TrainingConferencesAbout UsContact UsAdvertiseSQE.comRSS Feed
StickyMinds.com: brain food for building better software

Log In

Search For:
 Clarify Your Search Criteria

Tips on Using Our Search Feature(s)
 
StickyMinds.com Home
ResourcesTopicsCommunityPowerPass
Home  >  Detail: Strike Three - Time for a New Batter



A StickyMinds.com Original
Article Picture
Strike Three - Time for a New Batter

By James A. Whittaker

Send This Content to a FriendGet a Short Link to This ContentPrint This ContentSee User Comments About This Content

Summary: In the past few decades, three “big hitters” have stepped up to the plate of building better software—formal methods, tools, and process improvement initiatives. Unfortunately, they have all struck out, according to James Whittaker in this week’s column. Read on for his critique of these supposed cure-alls and for his call for a new kind of player on the field.


McCabe Software
In the late 1970s the software quality problem was all too apparent. Software was hard to write, hard to maintain, and often failed to meet its requirements. Even at this early stage in the history of software engineering, a move was afoot to correct this problem. Beginning with structured programming, researchers studied better ways to write code. The push for formal methods began. If you’d only do things more formally, the plea went, your code would be better! A few even went so far as to make “zero defects” their Holy Grail. The search was on. Unfortunately, the search still continues. 
 
Following close on the heels of the formal methods advocates were the tool vendors. If you’d only use the right tools, they cried, your code would be better! Many tools have greatly simplified the task of developing software. Development organizations spend hundreds of thousands of dollars on tools. Software is still buggy. 
 
The latest entry into the fray has been the process improvement people. If you’d only work more carefully, they beg, your code would be better! Now our managers are as busy as our developers. Developers not only have software to develop but also make-work reports to write. Software is still buggy. 
 
This article discusses these three “silver bullets” and exposes their Achilles’ heels. I suggest that the answer to the problem must, by definition, be technical—not managerial—in nature. I end by launching the search for a fourth proposal. 
 
Formal Methods 
Formal methods are a great idea. Essentially, they equate programming a computer to solving a math problem. You can go about it using a mixture of creativity, intelligence, and lots of practice solving similar problems. However, there are a couple of problems with formal methods that can’t be overlooked.  
 
First and foremost, software developers won’t use them. This puzzles formal methods advocates to no end. However, it’s fairly plain to the rest of us: no one can show developers just how to apply formal methods. The examples in books and papers are far too simple to scale the ideas to real development problems. Plus, once you get outside your comfort zone, the formal methods fall apart. You remember how you felt when you learned calculus after mastering algebra? Algebra problems were easy because you’d solved hundreds of them. But the methods you used didn’t seem to apply to calculus problems. All the rules had changed. It turns out this same situation plagues software problems too. They can be as different as algebra and calculus. Why should we be surprised that what works on one problem is useless on another? Formal methods don’t scale in software because they don’t scale in mathematics either. 
 
Second, one can use formal methods and still write buggy code. Formal methods don’t address anything but the algorithm. But we all know that an algorithm can be correct on paper but fail on a real computer. The problem is that real computers have space and time limitations, other applications, and very complex operating systems that must be dealt with by code that has nothing to do with the main algorithms of an application. Indeed, code to process inputs and handle errors is often much larger and more complex than the algorithm that actually gets the main work done. There are no formal methods for handling such code.  
 
Formal methods are important, but they will only take you so far toward reliable software. Strike one. 
 
Tools 
Tools can make the software development task much less painful but they cannot guarantee zero defects; in fact, they cannot even guarantee fewer bugs. Since the tools themselves can be buggy, they create one more unknown in a project. When a defect is found, is the product or the tool at fault?  
 
