Correctness (was: Re: Reliability of RPC services)

[olafBuddenhagen]

Hi,

On Tue, Apr 25, 2006 at 04:39:00PM -0400, Jonathan S. Shapiro wrote:

> Programmers are (generally speaking) both lazy and stupid. If a
> programmer can rely on robust behavior in the local case, and also gets
> it 99%+ of the time in the network case, they will write programs that
> assume that this behavior is universally true, and these programs will
> fail when the bad thing actually happens. Such conditions are extremely
> hard to test, and they really do happen in the real world, because a
> 0.02% likely event happens quite often when measured over 100,000
> machines across the world.
> 
> Empirical evidence for my statement: run grep on any large body of
> source code. Measure the percentage of calls to read() where the error
> result is actually checked. How many programs recover from bad disk
> blocks? Hell, how many Linux *FS implmentations* check for them?

And yet, how often does that actually cause serious trouble in practice?

I'm not sure being 100% correct is always worth the effort :-(

-antrik-