Software Engineering

1
Software Engineering
Dr Ian Reid B4, 4 lectures, Hilary Term
http//www.robots.ox.ac.uk/ian/Teaching/SoftEng
2
Software Engineering vs structured programming

• Not really a course about software engineering
• Software engineering
• Mostly about concepts,
• Structured programming
• Revision, coding in C and Matlab, functions
• Data structures
• structures, classes
• Object oriented programming
• objects, object-oriented concepts like
  inheritance, polymorphism, patterns and the
  standard template library

3
Learning Outcomes

• The course will aim to give a good understanding
  of basic design methods, and emphasize the need
  to produce well-structured maintainable computer
  software. The course will concentrate on
  principles, but these will be reinforced with
  examples in Matlab and C/C programming
  languages. Specifically, by the end of the
  course students should
• understand concepts of basic program design
  techniques that can be applied to a variety of
  programming languages, in particular Matlab and
  C/C
• understand the need for structured programming in
  software projects
• be able to recognise and to produce and/or
  maintain well structured programs
• have a basic understanding of the role of and
  advantages of object oriented design

4
Texts

• Sommerville, Software Engineering, Addison-Wesley
  (8th edition), 2007.
• Wirth, Algorithms Data Structures Programs,
  Prentice-Hall, 1975
• Leveson, Safeware System Safety and Computers,
  Addison-Wesley, 1995.
• Lipmann and Lajoie, C Primer, Addison-Wesley,
  2005.
• Goodrich et al., Data structures and algorithms
  in C, Wiley, 2004

5
The Role of Computing in Engineering

• Computing is ubiquitous in engineering. Why?
• Awesome speed of modern, everyday computers a
  makes complicated analysis and simulation
  possible across all domains.
• Applications in design and modelling. Far beyond
  the reach of the mortal human engineer. Indeed
  many modelling problems are utterly infeasible
  without modern computers and software.
• In embedded systems, computers can provide a
  level of power, speed, flexibility and control
  not otherwise possible (eg mobile phone)
• Computing is cheap (but exercise this argument
  with care)
• Software is the key

some examples
6
Example mobile phone

• Even simple mobile phones rely on software
• Typical phone has a microcontroller (SIM card)
  with a small program
• Drive GUI
• Control devices (keypad, microphone, a/d, dsp,
  decoder)

7
Example Sizewell B

• Nuclear power station (PWR), onstream in 1995
• Software used extensively in the design
• Software for control!
• first UK reactor to use software in its Primary
  Protection System)

8
Example A380

• A380
• 1400 separate programs
• There is a software project just to manage all
  the software!
• Clearly safety-critical features of the software

9
Example NPfIT

• NHS National Plan for IT
• Plan to provide electronic care records for
  patients
• Connect 30000 GPs and 300 hospitals
• Provide secure access to records for healthcare
  professionals
• Provide access for patients to their own records
  via Healthspace

10
Software engineering versus programming

• Software engineering is about more than just
  programming/coding
• It is about design principles and methodologies
  that yield programs that are
• Robust
• Manageable
• Reusable

11
Software vs other engineering

• How is software engineering similar to other
  engineering?
• Abstraction and Modularity
• Consider free-body diagram
• Thevenin/Norton
• Low output impedance / High input impedance
• Digital computer
• We return to these concepts later

12
Abstraction free-body diagram
13
Modularity Op-amp buffer

• Unity gain buffer
• Vout Vin
• Very high input impedance, very low output
  impedance

14
Software vs other engineering

• How is software different to other engineering?
• Pure, weightless, flexible
• Capacity to incorporate massive complexity
• No manufacturing defects, corrosion, aging

15
Intrinsic difficulties with software

• Analogue versus discrete state systems
• The curse of flexibility
• Can encourage unnecessary complexity
• Redefinition of tasks late in development
  shifting goal-post
• Complexity and invisible interfaces
• Standard way of dealing with complexity is via
  modularity
• But this alone is not enough because interfaces
  can be subtle and invisible, and here too there
  is a need to control complexity
• Historical usage information
• Unlike physical systems, there is a limited
  amount of experience about standard designs

16
When software projects go wrong

• A320, Habsheim and Strasbourg

17
When software projects go wrong

• London Ambulance Service
• 1992, computerised ambulance despatch system
  fails
• Therac-25
• 2 people died and several others exposed to
  dangerous levels of radiation because of
  software flaws in radiotherapy device
• OSIRIS
• 5M University financial package
• Expenditure to date more like 20-25M
• NPfIT?
• NHS 12 billion IT project
• comp.risks is a great source of others...