Tools range from simple and indispensable text editors and compilers to more elaborate environments for analysis and design. Very few outrageous claims are made from the developers of editors and compilers—it’s the design tool vendors that corner that market. What’s more valuable to a project anyhow, a nicely drawn E-R diagram or a programmer who’s expert in the target implementation language? Would you buy $100K worth of tools or hire a person who intimately understands the problem domain in which you are involved? Tools are great when used properly, but they can only offer you steep learning curves and limited functionality. Plus, they bring along a whole new set of bugs to worry about: their own.  
 
You see, if tools really were a silver bullet, they wouldn’t be buggy, would they? Strike two. 
 
Process Improvement 
The latest attempt at getting the software quality problem under control has been made by the process improvement people. Obviously, controlling and improving the software development process is in everyone’s best interest. However, since software development is a technical problem and process improvement is a management problem, it simply cannot have a profound effect on quality. Good organizations can produce bad software. Bad organizations can produce good software.  
 
Furthermore, process improvement initiatives are rarely met with enthusiasm from rank-and-file technical people. ISO certification is a pain. SEI assessment is demeaning. Both take away creativity and add management overhead. Heck, part of the joy of working in this field is not being micro-managed. Why would any developer in his or her right mind actually think this is a good idea? 
 
Well, it is a good idea, but it won’t help appreciably with the quality problem. I was once a part of a partnership in which a consulting company that specialized in formal methods was training an SEI level three—on their way to level five—organization. An example code fragment was used extensively throughout the training. Neither the formal methods advocates who wrote the buggy code, nor the mature process organization that studied the code, noticed that it possessed a fatal flaw. Not even during the course of proving the code fragment correct was the bug ever discovered. Why? Because the formal methods people were concerned about math and the process people were concerned about documentation. No one was looking at the code! Fortunately, the test organization was paying attention and the bug was caught.  
 
Management solutions cannot solve technical problems. Strike three. 
 
The Fourth Proposal 
What we need is for someone to come up with silver bullet number four. Except this one shouldn’t be silver. In fact, I think it’s important that proposal number four should be bland-colored, say brown, so that no one really notices it. It shouldn’t be something so revolutionary (as a gold or platinum bullet might be) that it makes no sense and people avoid it. It should be so ordinary that developers can integrate it seamlessly into their normal pattern of design. It should be so straightforward that developers remark “this is simple, what’s the big deal?” Not only should it be these things, it must be in order for it to be used and have some positive industry impact. Otherwise, it’s just more ivory-tower nonsense that real practitioners don’t appreciate. 
 
It turns out that parts of such technology exist, are readily understandable by capable developers, and will not fundamentally change the manner in which software development occurs in an organization. If you are a great developer now, then you’ll still be a great developer. (This is a fear of great developers that keeps them from being strong process advocates. They know they are not great at filling out forms.) If you are a mediocre developer, then perhaps you’ll become better. Either way, it is likely that the code you write will be more understandable and have fewer bugs than it did before. In future installments of this bimonthly column series, I will survey many of the techniques that will one day contribute to the fourth, this time brown, bullet and show how developers and testers can adjust—but not change—their development process to improve quality and maintainability.  
 
It’s time for a new batter.

About the Author
Dr. James A. Whittaker is a professor of computer science and the director of the Center for Information Assurance at Florida Tech. He is author of How To Break Software (Addison-Wesley) and co-author of an upcoming book, How to Break Software Security. His group focuses on highly efficient test techniques and tools for penetration testing. Contact him at jw@cs.fit.edu.

Back to Top 

StickyMinds.com Weekly Column From 1/13/03 

Member Comments
Add Your CommentExpand Comments
 
Comment:    
by Doug Carlton 3/16/2006

All the tools, methods , processes and baseball analogies aside...how many software/system development organizations have reliability requirements?? I truly believe that you get what you expect, inspect and reward and if your product lacks a reliability requirement, why would you expect it to be...reliable? My current employer has been swinging at process improvement curve balls for the last nine years and is batting .000. After each bad season, they fire the latest management team and assign the task to the new hires, all the while knowing that they too will have a poor season. Yet we have thousands of detailed bug reports in our defect...Read On

