CS201j: Engineering Software?
University of Virginia
Computer Science
David Evans http://www.cs.virginia.edu/~evans

• What is Engineering?
– Can we engineer software?
• Small, Fun Programs vs. Big, Important
Programs
• Managing Complexity
• Course Mechanics
• PS1, Java Introduction
28 August 2003 CS 201J Fall 2003 2

28 August 2003 CS 201J Fall 2003 3

en·gi·neer·ing ( n j nîr ng) n.
1a. The application of scientific and mathematical principles to practical ends such as the design, manufacture, and operation of efficient and economical structures, machines, processes, and systems. b. The profession of or the work performed by an engineer.
2. Skillful maneuvering or direction: geopolitical engineering; social engineering.
28 August 2003 CS 201J Fall 2003 4

“Engineering is design under constraint … Engineering is synthetic
- it strives to create what can be, but it is constrained by nature, by cost, by concerns of safety, reliability, environmental impact, manufacturability, maintainability and many other such 'ilities.' ...”
William Wulf
28 August 2003 CS 201J Fall 2003 5

4500000
4000000
3500000
Moore’s Law: computing power doubles every 18 months!
3000000
2500000
2000000
1500000
1000000
500000
0

Constraints Software Engineers Face
• Not like those for “real” engineers:
– Cost, weight, physics, etc.
– Lab machines have ~ 5 million times what the
Apollo Guidance Computer needed to get to the Moon
• Complexity of what we can understand
• Most important constraint is cost of human effort to get reliability, safety, maintainability
This class is about managing complexity to produce reliable complex systems efficiently.
28 August 2003 CS 201J Fall 2003 7

28 August 2003 CS 201J Fall 2003 8

Bridges
• Continuous
– Calculus
– Testing/analysis is easy: if the bridge holds for 1M kg, it also probably holds
0.99Mkg
Software
• Discrete
– Logic, Discrete
Mathematics
– Testing/analysis is difficult
28 August 2003 CS 201J Fall 2003 9

Bridges
• Made of physical stuff
– Some costs are obvious
– Changes after construction are hard
Software
• Made of virtual stuff
– All costs are nonobvious
– Changes should be easy (but they’re not)
28 August 2003 for (int i = 0; i < rows; i++) { for (int j = 0; j < columns; j++) { nextStates [i][j] = getCellAt (i, j).getNextState ();
}
}
CS 201J Fall 2003 10

Bridges
• Obvious when it fails
– Bridge makers get sued
– Architects need licenses
Software
• Falls down quietly
(usually)
– Software vendors blame user, charge for upgrades
– Anyone can make software, no one gets sued
28 August 2003 CS 201J Fall 2003 11

Bridges
• Requirements are
(usually) obvious and easy to describe
• A good design is apparent to everyone immediately
Software
• Requirements are mysterious and hard to describe
• A good design is only apparent to “experts” but has impact later on
CellAutomata
28 August 2003
GridDisplay
Grid
CS 201J Fall 2003
Cell is a subtype of
(extends)
CellState
ConwayLifeCell
12

28 August 2003 CS 201J Fall 2003 13

• CS101, CS200, etc.
• Happy if it works once
– Test by running once
• If it doesn’t work on some input, no big deal
• Simulated in CS201j
• Must work on all possible inputs
– Need validation strategies
• If it doesn’t work on some input millions are lost, people die
28 August 2003 CS 201J Fall 2003 14

• Written by a few people over a short period of time
– Manage complexity mostly by memory
• Used by a few people over a short period of time
• Written by many people over many years
– Can’t rely on memory to manage complexity
• Used by many people over many years
– Needs to be maintained as requirements change
28 August 2003 CS 201J Fall 2003 15

• Largest program in CS200/CS101:
– ~500 lines
• F-22 Steath Fighter Avionics Software
– 1.5M lines of code
• 5EEE (phone switching software)
– 18M lines
• Windows XP
– ~50M lines
28 August 2003 CS 201J Fall 2003 16

28 August 2003 CS 201J Fall 2003 17

• Divide complex systems into many components
• Develop components independently
• Assemble them to solve the problem
What is needed to make modularization work?
28 August 2003 CS 201J Fall 2003 18

• Ignore details
• Separate what from how
• Need a specification – description of what a component should do
• Components can be built based on what they should do, not how they should do it
28 August 2003 CS 201J Fall 2003 19

28 August 2003 CS 201J Fall 2003 20

• Use reasoning and tools to check a design is sound
• Use reasoning and tools to check an implementation is sound
• Test systematically
21 28 August 2003 CS 201J Fall 2003

