Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
The Epistemology of Software
Engineering
Nathan Marz
@nathanmarz

1
My personal philosophies on software development
Agenda
1. Limits of human knowledge
2. Effect of the limits of knowledge on software development
3. Embracing those limits ...
How do I know my software is correct?
How do I know a proposition is true?
Epistemology
How do I know my software is correct?

PREVIEW
You don’t
Your code is wrong
How do I know a proposition is true?

PREVIEW
You don’t
True knowledge is
unattainable
But wait... philosophy?
Strawman

Moral highground

Appeal to authority

Ad hominem attack

Appeal to emotion

Shotgun argumentation

Circular rea...
Your code is wrong
Your code is literally wrong
Your code is wrong
Why do you believe your
code is correct?
Dependency 1

Dependency 2
Your code
Dependency 3
Dependency 4

Dependency 1

Dependency 5
Dependency 6
Dependency 7
Dependency 4
Dependency 8
Dependency 9
Dependency 3,000,000
Hardware
Electronics
Chemistry
Atomic physics
Quantum mechanics
I think I can safely say
that nobody understands
quantum mechanics.

Richard Feynman
Your code is wrong
...
Your code
Infinite regress
Epistemological “solutions”
1. Infinitism
2. Foundationalism
3. Coherentism
Coherentism
Foundationalism

Axioms
René Descartes
Cogito ergo sum
I think,
therefore I am
Codito ergo sum
I code,
therefore I am
Cartesian foundationalism
1. Limited axioms
2. Knowledge through deduction
Cartesian programming
1. Axioms = rules of programming language
2. Programs = deductions from those axioms
-> OutOfMemoryException
-> Hallo welt!
All the software you’ve
used has had bugs in it
Including the software
you’ve written
Induction
f(0) and (f(n) → f(n+1))
∀n≥0, f(n)
Induction
<sidenote>
David Hume
“Why is inductive reasoning valid?”
</sidenote>
Skepticism
perfect code
value to users
“My software is correct”
“My software is
sometimes correct”
How do you minimize imperfection?
Storm’s “reportError” method
(Storm is a realtime computation
system, like Hadoop but for realtime)
Storm architecture
Storm architecture

Master node (similar to Hadoop JobTracker)
Storm architecture

Used for cluster coordination
Storm architecture

Run worker processes
Storm’s “reportError” method
Used to show errors in the Storm UI
Error info is stored in Zookeeper
What happens when a user deploys code like this?
Denial-of-service on Zookeeper
and cluster goes down
Irrelevant!

Designed input space

Robust!

Failures!
Bad performance!
Security holes!

Actual input space
Implement self-throttling to
avoid overloading Zookeeper
Robust!

Designed input space

Actual input space
Robust!

Designed input space

Actual input space
Epistemology
Trth

Trut
Truh

Tuth

Tru
Foundation of modern science
Newton’s laws of motion
1. When viewed in an inertial reference frame,
an object either is at rest or moves at a constant
...
Orbit of Mercury problem
Cambridge, we have a problem...
Einstein’s theory of relativity
Sorry, Newton, you’ve
been PWNED:
limit approximation (truth) = truth
n

n→∞
Science algorithm
1. Make observations
2. Find theories consistent with those observations
3. Falsify theories by making m...
Foundationalism
+
Coherentism
Empiricism
John Locke
Occam’s Razor
Software

Use cases
Software gets messy
Refactoring
Robust!

Designed input space

Actual input space
Robust!

Designed input space

Actual input space
TESTING
Unit testing
Load testing
Stress testing
Fuzz testing
TDD?
Review
1. Cannot perfectly reason about software
•

Infinite regress problem

•

Deduction is fundamentally flawed

•

Evide...
Does any of this matter?
YES
Embrace “your code is wrong”
to design better software
Redundancy
Fault-tolerance

> Perfection
An example
Learning from Hadoop
Job

Jobtracker
Job

Job
Learning from Hadoop
Job

Jobtracker
Job

Job
Learning from Hadoop
Job

Jobtracker
Job

Job
Your code is wrong
So your processes will crash
Storm’s daemons are
process fault-tolerant
Storm
Topology

Nimbus
Topology

Topology
Storm
Topology

Nimbus
Topology

Topology
Storm
Topology

Nimbus
Topology

Topology
Storm
Topology

Nimbus
Topology

Topology
Storm
Topology

Nimbus
Topology

Topology
Robust!

