The Uses of Computers: What’s Past is Merely Prologue — Butler Lampson

Butler Lampson, one of the founding members of Xerox PARC, Turing award winner, and one of the most practical engineering thinkers I know spoke a couple of days ago at the Computing in the 21st Century Conference in Beijing. My rough notes from Butler’s talk follow. Overall Butler argues that “embodiment” is the next big phase of computing after simulation and communications. Butler defines embodiment as computers interacting directly with the physical world. For example, autonomously driven vehicles. Butler argues that this class of applications are only possible now due to the rapidly falling price of computing coupled with systems capabilities driven by Moore’s law.

He argues that we need to further advance how we deal with uncertainty and dependability to be successful with these applications. Uncertainty is important since all input has noise, all sensors have faults, and all data is incomplete. Dependability in that these systems are directly interacting with the physical world and actions in the physical world can have live critical failure modes.

Butler’s recommendation on how to build incredibly complex systems that directly interact with the physical world and yet have these systems be dependable is to build them two tier. At the core, is a small, simple kernel that doesn’t do a great job of its task but doesn’t hard fail and won’t kill anyone. He calls this “catastrophe mode”. For example, an autonomous vehicle may slow down to 10 MPH or just safely stop in catastrophe mode.

The software stack is designed in two layers where the top layer is responsible for the complex, real time interaction the system is designed to deliver. The inner or lower layer is catastrophe mode designed to be simple and, as only simple systems can be, correct. I like the approach.

Butlers Slides are: ButlerLampson_China_Microsoft2008 (1.49 MB).

–jrh

Title: The Uses of Computers: What’s Past is Merely Prologue

Speaker: Butler Lampson

Implication of Moore

· Spend hardware to simplify software

· Hardware enables new applications

· Pull complexity up into software (if unavoidable)

The uses of computers:

· 1950: Simulation

· 1980: Communications

· 2010: Embodiment (computers interacting directly with the physical world)

Argument: embodiment is now possible and there are some grand challenges that fall into this category:

· Gave some examples from Jim Gray’s Systems Challenges (Turing award lecture)

· Butler example: Reduce highway traffic deaths to zero

What do we need to learn how to deal with to achieve embodiment in general and zero traffic deaths in particular:

· Dealing with uncertainty

o Need good models of what can happen (what is possible)

o Need boundaries for models (where they don’t apply)

· Dependability

o The system meets its spec

o Measure: probability(failure) x Cost(failure)

o Had to model dependability. Recommends using “no catastrophes”

o Must have a threat model of what can go wrong

o Recommends producing a simple, small base that will avoid catastrophe. It must be simple. There may be incredibly complex, very highly optimized layers but a reliable systems needs to be able to fail back to the reliable base kernel (less than 50k loc?)

Conclusions for Engineers:

· Understand Moore’s Law

· Aim for mass markets

· Learn how to deal with uncertainty

· Learn how to avoid catastrophe (avoiding fault not possible in systems at scale)

James Hamilton, Data Center Futures
Bldg 99/2428, One Microsoft Way, Redmond, Washington, 98052
W:+1(425)703-9972 | C:+1(206)910-4692 | H:+1(206)201-1859 |
JamesRH@microsoft.com

H:mvdirona.com | W:research.microsoft.com/~jamesrh | blog:http://perspectives.mvdirona.com

Leave a Reply

Your email address will not be published. Required fields are marked *