Einführung in die Softwaretechnik / Introduction to Software Engineering (EIST) – Summer 2024

Course Information

  • Language: English
  • Type: 3V + 2Ü
  • Module: IN0006
  • ECTS Credits: 6
  • Prerequisites: Lab Course – Foundations of Programming (IN0002)
    • Only students who passed IN0002 or a comparable course can participate in this course
    • You must have experience with object-oriented programming in Java
  • TUM Online: You must register for this course in TUM Online before the course starts
  • Contact:
    • Post your questions to the corresponding channels on TUM Zulip.
    • For any formal organization matter, you can contact us at eist24@dos.cit.tum.de. Do not contact instructors at their email addresses! 
  • Time:
    • See TUMOnline for the lecture and tutorial schedule.

Important Information

  • You must have your own computer, and you are required to use it and during the tutor groups!
  • You must have experience with object-oriented programming in Java and with an IDE (e.g., Eclipse, IntelliJ)

Content

Software engineering is the establishment and systematic use of engineering principles, methods, and tools for the division of work, the development, and application of extensive, complex software systems. It deals with the development and production of software, the organization and modeling of data structures and objects, and the operation of software systems.

Almost all modern software systems are designed for and deployed in the cloud. The new curriculum will focus on “software engineering for the cloud.” The lecture will cover ten major topics, among others:

  • Part I: Administrative
    • Introduction to course staff and tutors
    • Organization of lectures, tutorials, homework exercises, and exams
    • Introduction to course tools and text books
  • Part II: Introduction to Software Engineering
    • Explain the basic terminology: software engineering and activities
    • Abstraction
    • System modeling with UML
  • Part III: Course overview
    • Course focus: Cloud software engineering
    • An overview of software engineering activities in the cloud
  • Part IV: Software engineering models
    • Defined (e.g., Waterfall model) and agile methods (e.g., Scrum)
    • Applying agile methods in software engineering projects
    • A note on tactical vs. strategic programming
  • Part I: Introduction to cloud computing
    • What is cloud computing?
    • Why is it important for software engineering?
    • Types of cloud services
      • IaaS, PaaS, and SaaS
    • Types of cloud infrastructure
      • Public, private, and hybrid cloud
  • Part II: Cloud hardware architecture
    • Data center and cloud infrastructure
    • Virtualization:
      • Compute
      • Storage
      • Network
  • Part III: Cloud software systems
    • Introduction to distributed systems
    • The role of distributed systems for cloud computing
    • Fallacies of distributed systems — challenges of distributed systems
    • Remote procedure calls (RPC) via gRPC
    • Serialization and deserialization of structured data using Protbuf
    • Introduce a simple client-server application as an example distributed system
  • Part IV: Software deployment models in the Cloud
    • Workflows, advantages, challenges, use-cases, examples, best practices
      • Baremetal
      • Virtual machines
      • Containers
      • Serverless
  • Part V: “Hello World in the Cloud” w/ Container
    • Understanding the design, implementation, and deployment of a simple cloud application
    • Introducing aspects of container-based (Docker) application development and deployment
 
