Contents 1 Program Refinement 1 2 Loop Design 11 3 Fault Avoidance , or Preventing

I Software Engineering II 1 Engineering, as it is properly understood, is not possible for software. An engineer can design a bridge, confident that it will meet its requirements when built. Our theory and tools are not yet good enough to let us build software to this standard of reliability. This course has less ambitious goals. It introduces methods for designing software systematically. It also introduces the emerging theory that may one day make Software Engineering a reality. No textbooks follow this course at all closely. Fundamentals of Software Engineering [7] is similar in spirit and has more content than much larger books. ML for the Working Programmer [12] covers structural induction, used in the last lecture. No past examination questions on Software Engineering are relevant. For the last lecture, try 1993 Paper 2 question 8. There are many exercises below that you can use during revision. Please inform me of errors; I'll acknowledge all corrections.