timc@cs.man.ac.uk (Tim Clement) (06/18/91)
1991 Sun Annual Lecture in Computer Science
University of Manchester
September 25th - 26th.
Systems Design: Theory and Practice
David Harel
Department of Applied Mathematics and Computer Science
Weizmann Institute
About the Sun Annual Lecture
----------------------------
The Sun Annual Lecture in Computer Science at the University of Manchester
provides an opportunity for an eminent computer scientist to give a series
of lectures introducing a wider audience to current research work in
their area. The lectures occupy eight hours over two days, giving
ample time for questions and discussion.
This year, we are delighted to have Professor David Harel, Chairman of
the Department of Applied Mathematics and Computer Science at the
Weizmann Institute, and co-founder of i-Logix Incorporated.
Registration for the lecture series is 75 pounds, which includes lunch
each day, and supporting material for the lectures. The Annual Lecture
dinner will be held on the night of the 25th at Yang Sing, one of the best
Chinese restaurants in the UK. If you would like to attend this,
please tick the box in the reply slip below and include the cost with the
registration payment.
Abstract
--------
In these lectures I will try to outline an approach to the development
and analysis of complex reactive systems.
In his well-known ``No Silver Bullet'' paper, published in 1987, Fred Brooks
expresses his feelings about the illusions and hopes offered by software
engineering. He argues that many proposed ideas are not the silver bullets
that will deliver us from the horrors of developing complex systems.
Brooks' paper is reminiscent of Parnas' series of mini-papers that accompanied
his widely publicized resignation from the SDIO Panel on Computing in 1985.
Parnas claims that current proposals are vastly inadequate when it comes
to building reliable software as complex as that required by the SDIO project.
We thus have two rather discouraging position papers, authored by two of the
most influential figures in the software world. One of the things I will
try to do in these lectures is to illuminate the brighter side of the coin,
emphasizing developments in the field that were too recent or immature
to have influenced Brooks and Parnas at the time of their writing.
The two main aspects of these developments have to do with a carefully wrought
``vanilla'' approach to system modeling, and the emergence of powerful methods
for executing the resulting models. I will argue that the combined effect of
these and other ideas is already showing positive signs, and appears to have
the potential of providing a truly major improvement in our present abilities,
affecting the essence of the problem in a profound way. This might take more
than the ten years Brooks focuses on in his paper. It will surely be a long,
long time before we can build reliable software for the likes of the SDIO
project. Such a system remains an order of magnitude too large and too
critical, mainly because of its must-work-first-time nature. But I also
believe that we are on the royal road, and that the general impression one
gets from reading the papers of Brooks and Parnas is far too bleak.
Reactive systems include many kinds of embedded, concurrent and real-time
systems, but exclude data-intensive ones, such as databases and management
information systems. Reactive systems are widely considered to be particularly
problematic, posing some of the greatest challenges in systems engineering.
The vanilla approach is rooted in early work on modularization and information
hiding, and on structured analysis and structured design, which dealt mainly
with data-intensive systems. According to these, the backbone of the model of
a system should be a hierarchy of activities, that capture the functional
capabilities of the system, suitably decomposed to a level with which the
designer is happy. The new work advocates enriching this hierarchy with
behavioral descriptions, called control activities, that appear (potentially)
on all levels. Control activities play the role of the central nervous system,
so to speak, of the conceptual model. They are to sense and control the
dynamics of that portion of the functional description that is on their level.
The lectures will describe a relatively new approach to modeling behavior,
i.e., for capturing the workings of the control activities, the language of
statecharts. This is a highly visual language, that extends state-transition
diagrams, making them useful even for very large systems. We shall discuss
mathematical properties of statecharts, such as the succinctness they offer
in describing systems with very large state spaces.
The second part of the lectures will concentrate on means for analyzing and
debugging system models. Although the importance of testing and analyzing
algorithms has always been acknowledged, the world of complex systems has
long suffered from something of an indifference to such needs. By analogy,
the situation was as if we were asked to solve one-person algorithmic problems
without the possibility of running programs, and hence without being able
to test and debug them at all!
One of the main ideas we shall consider is that of executable specifications,
or, to fit in better with the terminology used here, executable models.
Executing a model is analogous to running a program directly, with the aid
of an interpreter. Although model execution is not a new idea, its vast
potential has not yet been fully exploited. We shall discuss interactive and
batch executions, as well as programmed executions, random executions, and
exhaustive executions, and will exhibit their power. We shall also touch
upon the possibility of verifying the model rigorously against a global
constraint in temporal logic.
We shall then turn to another crucial idea, that of automatically translating
the model into runnable code, in, say, C or Ada, or a hardware desscription
languages, such as VHDL. This process is analogous to compilation, and its main
benefit is in observing the system performing under circumstances that are
close to those of the real world. For example, the code can be ported to, and
executed in, the actual target environment, or, as is often the case in
earlier stages, in a simulated version of the target environment. The code
can be linked to ``soft'' panels, i.e., graphical mock-ups of control boards,
complete with images of display screens, switches, dials and gauges, that
represent the actual user-interface of the final system.
The main thesis of the talks is that the current situation, and the prospects
of significant improvement in the future, indicate that system development is
at the start of a new and exciting era.
About the lecturer
------------------
David Harel is a professor at the Weizmann Institute of Science in Israel,
and is Chairman of its Department of Applied Mathematics and Computer Science.
He is also a co-founder of i-Logix, Inc., Burlington, MA. He has published
widely on computability and complexity theory, logics of programs, theory
of databases, systems engineering, and visual languages. He has been on the
research staff of IBM's T.J. Watson Research Center at Yorktown Heights,
and a visiting professor at Carnegie-Mellon University. He received a
best paper award in the 10th International Conference on Software Engineering
in 1988, and his book, "Algorithmics: The Spirit of Computing" (Addison-Wesley,
1987), was the Spring 1987 Main Selection of the Macmillan Library of Science.
Harel received the BSc from Bar-Ilan University in 1974, the MSc from Tel-Aviv
University in 1976, and the PhD from the Massachussetts Institute of Technology
in 1978. He is on the editorial boards of Information and Computation,
Formal Aspects of Computing, Mathematical Systems Theory, and the
ACM Press/Addison-Wesley book series. He is a senior member of the IEEE,
and a member of the IEEE Computer Society and the ACM.
-------------------------------------------------------------------------------
Sun Annual Lecture Registration 1991
Please register me for the SUN Annual Lecture in Computer Science at the
University of Manchester.
Name:
Address:
Company/Institution:
Telephone:
Electronic mail address:
Payments:
Registration Fee (75 pounds)
Annual Lecture Dinner (25 pounds)
Total
I enclose a cheque for this amount made payable to the University of
Manchester.
------------------------------------------------------------------------------
Please send registration forms to:
Mrs. J. Fleet,
Annual Lecture,
Department of Computer Science,
The University,
Oxford Road,
Manchester M13 9PL,
ENGLAND
For further information, write or e-mail:
JANET: annual-lecture@uk.ac.man.cs
ARPA/BITNET: annual-lecture@cs.man.ac.uk