The Epistemology of Software Engineering Nathan Marz @nathanmarz - - PowerPoint PPT Presentation

▶

Sep 28, 2023 614 likes •2.12k views

The Epistemology of Software Engineering Nathan Marz @nathanmarz 1 My personal philosophies on software development Agenda 1. Limits of human knowledge 2. E ff ect of the limits of knowledge on software development 3. Embracing those limits

SLIDE 1

The Epistemology of Software Engineering

Nathan Marz @nathanmarz

SLIDE 2

My personal philosophies on software development

SLIDE 3

SLIDE 4

Agenda

1. Limits of human knowledge
2. Effect of the limits of knowledge on software development
3. Embracing those limits enables you to build better software

SLIDE 5

How do I know my software is correct?

SLIDE 6

How do I know a proposition is true?

SLIDE 7

Epistfmology

SLIDE 8

How do I know my software is correct? PREVIEW

SLIDE 9

You don’t

SLIDE 10

Your code is wrong

SLIDE 11

PREVIEW How do I know a proposition is true?

SLIDE 12

You don’t

SLIDE 13

True knowledge is unattainable

SLIDE 14

SLIDE 15

SLIDE 16

But wait... philosophy?

SLIDE 17

Fallacies

Strawman Appeal to authority Circular reasoning Appeal to emotion False dilemma Argument to moderation Moral highground Ad hominem attack Shotgun argumentation Correlation vs causation Equivocation Burden of proof

SLIDE 18

SLIDE 19

Your code is wrong

SLIDE 20

Your code is literally wrong

SLIDE 21

Your code is wrong

SLIDE 22

SLIDE 23

Why do you believe your code is correct?

SLIDE 24

Your code Dependency 1 Dependency 2 Dependency 3

SLIDE 25

Dependency 1 Dependency 4 Dependency 5

SLIDE 26

Dependency 4 Dependency 6 Dependency 9 Dependency 7 Dependency 8

SLIDE 27

Dependency 3,000,000 Hardware

SLIDE 28

Electronics

SLIDE 29

Chemistry

SLIDE 30

Atomic physics

SLIDE 31

Quantum mechanics

SLIDE 32

I think I can safely say that nobody understands quantum mechanics.

Richard Feynman

SLIDE 33

Your code is wrong

SLIDE 34 Your code

...

SLIDE 35

Infinite regress

SLIDE 36

Epistemological “solutions”

1. Infinitism
2. Foundationalism
3. Coherentism

SLIDE 37

Coherentism

SLIDE 38

Foundationalism

Axioms

SLIDE 39

René Descartes

SLIDE 40

Cogito ergo sum

SLIDE 41

I think, therefore I am

SLIDE 42

Codito ergo sum

SLIDE 43

I code, therefore I am

SLIDE 44

Cartesian foundationalism

1. Limited axioms
2. Knowledge through deduction

SLIDE 45

Cartesian programming

1. Axioms = rules of programming language
2. Programs = deductions from those axioms

SLIDE 46

SLIDE 47

SLIDE 48

SLIDE 49

> OutOfMemoryException

SLIDE 50

> Hallo welt!

SLIDE 51

All the software you’ve used has had bugs in it

SLIDE 52

Including the software you’ve written

SLIDE 53

SLIDE 54

SLIDE 55

SLIDE 56

SLIDE 57

Inductjon

SLIDE 58

f(0) and (f(n) → f(n+1)) ⇒ ∀n≥0, f(n)

SLIDE 59

Inductjon

SLIDE 60

SLIDE 61

SLIDE 62

SLIDE 63

David Hume

SLIDE 64

“Why is inductive reasoning valid?”

SLIDE 65

</sidenote>

SLIDE 66

SLIDE 67

Skeptjcism

SLIDE 68

SLIDE 69

perfect code

SLIDE 70

value to users

SLIDE 71

“My software is correct”

SLIDE 72

“My software is sometimes correct”

SLIDE 73

How do you minimize imperfection?

SLIDE 74

Storm’s “reportError” method

SLIDE 75

(Storm is a realtime computation system, like Hadoop but for realtime)

SLIDE 76

Storm architecture

SLIDE 77

Storm architecture

Master node (similar to Hadoop JobTracker)

SLIDE 78

Storm architecture

Used for cluster coordination

SLIDE 79

Storm architecture

Run worker processes

SLIDE 80

Storm’s “reportError” method

SLIDE 81

Used to show errors in the Storm UI

SLIDE 82

Error info is stored in Zookeeper

SLIDE 83

What happens when a user deploys code like this?

