Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!cs.uoregon.edu!ogicse!uidaho!groucho.mrc.uidaho.edu!windley From: windley@ted.cs.uidaho.edu (Phillip J. Windley) Newsgroups: comp.software-eng Subject: Re: Provocative statement Message-ID: Date: 29 Apr 91 16:54:55 GMT References: <9776@castle.ed.ac.uk> <36650007@hpopd.pwd.hp.com> Sender: @groucho Organization: University of Idaho CS Dept. Lines: 47 In-Reply-To: daves@hpopd.pwd.hp.com's message of 27 Apr 91 10:37:56 GMT Nntp-Posting-Host: panther.cs.uidaho.edu I apologize, I have lost the original reference and am not able to properly attribute this quote: > formal methods community. They use over-kill in the main. Materials and This misses the point of engineering. The goal is not to overkill, but to get some acceptable safety factor WITHIN A CERTAIN COST. I had a professor that said an engineer is someone who can do with a dollar what any fool could do with two. > designs proven to work from experience and then some!! Very few bridges > fall down. The number that do is a tolerable expediency. This is even worse. In the 19th century this was true. Now it more a matter of analysis than experience (although it is certainly true that the analysis is built on a solid foundation of experience). The reason that I discount experience is that the point of engineering education is to codify this experience so that new engineers can use it without years on the job. (Note that trades based on experience are best passed on by an apprentice program, not college.) Analysis is in part codification. The reason that a civil engineer can build a bridge and overdesign within an acceptable cost is because engineers can analyze their designs. Years of development have given practicing civil engineers the math and analysis tools necessary to say that if I use this design, I have a safety factor of 4 (or 10). Further, the civil engineer can compare one design with a cheaper one and conclude with reasonable confidence that they give equivalent safety for differing costs and then select the cheapest. I do not believe that there are many software engineers who can do this for code. There are certainly fewer who learned it in school. Most graduating CS majors wouldn't even be able to analyze a sort routine and give a cogent argument that it works (note that I didn't say formal proof). Most engineers do analysis as the major part of their job. The design is a small part of their product; analysis is the large part. Until software engineering has analysis tools analogous to other engineering disciplines, it is at best a craft. -- Phil Windley | windley@cs.uidaho.edu Assistant Professor | windley@cheetah.cs.uidaho.edu Department of Computer Science | University of Idaho | Phone: 208.885.6501 Moscow, ID 83843 | Fax: 208.885.6645