曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
hypothesis that the model is valid. Some of the faults that have been found in the programs used in this
experiment are described in section six, and various issues arising from this experiment are discussed in
section seven. Our conclusions are presented in section eight, and the requirements specification used in
the experiment is included as an appendix.
2. DESCRIPTION OF EXPERIMENT
In graduate and senior level classes in computer science at the University of Virginia (UVA) and the
University of California at Irvine (UCI), students were asked to write programs from a single requirements
specification. The result was a total of twenty seven programs (nine from UVA and eighteen from UCI) all
of which should produce the same output from the same input. Each of these programs was then subjected
to one million randomly-generated test cases.
In order to make the experiment realistic, an attempt was made to choose an application that would
normally be a candidate for the inclusion of fault tolerance. The problem that was selected for
programming is a simple (but realistic) anti-missile system that came originally from an aerospace
company. The program is required to read some data that represents radar reflections and, using a
collection of conditions, has to decide whether the reflections come from an object that is a threat or
otherwise. If the decision is made that the object is a threat, a signal to launch an interceptor has to be
generated. The problem is known as the ‘‘launch interceptor’’ problem and the various conditions upon
which the decision depends are referred to as ‘‘launch interceptor conditions’’ (LIC’s). The conditions are
heavily parameterized. For example, one condition asks whether a set of reflections can be contained
within a circle of given radius; the radius is a parameter.
- 5 -
The problem has been used in other software engineering experiments [15]. It has also been used in
a study of N-version programming with N equal to three that was carried out at the Research Triangle
Institute (RTI). We chose this problem because of its suitability and because we were able to use the
lessons learned in the experiment at RTI to modify our own experiment. RTI had prepared a requirements
specification and had experienced some difficulties with unexpected ambiguities and similar problems. We
were able to rewrite the requirements specification in the light of this experience. Thus the requirements
specification had been carefully ‘‘debugged’’ prior to use in this experiment.
The requirements specification was given to the students and they were asked to prepare software to
comply with it. No overall software development methodology was imposed on them. They were required
to write the program in Pascal and to use only a specified compiler and associated operating system. At
UVA these were the University of Hull V-mode Pascal compiler for the Prime computers using PRIMOS,
and at UCI these were the Berkeley PC compiler for the VAX 11/750 using UNIX.
The students were given a brief explanation of the goals of the experiment and the principles of Nversion
programming. The need for independent development was stressed and students were carefully
instructed not to discuss the project amongst themselves. However, we did not impose any restriction on
their reference sources. Since the application requires some knowledge of geometry, it was expected that
the students would consult reference texts and perhaps mathematicians in order to develop the necessary
algorithms. We felt that the possibility of two students using the same reference material was no different
from two separate organizations using the same reference sources in a commercial development
environment.
As would be expected during development, questions arose about the meaning of the requirements.
In order to prevent any possibility of information being inadvertently transmitted by an informal verbal
response, these few questions were submitted and answered by electronic mail. If a question revealed a
general flaw in the specifications, the response was broadcast to all the programmers.
- 6 -
Each student was supplied with fifteen input data sets and the expected outputs for use in debugging.
Once a program was debugged using these tests and any other tests the student developed, it was subjected
to an acceptance test. The acceptance test was a set of two hundred randomly-generated test cases; a
different set of two hundred tests were generated for each program. Different data sets were used for each
program to prevent a general ‘‘filtering’’ of common faults by the use of a common acceptance test. An
acceptance test was used since it was felt that in a real software production environment potential programs
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
航空资料35(187)