18
NHS National programme for IT NPfIT

• Plan to provide electronic care records for
  patients
• Connect 30000 GPs and 300 hospitals
• Provide secure access to records for healthcare
  professionals
• Provide access for patients to their own records
  via Healthspace

• Laudable?
• Realistic?
• Software Engineering specialists have their
  doubts
• Ross Anderson (Prof of Security Engineering,
  Cambridge Computing Laboratory) wrtes in his blog
  I fear the whole project will just continue on
  its slow slide towards becoming the biggest IT
  disaster ever.

19
Software life-cycle

• Software development stages
• Specification
• Design
• Implementation
• Integration
• Validation
• Operation/Maintenance/Evolution
• Different types of system organise these generic
  activities in different ways
• Waterfall approach treats them as distinct stages
  to be signed off chronologically
• In practice usually an iteration of various steps

20
Requirements

• Vague initial goals
• Iterative refinement
• Leading to more precise specification
• Example
• Calculate the n-bounce trajectory of a lossy
  bouncing ball.
• Refine this to consider
• What does the statement actually mean?
• Physics
• Initial conditions
• Air-resistance?
• Stopping criterion (criteria)?
• Now, think about how to design/implement

21
Validation/Verification

• Verification does the system confirm to spec?
• Validation does it actually do what it was
  supposed to?
• Top-down vs bottom-up testing
• Black-box vs white-box testing
• Impossibility of exhaustive testing

22
Extreme programming (XP)

• Proposed in the late 90s as a reaction to
  problems with traditional development processes
• Takes extreme position compared with waterfall
  approach
• Appropriate for small-medium sized projects
• Teams of pairs of programmer, programming
  together
• Incremental development, frequent system releases
• Code constantly refined, improved, made as simple
  as possible
• Do not design for change instead change
  reactively

23
Top down design

• Here want to keep in mind the general principles
• Abstraction
• Modularity
• Architectural design identifying the building
  blocks
• Abstract specification describe the
  data/functions and their constraints
• Interfaces define how the modules fit together
• Component design recursively design each block

24
Modular design
Algorithms
Data structures
Programs

• Procedural programming focus on algorithms
• Object-oriented programming focus on data
  structures

25
Structured programming

• Top-down vs bottom-up
• Both are useful as a means to understand the
  relations between high-level and low-level views
  of a program
• Top-down
• Code high level parts using stubs with assumed
  functionality for low-level dependencies
• Iteratively descend to lower-level modules
• Bottom-up
• Code and test each low-level component
• Need test harness so that low-level can be
  tested in its correct context
• Integrate components
• Not hard-fast rules combination often best

26
Simple design tools

• Flow chart

• Pseudo-code
• Wait for alarm
• Count 1
• While (not ready to get up and count lt 3)
• Hit snooze button
• Increment count
• Climb out of bed

27
Data flows

• Data flow diagram
• Simple example, VTOL simulator

28
Simple design tools

• State diagram

29
Basic coding techniques

• Pretty much any program can be specified using
• Sequences of instructions
• Do A Do B Do C
• Conditional instructions
• If (condition) Do A
• Repetitions (loops)
• While (condition) Do A
• These semantic concepts are implemented in
  different high-level programming languages using
  different syntax

30
Implementation in Matlab and C
N 10 tot 0 totsq 0 for i1N tot
toti totsq totsqi2 end tot totsq
int i int tot 0 int totsq 0 for (i1
iltN i) tot i totsq ii cout
ltlt tot ltlt endl cout ltlt totsq ltlt endl
31
Notes on coding style

• Use meaningful variable names
• Use comments to supplement the meaning
• Indent code for each block/loop
• Encapsulate groups of statements sensibly in
  functions
• Encapsulate related data sensibly in data
  structures
• Design top down
• Code bottom-up or top-down, or a combination

32
Matlab vs C

• Matlab and C are both procedural languages
• Matlab is an interpreted language
• each statement decoded and executed in turn
• C is a compiled language
• each module (.c file) is converted into assembly
  language
• The interfaces between the modules are
• Shared global data
• Function calls from one module to another
• This is resolved at link time when the modules
  are linked together into an executable

33
Procedural programming

• Aim is to break program down into functional
  units
• procedures or functions
• Set of inputs, set of outputs
• In Matlab and C this procedural building block is
  the function
• Understanding functions

34
Organisation of Matlab programs

• A Matlab program may be a script or function
• i.e. a sequence of instructions
• This script or function will typically call a
  bunch of other functions
• Functions are stored in .m files
• Multiple functions can be stored in one .m file,
  but only first is visible outside
• The others are local functions
• Part of the recursive subdivision of the problem

