From: "G. Branden Robinson" <g.branden.robinson@gmail.com>
To: Theodore Ts'o <tytso@mit.edu>
Cc: Alejandro Colomar <alx.manpages@gmail.com>, TUHS <tuhs@tuhs.org>
Subject: [TUHS] Re: [TUHS]: C dialects (was: I can't drive 55: "GOTO considered harmful" 55th anniversary)
Date: Mon, 13 Mar 2023 22:06:07 -0500 [thread overview]
Message-ID: <20230314030607.ermpipkakhassitv@illithid> (raw)
In-Reply-To: <20230314024923.GN860405@mit.edu>
[-- Attachment #1: Type: text/plain, Size: 2586 bytes --]
At 2023-03-13T22:49:23-0400, Theodore Ts'o wrote:
> As an OS engineer, I deeply despise these optimization tricks, since I
> personally I care about correctness and not corrupting user data far
> more than I care about execution speed ---- especially when the parts
> of the kernel I work on tend not to be CPU bound in the first place.
Alex has heard me say this before.
In the U.S., civilian air traffic controllers have a maxim.
Safe, orderly, efficient.[1]
You meet these criteria in order from left to right, and you satisfy one
completely, or to some accepted, documented, and well-known standard
measure, before you move on to the next. The obvious reason for this is
that when aircraft meet each other at cruise altitudes, many people die.
I haven't yet settled on a counterpart for software engineering that I
like, but the best stab at it I've come up with is this.
Comprehensible, correct, efficient.
Incomprehensible code is useless.[2][3] Even code that is proven
correct by formal methods is fragile if human maintainers are defeated
by its esoteric expression.[4] (And formal verification can't save you
from incorrect specification in the first place.) Richard Feynman once
said something along the lines of, if there is any phenomenon in physics
that he can't successfully explain to an audience of freshmen, then we
don't really understand it yet. We use subtle, complex tools to solve
problems only when we haven't worked out ways to overcome them with
simple, straightforward ones. Before we surrender to the excuse of
irreducible complexity we must have valid, verifiable, peer-reproducible
evidence that we've reduced the complexity as far as known methods will
allow.
But I'm junior to most of the grognards are on this list, so I'm
half-expecting the Joe Pesci opening statement from _My Cousin Vinny_...
Regards,
Branden
[1] https://www.avweb.com/features/say-again-8air-traffic-chaos/
[2] Literally useless, especially once that something that "just works"
is ported to a new context. "The real problem is that we didn't
understand what was going on either."
https://www.bell-labs.com/usr/dmr/www/odd.html
[3] Except for constructing streams of self-lauding horse puckey before
promotion committees comprised of people who themselves attained,
and will further advance, their status predicated on the audacity of
their horse puckey.
[4] And once something's _that_ solid, it may be time to consider
etching it in silicon rather than primary or secondary storage.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2023-03-14 3:06 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-10 11:37 [TUHS] Re: I can't drive 55: "GOTO considered harmful" 55th anniversary Noel Chiappa
2023-03-10 11:51 ` [TUHS] Conditions, AKA exceptions. (Was: I can't drive 55: "GOTO considered harmful" 55th anniversary) Ralph Corderoy
2023-03-10 15:54 ` [TUHS] Re: I can't drive 55: "GOTO considered harmful" 55th anniversary Dan Cross
2023-03-12 7:39 ` Anthony Martin
2023-03-12 11:40 ` Dan Cross
2023-03-12 16:40 ` Paul Winalski
2023-03-13 3:25 ` John Cowan
2023-03-13 10:40 ` Alejandro Colomar (man-pages)
2023-03-13 12:19 ` Dan Cross
2023-03-13 12:43 ` [TUHS] [TUHS]: C dialects (was: I can't drive 55: "GOTO considered harmful" 55th anniversary) Alejandro Colomar
2023-03-13 12:46 ` [TUHS] " Dan Cross
2023-03-13 16:00 ` Paul Winalski
2023-03-13 19:00 ` Clem Cole
2023-03-13 19:09 ` Larry McVoy
2023-03-13 19:17 ` Steve Nickolas
2023-03-13 20:26 ` Dan Cross
2023-03-13 22:25 ` Alejandro Colomar (man-pages)
2023-03-13 19:24 ` [TUHS] Re: [TUHS]: C dialects Luther Johnson
2023-03-13 19:38 ` Luther Johnson
2023-03-14 19:48 ` John Cowan
2023-03-14 19:56 ` Joseph Holsten
2023-03-14 20:01 ` Luther Johnson
2023-03-13 20:48 ` [TUHS] Re: [TUHS]: C dialects (was: I can't drive 55: "GOTO considered harmful" 55th anniversary) Paul Winalski
2023-03-13 20:56 ` Bakul Shah
2023-03-14 1:06 ` Larry McVoy
2023-03-13 21:00 ` Paul Winalski
2023-03-13 21:07 ` Bakul Shah
2023-03-13 21:14 ` Dan Cross
2023-03-13 22:15 ` Dave Horsfall
2023-03-13 22:47 ` Dave Horsfall
2023-03-14 0:23 ` Dan Cross
2023-03-14 0:21 ` Dan Cross
2023-03-14 13:52 ` Chet Ramey
2023-03-14 1:27 ` Bakul Shah
2023-03-13 21:28 ` Paul Winalski
2023-03-14 10:04 ` [TUHS] C dialects Ralph Corderoy
2023-03-14 20:02 ` [TUHS] " John Cowan
2023-03-14 21:34 ` Thomas Paulsen
2023-03-14 0:38 ` [TUHS] Re: [TUHS]: C dialects (was: I can't drive 55: "GOTO considered harmful" 55th anniversary) John Cowan
2023-03-14 2:49 ` Theodore Ts'o
2023-03-14 3:06 ` G. Branden Robinson [this message]
2023-03-15 3:59 Noel Chiappa
2023-03-15 4:33 ` John Cowan
2023-03-16 22:50 ` Bakul Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230314030607.ermpipkakhassitv@illithid \
--to=g.branden.robinson@gmail.com \
--cc=alx.manpages@gmail.com \
--cc=tuhs@tuhs.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).