January 2010 - Posts

The Law of Lossy Requirements by Bruce Nielson

Lossy Compression

In computer science, compression is an indispensible tool. Anyone familiar with .zip files knows what I mean. Interestingly, there are two kids of compression, lossless and lossy. Lossless compression is like .zip compression, you put a file of, say, 100kb in and the end result is a file of, say, 50k. But when you reverse the process, you get back your original 100kb file.

Lossless compression relies on the fact that in real life information contains patterns. Just imagine taking this post and finding the most common used words in it. Then replace the most common word with a the tag “<1>” and the next most common with “<2>”, etc. The end result would generally be a smaller file, yet by replacing “<x>” with the original words you could recover the original file in its entirety.

I used to wonder what possible use lossy compression could ever be. Why in the world would I ever want to save off a compressed version of my files if I couldn’t get them back to their original state ever again?

Of course for files, lossy compression is useless but for computer graphics it’s quite useful. Because the human eye is not capable of picking up all the details in an image it’s possible to reduce the details in the image without the human eye being able to tell the difference.

What’s even more interesting is that you can continue to increase that lossy compression on an image until the human eye can tell the difference, yet the brain will still be able to tell what the image is. It just looks a bit more blurry.

In fact, you can continue to compress and compress using lossy compression to any size. At some point you end up with a single solid color, of course, which isn’t useful, but even if you take a very large image – let’s say 1024 x 1024 pixels – and shrink it via lossy compression down to the equivalent of a 16 x 16 image, the human brain fills in the details and still makes sense of the image.

Requirements Are Lossy Compression

If Code is Design, one of the most under appreciated points of software development is that requirements are equivalent to lossy compression of graphics, only in reverse. (See also Tell Me What To Do, Not How to Do It for an example of this.) 

What we call “requirements documents” (or even “design documents”) are really a blurry picture of what is to be built. In other words, requirements and design documents by definition do not contain all the details.

Why do we do this? There are actually many reasons, but here are two key reasons:

1. Until the software is actually built, it doesn’t exist. So there isn’t really a choice but to imagine it with broad brush strokes and then refine it into reality.

2. As was discussed in a previous post, human beings more easily understand abstractions rather than precision. If we didn’t have abstract and blurry views of the design, no one but the programmer would ever understand what is to be done. Actually, even the programmer would only understand it in chunks and not holistically.

The Law of Lossy Requirements

If you followed my argument so far, then The Law of Lossy Requirements will now make sense to you. This law states:

All requirements documents are a lossy compression of the business rules. If you made it non-lossy, the cheapest way to document it would be in code.

Therefore there are two corollaries to this law:

Corollary 1: There will never be a point where you know all details of what software is to be created until the software is completed.

Corollary 2: There is no such thing as documenting everything in the software because to do so would require synchronizing essentially a second copy of the code.

Comprehensibility vs. Precision by Bruce Nielson

Abstraction vs. Precision in Requirements

I used to be an instructor for Rational Software’s RequisitePro software, which included a class called “Requirements College.” This useful class helped teach people how to elicit requirements from their customers.

Three things that really stuck with me from the class were, first, the idea that one does not “gather requirements’ per se, but elicits them. If taken literally, “gathering requirements” implies that requirements are readily available and you just have to pick them up and take them. This flies in the face of reality; requirements have to be created from nothing.

The second was the idea that How and What are relative to a point of view. I’ve written about this in the past.

The third was that, according to the course, abstraction and precision form a spectrum that affects comprehensibility.  The idea was that if you are too abstract, your writing won’t be comprehensible at all. But if you are too precise, it’s also not comprehensible. The following graph illustrates the idea:

 

Comprehensibility 

Legalese is a good example of this. Legalese is very precise wording for legal purposes, but because its so precise, it’s difficult for anyone but a lawyer to understand – and that’s not a fair comparison because the lawyer at least gets paid to slog through it.

Therefore, according to the course, requirements should seek the sweet spot of maximum comprehensibility, where it’s neither too precise nor too abstract.

Useful, but Misleading

This idea of avoiding too much precision to increase comprehensibility is a useful idea. But I couldn’t help but feel it also somewhat mislead.

I kept thinking to myself: but what if that level of precision is what you need to come to an agreement on?

Imagine dumbing down legalese so that it’s more “comprehensible.” Would that be a good thing? It’s not like legalese was created to keep lawyers employed (though sometimes it might seem that way.) On the contrary, legalese was created because a more comprehensible abstraction would also have multiple possible meanings. In a court of law, that’s precisely what we’re trying to avoid. Ergo, the need for legalese.

