[TUHS] Death by bug
arnold at skeeve.com
arnold at skeeve.com
Mon Jul 12 16:39:01 AEST 2021
"Theodore Y. Ts'o" <tytso at mit.edu> wrote:
> On Sun, Jul 11, 2021 at 03:04:53AM -0600, arnold at skeeve.com wrote:
> > This is why I have purposely stayed away from jobs at companies doing
> > stuff like this. I know I don't write perfect code; I don't want to
> > be responsible for devices that can affect human life. This is also
> > discussed in the new edition of "The Pragmatic Programmer", which I've
> > just finished reading. (Highly recommended.)
>
> We should never be depending on a human being able to write "perfect
> code". Instead, we need to come up with processes so that imperfect
> code doesn't escape into production *despite* the fact that humans are
> fallible. Such processes might include requiring unit tests,
> integration tests, stress tests, etc., requiring code reivews by a
> second pair of eyes, perhaps using formal proofs, having multiple
> implementations of critical algorithms, cross-checking the results
> from those independent implementations, and so on.
>
> The space shuttle used a number of these techniques. It did *not*
> depend on super-human, Über-programmers.
I strongly agree with all that. But given that many places don't use such
practices (especially startups), I prefer not to put myself into
situations where safety of the product depends entirely on the skills
of the programming team.
Arnold
More information about the TUHS
mailing list