From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a00006d3c4735d70 X-Google-Attributes: gid103376,public X-Google-Thread: f849b,b8d52151b7b306d2 X-Google-Attributes: gidf849b,public X-Google-ArrivalTime: 2004-01-09 22:16:16 PST Path: archiver1.google.com!news2.google.com!news.maxwell.syr.edu!newshub.sdsu.edu!small1.nntp.aus1.giganews.com!border3.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail NNTP-Posting-Date: Sat, 10 Jan 2004 00:16:08 -0600 Date: Sat, 10 Jan 2004 01:16:07 -0500 From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.arch.embedded,comp.lang.ada Subject: Re: Certified C compilers for safety-critical embedded systems References: <3fe00b82.90228601@News.CIS.DFN.DE> <5802069.JsgInS3tXa@linux1.krischik.com> <1072464162.325936@master.nyc.kbcfp.com> <1563361.SfB03k3vvC@linux1.krischik.com> <11LvOkBBXw7$EAJw@phaedsys.demon.co.uk> <3ff0687f.528387944@News.CIS.DFN.DE> <1086072.fFeiH4ICbz@linux1.krischik.com> <3ff18d4d.603356952@News.CIS.DFN.DE> <1731094.1f7Irsyk1h@linux1.krischik.com> <3ff1b8ef.614528516@News.CIS.DFN.DE> <3FF1E06D.A351CCB4@yahoo.com> <3ff20cc8.635997032@News.CIS.DFN.DE> Organization: LJK Software In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: NNTP-Posting-Host: 24.34.214.193 X-Trace: sv3-4DiFGYkVhdrW1SPyxQYcz3W8yPIBNwwZ7qNGS9CYLuzKXJ/oa6O+pH1KGYKdeG1mRywcayYHR59if0o!hP+vTLd2CgcRCHmpf+e0MmvErqaOv139sTfpFa3SmBzEEzId3+aMh+DI2RpW6g== X-Complaints-To: abuse@comcast.net X-DMCA-Complaints-To: dmca@comcast.net X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: archiver1.google.com comp.arch.embedded:7205 comp.lang.ada:4293 Date: 2004-01-10T01:16:07-05:00 List-Id: Larry Kilgallen wrote: > From another point of view, they just opened the system testing process > up to the public view :-) Sorry, no. If the course of Ariane 501 would have been slightly different, the launch would have succeeded. But it would have said nothing about the likelihood that then next Airiane 5 launch would have succeeded. In fact there have been three major failures in less than a dozen launches, with lots of originally needed testing done after each failure, and they still don't have a working system. In the meantime, Ariane 4 (Remember, the one the software requirements were originally for?) has had about 100 launches with a very good record. So the Ariane 5 is almost the poster child for doing reuse without redoing the systems requirements analysis from the top. I would hope that no one would ever make that mistake again. But the lesson that keeps being taught about the first Ariane 5 launch is about software validation. Similarly the lessons learned in five Airbus 320 crashes are getting papered over. It is by now clear to those who study such accidents, that all five accidents were probably caused by invalid requirements. For years Airbus has claimed that the software had been proven correct and couldn't have caused the crashes. But finally enough has come out that the accident investigators are pretty sure they know exactly which requirements error caused which crash. The Airbus 320 should bury the idea that theorem provers can result in safe software. In the case of the Airbus 320 what happened was that the formal logic used for stating the requirements/theorems was relatively opaque to experts in the field (read pilots). So the flaws in the requirements, and later about 500 people, were buried by that opacity. -- Robert I. Eachus "The war on terror is a different kind of war, waged capture by capture, cell by cell, and victory by victory. Our security is assured by our perseverance and by our sure belief in the success of liberty." -- George W. Bush