Are Software Requirements Like Legalese?

Now if the point of requirements documents is to get everyone going in the same general fuzzy direction, I can see that a comprehensible abstraction would be the best way to handle it.

But if the point of the requirements is to come to agreement on how to specifically implement something, there is no substitute for precision in details. I believe “requirements” (and also “design”) must therefore be considered as something closer to legalese in such a circumstance.

In an ideal world, we’d probably want both. We’d want to start at the highest level of abstraction and work our way down, keeping every stakeholder informed and involved as we take the fuzzy abstraction and turn it into something specific and detailed.

But in reality, the Marketing People drop out after the first details start to be filled in, Management’s eyes begin to glaze over once the “requirements document” is complete, and even the Technical Lead might to nod off once we get into the really nitty gritty details.

Conclusions

I see an essential tension between “comprehensibility” and the need to come to agreement on an actual implementation, which requires comprehending the actual details. I think this is one of the hardest problems in software development and I do not expect this to be a problem that can ever be overcome because it’s the essential nature of software itself.

Proper Use of Overtime by Bruce Nielson

It seems to me that “overtime” is a much talked about subject, both in literature and just around the water cooler, but that people tend to take one of two extreme views on it.

The first view is that overtime is immoral unless the development team screwed up. This point of view says, “if I made a mistake, I’ll make good, but otherwise, I expect to never have to work overtime. So long as I’m giving it my best, overtime – particularly unpaid overtime – is immoral to ask me for.”

The second point of view is that “it’s part of the job.” From this point of view overtime is just part of doing your job and no developer should think otherwise. Those that do think otherwise should seek other employment.

Now it seems to me that people don’t usually stick with one point of view on this. We tend to swing about, based on our current situation, as to whether or not overtime is “part of the job” or “an immoral practice.” Particularly, we tend to think of it as “part of the job” when it’s someone else and “an immoral practice” when too much of it is asked of us personally.

I propose that neither point of view is true.

I think overtime is a legitimate tool in the toolbox to get a job done. But if it’s your only tool – or worse yet, only remaining tool -- you’ve probably already lost the battle.

In a past post I pointed out that software estimates tend to be pretty bad. And elsewhere, I pointed out that the need for upfront estimates is a ‘water breather’ i.e. the need for them is so significant that lack of ability to make good estimates isn’t reason enough to not make them.

I think the rest is obvious. In business, we rely on estimates that we often can’t accurately make. Even if we “do it right” when making an estimates it’s just not always enough for the estimate to be accurate. So when estimates fail, we must face hard choices. These include:

1. Cutting scope

2. Working overtime

3. Delaying the due date

Now it’s easy to say “Well, just cut scope or delay the due date, because it’s wrong to ask me to work overtime for something that isn’t my fault. I had no way of knowing that X was going to happen and delay the project.”

But I think this is an unrealistic view. If a project estimate goes south, typically it goes far south, so there is often a need to do all three of the above to rectify the situation.

But of course the inverse point of view must also be seen as valid. If your team is working overtime to make up a bad schedule, but you aren’t also cutting scope and/or delaying the due date as far as possible, then you might as well admit that you aren’t serious about your schedule and you’re really just punishing the team.

Oh, and expect your team to be aware of this.

So what’s the proper use of overtime? I’d say it’s one tool in the box to deal with bad estimates, that it shouldn’t be used without using other means as well (such as cutting back on scope), and that you should be careful to not do it more often than is necessary.

What Constitutes a Change of Scope? by Bruce Nielson

In a previous post I used Robert Glass’ advice from his excellent book, Facts and Fallacies of Software Engineering to come up with what I see as the industries standard advice on how to do good software estimates:

To summarize, the standard advice is to:

  1. Not make estimates until requirements have been defined
  2. Always let the programming team make the estimate, not management or marketing
  3. Use change control on the estimate as requirements change

While I believe the above advice is good advice, it’s no where near sufficient to address the very real problems of software estimation. However, if you aren’t doing at least the above, your estimates are doomed. So Glass’ points are at least a good starting point.

Now one objection I anticipate from the audience is that if #3, if understood in a certain way, would make it impossible to ever miss an estimate. If you can always change the estimate to match reality, how can it ever be missed?

I actually think this is a good point that starts up down the road to understanding the real problems of software estimation.

