As software development grows in complexity, creating stunning end results for users, the growing number of interactions inevitably produces bugs. The constant disruption of updates and new functionalities means bugs become more common and revenue reducing defects are now accepted as the norm.
Consequently, a $10m National Science Foundation grant has been pledged to a group of minds from MIT, Princeton, Yale and the University of Pennsylvania, who aim to use logic itself as the saviour of unreliable software, claiming they can eradicate bugs entirely.
The logic behind deep specification
While this may seem fanciful, the science behind it is grounded. The basic principle concerns the way specifications of application components are currently written. Rather than creating new technology to eradicate bugs, the study suggests software in its current state is inherently flawed.
Current specifications that describe components of an application are not sufficiently comprehensive. This means unexpected interactions with other components causes bugs. DeepSpec (short for Expeditions in Computing: The Science of Deep Specification) aims to create and standardise practices for describing software using deep specifications based on formal logic. Its mission statement is the “specification and verification of full functional correctness“.
The group aims to create software in which bugs are scientifically impossible, without changing the way it is constructed. The changes they intend to impose centre on how the potential behaviour of a component is described and how these descriptions are communicated. Crucially, DeepSpec’s technique can also be applied retrospectively to existing software. Like many great ideas, the beauty lies in its simplicity.
How software bugs occur
Often bugs are caused by change – a new patch, a new version or interaction.
Current specifications used for Application Programming Interfaces (APIs), the points at which components communicate with each other, are merely based on models of that component. They do not fully cover how the component behaves in practice, especially if circumstances change from those originally predicted.
Once written, current specifications cannot be changed. They describe how the component should work or interact with others and are inflexible.
Specifications are often written only to satisfy the requirements of interactions the component is expected to make, so the minimum is written to satisfy that need. They may not take into account the fact that components interact from above and below, and different specifications are needed to fully cover each interaction.
While we do not use deep logic to cover all eventualities, specifications are written using an element of guesswork. For this reason, there is always a chance, however small, of bugs. As Rita Rae Brown said: “Intuition is a suspension of logic due to impatience.”
Deep specifications consider every possible interaction the component could make to eradicate the uncertainty that creates bugs. In theory, if we specify possible behaviour in sufficient detail, then unspecified interactions, and therefore bugs, are impossible.
Advantages of deep specifications
Deep specifications have four main advantages over the standard specifications we rely on today:
- Rich (describing complex component behaviours in more detail)
- Two-sided (the specification takes into account interactions from above, and below, it connects to both implementations and clients)
- Formal (written in a mathematical notation with clear semantics to support tools such as type checkers, analysis and testing tools, automated or machine-assisted provers, and advanced IDEs)
- Live (connected via machine-checkable proofs to the implementation and client code)
Coding as art or science?
One problem with current software deployment is that more pragmatic operations teams rely on code from developers who often value creativity over reliability.
DeepSpec member Zhong Shao says: “I think at an earlier time, security and reliability were not considered to be as important,” he said. “Initially, computers were not used for critical applications.” DeepSpec aims to add the infallible, deep-rooted reliability of science to the art of coding.
Developers may be the new rock stars, but a serious security breach can cost a company more than it gains from an innovative new app.
As more of life’s essential tools become ‘live’ with the Internet of Things, bugs will potentially play a greater part in our lives if software development continues to progress unchecked.
“In our interconnected world, software bugs and security vulnerabilities pose enormous costs and risks. When you press, the accelerator pedal or the brake in a modern car, for instance, you are just suggesting to some computer program that you want to speed up or slow down. The computer had better get it right.” – DeepSpec leader Andrew Appel.
More and more inter-dependencies will occur within and between applications, and each person will have their unique matrix of complexity depending on lifestyle and taste. The complexity IT faces is astounding, even to IT professionals themselves who have no way of predicting where the next disruptive mega-trend will emerge from.
How will we use ‘perfect’ software?
The grant covers not only research by seven experts but also the promotion of the resulting methodologies as standard engineering methods. The question is how obtainable deep specifications will be for everyday apps. Such comprehensive thought threatens the agility that allows companies to bring ideas to market ahead of their competition.
If DeepSpec is successful, perhaps ‘perfect’ software would be better suited to systems of record (core, background business processes such as information storage and retrieval) rather than systems of engagement (innovative customer-facing apps like social media and fitness apps). A bug in a social media app is not as costly as it is for a core banking system.
How to use deep specifications and maintain agility
There are two possible ways around this hindrance to agility.
Specification writing could become another new job role, a side-product of the digital age such as the Social Media Manager. This means writing deep specifications would not detract as much from the agility of DevOps teams who can focus on building the app itself rather than describing how it will work.
The second way is automation. If the logic for each new component is written to a deep specification and added to a database, a programme can be written to check the logic within that individual specification is sound. This same programme could also create the deep logic covering every possible interaction a component could make with others.
Holes in the logic?
One problem with the DeepSpec theory is there are millions of interactions we can make on an application with a keyboard and mouse. When we combine this with a second programme, we have to multiply these millions together to make billions or more. There is not enough memory available on the planet to document every single possible interaction, so is perfect software possible?
What is possible is for deep specifications to record interactions of all likely interactions. This will reduce the chances of bugs significantly, but not make them logically impossible. Once a deep specification is written for each component, they could be linked with an automated programme using deep logic to make interactions between them extremely safe.
However, sometimes very unlikely interactions uncover bugs that go undiscovered for years. For instance, a frustrated Linux user randomly discovered you could hack a Linux system by pressing backspace 28 times in a row. Perhaps deep logic could remove these bugs, but another even more unlikely combination could exist somewhere, perhaps never exposed.
DeepSpec has no commercial loyalties except proving value for a $10m investment, so this is a unique opportunity to fully explore whether the perfect software is possible. The worst-case scenario is they find ways to make the software more reliable, if not perfect, so the project should benefit the IT industry as a whole. If DeepSpec achieves their aim, they could deliver yet another disruptive technology to change the face of testing entirely.
However, until code is written bug-free, there is the need to test your software.