From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,5ac12f5a60b1bfe X-Google-Attributes: gid103376,public From: Alan Brain Subject: Re: Ariane 5 - not an exception? Date: 1996/08/01 Message-ID: <4tqkst$be01@red.interact.net.au>#1/1 X-Deja-AN: 171425763 references: <285641259wnr@diphi.demon.co.uk> <483202904wnr@diphi.demon.co.uk> <687081688wnr@diphi.demon.co.uk> content-type: text/plain; charset=us-ascii organization: At Home mime-version: 1.0 newsgroups: comp.lang.ada x-mailer: Mozilla 1.2N (Windows; I; 16bit) Date: 1996-08-01T00:00:00+00:00 List-Id: JP Thornley wrote: >As I read the report, the recommendation that "software should be >assumed to be faulty until applying the currently accepted best practice >methods can demonstrate that it is correct" is saying that if the system >design is to be based on the assumption of correct software then they >will have to build that software to safety-critical standards. I wonder >if they realise just how expensive that is going to be. Umm. It appears I may have a small but critical difference of opinion here. IMHO safety-critical software _in particular_ should be assumed to be faulty, (perhaps) _even though_ shown to be correct. To make an analogy, on one side you have "guarenteed impenetrable" armour plate, surrounding a fragile crystal glass. On the other, you have ballistic gelatine. I prefer the latter, as it keeps on working sorta, kinda, even though your basic assumptions re Immunity to Murphy may be incorrect. I've seen error-_tolerance_ work very well in practice. The biggest problem is finding the bugs that exist, because the darn thing still works! Only careful examination of error logs reveals you're running at 5% efficiency, and encountering 200 Software Detected Errors per second ( Real figures by the way ).