1
00:00:36,040 --> 00:00:41,800
Good afternoon. The
lecture that I'm going to be

2
00:00:41,800 --> 00:00:50,760
giving this afternoon is a
follow-on to an earlier lecture

3
00:00:50,760 --> 00:00:58,000
that I'd given about the RE
reference model developed by

4
00:00:58,040 --> 00:01:00,680
Michael Jackson and Pamela Zave,

5
00:01:02,400 --> 00:01:16,000
which is a way to validate a
system, is with this formula, D

6
00:01:16,440 --> 00:01:24,720
and S entails R. D is domain
knowledge, S is the

7
00:01:24,720 --> 00:01:31,000
specification of the system that
you're building, and R are the requirements

8
00:01:31,000 --> 00:01:36,960
that that system is supposed to
meet. The specification

9
00:01:36,960 --> 00:01:44,640
describes the behavior of a system
 that is intended to realize

10
00:01:44,640 --> 00:01:49,720
the requirement. And the domain
assumptions are needed to

11
00:01:50,000 --> 00:01:57,000
argue that any system that meets
the specifications, such as software,

12
00:01:57,000 --> 00:02:01,760
and manipulates the interface
phenomena as specified, will

13
00:02:01,760 --> 00:02:06,360
satisfy the requirement. So the
way you read this, as I said

14
00:02:06,400 --> 00:02:12,400
is... if the main assumptions
hold and the specifications

15
00:02:12,400 --> 00:02:16,720
hold, that entails the holding
of the requirements.

16
00:02:17,800 --> 00:02:24,040
Okay, so let's now switch to
today's topic. I'm gonna be

17
00:02:24,040 --> 00:02:31,160
describing my self administered
haircut during the COVID-19

18
00:02:31,760 --> 00:02:40,160
lockdown of the summer of 2020.
This describes the haircut that

19
00:02:40,160 --> 00:02:48,280
I did during the lockdown when
it was not possible to get a haircut,

20
00:02:48,280 --> 00:02:55,320
and people were letting their
hair grow sort of like Rip Van

21
00:02:55,320 --> 00:03:05,960
Winkle. Except that we weren't
sleeping. Okay, now so by the

22
00:03:05,960 --> 00:03:12,080
second month of the 2020
COVID-19 lockdown, I, like a

23
00:03:12,080 --> 00:03:16,520
whole lot of other people,
needed a haircut. In fact, I

24
00:03:16,520 --> 00:03:20,480
mean, the problem was that I
hadn't gotten one just as the

25
00:03:21,320 --> 00:03:27,920
lockdown came, so I already had
three months of hair growth. Now

26
00:03:27,920 --> 00:03:33,680
my normal haircut is a simple
all around cut done with a

27
00:03:33,680 --> 00:03:40,040
clipper with a one inch riser,
making every hair exactly one

28
00:03:40,040 --> 00:03:45,920
inch long and not trying to hide
my growing baldness by letting

29
00:03:45,960 --> 00:03:49,920
some hairs be longer than one
inch, so that they would cover

30
00:03:49,920 --> 00:04:00,200
the bald area. I'm not one of
those. I do have the barber trim

31
00:04:00,200 --> 00:04:06,840
the edge of the hair to clean
lines causing the hairs near the

32
00:04:06,880 --> 00:04:11,160
edge to be shorter than one
inch. But for the most part

33
00:04:11,200 --> 00:04:22,240
everything is exactly one inch
long. Now, I thought of this as

34
00:04:22,240 --> 00:04:27,280
an engineering problem. I got to
thinking, maybe I could give

35
00:04:27,280 --> 00:04:32,920
myself a haircut using a
purchased clipper with a one

36
00:04:32,920 --> 00:04:43,240
inch riser. So being a nerd, a
geeky engineer at heart, I

37
00:04:43,240 --> 00:04:47,840
decided to approach the problem
of cutting my own hair as an

38
00:04:47,840 --> 00:04:52,040
engineering problem. And I'm
not- I'm not joking. Really.

39
00:04:54,080 --> 00:05:00,360
Okay, now, first I determine the
statement of the requirements R

40
00:05:00,680 --> 00:05:04,520
that is applicable to me in
normal times, prior to the

41
00:05:04,520 --> 00:05:15,920
lockdown, and they are... okay,
the two part-requirement: A,

42
00:05:15,920 --> 00:05:22,040
every hair on my head, except
near the edge of the hair is cut

43
00:05:22,040 --> 00:05:30,400
to exactly one inch, 25
millimeters. And B, every hair

44
00:05:30,600 --> 00:05:37,640
hanging over the edge of the
hair is clipped to form a clean

45
00:05:37,720 --> 00:05:43,160
edge line. Now, now, these are
written in natural language,

46
00:05:43,800 --> 00:05:48,400
obviously ambiguous, however, I
think we all understand what

47
00:05:48,440 --> 00:05:52,320
they mean and we're going to be
operating on that understood

48
00:05:52,320 --> 00:05:58,680
meaning. As will happen in real
life when you don't require

49
00:05:58,920 --> 00:06:00,800
specifying things formally

50
00:06:01,320 --> 00:06:13,240
with mathematics. So, first, I
determined the specification S,

51
00:06:13,240 --> 00:06:17,720
a statement that is applicable
to me in normal times, that is,

52
00:06:17,880 --> 00:06:24,720
before the lockdown. Okay, so S
consists of two clauses and

53
00:06:24,760 --> 00:06:32,320
sequentially... the barber cuts
every hair on my head using the

54
00:06:32,320 --> 00:06:38,400
clipper with a one inch riser,
and then, the barber clips

55
00:06:38,760 --> 00:06:42,800
every hair hanging over with the
edge of the hair

56
00:06:43,440 --> 00:06:51,200
to form a clean edge line using
a clipper without a riser. Now,

57
00:06:51,880 --> 00:07:04,080
does S entail R? Yes! I mean, if
a barber does what S specifies

58
00:07:05,800 --> 00:07:15,480
then these requirements are
going to hold. Now, does it

59
00:07:15,720 --> 00:07:23,080
require a domain assumption? Not
really, other than the fact that

60
00:07:25,120 --> 00:07:28,560
the clipper must continue to
function during this thing,

61
00:07:29,400 --> 00:07:34,440
power to the clipper must
function... okay, but that, I

62
00:07:34,440 --> 00:07:38,040
mean with every computer based
system the assumption is that

63
00:07:38,040 --> 00:07:45,040
the computer continues to run.
That every hair on my head is at

64
00:07:45,040 --> 00:07:50,880
least one inch long, so if you cut
it, it can be exactly and you

65
00:07:50,880 --> 00:07:55,800
have nothing less than one inch
that doesn't get cut. And of

66
00:07:55,800 --> 00:07:59,640
course, all the usual tacit
assumptions that are true for

67
00:07:59,640 --> 00:08:04,640
every haircut. But nothing
really special for this thing.

68
00:08:07,400 --> 00:08:12,560
Now, during the lockdown I
couldn't go to a barber and I

69
00:08:12,560 --> 00:08:17,480
was living with no one else who
might play the role of barber in

70
00:08:17,480 --> 00:08:23,280
my bubble. So I needed to see
achieved the same R with a new S

71
00:08:23,280 --> 00:08:28,480
prime in which the one who's
doing the cutting and clipping

72
00:08:28,600 --> 00:08:36,240
is I. Okay, and that is, the S
prime is, I cut every hair on my

73
00:08:36,240 --> 00:08:42,960
head to exactly one inch long
and, and maybe not in the same

74
00:08:42,960 --> 00:08:48,680
order, I clip every hair hanging
over the edge of the hair to

75
00:08:48,680 --> 00:08:57,960
form a clean edge line, as
before. Hmm, this points out a

76
00:08:57,960 --> 00:09:05,120
hidden domain assumption, a
conjunct of D, a tacit one that

77
00:09:05,160 --> 00:09:11,360
I overlooked, and that is
whoever operates the clipper can

78
00:09:11,360 --> 00:09:18,080
see what he or she is doing, so as
to cut everything that should

79
00:09:18,080 --> 00:09:27,400
be cut and to not cut anything
that should not be cut. Now.

80
00:09:29,120 --> 00:09:36,560
Believe it or not, I cannot see
what I'm doing behind my head. I

81
00:09:36,560 --> 00:09:41,120
know every teenager thinks
parents have eyes in the back of

82
00:09:41,120 --> 00:09:51,320
their head but I do not. So D
does not hold when I operate the

83
00:09:51,320 --> 00:10:01,440
clipper. So, is there a way to
achieve R, with an S prime that

84
00:10:01,440 --> 00:10:05,520
works even if the clipper
operator cannot see what he or

85
00:10:05,520 --> 00:10:12,600
she is doing? Now I've seen some
sorry results of self-haircuts.

86
00:10:13,680 --> 00:10:17,680
I mean, there were places where
he or she cut too short,

87
00:10:18,200 --> 00:10:22,680
including bald spots. There were
places that he or she cut too

88
00:10:22,680 --> 00:10:28,640
long. And I wanted to avoid
this, quote, "new look", no

89
00:10:28,640 --> 00:10:37,800
matter how "in" and "cool" it is
these days. Okay, so, I began to

90
00:10:37,960 --> 00:10:42,520
think more along engineering and
of course, there are the

91
00:10:42,520 --> 00:10:47,720
concepts of recall and
precision. Recall is the

92
00:10:47,720 --> 00:10:51,520
percentage of the right stuff
that's found by any software

93
00:10:51,520 --> 00:10:55,680
tool. And precision is the
percentage of the found stuff

94
00:10:55,720 --> 00:11:04,320
that is right stuff. Now,
clipping has 100% precision if

95
00:11:04,320 --> 00:11:12,040
no hair on the head is cut
shorter than one inch, in my

96
00:11:12,040 --> 00:11:17,800
case, and a clipping has 100%
recall if no hair on the head is

97
00:11:17,800 --> 00:11:26,200
left longer than one inch. So what I
need is 100% recall and 100% precision.

98
00:11:28,240 --> 00:11:36,720
Now, the presence of a one inch
riser guarantees, on the clipper

99
00:11:36,720 --> 00:11:41,600
that is, guarantees 100%
precision. With the one inch

100
00:11:41,800 --> 00:11:46,560
riser, there's no way to cut any
hair shorter than an inch long.

101
00:11:47,760 --> 00:11:52,040
Okay, I mean, the riser keeps
the clipper one inch away, so

102
00:11:52,120 --> 00:11:58,880
okay. But of course. So any hair
originally longer than one inch,

103
00:12:00,080 --> 00:12:05,480
that misses meeting the clipper,
because the clipper operator

104
00:12:05,480 --> 00:12:10,280
cannot see what he or she is
doing and misses some spots with

105
00:12:10,280 --> 00:12:14,880
the clipper, or the hair is bent
or something, will be left

106
00:12:14,880 --> 00:12:23,440
longer than one inch. So 100%
recall cannot be guaranteed in

107
00:12:23,440 --> 00:12:28,640
any clipping even though 100%
precision can be. Now.

108
00:12:30,920 --> 00:12:37,000
So, engineering thinking again.
Maybe an iterative approach

109
00:12:37,840 --> 00:12:44,160
would work, that is, you have a
loop until a condition is met.

110
00:12:45,160 --> 00:12:52,560
Okay, the body of the loop is: attempt
to cut every hair with multiple sweeps

111
00:12:52,560 --> 00:12:57,360
over the hair-covered part of my
head, using a clipper with a one

112
00:12:57,360 --> 00:13:03,400
inch riser. And you keep doing
this until what falls to the

113
00:13:03,400 --> 00:13:11,840
floor indicates that no new hair
got clipped in the just finished

114
00:13:11,960 --> 00:13:21,600
attempt. Now, with each
iteration, the recall should get

115
00:13:21,600 --> 00:13:28,920
closer to 100%, and we can
decide to accept that after

116
00:13:28,920 --> 00:13:35,720
three consecutive times, that no
new hair gets clipped in a

117
00:13:35,760 --> 00:13:44,040
sufficiently covering iteration,
the recall IS accepted as at 100%.

118
00:13:45,160 --> 00:13:51,200
Now the improvement to the
recall of any iteration can be

119
00:13:51,240 --> 00:13:57,120
increased by fluffing up my hair
with a comb at the beginning of

120
00:13:57,120 --> 00:14:01,880
the iteration to reduce the
number of hairs that are not

121
00:14:01,960 --> 00:14:05,920
sticking up straight and are
missed by the clipper.

122
00:14:07,800 --> 00:14:18,720
So, this leaves an iterative S
prime, uh, X prime and then Y prime.

