From: JP Thornley <jpt@diphi.demon.co.uk>
Subject: Re: Ariane 5 - not an exception?
Date: 1996/08/02
Date: 1996-08-02T00:00:00+00:00 [thread overview]
Message-ID: <248081750wnr@diphi.demon.co.uk> (raw)
In-Reply-To: 4tqkst$be01@red.interact.net.au
Alan Brain <aebrain@dynamite.com.au> writes:
> Umm. It appears I may have a small but critical difference of opinion
here. IMHO
> safety-critical software _in particular_ should be assumed to be
faulty, (perhaps)
> _even though_ shown to be correct.
>
We definitely have a difference of opinion here - a software component
of a system is classified as safety-critical if failure of that
component *alone* creates a significant risk of the system suffering or
causing a catastrophic accident. If the system is designed so that the
risk only becomes significant when both this software component and some
other component of the system (wholly independent of this software
component) fail, then the software is not safety-critical.
So, assuming that the software is faulty (which I take to mean 'can be
expected to suffer a hazardous failure') results in an assumption that
the catastrophic accident *will occur*.
My favorite example at the moment is the Flight Control System on the
Boeing 777 - running on three separate and diverse boxes (I think that
one is a 68K, another is a 486 and I can't remember the third) but all
programmed from the same Ada source. No single box is safety-critical,
as there are two wholly independent back-ups, but the software clearly
is. An assumption that this software is faulty must lead to the
conclusion that the plane should never be certified.
Clearly this isn't the case, and the software must have been created
using a rigorous process that gives adequate assurance that it will not
suffer a hazardous failure (and that's what I think the report means
when it talks about "applying the currently accepted best practice
methods" in order to "demonstrate that it is correct" ).
Phil Thornley
--
------------------------------------------------------------------------
| JP Thornley EMail jpt@diphi.demon.co.uk |
------------------------------------------------------------------------
next prev parent reply other threads:[~1996-08-02 0:00 UTC|newest]
Thread overview: 194+ messages / expand[flat|nested] mbox.gz Atom feed top
1996-07-25 0:00 Ariane 5 - not an exception? Simon Bluck
1996-07-25 0:00 ` Multiple reasons for failure of Ariane 5 (was: Re: Ariane 5 - not an exception?) Kirk Beitz
1996-07-26 0:00 ` Robert I. Eachus
1996-07-26 0:00 ` ++ robin
1996-08-05 0:00 ` Darren C Davenport
1996-08-06 0:00 ` U32872
1996-08-07 0:00 ` Robert Dewar
1996-08-08 0:00 ` Pascal Martin @lone
1996-08-09 0:00 ` Robert Dewar
1996-08-10 0:00 ` dwnoon
1996-08-11 0:00 ` Robert Dewar
1996-08-15 0:00 ` dwnoon
1996-08-16 0:00 ` Robert Dewar
1996-08-20 0:00 ` dwnoon
1996-08-12 0:00 ` Ken Garlington
1996-08-15 0:00 ` Richard Riehle
1996-08-22 0:00 ` ++ robin
1996-08-23 0:00 ` Ken Garlington
1996-08-31 0:00 ` Ada versus PL/I " Richard Riehle
1996-09-02 0:00 ` ++ robin
1996-09-02 0:00 ` Richard A. O'Keefe
1996-09-03 0:00 ` ++ robin