35
Matlab file organisation
FUNC.m
foo.m
bar.m
bar
36
Organisation of C programs
Source code
Source code
..
.c .cc
.c .cc
compilation
compilation
Object file
Object file
..
.o
.o
linking
executable
37
Functions

• Function definition
• Function call
• Function prototype
• Scope (local versus global data)
• Parameters and return value(s)
• Function call
• Low-level implementation of function calls
• Recursion

38
Function definition
compute factorial function z fact(n)
function body z 1 for i1n z zi end
// compute factorial int fact(int n) int i,
val 1 for (i1 iltn i) val
i return val
39
Function call

• Distinguish between
• The function definition
• Defines the set of operations that will be
  executed when the function is called
• The inputs
• The outputs
• And the function call
• i.e. actually using the function
• Formal vs Actual parameters
• Return value(s)
• The value of a function evaluation is the return
  value

fact(10) a 6 z fact(a) V,D eig(A)
40
Function prototype

• The function prototype provides enough
  information to the compiler so that it can check
  that it is being called correctly
• Defines the interface
• Input (parameter), output (return value)

myexp.c file float myexp(float x) const
float precision 1.0e-6 float term1.0,
res0.0 int i0 while (fabs(term)gtprecisio
n) res term i term
pow(x,i)/fact(i) return res
myexp.h file float myexp(float x)
41
Scope local variables

• Variables which are declared inside a function
  are local variables
• They cannot be seen outside the function
  (block) in which they are declared
• A local variable exists only for the duration of
  the current function execution
• It is declared as a new variable every time the
  function is called
• It ceases to exist when the function returns
• It does not remember its value between calls

42
Scope global variables

• Global variables exist outside all functions
• A global variable is visible inside functions
• If there exist two variables, one local, one
  global, with the same name, then the local one
  takes precedence within its local scope
• C and Matlab behave differently
• C will use a global if no local exists
• Matlab only uses a global if the programmer
  explicitly requests it
• Globals should be used with caution because their
  use inside a function compromises its
  encapsulation

43
Encapsulation

• Want the function to behave in the same way for
  the same inputs
• encapsulate particular functional relationship
• But if the function depends on a global it could
  behave differently for the same inputs
• Live example using myexp

44
Function encapsulation
45
Side-effects

• Could set value of a global variable in a
  function
• Again this compromises the functions
  encapsulation
• Causes a side-effect
• An implicit output, not captured by the interface
  
• Makes it difficult to re-use code with confidence
• c.f. C and Matlab function libraries
• Set of re-usable routines with well defined
  interfaces
• In small projects maybe not a big problem
• Hugely problematic in bigger projects, especially
  when multiple programmers working as a team
• Complicates interfaces between components,
  possibly in unintended ways

46
Low-level implementation of function call
Memory
CODE
machine code
DATA
global variables
local variable m

local variable 1
return location
parameter x

Activation record
parameter 1
return value n
STACK

return value 1
47
Pass by value/reference
int i5, j10 swap(i,j) cout ltlt i ltlt ltlt j
ltlt endl
Pass by value
Pass by reference
void swap(int a, int b) int temp a a
b b temp return
void swap(int a, int b) int temp a a
b b temp return
48
Recursion

• Recursion is the programming analogue of
  induction
• If p(0) and p(n) implies p(n1)
• Then p(n) for all n
• Define a function in terms of
• Itself
• Boundary conditions
• For example
• Factorial n! n (n-1)!, 0! 1

49
Recursion example factorial

• Live demo

50
Data types and data structures

• C/C predefine a set of atomic types
• bool, char, int, float, double
• C/C provides machanism for building compound
  data structures
• struct (class)
• Array
• Matlab supports arrays/matrices (of course)
• Matlab also supports structures

51
C/C struct and class

• A class (struct in C) is a compound data type
  which encapsulates related data into a single
  entity
• class Complex
• public
• double re, im
• Defines how a variable of this type will look
• int i
• Complex z

Class definition
Create a variable (an instance) of this type
52
Example VTOL state

• Represent current state as, say, a triple of
  numbers and a bool, (position, velocity, mass,
  landed)
• Single variable represents all numbers
• Better abstraction!
• class State
• double pos, vel, mass
• bool landed
• State s

53
Accessing class members

• State s
• s.pos 1.0
• s.vel -20.0
• s.mass 1000.0
• s.landed false
• s.pos s.pos s.veldeltat
• Thrust ComputeThrust(s)

• In Matlab introduce structure fields without
  declaration
• s.pos 1.0
• s.vel -20.0
• Thrust ComputeThrust(s)

54
Output parameters

• Image ReadImage(const string filename, bool
  flag)
• bool ReadImage(const string filename, Image im)
• Input filename (type string)
• Output
• im (type Image)
• boolean flag indicating success/failure
• function Image, errflag ReadImage(filename)
• Basically the same, but cleaner in Matlab!

