The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Great stuff. Thanks for commenting.
It's an interesting story. Software crashes like this just get a lot of attention since they are so obviously catastrophic. Other problems occur and people do not hear about them but they happen everywhere in software.
If they were using Ada with appropriate data typing (that domain is what Ada was designed for...), F# with 'units of measure' or even C++ with a suitable units library (in which all the checking and overhead is at compile time, not runtime), they'd have been fine...
...or a proper, robust design, which documented the units in use...
NASA are generally very good with the process and design parts of software development, especially when the target is safety critical - maybe this was 'just' an unmanned probe, so the same rigour didn't get applied...
Java, Basic, who cares - it's all a bunch of tree-hugging hippy cr*p
Space probes tend to be both memory and compute limited, so the engineers—just as essentially everyone else in their situation has done—decided to keep track of the units themselves (in their heads, in the comments, and
in the documentation).
While this is true, and one of the reasons for extensive and exhaustive testing of spacecraft software, in the case of Mars Climate Orbiter (as also noted in the original post) :
... root cause for the loss of the MCO spacecraft was the failure to use metric units in the coding of a ground software file...
While not excusing the failure, which was a result of insufficient testing and other related issues, in this case it wasn't due to memory limitations of the on-board computers, or people "keeping track of units in their heads...". Anyway, source code isn't uploaded and compiled on a spacecraft, so type-safety and better languages shouldn't have any impact on the size of the executables.
While I'm sure Stroustrup means well, and intends the use of this failure as a lesson in the advantages of more strongly typed languages and methods, I think he's misrepresenting the actual situation. I'd recommend reading the actual reports on what happened for more details :
I think Stroustrup was just attempting to show an analogy about how programming languages can help us or provide no extra help. Kind of like a hand saw versus a chainsaw.
At times a newbie believes that because they just because he has the newest chainsaw he is a professional.
A person with vast experience can use hand tools and _process_ and do far more than some newbie with a chainsaw. However, when the experienced person with process then begins to use a power tool a leap of an order of magnitude may be made because the person can think at a different level.
Reminds me of the Hubble telescope mirror problem. Perkin Elmer was contracted to create the large reflecting mirror for the Hubble telescope, and NASA was not allowed to review the process, visit the factory, nor check off the various milestones. NASA was only allowed to accept delivery when the mirror was complete. Then on delivery, NASA didn’t even do a thorough QA check of the mirror. Unfortunately, the mirror was so badly flawed, that after it was installed and used, everything the telescope saw was blurred. Useless data was collected. NASA had to order another manned mission to fix the problem at a good cost to the American taxpayer.
Thus, it pays to have constant checks and quality reviews by the customer.
Exactly right. Everything in that report says bad or insufficient systems engineering process (which was encouraged under the Faster, Better, Cheaper mantra). As a result, missions with approximately the same capability are now back to costing three or more times as much.
His quoted cost for the program is ridiculous as well.
(not a spacecraft test system engineer, but have read a great deal on it)
There's no need for a different language. While some languages make certains things easier, in the end language is irrelevant. This team needed 3 things:
1) Correctly written specification and design. Doesn't have to be the Encyclopedia Britanica, but has to cover the major points, e.g., all units are metric.
2) Code review. Other people looking the code to ensure it makes sense.
3) Real testing. "It compiles and it runs" is not testing. Real testing includes validation that the results match the expectation. If this had been done the error would not have made it to production.
Don't get me wrong, I prefer strongly typed languages and IDEs that flag errors and all the goodies of "modern" programming. However, this debacle was caused by process, not programming.
The job of professional developers is not to design applications and write code. Our job is to solve someone else's business problem. Coding is a tiny part of that.
Our job is to solve someone else's business problem. Coding is a tiny part of that.
I agree 100%.
I also really enjoyed your post, however, one thing to keep in mind is that programming languages are something analogous to power tools.
The person using the hand saw can definitely say he is better off because he is "closer to the wood" and he's been cutting down trees for years like this and everything is good.
Power Drills For Felling Trees
Along comes, newbie with his power drill and says he, "I can fell this tree way faster than you can with my new power tool," and away he goes.
Hand saw guy has his tree down much quicker and better.
Hand-saw guy with knows the newbie is using the wrong tool and laughs.
Grey-beard Tree Feller
Finally, along comes Grey-Beard Tree Feller.
Hand-saw guy is like, "Another idiot with a power tool."
Grey-beard was a hand saw user for many years before chain saws were invented.
Now Grey-beard takes his new chain saw and drops the tree in seconds and hand saw guy says, "well, even idiots get lucky sometimes."
Grey-beard knows that once you understand process, you can use power tools appropriately.
A merge of the best of both worlds.
The real issue was bad, or woafully understaffed, systems engineering on a program that was underfunded with a process where some documents issued by the managing organization weren't part of the contractual requirements and were directly in conflict of the actual contractual documents. The fact that units were involved is secondary or tertiary. It could have been any other data type that was passed between the two completely independent software organizations that didn't share any top level organizations.
Also that cost is so stupidly and grossly overestimated that the person should be put on charges or at least sued for libel.
Didn't Algol68 include unit arithmetic? I don't have any near-complete Algol68 reference at hand, but I have a slight memory that it did.
Then: To claim that Algol68 ever was a widespread language would be a lie. You may question whether it was spread at all...
But then #2: In any modern OO language supporting generics, you could easily implement a "NumberAndUnit" class associating a unit with any number, implementing the appropriate arithmetic for the unit part. I can't claim to have seen any library supporting this, but I'd actually be suprised if none at all are available.
Of course: That won't help the NASA guys as long as they don't use such a library.
Sidetrack/historic: In my first job after completing my studies (long ago!), I worked with at text processing system where the basic unit was an AH, labeled after the initials of the developer who introduced it. One AH was 1/86400 of an inch. For the "modern" point definition, 1/72 of an inch, there was no roundoff errors. For the "traditional" pica points or didot points, the roundoff errors were significantly smaller than the precision of any of the peripherals we handled-
I used to be an aerospace engineer on the Space Shuttle External Tank, and before that the Delta rocket. Our units were always inch, pound (force) and the mass being the unit that gets accelerated at 1 in/sec2 by a force of 1 pound (about 386 pounds (mass)) - and being that I was in structural dynamics, it was important to get that mass correct.
The error here was that some paper-pusher whose job it was to change the parameters screwed up. Of course, it's ridiculous that the USA still uses non-metric units, but U-S-A, U-S-A!
Wages in India for scammers reading from a cheat sheet are very low: the minimum wage in India is Rs 160 per day - about £1.80, or $2.50 - so a successful scam that raises more than a tenner has paid for the "worker" for the week.
That's assuming they even pay minimum wage: given that what they do is illegal, immoral, and the act of scum I doubt they pay even that much.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!