1 / 17

Making Students Care (MORE) About Safety

Making Students Care (MORE) About Safety. April 06 Popular Mechanics. "Safer by Design" "The escape system -- essentially the parachute I was sitting on -- would work only if we could get the vehicle into a controlled glide …"

borna
Download Presentation

Making Students Care (MORE) About Safety

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Making Students Care (MORE) About Safety

  2. April 06 Popular Mechanics • "Safer by Design" • "The escape system -- essentially the parachute I was sitting on -- would work only if we could get the vehicle into a controlled glide …" • "CEV's escape system can take my friends out of a bad day at any stage, from liftoff to orbital insertion." • Author: Astronaut Thomas D. Jones

  3. Optimal Control Problem Simulator • How to achieve maximum bath fill at desired temperature while sitting in the tub • A problem for click and clack • cc.awk • cc2.awk • Uses stacks to simulate water in pipes • Uses hashes to implement stacks • Permits user-defined granularity, delta=0.1 • A bug? I don't normally get bugs

  4. A very old problem • for (i=0; i<=max; i+=delta) warmstack[i] = wstemp • Usually my bugs are benign: for (i in array) aindex[array[i]] = 1 bindex[array[i]] = 1 • Forgotten braces easy to detect during programming because program doesn't work • But correctness w.r.t. physics…

  5. A test program • Print i: 0.1, 0.2, …, 1.0, …, 59.9 but not 60 • Integer conversion? No. • Did I wish for stronger typing? No. • A hack: for (i=0; i<=max+delta/2; i+=delta) • Solaris only? No. Awk vs. gawk? No. • Email Arnold Robbins? • Google: "awk & real number precision" • "Old problem with reals & precision" • Even in cs100b: if (x - xalmost < delta)

  6. A test program • Print i: 0.1, 0.2, …, 1.0, …, 59.9 but not 60 • Integer conversion? No. • Did I wish for stronger typing? No. • A hack: for (i=0; i<=max+delta/2; i+=delta) • Solaris only? No. Awk vs. gawk? No. • Email Arnold Robbins? • Google: "awk & real number precision" • "Old problem with reals & precision" • Even in cs100b: if (abs(x - xalmost) <= delta)

  7. July 02 Tech Review • "Why is software so bad[?] -- and how to fix it" • Gates: "If the auto industry had developed like the software industry, we would all be driving $25 cars that get 1000 mpg" • Auto Exec: "And if cars were like software, they would crash twice a day for no reason and when you called for service they'd tell you reinstall the engine."

  8. Componentry? • Bought an xbox on ebay • Power supply "went bad" after one day • "open xbox", part VI (part 4?), Guide To A Dead Power Supply Fuse Replacement (v0.2)

  9. Errors • Are inevitable • # of errors per line of code, per hour of attention • Amount of time to do something regardless of manpower • Must design • for avoidance of flaws • for robustness • to minimize risk • Must test for errors • Me Too? • Bdog linux attack • CMU-FTP AI software -- divide by zero errors? Lockup? • Cgi dependencies?

  10. Isn't OO-ware Componentry? • So too were procedures and library calls • OO probably ok, but… • Middleware • often very complex • hard to get guarantees on black boxes • Other people's code • OO associated with C++ • C++ probably too low-level • OO associated with Java • Probably 10x more errors than hype (that's not good)

  11. Some things I've learned about Saftey while Scripting • You're testing your associative array implementations in c++ while I'm using them • Any sufficiently complicated C or Fortran program contains an ad hoc, informally specified, bug-ridden, slow implementation of half of Common Lisp. — Philip Greenspun (Greenspun's Tenth Rule) • I'm testing while you're coding -- for months • I'm working shorter times on shorter code -- w/focus • Forgetting is the biggest problem in programming • I can probe, debug, and checkpoint a lot easier • If it's critical, I will use programmer discipline • Declared local variables • No shorthand syntax • Attention to types and type conversion • Modularization of functionality • Limits on complexity of pieces

  12. My Hope for Better Correctness • More OO scripting: python, ruby • Fewer languages that have bad outcomes: • Perl (despite its write-friendliness) • "Perl is polluting UNIX" -- rpl • Java (despite its intentions) • "write once, debug everywhere" • More easy languages • php is ok • More use of higher-level easy languages • Stronger fences: unix apps, not libraries • More testing, less teaming • More staged delivery schedules (always by v2.2)

  13. Some Things to Worry About • Classic SE course: celebrated failures: • So and so airport, this NASA that spacecraft • What a racket! Fear and doom, give me money to show you my powerpoints • Microsoft suspended writing code for two months, mass training thousands in security and reliability, showing flawed company code on big screens • Real liability cases, real lawsuits • "Multidata Systems International of St. Louis, massively overdosed patients in Panama in 2000, 2001…" • CMU study of wireless interference with GPS • You could kill yourself & family this month with your dvd player turning itself on by accident in your carry-on

  14. The Analogy to Bridges has Been Poor • One bridge failure != one printer driver update • # of designs / # deployed systems mismatch • Not all software failure results in death • Easier to: • Specify bridge performance requirements • Test bridge functionality at time of delivery • As expectations evolve, not so easy to: • Predict bridge failure after earthquakes • Clean bridges after dirty terrorist bombs • Expand bridge performance to match traffic demand • Design spans to avoid visual blight, criminal activity • Design for impact • Environmental • Economic • Physical

  15. Better Analogies • Cars • Shorter design times, similar time pressure • Many deployed, often recalled, redesigned • Many components interacting • Various levels of risk • BUT: • Longer historical practice, more evolution than revolution (hybirds are AMAZING for amount of newtech) • Much more specialization of work • Many bugs are manufacturing flaws (but this is changing) • How about economic engineering?

  16. RPL's Reality Check • Since software controls nearly all aspects of our lives • Misleading to count massive failures • E.g., better to tally by industry or by type of program or even by platform • Misleading to join all kinds of failures • unavailability != cost overrun != incorrectness != large damages • Counterproductive to generalize across different software purposes • Is architecture still lumped with industrial design? • Do glass-covered spaceframes have the same engineering problems as chairs? • Simulator is about getting it RIGHT • Web is about getting it out right NOW • Cruise missile control is about getting it right THERE

  17. 436S • DO ask yourself to do & to supervise quality engineering • DO consider all the various kinds of failure/success • DO pay attention to software failures in history, in the press, in theory • DO NOT believe in • panacea • easy fix • software religion • (even SE itself?) • DO pay attention to proposals for better practices • DO try to make useful analogies to other kinds of engineering (or other kinds of correct construction) • WE will be having a CFP or two related to • psim certification for wider deployment and • Psim test harnessing

More Related