Re: F-22 ADA Programming

[Bill White <billjwhite@notan.org>]

On 2014-10-30, Maciej Sobczak <see.my.homepage@gmail.com> wrote:
>
>> Surely if the language is chosen by management, they share in the responsibility
>> for its effect. A developer who agrees to work on the project using the poor
>> language has made a decision to do so, and is clearly responsible for that decision.
>
> Sorry, I got lost in this. I mean - in the taking responsibility part.
> Does it mean that if we choose Ada and then shit happens, are we cleared
> from responsibility because the choice was good?

It is not about escaping responsibility but come from the other end and try
to be responsible. People are required to be diligent. Choosing the right
platforms, languages, techniques etc. are all part of engineering just like
choosing the right concrete, steel, and designs are are all part of making a
bridge.

Choosing something that's known to be defective or provably unsuitable is
irresponsible and not certainly not good engineering practice. Choosing
something less-than-optimal often is "acceptable" engineering practice. When
forced to do something like that you can either quit or send memos and keep
copies.

> The difference between Ada and C++ is not that in Ada there will be no
 bugs and in C++ there will be only bugs. At best, the language choice will
 have some influence on the probability and economy of failure.

I think that's misleading. It is not only the probability of failures that's
important but their type and consequences. Those are engineering limits that
can usually be quantified fairly well. 

> So, let's say (just for the sake of discussion, with no regard to how ridiculous it got already)
> that with C++ the probability of project failure is 30% and with Ada the probability of project
> failure is 20%. I don't care if these numbers reflect reality.

If that was all there was to it then it would be a simple matter of
budgeting. Is the 10% you'll have to pay in claim settlements and damages
worth it? If so, choose C++. If not, choose Ada. But I don't think it's the
quantity (and I don't think C++ is only 10% worse than Ada even by pure
quantity). 

>
> a) And I choose C++. And then shit happens. Am I responsible? To what extent?

If the system requires safety and you are responsible for choosing an
inappropriate tool then you're certainly responsible. You're might also be
incompetent and criminally negligent.

> b) And I choose Ada. And then shit happens. Am I responsible? To what extent?

Nobody says Ada is a silver bullet. The point is diligence. You don't use
things with known safety issues in systems where safety is an issue. If you
did the best you can and you followed good engineering practice then
failures should have been mitigated as much as possible. People can still do
the wrong thing with good tools. The question is whether people acted
responsibly, cautiously, and in good faith. And those are things that make a
difference in court.

>
> Are you ready to throw some numbers or can we agree that the discussion went out of
> control and the whole responsibility argument is just nonsense?

The discussion is not nonsense. The idea that people should refuse to use
bad tools on the job is hard because when push comes to shove many people
feel obligated to not be homeless or starving, especially if other people
are depending on them. The question is a question of ideals, having a sense
of social responsibility and right and wrong, and how close you can get to
doing the right thing. You're at least obligated to make your objections and
questions known and then if it's my way or the highway then only you can
decide what to do. Immorality is not ok just because you're in an office.

> Would that work? I was elaborating on this idea several times and it makes sense to me,
> as it puts money into the equation just as it already does in many other parts of our life.
> If my insurance company cares about me doing proper technical service of my car, it might
>  as well guide me in the choice of my programming language, there is really little difference here.
>
> But until this (or something equivalent) happens, please don't argue that the programmer is 
> responsible for his language choices, as such argument has no tangible (and countable)
> foundations. It's just hand-waving.

That is a very odd assertion. Just because there is no legal ecosystem for
something hardly means it's hand-waving or irrelevant. The (attempted)
solution usually comes after the problem, not before. 

Bill