Channels ▼

Cameron and Tracey Hughes

Dr. Dobb's Bloggers

Respectfully, Failure is not an Option

October 27, 2010

We suggest really, really understanding the software infrastructure and architecture of the existing application prior to engaging in any parallel programming retrofitting efforts. Of course, this prompts emails to me and Tracey about the reality of costs and bottom lines and lots of talk about being practical and competing with overseas developers. We haven't even got to the formal methods yet, and we're hearing from bean counting nay sayers. We hear this kind of talk just too much."We're not trying to save the world here", "This is not a mission critical application", "We have a budget and deadlines to meet", "We simply can't afford the delay", "Maybe it'll be more cost effective if we just outsource the whole thing". That's one of the problems with software development. We'll accept and live with compromises that no other science or engineering field would tolerate. Make no mistake about it, software development has both an engineering and science component. It's to complex not to!

We've been giving talks on the use of formal methods in the process of adding parallelism or massive parallelism to an existing system, or when building a new system. Much of the feedback we get starts out with "Formal methods are only for large high-integrity systems", "This is not that kind of application", "This is not that kind of system", " We don't have the time, money, or manpower", "That's for mission critical systems". Poppy Cock! One man's piece of useless or barely useful data is another man's mission critical life saving information. We could be talking about grocery bill totals, student report cards, vacation days left, water bills, paternity tests, outstanding parking tickets, etc. A wrong answer in any one of those could mean life or death for someone, somewhere. I can remember a time where if my report card contained an 'F' where it should have had an 'A', we'd be talking about calling hours and whose gonna play Taps. My father was a demanding man. We can't put a price on someone else's information or service. It may not seem mission critical to you, but it may be to the end user (for whatever reason).

A law enforcement officer notices a car has a broken tail light. He enters the vehicle's license and up comes a list of erroneous outstanding parking tickets, the officer pulls the vehicle over, and ends up taking the driver to the station to work things out. In the mean time the driver is not their to pick up his autistic child from school. Because the father always makes it to pick up the child, the last person out of the building locks doors, turns off the lights and leaves the child standing in front of the school waiting on the father. Of course something happens to the child. Naturally there is blame to go around in this situation, but some piece of poorly designed software assigned parking tickets to a motorist that had none. These erroneous tickets turned what probably would have been a warning from the officer into a trip to the station, which created a crisis situation for the autistic child. Folks, this is watered down version of a true event. How harmless can a parking ticket report be?

As software engineers, architects, and developers, we have a moral and ethical responsibility to society and ourselves to produce software that is correct, reliable, robust, and safe. All systems, all applications have the potential to be mission critical if the right or wrong conditions arise. If formal methods, formal specifications, and software engineering techniques will guarantee the highest quality software possible, then that's what we have to use. Software development has its challenges as it is. When we introduce parallel programming into the mix we dramatically increase those challenges. It is software engineering malpractice to let end-user budgets, deadlines, profits, or threats to put us in the position of knowingly compromising software correctness, reliability, robustness, or safety. The engineering and the science is what it is. It is our charge to produce software that does not fail. That's a tall order, and to achieve it, we have to use whatever tools and techniques at our disposal that it takes. These tools necessarily include formal methods, specification, and software engineering. In response to some of the e-mail that we've received, we hear you, we understand where you're coming from, but respectfully, sir, maam, from where we stand, 'failure is just not an option'. At least for us it's not. We can't knowingly produce faulty software. That's unethical, immoral in some cases it should be illegal. Keep tight, maybe we'll convince you ...

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.