[erlang-questions] illegal guard expression: filelib:is_dir(H)

Michael Turner leap@REDACTED
Tue Feb 16 15:39:02 CET 2010

On 2/16/2010, "Tony Finch" <dot@REDACTED> wrote:

>On Tue, 16 Feb 2010, Michael Turner wrote:
>> It's not formal correctness VERSUS Real Man Programmers with Grease on
>> Their Hands.  I think the problem is that formal correctness got
>> oversold on unrealistic merits alone, and after the dashed expectations,
>> nobody got in there and sold a practical and credible bill of goods with
>> more modest goals.
>The state of the art has come along way since those days, and Coverity is
>a state of the art static checker. Before dismissing Richard's complaints,
>go and read the litany of stupidity they have suffered from their

I'm not sure how you interpreted what I wrote as "dismissing Richard's
complaints" (if that's what you intended by the above), but at the
halfway point of the above essay, I'm certainly mystified by your
"litany of stupidity" comment about Coverity's users.

Yes, the account you point me to shows that they were dealing at times
with some very junior people or insular programming cultures or
overmanaged hierarchies with staffers feeling like powerless,
disaffected nodes.  But if you've spent time at any significant number
of companies (one of the few benefits of an otherwise tattered resume
like mine), you'll find worse.  (Just in case any of you are wondering
why I don't program professionally anymore.)

They also describe themselves (*twice*) as "naive" in their product
planning strategy and marketing, in the introductory section, and
confess that a bug in their system -- as basic as parsing filesystem
paths -- did caused the execution of an "rm -rf *" on one customer's
system.  To the extent that it's an indictment, it's not so much
pointing at the stupdity of Coverity customers as the sloppiness (or
perhaps spinelessness) of compiler vendors, who you'd think would know
better.[*]  Though of course, the paranoia of the customer's lawyers
also gets its due. [**]

With humility like this, Edsger Dijkstra might have made a much more
serious dent, in his time.

So I find myself impressed not so much by any advances in "the state of
the art" here as by the pragmatism of the authors.  There's no snooty,
"well, if people only used *my* formally-gem-like programming language
with its implicit methodology, things would be *so*  much better." 
Real life isn't about some utopian Point Z.  It's about getting from
Point A to Point B, only to realize you might have it all wrong about
Point C. [***]

I think if there's a lesson from Coverity's experience at all, it's
that, with a little more humility and practicality on the part of the
programming language semantics community back in the 1970s, the business
value of what they were talking about might have been appreciated early
on, and the kind of thing Coverity does would be a lot easier, both to
write and to use.  As it was, by early 80s, I found couldn't talk about
ideas like limiting the semantics of special purpose languages for
applications like VLSI CAD to make it easier to develop formally
"correct by construction" designs without noticing everybody in the
room cringing.  (At least at UC Berkeley.)

-michael turner

[*] Sample line: "Unfortunately, the creativity of compiler writers
means that despite two decades of work [on the Edison Design Group (EDG)
C/C++ front-end], EDG still regularly meets defeat when trying to parse
real-world large code bases."

[**] Read starting from "Can we get customer source code? Almost always,

[***]  See, for example, the early history of Erlang.

More information about the erlang-questions mailing list