Authors
Harold Thimbleby
Abstract
Software should be correct and robust. This paper suggests that we need forthright words for the failure of not being robust - heedless and heedlessness - and of recursively creating software (such as a compiler or virtual machine) that itself does not support dependable software development.
Heedless programming is common, particularly affecting "trivial" operations such as on numbers, and extends deep into programming language design and into the use of computers more widely, thus making robust, dependable applications of all sorts unnecessarily problematic.
The paper defines the problem and presents a call to action to start addressing the problems identified.
Sample
Excel has been designed to be heedless to user and programmer error, and different vendor's "equivalents" to Excel are heedless in different ways, thus making spreadsheets very diffcult to use reliably.
For example, in Excel a syntax error such as 1..2 is treated without warning as zero by the function SUM. A syntactically correct cell that shows 1.2 is also treated as zero if the 1.2 is a string, which could be accidental but could easily be exploited maliciously.
A malicious user can conceal almost any activity (for example a number can be displayed as 1,000 but be treated as zero by SUM); equally, errors can slip past a diligent user because of the original heedless design combined with the lack of warnings and checks provided by Excel.
Publication
2012, Software — Practice & Experience, Volume 42, Issue 11, November, pages 1393-1407
Full article
Heedless programming: Ignoring detectable error is a widespread hazard
