From Black Box to Grey Box?

In the previous post, "The reliability problem in a nutshell", the pessimistic assumption was made that each program component could interact with any other component. This resulted in the exponential factor pN, with N equal to the number of components and p equal to the probability that a component is bug free.

Dijkstra's remedy to the reliability problem was to structure his programs internally in order to avoid the exponential factor. That is, he wanted to introduce and exploit program structure in order to guarantee program correctness. To do so, he dismissed the classical black-box view of a program, with inputs being miraculously transformed into outputs. Instead, he wanted to use a grey-box model —though Dijkstra did not use these specific words in his writings. A "white-box model", incidentally, denotes the other unwanted extreme in which all (and too many) details are exposed.

Instead of accepting the black-box approach and, therefore, using debugging and testing facilities, Dijkstra chose to abide by his grey-box approach. That is, he wanted to construct an internally-structured program that was a priori correct; testing and debugging would not be needed! In his own words:

This function of the mechanism's internal structure opens a new way to attack the reliability problem. Once we have seen that the confidence level can only be reached by virtue of the structure of the mechanism, that the extent to which the program correctness is not purely a function of its exernal specifications and behaviour, but depends critically upon its internal structure, then we can invert the question and ask ourselves "What forms of program structuring can we find, what elements of programming style and what forms of discipline, all for the benefit of the confidence level of our final product?". [EWD303]