55
Arrays

• An array is a data structure containing a
  numbered (indexed) collection of items of a
  single data type
• int a10
• res a0 a1 a2
• Complex z20
• State s100
• for (t1 tlt100 t)
• st.pos st-1.pos st-1.vel 0.5g
• st.vel st-1.vel g GetThrust(st-1,
  burnrate)/st-1.mass
• st.mass st-1.mass burnrateescapevel

56
Multi-dimensional arrays

• double d105
• has elements
• d00 d01 d04
• .
• .
• .
• d90 d91 d94

57
Methods

• In C a class encapsulates related data and
  functions
• A class has both data fields and functions that
  operate on the data
• A class member function is called a method in the
  object-oriented programming literature

58
Example

• class Complex
• public
• double re, im
• double Mag()
• return sqrt(rere imim)
• double Phase()
• return atan2(im, re)
• Complex z
• cout ltlt Magnitude ltlt z.Mag() ltlt endl

59
Constructor

• Whenever a variable is created (declared), memory
  space is allocated for it
• It might be initialised
• int i
• int i10
• int i(10)
• In general this is the work of a constructor
• The constructor is a special function with the
  same name as the class and no return type
• Complex(double x, double y)
• re x im y

60
Information hiding / encapsulation

• Principle of encapsulation is that software
  components hide the internal details of their
  implementation
• In procedural programming, treat a function as
  black boxes with a well-defined interface
• Need to avoid side-effects
• Use these functions as building blocks to create
  programs
• In object-oriented programming, a class defines a
  black box data structure, which has
• Public interface
• Private data
• Other software components in the program can only
  access class through well-defined interface,
  minimising side-effects

61
Example

• class Complex
• public
• Complex(double x, double y) rex imy
• double Re() return re
• double Im() return im
• double Mag() return sqrt(rere imim)
• double Phase() return atan2(im, re)
• private
• double re, im
• Complex z(10.0,8.0)
• cout ltlt Magnitude ltlt z.Mag() ltlt endl
• cout ltlt Real part ltlt z.Re() ltlt endl

62
Example

• class Complex
• public
• Complex(double x, double y)
• r sqrt(xx yy)
• theta atan2(y,x)
• double Re() return rcos(theta)
• double Im() return rsin(theta)
• double Mag() return r
• double Phase() return theta
• private
• double r, theta
• Complex z(10.0,8.0)
• cout ltlt Magnitude ltlt z.Mag() ltlt endl

63
C program organisation

• Complex.h
• class Complex
• public
• Complex(double x, double y)
• double Re()
• double Im()
• double Mag()
• double Phase()
• private
• double re, im

64
C program organisation

• Complex.cpp
• include Complex.h
• ComplexComplex(double x, double y)
• re x im y
• double ComplexRe() return re
• double ComplexIm() return im
• double ComplexMag()
• return sqrt(rereimim)
• double ComplexPhase() return atan2(im,re)

65
Object-oriented programming

• An object in a programming context is an instance
  of a class
• Object-oriented programming concerns itself
  primarily with the design of classes and the
  interfaces between these classes
• The design stage breaks the problem down into
  classes and their interfaces
• OOP also includes two important ideas concerned
  with hierarchies of objects
• Inheritance
• polymorphism

66
Inheritance

• Hierarchical relationships often arise between
  classes
• Object-oriented design supports this through
  inheritance
• An derived class is one that has the
  functionality of its parent class but with some
  extra data or methods
• In C
• class A public B

67
Example
68
Polymorphism

• Polymorphism, Greek for many forms
• One of the most powerful object-oriented concepts
• Ability to hide alternative implementations
  behind a common interface
• Ability of objects of different types to respond
  in different ways to a similar event
• Example
• TextWindow and GraphicsWindow, redraw()

69
Implementation

• In C run-time polymorphism implemented via
  virtual functions
• class Window
• virtual void redraw()

70
Example

• Class A is base class, B and C both inherit from
  A
• If the object is of type A then call As func()
• If the object is of type B then call Bs func()
• If the object is of type C then call Cs func()
• If class A defines func() as
• virtual void func() 0
• then A has no implementation of func()
• class A is then an abstract base class
• It is not possible to create an instance of class
  A, only instances derived classes, B and C
• class A defines an interface to which all derived
  classes must conform
• Use this idea in designing program components
• Specify interface, then have a guarantee of
  compatibility of all derived objects