1996-09-03 0:00 ` Robb Nebbe
1996-09-17 0:00 ` shmuel
1996-09-17 0:00 ` Jay McFadyen
1996-09-18 0:00 ` John McCabe
1996-09-20 0:00 ` shmuel
1996-09-03 0:00 ` ++ robin
1996-09-04 0:00 ` Robert Dewar
1996-09-07 0:00 ` ++ robin
1996-09-06 0:00 ` PL/I or PL/1 Larry Hazel
1996-09-03 0:00 ` Ada versus PL/I (was: Re: Ariane 5 - not an exception?) J. Kanze
1996-09-07 0:00 ` Robert Dewar
1996-09-09 0:00 ` ++ robin
1996-09-09 0:00 ` Robert Dewar
1996-09-09 0:00 ` Ken Garlington
1996-09-11 0:00 ` Multiple reasons for failure of Ariane 5 " J.Worringen
1996-09-12 0:00 ` Ken Garlington
1996-09-14 0:00 ` Use DejaNews to retrieve Ariane discussion David Alex Lamb
1996-09-19 0:00 ` Earl H. Kinmonth
1996-09-14 0:00 ` Multiple reasons for failure of Ariane 5 (was: Re: Ariane 5 - not an exception?) David Alex Lamb
1996-08-11 0:00 ` ++ robin
[not found] ` <4uibvh$References: <Dv45EJ.8r@fsa.bris.ac.uk>
1996-08-16 0:00 ` A. Grant
1996-08-08 0:00 ` bohn
1996-08-23 0:00 ` Jon S Anthony
1996-08-26 0:00 ` ++ robin
1996-08-23 0:00 ` Jon S Anthony
1996-08-23 0:00 ` ++ robin
1996-08-23 0:00 ` Richard A. O'Keefe
1996-08-23 0:00 ` Ken Garlington
1996-08-26 0:00 ` ++ robin
1996-08-27 0:00 ` Ken Garlington
1996-08-28 0:00 ` Larry Kilgallen
1996-08-29 0:00 ` Ken Garlington
1996-08-30 0:00 ` ++ robin
1996-08-30 0:00 ` David Weller
1996-09-04 0:00 ` Ken Garlington
1996-09-06 0:00 ` Sandy McPherson
1996-09-09 0:00 ` Ken Garlington
1996-08-30 0:00 ` Jon S Anthony
1996-08-26 0:00 ` Ken Garlington
1996-08-26 0:00 ` Dave Jones
1996-08-27 0:00 ` Ken Garlington
1996-08-30 0:00 ` ++ robin
1996-09-04 0:00 ` Ken Garlington
1996-09-06 0:00 ` ++ robin
1996-09-18 0:00 ` Merlin Dorfman
1996-09-20 0:00 ` John McCabe
1996-08-30 0:00 ` ++ robin
1996-08-30 0:00 ` John McCabe
1996-09-06 0:00 ` Jon S Anthony
1996-09-06 0:00 ` Robert Dewar
1996-07-26 0:00 ` Ariane 5 - not an exception? JP Thornley
1996-07-29 0:00 ` Ken Garlington
1996-07-29 0:00 ` Nigel Tzeng
1996-07-29 0:00 ` JP Thornley
1996-07-30 0:00 ` Robert I. Eachus
1996-07-31 0:00 ` JP Thornley
1996-08-01 0:00 ` Alan Brain
1996-08-02 0:00 ` JP Thornley [this message]
1996-08-01 0:00 ` Ken Garlington
1996-07-26 0:00 ` Theodore E. Dennison
1996-07-29 0:00 ` Ken Garlington
1996-07-26 0:00 ` ++ robin
1996-07-29 0:00 ` Bill Angel
1996-07-29 0:00 ` Paul_Green
1996-07-30 0:00 ` Lloyd Fischer
1996-07-30 0:00 ` Ken Garlington
1996-07-30 0:00 ` Nancy Mead
1996-07-31 0:00 ` Tucker Taft
1996-07-31 0:00 ` Steve O'Neill
1996-08-01 0:00 ` root
1996-08-01 0:00 ` Tucker Taft
1996-07-30 0:00 ` Richard Shetron
1996-07-30 0:00 ` ++ robin
1996-07-30 0:00 ` Bob Kurtz
1996-08-04 0:00 ` Richard Riehle
1996-08-05 0:00 ` John McCabe
1996-08-05 0:00 ` Nigel Tzeng
1996-08-06 0:00 ` John McCabe
1996-08-05 0:00 ` Fergus Henderson
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Darren C Davenport
1996-08-13 0:00 ` Ken Garlington
1996-08-13 0:00 ` Kirk Bradley
1996-08-14 0:00 ` Ken Garlington
1996-08-18 0:00 ` PL/I Versus Ada (Was: Arianne ...) Richard Riehle
1996-08-19 0:00 ` Robert Dewar
1996-08-20 0:00 ` Lon Amick
1996-08-21 0:00 ` Tim Dugan
1996-08-21 0:00 ` Lon D. Gowen, Ph.D.
