Design Article
Optimistic Programming
Jack Ganssle
4/22/2008 4:40 PM EDT
1+1=2 only when everything works perfectly. Do your programs work perfectly all of the time? The evidence suggests that most of us create imperfect code. Lots and lots of bugs.
Yet when writing the code, we labor under the assumption that there will be no bugs. Bugs are largely treated reactively: Chase 'em down when they appear rather than anticipate how they may arise and appropriately taking defensive action.
1+1!=2 if any of the parameters are globals and a reentrancy problem stomps on part of a value. Badly encapsulated data has the same problem. A null pointer passed to a summing function can return utterly unpredictable results.
Apparently, gauged by the code I see, none of us has ever dereferenced a null pointer.
I read a lot of code. Most is horribly optimistic. We assume malloc() won't fail (how often do you see malloc()'s error return tested?). Functions never get passed a bad pointer or incorrect data. That divisor in the drug delivery device will never be zero right? If it is the patient might get the buzz of his life. Stacks are always correctly sized. The A/D won't fail, a cold solder joint won't corrupt input data, and buffers never overflow.
Last year six F-22s bound from Hawaii to Japan lost all their avionics when crossing the International Date Line. They had to follow their tanker back to Hawaii. No doubt the sudden change in longitude wasn't anticipated in the requirements, nor were protective measures against silly results taken in the implementation.
The maiden flight of Ariane 5 failed when a 64 bit float, converted to an integer, caused an overflow. Any such conversion would scare most of us, and I hope that fear would translate into an overflow test.
For 50 years programmers have been advised to check the goesintas and goesoutas. But we don't. Here's a short gallery of what results.
Jack G. Ganssle is a lecturer and consultant on embedded development issues. He conducts seminars on embedded systems and helps companies with their embedded challenges. Contact him at jack@ganssle.com. His website is www.ganssle.com.
|
|
|
|
|
vocaro
4/22/2008 7:13 AM EDT
What exactly is wrong with the Google Maps picture? I don't see the problem.
Sign in to Reply
Echander
4/22/2008 10:13 AM EDT
I'm guessing the 39 degrees, 19 minutes and 60 seconds is a bit strange.
Sign in to Reply
Paul L at QNX
4/22/2008 10:45 AM EDT
It isn't just programmers. The "it should just work" mentality seems to be hardwired into people. Take, for example, a conversation I had with a former landlord after he did some repairs in my apartment:
"So, John, did you fix the faucet in the bathtub?"
"Yup."
"That's funny, 'cause I just tried it and it doesn't work."
"Well, it should."
"John, did you try using the faucet after you fixed it?"
"No."
Sign in to Reply
Tom Maz
4/22/2008 1:34 PM EDT
What's wrong with the Google map is the negative 76 degrees figure. To be technically correct, latitude and longitudes should be specified north, south, east and west. The equator defines the north/south boundary, and the Greenwich meridian the East/West boundary.
Sign in to Reply
JackGanssle
4/23/2008 8:16 AM EDT
The problem with the Google maps picture is that the latitude was converted to 19' 60",
which is mathematically correct but absolutely wrong. 60 seconds of arc must roll over to 59, just like seconds of time.
Jack
Sign in to Reply
Tom Maz
4/23/2008 12:15 PM EDT
Doh! I missed the 60 seconds part, but I was surprised to find after looking it up that negative is the agreed upon nomenclature for West longitude and South latitudes. And another reason to verify your quotations.
Sign in to Reply
Dave Smart
4/24/2008 7:16 AM EDT
Early in my career, I wrote programs that worked. What I hadn't yet learned was to write programs that wouldn't fail. For sure that takes more thought, effort, time, and resources - which as managers we're often reluctant to give. It seems we generally get what we pay for and not a lot more.
Sign in to Reply
CGates
4/24/2008 1:13 PM EDT
"Tropical Breeze Analyst"
I love it!
I always wanted to get a government grant to do statistical analysis on the variance and distribution of those little drink umbrellas that are stuck in the pineapple drink garnish that the waiters bring you on the beach.
I think that "properly written up" I could get the government to pony up the money for this valuable research! There has to be a "tropical beverage" lobby group somewhere?
But after seeing your title I realize that I have missed a whole field of important research while consuming tasty beverages on the beach!
Sign in to Reply
Goodkind1
4/25/2008 9:32 AM EDT
Does anyone know of a good read on how to take appropriate defensive measures?
Sign in to Reply
sleibson
4/25/2008 5:33 PM EDT
I don't see what's wrong with the Walgreen's temperature sign. It's just getting ready for global warming.
Sign in to Reply
amritanshuj
4/28/2008 1:02 AM EDT
Checking for overflow and proving its correctness used to be a pet interview q. unfortunately not a lot of candidates got it right :(
Sign in to Reply