It was formally proved correct !!!!!!!
It nonetheless exploded...
Elixir London Meetup
Thomas Depierre
@DianaO
Diana Olympos
Twitter :
Github :
For this talk :
TDD == Formal Proof == Type Systems
How this talk work
-
20 mins for me
-
20 mins for YOU
-
Just come in and switch
-
If you do not use your time, i will
-
Anyone can answer or say anything.
We build Complex Systems
Yes even "Hello World"
Complex systems are systems whose behaviour is intrinsically difficult to model due to the dependencies, relationships, or interactions between their parts or between a given system and its environment.
Cross Field Knowledge !!!
The Knight Capital Group Accident
In laymen’s terms, Knight Capital Group realised a $460 million loss in 45-minutes. Remember, Knight only has $365 million in cash and equivalents. In 45-minutes Knight went from being the largest trader in US equities and a major market maker in the NYSE and NASDAQ to bankrupt.
Complex Systems are SocioTechnical
- Live in an environment
- Operators
- Users
- Writers/Engineers
- Humans are part of the system
- A Complex System is not a technical only entity
Reliability
- Doing what is specified
- Repeatedly
- TDD, Type System, Proof, etc
- From the ground up
Safety
- Avoiding Loss Events
- Financial, Assets, Human life
- Systemic property
- Not a technical problem !
- Safe >>>>>>>> Reliable
There is not only anecdotal but some hard data to support the hypothesis that safety problems in software stem from requirements flaws and not coding errors.
Nancy Leveson, Engineering a safer world
Let's go back to Arianne V
What happened ?
What happened ?
- An Exception happened (Buffer Overflow)
- Should always crash on uncaught exception
- Killed the whole flight computer
- Was unneeded subroutine
- Was formally proved correct for Arianne IV flight
- Was not caught because too expensive at runtime
- No need to catch it, it was formally proved correct
A Type System => the whole System is less safe.
But the code is more reliable !
And about Elixir ?
-
Supervision is how you build safe systems
-
Bulkheading
-
"Let it crash"
-
Monitoring and debuggability first
-
Actors make you think in systems
-
Interface with the outside world at the limits
And about Elixir ?
-
Supervision is how you build safe systems
-
Bulkheading
-
"Let it crash"
-
Monitoring and debuggability first
-
Actors make you think in systems
-
Interface with the outside world at the limits
What to read for more ?
- How Complex Systems Fail, Richard Cook
- John Allspaw's blog (The danger of the 5 Whys)
- The Field Guide to Understanding Human Error, Sidney Dekker
- Engineering a Safer World, Nancy Leveson
- Postmortems. A lot of them
It was formally proved correct!!
By di4nao
It was formally proved correct!!
A look at why TDD, Formal Proof and Type Systems do not help in building Safe systems.
