"Tracking the Blackout bug"

"Tracking the Blackout bug"

[sk]

Article at "The Register" about the electricity blackout
in the Northeast (USA) last year.

No directly relevent to c.l.a but interesting since it talks
of race conditions etc. which are issues of Ada.


http://www.theregister.co.uk/2004/04/08/blackout_bug_report/


-- 
-------------------------------------------------
-- Merge vertically for real address
--
--     s n p @ t . o
--      k i e k c c m
-------------------------------------------------

Re: "Tracking the Blackout bug"

[Peter Amey]

sk wrote:
> Article at "The Register" about the electricity blackout
> in the Northeast (USA) last year.
> 
> No directly relevent to c.l.a but interesting since it talks
> of race conditions etc. which are issues of Ada.
> 
> 
> http://www.theregister.co.uk/2004/04/08/blackout_bug_report/
> 
> 

Interesting read.  What I do find irritating are quotes such as

"The company did everything it could..."
"We text exhaustively..."
"Unfortunately, that's kind of the nature of software..."

All these statements are untrue and they also reflect a kind of 
defeatism that I wholly reject (imagine Boeing saying "OK, the wings did 
fall off, but we tested it a lot and anyway that is just the nature of 
aeroplanes").

The developers did NOT do everything they could.  They could have used 
the Ravenscar profile in Ada; they could use RavenSPARK; they could have 
done some model checking of the concurrent parts of the program.  They 
did NOT test exhaustively because it is impossible (/exhaustingly/ I am 
willing to believe).  And software doesn't HAVE to be cr*p!

sigh

Peter

Re: "Tracking the Blackout bug"

[Mike Silva]

Peter Amey <peter.amey@praxis-cs.co.uk> wrote in message news:<c56hpq$2onduq$1@ID-69815.news.uni-berlin.de>...
> sk wrote:
> > Article at "The Register" about the electricity blackout
> > in the Northeast (USA) last year.
....
> The developers did NOT do everything they could.  They could have used 
> the Ravenscar profile in Ada; they could use RavenSPARK; they could have 
> done some model checking of the concurrent parts of the program.  They 
> did NOT test exhaustively because it is impossible (/exhaustingly/ I am 
> willing to believe).  And software doesn't HAVE to be cr*p!

I hope that you can learn enough of the details about the bug to write
up something showing how current best practice (using current best
language? :-) would have prevented the problem.

Re: "Tracking the Blackout bug"

[Mark Lorenzen]

Peter Amey <peter.amey@praxis-cs.co.uk> writes:

> sk wrote:
>> Article at "The Register" about the electricity blackout
>> in the Northeast (USA) last year.
>> No directly relevent to c.l.a but interesting since it talks
>> of race conditions etc. which are issues of Ada.
>> http://www.theregister.co.uk/2004/04/08/blackout_bug_report/
>>
>
> Interesting read.  What I do find irritating are quotes such as
>
> "The company did everything it could..."
> "We text exhaustively..."
> "Unfortunately, that's kind of the nature of software..."
>
> All these statements are untrue and they also reflect a kind of
> defeatism that I wholly reject (imagine Boeing saying "OK, the wings
> did fall off, but we tested it a lot and anyway that is just the
> nature of aeroplanes").
>
> The developers did NOT do everything they could.  They could have used
> the Ravenscar profile in Ada; they could use RavenSPARK; they could
> have done some model checking of the concurrent parts of the program.
> They did NOT test exhaustively because it is impossible
> (/exhaustingly/ I am willing to believe).  And software doesn't HAVE
> to be cr*p!
>
> sigh
>
> Peter

It is unbelievable how often I have heard the third statement quoted
above. When I try to argue that constructing a software system is just
as much an engineering task as constructing a bridge (although much
less mature), I am met with disbelief and "hackish" counter-arguments.

These arguments always turn on single point - that programming is an
art or maybe even something resembling a magic craft, which can only
be learned through years of hacking. And most certainly you can't use
any theoretical knowledge when constructing "real" systems (as opposed
to the fancy useless university exercises).

Funny enough, the discussion is always about programming and not
construction. For some reason, the programming task is regarded as
something special and holy - probably the reason why programming
language discussions always turn into holy wars.

- Mark Lorenzen

Re: "Tracking the Blackout bug"

[Robert I. Eachus]

Peter Amey wrote:

> The developers did NOT do everything they could.  They could have used 
> the Ravenscar profile in Ada; they could use RavenSPARK; they could have 
> done some model checking of the concurrent parts of the program.  They 
> did NOT test exhaustively because it is impossible (/exhaustingly/ I am 
> willing to believe).  And software doesn't HAVE to be cr*p!

I totally agree, using Ada to write the software would not have 
prevented the problem, it just would have made it obvious.  (Hmmm.  How 
do we handle an exception in the alert system?)  Using SPARK of course, 
would have prevented the problem.  (If you can't prove it doesn't raise 
exceptions or have race conditions, it isn't SPARK.)

-- 

                                           Robert I. Eachus

"The terrorist enemy holds no territory, defends no population, is 
unconstrained by rules of warfare, and respects no law of morality. Such 
an enemy cannot be deterred, contained, appeased or negotiated with. It 
can only be destroyed--and that, ladies and gentlemen, is the business 
at hand."  -- Dick Cheney