Vigorous Public Debates in Academic Computer Science (opens in new tab)

(blog.regehr.org)

81 pointsmad9y ago35 comments

35 comments

Some of those are classics. The Lipton-Perlis-DeMillo argument against program verification is a good one.[1] They demonstrated that manual programming verification via hand theorem proving is buggy. Automated theorem proving was new back then.

This was an issue back in the 80s for a philosophical reason in mathematics. Mathematics classically approves of short, clever, elegant proofs. The paper-and-pencil crowd was trying to do that for code. In practice, program verification is about mechanized grinding through massive numbers of dumb assertions to catch off-by-one errors.

This used to bother mathematicians. When the four-color theorem was originally proved, it was done partly by hand and partly with computer case analysis. The computer part bothered many mathematicians. The culture has changed. Recently, someone redid the proof with the old hand parts re-done by computer. Since that eliminated some possible human errors, that was a step forward in solidifying the proof.

We also know now how to check a theorem prover. Some theorem provers emit a proof trace, huge files of "Step 2437: apply rule 42 to change 2*X to X+X". Proof traces can be fed into a dumb proof checker which does the indicated rewrite and checks that the expected output is obtained.

So progress has resolved that issue.

[1] http://www.yodaiken.com/papers/p271-de_millo.pdf

nickpsecurity9y ago

Far as prover verification, these people mostly solved it:

https://www.cs.utexas.edu/users/jared/milawa/Web/

They start with small logics you can do by hand in verified code. They gradually build on them, one layer at a time, increasingly sophisticated logics until they have a useful theorem prover in first-order logic. I also found a HOL-to-FOL converter. Since most of their stuff is HOL, that means we're almost done at that point for the verification chain.

pron9y ago

These are the response letters to the editor re the De Millo-Lipton-Perlis article:

http://research.microsoft.com/en-us/um/people/lamport/pubs/l...

ChuckMcM9y ago

This was the one I was going to bring up as well. USC-ISI had several students working in this space in the early 80's. The other one which comes to mind are the arguments about AI and whether or not it was a thing or an artifact of better algorithms.

pron9y ago

While not exactly a debate -- more of a fundamental difference in outlook -- these are interesting, completely opposite claims:

Bob Harper[1]:

> There is an alternative… without… reference to an underlying machine… [W]e adopt a linguistic model of computation, rather than a machine model, and life gets better! There is a wider range of options for expressing algorithms, and we simplify the story of how algorithms are to be analyzed.

Leslie Lamport[2]:

> Thinking is not the ability to manipulate language; it’s the ability to manipulate concepts. Computer science should be about concepts, not languages. … State machines… provide a uniform way to describe computation with simple mathematics. The obsession with language is a strong obstacle to any attempt at unifying different parts of computer science.

[1]: https://existentialtype.wordpress.com/2011/03/16/languages-a...

[2]: http://research.microsoft.com/en-us/um/people/lamport/pubs/s...

nickpsecurity9y ago

So far, evidence is leaning toward latter view where physics imposes hard constraints on how we build our CPU's, etc for max performance. Same with software where certain things keep showing up (eg caching) due to mechanical constraints. Best result would seem to be a combo of abstract models for mathematical analysis and high-level languages that easily map to both those and the machines. Of course, many people have produced such tools. We're going in what appears to be objectively correct direction. :)

pron9y ago

Lamport also advocates abstract models and high-level specification, but in program logics (based on abstract state machines) rather than in programming languages.

nickpsecurity9y ago

That's what I said but in different words. That's slso been where the payoff has beenin about any, automated activity on software. Generally some math notation that's easy to analyze or something close to CPU/memory models.

Langsec is a notable exception where Chomsky's hierarchy paid off big time. The notations and implementations still more consistent with Lamport, though. So, semi-exception.

agumonkey9y ago

pardon my anecdote but after years of imperative and OOP, ad nauseam, I went into LISP/ML, to be stateless, but then structural parametric types and "state" got closer and closer at the conceptual level, just not "mutable".

tlb9y ago

I was a co-author on one of the contentious papers [0] in log-structured file systems, addressing the question of whether log cleaning could be done during idle times (yes, for any reasonable workload).

There was a surprising amount of drama and personal rivalry. While distracting, knowing that our results would be picked apart motivated us to be really rigorous.

In the end, modern file systems take the best aspects of both. Like the RISC-CISC debate, it's hard to draw a firm conclusion about the two ideas because they're tied up with the quality of implementations, and the optimal answer involves a synthesis of the ideas.

[0] http://www.eecs.harvard.edu/margo/papers/usenix95-clean/pape...

userbinator9y ago

One debate that I thought would be mentioned is "Goto statement considered harmful", "'GOTO Considered Harmful' Considered Harmful.", and "GOTO Considered Harmful" Considered Harmful' Considered Harmful?" I think it's somewhat disappointing that a lot of CS education always mentions Dijkstra's original argument, but not the other side. The latter two can be found here:

http://web.archive.org/web/20090320002214/http://www.ecn.pur...

https://dx.doi.org/10.1145%2F22899.315729

marcosdumay9y ago

That's because the original Dijkstra argument was part of a research line that created structured programming. The essay (and the other papers) has really nothing against the usage on that your first link. The real problem was goto into loops or subs, not out of them, and not as switch statements.

Current languages mostly don't even allow the bad kinds anymore, so people can ignore history, and complain that "goto isn't so bad, I've never seen anybody abusing it like he claims in the essay."

adrianratnapala9y ago

If the bad kinds of `goto` aren't even allowed by compilers any more, then there is precious little to be gained by teaching youngesters that gotos are bad.

But we do teach them that. As a result I recently had to review changes made by a (very capable) junior colleague who failed to actually implement the desired feature, but did get so upset by the goto-based error handling that he replaced it with incorrect exception-based code.

marcosdumay9y ago

> But we do teach them that.

When teaching a language that support bad gotos, or compilers. Otherwise, you can count a lot of people (including me) out of that undefined "we" pronoun.

There's little point in teaching newbies about goto at all. The few modern implementations are for experts, because it can still lead to some bad code, just not the kind of "bad" Dijkstra was talking about. Yet there's a group of people that will evangelize about any subject you can think about, normally people with very shallow knowledge on the subject.

TheOtherHobbes9y ago

It's curious how unempirical these debates are.

The empirical approach would be to compare outcomes of different approaches, trying to control the independent variables.

But CS instead seems to be run by polemic, "Well, obviously..." rhetoric, and tribal affiliation.

I've yet to be convinced this is the ideal way to improve the tools and techniques of CS.

taeric9y ago

This is actually the main thing I like about Knuth. Things are either proven, in very strict terms, or they are empirically studied. Also typically in rigorous means.

People usually present his work in terms of proofs only. Typically with big O considerations. Reading him, he very quickly warns of the dangers in big O analysis. (He is still a fan of it. Encouraged it as a math aid for grade school work, at one point.)

2 more replies

marcosdumay9y ago

I recommend anybody to look at Dijkstra's notes on structured programming¹. It's a very worth teaching on how to conduct impartial research and transform a field of knowledge.

But TL.DR. - He got digged plenty of repeating cases of bad code, and proceeded to fix every one of them with very few coherent and systematic changes.

1 - His notes are here: http://www.cs.utexas.edu/users/EWD/ unfortunately, I don't remember what numbers to look.

eli_gottlieb9y ago

http://dl.acm.org/citation.cfm?id=2851730

RandomOpinion9y ago

The best modern analysis of Dijkstra's original letter I've seen is is David Tribble's "Go To Statement Considered Harmful: A Retrospective" which dissects it line by line and explains it in the historical context in which Dijkstra wrote it.

http://david.tribble.com/text/goto.html

Eliezer9y ago

And of course the last one in the sequence is "Goto Considered Harmful Considered Harmful Considered Harmful". Yet another illustration of Ultrafinite Recursion!

(https://m.facebook.com/story.php?story_fbid=1015411943840422...)

moyix9y ago

And who can forget when the debate went meta with "Considered Harmful" Essays Considered Harmful: http://meyerweb.com/eric/comment/chech.html

microtherion9y ago

Personally, I thought that Knuth's Structured Programming with goto Statements was the most nuanced argument in this debate: http://web.archive.org/web/20130731202547/http://pplab.snu.a...

waterhouse9y ago

The "GOTO considered harmful" papers seem to have been appended to Regehr's post.

regehr9y ago

Yes, I'm adding them as I learn about them her (or, in this case, am reminded about them).

westoncb9y ago

I had heard vaguely of the 'microkernal debate' in the past, but never checked it out. Didn't realize the other main participant (aside from Linus Torvalds) was Andrew Tanenbaum. Very entertaining/interesting read. (The linked article refers us here: http://www.oreilly.com/openbook/opensources/book/appa.html)

nickpsecurity9y ago

The Shapiro article in Tannenbaum's link is good too. He's a bright guy that did the EROS project for anyone that doesn't know. Here it is in archive.org:

https://web.archive.org/web/20050514121653/http://www.eros-o...

https://web.archive.org/web/20050211090602/http://www.eros-o...

Two other good articles are why the EAL4 evaluations that Windows et al were getting are worthless and what a secure, build system might look like.

https://web.archive.org/web/20040214043848/http://eros.cs.jh...

https://www.usenix.org/legacy/publications/library/proceedin...

tr3529y ago

To be fair, these are debates about issues that are rather insignificant from a broader CS perspective. Engineering problems (methodology, network protocols, file systems, kernel implementation details) or debates that are infamous mostly due to their polemic nature (Dijkstra-Backus, or Dijkstra-Anything, for that matter).

I think it's true. In CS there are no deep fundamental or philosophical debate-evoking schisms of the likes you sometimes find in other fields. Consider economics, philosophy, physics (theory of everything) or the soft sciences.

Even the hottest problem in CS (P vs NP, of course) doesn't seem to evoke much debate among computer scientists.

kctess59y ago

Let's not forget about tabs v spaces though

asimuvPR9y ago

I've come to personally settle that one. Spaces for python and tabs for everything else. (Shrugs)

jackmott9y ago

Need a lot less rhetoric and a lot more controlled experiments.

adrianratnapala9y ago

We can't "control".

For example: someone in nineties-or-naughties once experimentally "proved" that Java was faster than C for matrix maths -- because of the overhead of `free()`! If that sounds ridiculous to you, then understand this really matters for certain implementations of certain matrix problems.

So the take-away hangs not on the nature of C vs. Java, but on whether the study matters in the real world. Emprics in CS are good for engineers quietly doing their own job, but for debates they are as fraught as in the soft-sciences.

Indeed CS is a soft-science. Or rather it is not a science at all, but a mathematical art, with bonus people issues.

pron9y ago

Computer scientists really hate those. Seems like we're stuck with the rhetoric.

GFK_of_xmaspast9y ago

Also of interest is one of regehr's commentators posting a link to Kahan's rebuttal to those "unum" numbers.

j / k navigate · click thread line to collapse

35 comments

Animats9y ago

So progress has resolved that issue.

[1] http://www.yodaiken.com/papers/p271-de_millo.pdf

nickpsecurity9y ago

Far as prover verification, these people mostly solved it:

https://www.cs.utexas.edu/users/jared/milawa/Web/

pron9y ago

These are the response letters to the editor re the De Millo-Lipton-Perlis article:

http://research.microsoft.com/en-us/um/people/lamport/pubs/l...

ChuckMcM9y ago

pron9y ago

While not exactly a debate -- more of a fundamental difference in outlook -- these are interesting, completely opposite claims:

Bob Harper[1]:

Leslie Lamport[2]:

[1]: https://existentialtype.wordpress.com/2011/03/16/languages-a...

[2]: http://research.microsoft.com/en-us/um/people/lamport/pubs/s...

nickpsecurity9y ago

pron9y ago

Lamport also advocates abstract models and high-level specification, but in program logics (based on abstract state machines) rather than in programming languages.

nickpsecurity9y ago

Langsec is a notable exception where Chomsky's hierarchy paid off big time. The notations and implementations still more consistent with Lamport, though. So, semi-exception.

agumonkey9y ago

tlb9y ago

There was a surprising amount of drama and personal rivalry. While distracting, knowing that our results would be picked apart motivated us to be really rigorous.

[0] http://www.eecs.harvard.edu/margo/papers/usenix95-clean/pape...

userbinator9y ago

http://web.archive.org/web/20090320002214/http://www.ecn.pur...

https://dx.doi.org/10.1145%2F22899.315729

marcosdumay9y ago

Current languages mostly don't even allow the bad kinds anymore, so people can ignore history, and complain that "goto isn't so bad, I've never seen anybody abusing it like he claims in the essay."

adrianratnapala9y ago

If the bad kinds of `goto` aren't even allowed by compilers any more, then there is precious little to be gained by teaching youngesters that gotos are bad.

marcosdumay9y ago

> But we do teach them that.

When teaching a language that support bad gotos, or compilers. Otherwise, you can count a lot of people (including me) out of that undefined "we" pronoun.

TheOtherHobbes9y ago

It's curious how unempirical these debates are.

The empirical approach would be to compare outcomes of different approaches, trying to control the independent variables.

But CS instead seems to be run by polemic, "Well, obviously..." rhetoric, and tribal affiliation.

I've yet to be convinced this is the ideal way to improve the tools and techniques of CS.

taeric9y ago

This is actually the main thing I like about Knuth. Things are either proven, in very strict terms, or they are empirically studied. Also typically in rigorous means.

2 more replies

marcosdumay9y ago

I recommend anybody to look at Dijkstra's notes on structured programming¹. It's a very worth teaching on how to conduct impartial research and transform a field of knowledge.

But TL.DR. - He got digged plenty of repeating cases of bad code, and proceeded to fix every one of them with very few coherent and systematic changes.

1 - His notes are here: http://www.cs.utexas.edu/users/EWD/ unfortunately, I don't remember what numbers to look.

eli_gottlieb9y ago

http://dl.acm.org/citation.cfm?id=2851730

RandomOpinion9y ago

http://david.tribble.com/text/goto.html

Eliezer9y ago

And of course the last one in the sequence is "Goto Considered Harmful Considered Harmful Considered Harmful". Yet another illustration of Ultrafinite Recursion!

(https://m.facebook.com/story.php?story_fbid=1015411943840422...)

moyix9y ago

And who can forget when the debate went meta with "Considered Harmful" Essays Considered Harmful: http://meyerweb.com/eric/comment/chech.html

microtherion9y ago

Personally, I thought that Knuth's Structured Programming with goto Statements was the most nuanced argument in this debate: http://web.archive.org/web/20130731202547/http://pplab.snu.a...

waterhouse9y ago

The "GOTO considered harmful" papers seem to have been appended to Regehr's post.

regehr9y ago

Yes, I'm adding them as I learn about them her (or, in this case, am reminded about them).

westoncb9y ago

nickpsecurity9y ago

The Shapiro article in Tannenbaum's link is good too. He's a bright guy that did the EROS project for anyone that doesn't know. Here it is in archive.org:

https://web.archive.org/web/20050514121653/http://www.eros-o...

https://web.archive.org/web/20050211090602/http://www.eros-o...

Two other good articles are why the EAL4 evaluations that Windows et al were getting are worthless and what a secure, build system might look like.

https://web.archive.org/web/20040214043848/http://eros.cs.jh...

https://www.usenix.org/legacy/publications/library/proceedin...

tr3529y ago

Even the hottest problem in CS (P vs NP, of course) doesn't seem to evoke much debate among computer scientists.

kctess59y ago

Let's not forget about tabs v spaces though

asimuvPR9y ago

I've come to personally settle that one. Spaces for python and tabs for everything else. (Shrugs)

jackmott9y ago

Need a lot less rhetoric and a lot more controlled experiments.

adrianratnapala9y ago

We can't "control".

Indeed CS is a soft-science. Or rather it is not a science at all, but a mathematical art, with bonus people issues.

pron9y ago

Computer scientists really hate those. Seems like we're stuck with the rhetoric.

GFK_of_xmaspast9y ago

Also of interest is one of regehr's commentators posting a link to Kahan's rebuttal to those "unum" numbers.

j / k navigate · click thread line to collapse