No Silver Bullet Panel

Workshop: No Silver Bullet

OOPSLA 2007, Montreal
October 22, 2007

Workshop Final Report

There were six main issues discussed during the session:

Issue 1: Reflection on Brooks' Promising Attacks
Issue 2: What are the ways to deal with complexity?
Issue 3: Candidates for "what is the werewolf?"
Issue 4: List of Potential Silver Bullets
Issue 5: Essential versus Accidental Complexity
Issue 6: Some neglected opportunities for significant improvements

Issue 1: Reflection on Brooks' Promising Attacks

There are four specific "promising attacks on the conceptual essence" that are listed in the original Brooks article:

Buy versus build
Requirements refinement and rapid prototyping
Incremental development -- grow, don't build software
Support great designers

The workshop participants think that all four of these promising attacks are still promising today -- and at least one of them is widely used: Buy versus build.

Some reflections on how these attacks are used today:

Buy versus build:
- most "buying" is not "software ICs" -- instead, developers use a more pragmatic "infrastructure plus glue code"
- many small companies buy "components"
- many large companies buy entire systems or "acquire the company"
Requirements refinement, rapid prototyping
- still a lot of waterfall process in large companies
- most prototyping in first phase and first release
Incremental development
- more common in small companies
Support great designers
- Brooks' main suggestions are not being followed
- Designers don't get much recognition
- Mentoring is actively discouraged in most companies
- Career development -- only lip service

Do we have any new promising attacks to add to what Brooks wrote 20 years ago? Yes:

More direct and frequent customer interaction
- this is the biggest lesson learned from Agile development
Develop a good architecture and work to maintain the integrity of the architecture
- this idea has been around since the 1980s, but it has become even more important with increased use of frameworks and components

Issue 2: What are the ways to deal with complexity?

Can we really "avoid" complexity? Or if we try to remove it in one place, it will just pop up somewhere else?

One reality: the world is complex. A lot of requirements come across our desks that are based on things that seem very arbitrary -- government regulations, user fashions, and so on. Can we succeed at simplifying things, or at least cope with complexity?

There are four increasingly mature ways to deal with complexity:

avoid it
neglect it
filter it
embrace it

Workshop participants thing that the last two (filter or embrace) are the only practical ways to deal with complexity. The other two will cause all sorts of problems.

Issue 3: Candidates for "what is the werewolf?"

This question raised a lot of discussion in the workshop. There are three major answers:

complexity
people
communication

Complexity is the natural place to start the blame: in software development we are building systems that are more complex than bridges, refineries, automobiles, and most other products of engineering.

People comes next -- because we are looking for why all of that complexity is present...

It's all those other people -- managers who impose unrealistic architecture constraints and schedule, customers who have impossible requirements
But it is also "us" -- we developers often make bad choices, we want to use our favorite language or tool even if it isn't a good fit
And the software tool vendors and salesmen don't help much... it is said that "vendors and salesman are the allies of the werewolf"
And once we start using the tools, we make things worse -- "any imple system can be made complex with the right tools"

There will be even more people problems in the future, because there is a decline in CS enrollment in universities today -- so there may be a decline in the number of software professionals.

But... we shouldn't blame all of our problems directly on people. We need to learn to cope.

We noted that some of the people issues are related to fear -- fear of failure when you do something different than before, fear of attempting to change and improve your processes and tools.

Communication is often seen as a source of complexity. One issue is that there is a lot of communication that is needed between project team members, but the well-known stereotype of most software developers is "people with no social skills".

Is this an area for improvement? Some would say that if you improved the communication skills of software developers, then productivity would decrease... more time chatting, more time in meetings, less time available for heads-down coding work.

Another related point about team diversity. In some workshop participants' experience, teams of mixed gender (often about 20-25% female) seem to be more "effective" in software development than all-male teams. This in anecdotal, but maybe there is a catalyst effect on communication, or just a self-selecting set of folks who are looking for a more diverse environment also spends more time thinking about design alternatives, quality issues, and other things that go beyond heads-down coding.

We do know that software professionals have differing levels of ability in dealing with abstraction, and that this might manifest itself as a communication issue. If a design model is written to contain 4 levels of abstraction, and the documentation requires working across the levels, there will be some developers who can't deal with "switching levels" in the same way as the developer -- a possible catastrophe.

Issue 4: List of Potential Silver Bullets

We ran a major brainstorming session -- the goal was to show some of the major Silver Bullet candidates of today -- just as Brooks gave a good list in 1987. The list also shows some of the reasons why the technologies and tools have failed to be a good Silver Bullet (or will fail in the future...). If we had to rewrite Brooks' paper today, we would probably select several of these technologies to highlight -- instead of AI, expert systems, graphical programming, and so on.

