If You’Re Non Writing A Program, Don't Purpose A Programming Language
This article past times Leslie Lamport has appeared lately at the Distributed Computing & Education Column.
This article focuses to a greater extent than on the distinction betwixt the TLA+ modeling linguistic communication versus programming languages. Earlier I had written a spider web log transportation service nigh to a greater extent than full general benefits of modeling together with model-checking.
This is non a technical article thence instead of trying to summarize/review the psyche points, I just include about pick quotes from the article below. The most of import takeout message is at the end, which I emphasize with the bold font.
Algorithms are non programs, together with they tin live expressed inwards a simpler together with to a greater extent than expressive language. That linguistic communication is the 1 used past times almost every branch of scientific discipline together with applied scientific discipline to just depict together with argue nigh the objects they study: the linguistic communication of mathematics.
Programming is every bit good oftentimes taken to hateful coding, together with the algorithm is almost e'er developed along with the code. To empathize why this is bad, imagine trying to notice Euclid's algorithm past times thinking inwards damage of code rather than inwards damage of mathematics.
A correctness belongings of an algorithm is oftentimes best expressed every bit a higher-level algorithm. Proving correctness together with thence agency proving that the master copy algorithm refines the higher-level one. This normally involves both information refinement together with measuring refinement.
I expression that this sort of refinement sounds similar magic to most readers, who won't believe that it tin function inwards practice. I volition only written report that alongside the refinement proofs I produce got written is a machine-checked correctness proof of the consensus algorithm at the midpoint of a subtle fault-tolerant distributed algorithm past times Castro together with Liskov that uses 3F + 1 processes, upwards to F of which may live malicious (Byzantine). The proof shows that the Castro-Liskov consensus algorithm refines a version of the 2F + 1 procedure Paxos consensus algorithm that tolerates F benignly faulty processes. Steps of malicious processes, every bit good every bit many steps taken past times the proficient processes to forbid malicious ones from causing an wrong execution of Paxos, refine stuttering steps of the Paxos algorithm. I constitute that viewing the Castro-Liskov algorithm every bit a refinement of Paxos was the best way to empathize it.
Today, programming is mostly equated with coding. It's difficult to convince students who desire to write code that they should acquire to retrieve mathematically, higher upwards the code level, nigh what they’re doing. Perhaps the next observation volition give them pause. It's quite probable that during their lifetime, motorcar learning volition completely modify the nature of programming. The programming languages they are forthwith using volition seem every bit quaint every bit Cobol, together with the coding skills they are learning volition live of piffling use. But mathematics volition stay the queen of science, together with the powerfulness to retrieve mathematically volition e'er live useful.
2014 together with 2015. I gave many examples of modeling with TLA+, every bit I retrieve lack of examples is 1 of the biggest obstacles earlier TLA+ achieving wider adoption. Some include modeling of 2-phase commit transactions, synchronized circular consensus, chain replication, hygenic dining philosophers, and Paxos together with Flexible Paxos. I also role TLA+ inwards my enquiry papers to render an unambiguous pseudocode for algorithms, every bit good every bit a way to model cheque their correctness.
This summer, I volition live joining Microsoft Azure Cosmos DB team for my sabbatical for vi months. I volition acquire a direct a opportunity to role TLA+ inwards exercise in the context of a really large-scale globally distributed, multi-model database service. So yous tin expression many to a greater extent than TLA+ posts inwards this infinite soon.
But then, wouldn't this produce got worked for the RTOS projection cited above? They could produce got written the design/algorithm inwards pseudocode C first, together with would produce got achieved the same benefits. But perchance trying to write the design/algorithm inwards the programming linguistic communication convey a lot of baggage with it (brainwashing every bit the quotation higher upwards mentions) that this is impossible. Maybe this is the curse of the Whorfian syndrome Lamport wrote nigh inwards about other article. "Computer scientists collectively endure from what I telephone yell upwards the Whorfian syndrome -- the confusion of linguistic communication with reality."
2. Would a succinct programming linguistic communication nullify (or weaken) the arguments inwards this article? What is your favorite succinct programming language?
Paul Graham swears past times the benefits of Lisp. He quotes ESR there: "Lisp is worth learning for the profound enlightenment sense yous volition produce got when yous live acquire it; that sense volition brand yous a amend programmer for the residue of your days, fifty-fifty if yous never genuinely role Lisp itself a lot."
Maybe the benefits come upwards from declarative versus operational thinking? So declarative languages would produce got an wages over operational languages.
I am non a programming linguistic communication guy. And I don't desire to get down a PL frame war, thence perchance I should stop. (This may live the most unsafe MAD interrogation I had written :-)
This article focuses to a greater extent than on the distinction betwixt the TLA+ modeling linguistic communication versus programming languages. Earlier I had written a spider web log transportation service nigh to a greater extent than full general benefits of modeling together with model-checking.
This is non a technical article thence instead of trying to summarize/review the psyche points, I just include about pick quotes from the article below. The most of import takeout message is at the end, which I emphasize with the bold font.
Algorithms are non programs, together with they tin live expressed inwards a simpler together with to a greater extent than expressive language. That linguistic communication is the 1 used past times almost every branch of scientific discipline together with applied scientific discipline to just depict together with argue nigh the objects they study: the linguistic communication of mathematics.