Designed input space

Actual input space
Robust!

Designed input space

Actual input space
Reasoning is fundamentally hard
So program in ways that require
less of it
Pure function
Mutability is hard to reason about
Minimize state mutation
Functional programming
Clojure
skepticism(skepticism)
?

?
?

?

?

?

?

?

?

?

?

?

?

?
?

?
?

?
?

?
?

?

?

perfect software

?
?

?

?

?
?
Thank you
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
The Epistemology of Software Engineering
Upcoming SlideShare
Loading in …5
×

The Epistemology of Software Engineering

4,000 views

Published on

My keynote at GOTO Berlin 2013

Published in: Technology, Spiritual

The Epistemology of Software Engineering

  1. 1. The Epistemology of Software Engineering Nathan Marz @nathanmarz 1
  2. 2. My personal philosophies on software development
  3. 3. Agenda 1. Limits of human knowledge 2. Effect of the limits of knowledge on software development 3. Embracing those limits enables you to build better software
  4. 4. How do I know my software is correct?
  5. 5. How do I know a proposition is true?
  6. 6. Epistemology
  7. 7. How do I know my software is correct? PREVIEW
  8. 8. You don’t
  9. 9. Your code is wrong
  10. 10. How do I know a proposition is true? PREVIEW
  11. 11. You don’t
  12. 12. True knowledge is unattainable
  13. 13. But wait... philosophy?
  14. 14. Strawman Moral highground Appeal to authority Ad hominem attack Appeal to emotion Shotgun argumentation Circular reasoning Correlation vs causation False dilemma Equivocation Argument to moderation Burden of proof Fallacies
  15. 15. Your code is wrong
  16. 16. Your code is literally wrong
  17. 17. Your code is wrong
  18. 18. Why do you believe your code is correct?
  19. 19. Dependency 1 Dependency 2 Your code Dependency 3
  20. 20. Dependency 4 Dependency 1 Dependency 5
  21. 21. Dependency 6 Dependency 7 Dependency 4 Dependency 8 Dependency 9
  22. 22. Dependency 3,000,000 Hardware
  23. 23. Electronics
  24. 24. Chemistry
  25. 25. Atomic physics
  26. 26. Quantum mechanics
  27. 27. I think I can safely say that nobody understands quantum mechanics. Richard Feynman
  28. 28. Your code is wrong
  29. 29. ... Your code
  30. 30. Infinite regress
  31. 31. Epistemological “solutions” 1. Infinitism 2. Foundationalism 3. Coherentism
  32. 32. Coherentism
  33. 33. Foundationalism Axioms
  34. 34. René Descartes
  35. 35. Cogito ergo sum
  36. 36. I think, therefore I am
  37. 37. Codito ergo sum
  38. 38. I code, therefore I am
  39. 39. Cartesian foundationalism 1. Limited axioms 2. Knowledge through deduction
  40. 40. Cartesian programming 1. Axioms = rules of programming language 2. Programs = deductions from those axioms
  41. 41. -> OutOfMemoryException
  42. 42. -> Hallo welt!
  43. 43. All the software you’ve used has had bugs in it
  44. 44. Including the software you’ve written
  45. 45. Induction
  46. 46. f(0) and (f(n) → f(n+1)) ∀n≥0, f(n)
  47. 47. Induction
  48. 48. <sidenote>
  49. 49. David Hume
  50. 50. “Why is inductive reasoning valid?”
  51. 51. </sidenote>
  52. 52. Skepticism
  53. 53. perfect code
  54. 54. value to users
  55. 55. “My software is correct”
  56. 56. “My software is sometimes correct”
  57. 57. How do you minimize imperfection?
  58. 58. Storm’s “reportError” method
  59. 59. (Storm is a realtime computation system, like Hadoop but for realtime)
  60. 60. Storm architecture
  61. 61. Storm architecture Master node (similar to Hadoop JobTracker)
  62. 62. Storm architecture Used for cluster coordination
  63. 63. Storm architecture Run worker processes
  64. 64. Storm’s “reportError” method