SLIDE 84

Denial-of-service on Zookeeper and cluster goes down

SLIDE 85 Robust! Designed input space Actual input space Failures! Bad performance! Security holes! Irrelevant!

SLIDE 86

Implement self-throttling to avoid overloading Zookeeper

SLIDE 87 Robust! Designed input space Actual input space

SLIDE 88 Robust! Designed input space Actual input space

SLIDE 89

Epistfmology

SLIDE 90

Trth Truh Trut Tuth Tru

SLIDE 91

Foundation of modern science

SLIDE 92

1. When viewed in an inertial reference frame,

an object either is at rest or moves at a constant velocity, unless acted upon by an external force.

2. The acceleration of a body is directly proportional to,

and in the same direction as, the net force acting on the body, and inversely proportional to its mass. Thus, F = ma, where F is the net force acting on the object, m is the mass

f the object and a is the acceleration of the object.
3. When one body exerts a force on a second body, the

second body simultaneously exerts a force equal in magnitude and opposite in direction to that of the first body.

Newton’s laws of motion

SLIDE 93 Cambridge, we have a problem...

Orbit of Mercury problem

SLIDE 94

Einstein’s theory of relativity

Sorry, Newton, you’ve been PWNED:

SLIDE 95

limit

n → ∞

approximation (truth)

= truth

SLIDE 96

Science algorithm

1. Make observations
2. Find theories consistent with those observations
3. Falsify theories by making more observations

SLIDE 97

Foundationalism Coherentism +

SLIDE 98

Empiricism

SLIDE 99

John Locke

SLIDE 100

SLIDE 101

SLIDE 102

SLIDE 103

SLIDE 104

SLIDE 105

SLIDE 106

Occam’s Razor

SLIDE 107

Software Use cases

SLIDE 108

Software gets messy

SLIDE 109

Refactoring

SLIDE 110 Robust! Designed input space Actual input space

SLIDE 111 Robust! Designed input space Actual input space

SLIDE 112

SLIDE 113

TESTING

SLIDE 114

SLIDE 115

SLIDE 116

Unit testing Load testing Stress testing Fuzz testing

SLIDE 117

TDD?

SLIDE 118

Review

1. Cannot perfectly reason about software
Infinite regress problem
Deduction is fundamentally flawed
Evidence shows programmers are not good at deductive reasoning
2. Best you can do is minimize wrongness
Truth can only be approximate
Observe/theorize/falsify cycle minimizes wrongness over time
Testing = empiricism applied to software development
Make programs less wrong by testing more

SLIDE 119

Does any of this matter?

SLIDE 120

YES

SLIDE 121

Embrace “your code is wrong” to design better software

SLIDE 122

SLIDE 123

SLIDE 124

Redundancy Fault-tolerance > Perfection

SLIDE 125

An example

SLIDE 126

Learning from Hadoop

Jobtracker

Job Job Job

SLIDE 127

Learning from Hadoop

Jobtracker

Job Job Job

SLIDE 128

Learning from Hadoop

Jobtracker

Job Job Job

SLIDE 129

Your code is wrong

SLIDE 130

So your processes will crash

SLIDE 131

Storm’s daemons are process fault-tolerant

SLIDE 132

Storm

Nimbus

Topology Topology Topology

SLIDE 133

Storm

Nimbus

Topology Topology Topology

SLIDE 134

Storm

Nimbus

Topology Topology Topology

SLIDE 135

Storm

Nimbus

Topology Topology Topology

SLIDE 136

Storm

Nimbus

Topology Topology Topology

SLIDE 137 Robust! Designed input space Actual input space

SLIDE 138 Robust! Designed input space Actual input space

SLIDE 139

Reasoning is fundamentally hard

SLIDE 140

So program in ways that require less of it

SLIDE 141

SLIDE 142

SLIDE 143

Pure function

SLIDE 144

Mutability is hard to reason about

SLIDE 145

Minimize state mutation

SLIDE 146

Functional programming

SLIDE 147

Clojure

SLIDE 148

skepticism(skepticism)

SLIDE 149

perfect software

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

SLIDE 150

Thank you