First of all, if we take that point of view to its logical conclusion, this is really just the same as saying that the estimate isn’t worth the paper it’s printed on. Imagine going into a car shop (or when buying a house, or whatever you want to imagine) and being told “well, it will probably cost $1,000, but we’ll let you know if it’s going to cost more.”

Then a couple of hours later you receive a phone call. “Yeah, it’s like I thought. The problem is bigger than anticipated. I’m projecting $2,000 now.”

Then the next day you receive another call. “Well, it’s taking longer than expected, so I’d say probably $3,000 now.”

By this point, you’d a) break into a cold sweat every time the phone rang, wondering how much more you owe now, and b) you’d probably have pulled the car out of the shop and taken it to a “reputable” place.

So the first thing we need to understand, is that if you take #3 above to mean “I get to correct the estimate any time I realize it’s going to take more” that we’ve fundamentally misunderstood both human nature and the purpose of an estimate.

The Meaning of “Scope”

Now I anticipate another objection might be: “Well, you’re giving an example of where nothing changed. It’s still the same scope at that car shop, they are just charging more because it took longer. That’s unfair and immoral. I’d never advocate that. I only advocate changes of scope that are obvious and clear.”

Ah, very good. So there is an emotional difference between asking for more money when there is a clear change of scope vs. when the change of scope is vague.

But what exactly is a “clear change of scope”? Are all legitimate changes of scope “obvious” and thus “clear?”

For example, if you brought your car into the shop because there is a knock in it and the shop looks it over and says “well, it’s probably the carburetor, so I know it will cost $1,000 to fix” and then they start work on the car and they don’t find a problem with the carburetor, is it really the same scope still?

There are two ways to think of this, both are fair in my opinion. The first is, the customer’s point of view:

The scope of work that was estimated was to remove the knock. They are the experts, so they should have diagnosed it correctly. If it wasn’t really the carburetor that was causing the problem, that’s their problem, not mine. The scope of work has not changed so the price should not change!

The second point of view is the car shops point of view:

I did my honest best to diagnose the problem. Every time in the past I’ve heard a knock like this, it’s been the carburetor. Any competent mechanic would have diagnosed it the same. When I made my ‘bid’ it was to fix the carburetor, not to remove a vague knock. If I later find out there is a much more extensive problem, that constitutes a change of scope, and thus I have the right to ask for more money!

So who is right? I think most of us impulsively believe the customer is right in this circumstance, mainly because it would make us really mad to be treated the way this hypothetical car shop is treating us. So we “go with our gut” on it and declare the car shop both wrong and immoral.

But think about this problem from the point of view of being a programmer. Really, give it some thought. I have never know a programmer that didn’t take the “car shop’s view” when the shoe was on their foot.

“Scope” is Inherently Vague in Software

I’d submit that actually both are right. Or more to the point, there is no actual “right or wrong” here. We’re making a moral issue where no moral issue exists.

In reality, whether the car shop should take the first or second point of view is entirely based on what is right for their business long term. If they want to ask for more money, this is completely fair and moral, but it’s very likely to end the relationship with the customer and that is as it should be. So they get to decide for themselves if they want to take a loss on this one to keep the customer or if they want to exert their right to declare this a change of scope and ask for more money before proceeding.

But the key point I want to make is that most of the time, it’s not clear what a “clear change of requirements” is. For it to be clear, the “requirements” would have had to have been very detailed, in this case, specifying what they were estimating based on their plan to inspect the carburetor.

But in the case of software, how detailed would you have to be with your ‘requirements’ to avoid debate over if something was a change of scope or not? Likely it would require you to write your ‘requirements’ in pseudo code. (More on this in later posts.)

If the requirements were more abstract and general then pseudo code, then I submit that there will usually be some wiggle room for both sides and for both points of view to declare a cost overrun as either “in” or “out” of scope for the requirements, just like our car shop example.

So my point is simply this: ‘Clear changes of scope’ are rare indeed. You’ll mostly have to live with muddy ones. Turning it into a moral issue is a mistake. (“Those crummy customers always changing the requirements on the project! What immoral cretins!”) It’s just a business decision about what will be in your best interest long term.

The Prime Mistake by Bruce Nielson

In a previous post I talked about the blame game. I suggested that “the blame game” is a necessary part of software failures so it shouldn't be treated with as much fear and loathing it usually receives. By understanding the human need to pin down blame (and the general inability for human's to be able to) we are avoiding ignoring this very human success or failure factor.

Related to “the Blame Game” is what I call “the Prime Mistake.” And unfortunately, The Prime Mistake, is very bad for software developers, so it’s best we understand the concept.

