144'%6.; 6*'
(1..19+0) 6*4'' 37'56+105 #4' #5-'&
70' '9.'66>#%-#4& 1740#.
0 ),,- 1"/*&+1&,+ $2/+1""! #,/ +6 /$2*"+1 ,# S
%"+ A &0 1/2" !,"0 S ".2) B #,)),4"! 6 S
%"+ A &0 #)0" !,"0 S ".2) S
%"+ 1%" +04"/ 1, 1%"0" 1%/"" .2"01&,+0 &0 6"0 1%" ,//" 17
+"00 ,# 1%" While-Do &0 $2/+1""! %" -",-)" 0(&+$ 1%"0"
.2"01&,+0 0%,2)! " 1%" !"0&$+"/ +! 1%" &+0-" 1,/0
S
Evaluate
A
While A Do B
%"0" .2"01&,+0 /".2&/" 0,*" "5-)+1&,+
0 ),,- 1"/*&+1&,+ $2/+1""! #,/ +6 /$2*"+1 ,# S
Value
%&0 *"+0 1%1 #,/ +6 !1 -/"0"+1"! 1, 1%" #2+ 1&,+ !"7
#&+"! 6 S 4&)) 1%" While-Do )460 1"/*&+1" ,/ &+01+ " &+
,2/ "5*-)" /" 1%"/" +6 -,00&)" &+01+ "0 ,# 1%" "+1/6 ,/
1%" 1)" #,/ 4%& % 1%" While-Do 4&)) $, &+1, + "+!)"00 ),," 20" A + +"3"/ .2&/" 3)2" ,# FALSE
%&0 4,2)! --"/ 1, " + ,3&,20 .2"01&,+ , ,3&,20
1%1 1%" /"!"/ *6 " 1"*-1"! 1, 0( 4%6 &1 &0 "3"+ *"+7
1&,+"! ,4"3"/ 1%"/" &0 ) ( ,# /"0-" 1 #,/ While-Do
1"/*&+1&,+ ,+!&1&,+0 +! *+6 !"#" 10 , 2/ " 20" ,#
#&)2/" 1, 1"/*&+1" #,/ "/1&+ &+-210 -/,-"/ /"0-" 1 #,/
1%&0 .2"01&,+ 4&)) 20" -/,$/**"/ 1, 1(" /" 4%"+
20&+$ &1 +! 4&)) 0&$+&#& +1)6 %")- 1, 3,&! +,+1"/*&+1&,+
#&)2/"0
"0-" 1 #,/ 1%&0 .2"01&,+ &0 '201&#&"! " 20" &1 &0 !&##& 2)1 1,
-/,3" While-Do 1"/*&+1&,+ + # 1 &1 + " *1%"*1& ))6
-/,3"+ 1%1 #,/ 1%" $"+"/) 0" &1 &0 &*-,00&)" 1, -/,3"
1"/*&+1&,+
, $2/+1"" 1%" ,//" 1+"00 ,# While-Do &1 &0
1%"/"#,/" +" "00/6 1, !"0&$+ 0&*-)" 1"/*&+1&,+ ,+!&1&,+0
1%1 + " "0&)6 3"/&#&"! 6 &+0-" 1&,+ ,*-)& 1"! While-Do
1"010 *201 " 3,&!"!
%"+ A &0 1/2" !,"0 S ".2) B #,)),4"! 6 S
%&0 *"+0 1%1 4%"+ A &0 1/2" + S " %&"3"! 6
"5" 21&+$ B +! 1%"+ -/"0"+1&+$ 1%" /"02)10 1, S $&+ %&0
.2"01&,+ &0 +,1 .2&1" 0, ,3&,20
1"/1&3" 011"*"+10 /" 3"/6 !&##& 2)1 1, -/,3" , -/,3" 1%"
,//" 1+"00 ,# 1%" 4%&)" 011"*"+1 &1 &0 !"0&/)" 1, %+$" &1
1, +,+&1"/1&3" #,/* " %+$" &1 6 &+3,(&+$ S /" 2/7
0&3")6 %20 1%" "5-/"00&,+
S = [While A Do B;]
" ,*"0
S = [If A Then (B; S);]
5-/"00&,+ &0 +, ),+$"/ + &1"/1&3" ,+01/2 1 +! + "
*,/" /"!&)6 -/,3"+ &$ 0%,40 1%" !&$/*0 #,/ 1%"0"
14, "5-/"00&,+0
%" ".2&3)"+ " ,# 1%"0" 14, 011"*"+10 + " /&$,/,20)6
!"*,+01/1"! +,+/&$,/,20 #"")&+$ #,/ &1 + " ,1&+"!
