Bjarne Stroustrup: Simplification is the Key to Reliability and Efficiency in Code

00:00:00.000 | - What was the origin story of C++?

00:00:04.160 | You basically gave a few perspectives

00:00:09.080 | of your inspiration of object-oriented programming.

00:00:14.080 | That's, you had a connection with C and performance.

00:00:18.040 | Efficiency was an important, a thing you were drawn to.

00:00:21.760 | - Efficiency and reliability.

00:00:23.520 | - Reliability.

00:00:24.360 | - You have to get both.

00:00:25.720 | - What's reliability?

00:00:28.240 | - I really want my telephone calls to get through

00:00:32.760 | and I want the quality of what I am talking,

00:00:35.960 | coming out at the other end.

00:00:38.120 | The other end might be in London or wherever.

00:00:42.000 | So, and you don't want the system to be crashing.

00:00:47.040 | If you're doing a bank, you mustn't crash.

00:00:50.600 | It might be your bank account that is in trouble.

00:00:55.600 | There's different constraints, like in games,

00:00:57.640 | it doesn't matter too much if there's a crash,

00:00:59.760 | nobody dies and nobody gets ruined.

00:01:02.240 | But I'm interested in the combination of performance,

00:01:06.600 | partly because of sort of speed of things being done,

00:01:11.920 | part of being able to do things that is necessary

00:01:15.360 | to have reliability of larger systems.

00:01:20.360 | If you spend all your time interpreting

00:01:26.040 | a simple function call,

00:01:28.720 | you are not going to have enough time

00:01:30.640 | to do proper signal processing

00:01:32.440 | to get the telephone calls to sound right.

00:01:34.840 | Either that, or you have to have 10 times

00:01:38.360 | as many computers and you can't afford your phone anymore.

00:01:41.880 | It's a ridiculous idea in the modern world

00:01:45.000 | because we have solved all of those problems.

00:01:47.320 | - I mean, they keep popping up in different ways.

00:01:51.560 | 'Cause we tackle bigger and bigger problems,

00:01:53.480 | so efficiency remains always an important aspect.

00:01:56.640 | - But you have to think about efficiency,

00:01:59.080 | not just as speed, but as an enabler to important things.

00:02:04.080 | And one of the things it enables

00:02:06.640 | is reliability, is dependability.

00:02:11.000 | When I press the pedal, the brake pedal of a car,

00:02:16.240 | it is not actually connected directly

00:02:18.360 | to anything but a computer.

00:02:22.280 | That computer better work.

00:02:24.040 | - Let's talk about reliability just a little bit.

00:02:27.920 | So modern cars have ECUs,

00:02:31.880 | have millions of lines of code today.

00:02:34.880 | So this is certainly, especially true of autonomous vehicles

00:02:39.280 | where some of the aspects of the control

00:02:41.400 | or driver assistance systems that steer the car,

00:02:43.760 | that keep it in the lane and so on.

00:02:45.560 | So how do you think, you know, I talked to regulators,

00:02:48.960 | people in government who are very nervous

00:02:51.400 | about testing the safety of these systems of software,

00:02:55.880 | ultimately software that makes decisions

00:02:58.840 | that could lead to fatalities.

00:03:00.600 | So how do we test software systems like these?

00:03:05.600 | - First of all, safety, like performance and like security,

00:03:12.040 | is a system's property.

00:03:16.960 | People tend to look at one part of a system at a time

00:03:20.280 | and saying something like, this is secure.

00:03:23.120 | That's all right, I don't need to do that.

00:03:27.160 | Yeah, that piece of code is secure, I'll buy your operator.

00:03:30.840 | - Right.

00:03:31.960 | - If you want to have reliability,

00:03:34.320 | if you want to have performance,

00:03:36.200 | if you want to have security,

00:03:38.120 | you have to look at the whole system.

00:03:40.560 | - I did not expect you to say that,

00:03:42.000 | but that's very true, yes.

00:03:43.600 | - I'm dealing with one part of the system

00:03:45.640 | and I want my part to be really good,

00:03:48.680 | but I know it's not the whole system.

00:03:50.640 | Furthermore, making an individual part perfect

00:03:55.640 | may actually not be the best way

00:03:59.480 | of getting the highest degree of reliability

00:04:02.120 | and performance and such.

00:04:04.080 | There's people who say C++ is type safe,

00:04:06.680 | not type safe, you can break it.

00:04:09.320 | Sure, I can break anything that runs on a computer.

00:04:13.440 | I may not go through your type system.

00:04:16.880 | If I wanted to break into your computer,

00:04:18.920 | I'll probably try SQL injection.

00:04:21.160 | - And it's very true, if you think about safety

00:04:25.040 | or even reliability at a system level,

00:04:27.880 | especially when a human being is involved,

00:04:30.480 | it starts becoming hopeless pretty quickly

00:04:35.800 | in terms of proving that something is safe

00:04:40.800 | to a certain level.

00:04:42.760 | - Yeah.

00:04:43.600 | - 'Cause there's so many variables, it's so complex.

00:04:45.600 | - Well, let's get back to something we can talk about

00:04:48.760 | and actually make some progress on.

00:04:51.200 | - Yes.

00:04:52.040 | - We can look at C++ programs

00:04:54.200 | and we can try and make sure they crash less often.

00:04:59.200 | The way you do that is largely by simplification.

00:05:05.440 | It is not, the first step is to simplify the code,

00:05:11.080 | have less code, have code that are less likely to go wrong.

00:05:15.000 | It's not by runtime testing everything.

00:05:18.000 | It is not by big test frameworks that you're using.

00:05:22.520 | Yes, we do that also.

00:05:24.560 | But the first step is actually to make sure

00:05:28.120 | that when you want to express something,

00:05:30.560 | you can express it directly in code

00:05:33.960 | rather than going through endless loops

00:05:36.640 | and convolutions in your head before it gets down the code.

00:05:41.360 | That if the way you are thinking about a problem

00:05:45.840 | is not in the code, there is a missing piece

00:05:50.120 | that's just in your head.

00:05:52.160 | And the code, you can see what it does,

00:05:55.440 | but it cannot see what you thought about it

00:05:58.240 | unless you have expressed things directly.

00:06:01.240 | When you express things directly, you can maintain it.

00:06:04.960 | It's easier to find errors.

00:06:06.640 | It's easier to make modifications.

00:06:08.960 | It's actually easier to test it.

00:06:11.400 | And lo and behold, it runs faster.

00:06:13.400 | And therefore you can use a smaller number of computers,

00:06:19.000 | which means there's less hardware that could possibly break.

00:06:22.160 | So I think the key here is simplification,

00:06:27.440 | but it has to be, to use the Einstein quote,

00:06:31.440 | "As simple as possible and no simpler."

00:06:33.520 | - Not simpler.

00:06:34.920 | - But there are other areas with under constraint

00:06:37.800 | where you can be simpler than you can be in C++,

00:06:40.400 | but in the domain I'm dealing with,

00:06:42.760 | that's the simplification I'm after.

00:06:45.880 | (air whooshing)

00:06:48.560 | (upbeat music)

00:06:51.160 | (upbeat music)

00:06:53.760 | (upbeat music)

00:06:56.360 | (upbeat music)

00:06:58.960 | (upbeat music)

00:07:01.560 | [BLANK_AUDIO]