 
 
Comment:    
by Michael Kuhn 1/15/2003

A solution: Use UML or the accepted software development models of your organization. UML is helping us develop a quality system focussed on the problems identified by our domain experts. Requirements traceability helps the engineers understand the source and goals of activities be it regulatory, ISO or SEI CMM. Plus, by using the same processes the engineers are required to use, we better recognize areas needing refinement to improve effectiveness. Using accepted engineering practices to implement regulatory, ISO and SEI CMM requirements establishes that the process group believes the accepted practices are useful and not an exercise in...Read On

 
 
Comment:    
by Tereus Scott 1/15/2003

You have touched on a number of issues that have troubled me over the years. Each of the methods you mention seem to have limited applicability, but none are a "silver bullet". I have applied techniques in each of these areas with some limited success, but they were very specific to the type of program being developed and tested. It seems to me that any general method must start from what I think of as a fundamental truth (some would disagree with me). It is impossible for any significant software project, to be both the developer and the tester. In other words, you can not test your own code. I think the reason is that when...Read On

 
 
Comment:    
by Christine Sajen 1/15/2003

Each of these solutions, on its own and used in a vacumn, could legitemnately be considered a strike out. Calling all of them strike outs, is negating the many benefits each brings to the software development process. The key is in selecting and supporting the appropriate combination of tools, formal methods and process improvement strategies. As for securing support and active participation from developers, testers and other IT professionals, its not like flipping a switch. However, when the right approach is taken, and metrics are used to demonstrate the successes, its a natural evolution.

 
 
Comment:    
by John Lyons 1/15/2003

"Software has been uniformly buggy despite years of efforts in formal methods, tools and process." So defect density hasn't changed much, but the size and complexity has grown tremendously. Perhaps the current (and historical) level of defect density is acceptable in exchange for the increasing sophistication of our applications. After all, customers do spend money on buggy software. "Formal methods are wonderful". Similar to the goal of generating applications directly from requirements. The bottom line is that somewhere in the process, there is a transition from human thoughts to computer representation. You can not remove the human from...Read On

 
 
Comment:    
by Tek Wallah 1/14/2003

This is as clear and accurate a picture of the current state of software development as I’ve seen in a very long time. In my experience all the best developers have created their own ways of building quality software consistent with their particular abilities and personalities. I’m doubtful that there is any fourth method that will work for software developers in general, but I will certainly be back to read the next part of Dr Whittaker’s thesis.

 
 
Comment:    
by Joe Strazzere 1/14/2003

It's no surprise that you often strike out if you are only looking to hit home runs! Methods, tools, and processes can all yield singles, doubles and occasional stolen bases when used wisely. Software is hard work, and it is buggy. It will always be hard work - but hopefully less buggy if these misnamed "big-hitters" are used judiciously and with the proper expectations. I'm not sure I believe any new batter/great technological leap will have every one hitting grand slams any time in the foreseeable future - even if it is painted brown.

 
 
Comment:    
by Ed Weller 1/14/2003

In basebal, if all you can hit is a fastball, you eventually strike out. Same if you are a "one pitch hitter" for any pitch. Extending Jim's baseball analogy, if all you are good at is tools, formal methods, or process, the "opposition pitcher" will eventually strike you out, as your skills do not cover the range needed to be successful. Perhaps the real silver bullet is in recognizing there is no silver bullet, but there are plenty of "non-silver bullets" to solve parts of the problem, and in balance, if properly used, we can solve (most of) our problem(s). Good process (inspections, test planning from the start of the project,...Read On

 
 
Comment:    
by Joyce Walton 1/14/2003

A quick note, software is also becoming far more complex and taking over a majority of any project since these three ideas began. Software development is absolutely responsible for reporting to management because it affects the bottom line. Period. As stated in some of the readers comments, a lot of times, process improvements include moving management out of the way so the "real" work can be done--nothing funnier than watching a "hardware" project manager trying to understand a coding problem during a status meeting.