6 ,0"/3&+$ 1%1 4%"+ A &0 1/2" &+ [While A Do B] 1%" B "5-/"07
0&,+ &0 "5" 21"! ,+ " +! 1%"+ 6,2 01/1 1 1%" "$&++&+$ 6
*(&+$ 1%" [While A] 1"01 $&+ # [While A Do B] &0 1/2)6 ".2) 1,
S 1%"+ ,+" ,2)! &*$&+" 1%1 /1%"/ 1%+ 01/1&+$ $&+ 1
1%" "$&++&+$ 4&1% 1%" [While A] 1"01 6,2 0&*-)6 01/1 1 1%"
"$&++&+$ ,# S %1 %+$"0 1%" While-Do 1, 0&*-)" If-Then
+! 1%" -/"!& 1" A &0 1"01"! ,+)6 ,+ " # &1 &0 1/2" 6,2 "5"7
21" B ,+" 1&*" +! 1%"+ "5" 21" S 1, #&+&0% 1%" -/, "00&+$
%" 16-& ) #&/01 /" 1&,+ 1, 1%&0 ,+ "-1 &0 1%1 4" %3"+1
%")-"! 1 )) %" S "5-/"00&,+ &0 01&)) &1"/1&3" +! +,4
2+" "4)"117 (/! ,2/+)
True
B
False
Continue
S
Evaluate
A
If A Then (B; S)
Value
True
B
False
Continue
S
&$/*0 ,# 1%" -/&*&1&3"0 While A Do B +! If A Then (B; S)
4"3" *!" &1 /" 2/0&3" *(&+$ &1 0""* 1%1 4" %3" *,/"
1, -/,3" %" /"0-,+0" 1, 1%&0 ,*-)&+1 &0 1%1 4" !,+1
%3" 1, -/,3" +61%&+$ ,21 S 1 )) %" 0-" &#& 1&,+ 1%"
"+1/6 &0 !!"! 1, 1%" 1)" &0 +"&1%"/ &1"/1&3" +,/ /" 2/0&3"
" %3" 0&*-)6 %,0"+ 1, &*-)"*"+1 &1 20&+$ While-Do ,+7
01/2 1 " ,2)! -/"02*)6 %3" &*-)"*"+1"! &1 0,*"
,1%"/ 46
S &0 +,1%&+$ *,/" 1%+ 1%" 0-" &#& 1&,+ + 1%" $"+"/) 0"
&1 *6 " ,*-)"1")6 /&1//6 011"*"+1 #/,* +6 0,2/ "
%"1%"/ 1%" 0-" &#& 1&,+ &0 ,//" 1 ,/ +,1 &0 +,1 ,2/ /"0-,+7
0&&)&16 2/ /"0-,+0&&)&16 &0 1, &*-)"*"+1 &1 0 !"#&+"!
2"01&,+ + 1%"/"#,/" " /"011"! 0 #,)),40 # A &0 1/2"
4%"+ 4" "5" 21" B ,+" 1&*" +! 1%"+ 12/+ 1%" /"02)1 ,3"/
1, 4%1"3"/ 4"3" !"#&+"! S 1, " !,"0 1%" /"02)1 01&))
%&"3" S + ##&/*1&3" +04"/ 01&0#&"0 .2"01&,+ + 1"/*0 ,# ,2/ "5*-)" B 4&)) %3" "5*&+"! -/1 ,# 1%"
1)" 1 4&)) "&1%"/ )/"!6 %3" &+0"/1"! 1%" +"4 "+1/6 &+1,
1%" 1)" ,/ &1 4&)) %3" !" &!"! 1%1 1%" -,/1&,+ ,# 1%" 1)"
&1 "5*&+"! &0 +,1 +!&!1" #,/ &+0"/1&+$ ,# 1%" "+1/6 %"
2+"5*&+"! -,/1&,+ ,# 1%" 1)" &0 +,4 1%" +"4 1)" 2-,+
4%& % 1%" ,+01/2 1 *201 "5" 21" %&0 +"4 &+01+ " ,# 1%"
1)" *201 " ,*-/)" 1, 01+!),+" &+01+ " ,# 1%"
1)" 0, 1%1 1%" ,+ "-1 ,# !!&+$ + "+1/6 1, 1%" 1)" 01&))
*("0 0"+0" # 1%" /"02)1&+$ 1)" #/$*"+1 +, ),+$"/ ),,(0
)&(" +6 #,/* ,# 1%" 1)" #,/ 4%& % 1%" 0-" &#& 1&,+ S 40
$"+"/1"! .2"01&,+ *6 +,1 " +04"/)" ##&/*1&3")6
+! 1%" -/,-,0"! ,!" 4,2)! 1%"+ " &+ ,//" 1
(%. A )3 &!,3% $/%3 S %15!, S
()3 15%34)/. 3%%-3 &!)2,9 /"6)/53 "54 )4 )3 &2%15%.4,9 /6%2<
,//+%$ & A )3 &/5.$ 4/ "% &!,3% 4(% &)234 4)-% 4(% While-Do )3
%8%#54%$ !.$ 4(%2%&/2% ./ 02/#%33).' /& B /##523 )3 4()3
3!4)3&!#4/29 /%3 4(% 30%#)&)#!4)/. S !,,/7 &/2 ./4().' 4/
(!00%. !.$ 4(%2%&/2% &/2 ./ #(!.'% 4/ /##52 !3 ! 2%35,4 /&
)43 %8%#54)/.
. /52 %8!-0,% 4(% 4%34 0/3%$ "9 4()3 15%34)/. 7/5,$ ,)+%,9
&!), S 2%15)2%3 3/-%4().' 4/ (!00%. )% !. %.429 4/ "%
!$$%$ 4/ 4(% 4!",% ()3 7/5,$ 35''%34 4(!4 4(% While-Do -!9
./4 "% 4(% !002/02)!4% #/.3425#4 &/2 4()3 S % -!9 .%6%2
(!6% ./4)#%$ 4()3 &!#4 )& 7% (!$.4 "%%. &/2#%$ 4/ %8!-).%
15%34)/. #!2%&5,,9
(% 02).#)0,% /& 3425#452%$ $!4!
2%#/'.):%3 4(!4 5.$)3#)<
0,).%$ !##%33%3 4/ 2!.$/-,9 !##%33%$ !22!93 /2 !##%33%3 4(!4
53% '%.%2!,):%$ 0/).4%23 #!53% 4(% 3!-% +).$ /& ;2%!3/.).'
%80,/3)/. 02/$5#%$ "9 4(% 5.$)3#)0,).%$ 53% /& GOTO3 /2
).34!.#% 4!+% 4(% ).3425#4)/.
A[i] = B[j+k];
()3 34!4%-%.4 ,//+3 )../#%.4 %./5'( 4 7/5,$ !00%!2 4/
"% !002/02)!4% ). !.9 7%,,<3425#452%$ 02/'2!- /4% (/7<
%6%2 4(!4 )4 ).6/,6%3 &)6% 6!2)!",%3 !,, /& 7()#( -534 "% !#<
#/5.4%$ &/2 ). !.9 #/22%#4.%33 !.!,93)3 & 4(% 02/'2!- ).
