Data Structures (600.226)Design Principles

CS Dept., Johns Hopkins Univ.

hajic@cs.jhu.edu

www.cs.jhu.edu/~hajic

Data Structures and Algorithms
- Programs

Goals: Design, Implementation

Object-Oriented Design Principles
- Robustness, Adaptability, Reusability

Object-Oriented Design Techniques
- Abstraction, Encapsulation, Modularity

The Consequences:
- Case studies:
  - benign: Power Plant test failure
  - malign: The Therac-25 disaster

Data Structures and Algorithms

Niklaus Wirth:
- (the author of the “Pascal” programming language):
  Data Structures
  + Algorithms
  = Programs

Correctness

Efficiency

Implementation Goals

Robustness

Adaptability

®

Reusability

® ®

Design Principles(Object-oriented):Abstraction

Abstraction
- high-level description of objects and their interaction
- several levels of abstraction (problem dependent granularity): don’t care about lower-level details
- ...sometimes, revisions necessary :-(
- key component in “top-down” design

... applied to data structures:
- Abstract Data Types:
- mathematical model

Implementation (C++/Java/...): class

Information hiding:

(Housing) Developer’s planning:
- houses:

Architect:
- floor plan, essential features (fireplace, chimney(s), windows, ...)

Builders:
- materials used (bricks for a chimney, type of bricks, insulation, ...)
- operations: brick layout, sequence of building operations

Modularity
- small units with well defined (minimal) interface (API)
- specialized for a given task
  - addition (to get 1+1 right; don’t care about multiplication)
  - electric current computation in wiring design (don’t care about gas plumbing; maybe not used at all!)

Hierarchy
- “is a” relation
  - car is a vehicle
  - SUV is a car
  - Jeep Grand Cherokee is a SUV
  - someone’s Jeep G.C. is a J.G.C.

Design Techniques

Classes and Objects
- (data) fields
  - “placeholders” - instance variables
  - references (pointers) to other objects
- methods (procedures, functions)
  - typically operating on this class’ fields
- objects must be created
  - ...and memory allocated, with a reference (“link”) to the object stored somewhere:

API, ADT, Strong Typing

API (of an object/class) is...
- Application Programming Interface
- collection of (preferably only) methods (procedures, functions) which are offered for the outside world (i.e., other objects) to use
- [Þ there are some methods (and fields) which are hidden to the outside world]
- called “public”

ADT is...
- data type + operation defined on it
- operations and their results: typed
- e.g. “PLUS” is an operation with two numerical arguments, returning a numerical value

General method
- defines fields common for many (more specialized) methods:
  - animal:
    - date of birth
    - size (e.g., weight)
    - lowest temperature it can live in
    - number of legs
  - predators: everything like animals, plus:
    - is-prey(animal a): says “yes” if a is a favorite prey
  - lions: everything like predators, plus:
    - diameter of the mane

Redefine a method “inside” a more specialized object:
- animal/predator/lion example:
  - the “name” of a prey not sufficient; must add “maximum size”: data field PreySizeMax
  - redefine is-prey(animal a):
    - returns “yes” if a is a favorite prey and a.size <= PreySizeMax

Goals, Principles, Techniques: the Big Picture

Object-oriented design

Objects

& typing

Polymorphism

I don’t want you to be scared, but...

Three case studies:
- examples of poor analysis/desing/implementation
  
  .
- .. and of the consequences

Power Plant (test) failure(benign)

Real case (early 70s):
- New, double fuel power plant (oil/coal)
- Pre-operational testing (not connected to the electricity network)
- Computer environment:
  - proprietary design hardware
  - no real-time OS
  - primitive version of the BASIC programming language
- The problem:
  - during prolonged “SYSTEM PAUSE”, after about 30 seconds of autonomous function, the computer shut down everything for no apparent reason.
- The bug: millisecond counter wrapped to

Hard Disk Microcode Bug(just expensive - for some)

Real case (1992)
- where: well-known old computer company, research division
- what: well-known hard disk manufacturer’s disks mounted in a workstation server (UNIX)
The Problem:
- during overnight long runs (statistics, huge data, CPU intensive ), the jobs crashed unexpectedly because of defective input data format
- off-line format check: OK
- never happened during the day
The bug:
- head positioning (seek) off by 1 track if head returning to the end of previous data read after more than 30 minutes of “parking”
It took 3 full man-weeks (researchers!), plus many more of technicians

The Therac-25 Failure(six accidents: deaths & injuries)

1985-1987

Radiation Therapy Machine Therac-25

Dual-mode equipment:
- low-energy electron treatment
- high-energy X-rays (filtered through a “flattener”)

Major safety hazard:
- X-ray mode,
- and if “flattener”not in the beam path
  - consequence: patient gets a full 25 MeV X-ray dose, typically two orders of magnitude higher than prescribed (causing death in most cases)

Therac-25 Problems

The problems:
- safety “interlocks”
- hardware interlocks supplanted by software
- plus combination of several other (otherwise harmless) failures:
  - cryptic error messages
  - failures lead to “pause” instead to “suspend” (with easily induced repetition of the same failure - by pressing a single key!)
  - hidden (automatic) value changes
  - wrapping-to-zero problem (cf. the Power Plant problem, or Y2K bug)
  - race condition (real-time OS problem)
  - ...even an editing problem (“secret” Return)

Therac-25 lessons

Software quality assurance procedure
- documentation
- reusability: same environment only

Software testing
- component-by-component (not only the system as a whole)

Modular design needed
- small modules
- well-defined interface

Software interlocks
- do not believe yourself