The perfect example of “the Prime Mistake” happened to me years ago back in high school, in my Geometry class. My teacher had a bad habit of making all the problems dependent on the answer of a previous problem. Worse yet, he didn’t give partial credit for having done the follow on problem the right way but with the wrong starting value.

On one test I took, I missed the very first problem due to a stupid error. The rest of the problems used that value as their starting point, so I basically missed everything.

That first problem that I missed is an example of “the Prime Mistake” because it’s the original mistake that causes all the follow on mistakes.

Part of the Blame Game is the attempt to track down the Prime Mistake so that we can pin everyone else’s mistakes on one person.

Developers and The Prime Mistake

When it comes to developers, the Prime Mistake seems to be particularly dangerous. As it turns out, absolutely all problems in software can be traced (in some way) back to the programmer, usually with a pretty obvious cause and effect – a mistake on the programmers part. Woe is the software programmer!

Due to the prime mistake, the programmer may end up with basically everything at their feet. After all, every single defect in the code is – in a very real sense – their fault.

The problem with this line of thought is that removing all defects is beyond human capacity.

Worse yet, we tend to be far more forgiving of “mistakes” in principle than in practice. Ask any user or manager or user upfront if they accept that programmers, no matter how hard they try, will make mistakes. “Sure, they say. It’s inevitable.”

But then watch those same managers and users after an actual bug lead to a problem that causes a real dollar loss! Heaven help the programmer then.

The problem is that when a real defect is uncovered, it doesn’t come in a “theoretical package” it comes with real damage, such as loss of dollars, confidence, or prestige. This is why we react differently to real defects than theoretical defects.

To make things worse, real defect are shortly followed with “a fix” which is really just a fancy way of saying “all information about how it could have been avoided if the programmer has just been ‘a bit more careful or smarter.’”

So the temptation to assign the Prime Mistake to the developer may become overwhelming for “real defects.”

Spreading the Blame Means Spreading the Responsibility

In our more theoretical moments, we know that programmers can’t possibly have no defects. It is this realization that has led to the industry standard of having “testers” that are separate from programmers. Indeed, the invention of “testers” is a very good step in the right direction. We effectively “spread the blame” out a bit. If a defect gets past both the developer and the tester, we might feel a bit more forgiving to the developer for having “screwed it up.”

(Another point is that a tester hopefully helps find the defect before there is a loss attached to it. But this is a tale for another time.)

But we shouldn’t stop here. Software is so complex that even a good developer and a good tester together can’t realistically “not make errors.” Everyone involved in the project must take responsibility for avoiding defects. The users must test regularly and give clear requirements, the programmer must use automated unit tests, and the testers must have test plans so that they aren’t relying on memory. Removing defects in software is never one person’s (or one group’s) responsibility.

And when all of that together fails, at least everyone knows we all did the best we could.

Code is Design by Bruce Nielson

The Story So Far

Let’s return to the primary concern with Software. We’ve talked about how most software projects either fail altogether or run significantly over budget. Along with that thought, we considered the statistics that show that the development team itself plays little role in the success and failure of the project in comparison to users and sponsors. However, contrasting that we’ve looked at how software development is really developed in “thought units” more so then actual code.

These two facts seem on the surface to be at odds with each other. If software is really developed in “thought units” then why do users and sponsors have more control over the success and failure of the project then the developers?

Coding As Design

I will now explore this question further in a series of posts. But first, we need to look at the concepts of “software design” vs. “software coding”

Rumor has it that software is an engineering discipline and because of that, our industry adopted much of the vocabulary and process used by real engineers. This led to the creation of the both famous and infamous “waterfall methodology” where we pass through water tight stages that start with Requirement Gathering, move on to a documented Design, and then finally Construct what was designed, finishing off with Testing and then Release.

It’s all a bunch of posh, of course.

Actually, despite it’s recent (and partially deserved) bad reputation, the waterfall methodology has a lot to recommend it. To this day, I’ve never come across any methodology, Agile or otherwise, that doesn’t owe a great debt to the Waterfall methodology. So let’s not throw out the baby with the bath water.

However, what we software developers do is not really engineering in the true sense and probably never will be. This is why a strict waterfall approach, which serves so well in other engineering fields, has failed us miserably.

Jack W. Reeves classic article, “What is Software Design?” addresses this directly. (See also this link, for further information.) What Reeves correctly points out is that what we call “Software Design” is not a complete design at all, but is rather what he calls a “high level structural design” yet we treat it as if it’s some sort of complete detailed design (even often calling it “The Detailed Design”).

