Re: [xml-dev] How to Build Applications with a Sound Foundation

[Michael Kay <mike@saxonica.com>]

On 21 Feb 2014, at 18:54, Costello, Roger L. <costello@mitre.org> wrote:

> Hi Folks,
> 
> I wrote a short 2-page paper describing how to create applications with a strong formal underpinning:
> 
> http://xfront.com/How-to-Build-Applications-with-a-Sound-Foundation.pdf
> 
> Have you followed this approach in creating XML applications?
> 

I have been on perhaps 4 projects that have tried this approach and in each case it has been disastrous, and in each case for the same reasons. The stake-holders in the project don't understand the formalisms, so they can't read the specs or provide feedback on them. The programmers don't understand the formalisms either, so they don't read the specs. The users and the programmers start talking to each other and ignoring the theoreticians, who increasingly get sidelined. Changing the formal model takes too long, and only two people are capable of doing it, so a long backlog builds up, and the coders start making changes before the changes have been specified. Eventually if the project is to be rescued, the only way is to sack the formal methods team.

That's not to say there is no role for theory, or for mathematical rigour. But I've found it works best if you do the formal bit in a workshop where the aim is to try and improve everyone's understanding of the core essentials of the system, and then throw it away. The bit that doesn't work is trying to specify every detail of the system and keep the formal spec up to date as requirements change.

And code generation is a bad idea too. I've never seen it work. It's essential that debugging tells you where your original source is wrong, and I've never seen code generation tools that achieve that.

Michael Kay
Saxonica