• Express things in more than one way and check they are consistent
• Common example: variable declarations
• Extreme example:
– Space Shuttle
• 5 on-board computers
– 4 duplicates running same software
– 1 running completely separate implementation (to same specifications)
28 August 2003 CS 201J Fall 2003 22

There are two ways of constructing a software design. One way is to make it so
simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
Tony Hoare
28 August 2003 CS 201J Fall 2003 23

• This course is about constructing dependable software systems
– Managing complexity: modularity, abstraction, specification
– Achieving dependability: analysis, redundancy
• Good design is key
– How to divide problems into modules
– How to hide details
28 August 2003 CS 201J Fall 2003 24

CS 201J Fall 2003
Take pictures!
25 28 August 2003

• Coach: David Evans
– Call me “Dave” or “Coach”
– Research areas: security, programming swarms
• Section Leaders
– 10am: Mike Peck
– 11am: Tiffany Nichols
– 12 noon: Leonid Bolotnyy
• Assistant Coaches
– John Franchak
– Joyce Lin
– Katie Winstanley
28 August 2003 CS 201J Fall 2003 26

• Me
– Office Hours: Tuesdays 2:30-3:30pm
– Always available by email, if I don’t reply in 24 hours, send again and complain
• Assistant Coaches
– Staffed lab hours in Small Hall (Sundays 4-7,
Mondays 7-9, Wednesdays 4-6)
• Web site: http://www.cs.virginia.edu/cs201j
– Everything goes on the web
28 August 2003 CS 201J Fall 2003 27

• Experimental Course
– National Science Foundation sponsorship
– Focus on using lightweight analysis tools
– Second time offered
• Counts as CS201, but doesn’t cover everything in CS201
– You will need to learn some things on your own for CS216
28 August 2003 CS 201J Fall 2003 28

• Classroom Pledge is Horrible!
• The whole point of being at a University is so you can:
– Learn from your classmates
– Learn better by teaching your classmates
• READ, sign and return the CS201j
Pledge on Friday
28 August 2003 CS 201J Fall 2003 29

A+ : I would be willing to fly in a plane running software you designed and wrote
A : I would trust you to design and implement important (but not life critical) software
B : I would trust you to manage programmers working on important software
(See syllabus for grading details.)
28 August 2003 CS 201J Fall 2003 30

28 August 2003 CS 201J Fall 2003 31

A. Island in Indonesia known for coffee and volcanoes
B. A Programming Language (Java

)
C. A Portable Low-Level Language (JVML)
D. A Platform (JavaVM)
E. A (semi-)successful marketing strategy
– JavaScript is not related to Java or Java 
F. All of the above
28 August 2003 CS 201J Fall 2003 32


“A simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high-performance, multithreaded, and dynamic language.”
By the end of the course, you should have a good idea if this is a true statement.
[Sun95]
28 August 2003 CS 201J Fall 2003 33

• Syntax
– Similar to C++
– Designed to be easy for C and C++ programmers to learn
• Semantics (what programs mean)
– Similar to Scheme
– Designed to make it easier to reason about properties of programs
28 August 2003 CS 201J Fall 2003 34

C++ Program
Scheme Program
Scheme Interpreter
C++ Compiler
Object Files
Machine
28 August 2003 CS 201J Fall 2003 35

Java Program
Java Compiler
Class Files
Java Virtual Machine
Why use a virtual machine?
• Portability
– If you can implement a Java
VM on your machine, then you can run all Java programs
• Security
– A VM can limit what programs can do to the real machine
• Simplicity
– VM instructions can be simpler than machine instructions
Machine
28 August 2003 CS 201J Fall 2003 36

• Program is divided into classes
• A class:
– Defines a new datatype
– Defines methods and state associated with that datatype
• We call a value of a class datatype an object
– Objects package state and code
28 August 2003 CS 201J Fall 2003 37

• Lots of new concepts, but only a few lines of code
• Implement a class that simulates
Conway’s Game of Life:
– If a cell is alive and it has 2 or 3 live neighbors, it stays alive
– Otherwise it dies (overcrowding or isolation)
– If dead cell has exactly 3 live neighbors, it becomes alive
28 August 2003 CS 201J Fall 2003 38

• This class is about:
– Managing complexity: modularity, abstraction, specification
– Engineering dependability: analysis, redundancy, design
• In Section tomorrow:
– Return CS201J Pledge
– Problem Set 1: read it through before section
• Before 5pm Friday email registration survey
• Before class Tuesday:
– Problem Set 1 Due
28 August 2003 CS 201J Fall 2003 39