123
00:14:19,440 --> 00:14:26,360
Okay, X prime is this loop:
after fluffing up my hair with a

124
00:14:26,360 --> 00:14:30,880
comb, attempt to cut every hair with
multiple sweeps with the hair clipper,

125
00:14:32,120 --> 00:14:36,360
covered part of my body, using a
clipper with a one inch riser,

126
00:14:36,840 --> 00:14:41,960
until, for a third consecutive
time, what falls to the floor

127
00:14:42,000 --> 00:14:46,040
indicates that no new hair gets
clipped in the just

128
00:14:46,160 --> 00:14:50,480
finished attempt. Okay,

129
00:14:51,960 --> 00:14:59,960
that should work. Now, this X
prime, of course, takes care of

130
00:14:59,960 --> 00:15:08,440
the requirement A. I mean if I
follow this procedure, then I

131
00:15:08,440 --> 00:15:17,000
don't need to have the person
seeing, or operating the clipper

132
00:15:17,000 --> 00:15:22,520
can see everything, the
iteration takes care of that.

133
00:15:22,720 --> 00:15:28,400
So, X prime should entail R
without any domain assumption.

134
00:15:29,560 --> 00:15:35,000
Now what about the requirement
B, of trimming the edges? I

135
00:15:35,040 --> 00:15:39,240
don't see any way to guarantee
that I will cut every hair that

136
00:15:39,280 --> 00:15:42,960
should be cut. And more
importantly, I don't see any way

137
00:15:42,960 --> 00:15:48,080
to guarantee that I won't cut
off too much. I really need to

138
00:15:48,080 --> 00:15:57,520
see what I'm doing. And there's
no way to have something that

139
00:15:57,800 --> 00:16:03,120
allows me to safely do what I
have seen and be sure that I'm

140
00:16:03,120 --> 00:16:08,400
gonna get it. So, I decided that
I will abandon B as not

141
00:16:08,400 --> 00:16:13,480
achievable if I'm cutting my own
hair. So I'm weakening the

142
00:16:13,480 --> 00:16:18,280
requirement in order to obtain
something that is achievable

143
00:16:18,480 --> 00:16:21,240
with the proposed iteration.

144
00:16:23,840 --> 00:16:29,000
And this is an example of
weakening the requirement in

145
00:16:29,000 --> 00:16:34,520
order to make the existing S
strong enough to entail the new

146
00:16:34,520 --> 00:16:43,160
weakened requirement. Now, so
the final S prime entails R

147
00:16:43,160 --> 00:16:51,600
prime. R prime is every hair on
my head is cut to exactly one

148
00:16:51,600 --> 00:16:59,120
inch long, even the edge stuff.
And then the specification is

149
00:16:59,120 --> 00:17:04,560
this loop: so after fluffing up
my hair with a comb attempt to

150
00:17:04,560 --> 00:17:09,160
cut every hair with multiple
sweeps of the hair-covered part

151
00:17:09,160 --> 00:17:13,040
using a clipper with a one inch
riser, until for a third

152
00:17:13,040 --> 00:17:16,280
consecutive time what falls to
the floor indicates that no new

153
00:17:16,280 --> 00:17:25,760
hair gets clipped in the just
finished attempt. Okay. So, now,

154
00:17:25,760 --> 00:17:34,960
so the key lemma of the
validation is-- okay. Now, coming

155
00:17:34,960 --> 00:17:41,320
from that recall and precision
analysis, this analysis proves

156
00:17:41,320 --> 00:17:45,560
that the assumption, whoever
operates the clipper can see

157
00:17:45,560 --> 00:17:50,720
what he or she is doing, so it's
to cut everything that should be

158
00:17:50,720 --> 00:17:56,400
cut, and not to cut anything that
should not be cut, does not need

159
00:17:56,400 --> 00:18:01,960
to hold because the iteration
guarantees that everything that

160
00:18:01,960 --> 00:18:08,440
should be cut is cut and the one
inch riser guarantees that

161
00:18:08,440 --> 00:18:19,040
nothing is cut that should not
be cut. Okay. So, we now have a

162
00:18:19,040 --> 00:18:28,120
validation: S entails R. Now,
observe how a thorough analysis

163
00:18:28,120 --> 00:18:33,360
of the D, S and R before
implementation started assured me

164
00:18:33,360 --> 00:18:39,120
that the implementation would
proceed as expected. Okay. This

165
00:18:39,120 --> 00:18:43,200
is what every requirement
engineer should do, and that is,

166
00:18:43,200 --> 00:18:52,240
thoroughly analyze it before giving
the S to be implemented. But of course,