 
 
Comment:    
by Frank Gorham 1/14/2003

Methods, tools and process succeed to the extent that they inform the developer. They fail when they attempt to manage the developer. Defects are created by the developer when he or she does not 'know' what he is doing. Any effort that increases the developer's knowledge of what he is creating will reduce flaws. RM succeeds when it makes requirements clearer to the developer. Structured programming succeeds when it helps the developer understand abstract nature of his programs. Version management succeeds when the developer knows that his change went in and was tested. Code reviews succeed when developers learn more about the language they...Read On

 
 
Comment:    
by WayneR Richards 1/14/2003

I agree totally with Becky Ellis. Those are my semtiments exactly !!! After years of live fire from both testing & management perspectives, I can state emphatically that Becky's reply is right on !!!! The "Brown" bullet that James Wittaker alludes to MUST advocate the 6 month plan required for the infamous "Time to Market" window that Developers & SQA professionals align themselves with - Wayne Richards

 
 
Comment:    
by Jon Hagar 1/14/2003

In looking for a facet of the forth, we will need to address communication and understanding. Each of the three strikes tried to address comm and understanding. Software involves a language where we are trying to communicate our understanding of a problem solution to a machine. The problem must also be understood by all parties and then the solution must be understood too. "Parties" include the machine, developers (the whole team including management), outside parties, and users/customers. Ideas in Agile methods try to involve all the parties. In my mind baseball is a poor analogy as only one person can bat at a time. Brown is the...Read On

 
 
Comment:    
by Darryl Hurmi 1/14/2003

All three of these methods of improving quality have had some success and if used will improve the quality of the software, but the real issue is why they improve the product. In all cases they make the programmer think before he or she codes. Formal methods make them think about the code they will write, Tools make them think about the Syntax they will use, And process makes them think about the external factors that will effect there code. The key word here is THINK, over the last quarter century the best programmers that I have worked with have been the best thinkers. They think about their code, they think about their cutomers, they...Read On

 
 
Comment:    
by Alexander McKenzie 1/14/2003

Interesting article with some thought provoking points that are well taken, but after having been in this business for over 35 years I have seen this or should I say these problems repeated often. In my opinion the root of these problems can be in almost all cases traced back to poor documentation...namely inadequate or downright faulty user requirements. I have been a testing manager for over twelve of the last 35 years and I see little quality documentation coming out of the development area. That's not to say things haven't improved since our organization achieved CMM level 2 in the last few months so our improved processes and procedures...Read On

 
 
Comment:    
by Daniel SUCIU 1/14/2003

I’m not an expert in any of these areas, but I have some knowledge, training and experience which allow me making some common sense comments: - In the beginning of these article, the author refer to these areas as “silver bullets”, (with quotes): “This article discusses these three “silver bullets” and exposes their Achilles’ heels…”, But during conclusions he renounces to quotes: “What we need is for someone to come up with silver bullet number four. “ As far as I know none of these methods were seen as silver bullets (with or without quotes). In fact, at the beginning of a Six Sigma training, as well as a Rational tools training we...Read On

 
 
Comment:    
by Jacob Widjaja 1/13/2003

All the 3 areas discussed and to a certain degree the forth proposal do not address the human factor, the skill of the Analysts and Developers. If only we reward developers producing fewer bug, that is putting that "bag of grey matter" into the equation rather than punishing every developers good or bad with more processes and inappropriate methodologies. Until then, there is not real incentive to excel.

 
 
Comment:    
by Becky Ellis 1/13/2003

This assumes a pretty narrow, unnecessarily adversarial definition of both management and technical worlds. But I suspect there's nothing to be gained by shooting either group at dawn. The article also assumes that a process or practice poorly implemented is in itself bad, which is quite a leap of logic. Generally, the role of management and leadership is to set goals and direction, and to enable the folks with technical know-how to do their best work. Enabling can, in some cases, mean merely getting out of the way; it can also mean introducing processes or tools to ensure that what is done is done right (and is the right thing to be...Read On

 
 
Comment:    
by Tammy Hoganson 1/13/2003

I think the search for so-called silver bullets is at the root of the problem... :-) They simply don't exist.