  • Part I: System design requirements
    • Requirements engineering
    • Stages in requirements engineering
    • Functional vs non-functional requirements
    • Non-functional requirements
      • Scalability
      • Reliability
      • Availability
      • Performance
      • Security
      • Maintainability
      • Deployability
      • Monitoring
  • Part II: Software architectures in the cloud
    • Three-tier architectures
      • Definition of tiers
    • Client-server architecture
      • Communication layer
      • REST
    • Monolithic architectures
      • Architecture overview
      • Deployment models
      • Advantages
      • Limitations
  • Part III: Microservices
    • Microservice architectures
    • Advantages/drawbacks of microservice architectures
    • How to design and build a simple microservice application
    • Google’s Service Weaver: A Framework for Writing Distributed Applications
  • Part I: System design challenges
    • Software complexity and the quest for simplicity
    • Design goals
    • System design trade-offs
    • Hints for computer system designs
  • Part II: Modularity
    • System decomposition into sub-systems/components
    • Subsystem decomposition: Modules
      • Create an initial subsystem decomposition
      • Differentiate between coupling and cohesion
    • Pattern implementation:
      • Facade pattern
    • Interface design
      • Shallow vs deep modules: The trade-offs between interface and functionality
      • General purpose modules are deeper
      • Information hiding (and leakage) principle
  • Part III: Software architecture: Layered architectures
    • Subsystem decomposition: layered architectures
      • Ubiquitous adoption of layered architectures in systems
      • Open vs closed layered architectures
      • Different layers, different abstraction
      • Pulldown the complexity downward
  • Part IV: Data management
    • Data management systems
    • Key-value stores (KVS)
      • In-memory KVS
      • Persistent KVS
    • Filesystems
      • Linux filesystems
    • Shared log
      • Shared log abstraction
    • Databases:
      • Relational databases and SQL
      • Transactions
  • Part I: Security
      • Security engineering
        • Security policies: Threat model and security (CIA) properties
        • Security design principles
          • Least privilege
          • Compartmentalization
          • Isolation via privilege mediation
        • A general recipe for secure system design
        • Access control
          • Access control lists (ACLs)
          • Capabilities
      • Software security in the cloud
        • Security challenges in the cloud
        • Secure systems stack
          • Compute
          • Network
          • Storage
        • Authentication, key management, and attestation
          • Identity and access management (IAM)
          • Key management service (KMS)
          • Remote attestation
  • Part II: Reliability and availability
    • Terminology: System failures, fault types and sources, and properties and metrics
    • Single-node fault-tolerant systems
      • Write-ahead logging for system reliability
      • Issues with a logging-only approach
    • Replication as the general recipe
      • Replication for stateless services
      • Issues with replication for stateful services
    • Replication for stateful services
      • Primary-backup replication
      • State machine replication
  • Part III: Pattern implementation
    • Adapter pattern
    • Observer pattern
    • Strategy pattern
  • Part I: Performance
      • Performance metrics: Latency, throughput, utilization, SLAs
      • A systems approach to designing for performance
      • Measurement-driven approach to build high-performance systems
        • Identifying bottlenecks (time-based profiling)
        • Automated performance profiling tools (Linux perf and flamegraphs)
      • Design hints for performance:
        • Resource splitting
        • Caching
        • Compute in the background
        • Batch processing
        • Parallelism
  • Part II: Concurrency (or Scale Up!)
      • Why Concurrency?
        • Single-node parallelism: multicores, accelerators, smart devices (SSDs/NICs)
      • Process vs threads
      • Thread scheduling
        • Cooperative vs preemptive schedulers
        • Scheduling policies: round robin, fairness-based, priority-based, earliest-deadline first
      • Parallel programming
        • Managing threads: thread spawning, thread pools
        • Communication mechanisms and critical sections
        • Synchronization primitives: Semaphores, mutexes, barriers, readers-writer locks
        • Lock-free data structures
      • Problems with threads
        • Race Conditions
        • Deadlocks, livelocks
        • Starvation
      • Classical synchronization problems
        • Dining philosophers
        • Sleeping barber
      • Parallel programming patterns
        • Fork-join
        • Data-parallel programming pattern w/ barriers
        • Synchronous vs asynchronous
      • Programming accelerators
        • Programming model
        • GPU architecture
        • FGPA architecture
  • Part III: Scalability (or Scale Out!)
    • Why scalability? (Limitations of single-node scaling up!)
    • Challenges of scalability
    • Scalable architectures
      • Primary-worker architectures
      • Differentiation between the control and data paths
    • Scaling stateless applications
      • load balancers
    • Scaling stateful applications
      • Sharding
      • Replication
      • Consistent hashing
      • Secondary indexes
    • Scaling computations
      • Data-parallel programming model (MapReduce)
  • Part IV: Scalable data management
    • Distributed data management systems
      • A generic controller-worker architecture for distributed data management systems
    • Distributed key-value stores (KVS) w/ Sharding
    • Distributed filesystems
    • Distributed shared log systems
    • Distributed databases and distributed transactions
    • Data management in the cloud:
      • Data warehousing with Data Lakes
  • Part V: Pattern implementation
    • MVC pattern
  • Part I: Faults and failures in software
    • Terminology and impact
  • Part II: Software testing
    • Testing overview
      • Black box, grey box, white box testing
    • Unit testing,
      • Apply unit testing with JUnit
    • Integration testing
      • Stubs and drivers
      • Bottom-up, top-down, sandwich integration
  • Part III: Automated large-scale system testing
    • Fuzzing (AFL)
    • Symbolic execution (KLEE, S2E, Angr)
    • System crashing for resiliency (Chaos Monkey)
  • Part IV: Mock testing
    • Test doubles
  • Part I: Program analysis
    • Motivation and terminology
    • Trade-offs: Soundness, completeness, static vs. dynamic analysis
  • Part II: Static analysis tools
    • Compiler warnings/errors
    • Infer
    • Clang Analyzer and Clang Tidy
    • Spotbugs
  • Part III: Brief introduction to C
  • Part IV: Dynamic analysis tools
    • Undefined behavior
    • Memory safety issues
    • Dynamic binary instrumentation
    • Compiler-assisted instrumentation (LLVM)
    • Valgrind
    • Sanitizers (AddressSanitizer, ThreadSanitizer, MemorySanitizer, UBSan)
    • Combining Fuzzing with Sanitizers
  • Part I: Source code management
    • Source code management
    • Version control
    • Branch management
    • Centralized (piper) vs decentralized (git) source code management
  • Part II: Build systems
    • Why a build system?
    • Task-based build systems
    • Artifact-based build systems
    • Distributed builds
    • Dependency management
    • Hermeticity
  • Part III: Release management
    • Release planning
    • Software versioning
    • Software upgrades
  • Part IV: Deployment automation
    • Continuous integration
    • Continuous delivery
    • Continuous deployment
    • Continuous testing/fuzzing w/ OSS Fuzz
  • Part V: Cloud systems monitoring
    • Why system monitoring?
    • Prometheus architecture
    • Metrics types
    • Visualizing metrics w/ Graphana
    • Altering mechanisms
    • An example: Instrumenting a simple HTTP server
  • Part I: Software quality
    • Software quality management
    • Reviewing
    • // Comments
    • Code refactoring
    • Trustworthy software systems
      • Formal verification
      • Code compliance
  • Part II: Project management
    • Project management
    • Work breakdown structure
    • Team organization
    • Communication mechanisms
  • Part III: Exam preparation
    • Exam format
    • Q&A