Now maybe you’re now thinking, “So it’s a high level design instead of a detailed design. So what, who cares?”

Yet, as I’ll show in future posts, this seemingly small distinction might just be the entire difference between understanding the real problems of software development and turning a blind eye to them.

But let’s let Reeves speak for himself. He says:

For almost 10 years I have felt that the software industry collectively misses a subtle point about the difference between developing a software design and what a software design really is. … This lesson is that programming is not about building software; programming is about designing software.

…the software industry has created some false parallels with hardware engineering while missing some perfectly valid parallels. In essence, I concluded that we are not software engineers because we do not realize what a software design really is

A program listing is a document that represents a software design. Compilers and linkers actually build [manufacture or construct] software designs.

…it is cheaper and simpler to just build the design and test it than to do anything else. We do not care how many builds [constructions or manufactures] we do—they cost next to nothing in terms of time.

[The] designs will be coded in some programming language and then validated and refined via the build/test cycle.

Is Programming a Form of Engineering at All?

Reeves questions if Programmers should be called Engineers if they don’t even realize that programming isn’t “manufacturing” or “construction” at all, but is really “detailed design.” But Reeves never quite questions if programming might not be Engineering at all.

But this leaves one uncomfortable. If our industry is full of programmers that do detail design and think they are doing “manufacturing” (i.e. “construction or building of a design”) how could they possibly misunderstand their own engineering discipline so severely?

Agile Maven, Alistair Cockburn, suggests how by questioning the very notion of “software engineering”:

Software development is not “naturally” a branch of engineering. It was proposed as being a branch of engineering in 1968 as a deliberate provocation intended to stir people to new action [Naur-Randell]. As a provocation, it succeeded. As a means for providing sound advice to busy practitioners, however, it cannot be considered a success. After 35 years of using this model, our field lacks a notable project success rate [Standish], we do not find a correlation between project success and use of tidy “engineering” development processes [Cockburn 2003a], and we do not find practitioners able to derive practical advice to pressing problems on live projects. (See link)

Elsewhere, Cockburn points out that the whole notion of “software engineering” was actually just an attempt to provoke less than obvious parallels between programming and true engineering fields. “The term ‘software engineering’ was coined in 1968, in the NATO Conference on Software Engineering,” Says Cockburn, “It is fascinating to read the verbatim reports of that conference and compare what those attendees were saying with what we have created since then.”

He then quotes from that conferences notes on the background of the conference:

The Study Group concentrated on possible actions which would merit an international, rather than a national effort. In particular it focused its attentions on the problems of software. In late 1967 the Study Group recommended the holding of a working conference on Software Engineering. The phrase ‘software engineering’ was deliberately chosen as being provocative, in implying the need for software manufacture to be based on the types of theoretical foundations and practical disciplines, that are traditional in the established branches of engineering.

It may well be time for us to abandon the very notion of “Software Engineering” and to base our development techniques off of some more natural match. Reeves agrees:

In many ways, software bears more resemblance to complex social or organic systems than to hardware.

Ramifications of Software As Design

Rethink, for a moment, how accepting “Coding” as really being “Design” changes the way we think of software development. The ramifications are substantial.

First of all, it means software development, being a design activity, will always change after the requirements gathering and high level design are “completed.” We would no more expect software to merely follow the “original design” (which we now know is only a high level design without all the needed details) then we’d expect Intel to design their next generation process only at a high level and then lock it in permanently. Any attempt to do so would be met with the same sort of frustration that plagues the software industry.

Another ramification is that it often makes sense to “get to coding” (i.e. detailed design) as quickly as reasonable. Contrary to popular belief, not all rushes to code are “hacking.”

Indeed, any methodology that encourages “design” (i.e. high level design) to be simultaneous with “coding” (i.e. detailed design) will be superior to one that doesn’t. This explains the popularity of methodologies such as “spiral,” “rapid prototyping,” and now “agile.”

Furthermore, testing software is actually a design activity as well. It’s how we validate the design details. Thus any methodology (a la Agile) that encourages testing during “coding” will be more successful than one that doesn’t.

Conclusion: It’s All Design

Wait! Did you read that right? Is it really true that design, construction, and testing phases are all really just design?

As Reeves so aptly put it:

The overwhelming problem with software development is that everything is part of the design process. Coding is design, testing and debugging are part of design, and what we typically call software design is still part of design. Software may be cheap to build, but it is incredibly expensive to design.