 
 
Comment:    
by Erik Van Linstee 1/13/2003

If formal methods can help you find solutions, and tools can help you implement them, and process improvement can help you stay on track better, then there is one significant factor still missing that should be part of that brown bullet. That is setting the right goals in the first place. Besides all other minor problems that probably also occur in every other human effort, trying to solve the wrong problems and building the wrong products seems to be a major factor. Setting and maintaining the 'right' goals should not only make it easier to stay on track, it should also make it easier to select the path of least resistence. I think...Read On

 
 
Comment:    
by Gene Fellner 1/13/2003

The article illustrates the problem. “Since software development is a technical problem and process improvement is a management problem, it simply cannot have a profound effect on quality.” This 1960s-era attitude--that management and technology exist in separate universes--IS the problem. Unrealistic schedules and inattention to any project phase that doesn’t involve coding are major reasons for poor quality. “Good organizations can produce bad software. Bad organizations can produce good software.“ Spoken in binary by a typical IT manager who at heart is still a techie. ”Process improvement initiatives are rarely met with enthusiasm from...Read On

 
 
Comment:    
by Gerold Keefer 1/13/2003

james, we did not so bad in the last years. the standish group chaos report tells us that the project success rate has improved. we certainly experience a pesticide paradox: we solved old problem classes, but new problem classes appear and the level of expectations is continuously rising. my contribution: introduce simple, stepwise personal practices (basically following the PSP) with "measureability" built in. have a look at http://www.stickyminds.com/getfile.asp?ot=XML&id=3640&fn=XDD3640filelistfilename1%2Epdf. best regards!

 
 
Comment:    
by edA-qa mort-ora-y 1/13/2003

I think your notion of the fourth proposal almost defines why all the other silver bullets simply fail, and why so many software related items fail in general: all these /improvements/ and /techniques/ require radical changes in behaviour and typically propound the "right way" to do things. Far too often do I see behaviours/benefits lists where I agree with items 1-9 and then item 10 is along the lines of, "oh, and also don't do this, because we really hate that, and we don't want people doing that anymore" and then points 11 through 20 build on that making the system useless. // So I think we'll see many more batters that strike out, but...Read On

 
Back to Top


Marketplace

RESOLVE SUPPORT ISSUES from your Desktop!
Minimize downtime with a remote support solution that lets you resolve issues right from the desktop

See how EASY REMOTE SUPPORT can be. Try WebEx FREE!
DELIVER SUPPORT MORE EFFICIENTLY. Remotely Control Applications. Leap Securely through Firewalls!

SOLVE SUPPORT ISSUES on the First Call!
REMOTELY CONTROL AND CONFIGURE SYSTEMS. Easily install applications, updates. All from your Desktop!

Census: Web-based Bug Tracking and Defect Tracking
Track software bugs, defects, enhancements, support calls, and more. Issue tracking software that is scaleable, fully customizable and integrated with VSS. Includes e-mail notifications, role-based workflow, change history, and Crystal reporting.

TAKE CONTROL OF REMOTE COMPUTERS
Support, configure and install applications and updates remotely for greater efficiency.

Get your product or service listed here.
Subscribe to Better Software Magazine
Subscribe to Better Software Magazine

First Name:

Last Name:

Email Address:


Home   |   Resources   |   Topics   |   Community   |   PowerPass



© 2008 StickyMinds.com. All rights reserved.
StickyMinds.com is a division of Software Quality Engineering.
Privacy Policy    Terms & Conditions    Link to StickyMinds.com    Feedback
Software Quality Engineering

AccuRev



Better Software Conference & EXPO 2008