Programming is every bit good oftentimes taken to hateful coding, together with the algorithm is almost e'er developed along with the code. To empathize why this is bad, imagine trying to notice Euclid's algorithm past times thinking inwards damage of code rather than inwards damage of mathematics.
The [TLA+] abstraction helped a lot inwards coming to a much cleaner architecture (we witnessed first-hand the brainwashing done past times years of C programming). One of the results was that the code size is nigh 10× less than inwards [the previous version].
(Eric Verhulst, Raymond T. Boute, José Miguel Sampaio Faria, Bernard H. C. Sputh, together with Vitaliy Mezhuyev. Formal Development of a Network-Centric RTOS. Springer, New York, 2011.)The mutual obsession with languages powerfulness Pb readers to retrieve this lawsuit was due to about magical features of TLA+. It wasn’t. It was due to TLA+ letting users retrieve mathematically.
A correctness belongings of an algorithm is oftentimes best expressed every bit a higher-level algorithm. Proving correctness together with thence agency proving that the master copy algorithm refines the higher-level one. This normally involves both information refinement together with measuring refinement.
I expression that this sort of refinement sounds similar magic to most readers, who won't believe that it tin function inwards practice. I volition only written report that alongside the refinement proofs I produce got written is a machine-checked correctness proof of the consensus algorithm at the midpoint of a subtle fault-tolerant distributed algorithm past times Castro together with Liskov that uses 3F + 1 processes, upwards to F of which may live malicious (Byzantine). The proof shows that the Castro-Liskov consensus algorithm refines a version of the 2F + 1 procedure Paxos consensus algorithm that tolerates F benignly faulty processes. Steps of malicious processes, every bit good every bit many steps taken past times the proficient processes to forbid malicious ones from causing an wrong execution of Paxos, refine stuttering steps of the Paxos algorithm. I constitute that viewing the Castro-Liskov algorithm every bit a refinement of Paxos was the best way to empathize it.
Today, programming is mostly equated with coding. It's difficult to convince students who desire to write code that they should acquire to retrieve mathematically, higher upwards the code level, nigh what they’re doing. Perhaps the next observation volition give them pause. It's quite probable that during their lifetime, motorcar learning volition completely modify the nature of programming. The programming languages they are forthwith using volition seem every bit quaint every bit Cobol, together with the coding skills they are learning volition live of piffling use. But mathematics volition stay the queen of science, together with the powerfulness to retrieve mathematically volition e'er live useful.
Related posts on TLA+
Hillel maintains a overnice tutorial for TLA+. He has an upcoming majority on TLA+.2014 together with 2015. I gave many examples of modeling with TLA+, every bit I retrieve lack of examples is 1 of the biggest obstacles earlier TLA+ achieving wider adoption. Some include modeling of 2-phase commit transactions, synchronized circular consensus, chain replication, hygenic dining philosophers, and Paxos together with Flexible Paxos. I also role TLA+ inwards my enquiry papers to render an unambiguous pseudocode for algorithms, every bit good every bit a way to model cheque their correctness.
This summer, I volition live joining Microsoft Azure Cosmos DB team for my sabbatical for vi months. I volition acquire a direct a opportunity to role TLA+ inwards exercise in the context of a really large-scale globally distributed, multi-model database service. So yous tin expression many to a greater extent than TLA+ posts inwards this infinite soon.
MAD questions
1. Instead of the succinctness distinction betwixt a programming linguistic communication together with a specification language, perchance the deviation inwards benefits comes to a greater extent than from the process. You should approach programming inwards a ii stage manner: think earlier yous code. Before yous get down writing whatsoever pretensibly executable code, retrieve outset together with write a design/algorithm/model outset using that programming linguistic communication every bit pseudocode.But then, wouldn't this produce got worked for the RTOS projection cited above? They could produce got written the design/algorithm inwards pseudocode C first, together with would produce got achieved the same benefits. But perchance trying to write the design/algorithm inwards the programming linguistic communication convey a lot of baggage with it (brainwashing every bit the quotation higher upwards mentions) that this is impossible. Maybe this is the curse of the Whorfian syndrome Lamport wrote nigh inwards about other article. "Computer scientists collectively endure from what I telephone yell upwards the Whorfian syndrome -- the confusion of linguistic communication with reality."
2. Would a succinct programming linguistic communication nullify (or weaken) the arguments inwards this article? What is your favorite succinct programming language?
Paul Graham swears past times the benefits of Lisp. He quotes ESR there: "Lisp is worth learning for the profound enlightenment sense yous volition produce got when yous live acquire it; that sense volition brand yous a amend programmer for the residue of your days, fifty-fifty if yous never genuinely role Lisp itself a lot."
Maybe the benefits come upwards from declarative versus operational thinking? So declarative languages would produce got an wages over operational languages.
I am non a programming linguistic communication guy. And I don't desire to get down a PL frame war, thence perchance I should stop. (This may live the most unsafe MAD interrogation I had written :-)
0 Response to "If You’Re Non Writing A Program, Don't Purpose A Programming Language"
Post a Comment