2. “Look ma! No hands!”
A Gopher in an autonomous vehicle? 01
The case for Safe Go
Unsafe code situations
Do’s and don’ts
Safe Go style guide
Questions?
02
03
04
05
06
4. {
WHY A GOPHER THERE IN THE FIRST PLACE?
Simplicity.
Even “hard” AD
development
should be easy
to approach.
01. A GOPHER IN AN AUTONOMOUS VEHICLE
5. {
WHY A GOPHER THERE IN THE FIRST PLACE?
Commonality.
Engineers
should be able
to jump teams:
AD vs cloud.
01. A GOPHER IN AN AUTONOMOUS VEHICLE
6. {
WHY A GOPHER THERE IN THE FIRST PLACE?
Ecosystem.
Go has a huge open
source ecosystem.
Einride is part of it!
01. A GOPHER IN AN AUTONOMOUS VEHICLE
8. 03
Can Go be used in a
mixed criticality system?
CAN GO BE USED IN A SAFETY CRITICAL ENVIRONMENT?
02. THE CASE FOR SAFE GO
02
9. 03
We think yes!
But with the right
approach and tooling.
CAN GO BE USED IN A SAFETY CRITICAL ENVIRONMENT?
02. THE CASE FOR SAFE GO
02
10. Differences to “common” Go development
03. THE CASE FOR SAFE GO
● Long running processes - not req/resp
● Resource constrained environment
● “Soft” realtime requirements
● Debug challanges
● Requirements of high correctness
14. 🧠 UNBOUNDED CONCURRENCY
03. UNSAFE CODE SITUATIONS
● Occurs when spawning goroutines during
iterations: loops, recursions, net RX etc
● Negatively impacts:
○ Runtime context switching
○ OS thread context switching
○ Goroutine heap allocations
15. ⏱ GARBAGE COLLECTION LATENCY
03. UNSAFE CODE SITUATIONS
● Occurs when there are many deallocations:
functions returns, variables out of scope etc
● Negatively impacts:
○ Time spent in runtime vs user code
○ CPU context switching waste
16. 🔄 SYNCHRONIZATION AND DEADLOCKS
03. UNSAFE CODE SITUATIONS
● Deadlocks can be a big problem when trying
to synchronize concurrent code
● Negatively impacts:
○ Less throughput
○ Leads to hard-to-find bugs
18. 🧮 UNBOUNDED MEMORY USAGE
04. DO’S AND DON’TS
Watch out for append() inside loops, especially when the input length is unknown
Don’t…
19. 🧮 UNBOUNDED MEMORY USAGE
04. DO’S AND DON’TS
Instead try to preallocate any slices to a given capacity
Do!
20. 🧠 UNBOUNDED CONCURRENCY
04. DO’S AND DON’TS
Don’t start goroutines in a loop without checking the length of the input
Don’t…
21. 🧠 UNBOUNDED CONCURRENCY
04. DO’S AND DON’TS
Instead spawn a known amount of “workers” and pass them the input.
Do! But use something
robust, like errgroup!
22. ⏱ GARBAGE COLLECTION LATENCY
04. DO’S AND DON’TS
Allocs can happen where you least expect it. Dig into the code to find out!
Don’t…
23. ⏱ GARBAGE COLLECTION LATENCY
04. DO’S AND DON’TS
In this case strings.Count() was enough, which doesn’t alloc anything.
Do!
24. 🔄 SYNCHRONIZATION AND DEADLOCKS
04. DO’S AND DON’TS
Watch out when getting access to references, mutexes doesn’t help here.
Don’t…
25. 🔄 SYNCHRONIZATION AND DEADLOCKS
04. DO’S AND DON’TS
Instead copy data inside locked section, if needed outside.
Do!