7()#( 4()3 34!4%-%.4 /##523 )3 35#( 4(!4 4()3 34!4%-%.4 )3
%8%#54%$ 3%6%2!, 4)-%3 3/-% /& 4(%3% 6!2)!",%3 -!9 "% 3%4
). ).3425#4)/.3 4(!4 /##52 ,!4%2 ). 4(% 02/'2!- (53 4()3
).3425#4)/. !,, "9 )43%,& #2%!4%3 ! 2%!3/.).' %80,/3)/.
534 !3 9+342! 35''%34%$ 4(!4 GOTO3 3(/5,$ ./4 "% 53%$ !4
!,,
4(% /2)').!4/23 /& #,%!.2//- 35''%34 4(!4 2!.$/-,9
!##%33%$ !22!93 !.$ 0/).4%23 3(/5,$ ./4 "% 53%$ 9+342!
2%#/--%.$%$ ! 3%4 /& 02)-)4)6%3 4/ 53% ). 0,!#% /& GOTO3
. 4(% 3!-% 7!9 #,%!.2//- 2%#/--%.$3 4(!4 2!.$/-,9
!##%33%$ !22!93 "% 2%0,!#%$ 7)4( 3425#452%3 35#( !3 15%5%3
34!#+3 !.$ 3%43 (%3% 3425#452%3 !2% 3!&%2 "%#!53% 4(%)2 !#<
#%33 -%4(/$3 !2% -/2% #/.342!).%$ !.$ $)3#)0,).%$ !.9
#522%.4 /"*%#4</2)%.4%$ #,!33 ,)"2!2)%3 3500/24 4(%3% 3425#452%3
$)2%#4,9 !.$ 4!+% -5#( /& 4(% -934%29 !.$ 4(% #/-0,%8)49 /54
/& -%.4!,,9 #/.6%24).' &2/- 2!.$/-<!22!9 4().+).'
4!4)34)#!, 4%34).' )3 ./4 2%!,,9 2%15)2%$ &/2 #,%!.2//- "54 )4
)3 ()'(,9 2%#/--%.$%$ "%#!53% )4 !,,/73 !. !33%33-%.4 /&
15!,)49 ). 3)'-! 5.)43 4 $/%3 ./4 -%!352% 15!,)49 ). $%&%#43
0%2 ,).%3 /& #/$% %!352).' 15!,)49 ). 3)'-! 5.)43 ')6%3 53%23
6)3)"),)49 /& (/7 /&4%. ! $%&%#4 )3 %80%#4%$ 4/ "% %.#/5.4%2%$
/2 ).34!.#% )4 -!+%3 ./ $)&&%2%.#% )& 4(%2% !2% $%&%#43
0%2 4(/53!.$ ,).%3 /& #/$% )& 4(% 53%2 .%6%2 !#45!,,9 %.#/5.<
4%23 !.9 /& 4(%- (% 02/$5#4 7/5,$ "% 0%2#%)6%$ !3 6%29
2%,)!",% . 4(% /4(%2 (!.$ 4(% 02/$5#4 -!9 (!6% /.,9 /.%
$%&%#4 ). ,).%3 /& #/$% "54 )& 4(% 53%2 %.#/5.4%23
4()3 $%&%#4 %6%29 /4(%2 $!9 4(% 02/$5#4 )3 0%2#%)6%$ 4/ "%
6%29 5.2%,)!",%
4!4)34)#!, 4%34).' !,3/ #,%!2,9 3(/73 7(%. 4%34).' )3 #/-0,%4%
!.$ 7(%. 4(% 02/$5#4 #!. 3!&%,9 "% 2%,%!3%$ & 4(% -/$%, )3
02%$)#4).' 4(!4 4(% 53%2 7),, %.#/5.4%2 ! $%&%#4 ./ -/2%
/&4%. 4(!. /.#% %6%29 9%!23 7)4( !. 5.#%24!).49 /&
±
9%!23 )4 #/5,$ "% $%#)$%$ 4(!4 )4 )3 3!&% 4/ 2%,%!3% 4(%
As described in the accompanying article, the process of doing legal primitive
evaluation involves asking a set of mathematically derived questions about the of
basic programming primitives (e.g., If-Then-Else, For-Do, etc.) used in a program.
The following is a list of the questions that must be investigated for each primitive.
In the following list S refers to the specification that must be satisfied by the
questions asked about the referenced primitive.
• Sequence
S = [A; B;]
Does S equal A followed by B?
S = [For A Do B;]
• For-Do
Does S equal first B followed by second B … followed by last B?
S = [If A Then B;]
• If-Then
If A is true, does S = B?
If A is false, does S = S?
• If-Then-Else
S = [If A Then B Else C;]
If A is true, does S equal B?
If A is false, does S equal C?
• Case
S = [Case P part (C1) B1 … part (Cn) Bn Else E;]
When p is C1, does S equal B1?
.
.
.
When p is Cn, does S equal Bn?
When p is not a member of set (C1, …, Cn), does S equal E?
S = [While A Do B;]
• While-Do
Is loop termination guaranteed for any argument of S?
When A is true, does S equal B followed by S?
When A is false, does S equal S?
S = [Do A Until B;]
• Do-Until
Is loop termination guaranteed for any argument of S?
When B is false, does S equal A followed by S?
When B is true, does S equal A?
S = [Do1 A While B Do2 C;]
• Do-While-Do
Is loop termination guaranteed for any argument of S?
When B is true, does S equal A followed by C followed by S?
When B is false, does S equal A?
02/$5#4 ()3 )3 535!,,9 "%44%2 4(!. 3/-% ).$53429<34!.$!2$
-%4(/$3 %' 7(%. 4(% !442)4)/. 2!4% &2/- "/2%$/- !-/.'
