Stroustrup on Teaching Software Developers

Recommended reading (it’s short), from the January 2010 issue of CACM:

What Should We Teach New Software Developers? Why?
by Bjarne Stroustrup

It’s a wonderfully accurate and concise summary of the disconnect between the ivory tower and the trenches – i.e., (some) computer science academics and (some) software development industry managers, with commentary on other topics like why or why not to regulate the software development industry.

My favorite part is this from the conclusion (emphasis added):

We must do better. Until we do, our infrastructure will continue to creak, bloat, and soak up resources. Eventually, some part will break in some unpredictable and disastrous way (think of Internet routing, online banking, electronic voting, and control of the electric power grid).

Bjarne isn’t prone to disaster warnings (indeed, this is the first time I recall seeing a comment like this from him, even over a beer or three), but he’s right. This hits directly on an issue I’ve also been giving thought to in recent years: As an industry and a society, we routinely underestimate the degree to which we’ve gradually allowed our automated civilization to become reliant on computers and software, and vulnerable as a result. We’ve been satisfied with making any given system “reliable enough” for the intended application (e.g., having a much higher bar for life-critical software than for a word processor), and so far we’ve been able to get away with that without the level of broad regulation for software development that is routinely required for other disciplines like engineering that are involved in providing essential products and services. Of course, as Bjarne points out, one reason for the lack of regulation of the software development industry is that we don’t know (and/or can’t agree on) exactly what to require and how to measure it; we’re just not as mature a field yet as civil or mechanical engineering.

Recognizing the potential scope of a catastrophic and systemic software failure in the field – one that disables a vital piece of infrastructure (say, electric power or food distribution, country-wide for a month) and that can’t be patched with a remote update – adds impetus to understanding and solving the kinds of issues Bjarne writes about.

Guest Blog: Words Matter

This morning my colleague Rob Hanz wrote an interesting email that went viral in my corner of Microsoft. He graciously allowed me to share it with you here. I hope you enjoy it too.

Blink and subconscious messaging
Robert Hanz

I was reading Blink last night, and one of the things it mentioned is how subconscious signals can significantly impact conscious activity. For instance, one experiment took jumbled, semi-random words and had the subjects arrange them into sentences. After they finished these, they would need to go down to the hall and speak to a person at an office to sign out of the test.

But the test wasn’t the actual sentences – mixed in with the words to form sentences were one of two sets of words. One set had a lot of words regarding patience and cooperation, while the other had words regarding belligerence and impatience. The test was to see the behavior of the student when the person they needed to talk to was engaged in a conversation and was unable to help them.

The group that had the belligerent words waited, on average, about 5 minutes before interrupting the conversation. The group with the patient wordset waited indefinitely. The test was designed to end after I believe 10 minutes of waiting – not a single “patient” subject ever interrupted the conversation.

Reading this, one of the things that came to mind was some of the different messaging used by waterfall projects vs. agile projects, and how often we hear them.

Waterfall:
“Bug” (used for just about anything that needs to be done by a developer)
“Priority one”
“Due by”
“Stabilization”
(this in addition to the frequently long list of “bugs” that confronts developers every day)

Agile:
“User story”
“Customer value”
“Velocity”
(in addition, the list of work to be done is usually scoped to be possible within a single week)

When I thought about the differences in words, I was really struck by how different the messaging was. In the waterfall case, the message was overwhelmingly negative – it focused on failures, urgency, and almost a sense of distrust. It seemed that the language seemed to be geared around ways that individuals messed up, and how everything is an emergency that must be dealt with immediately. And, if you think about it, in a waterfall culture there is typically no frequent reward or messaging of success – the best you can typically hope for (for much of the cycle) is to avoid failure. And the idea that you’re actually producing value is very much removed from the language.

On the other hand, the agile language itself focuses on results, not failures. Stories are typically “done” or “not done,” and while bugs are certainly tracked, at a high level that’s usually just a statement that the story is “not done.” Combine this with sprint reviews (where the team shows what they’ve accomplished), and the overall message becomes very much focused on the successes of the team, rather than the failures. Progress is measured by value added, not by failures avoided. Even something as low-level as TDD consistently gives its practitioners a frequent message of success with the “green bar.”

While I certainly believe that agile development has many advantages in terms of reducing iteration time and tightening feedback loops, among other things, is it possible that something as simple as the shift in language is also a significant part of the effectiveness? That by priming individuals with messages of success and value, rather than messages of failure, that morale and productivity can be boosted?

Trip Report: October 2009 ISO C++ Standards Meeting

The ISO C++ committee met in Santa Cruz, CA, USA on October 19-24. You can find the minutes here, which include the votes at the whole-group sessions but not the details of the breakout technical sessions where we spend most of the week.

The good news is that there’s little new technical news. We did a lot of work during the week, but it was mostly working on refining the standard, deciding integration questions of how two language features should work together in cases not clearly described, fixing bugs, and answering national body comments on our first public draft last fall (those are now nearly all answered). We expect to produce another public draft at our next meeting in March.

We did vote in one small feature that I and Lawrence Crowl in particular had been working on: a simple async() facility to launch asynchronous work easily without messing with packaged_tasks and raw threads. Here’s a sample use, also demonstrating a simple use of the futures library and a lambda function for kicks:

  future f = std::async( []{ OtherWork(); } );

  //... do our own work concurrently with OtherWork ...

  OkayNowWeNeedTheResult( f.get() );  // blocks if necessary until f is ready

If you’ve been following the futures library, you’ll notice a name change above: We also renamed unique_future<T> to just plain future<T> as part of recasting the futures wording to make it clearer and more consistent. That’s an example of the kind of cleanup work being done.

Near the end of the meeting, we also discussed deprecating export (as I reported earlier) and exception specifications other than throw()-nothing. There seemed to be significant support for deprecating both, and so we’ll probably see a concrete proposal at our next meeting.

In sad news, the convener (chair) of the committee for the past year, P.J. Plauger, stepped down at the end of the meeting. After I had been the convener for two three-year terms from 2002 to 2008, I decided it was time for someone else to have a go and so Plauger replaced me a year ago. He has done a really great job over the past year and his contributions in that role will be missed, but we won’t lose his services entirely as he remains an active participant in the committee. I will probably volunteer again to replace him.

That’s pretty much it. The next meeting of the ISO C++ standards committee is in March:

(Edited to fix “2009” in the title and add a link to the Pittsburgh meeting invitation.)

Effective Concurrency: Prefer structured lifetimes – local, nested, bounded, deterministic.

This month’s Effective Concurrency column, Prefer structured lifetimes – local, nested, bounded, deterministic, is now live on DDJ’s website.

From the article:

Where possible, prefer structured lifetimes: ones that are local, nested, bounded, and deterministic. This is true no matter what kind of lifetime we’re considering, including object lifetimes, thread or task lifetimes, lock lifetimes, or any other kind. …

I hope you enjoy it. Finally, here are links to previous Effective Concurrency columns:

The Pillars of Concurrency (Aug 2007)

How Much Scalability Do You Have or Need? (Sep 2007)

Use Critical Sections (Preferably Locks) to Eliminate Races (Oct 2007)

Apply Critical Sections Consistently (Nov 2007)

Avoid Calling Unknown Code While Inside a Critical Section (Dec 2007)

Use Lock Hierarchies to Avoid Deadlock (Jan 2008)

Break Amdahl’s Law! (Feb 2008)

Going Superlinear (Mar 2008)

Super Linearity and the Bigger Machine (Apr 2008)

Interrupt Politely (May 2008)

Maximize Locality, Minimize Contention (Jun 2008)

Choose Concurrency-Friendly Data Structures (Jul 2008)

The Many Faces of Deadlock (Aug 2008)

Lock-Free Code: A False Sense of Security (Sep 2008)

Writing Lock-Free Code: A Corrected Queue (Oct 2008)

Writing a Generalized Concurrent Queue (Nov 2008)

Understanding Parallel Performance (Dec 2008)

Measuring Parallel Performance: Optimizing a Concurrent Queue (Jan 2009)

volatile vs. volatile (Feb 2009)

Sharing Is the Root of All Contention (Mar 2009)

Use Threads Correctly = Isolation + Asynchronous Messages (Apr 2009)

Use Thread Pools Correctly: Keep Tasks Short and Nonblocking (Apr 2009)

Eliminate False Sharing (May 2009)

Break Up and Interleave Work to Keep Threads Responsive (Jun 2009)

The Power of “In Progress” (Jul 2009)

Design for Manycore Systems (Aug 2009)

Avoid Exposing Concurrency – Hide It Inside Synchronous Methods (Oct 2009)

Prefer structured lifetimes – local, nested, bounded, deterministic (Nov 2009)

Other Concurrency Sessions at PDC’09

 

I mentioned yesterday that I’ll be involved in two sessions at PDC09, including a parallel patterns tutorial. I know many of you are interested in concurrency in general and on Microsoft platforms in particular, so I thought I’d share this more complete list of concurrency-related sessions at PDC, put together by my colleague Stephen Toub.

Overview:

Native code in Visual Studio 2010:

Managed code in Visual Studio 2010:

HPC Server:

Research and Incubation:

PDC’09: Tutorial & Panel

For those of you coming to PDC’09 in Los Angeles a couple of weeks from now, I’ll be there for a few hours on Monday and Wednesday participating in two events:

See you at PDC!

Hoare on Testing

On the flight to the ISO C standards meeting this morning, I was reading this month’s issue of CACM, and found that Sir C.A.R. (Tony) Hoare wrote a nice piece called Retrospective: An Axiomatic Basis for Computer Programming.

Hoare has long been a noted proponent of axioms and formal proofs of program correctness. In that light, the following passage on testing and axioms struck me as well put and I thought I’d share it (emphasis added):

One thing I got spectacularly wrong. I could see that programs were getting larger, and I thought that testing would be an increasingly ineffective way of removing errors from them. I did not realize that the success of tests is that they test the programmer, not the program. Rigorous testing regimes rapidly persuade error-prone programmers (like me) to remove themselves from the profession. Failure in test immediately punishes any lapse in programming concentration, and (just as important) the failure count enables implementers to resist management pressure for premature delivery of unreliable code [or forces management to be explicitly unreasonable in the face of bug bar data and specific failure cases having an objective severity –hps]. The experience, judgment, and intuition of programmers who have survived the rigors of testing are what make programs of the present day useful, efficient, and (nearly) correct. Formal methods for achieving correctness must support the intuitive judgment of programmers, not replace it.

My basic mistake was to set up proof in opposition to testing, where in fact both of them are valuable and mutually supportive ways of accumulating evidence of the correctness and serviceability of programs. …

He also mentions many other useful observations and reminds, including the value of assertions to find, not run-time errors, but programming bugs. (See also C++ Coding Standards Item 68: Assert liberally to document internal assumptions and invariants.)

The whole article is good reading, and not long. Recommended.

Deprecating export considered for ISO C++0x

How interesting.

I’m at the ISO C++ meeting in Santa Cruz, CA, USA this week. Ten minutes ago we had a committee straw poll about whether we should remove, deprecate, or leave as-is the export template feature for C++0x. The general sentiment was to remove or deprecate it, with deprecation getting the strongest support because it’s safer per ISO procedure. Deprecation would not remove it from C++0x, but would put the world on notice that the committee is considering removing it from a future standard.

Note: Nothing is happening to export at this meeting. The effect of this straw poll of the committee was to give guidance to the core language working group (CWG) on the committee’s general sentiment on this issue. The CWG is taking this as guidance to produce a detailed proposal to take some action on export at our next meeting in Pittsburgh in March.

I’ll write a longer trip report in the next week, but this was worth noting in real time because it’s the first time export template has been discussed in committee since the highly controversial discussion of my and Tom Plum’s proposal to remove export at the Oxford meeting in 2003.

A Concurrency Poll

I’ve opened up a short concurrency poll to get a sense of what concurrency issues are top-of-mind for programmers, and I’d appreciate it if you could take a few minutes to participate. Some questions are about what you want to learn more about, others about your tools of choice in specific areas, and a few are slightly whimsical. I plan to use the results as input to topics to cover in future Effective Concurrency articles and talks, so by participating you’ll help influence the direction of future EC topics.

There are about 28 questions, each asking for just a word or a phrase in answer. Here again is the link: http://www.surveygizmo.com/s/193214/apw36

Thank you in advance for taking a few minutes to participate. If you’re interested in receiving a summary of the survey results, please leave your email address at the end of the survey and I’ll send you a copy (your email will not be used for any other purpose).

Mailbag: Shutting up compiler warnings

I recently received the following reader question (slightly edited):

About the (Stroustrup) approach of implementing IsDerivedFrom at page 27 in your book More Exceptional C++: […] why the second pointer assignment in:

static void Constraints(D* p)
{
B* pb=p; // okay, D better inherit from B…
pb=p; // huh? why this again?
}

Isn’t the initialization ” B* pb=p ” enough? What does the second assignment bring to the picture?

Excellent question. Interestingly, here’s the exact text from the book, which contains an additional comment that was intended to answer this specific question (emphasis added):

static void Constraints(D* p)
{
B* pb = p;
pb = p; // suppress warnings about unused variables
}

The reason for the redundant assignment is to try to shut up some compilers that issue warnings about unused variables. In a normal function, this is a helpful warning because, dollars to donuts, it’s a mistake and the programmer meant to use the variable but forgot or accidentally used some other variable instead. In this case, without the second line, pb is declared but never mentioned again, and by adding the extra line that mentions it one more time after its declaration, some compilers stop complaining.

Sometimes, however, we’re intentionally not using the variable, such as in this case where the only purpose of the function is to ensure that code that tries to convert a D* to a B* is compilable. (Note: There are other/better ways to achieve this. See the rest of Item 27 for superior approaches.)

However, in practice even the line “pb = p;” doesn’t shut compilers up very much, because many will still notice that now the second assigned value isn’t used, and will helpfully remind you that you probably didn’t mean to write an apparently useless “dead write” that is never read again. Most compilers offer a compiler-specific #pragma or other nonportable extension to silence this warning, but wouldn’t it be nice to have a portable way to suppress the warning that will work on all compilers?

Here’s a simple one-liner that works on all compilers I tried, and should not incur any overhead: Define an empty function template that takes any object by reference, but doesn’t actually do anything with it and so the empty function body should compile down to nothing. Let’s call it “ignore” – you can put it into your project namespace to avoid collisions on that common name.

  template<class T> void ignore( const T& ) { }

Note that ignore<T>’s parameter does not need a name; in fact, it had better not have a name or else you’ll get the same compiler warning as before about an unused variables, only in a new place.

Using ignore is easy. When you want to suppress the compiler warning, just write:

  static void Constraints(D* p)
  {
    B* pb = p;
    ignore(pb); // portably suppresses the warning
  }

Now all compilers I tried agree that the variable is “used” and stop complaining about pb.

[Oct 20: Updated  to add “const” on ignore<T>’s parameter to also handle rvalues.]