  65. 65. Used to show errors in the Storm UI
  66. 66. Error info is stored in Zookeeper
  67. 67. What happens when a user deploys code like this?
  68. 68. Denial-of-service on Zookeeper and cluster goes down
  69. 69. Irrelevant! Designed input space Robust! Failures! Bad performance! Security holes! Actual input space
  70. 70. Implement self-throttling to avoid overloading Zookeeper
  71. 71. Robust! Designed input space Actual input space
  72. 72. Robust! Designed input space Actual input space
  73. 73. Epistemology
  74. 74. Trth Trut Truh Tuth Tru
  75. 75. Foundation of modern science
  76. 76. Newton’s laws of motion 1. When viewed in an inertial reference frame, an object either is at rest or moves at a constant velocity, unless acted upon by an external force. 2. The acceleration of a body is directly proportional to, and in the same direction as, the net force acting on the body, and inversely proportional to its mass. Thus, F = ma, where F is the net force acting on the object, m is the mass of the object and a is the acceleration of the object. 3. When one body exerts a force on a second body, the second body simultaneously exerts a force equal in magnitude and opposite in direction to that of the first body.
  77. 77. Orbit of Mercury problem Cambridge, we have a problem...
  78. 78. Einstein’s theory of relativity Sorry, Newton, you’ve been PWNED:
  79. 79. limit approximation (truth) = truth n n→∞
  80. 80. Science algorithm 1. Make observations 2. Find theories consistent with those observations 3. Falsify theories by making more observations
  81. 81. Foundationalism + Coherentism
  82. 82. Empiricism
  83. 83. John Locke
  84. 84. Occam’s Razor
  85. 85. Software Use cases
  86. 86. Software gets messy
  87. 87. Refactoring
  88. 88. Robust! Designed input space Actual input space
  89. 89. Robust! Designed input space Actual input space
  90. 90. TESTING
  91. 91. Unit testing Load testing Stress testing Fuzz testing
  92. 92. TDD?
  93. 93. Review 1. Cannot perfectly reason about software • Infinite regress problem • Deduction is fundamentally flawed • Evidence shows programmers are not good at deductive reasoning 2. Best you can do is minimize wrongness • Truth can only be approximate • Observe/theorize/falsify cycle minimizes wrongness over time • Testing = empiricism applied to software development • Make programs less wrong by testing more
  94. 94. Does any of this matter?
  95. 95. YES
  96. 96. Embrace “your code is wrong” to design better software
  97. 97. Redundancy Fault-tolerance > Perfection
  98. 98. An example
  99. 99. Learning from Hadoop Job Jobtracker Job Job
  100. 100. Learning from Hadoop Job Jobtracker Job Job
  101. 101. Learning from Hadoop Job Jobtracker Job Job
  102. 102. Your code is wrong
  103. 103. So your processes will crash
  104. 104. Storm’s daemons are process fault-tolerant
  105. 105. Storm Topology Nimbus Topology Topology
  106. 106. Storm Topology Nimbus Topology Topology
  107. 107. Storm Topology Nimbus Topology Topology
  108. 108. Storm Topology Nimbus Topology Topology
  109. 109. Storm Topology Nimbus Topology Topology
  110. 110. Robust! Designed input space Actual input space
  111. 111. Robust! Designed input space Actual input space
  112. 112. Reasoning is fundamentally hard
  113. 113. So program in ways that require less of it
  114. 114. Pure function
  115. 115. Mutability is hard to reason about
  116. 116. Minimize state mutation
  117. 117. Functional programming
  118. 118. Clojure
  119. 119. skepticism(skepticism)
  120. 120. ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? perfect software ? ? ? ? ? ?
  121. 121. Thank you

×