Programming: Cascading Failure chains

by Donald Hobson 1 min read28th Mar 20202 comments


The concept of a cascading failure chain can be demonstrated by this block of python. Don't worry if you don't know python, I'll try to explain it.

The error sneaks in on the first line.

This is hidden by the brackets being used for tuples and precedence.

The next part of the error occurs at

In python, the product of an integer and a tuple is a tuple.

This is far from the only case where python is slack with typing. You can multiply a Boolean by a string or add two lists or take a string modulo a tuple.

The final error comes with the numpy.random.normal function. It takes in a size. if that size is an integer, it makes a 1D array of that length, if it is a tuple, it creates a multidimensional array, with dimensions from the tuple. So if you enter "C", this piece of code produces a 52D array containing 6710886400000000000000000000000000 random numbers. This causes your system to run out of memory and crash.

This is the structure of a cascading failure chain. Something goes wrong somewhere, but it isn't caught by the error correction mechanism and dealt with, instead it triggers something else to go wrong, and then another thing. Here going wrong means going outside the context that the programmer was thinking of when they wrote the code.

The basic problem was that the programming language was dynamically typed, so if you get passed a variable foo from another part of the program, it could be an Int or String or List or anything. The next problem comes from giving several different functions the same name. Multiplying integers and repeating lists are entirely different functions. If a programer relies on the fact that the same symbol * does both, they are being "clever" and probably producing confusing code.

The numpy.random.normal is a less egregious version of this, making a random array from a list and from a tuple a subtly different.

Hacking is the art of finding code execution paths not envisioned by the programmer.

All this means that most long and complex python program is likely to be hackable.

Haskel takes a different approach. In Haskel all the variables have types deduced at compile time, if you try any operation that doesn't make sense, the compiler stops it.

The python methodology is "Run any piece of code that is arguably meaningful".

The Haskel methodology is "Don't run any piece of code that's arguably meaningless".

The paranoid error detection of Haskel makes it harder to write code that seams to work, but easier to make a complex piece of code work reliably.