1996-08-21 0:00 ` Tony Konashenok
1996-08-28 0:00 ` Richard Riehle
1996-08-29 0:00 ` Lon D. Gowen, Ph.D.
1996-08-30 0:00 ` Tony Konashenok
1996-08-30 0:00 ` Adam Beneschan
1996-08-30 0:00 ` John McCabe
1996-08-23 0:00 ` arbuckj
1996-08-22 0:00 ` Ariane 5 - not an exception? ++ robin
1996-08-22 0:00 ` Ken Garlington
1996-08-14 0:00 ` John McCabe
1996-08-19 0:00 ` Chris Papademetrious
1996-08-22 0:00 ` ++ robin
1996-08-22 0:00 ` John McCabe
1996-08-23 0:00 ` Ken Garlington
1996-08-24 0:00 ` John McCabe
1996-08-26 0:00 ` Byron B. Kauffman
1996-08-27 0:00 ` John McCabe
1996-08-28 0:00 ` Byron B. Kauffman
1996-08-28 0:00 ` Robert Dewar
1996-08-29 0:00 ` Ted Dennison
1996-08-30 0:00 ` John McCabe
1996-08-22 0:00 ` Martin Tom Brown
1996-08-23 0:00 ` Bob Gilbert
1996-08-24 0:00 ` Robert I. Eachus
1996-08-25 0:00 ` John McCabe
1996-08-27 0:00 ` Tom Speer
1996-08-26 0:00 ` Jon S Anthony
1996-08-20 0:00 ` Richard Riehle
1996-07-30 0:00 ` Ken Garlington
1996-08-02 0:00 ` Craig P. Beyers
1996-07-30 0:00 ` Steve O'Neill
1996-07-31 0:00 ` Martin Tom Brown
1996-07-31 0:00 ` Nigel Tzeng
1996-08-02 0:00 ` Ken Garlington
1996-08-03 0:00 ` Thomas Kendelbacher
1996-08-01 0:00 ` ++ robin
1996-08-01 0:00 ` Ken Garlington
1996-08-05 0:00 ` John McCabe
1996-08-06 0:00 ` Ken Garlington
1996-08-06 0:00 ` Mark van Walraven
1996-08-06 0:00 ` Ken Garlington
1996-08-02 0:00 ` Pascal Martin @lone
1996-08-03 0:00 ` Dr. Richard Botting
1996-08-05 0:00 ` system
1996-08-06 0:00 ` ++ robin
1996-08-08 0:00 ` Darius Blasband
1996-08-10 0:00 ` dwnoon
1996-08-12 0:00 ` Thomas Kendelbacher
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Roy Gardiner
1996-08-13 0:00 ` Ken Garlington
1996-08-13 0:00 ` Lance Kibblewhite
1996-08-15 0:00 ` Richard Riehle
1996-08-05 0:00 ` Steve O'Neill
1996-08-06 0:00 ` Francis Lipski
1996-08-07 0:00 ` Martin Tom Brown
1996-08-09 0:00 ` Ken Garlington
1996-08-06 0:00 ` Frank Manning
1996-08-08 0:00 ` Steve O'Neill
1996-08-09 0:00 ` Pat Rogers
1996-08-09 0:00 ` JP Thornley
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Steve O'Neill
1996-08-01 0:00 ` Jon S Anthony
1996-08-02 0:00 ` James Kanze US/ESC 60/3/141 #40763
1996-08-06 0:00 ` Stefan 'Stetson' Skoglund
1996-08-06 0:00 ` Robert I. Eachus
1996-07-26 0:00 ` Bob Gilbert
1996-07-29 0:00 ` Martin Tom Brown
1996-07-30 0:00 ` John McCabe
1996-07-31 0:00 ` Greg Bond
1996-08-03 0:00 ` John McCabe
1996-07-27 0:00 ` Bill Angel
1996-07-30 0:00 ` Dr. Richard Botting
1996-07-30 0:00 ` David Weller
1996-07-30 0:00 ` Robert Dewar
-- strict thread matches above, loose matches on Subject: below --
1996-08-08 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-09 0:00 ` John McCabe
1996-08-13 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-15 0:00 ` John McCabe
1996-08-13 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-15 0:00 ` John McCabe
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox