Subject: Re: engineering counts
From: "Jonathan S. Shapiro" <shap@eros-os.org>
Date: Mon, 22 Oct 2001 22:21:28 -0400

> Are there any papers / new-developer
> guides / manifestos that express explicitly the higher engineering
> standards that you made reference to on the fsb list?

No, and there should be. The process has passed by word of mouth, and grew
out of the earlier process adopted by the KeyKOS team.

It's a good question, and we need to remedy the absence of documentation.

The short version is that absolutely everything we do goes through a public
design cycle before anything goes into the code. It is then re-reviewed
afterword (i.e. the implementation), and with rare (and bad) exceptions we
document the results simultaneous with writing the code, so the code and
docs are kept pretty much in sync. The code itself is heavily assertion
checked, and we are careful to have a thorough understanding of what
constitutes correct behavior before the code is written. The normative
specification is written down -- there is a reasonably complete
specification of the correct behavior for each piece of the system,
including the kernel. Also, we tend to at least informally think through
formal specification strategies before implementing anything that has
externally visible impact on the system specification.

Finally, we keep archives of everything for later reference. If anything,
the problem with the EROS site is not that the design info isn't there, but
that we aren't dilligent enough about marking things obsolete. We need a
scribe.

This process is informally applied, but note that each part reinforces the
others, with the effect that each change is looked at several times. Also,
any really substantive alteration tends to go through a long infanthood
before we code anything. In some cases, design ideas have simmered in a
low-key way for years before we found a way to design/implement that
resolved the issues raised.

All that said, I should add that this isn't a process we impose on anyone
else. but it's definitely a condition for incorporation into the EROS code
tree.

Jonathan

----- Original Message -----
From: "Mark Eichin" <eichin@thok.org>
To: "Jonathan S. Shapiro" <shap@eros-os.org>
Sent: Monday, October 22, 2001 12:05 PM
Subject: Re: engineering counts


> A quick glance at the EROS site turned up a lot of material on the OS
> itself, which makes sense - but I didn't happen upon anything about
> your development methodologies.  Are there any papers / new-developer
> guides / manifestos that express explicitly the higher engineering
> standards that you made reference to on the fsb list?
>