[SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

Wed Mar 2 00:43:59 CET 2016

Steve
It's worth reflecting on the process whereby software gets to the state of
"it sucks". 
Some years ago I was a member of a team of 12 working on the start-up of a
latex reactor system. We were working around the clock on 12 hour shifts.
The core reactor control algorithms were not working as planned. That is,
not complying with what we called the English language description of the
reactors stepwise operation. In those days we called requirements the
English language (as though they belonged to an alien race from another
planet who could only speak English and who should probably stay there and
leave us alone). 
Critical discussions were occurring at the shift changeover meeting when the
code would be handed off to the incoming shift. We were all having a problem
understanding the code. Changes that fixed one problem would create many
more. The guy who wrote the code was a good man, very knowledgeable in the
process technology and smart. Unfortunately he did not have a professional
education. He had been trained in the use of the state engine but I suspect
did not love or respect the model and chose to take some logical shortcuts
which resulted in the classical heavily nested if-then-else statements. We
had administered the state engine Kool-Aid but only by mouth. This guy's
lack of a professional background indicated that a drip would have been a
more effective, straight to the bloodstream. The other thing we failed to do
was conduct more in-process review of his work. 
As the light thickened the 12 good men and true resolved to nurture his code
- fix it with a tweak here and a bug fix there. We were under a lot of
pressure day and night from the night's black agents (the sales guys) who
were running out of product to sell. When you do a major plant upgrade you
usually fill the storage tanks and plan on a one-month shakedown and testing
period once all the equipment including software is in place. We were
running out of time. The feckless bug fixing went on for four shifts (48
hours non-stop). At the fourth shift change meeting we all looked at each
other and finally accepted the truth: this was a hack, what we were doing
was dangerous and unsustainable. The code would not be understood by future
maintainers and was likely to have more bugs than we had found. And as the
crows made wing to the rooky wood, under extreme pleasure (the sales guys
could care less about the beauty of our code) we resolved to rewrite
sections of the code. The thing was it only took a 12 hour shift to do. We
kicked ourselves for not making this decision on day one.

This is a microcosm of how crap code gets into production. It is not
conceived and developed against sustainable models, grows like Topsy and
it's "suckiness" is discovered too late for a major rewrite. There simply
isn't the money in the pot even if you are a large corporation. There are
several large corporations in the same position as your unnamed word
processor vendor. For example a well known purveyor of document reader
software has a committed team that would just love to rewrite the product
but is unable to assemble the funds. Right now they are flat out staving off
attacks from Russians who have found vulnerabilities that allow them to
crash and invade PCs running the software at a high level of security.

Perhaps by now the uninitiated may appreciate how irrelevant a collegiate
debate on the ambiguity of a standard is to situations such as these. I
wonder if any standards bodies ever do a 360 review on what the profession
thinks of their standards and how they are used, or if they are used at all.
I recently had the opportunity to review the curriculum of the University of
Queensland's Electrical Engineering and Computer Science Department. The
curriculum guy had never heard the number 61508. In Bristol last year I
attempted to get a sneak peek of ISO standards work and asked PBL about the
process of signing up as an industry reviewer. He regarded me with horror. I
stood by for the gush of boiling oil from the top of his silo. 

It saddens me that humanity takes so long to learn. Shakespeare knew about
the ramifications of piling bad on bad in 1605 when he had Macbeth say:

Light thickens, and the crow
Makes wing to th' rooky wood.
Good things of day begin to droop and drowse;
Whiles night's black agents to their preys do rouse.
Thou marvel'st at my words: but hold thee still.
THINGS BAD BEGUN MAKE STRONG THEMSELVES BY ILL.

Cheers
Les

PS:
By the way I'm not against Fagan reviews, they can be good value when used
as designed. I wrote an essay on my first exposure to them here:
http://www.systemsengineeringblog.com/extreme-review-a-tale-of-nakedness-als
atians-and-fagan-inspection/

... but they are designed for inspection of completed deliverables, they are
the end game not the arc of the story.

-----Original Message-----
From: systemsafety
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Steve Tockey
Sent: Wednesday, March 2, 2016 5:07 AM
To: Derek M Jones; systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous
Graphical Representation"

Derek,
An interesting position, but please consider this alternative view:

I'm using a popular word processor for writing my new book. I've seen
reports from credible people who have evaluated that code base, they all
report, "it sucks". I know people who work for that company, they freely
admit "our code sucks". No question, it's bad code.

As a user, I have already logged 93 unique defects against the product.
The most serious defect is that it can go into an infinite loop after a
Paste. When it does, I have to go to the operating system control panel to
kill the process as it is consuming 100% of one CPU and not listening to
any user input. My habit now is to Save-Cut-Paste instead of the normal
Cut-Paste to minimize lost work (it's supposed "saved" version is up to 20
minutes of editing behind). Web searching reveals that this
infinite-loop-on-Paste defect has been in the product since 2011 and has
still not been fixed. I can't think of any other way to put it, it's bad
code.

But here's the deal, I can't invest anything in that code. It's not my
code to invest in. I'm just the poor hapless user who has to deal with
their crap because that's what the publisher wants.

Your position is fine from a supplier-side perspective, but what about the
consumer-side? Shouldn't we have a say? At best, all I can do economically
is be true to my vow of never spending another penny with that vendor.
They've gotten enough of my money over the years for their schlock
software. No more.

It's not my option to invest in their code. All I can do is make it
obvious that I refuse to spend any more with those schmucks.

Regards,

-- steve

-----Original Message-----
From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de>
on behalf of Derek M Jones <derek at knosof.co.uk>
Organization: Knowledge Software, Ltd
Date: Tuesday, March 1, 2016 8:13 AM
To: "systemsafety at lists.techfak.uni-bielefeld.de"
<systemsafety at lists.techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous
Graphical Representation"

Steve,

> My point is that it's not a simple thing to precisely define "bad code",
> neither is it a simple thing to detect it or repair it.

Bad code can be precisely defined by the amount of resources you
are willing to invest in finding and fixing any problems it might
contain.

If the code might contain problems that you are not willing to invest
in doing anything about, then it is obviously good enough.

How you choose to invest the resources you have in finding/fixing
problems is a technical issue.  There is not a lot of hard data
available to help make the optimal use of resources, so people
tend to follow the herd and sprinkle in a few of their own preferences.

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE