From: Jeremiah@pdp10.guru
To: mhw@netris.org
Cc: guix-devel@gnu.org
Subject: Re: Trustworthiness of build farms (was Re: CDN performance)
Date: Fri, 04 Jan 2019 20:57:33 +0000 [thread overview]
Message-ID: <87va34ywci.fsf@ITSx01.pdp10.guru> (raw)
In-Reply-To: 87y38auntv.fsf@netris.org
> Where are you getting those complexity expressions from?
Approximation of developer effort spent on single pass workflows and
bugfree libraries in the State of Michigan Welfware Eligibility System
extracted from it's ClearCase commit history. (Thank god, I finally got
them to convert to git after 3 years of wailing and gnashing of teeth)
> Can you cite references to back them up?
I can site the numbers I used to generate those approximate complexity equations
> If not, can you explain how you arrived at them?
Simple graphing and curve matching of collected data.
> What is 'c'?
Number of 'Features' a program had.
In short I found it is far easier for a developer to add features to a
program but it is really really hard to make sure the existing
functionality is bug free.
> If you're referring to the bugs found in CompCert, the ones I know about
> were actually bugs in the unverified parts of the toolchain.
I was referring to the bugs in the verified parts in regards to C's
undefined behavior.
> In the past, its frontend was unverified, and several bugs were found there.
> Even today, it produces assembly code, and depends on an unverified
> assembler and linker.
Which depending on if the compiler has been formally proven to only
output valid assembly (no 33bit offset loads) then that is less of a
concern.
(Let us just hope the assembler doesn't arbitrarily choose 8bit
immediates for performance reasons when given a 32bit int)
> Bugs can also exist in the specifications themselves, of course.
The most important class of bugs indeed
> I'm not sure what "and human model first behavior" means, but if you
> mean that the semantics of languages should strive to match what a human
> would naturally expect, avoiding surprising or unintuitive behavior, I
> certainly agree.
That is exactly what I mean. The problem is ultimately do be useful
things one has to support things that violate that in very terriable
ways (like support IEEE floating point, disable garbage collection, etc).
> I consider Standard ML, and some subsets of Scheme and
> Lisp, to be such languages
They certainly do have wonderful properties but I wouldn't say they
qualify as matching the human model first behavior requirement (easy to
verify by doing the 50 non-programmers first hand test)
Ask a room full of non-programmers to use scheme to write a standard web
CRUD app using an SQLite3 database backend or do XML parsing or generate
a pdf/excel file. It doesn't look pretty and most just give up on the
offer of free money after a bit.
> If I understand correctly, what you don't expect to happen has already
> been done. CakeML is free software, and formally proven correct all the
> way down to the machine code. Moreover, it implements a language with
> an exceptionally clear semantics and no undefined behavior.
I don't deny that the CakeML team did an excellent job on their formally
verified backend and their type inferencer. Most humans are not
programmers and of the programmers, most of them programming by proof
isn't in the realm of intuitive.
> Anyway, you've made it fairly clear that you're not interested in this
> line of work, and that's fine.
It isn't so much as not interested but rather it is lower on my priorities
> I appreciate the work you're doing > nonetheless.
As I appreciate the work you do as well.
-Jeremiah
next reply other threads:[~2019-01-04 20:57 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-04 20:57 Jeremiah [this message]
2019-01-05 17:16 ` Trustworthiness of build farms (was Re: CDN performance) Mark H Weaver
-- strict thread matches above, loose matches on Subject: below --
2019-01-20 12:24 Jeremiah
2019-01-05 20:15 jeremiah
2019-01-06 20:47 ` Chris Marusich
2019-01-18 10:54 ` Giovanni Biscuolo
2018-12-26 2:29 Jeremiah
2018-12-28 7:12 ` Mark H Weaver
2018-12-22 17:23 Jeremiah
2018-12-23 16:37 ` Mark H Weaver
2018-12-03 15:43 [PATCH 0/3] Defaulting to ci.guix.info (aka. berlin.guixsd.org) Ludovic Courtès
2018-12-03 16:12 ` Using a CDN or some other mirror? Ludovic Courtès
2018-12-09 3:33 ` Chris Marusich
2018-12-09 15:59 ` CDN performance Ludovic Courtès
2018-12-13 8:05 ` Chris Marusich
2018-12-13 10:41 ` Giovanni Biscuolo
2018-12-15 1:40 ` Mark H Weaver
2018-12-19 12:40 ` Giovanni Biscuolo
2018-12-21 0:23 ` Trustworthiness of build farms (was Re: CDN performance) Mark H Weaver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87va34ywci.fsf@ITSx01.pdp10.guru \
--to=jeremiah@pdp10.guru \
--cc=guix-devel@gnu.org \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).