A Postscript on Software Engineering

The C++ tallyer was never completed. The UC threatend to withold payment for the voting software; eventually, the Computer Society relented and agreed to recode the entire project again from scratch. That program was deployed the year after, to no noticeable failure. I wasn't on the Election Commission or the project programming team, and by the end of that year, I was out of student government entirely, too.

My senior year, in the middle of the fall, I got a desparate phone call from the president of the UC. The voting program kept on crashing during the vote-counting for the general election. Was there anything I could do? I wanted to say no, but somehow I got suckered in to going up to the office and having a look at it. The first thing I noticed was that all the old detritus from that first year was still laying around on the hard drive. Two complete backups of the ballots, the various perl scripts, our temp files with hand-typed lists of subtotals.

Digging into the problem itself, I found that the program crashed on trying to process ballots that contained only write-in votes. The ballot's list of candidates was maintained in a linked list, but trying to get the list head turned into a segfault when the list had been reduced to emptiness by throwing out eliminated write-ins. It turned out that it was actually a template-based smart linked list class, and that trying to get the head of the list triggered an assert failure for empty lists. Just one of those things. You can't blame the infrastructure guy who wrote the class: you should check for empty with an isEmpty() method, and this way the head() function satisfies stronger postconditions. Nor can you blame the algorithm-code gal who used the class: the operators were overloaded to make it look just like a pure C pointer-based linked list, so why shouldn't she expected it to operate like one? YOu can blame the process that lets things like this sneak through, that doesn't communicate to the people on the two sides of an interface how that interface operates.

And you can also blame anyone who puts their trust solely in software. Don't just sit there and trust the machines. Trust the people who operate the machines, the ones who might know whether or not it's safe to trust the machines.