ken@ihuxq.UUCP (11/17/83)
the folks who are against a nuclear arms freeze argue so vehemently about the evils of unilateral disarmament? Their points are quite valid, especially concerning the insidious and invidious nature of Russian foreign policy, but I don't understand what that all has to do with a nuclear arms freeze. It seems to me that if we stopped building atomic weapons for a while, even unilaterally, we'd still have enough to scare the Russians with for a long time. Actually, I don't understand why anyone with enough computer smarts to read netnews could dismiss the following scenario: More & more nukes built leads to more & more deployment, closer & closer to the physical borders of each superpower. At some critical distance, the time between launch and impact will be too short to investigate intruder alerts by hand--it will be done entirely by machine. Even now, the alerts are computer generated, but there is sufficient time to review the data. So, when the "friend or foe" decision is reduced to an algorithm, how sure are you that the program (which can't truly be tested in peacetime) will have no bugs? Please don't bring up "War Games." WW III will not be started by a computer with delusions of godhood; it may be started because deep in the guts of some very critical code, some programmer forgot to add a "1", or left out a case entirely. Haven't you? -- ken perlow ..ihnp4!ihuxq!ken bell labs @ naperville, IL
Pucc-H:aeq@CS-Mordred.UUCP (11/18/83)
>WW III will not >be started by a computer with delusions of godhood; it may be started >because deep in the guts of some very critical code, some programmer forgot >to add a "1", or left out a case entirely. Haven't you? This couldn't help but remind me of something I read in Comm. ACM not many years ago. I think it was the Turing Award lecture; and I believe it was given by C.A.R. Hoare. In his lecture, he said that Ada was so complicated and messy (quite contrary to its original design objectives, but what do you expect out of the DoD?) that it was thoroughly unsafe to use for critical applications like defense systems, nuclear reactors, etc.--exactly where it is intended to be used. He urged that everything possible be done to stop the use of Ada, lest the world crash along with the operating system. -- Jeff Sargent/...pur-ee!pucc-h:aeq (not sure on that path address--we just converted to 4.1c, and we can't use UUCP mail the way we did on 4.1 [but that's not my bailiwick to fix])
emjej@uokvax.UUCP (11/24/83)
#R:pucc-h:-36800:uokvax:5000026:000:448 uokvax!emjej Nov 22 08:21:00 1983 Then again, I am working as a member of a group which is porting C to a machine for use by the Air Force, and I shudder to think of code written in a language that permits such reckless manipulation of pointers and coercions winding up in a cruise missile or cruise missile emulation. How about something nasty blowing up because someone writes if (a = b) rather than if (a == b) or uses preincrement instead of postincrement? James Jones
notes@ucbcad.UUCP (12/04/83)
#R:pucc-h:-36800:ucbesvax:7500055:000:1511 ucbesvax!turner Nov 20 17:03:00 1983 I had a different reaction to Hoare's Turing Award essay. He was saying that Ada (tm) was so huge and complex that it would be impossible to verify a compiler to the level of tolerance required in applications like nuclear weapons systems. Well, I say that Ada is a damn convenient target for him, and critics like him--it means that he doesn't have to criticize *programmers*. He need not say to weapons-systems developers "look: how do you know you're smart enough?" He can just ask "how do you know your compiler will carry out your specifications," and thus dodge the issue of the quality of those specifications--and the minds that produced them. That sort of indirect criticism is, I think, self-invalidating. In a way, he *was* criticizing programmers--for thinking that they could properly define and implement Ada compilers. But the examples he gave from his own experience were pretty unconvincing. (I urge everyone who has not read his Turing Award lecture to read it, by the way.) Certainly, he can't argue that systems developed in Ada will be more reliable than the systems currently developed and deployed in assembly language! I think he should have been a little more forthright, even at the risk of offending a larger segment of the CS community. If he really doesn't think that programmers should work on nuclear weapons systems, he should *say* so--not criticize them when they propose order-of-magnitude improve- ments in methodology. --- Michael Turner (ucbvax!ucbesvax.turner)
andree@uokvax.UUCP (12/06/83)
#R:pucc-h:-36800:uokvax:5000036:000:1313 uokvax!andree Dec 4 14:14:00 1983 /***** uokvax:net.politics / ucbesvax!notes / 7:08 pm Nov 30, 1983 */ I think he should have been a little more forthright, even at the risk of offending a larger segment of the CS community. If he really doesn't think that programmers should work on nuclear weapons systems, he should *say* so--not criticize them when they propose order-of-magnitude improve- ments in methodology. --- Michael Turner (ucbvax!ucbesvax.turner) /* ---------- */ The impression I got was that Hoare was upset because Ada (tm) should have been, but WAS NOT, an orders-of-magnitude improvement in methedology. Comments like `I don't want to be on the same planet with ICMB's that have programmer-implemented floating point traps' (that's a paraphrase - I don't have the article in front of me.) I seem to recall comments along the lines of ALGOLW/Pascal having been better for such work than Ada. Whether or not programmers should work on such systems is another question entirely, and calls for answering two related questions: 1) Should ANYBODY work on such devices? If you think this this is morally bad, then the point is moot. 2) If you aren't going to use software to guide them, what are you going to use? If you have answers to number 2 (number one is obviously a moral choice), I'd be interested in them. <mike
rpw3@fortune.UUCP (12/16/83)
#R:pucc-h:-36800:fortune:17300010:000:2347
fortune!rpw3 Dec 16 00:47:00 1983
Ada is not an order-of-magnitude improvement, precisely for the reasons
you have all been skirting: Programmers (you, me, the rest mostly) have
not been consistently using 1/10 of the intellectual tools we have NOW
to do good work. When was the last time you wrote a program of over 250
lines (excluding precompiled libraries) that compiled the first time and
ran the first time and had no reported defects after being actually used
by its target users for six months (DeMarco's criteria for a "zero defect"
program)?
Yet we (the general community of the "best" practitioners) know how to
do that routinely but for politics, old habits, and artificially tight
schedules. I have done it (on rare occasion). It is not easy, nor
comfortable, nor does it give instant feedback to the debugging addict.
It is called "disciplined programming" (since everybody misunderstood
Dijkstra's word "structured"), and its chief mark is the ability to
write down on paper a program and its "proof" of correctness.
(proof = "the cogency of evidence that compels belief by the mind
of a truth or fact" - Webster's 3rd)
The fact is, most people who tout Ada (or any other "solution") are
looking for a magic wand to avoid having to face the fact that
programming is HARD. Since much evidence exists that fewer than 50% of
bugs are found before delivery of the software (including EACH failure
to compile perfectly as one bug), the characteristics listed in the
first paragraph above are exactly what is needed if [**net.politics**]
we wish to, for what ever reason, trust nuclear weaponry to software.
Except, instead of "250 line programs", please read 250,000 or 2.5M
line programs.
I cannot stress enough - we need not so much fancier tools as more
disciplined habits. Why, had I composed this message the way many
programmers code, I would be sending it out full of bugs, for in
reading it before sending, I found many correctly spelled wrong words!
(For example, "due" instead of "do".) As is, I will try to make a point
and send it out without passing it through 'spell'. It is late, I may
make a mistake, but at least I did my human best BEFORE running it
through the marvelous tools.
Rob Warnock
UUCP: {sri-unix,amd70,hpda,harpo,ihnp4,allegra}!fortune!rpw3
DDD: (415)595-8444
USPS: Fortune Systems Corp, 101 Twin Dolphins Drive, Redwood City, CA 94065