4(% 4%34 4%!- %8#%%$3 ! #%24!). 4(2%3(/,$ )4 -534 "% 4)-% 4/
2%,%!3% /2 ; (%. )3 4()3 02/$5#4 3500/3%$ 4/ "% 2%,%!3%$
!9 4( (!43 4/$!93 $!4% !9 4( ( (%. 7% -534
"% &).)3(%$ 4%34).'
4!4)34)#!, 4%34).' 30%#)&)%3 4(% 7!9 4%34 3#%.!2)/3 !2% $%6%,<
/0%$ !.$ %8%#54%$ %34).' )3 $/.% 53).' 3#%.!2)/3 4(!4
#/.&/2- 4/ 4(% %80%#4%$ 53%2 02/&),% 53%2 02/&),% )3 '%.%2<
!4%$ "9 )$%.4)&9).' !,, 34!4%3 4(% 3934%- #!. "% ). %' !,,
3#2%%.3 4(!4 #/5,$ "% $)30,!9%$ "9 4(% 3934%- !.$ /. %!#(
/.% )$%.4)&9).' !,, 4(% $)&&%2%.4 !#4)/.3 4(% 53%2 #/5,$ 4!+%
!.$ 4(% 2%,!4)6% 0%2#%.4!'% /& ).34!.#%3 ). 7()#( %!#(
7/5,$ "% 4!+%. 3 4(% 3#%.!2)/ '%.%2!4/2 02/'2%33%3
4(2/5'( 4(%3% 34!4%3 !#4)/.3 !2% 3%,%#4%$ 2!.$/-,9 7)4( !
7%)'(4).' 4(!4 #/22%30/.$3 4/ 4(% 02%$)#4%$ 53%2 02/&),%
/2 ).34!.#% )& ! ')6%. 3#2%%. (!3 ! -%.5 )4%- 4(!4 )3 !.4)#)<
0!4%$ 4/ "% ).6/+%$ /& 4(% 4)-% 7(%. 4(% 53%2 )3 ). 4(!4
3#2%%. 4(% ).6/#!4)/. /& 4()3 -%.5 )4%- )3 34)05,!4%$ ). /& 4(% '%.%2!4%$ 3#%.!2)/3 ).6/,6).' 4(% 3#2%%. & !./4(%2
5.% %7,%44<!#+!2$ /52.!,
3+4; /:+3 =/22 542? (+ /4<51+* 5, :.+ :/3+ /: =5;2* (+
)'22+* /4 542? 5, :.+ 9)+4'8/59
$.+9+ 9)+4'8/59 '8+ :.+4 +>+);:+* '4* :.+ +8858 ./9:58? /9
+<'2;':+* '))58*/4- :5 ' 3':.+3':/)'2 35*+2 *+9/-4+* :5
68+*/): .5= 3'4? 358+ *+,+):9 :.+ ;9+8 =5;2* +4)5;4:+8 /4
' -/<+4 6+8/5* 5, :/3+ 58 /4 ' -/<+4 4;3(+8 5, ;9+9 $.+8+
'8+ 9+<+8'2 */,,+8+4: 35*+29 *+9)8/(+* /4 :.+ 2/:+8':;8+
4 -+4+8'2 9:':/9:/)'2 :+9:/4- :'1+9 2+99 :/3+ :.'4 :8'*/:/54'2
:+9:/4- 9 9554 '9 :.+ 35*+2 68+*/):9 ' 7;'2/:? 2+<+2 )588+A
9654*/4- :5 ' 68+*+,/4+* -5'2 +- 9/> 9/-3' =/:. ' 9;,,/A
)/+4:2? 93'22 8'4-+ 5, ;4)+8:'/4:? '295 68+*+,/4+* :.+
685*;): )'4 (+ 9',+2? 8+2+'9+* $./9 /9 :.+ )'9+ +<+4 =.+4
:+9:/4- )5<+8'-+ /9 45: *54+ 58 =.+4 5, :.+
6':.='?9 '8+ 45: +>+);:+*
#:':/9:/)'2 :+9:/4- 8+7;/8+9 :.': :.+ 95,:='8+ :5 =./). /: /9
'662/+* (+ 3/4/3'22? 8+2/'(2+ , '4 '::+36: /9 3'*+ :5 '662?
/: :5 95,:='8+ :.': .'9 '4 /4*;9:8?A:?6/)'2 *+,+): *+49/:? '4?
5, :.+ 9:':/9:/)'2 35*+29 =/22 *+3549:8':+ /49:'(/2/:/+9 '4*
;9;'22? (25= ;6 &.+4 :.+? *54: (25= ;6 :.+/8 68+*/):/549
'8+ 95 ;4,'<58'(2+ :.': ' *+)/9/54 /9 ;9;'22? 3'*+ :5 /-458+
:.+3 $./9 /9 '4 '4'2?:/)'2 8+,2+):/54 5, :.+ ,'): :.': ?5; )'4:
:+9: 7;'2/:? /4:5 ' 685-8'3
2:.5;-. /: /9 :.+ 7;'2/:? 9:8':+-? ).59+4 ,58 3'4? 685*;):9
/: /9 45: 6599/(2+ :5 :+9: 7;'2/:? /4:5 ' 685*;): +'8)5
.'9 '4 +>)+22+4: '4'2?9/9 :.': *+3549:8':+9 :.+ <'2/*/:? 5,
:./9 68+3/9+ $./9 '4'2?9/9 /9 ('9+* 54 :.+ '66'8+4: ,'): :.':
542? '(5;: .'2, 5, '22 *+,+):9 )'4 (+ +2/3/4':+* (? :+9:/4-
(;: :.': :./9 ,'):58 5, :=5 /9 9='36+* (? :.+ <'8/'(/2/:? 5,
:.+ 95,:='8+ 6')1'-+9 54 :.+ 3'81+: $.+ */,,+8+4)+ /4 *+A
,+): *+49/:? (+:=++4 :.+ (+9: '4* =589: 685*;):9 /9 ' ,'):58
5, '2359: , )5;89+ :.+9+ '8+ :.+ +>:8+3+9 $.+
,'):58 */,,+8+4)+ (+:=++4 :.+ :. 6+8)+4:/2+ '4* :.+ :.