71
Another example

• Consider a vector graphics drawing package
• Consider base class Drawable
• A graphics object that knows how to draw itself
  on the screen
• Class hierarchy may comprise lines, curves,
  points, images, etc
• Program keeps a list of objects that have been
  created and on redraw, displays them one by one
• This is implemented easily by a loop
• for (int i0 iltN i)
• obji-gtDraw()

72
Templates

• Templating is a mechanism in C to create
  classes in which one or more types are
  parameterised
• Example of compile-time polymnorphism
• class BoundedArray
• public
• float GetElement(int i)
• if (ilt0 igt10)
• cerr ltlt Access out of bounds\n
• return 0.0
• else
• return ai
• private
• float a10

73
Templates

• template ltclass Typegt
• class BoundedArray
• public
• Type GetElement(int i)
• if (ilt0 igt10)
• cerr ltlt Access out of bounds\n
• return Type(0)
• else
• return ai
• private
• Type a10
• BoundedArrayltintgt x
• BoundedArrayltComplexgt z

74
Design patterns

• Programs regularly employ similar design
  solutions
• Idea is to standardise the way these are
  implemented
• Code re-use
• Increased reliability
• Fewer errors, shorter development time
• An array is special case of a container type
• Way of storing a collection of possibly ordered
  elements.
• List, stack, queue, double-ended list, etc
• Templates in C offer a way of providing
  libraries to implement these standard containers

75
Standard Template Library

• C provides a set of container classes
• Standard way of representing and manipulating
  container types
• eg, methods insert(), append(), size(), etc
• STL supports
• Stack (FILO structure)
• List (efficient insertion and deletion, ordered
  but not indexed)
• Vector (extendible array)
• others

76
STL example

• stdvectorltTypegt is an extendible array
• It can increase its size as the program needs it
  to
• It can be accessed like an ordinary array (eg
  v2)
• It can report its current size
• v.size()
• You can add an item to the end without needing to
  know how big it is
• v.push_back(x)

• includeltvectorgt
• int main()
• stdvectorltintgt v
• for (int i0 ilt20 i) v.push_back(i)
• for (int i0 iltv.size() i)
• stdcout ltlt vi ltlt stdendl

77
STL, continued

• To create a new STL vector of a size specified at
  run-time
• int size
• stdvectorltComplexgt z
• stdcin gtgt size
• z.resize(size)
• z5 Complex(2.0,3.0)

78
STL, continued

• To create a two dimensional array at run-time
• int width, height
• stdvectorlt stdvectorltintgt gt x
• x.resisze(height)
• for (int i0 iltheight i)
• xi.resize(width)
• x23 10

79
Iterators

• A standard thing to want to do with a collection
  of data elements is to iterate over each
• for (int i0 iltv.size() i)
• Not all container types support indexing
• A linked list has order, but only relative order
• An iterator is a class that supports the standard
  programming pattern of iterating over a container
  type
• stdvectorltintgt v
• stdvectorltintgtiterator i
• for (itv.begin() it!v.end() it)
• An iterator encapsulates the internal structure
  of how the iteration occurs

80
Complete example

• Design a program to compute a maze
• User-specified size
• Print it out at the end
• Algorithm
• Mark all cells unvisited
• Choose a start cell
• While current cell has unvisited neighbours
• Choose one at random
• Break wall between it and current cell
• Recursively enter the chosen cell

81
Design data structures

• Maze class
• Compute method
• Print method
• Two dimensional array of Cells
• Cell class
• Accessor methods
• Break wall methods
• Wall flags
• Visited flag

82
Cell class interface

• class Cell
• public
• Cell()
• bool Visited()
• void MarkVisited()
• bool BottomWall()
• bool RightWall()
• void BreakBottom()
• void BreakRight()
• private
• bool bottomwall
• bool rightwall
• bool visited

83
Maze class interface

• class Maze
• public
• Maze(int width, int height)
• void Compute(int x, int y)
• void Print()
• private
• int Rand(int n)
• int H, W
• stdvectorlt stdvectorltCellgt gt cells

84
Main program

• int main(int argc, char argv)
• int width, height
• cerr ltlt "Enter maze width "
• cin gtgt width
• cerr ltlt "Enter maze height "
• cin gtgt height
• Maze m(width, height)
• m.Compute(height-1,0)
• m.Print()
• return 0

85
Concept summary

• Top-down design
• Abstraction
• Encapsulation / information hiding
• Modularity
• Functions
• Classes / objects
• Inheritance
• Polymorphism
• Templates
• Patterns
• Exam questions? See tute sheet.