Defects are not the fault of programmers

栏目: IT技术 · 发布时间: 4年前

内容简介:Sorry this one is late! I’ve been having a rough time lately, which I think is pretty normal right now for everyone. But I’m doing a bit better now and hope to stay that way for the next month or so. Hope.Anyway, yesterday a bunch of us were trying to expl

Sorry this one is late! I’ve been having a rough time lately, which I think is pretty normal right now for everyone. But I’m doing a bit better now and hope to stay that way for the next month or so. Hope.

Anyway, yesterday a bunch of us were trying to explain to someone on Twitter why we don’t like Robert Martin, and I brought up his claim “Defects are the fault of programmers. It is programmers who create defects – not languages”. I said this was a major flaw in his philosophy. The person asked:

Regarding defects, who else is to blame if not the person who introduced them?

Which is way too complicated question to answer in a Tweetstorm. It’s also not something I really have capacity right now to write a fully researched essay on, so you will get my thoughts as newsletter. Hooray!

So on a surface level, that sounds obvious. Defects come from code, programmers write code, therefore defects come from programmers. As a statement of fact, this doesn’t “coincidentally” hold. A lot of the nastiest bugs come from components that are all correct in isolation but interact in a dangerous way. This is called a Feature Interaction Bug . You can make a case that it’s both people’s fault, or neither people’s fault, or the manager’s fault, or who knows who’s fault. Another set of dangerous bugs come from ambiguous requirements . This is where there are multiple ways of interpreting the requirements that are all completely reasonable, words possible even the client doesn’t know which one they intended.

I call these “coincidental” counterexamples because they don’t actually refute the core idea, only the specific claim. Both feature interaction and ambiguous requirement bugs are amenable to upfront design methods like formal specifications. So you can argue that this is the programmer’s fault for not writing a spec. It shows that the situation is more nuanced than the simple statement of fact assumes, but it doesn’t get to why I’m so against it.

No, the bigger issue with “programmers create defects” is an essential issue with the worldview. Its basis in facts is less important than its value as a “lens” we can use to understand defects. If we know where defects come from, we know what we need to do to manage them. To emphasize this: Our worldview on defects shapes our means of reducing defects. We measure the value of a lens by how useful it is.

So what does the “defects are the fault of programmers” worldview tell us about our means? It says that the only way to reduce defects is to improve programmer discipline. Either the programmer is sufficiently disciplined and nothing can cause defects, or the programmer is insufficiently disciplined and nothing can prevent defects. Martin himself describes his worldview as:

The cause:

  1. Too many programmer take sloppy short-cuts under schedule pressure.
  2. Too many other programmers think it’s fine, and provide cover.

The obvious solution:

  1. Raise the level of software discipline and professionalism.
  2. Never make excuses for sloppy work.

This is why Martin only recommends solutions that the programmer does :

  • Unit testing (test driven development specifically)
  • Code review
  • “Clean Code”
  • Pair programming

This is why Martin calls language features like nullable types “the dark path” and formal specifications a “ shiny ”. None of his solutions are about the structure of the project, the tools the programmer uses, the environment they’re in, etc.

Notice how little that gives us! Because all defects come from programmers, we can only talk about a very narrow range of things to eliminate defects. Anything else is just a sloppy shortcut, regardless of how well it actually works . Maybe the problem is everyone is overworked and we need to hire another programmer? No, that’s just an excuse for sloppy work. What if our microservice architecture makes certain kinds of bugs a lot more likely? It’s still you’re not having discipline.

In the safety science world this is derisively referred to as “human error”. Human error is where people stop their investigations. Just scapegoat the human and let the broader system get off scot-free. Don’t ask if the equipment was getting out of date, or if the training program is underfunded, or if the official processes were disconnected from the groundlevel reality. When all defects are the fault of the human, then we don’t have any tools to address defects besides blaming humans. And that’s completely inadequate for our purposes.

I want to point to one example about the gulf between “defects are the fault of programmers” and “defects are complicated properties of systems”. Back in 2018 there was a big kerfuffle in the JavaScript world, because one widely-used package was taken over by a malicious actor. Everybody blamed a human in the postmortems. Many blamed the original package maintainer for giving it to malicious actor, many blamed the companies who upgraded the dependency without auditing the code first. I’m not part of the JavaScript world but wanted to practice my accident analysis skills, so I dove in. The final analysis took two months to write and identified 15 properties of the broader system that made the attack viable and likely to happen again in the future. Some of them are easily fixable, others involved fundamental trade-offs between usability and security, or even between security and different security. And all them was missed by everyone who just wanted to blame a programmer.

“Defects are the fault of programmers” may sound good, but it does nothing to help us fix defects.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

颠覆式创新:移动互联网时代的生存法则

颠覆式创新:移动互联网时代的生存法则

李善友 / 机械工业出版社 / 2015-3-1

为什么把每件事情都做对了,仍有可能错失城池?为什么无人可敌的领先企业,却在一夜之间虎落平阳?短短三年间诺基亚陨落,摩托罗拉以区区29亿美元出售给联想,芯片业霸主英特尔在移动芯片领域份额几乎为零,风光无限的巨头转眼成为被颠覆的恐龙,默默无闻的小公司一战成名迅速崛起,令人瞠目结舌的现象几乎都能被“颠覆式创新”法则所解释。 颠覆式创新教你在新的商业竞争中“换操作系统”而不是“打补丁”,小公司用破坏......一起来看看 《颠覆式创新:移动互联网时代的生存法则》 这本书的介绍吧!

JSON 在线解析
JSON 在线解析

在线 JSON 格式化工具

SHA 加密
SHA 加密

SHA 加密工具

XML 在线格式化
XML 在线格式化

在线 XML 格式化压缩工具