6+8)+4:/2+ /9 '(5;: '))58*/4- :5 +'8)5 5 54+ 9;--+9:9
:.': :+9:/4- 9.5;2* 45: (+ *54+B/: +2/3/4':+9 +>:8+3+2?
45>/5;9 *+,+):9 =./). '8+ +'9? :5 :+9: ,58B(;: )536'8+*
:5 :.+ <'8/'(/2/:? 5, 95,:='8+ 6')1'-+9 :.+ ,'):58 5, :=5 /9
'2359: /88+2+<'4: &.': :.+4 '8+ :.+ ,'):589 :.': 685*;)+
7;'2/:? 95,:='8+
'6+89 54+9
9;--+9:9 :.': /496+):/549 '254+ )'4 685*;)+
' +2/3/4':/54 5, *+,+):9 '4* =.+4 :+9:/4- /9 '**+*
5, *+,+):9 '8+ +2/3/4':+* $.+8+ /9 45 8+658:+* 9:;*?
(;: :.+ 2/:+8':;8+ =5;2* 9;--+9: :.': /496+):/549 )5;62+*
=/:. ,;4):/54'2 <+8/,/)':/54 =5;2* +2/3/4':+ 358+ :.'4 5, *+,+):9 "+3'81'(2? +45;-. :+9:/4- 9++39 :5 +2/3/4':+
359: </8:;'22? '22 5, :.+ 8+3'/4/4- *+,+):9 $.+ 2/:+8':;8+
:?6/)'22? 8+658:9 :.': 45 ,;8:.+8 *+,+):9 '8+ ,5;4* ',:+8 :.+
58/-/4'2 :+9: )?)2+ /9 )5362+:+ '4* :.': 454+ '8+ ,5;4* /4 :.+
,/+2* $./9 ='9 '295 5;8 +>6+8/+4)+
$.+8+ /9 '66'8+4:2? ' 9?4+8-/93 (+:=++4 ,;4):/54'2 <+8/,/)'A
:/54 '4* :+9:/4- ;4):/54'2 <+8/,/)':/54 +2/3/4':+9 *+,+):9
:.': '8+ */,,/);2: :5 *+:+): =/:. :+9:/4- $.+ *+,+):9 :.': '8+
2+,: ',:+8 '662/)':/54 5, /496+):/549 '4* ,;4):/54'2 <+8/,/)':/54
'8+ -+4+8'22? :.59+ :.': '8+ +'9? :5 :+9: ,58 $.+ 8+9;2: /9 :.':
5, '22 *+,+):9 '8+ +2/3/4':+* </' :.+ )53(/4':/54 5,
* This factor is based on a defect density of 60 defects per KNCSS for the worst products and
0.016 defects per KNCSS for the best products. The factor difference between these two
extremes is 60/0.016 = 3750 or 4000.
;4+ +=2+::A!')1'8* 5;84'2
/496+):/549 ,;4):/54'2 <+8/,/)':/54 '4* :+9:/4- $'(2+ 9;3A
3'8/@+9 :.+ 6+8)+4:'-+ 5, *+,+): 8+35<'2 =/:. :.+ '662/)':/54
5, /4*/</*;'2 58 )53(/4':/549 5, */,,+8+4: *+,+): *+:+):/54
9:8':+-/+9
Table II
Defect Removal Percentages
Based on Defect Detection Strategies
Detection Strategy
% Defect Removal
$+9:/4-
496+):/549
496+):/549 $+9:/4-
496+):/549 ;4):/54'2 %+8/,/)':/54
496+):/549 ;4):/54'2 %+8/,/)':/54
$+9:/4-
&+ '662/+* )2+'48553 :5 :.8++ 6850+):9 '2:.5;-. 542? 54+
5, :.+3 '):;'22? 3'*+ /: :5 :.+ 3'81+:62')+ $.+ 6850+): :.':
3'*+ /: :5 3'81+: .'* )2+'48553 '662/+* '22 :.+ ='?
:.85;-. /:9 2/,+ )?)2+ $.+ 5:.+8 6850+):9 =+8+ )'4)+2+* ,58
454:+).4/)'2 8+'9549 (;: )2+'48553 ='9 '662/+* '9 254- '9
:.+? +>/9:+* $.+ )5362+:+* 6850+): =./). )549/9:+* 5, '
8+2':/<+2? 93'22 '35;4: 5, )5*+ ## ='9 8+2+'9+* '9
6'8: 5, ' 2'8-+ /)8595,: &/4*5=9 9?9:+3 $.+ 6850+): :+'3
,58 :./9 +,,58: )549/9:+* 5, ,/<+ 95,:='8+ +4-/4++89
22 :.+ :+).4/7;+9 *+9)8/(+* /4 :./9 6'6+8 +>)+6: 9:8;):;8+*
*':' '4* 9:':/9:/)'2 :+9:/4- =+8+ '662/+* :5 :.+ 6850+):9 22
:.+ 685*;):9 =+8+ /)8595,: &/4*5=9 '662/)':/549 =8/::+4 /4
58 #:8;):;8+* *':' ='9 45: '**8+99+* (+)';9+ =+
4+<+8 )'3+ ')8599 ' 9+8/5;9 4++* ,58 8'4*53 '88'?9 58
65/4:+89 2:.5;-. 9:':/9:/)'2 :+9:/4- ='9 45: '662/+* /: ='9
5;8 /4:+4: +<+4:;'22? :5 *5 95 (;: :.+ :5:'2 2')1 5, *+,+):9
*+35:/<':+* ;9 ,853 6;89;/4- ' )5362/)':+* '4'2?:/)'2 :+9:A
/4- 35*+ 6'8:/);2'82? =.+4 5;8 :+9:/4- 8+95;8)+9 =+8+ /4
./-. *+3'4* ,853 :.+ 58-'4/@':/54 :5 .+26 5:.+8 658:/549 5,
:.+ 9?9:+3 68+6'8+ ,58 685*;): 8+2+'9+
Design Methodology. &+ '662/+* :.+ 8/-585;9 5(0+):A58/+4:+*
3+:.5*525-? 145=4 '9 (5> 45:':/54 $./9 /9 :.+ 3+:.5*52A
5-? 8+)533+4*+* (? :.+ )2+'48553 58/-/4':589 &+ ,5;4* /:
:5 (+ 9':/9,?/4-2? 8/-585;9 '4* */9)/62/4+*
5> 45:':/54 /9 ' 3+:.5*525-? :.': 685-8+99+9 ,853 ,;4)A
:/54'2 96+)/,/)':/54 :5 *+:'/2+* *+9/-4 :.85;-. ' 9+8/+9 5,
9:+69 8+68+9+4:+* '9 (5>+9 =/:. <'8?/4- :8'496'8+4)? $.+
,/89: (5> /9 ' (2')1 (5> 9/-4/,?/4- :.': '22 +>:+84'2 '96+):9 5,
:.+ 9?9:+3 58 35*;2+ '8+ 145=4 (;: 454+ 5, :.+ /4:+84'2
/362+3+4:':/54 /9 145=4 $./9 /9 :.+ ;2:/3':+ 5(0+): : /9
*+,/4+* (? 45:/4- '22 :.+ 9:/3;2/ '662/+* :5 :.+ (5> (? :.+
;9+8 '4* :.+ 5(9+8<'(2+ 8+96549+9 685*;)+* (? :.+9+ 9:/3;2/
4+</:'(2? :.+9+ 8+96549+9 '8+ ' ,;4):/54 45: 542? 5, :.+
9:/3;2;9 (;: '295 5, :.+ 9:/3;2;9 ./9:58? 58 +>'362+ '
35;9+ )2/)1 ': 25)':/54 54 :.+ 9)8++4 =/22 685*;)+ '
8+96549+ :.': *+6+4*9 ;654 :.+ (+.'</58 5, :.+ =/4*5=
:.': );88+4:2? /4)2;*+9 :.+ 25)':/54 $.+ =/4*5= ':
:.': 25)':/54 /9 /4 :;84 ' ,;4):/54 5, '22 :.+ 68+</5;9 35;9+
)2/)19 '4* 5:.+8 /46;:9 :5 :.+ 9?9:+3
" &% )2 #- ."( )(0,. .) -.. )2 #( 1"#" ."
-.#'/&/- "#-.),3 *,)/#(! ." ,-*)(-- ) ." &% )2 #*./, #( ." ),' ) -..- .". ." )2 *--- .",)/!"
" ,-*)(- *,)/ 3 !#0( -.#'/&/- ( .,6
'#( (). (--,#&3 ,)' ." (&3-#- ) *).(.#&&3 #( #6
(#. -.#'/&/- "#-.),3 /. '), -#'*&3 3 ().#(! ." -.. ."
-3-.' #- #( ( ." ,-*)(- *,)/ 3 .". -.#'/&/1#."#( .". -.. ..- , *./, - 0&/- 1#."#( -.
) -.. . " -.. )2 /&&3 ,0&- ."#- . . )(.#(( #(.,(& &% )2 .". .%- - #.- #(*/. ." -.#'/&/- (
." /,,(. -. ) -.. . ( *,)/- ." -#, ,6
-*)(- ( (1 -. ) -.. . " -.. . #- /&&3
,0& /. ." #(.,(& &% )2 -.#&& "#- #.- )1( #(.,(&
*,)--#(!
" -.. )2 #- ."( )(0,. .) &, )2 #( 1"#" &&
*,)--#(! #- 0#-#& )10, ."#- *,)--#(! #- ,*,-(.
- -,#- ) #(.,.#(! &% )2- #( 1"#" ." #(.,6
.#)(- ( ." ,&.#)(- , &,&3 0#-#& /. )( !#( ."
&% )2- "# ."#, )1( #(.,(& *,)--#(! "#- &,
)2 #- ." #(& #'*&'(..#)( ) ." )$. ( ."#- )$.
." (*-/&. . ( ." '.")- .) *,)-- #. ,
&,&3 0#-#&
" ) ."- #(.,(& &% )2- #- ."( .,. -#'#&,&3 #(
-.*1#- , #('(. *,)-- .". (- )(&3 1"( && ."
#(.,(& &% )2- ( 2*,-- - -#(!& )''() ." -.#(.#)( &(!/!
"#- *,)-- &&)1- '(3 ) ." *#. &&- ) )$.6),#(.
