Everyone who writes safety critical software should read this
Chris
wendlec at tcd.ie
Fri Nov 1 09:36:19 PDT 2013
On Friday, 1 November 2013 at 13:52:01 UTC, Wyatt wrote:
> On Thursday, 31 October 2013 at 21:36:11 UTC, eles wrote:
>>
>> Yeah, maybe is a corporation culture to avoid the term "bug",
>> but we always use the term "change request". Maybe it has a
>> better image :)
>>
> Lately, I've instead been reframing my thinking toward parity
> with Dijkstra. EWD1036 [0] is particularly relevant to this
> topic:
>
> "We could, for instance, begin with cleaning up our language by
> no longer calling a bug a bug but by calling it an error. It is
> much more honest because it squarely puts the blame where it
> belongs, viz. with the programmer who made the error. The
> animistic metaphor of the bug that maliciously sneaked in while
> the programmer was not looking is intellectually dishonest as
> it disguises that the error is the programmer's own creation.
> The nice thing of this simple change of vocabulary is that it
> has such a profound effect: while, before, a program with only
> one bug used to be 'almost correct', afterwards a program with
> an error is just 'wrong' (because in error)."
>
> As a bonus, my experience is it more readily encourages
> management types to accept that fixing them is important.
>
>> Normally, it is assumed that passing the tests proves that
>> specifications are accomplished, so the software is perfect.
>>
>> This, of course, if the tests themselves would be correct 100%
>> and *really* extensive.
>>
> Again from EWD1036:
>
> "Besides the notion of productivity, also that of quality
> control continues to be distorted by the reassuring illusion
> that what works with other devices works with programs as well.
> It is now two decades since it was pointed out that program
> testing may convincingly demonstrate the presence of bugs, but
> can never demonstrate their absence. After quoting this
> well-publicized remark devoutly, the software engineer returns
> to the order of the day and continues to refine his testing
> strategies, just like the alchemist of yore, who continued to
> refine his chrysocosmic purifications."
>
> This passage comes just after he laments that "software
> engineer" had been diluted so thoroughly as to be meaningless.
> (I'd greatly appreciate if this term could be reclaimed,
> honestly. Experience has shown me quite clearly that not every
> programmer is an engineer.)
>
> -Wyatt
>
> [0]
> http://www.cs.utexas.edu/users/EWD/transcriptions/EWD10xx/EWD1036.html
No, not every programmer is an engineer. But not every programmer
writes safety critical code. If Firefox crashes, nobody dies as a
consequence (hopefully!).
More information about the Digitalmars-d
mailing list