Why you should always sanity check your code.. / General Science and Electronics / Forums

Forums

4hv.org :: Forums :: General Science and Electronics

« Previous topic | Next topic »

Why you should always sanity check your code..

Move Thread

LAN_403

Conundrum

Thu Jun 07 2012, 07:32PM

Registered Member #96 Joined: Thu Feb 09 2006, 05:37PM
Location: CI, Earth
Posts: 4061

I think the phrase "Oops" comes to mind.

Be warned, overflow bugs like this are the bane of programmers the world over.
In this case it could have been a disaster but it got caught during testing.

-A

rp181

Thu Jun 07 2012, 08:03PM

Registered Member #1062 Joined: Tue Oct 16 2007, 02:01AM
Location:
Posts: 1529

Somewhat related:

Alex M

Fri Jun 08 2012, 08:55AM

Registered Member #3943 Joined: Sun Jun 12 2011, 05:24PM
Location: The Shire, UK
Posts: 552

rp181 wrote ...

Somewhat related:

Something similar happened to a fighter jet that had taken off from a nearby RAF base a few years ago, it caused a sonic boom whilst in flight above the county which sounded and felt like a nuke going off!

Nicko

Fri Jun 08 2012, 10:29AM

Registered Member #1334 Joined: Tue Feb 19 2008, 04:37PM
Location: Nr. London, UK
Posts: 615

Conundrum wrote ...

I think the phrase "Oops" comes to mind.

Be warned, overflow bugs like this are the bane of programmers the world over.
In this case it could have been a disaster but it got caught during testing.

Lets keep this in perspective - its a hack project done by The Register to see if they can get something into low-earth orbit for almost nothing - its not something of any importance or which places anyone at risk at all - its a terribly minor thing.

Complex software is almost impossible to verify - an example of how bad simple bugs can be look at

or the Ariane failures, or... any number of similar events.

Bugs happen - that's why there are a raft of ways to mitigate risk in safety-critical systems - typical one being to have three systems voting - each one produced by a different manufacturer etc. However, you can almost never be certain that a system will be completely reliable - remember a few years ago even some Intel chips were having problems - the silicon itself is not above suspicion...

Some companies refuse to warrant their systems in safety-critical environments - nuclear, medical etc. - for exactly this reason.

I've worked on the architecture of critical systems with millions of lines of C++ and several 1000 concurrent threads - we expected to have problems - the key thing is to mange events as they occur and to do huge amounts of testing & reviews at every level - its expensive.

Also, quite honestly, a very large proportion of the code I've seen over the years, even from "seasoned professionals" in the field, is to put it bluntly, crap.
- poorly structured, poorly commented, poor use of the language, little understanding of the consequence of certain operations, poor (or no) rationale for architectural decisions etc. etc.

Many folk think they are gods because they can get an Arduino to blink a LED or some such trivia or have worked for years in the field, but genuinely GOOD programmers and analysts are few and far between - it takes a very specific mindset and a lot of brains to be really good - hoi polloi are generally very ordinary when placed under the spotlight and examined closely...

Patrick

Fri Jun 08 2012, 05:27PM

Registered Member #2431 Joined: Tue Oct 13 2009, 09:47PM
Location: Chico, CA. USA
Posts: 5639

i second Nicko's comments, ive seen the very same blunders too many times to count, yet software engineers think they are God's great gift to humanity.

Anyway, they was also a problem in the first oversees deployment ofthe F-22, the first 4 of the Machines whent over from IDL from west to east, and that navigation bug cuased the navigation, radio, and other critcal systems to flight to fail, becuase the code cuased a rollover overflow in a data register. so the pilots couldnt commuincate an emergengecy, though they were able to double back, find their tankers by time and distance and safely land.

According to lockheed martin they sent a "tiger team" to Hawaii, and they claim it was no big deal.

I see this kind of crap all the time.

Carbon_Rod

Sun Jun 10 2012, 01:45AM

Registered Member #65 Joined: Thu Feb 09 2006, 06:43AM
Location:
Posts: 1155

Bad design practices in complex systems always lead to problems.
1. Create software standards compliant automated test suite prior to implementation

2. Fuzzers (exposes common FPGA problems)

3. VHSIC hardware description language self referencing design checks
Usually two high level degrees and 10 years >>relevant<< experience is required

However, mixing engineering team disciplines can sometimes create interesting projects like a UAV with wireless power transfer capabilities:

Problems usually arise when people get creatively lazy with code generators like MatLab, attempt to "invent" new electrical designs for "ideal" app notes, or not managing project resources correctly.

The statistical reality is sometimes you can do everything right, still mess something up, and people may get injured. However, people should take responsibility for their mistakes, and publish the independent forensic engineering team report.

Philosophy courses related to scientific ethics are usually required for medical degrees, but are often not taken seriously by other fields. Accordingly, cheating is often significantly higher in these types of courses for applied science students.

Steve Conner

Sun Jun 10 2012, 07:40AM

Registered Member #30 Joined: Fri Feb 03 2006, 10:52AM
Location: Glasgow, Scotland
Posts: 6706

If every embedded developer needs 10 years relevant experience, where do they all get it from? Are we all supposed to serve a 10 year apprenticeship writing firmware for karaoke machines?

My employer offers a course in "Ethical Hacking", amongst other things.

Nicko

Mon Jun 11 2012, 05:10AM

Registered Member #1334 Joined: Tue Feb 19 2008, 04:37PM
Location: Nr. London, UK
Posts: 615

Steve Conner wrote ...

If every embedded developer needs 10 years relevant experience, where do they all get it from? Are we all supposed to serve a 10 year apprenticeship writing firmware for karaoke machines?

Anyone involved with karaoke should been given 10 years in jail

The point I was trying to make is that whilst experience is generally a "good thing", it doesn't make someone a good developer or analyst.

I've had this discussion many times with colleagues - I differentiate (!) between "mathematicians" and "those that do maths". The former have an innate (not just intuitive) understanding of numbers and their relationships and can "see" solutions to problems; the latter follow rules laid down by the former.

You can apply the same rationale to "engineers" and "those the do engineering", or many other professions.

Most people can be taught a profession if they have reasonable intelligence - to excel, you need a specific mindset - an attitude and a specific set of skills that lets you operate outside of the box.

True polymaths, those that can do this in a number of areas, are extremely rare for exactly this reason - they have to have exceptional gifts in a number of often conflicting subjects. I have been lucky enough to meet a fair few who could be described as "brilliant" in specific areas (even a Nobel Laureate or two), but only a couple who truly deserved to be called "polymath" (and neither of them was a NL). To be brilliant or a polymath AND be "normally" socially functional, even rarer...

Steve Conner wrote ...
My employer offers a course in "Ethical Hacking", amongst other things.

Ethical hacking or "white hat" work is very valuable - essential even - Regular "penetration testing" (aka "pen testing") (don't be a child and snigger) is standard practice in financial institutions and many other organisations. I always tended to use two completely different organisations at a time when commissioning pen tests to get better coverage and differing approaches. You don't meet the actual attackers (they live in a darkened room somewhere, don't do much daylight and live off pizza) but their representatives are pretty clued up.

EDIT: Should have said that there are several sides to pen testing - the most interesting parts for me are the "social engineering" attacks that we run. The people who do this are very smart, do their research, and tend to be professional actors etc. - its scary how good they are. Security is a balancing act - electronic defences are only a small part of the whole...

Moderator(s): Chris Russell, Noelle, Alex, Tesladownunder, Dave Marshall, Dave Billington, Bjørn, Steve Conner, Wolfram, Kizmo, Mads Barnkob