-#!( ( *,)!,''#(! .) 0)# 3 , /&&3 #&&/'#6
(.#(! ."' . ." *,)*, .#' ), #(-.( ." )*.#'/'
. (*-/&.#)( &0& #- '), -#&3 .,'#( /-
." -#!(, #- ), .) )(-#, #. . &0& 1", *,6
-*.#0 #- ." &,-. . (*-/&.#)( . .)) "#!" &0& !,- ')/&,#.3 ( .- 5)$. ),#(.(--
/. . (*-/&.#)( . .)) &)1 &0& *,)/- ,/(6
(#- ( '/&.#*& )*#- ) ." -' . 1#." ." --)6
#. *)--##&#.3 ) /*. ,,), ( &)-- ) #(.!,#.3 "-
*#. &&- , '), -#&3 0)# /- ." -#!(, #), .) ."#(% )/. ." +/-.#)( . 2.&3 .". *)#(. #(
." -#!( 1"( ." 0#1 ) ." -3-.' #- )*.#'/' ), -/"
)(-#,.#)(
1, 0&)* #( (-6#(/-.,3 (0#,)('(. 1",
3('# -*# #.#)(- , ,)1( /*)( ( 1", *.6
#&#.3 #- (). 0#,./ )10, 0)&/.#)(,3 &#0,3 -6
-/'- 3('# (0#,)('(. ( ()/,!- *.#&#.3
!,&-- ) ." # ,(- )." *"#&)-)*"#- , -#'#&,
. #,-. )." ',%.#(! ( '(!'(. 1, -%*.#&
"3 1, (). ,--/, 3 ." # .". &,! ')/(. )
.#' 1)/& &*- ), ." *,)/. 1)/& .% -"*
/- ) ." &,! /*6 ,)(. -#!( #(0-.'(. ( /-
-)' ./,- 1)/& (). ,-- . && /(.#& 0,3 &. #(
." 0&)*'(. 3& "3 1, .)& (). .) 2*. ( ,&3
*,).).3* 1#."#( ." #,-. 1 3- .". 1)/& ')(-.,.
." '$), ./,-
,3 +/#%&3 ."- )/.- 1, #-*&& ,%.#(! 1,)/!". #(.) ." ),. /,#(! ." ,&3 ,#!),)/- -#!(
-.!- .) *,)0# !/#( ( #,.#)( "3 *,.##*.
#( ." -*# #.#)( -.,/./,#(! ( -. *,#),#.#- ( -#,
-"/&- ), ." ,&-- "3 /!". )( .) ." # )
!..#(! ." 5$/##-. *,.- #,-. ( )/( .". ."3 1, !.6
.#(! ,& ) 0,3 +/#%&3 ( )/& "0 ."#- ,& )
,0#1 3 ,& /-,- 1"#& .", 1- -.#&& .#' .) &&)1
." /-,- % .) #( &/( -#!( #-#)(- "3 &-)
' (."/-#-.# )/. *,.##*.#(! #( ." #(-*.#)(/,#(! ." .)*6&0& #(#.#)(-
(!'(. ,&#4 .". ." 0)&/.#)(,3 -.! ,&-1, )'#(! ,!/&,&3 ()/!" ( +/#%&3 ()/!" .". ."3
)/& *,#. 0,3 ,&3 #( ." 0&)*'(. 3& 1"#"
-.! " "#!" *)--##&#.3 ) #(! #(#-" #( .#' .) "#.
." )*.#'/' ,&- 1#()1 "3 )/& ."( $/-. -)*
( *,#),#.3 .) (-/, .". ." ,&- . )/& ,&#&3
"#0
Morale. " &(,))' &#.,./, &#'- .". &(,))' .'"0 0,3 "#!" '),& ( -.#- .#)( &0& "#- #- ..,#6
/. .) ." . .". ."3 "0 #(&&3 ( !#0( ." .))&(--,3 .) "#0 ." %#( ) +/&#.3 $) .". 0,3)(
1(.- .) ) /, )1( 2*,#( 1- .". ."#- )/,,
-/,*,#-#(!&3 +/#%&3 )*& 1#." ,',%&3 #-*,.
-,&3 )'*.#& *,-)(&#.#- (). )(&3 1),% 1&&
.)!.", ."3 ' (."/-#-.# )/. ." *,)--
. **,- .". ." )&&)1#(! .),- 1, #( &/(.#& #(
Inspections. '*&)3 -&#!".&3 *. 0,-#)( ) ."
*,)/#(! "#!" '),&
6,)''( #(-*.#)( '.") ./!". 3 )' #&
• &')-. #&3 #(-*.#)(- ,. ( (0#,)('(. #( 1"#"
)/( ."#- '.") 0,3 -.#- .),3 /, '#(#'& *.6
" *,-)( )( ." .' .))% ./,(- #(! #( ." 5"). -.
.#)( 1- .) &&)1 -&#!".&3 '), #-/--#)( /,#(! ." &)!!#(!
)*& +/#%&3 0&)* ( /(,-.(#(! .". ,-)(&
'.#(! ."( #& ,)''(- &. .". ."#- 1- (
,#.##-' 1- )." *.& ( ( ##& " ,-/&.#(!
.) )''). /(.#)(& 0,# #.#)(
,(%(-- ( )*((-- 1, *,#0 3 && .) ,',%6
Functional Verification. ) ..'*. 1- ' .) #'*&'(.
&3 , ,-"#(! ( 2"#&,.#(!
(3."#(! /. ." #,-. &0& ) /(.#)(& 0,# #.#)(7#(.&6
• ' '',- 1, -/,*,#- .". ."3 1, #(! &&)1
&./& )(.,)& "#- 1- )/( .) -#&3 #'*&'(. (
.) ) 1". ."3 1, )#(! "3 1, &&)1 .) .% ."
1"( ." *,#(#*&- 1, +/.&3 ", .) 1- &')-. .#' (--,3 .) ) ." %#( ) $) ."3 &. 1- *,)*,
/.)'.# (-*.),- 1") %(1 ()."#(! )/. /(.#)(&
Productivity. ,)/.#0#.3 1- # #/&. .) '-/, (&3 )(
0,# #.#)( ), #(.&&./& )(.,)& /.)'.#&&3 )'*&#-"
*,)$. ./&&3 ' #. .) ." ',%. *& ( #. #- # #/&.
#. 1"( !#0( '.,#& .". )( ),' .) #.- *,#(#*&- (
.) #0# ." #(-.,/.#)( )/(. /,.&3 ')(! ." (!#6
'/-#(!&3 ."3 &-) /.)'.#&&3 )'*&#( 1"( -&#!".
(,- .". )(.,#/. .) #. )10, ." -/$.#0 #'*,-6
0#.#)(- ,)' ."- *,#(#*&- )/,,
-#)( 1- .". #. ,.#(&3 #(. .% (3 &)(!, "( ()
Structured Specifications. " *,)$. .' && &(,))' .- , )/( )( -/(&3 #-)0,- .". ." $) #- #(6
-.,/./, -*# #.#)(- *,)-- 0)&/.#)(,3 &#0,3 6
#-" . #,-. ."#- #- #-)(,.#(! ( (.#&#'.# /. #.
/- ) #.- -#'#&,#.3 .) ." 0)&/.#)(,3 &#0,3 '."))&6
&-) '*"-#4- ." -0#(!- .". ( ,&#4 . ." (
)!3 '(.#)( ,&#, ( /- 0)&/.#)(,3 &#0,3 #) ." *,)$. "#- )'*(-.- ), ." 2., ),. . ."
'), &#% )/, (0#,)('(. .,/./, -*# #.#)(!#((#(! ) ." *,)$.
/( 1&..6%, )/,(&
The cleanroom team mentioned in this paper no longer
exists as a single organization. However, portions of cleanĆ
room are still being practiced in certain organizations within
HewlettĆPackard. These portions especially include structured
specifications and intellectual control.
We believe our efforts can be duplicated in any software
organization. There was nothing unique about our situation.
We achieved remarkable results with less than total dogmatic
dedication to the methodology.
The product that made it to market was designed using
functional decomposition. Even though functional decomĆ
position is minimally rigorous and disciplined, we found
the results completely satisfactory. The project consisted of
enhancing a 2ĆKNCSS module to 3.5 KNCSS.
The original module was reverse engineered to generate the
functional decomposition document that became the basis
for the design. The completed module was subjected to the
intellectual control processes and the reviewers were never
told which code was the original and which was modified or
new code. A total of 36 defects were found during the inĆ
spection process for a total of 10 defects per KNCSS. An
additional five defects were found the first week of testing
(1.4 defects per KNCSS). No defects were encountered in the
subsequent 10 months of full system integration testing and
none have been found since the system was released.
It was interesting to note that the defects found during inĆ
spections included items such as a design problem which
would have, under rare conditions, mixed incompatible file
versions in the same object, a piece of data that if it had
been accessed would have produced a rare, nonrepeatable
crash, and a number of cases in which resources were not
being released which would, after a long period of time, have
caused the Windows system to halt. Most of these defects
would have been very difficult to find by testing.
Defects found during testing were primarily simple screen
appearance problems which were readily visible and easily
characterized and eliminated. These results conform well to
expected cleanroom results. About 90% of the defects were
eliminated by inspections with functional verification. About
10% more were eliminated via testing. No other defects were
ever encountered in subsequent fullĆsystem integration testĆ
ing or by customers in the field. It can be expected on the
basis of other cleanroom results reported in the literature
June 1994 HewlettĆPackard Journal
that at least 99% of all defects in this module were eliminated
in this way and that the final product probably contains no
more than 0.1 defect per KNCSS.
1. M.J. Harry, The Nature of Six Sigma Quality, Motorola Government
Electronics Group, 1987.
2. P.A. Tobias, A Six Sigma Program Implementation," Proceedings
of the IEEE 1991 Custom Integrated Circuits Conference, p. 29.1.1.
3. H.D. Mills, M. Dyer, and R.C. Linger, Cleanroom Software EngiĆ
neering," IEEE Software, Vol. 4, no. 5, September 1987, pp. 19Ć25.
4. H.D. Mills and J.H. Poore, Bringing Software Under Statistical
Quality Control," Quality Progress, Vol. 21, no. 11, November 1988,
pp. 52Ć55.
5. T. DeMarco, Controlling Software Projects, Yourdon Press, 1982,
pp. 195Ć267.
6. R.C. Linger and H.D. Mills, A Case Study in Software Engineering,"
Proceedings COMPSAC 88, p. 14.
7. H.D. Mills, R.C. Linger, and A.R. Hevner, Principles of Information
Systems Analysis and Design, Academic Press, 1986.
8. P.A. Currit, M. Dyer, and H.D. Mills, Certifying the Reliability of
Software," IEEE Transactions on Software Engineering, Vol. SEĆ12,
no. 1, January 1986, pp 3Ć11.
9. T. Gilb, The Principles of Software Engineering Management,
AddisonĆWesley, 1988, pp. 83Ć114.
10. J. Martin, Information Engineering Book III, Prentice Hall, 1990,
pp. 169Ć196.
11. Navigator Systems Series Overview Monograph, Ernst & Young
International, Ltd., 1991, pp. 55Ć56.
12. R.C. Linger, H.D. Mills, and B.I. Witt, Structured Programming:
Theory and Practice, AddisonĆWesley, 1979, pp. 227Ć229.
13. Ibid, pp. 213Ć300.
14. H.D. Mills, et al, Principles of Computer Programming, Allyn and
Bacon, Inc., 1987, pp. 236Ć238.
15. R.C. Linger, H.D. Mills, and B.I. Witt, op cit, pp. 219Ć221.
16. H.D. Mills and R.C. Linger, Data Structured Programming: ProĆ
gram Design without Arrays and Pointers," IEEE Transactions on
Software Engineering, Vol. SEĆ12, no. 2, Feb. 1986, pp. 192Ć197.
17. E.W. Dijkstra, Structured Programming," Software Engineering
Techniques, NATO Science Committee, 1969, pp. 88Ć93.
18. P.A. Currit, M. Dyer, and H.D. Mills, op cit, pp. 3Ć11.
19. T. DeMarco, op cit, p. 216.
20. Unpublished presentation given at the 1988 HP Software
Engineering Productivity Conference.
21. R.C. Linger and H.D. Mills, op cit, pp. 8Ć16.
Microsoft is a U.S. registered trademark of Microsoft Corporation.
Windows is a U.S. trademark of Microsoft Corporation.
