Program

The slides of the talks can be accessed by clicking on the symbol   next to each program item, the corresponding video recording by clicking on .

Monday, 22 November 2010
ETH Main Building (HG), Room F 30 (Audi Max)

9:00–10:30 Session 1
Session chair: Sebastian Nanz

• Engineering and Software Engineering
  Michael A. Jackson    
  
  → Abstract The phrase 'software engineering' has many meanings. One central meaning is the reliable development of dependable computer-based systems, especially those for critical applications. This is not a solved problem. Failures in software development have played a large part in many fatalities and in huge economic losses. While some of these failures may be attributable to programming errors in the narrowest sense—a program's failure to satisfy a given formal specification—there is good reason to think that most of them have other roots. These roots are located in the problem of software engineering rather than in the problem of program correctness. The famous 1968 conference was motivated by the belief that software development should be based on "the types of theoretical foundations and practical disciplines that are traditional in the established branches of engineering." Yet after forty years of currency the phrase 'software engineering' still denotes no more than a vague and largely unfulfilled aspiration. Two major causes of this disappointment are immediately clear. First, too many areas of software development are inadequately specialised, and consequently have not developed the repertoires of normal designs that are the indispensable basis of reliable engineering success. Second, the relationship between structural design and formal analytical techniques for software has rarely been one of fruitful synergy: too often it has defined a boundary between competing dogmas, at which mutual distrust and incomprehension deprive both sides of advantages that should be within their grasp. This paper discusses these causes and their effects. Whether the common practice of software development will eventually satisfy the broad aspiration of 1968 is hard to predict; but an understanding of past failure is surely a prerequisite of future success.


• Seamless Method- and Model-based Software and Systems Engineering
  Manfred Broy    
  
  → Abstract Today engineering software intensive systems is still more or less handicraft or at most at the level of manufacturing. Many steps are done ad-hoc and not in a fully systematic way. Applied methods, if any, are not scientifically justified, not justified by empirical data and as a result carrying out large software projects still is an adventure. However, there is no reason why the development of software intensive systems cannot be done in the future with the same precision and scientific rigor as in established engineering disciplines. To do that, however, a number of scientific and engineering challenges have to be mastered. The first one aims at a deep understanding of the essentials of carrying out such projects, which includes appropriate models and effective management methods. What is needed is a portfolio of models and methods coming together with a comprehensive support by tools as well as deep insights into the obstacles of developing software intensive systems and a portfolio of established and proven techniques and methods with clear profiles and rules that indicate when which method is ready for application. In the following we argue that there is scientific evidence and enough research results so far to be confident that solid engineering of software intensive systems can be achieved in the future. However, yet quite a number of scientific research problems have to be solved.

10:30–11:00 Coffee break

11:00–13:15 Session 2
Session chair: Andreas Zeller

• Precise Documentation: The Key to Better Software
  David Lorge Parnas    
  
  → Abstract The prime cause of the sorry "state of the art" in software development is our failure to produce good design documentation. Poor documentation is the cause of many errors and reduces efficiency in every phase of a software product's development and use. Most software developers believe that "documentation" refers to a collection of wordy, unstructured, introductory descriptions, thousands of pages that nobody wanted to write and nobody trusts. In contrast, Engineers in more traditional disciplines think of precise blueprints, circuit diagrams, and mathematical specifications of component properties. Software developers do not know how to produce precise documents for software. Software developments also think that documentation is something written after the software has been developed. In other fields of Engineering much of the documentation is written before and during the development. It represents forethought not afterthought. Among the benefits of better documentation would be: easier reuse of old designs, better communication about requirements, more useful design reviews, easier integration of separately written modules, more effective code inspection, more effective testing, and more efficient corrections and improvements. This paper explains how to produce and use precise software documentation and illustrate the methods with several examples.


• Design Patterns – Past, Present & Future
  Erich Gamma    
  
  → Abstract Design Patterns are now a 15 year old thought experiment. And today, for many, Design Patterns have become part of the standard development lexicon. This talk looks back to the origin of Design Patterns and how they evolved since their initial description. I will then show patterns in action in the context of the Eclipse and Jazz platforms. Finally, I will discuss how the Design Patterns from the book can be refactored towards a Design Pattern 2.0 version.


• Internet Evolution and the Role of Software Engineering
  Pamela Zave    
  
  → Abstract The classic Internet architecture is a victim of its own success. Having succeeded so well at empowering users and encouraging innovation, it has been made obsolete by explosive growth in users, traffic, applications, and threats. For the past decade, the networking community has been focused on the many deficiencies of the current Internet and the possible paths toward a better future Internet. This paper explains why the Internet is likely to evolve toward multiple application-specific architectures running on multiple virtual networks, rather than having a single architecture. In this context, there is an urgent need for research that starts from the requirements of Internet applications and works downward toward network resources, in addition to the predominantly bottom-up work of the networking community. This paper aims to encourage the software-engineering community to participate in this research by providing a starting point and a broad program of research questions and projects.

