I’m knee deep in some legacy build scripts and realized a few things while I was trying to make sense of the code. This is an outline of some of the those realizations.
When we’re writing code we are performing two distinct types of activities. One is about making assumptions and encoding the assumptions into the structure of the code. The other is about building something on top of the assumed structure. Most bugs are a result of interleaving and confusing the two activities. If we make assumptions that are not reflected in the structure and build on those assumptions then we are writing buggy code. If we build on top of assumptions that are confusing and overlap in different ways then the code by necessity will be confusing.
One way to write better code then is to make assumptions that are as orthogonal as possible and make their structure as obvious in the code as possible. This way when someone else comes along they can see the semantic vectors and structure their code around those vectors. If their changes are incompatible with the existing vectors then making that as obvious as possible will only help them.
So one way to make code better is to “orthogonalize” the semantic vectors by finding the principal vectors/ideas/assumptions. There is no automatic way to do this so you have to use your judgement and figure out what migrations are necessary to make that happen. When I refactor code with the intent of orthogonalizing the semantic vectors I usually end up with more clearly structured code so anecdotal evidence suggests this is a good heuristic.
This analogy with linear algebra though only goes so far and sometimes we also need to bring in a bit of topology into the mix and try to understand when we’re trying to make “discontinuous” changes. Discontinuous changes change the space and fundamental assumptions we were making to structure the code. I’m not aware of any good heuristics for this. Usually people do big bang rewrites but that’s probably because we don’t have a good theory of discontinous changes for code. We don’t have a good topological theory of code so it’s hard to know when changes are continuous vs when they’re not. The closest analogy I know is about database migrations. Migrations can be considered discontinuous changes and they’re about transforming the surrounding code to fit the assumptions of the new migrated schema.
It is unfortunate that most of our tools do not expose the semantic vectors and let us operate with them as first class citizens. As long as it is easier to build with faulty assumptions that’s what programmers will continue to do and we will continue to have legacy code.
Some nerds pride themselves on deep thinking but I think this is the equivalent of being a fashionista in nerd culture. It’s just as much about territorial signaling as anything else. So in that sense nerd culture is just as perverse as the fashion industry in terms of what it values. This is especially prevalent among programmers where “deep thinking” is used as cover for psychological bullying and status jockeying. Security professionals and free software advocates are notorious for using these kinds of tactics.
Berating pragmatic approaches to security and closed source software without trying to empathize with someone who makes those choices is a nice way to surround oneself with a toxic clout of superiority.
The thing to notice here is that these tactics are negatively self-reinforcing. Any sane person eventually stops listening once the veneer of superiority starts to chip away. This leaves the group in an even more toxic state and virtually guarantees the group will eventually become a cult and die out from sequestration. So the group accomplishes none of what it wanted to and in many ways makes it harder for those that follow to associate themselves with the better ideals of what the non-toxic group stood for, i.e. educating people on better security and software licensing practices.
The comments on that twitter thread don’t do a good enough job of explaining what is going on in that picture and why it’s more meaningful than appears at first sight and thought.
There is a common meme in programming circles that small teams are more efficient and productive than large teams but few explanations for why this is the case. This is my take for an explanation.
The cost/benefit tradeoff just can’t be solved for formal methods. There are far cheaper (in time, effort and financial cost) ways to write code with low enough incidences of bugs which are just more practical in almost all cases. Not to mention the fact that if you are manually implementing the code, someone can still just introduce bugs, and if you’re automatically generating the code, there can be bugs in that code generator, or if you’re using an automated verifier ther could be bugs in that. At some point a human had to write some code that can’t be proven to be “correct”.
Formal methods seem great for mathematicians and lousy for everyone who wants to make something productive in a reasonable time frame.
I call this a “goal post” argument and the argument strategy is about drawing an arbitrary boundary that something must be beyond to be valid. In this case the argument is about “trust” but if you break it down you notice it makes absolutely no sense. The author of that comment clearly “trusts” the hardware/CPU running their software. But, if they trust the hardware/CPU then they implicitly trust whatever process created the CPU and the process used to make the CPU was more people and software. So the whole argument collapses and they must trust the software. It’s circular reasoning in another guise.
Now that I’m one of the organizer of the formal methods meetup it has become a bit more clear why most programmers are not familiar with the general landscape of formal methods. It’s mostly a lack of awareness about what is available out there so to help fill in the awareness gap this post is meant to serve as a brief introduction to some of the vocabulary and high level concepts of formal methods.
This post consists of 3 main sections. 1st is about the general concepts and high level classification(s) of formal methods. 2nd is about why we should care about formal methods in software engineering. 3rd is about concrete applications of formal methods and some pointers for how to apply them in day to day software engineering.
Here are rules for a new game. Here is how it compares to some old games and some of the benefits and drawbacks. Here is why you should play and other similar games that you might like.
If you try to change the rules then existing players will treat you with extreme prejudice and strongly (potentially violently) recommend you play some other game.
All games are inherently mutable and meta-games are what keep them “stable”. Somewhat unsurprisingly, no one understands the meta-game logic and all players follow meta-game rules implicitly. Meta-game rules are only ever broken by accident. Cosmic bit flips, if you will, are inevitable.
There is strong suspicion there is more than one meta-game.
There is also strong suspicion meta-game rules are immutable so changing meta-games requires simultaneously changing all the rules which makes it a much bigger discontinuous change than just changing a single rule in a regular game.
In the presence of rigid meta-games it’s easy to imagine why regular games would be an obvious way to experiment with potential meta-game swaps. Meta-players would want reasonable assurance their game changes were “beneficial” to them according to some metric.
Most reasonable game players eventually conclude meta-games and meta-players must exist but it’s hard to know for sure because some reasonable players are willing to admit meta-games without meta-players.
Inspired by https://drewdevault.com/2019/02/18/Generics-arent-ready-for-Go.html.
In the distance, a gradual roar begins to grow in volume. A dust cloud is visible over the horizon. As it nears, the shouts of the oncoming angry mob can be heard. Suddenly, it stops, and a brief silence ensues. Then the air is filled with the clacking of hundreds of keyboards, angrily typing the owner’s opinion about functions, calling conventions, and Assembly. The clans of Algol, Cobol, Fortan, C, Forth, Lisp, and more – usually mortal enemies – have combined forces to fight in what may become one of the greatest flamewars of our time. And none of them read more than the title of this article before writing their comment.
This post has a few goals. One is to outline how to think about a simple imperative process in a declarative language/system like Alloy. Another is to make a case for why this kind of formalization is a worthwhile exercise for software engineers.
Disclaimer: To get the most out of this post you need some familiarity with Alloy syntax otherwise most of it will probably not make much sense. I’ll try to explain things as I go along but promise no mind blowing revelations. As some old person used to say, “There are no royal roads”.