A customer of high assurance software recently sponsored a software engineering experiment in which a small real-time software system was developed concurrently by two popular software development methodologies. One company specialized in the stateof-the-practice waterfall method rated at a Capability Maturity Model Level 4. A second developer employed his mathematically based formal method with automatic code generation. As specified in separate contracts, C++ code plus development documentation and process and product metrics (errors) were to be delivered. Both companies were given identical functional specifications and agreed to a generous and equal cost, schedule, and explicit functional reliability objectives. At conclusion of the experiment an independent third party determined through extensive statistical testing that neither methodology was able to meet the user's reliability objectives within cost and schedule constraints. The metrics collected revealed the strengths a...
Carol Smidts, Xin Huang, James C. Widmaier