167
00:18:52,240 --> 00:19:02,880
more was needed, guess what. I
had to do an inspection. I ended

168
00:19:02,880 --> 00:19:09,560
up showing what I have done to
other geeks. I showed my analysis

169
00:19:09,560 --> 00:19:15,240
to all my kids who are geeks,
and to my- some geeky friends,

170
00:19:15,480 --> 00:19:21,080
in an attempt for them to find
flaws in my reasoning. None

171
00:19:21,080 --> 00:19:26,320
could find any, but each warned
me of a lousy outcome

172
00:19:26,480 --> 00:19:31,160
nevertheless, like good
engineers who understood

173
00:19:31,840 --> 00:19:38,480
Murphy's Law. Now, these
showings to other geeks were

174
00:19:38,480 --> 00:19:44,280
none other than inspections of
my requirements analysis. Now,

175
00:19:45,360 --> 00:19:56,200
it worked! Okay, now, the first
time I gave the lecture, I mean,

176
00:19:56,320 --> 00:20:11,760
I captured a video of me showing
people that it had worked. Okay,

177
00:20:12,240 --> 00:20:20,480
so the self-administered haircut
itself required 14 iterations

178
00:20:21,560 --> 00:20:25,960
and took about a half hour
altogether including the time to

179
00:20:25,960 --> 00:20:32,920
sweep up the fallen hair. Now,
I'm going to show you

180
00:20:32,920 --> 00:20:37,760
photographs taken during the
haircut and a videotape from

181
00:20:37,760 --> 00:20:43,120
three weeks later, to show you
that the haircut achieved what

182
00:20:43,120 --> 00:20:47,760
was finally required... no less
and no more.

183
00:20:51,240 --> 00:21:02,640
Okay, so here's me with the overgrown hair.

184
00:21:02,640 --> 00:21:07,080
You can see that it's longer than what I have now.

185
00:21:07,080 --> 00:21:14,760
I got a hair cut now... four
weeks ago, yeah. Okay, this is

186
00:21:14,760 --> 00:21:20,880
me actually doing it. And you
see that we've got me having

187
00:21:20,880 --> 00:21:24,200
fluffed up the hair with a comb.

188
00:21:28,200 --> 00:21:36,880
Okay, now here's the final
result. From the front. From one

189
00:21:36,880 --> 00:21:48,000
side. A selfie from the back.
Here's the hair on the floor,

190
00:21:48,880 --> 00:21:54,000
there's the clipper with the
blue one inch riser there.

191
00:21:56,360 --> 00:22:02,440
Okay, now I'm gonna end the
share of these slides and show

192
00:22:02,440 --> 00:22:08,000
you the video. So hang on, don't
go away.

193
00:22:23,520 --> 00:22:25,600
Okay. 

194
00:22:42,480 --> 00:22:53,880
Well, I'm looking at my hair about 
three weeks after the haircut that I

195
00:22:54,000 --> 00:23:01,080
administered to myself. You can
see that, from the front and the

196
00:23:01,080 --> 00:23:10,240
top, it's what it should be.
Even from the side, it's what it

197
00:23:10,240 --> 00:23:19,240
should be. Now, my head to me
is like the moon: I've never

198
00:23:19,240 --> 00:23:28,040
seen the other side, the side
that's always facing away from

199
00:23:28,040 --> 00:23:35,880
my eyes. So I'm gonna turn
around so that you can see the

200
00:23:35,880 --> 00:23:44,040
back, and in particular, you can
see the edge, the bottom edge of

201
00:23:44,040 --> 00:23:49,680
the hair on my neck, you should
be able to see that it was not

202
00:23:49,680 --> 00:24:01,080
done too properly, which is what
I planned, not to even try to do

203
00:24:01,080 --> 00:24:11,000
that. So I'm gonna turn around
now. So I believe that you can

204
00:24:11,000 --> 00:24:20,200
see, right now, I can't tell
that it's working correctly, but

205
00:24:20,440 --> 00:24:25,920
I'm assuming that I didn't move
too much in my chair, so I

206
00:24:25,920 --> 00:24:32,800
should be visible. Now, I'm
going to stop the recording.

207
00:24:46,840 --> 00:24:53,800
Okay, so that completes this
lecture. I hope you enjoyed it.

208
00:24:55,480 --> 00:24:56,680
Thank you for listening.