Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

From: Les Chambers < >
Date: Wed, 2 Mar 2016 09:43:59 +1000

It's worth reflecting on the process whereby software gets to the state of "it sucks".
Some years ago I was a member of a team of 12 working on the start-up of a latex reactor system. We were working around the clock on 12 hour shifts. The core reactor control algorithms were not working as planned. That is, not complying with what we called the English language description of the reactors stepwise operation. In those days we called requirements the English language (as though they belonged to an alien race from another planet who could only speak English and who should probably stay there and leave us alone).
Critical discussions were occurring at the shift changeover meeting when the code would be handed off to the incoming shift. We were all having a problem understanding the code. Changes that fixed one problem would create many more. The guy who wrote the code was a good man, very knowledgeable in the process technology and smart. Unfortunately he did not have a professional education. He had been trained in the use of the state engine but I suspect did not love or respect the model and chose to take some logical shortcuts which resulted in the classical heavily nested if-then-else statements. We had administered the state engine Kool-Aid but only by mouth. This guy's lack of a professional background indicated that a drip would have been a more effective, straight to the bloodstream. The other thing we failed to do was conduct more in-process review of his work. As the light thickened the 12 good men and true resolved to nurture his code - fix it with a tweak here and a bug fix there. We were under a lot of pressure day and night from the night's black agents (the sales guys) who were running out of product to sell. When you do a major plant upgrade you usually fill the storage tanks and plan on a one-month shakedown and testing period once all the equipment including software is in place. We were running out of time. The feckless bug fixing went on for four shifts (48 hours non-stop). At the fourth shift change meeting we all looked at each other and finally accepted the truth: this was a hack, what we were doing was dangerous and unsustainable. The code would not be understood by future maintainers and was likely to have more bugs than we had found. And as the crows made wing to the rooky wood, under extreme pleasure (the sales guys could care less about the beauty of our code) we resolved to rewrite sections of the code. The thing was it only took a 12 hour shift to do. We kicked ourselves for not making this decision on day one.

This is a microcosm of how crap code gets into production. It is not conceived and developed against sustainable models, grows like Topsy and it's "suckiness" is discovered too late for a major rewrite. There simply isn't the money in the pot even if you are a large corporation. There are several large corporations in the same position as your unnamed word processor vendor. For example a well known purveyor of document reader software has a committed team that would just love to rewrite the product but is unable to assemble the funds. Right now they are flat out staving off attacks from Russians who have found vulnerabilities that allow them to crash and invade PCs running the software at a high level of security.

Perhaps by now the uninitiated may appreciate how irrelevant a collegiate debate on the ambiguity of a standard is to situations such as these. I wonder if any standards bodies ever do a 360 review on what the profession thinks of their standards and how they are used, or if they are used at all. I recently had the opportunity to review the curriculum of the University of Queensland's Electrical Engineering and Computer Science Department. The curriculum guy had never heard the number 61508. In Bristol last year I attempted to get a sneak peek of ISO standards work and asked PBL about the process of signing up as an industry reviewer. He regarded me with horror. I stood by for the gush of boiling oil from the top of his silo.

It saddens me that humanity takes so long to learn. Shakespeare knew about the ramifications of piling bad on bad in 1605 when he had Macbeth say:

Light thickens, and the crow
Makes wing to th' rooky wood.
Good things of day begin to droop and drowse; Whiles night's black agents to their preys do rouse. Thou marvel'st at my words: but hold thee still. THINGS BAD BEGUN MAKE STRONG THEMSELVES BY ILL. Cheers

By the way I'm not against Fagan reviews, they can be good value when used as designed. I wrote an essay on my first exposure to them here: atians-and-fagan-inspection/

... but they are designed for inspection of completed deliverables, they are the end game not the arc of the story.

-----Original Message-----
From: systemsafety
[mailto:systemsafety-bounces_at_xxxxxx Steve Tockey
Sent: Wednesday, March 2, 2016 5:07 AM
To: Derek M Jones; systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

An interesting position, but please consider this alternative view:

I'm using a popular word processor for writing my new book. I've seen reports from credible people who have evaluated that code base, they all report, "it sucks". I know people who work for that company, they freely admit "our code sucks". No question, it's bad code.

As a user, I have already logged 93 unique defects against the product. The most serious defect is that it can go into an infinite loop after a Paste. When it does, I have to go to the operating system control panel to kill the process as it is consuming 100% of one CPU and not listening to any user input. My habit now is to Save-Cut-Paste instead of the normal Cut-Paste to minimize lost work (it's supposed "saved" version is up to 20 minutes of editing behind). Web searching reveals that this infinite-loop-on-Paste defect has been in the product since 2011 and has still not been fixed. I can't think of any other way to put it, it's bad code.

But here's the deal, I can't invest anything in that code. It's not my code to invest in. I'm just the poor hapless user who has to deal with their crap because that's what the publisher wants.

Your position is fine from a supplier-side perspective, but what about the consumer-side? Shouldn't we have a say? At best, all I can do economically is be true to my vow of never spending another penny with that vendor. They've gotten enough of my money over the years for their schlock software. No more.

It's not my option to invest in their code. All I can do is make it obvious that I refuse to spend any more with those schmucks.


-----Original Message-----
From: systemsafety <systemsafety-bounces_at_xxxxxx on behalf of Derek M Jones <derek_at_xxxxxx Organization: Knowledge Software, Ltd
Date: Tuesday, March 1, 2016 8:13 AM
To: "systemsafety_at_xxxxxx <systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"


> My point is that it's not a simple thing to precisely define "bad code",
> neither is it a simple thing to detect it or repair it.

Bad code can be precisely defined by the amount of resources you are willing to invest in finding and fixing any problems it might contain.

If the code might contain problems that you are not willing to invest in doing anything about, then it is obviously good enough.

How you choose to invest the resources you have in finding/fixing problems is a technical issue. There is not a lot of hard data available to help make the optimal use of resources, so people tend to follow the herd and sprinkle in a few of their own preferences.

Derek M. Jones           Software analysis
tel: +44 (0)1252 520667
The System Safety Mailing List

The System Safety Mailing List

The System Safety Mailing List
Received on Wed Mar 02 2016 - 00:44:21 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:08 CEST