13:15–14:30 Lunch (Dozentenfoyer)

14:30–16:00 Session 3
Session chair: Yuri Gurevich

• Some Future Software Engineering Opportunities and Challenges
  Barry Boehm    
  
  → Abstract This paper provides an update and extension of a 2006 paper, "Some Future Trends and Implications for Systems and Software Engineering Processes," Systems Engineering, Spring 2006. Some of its challenges and opportunities are similar, such as the need to simultaneously achieve high levels of both agility and assurance. Others have emerged as increasingly important, such as the challenges of dealing with ultralarge volumes of data, with multicore chips, and with software as a service. The paper is organized around eight relatively surprise-free trends and two "wild cards" whose trends and implications are harder to foresee. The eight surprise-free trends are:
  
  1. Increasing emphasis on rapid development and adaptability;
  2. Increasing software criticality and need for assurance;
  3. Increased complexity, global systems of systems, and need for scalability and interoperability;
  4. Increased needs to accommodate COTS, software services, and legacy systems;
  5. Increasingly large volumes of data and ways to learn from them;
  6. Increased emphasis on users and end value;
  7. Computational plenty and multicore chips;
  8. Increasing integration of software and systems engineering;
  
  The two wild-card trends are:
  
  9. Increasing software autonomy; and
  10. Combinations of biology and computing.


• Computer Science: A Historical Perspective and a Current Assessment
  Niklaus Wirth    
  
  → Abstract We begin with a brief review of the early years of Computer Science. This period was dominated by large, remote computers and the struggle to master the complex problems of programming. The remedy was found in programming languages providing suitable abstractions and programming models. Outstanding was the language Algol 60, designed by an international committee, and intended as a publication language for algorithms. The early period ends with the advent of the microcomputer in the mid 1970s, bringing computing into homes and schools. The outstanding computer was the Alto, the first personal computer with substantial computing power. It changed the world of computing.
  
  In the second part of this presentation we consider the current state of the field and the shift of activities towards applications. Computing power and storage capacity seem to be available in unprecedented abundance. Yet there are applications that ask for even faster computers and larger stores. This calls for a new focus on multiprocessing, on systems with hundreds of processes proceeding concurrently. The invention of programmable hardware opens new possibilities for experimentation and exploring ways to design new architectures. Codesign of hardware and software becomes mandatory. The days of the general purpose von Neumann architecture seem to come to an end.
  
  Finally, we will look at the present state of the art, the problems and the tools with which the engineer finds himself confronted today. Not only have computers become faster and storage bigger, but the tasks have become accordingly more demanding. The mass of tools has grown, programming is based on huge libraries, and the environments appear monstrously complicated and obscure. The most basic instruments, programming languages, have not improved. On the contrary, outdated languages dominate. They, and their tools, belong to the apparently irreplaceable legacy, and sometimes it seems that we have learnt little from the past. What can we do?

16:00–16:30 Coffee break

16:30–18:00 Session 4 & Panel discussion I
Session chair: Rustan Leino

• Panel discussion I
  Panelists: Barry Boehm, Manfred Broy, Erich Gamma, Michael A. Jackson, David Lorge Parnas, Niklaus Wirth, Pamela Zave  

19:30–23:00 Apéro and Dinner at Zunfthaus zur Waag, Zurich

Tuesday, 23 November 2010
ETH Main Building (HG), Room F 30 (Audi Max)

9:00–10:30 Session 5
Session chair: Erich Gamma

• Logical Abstract Domains and Interpretations
  Patrick Cousot (with Radhia Cousot and Laurent Mauborgne)    
  
  → Abstract We give semantic foundations to abstract domains consisting in first order logic formulae in a theory, as used in verification tools or methods using SMT-solvers or theorem provers. We exhibit conditions for a sound usage of such methods with respect to multi-interpreted semantics and extend their usage to automatic invariant generation by abstract interpretation.


• Tools and Behavioral Abstraction: A Direction for Software Engineering
  Rustan Leino    
  
  → Abstract As in other engineering professions, software engineers rely on tools. Such tools can analyze program texts and design specifications more automatically and in more detail than ever before. While many tools today are applied to find new defects in old code, I predict that more software-engineering tools of the future will be available to software authors at the time of authoring. If such analysis tools can be made to be fast enough and easy enough to use, they can help software engineers better produce and evolve programs.
  
  A programming language shapes how software engineers approach problems. Yet the abstraction level of many popular languages today is not much higher than that of C programs several decades ago. Moreover, the abstraction level is the same throughout the program text, leaving no room for \emph{behavioral abstraction} where the design of a program is divided up into stages that gradually introduce more details. A stronger arsenal of analysis tools can enable languages and development environments to give good support for behavioral abstraction.

10:30–11:00 Coffee break

11:00–13:15 Session 6
Session chair: Pamela Zave

• Component-based Construction of Heterogeneous Real-time Systems in BIP
  Joseph Sifakis    
  
  → Abstract We present a framework for the component-based construction of real-time systems. The framework is based on the BIP (Behaviour, Interaction, Priority) semantic model, characterized by a layered representation of components. Compound components are obtained as the composition of atomic components specified by their behaviour and interface, by using connectors and dynamic priorities. Connectors describe structured interactions between atomic components, in terms of two basic protocols: rendezvous and broadcast. Dynamic priorities are used to select amongst possible interactions -- in particular, to express scheduling policies.
  
  The BIP framework has been implemented in a language and a toolset. The BIP language offers primitives and constructs for modelling and composing atomic components described as state machines, extended with data and functions in C. The BIP toolset includes an editor and a compiler for generating from BIP programs, C++ code executable on a dedicated platform. It also allows simulation and verification of BIP programs by using model checking techniques.
  BIP supports a model-based design methodology involving three steps:
  
  - The construction of a system model from a set of atomic components composed by progressively adding interactions and priorities.
  
  - The application of incremental verification techniques. These techniques use the fact that the designed system model can be obtained by successive application of property-preserving transformations in a three-dimensional space: Behavior x Interaction x Priority.
  
  - The generation of correct-by-construction distributed implementations from a BIP model. This is achieved by source-to-source transformations which preserve global state semantics.
  
  We present the basic theoretical results about BIP including modelling interactions by using connectors, modelling priorities, incremental verification and expressiveness. We also present two examples illustrating the methodology as well as experimental results obtained by using the BIP toolset.
  Further information is available at: http://www-verimag.imag.fr/BIP,196.html


• Evidential Authorization
  Yuri Gurevich (with Andreas Blass, Michal Moskal, and Itay Neeman)    
  
  → Abstract Consider interaction of principals where each principal has its own policy and different principals may not trust each other. In one scenario the principals could be pharmaceutical companies, hospitals, biomedical labs and health related government institutions. In another scenario principals could be navy fleets of different and not necessarily friendly nations. In spite of the complexity of interaction, one may want to ensure that certain properties remain invariant. For example, in the navy scenario, each fleet should have enough information from other fleets to avoid unfortunate incidents. Furthermore, one wants to use automated provers to prove invariance. A natural approach to this and many other important problems is to provide a high-level logic-based language for the principals to communicate. We do just that. Three years ago two of us presented the first incarnation of Distributed Knowledge Authorization Language (DKAL). Here we present a new and much different incarnation of DKAL that we call Evidential DKAL. Statements communicated in Evidential DKAL are supposed to be accompanied with sufficient justifications. In general, we construe the term "authorization" in the acronym "DKAL" rather liberally; DKAL is essentially a general policy language. There is a wide spectrum of potential applications of DKAL. One ambitious goal is to provide a framework for establishing and maintaining invariants.


• Mining Specifications: A Roadmap
  Andreas Zeller    
  
  → Abstract Recent advances in software validation and verification make it possible to widely automate whether a specification is satisfied. This progress is hampered, though, by the persistent difficulty of writing specifications. Are we facing a "specification crisis"? In this paper, I show how to alleviate the burden of writing specifications by reusing and extending specifications as mined from existing software and give an overview on the state of the art in specification mining, its origins, and its potential.

13:15–14:30 Lunch (Dozentenfoyer)

14:30–16:00 Session 7 & Panel discussion II
Session chair: Michael A. Jackson

• Concurrent Programming Is Easy
  Bertrand Meyer    
  
  → Abstract Software engineering of the future, it is widely agreed, will be concurrent: as Moore's law comes to an end, the only path to continued progress is to use highly parallel architectures. It is also widely held that this change of architecture requires a change of mindset: programmers must learn to "think parallel". The talk departs from this second assumption. Using the advent of concurrent architectures to force a radical departure from highly successful models of programming, in particular object technology, is not possible, not useful, and not desirable. The talk presents an approach to concurrency, based on the SCOOP model of concurrent object-oriented programming, that allows programmers to take advantage of concurrency while retaining the methods and disciplines that have permitted the tremendous success of programming technology over the past decades.


• Panel discussion II
  Panelists: Patrick Cousot, Yuri Gurevich, Rustan Leino, Bertrand Meyer, Andreas Zeller  

16:00–16:30 Coffee & End of Symposium

Note: The talk of Dieter Rombach had to be cancelled due to illness.