From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 2002:a24:72c6:: with SMTP id x189-v6mr14246945itc.30.1522308060840; Thu, 29 Mar 2018 00:21:00 -0700 (PDT) X-Received: by 2002:a9d:528c:: with SMTP id f12-v6mr3034828oth.10.1522308060545; Thu, 29 Mar 2018 00:21:00 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!news.swapon.de!feeder.usenetexpress.com!feeder-in1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!199-v6no7108571itl.0!news-out.google.com!u64-v6ni3189itb.0!nntp.google.com!u184-v6no7161297ita.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Thu, 29 Mar 2018 00:21:00 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=87.116.176.31; posting-account=z-xFXQkAAABpEOAnT3LViyFXc8dmoW_p NNTP-Posting-Host: 87.116.176.31 References: <3c3d7301-c0dd-4953-bce1-5ac4050457a8@googlegroups.com> <139fa27c-2f53-4758-81ba-dd403a30e4ef@googlegroups.com> <21e81c06-9352-407d-891c-ec54eed1b249@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <28252fa0-d6a3-48b3-908e-0538201d2dd8@googlegroups.com> Subject: Re: requiring Ada(2020?) in self-driving autonomous automobiles From: Bojan Bozovic Injection-Date: Thu, 29 Mar 2018 07:21:00 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Xref: reader02.eternal-september.org comp.lang.ada:51248 Date: 2018-03-29T00:21:00-07:00 List-Id: On Thursday, March 29, 2018 at 5:56:22 AM UTC+2, Dan'l Miller wrote: > On Wednesday, March 28, 2018 at 4:38:42 PM UTC-5, Bojan Bozovic wrote: > > Programming (or software development, if you like that words better) me= thodology needs to be changed, > > and verifying software against specification >=20 > So the specification for self-driving cars is in good shape, defining e= xactly what the expectations in the problem-space are to emulate human-qual= ity of driving? No, they are not, because in general they are falling into= the category of: > 0) Use the reference implementations of realtime software provided by the= sensor hardware manufacturers. > 1) Have a neural network. > 2) Train the neural network on dry roads on a sunny day without road cons= truction. > 3) Once the neural network drives no worse than a nervous teenager, add o= ne hazard at a time to further train the neural network. > 3) Then a miracle occurs. > 4) The neural network knows how to have the reflex of the spinal cord & b= rain stem. The neural network knows how to have the reptilian brain for tr= acking object identity and movement. The neural network knows how to have = the mammalian brain for social order. The neural network knows how to have= a human-level of inductive & deductive logical & spatial reasoning about w= hy spontaneous events are happening and how the other guy will likely respo= nd. And it knows how to coordinate all those layers of brain processing in= all the varieties of road hazards concurrently: pedestrian walks out onto= the roadway during a snow storm at night when the road is glazed with ice = with a tractor-trailer semi truck tailgating behind with a disabled vehicle= on the shoulder up ahead. >=20 > What we would recognize as software in these self-driving autonomous vehi= cles is primary in the drive-by-wire category of operating the realtime con= trol of the LIDAR and other sensors. The failure of self-driving autonomou= s vehicle software is far more likely in the vicinity of steps 2 through 4 = of the requirements specification above. Fidelity of transliteration of th= e requirements specification into neural nets on one hand and realtime soft= ware control of sensor hardware on the other hand probably doesn't even mak= e the top 10 root causes of wrecks of self-driving automobiles. The neural= network and its undesired ability to learn the wrong lesson during trainin= g is far more likely the root cause of wrecks & mishaps & maiming & deaths. >=20 > > together with testing must be viewed as indispensable, >=20 > Remember what you think of as testing (either the verification of the fid= elity of transliteration of the requirements or the validation of whether t= he requirements specification was wise in the first place), they think of a= s training the neural net. What you think of as a sacred methodical proces= s, the neural network thinks more of as merely more opportunities for trial= -and-error training. >=20 > > not some arcane procedure reserved for those that code aircraft, spacec= raft and missile software. >=20 > Yeah right. Vehicles with hardware sensors in the air have an entirely d= ifferent set of =E2=80=A2realtime=E2=80=A2-software characteristics than ve= hicles with hardware sensors on the ground. Both real and time differ when= in the air and when on the ground. Fly-by-wire is entirely different phys= ics & control-theory processing than drive-by-wire. Yeah right. >=20 > > Anything that makes writing correct programs easier >=20 > Define easier with respect to emulating a human being's conscious brain a= top a mammalian brain atop a reptilian brain atop a brain stem atop a spina= l cord in front of a steering wheel and gas pedal and brake pedal (and clut= ch pedal and gear shift in the case of self-driving autonomous tractor-trai= ler semis/lorries). =20 >=20 > Even independent of this difficult emulation, I think Python is generally= perceived to be easier for programmers than, say, Ada. That is, easier in= every metric other than assuring correctness (and perhaps readability). W= hat kind of ease do you wish to optimize? (Probably the wrong kind.) >=20 > > is welcome and needed, self-driving cars are just one aspect of the pro= blem. >=20 > Randy/ARG has identified self-driving autonomous automobiles as a likely = killer* app of Ada2020, so that is why it is a very important topic to disc= uss, despite your attempt to deflect away from it. >=20 > * so that self-driving autonomous automobiles are no longer killers. Oh = the irony. Now, if the self-driving cars are made from a neural network doing trial an= d error learning, sound logical proof is needed that such methodology is re= ally not going to endanger other participants of the traffic. As such proof= doesn't exist (at least to my knowledge) self-driving cars are hazard that= can't be allowed on the streets. I didn't say that real-time systems in th= e aircraft have the need of safety that, for example, robots used for car m= anufacture doesn't, or that medical devices doesn't, many, even those who s= hould know better, don't think such systems run something like VxWorks and = Ada rather than some form of Linux. "There is always one more bug" is a man= tra that is repeated over and over again, and needn't be so. Also, if we we= re to compare Python and Ada, even for a beginner Ada wins for ease of prog= ramming. Documentation is free and readily available, as are the tutorials = and books on the subject. On the other hand Python has nothing like Ada LRM= /ALRM online, and Ada 83, it still compiles, 35 years later, on Ada 2012 co= mpiler, while Python went isn't compatible between 2.x and 3.x version. I w= asn't trying to deflect the topic from self-driving automobiles, you wrongl= y accuse me, but I don't see how the problem really differs from an autopil= ot in an aircraft that is certified to DO-178B/C. At least nobody has tried= to put a primitive neural network into these and justify it by saying it p= erforms better than a drunk pilot. And no, constructing software to be correct as better to debugging isn't my= idea, but one by C.A.R "Tony" Hoare and Edsger W. Dijkstra, I'm just repea= ting it. It predates Ada. Mr Dan'l Miller, you started out too defensive, as if I somehow insulted yo= u, or Mr. Randy Brukhardt. If it sounded so, it wasn't my intention. If neu= ral networks are indeed the future, the onus is on those who implement thos= e systems to prove they pose no risk. One way or another it will come to pa= ss.