Slashdot Asks: Are You Ashamed of Your Code?

Programmer and teacher Bill Sourour wrote a post last week called "Code I'm Still Ashamed Of," where he recounts a story in which he was hired to write code for a pharmaceutical company. Little did he know at the time, he was being "duped into helping the company skirt drug advertising laws in order to persuade young women to take a particular drug," recaps Business Insider. "He later found out the drug was known to worsen depression and at least one young woman committed suicide while taking it." Sourour was inspired to write the post after viewing a talk by Robert Martin, called "The Future of Programming," who argues that software developers need to figure out how to self-regulate themselves quickly as software becomes increasingly prevalent in many people's lives. Business Insider reports: "Let's decide what it means to be a programmer," Martin says in the video. "Civilization depends on us. Civilization doesn't understand this yet." His point is that in today's world, everything we do like buying things, making a phone call, driving cars, flying in planes, involves software. And dozens of people have already been killed by faulty software in cars, while hundreds of people have been killed from faulty software during air travel. "We are killing people," Martin says. "We did not get into this business to kill people. And this is only getting worse." Martin finished with a fire-and-brimstone call to action in which he warned that one day, some software developer will do something that will cause a disaster that kills tens of thousands of people. But Sourour points out that it's not just about accidentally killing people or deliberately polluting the air. Software has already been used by Wall Street firms to manipulate stock quotes. "This could not happen without some shady code that creates fake orders," Sourour says. We'd like to ask what your thoughts are on Sourour's post and whether or not you've ever had a similar experience. Have you ever felt ashamed of your code?

Re:Maybe we should mimic civil engineering

What does this mean in terms of software? Software crashes all the time.

Not in safety critical applications. Writing software for them is a different beast.

How could an engineer sign off on a system like this?

With the proper documentation.

I don't think we have proper methods of describing and solving modern safety issues in embedded systems.

Google for machine safety standards. IEC 60601-1 seems to be a good starting point for medical devices.
I've only written code for industrial machinery so I can't say for sure if it contains the necessary information. You typically have to go through quite a lot of standards to figure out the full requirements.

You have to document not only how the software will handle all plausible input cases but also how the device won't endanger anyone in the case of common hardware failures.
Some electromechanical devices can be assumed to not fail if you never approach half the marked current.
Some components are designed to have a defined failure state. You can use capacitors that always break, never short circuits.
For transistors you have to document how the device will operate in the different possible ways the transistor can break.
For complex circuits like a CPU you are not allowed to assume that it will remain functional and because of this you need at least two CPUs and have software or hardware that detects if one of them doesn't act as it should.
Depending on what safety class you are aiming for you might have to use CPUs of different architectures and have different programmers writing the software to minimize the risk of them failing in the same way.

As you might have figured out you can't just throw in a Raspberry Pi or anything running Windows CE and hope to write life critical applications.
If you need an OS it will be something like SafeRTOS but most of the time you will skip it.
You typically have to use window watchdogs to make sure that the code executes within the right time and you need to add checkpoints to make sure that the code executes in the right order.
You should try to avoid using pointers and dynamic allocation. Yep, that rules out high level languages no matter how safe some people seem to believe they are.
Exceptions is a big no. You avoid code that doesn't have a determined path trough it.
If you actually use pointers you will have to document every usage to make sure that it can never be used uninitialized or trash other parts of the memory.
If you allocate things dynamically you will have to show that allocation failure doesn't lead to safety issues.

TL;DR;
We have the methods to write safe software. It's not easy and it is very time consuming.
If you are interested in doing it I recommend going for an EE degree rather than CS. Reading the standards will be hard otherwise and understanding the possible failure modes even more so.