Teaching and Learning Methods

By means of slide presentations with animations, the interactive lecture introduces the basic concepts and methods of software engineering and explains them using examples. Small exercises, e.g. quizzes, text exercises, and programming tasks, with individual feedback help students to identify whether they have understood the basic concepts and methods.

Accompanying tutorials deepen the understanding of the concepts explained in the lecture by means of suitable team exercises and show the application of the different methods with the help of manageable problems in the different phases of software engineering. Homework enables students to deepen their knowledge in self-study. The presentation of the own solution in the accompanying tutorials improves communication skills, which are essential in software engineering. Individual feedback on homework allows students to measure learning progress and improve their skills.

Media

Lecture with digital slides, live stream recordings, online exercises (programming, quiz, text) with individual feedback, a communication platform for the exchange between instructors, tutors, and students.

Recommended text books

71ryLkyTCYL

Software Engineering at Google

By: Hyrum Wright, Titus Winters, and Tom Manshreck.
Available in the library and also online

philosophy

A Philosophy of Software Design

By: John Ousterhout
Available in the library

securesys

Building Secure and Reliable Systems

By: Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield
Available in the library and also online

microservices

Building Microservices: Designing Fine-Grained Systems

By: Sam Newman
Available in the library and also online (Check Univ’s digital library)

foundati

Foundations of Scalable Systems

By: Ian Gorton
Available in the library and also online (Check Univ’s digital library)

ooo

Object-Oriented Software Engineering Using UML, Patterns, and Java

By: Bernd Bruegge, Allen H. Dutoit
Available in the library

Lecturers

Teaching Assistants (TAs)

Exercise Instructors

Exam Instructors