Here is the initial list of "potential silver bullets" that we took on during the workshop:

High-level languages
Grand unified distributed object infrastructure (CORBA)
Model Driven Architecture (MDA)
Tools and programming environments
Objects
- general
- frameworks and components
- patterns
XML
Agile
Aspects
Open Source
Globalization

1. High-level Langauges:

Probably succeeded
But there has been an inevitable proliferation of languages (which continues today)

2. Grand unified distributed object infrastructure (CORBA)

Didn't succeed because problems and people are diverse
Changeability is more difficult

3. Model Driven Architecture (MDA)

It hasn't completely failed yet
Problems: there is a tension between abstraction and precision

4. Tools / programming environments

Mainly addresses accidental complexity
Some help for essential complexity... if the tool/environment reduces the cycle time enough
Tools sometimes prescribe the wrong process for a problem

Workshop participants discussed some of the examples of bad tools -- ClearCase is one tool that has caused negative reactions.

5a. Objects

Objects mostly address accidental complexity
Objects have allowed us to address a class of harder problems (which in some cases have gone beyond capabilities of objects)
requires some skill in doing abstract
adoption has been slow (Objects in a "minority sport")

5b. Frameworks

Frameworks are related to the "buy versus build"
But evolution of frameworks in smaller domains didn't really happen
- economic model of frameworks is OK for general purpose frameworks
- but not for domain specific -- for example, within a company
- Example:
  - group A creates a framework, others use it
  - group B doesn't want to pay for it
  - executive management moves the framework from group A to group B
  - group B management decides to fold the framework into their application, so it ceases to have a separate existence
So... there is constant pressure to subsume frameworks inside of applications
Some of the most successful frameworks have been Open Source
Frameworks are often misunderstood and misused
Do we always have to start a project by building a framework?
Frameworks have failed because increased "conformity" leads to less flexibility
Some frameworks enforce conformity, some don't. We think that enforcing conformity reduces success.

5c. Patterns

If successful, patterns help "grow great designers" -- but there is always a long lag time to create a great designer
Patterns are easy to misuse
Patterns are not a total replacement for experience

6. Markup languages and XML

Reason for failure: the Semantic Web Mirage -- standardizing syntax didn't standardize semantics
(Great Scott Ambler quote: "if we can have an XML conference, why can't we have a CSV (comma-separated values) conference".

7. Agile

Agile has promoted incremental process (good! -- one of Brooks' promising attacks)
Unfortunately, in the software world, the waterfall culture is dominant, so the effect of Agile has been limited
It is too early to tell whether this will change, and there is a lot of hype
How can we evaluate success (since we don't have a good way to measure the results of a software development process)
Note: many folks just misinterpret Agile as a lack of discipline
Potential long-term problem -- Agile has scalability issues
Positive: Agile promotes better testing (unit tests, more comprehensive evaluation of test results)
Positive: Getting closer toyour customer -- better collaboration
But some people forget the real intent of agility

8. Aspects

It's the wrong abstraction

9. Open Source

Intellectual Property and Liability issues

10. Globalization

Saturation (developer salaries in India are already increasing)
Timezone issues
We can hope that by increasing the number of developers, we might increase the set of great designers.

Issue 5: Essential versus Accidental Complexity

Most of us are not really sure if we understand the distinction between essential and accidental, so we invested some time in reading and thinking about how that term is used.

Most of the workshop participants were thinking that essential versus accidental is still a useful concept, but it has become a "fuzzy distinction" -- hard to judge when something is essential or accidental.

For example, if we are building a system that has some user interaction, and we decide to give the system a fancy user interface, are we adding essential complexity?
One answer: Sometimes we have "chosen" complexity. It is essential if it is providing real value to the user, customer, or stakeholders. It is accidental if it is just something that is making things more complex and chaotic for the developer.

In fact, sometimes the fancier user interface feature is really "essential", but the developers still add some accidental complexity in the process of adding it.

Issue 6: Some neglected opportunities for significant improvements

In the search for "silver bullets" and "promising attacks on the essence", the workshop participants considered some areas outside of the traditional design and coding work:

testing
deployment
requirements

Test automation is one set of technologies that are not used often enough in many software organizations. Some of this is due to inadequate tools and/or training, but a lot of it is just reluctance by managers and technical staff to change current practices.

Deployment is an important part of the software lifecycle which could be made faster and cheaper in many situations. In some organizations, deployment is the biggest bottleneck -- reducing development time may not always result in getting the solution out to the customers faster. This may be a good place to develop new tools and practices.

Requirements iteration is a big problem for many organizations -- when you are working in a domain where the requirements change faster than the developers can work. Good requirements iteration methods might not be a silver bullet, but because of the amplified impact of requirements errors on the downstream processes, this might have a great impact.

Tools that cross over between requirements and test can be most valuable, since good test development practices include linking tests to specific requirements items or use cases. Any improved communication between requirements writers and testers can be a good thing.

Iteration between requirements and architecture is often necessary as well. For example

Initial security requirements may be specified as an enumerated set of threats to protect against plus some text requirements that give specific security characteristics the system must satisfy.
Architects decide on a set of "solutions" -- specific technologies like firewalls -- that will provide adequate protection against the threats.
After the architects finish the initial security architecture, the requirements writers must add to the requirements -- to spell out how the parameters of the chosen architecture will be configured.
There may be future iteration between the requirements and architecture -- due to changes in the threats, upgrades to one of the commercial security frameworks (firewalls), or other changes in the environment (new government regulations, collaboration with newly added subsystems).

So... requirements iteration occurs in many places in modern systems development.