From: "Michael" <Michael@home.ca>
Subject: Re: SPARK User Group 2008
Date: Sun, 25 May 2008 20:14:38 GMT
Date: 2008-05-25T20:14:38+00:00 [thread overview]
Message-ID: <OMj_j.293861$pM4.198754@pd7urf1no> (raw)
In-Reply-To: 9f80aed6-6509-4faf-931b-e05dc2b314d9@59g2000hsb.googlegroups.com
"Simon Wright" <simon.j.wright@mac.com> wrote in message
news:m21w42hqp8.fsf@mac.com...
> If you are saying "if they don't do it right, it will be a failure" --
> well, duh, this is news?
OUCH, that sparks!
Being distracted by discussions is not focusing on safety.
March the 26th, 2006, BC ferries' Queen of the North vanished just like
that!
"Crew had also turned off alarms that would have alerted them to danger."
Engineering is not that much about doing wrong or right, but knowing what is
being done.
Even before a system gets operational, what matters is early identifying
vulnerabilities, locating anomalies and resolving any deficiency prior a
dysfunction occurs. (i.e.: A clue: dysfunctions mostly occur in a specific
context (not necessarily the current application domain), but anomalies are
almost there! Without a trace? Not really!).
Apparently it wasn't one of the "Correctness by Construction" capabilities.
Therefore Praxis's iFACTS verifications never noticed any defects, but the
NATS's iFACTS validation.
(i.e.: The 7 of March 2007, NATS news released proudly announced the iFACTS
final trials. Since, NATS never announced that iFACTS gets commissioned -
find the errors! - anomalies I meant).
Like it says, "Correctness by Construction" is a brand new distilled set of
formal principles, to realize systems and software engineering outputs with
very low defect rate and very high resilience to change.
"Is Proof More Cost-Effective Than Testing?"
Or is CbC "just another way to make things so complicated that there are no
obvious deficiencies?"
Praxis-HIS gets almost $20 millions to develop iFACTS and demonstrating that
Formal method, formal verification and SPARK all together "appear to be
substantially more efficient at finding faults than the most efficient
testing phase".
Preliminary answers are expected at Ada Europe, in Venice, Italy, 16-20
June.
Better to know how easily removable iFACTS deficiencies are!
If yes, did NATS reschedule iFACTS with new funding?
Cheers,
Michael,
Vancouver, BC
NOTE:
Never underestimate engineering capabilities:
Running without visibility, faster than you can and hitting the sound
barrier is all but probable.
It's more likely going from your speed to zero in less than 1 second!
Big bang on the nose?
"Much ado about nothing" indeed.
next prev parent reply other threads:[~2008-05-25 20:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-28 16:02 SPARK User Group 2008 roderick.chapman
2008-05-12 10:29 ` Michael
2008-05-13 7:47 ` Simon Wright
2008-05-16 6:57 ` Michael
2008-05-16 8:21 ` stefan-lucks
2008-05-16 21:41 ` Simon Wright
2008-05-25 20:14 ` Michael [this message]
2008-05-26 10:06 ` Simon Wright
2008-05-27 18:43 ` Michael
2008-05-27 19:23 ` Simon Wright
2008-05-27 20:07 ` Jeffrey R. Carter
2008-05-27 21:57 ` Ed Falis
2008-05-28 9:51 ` iFACTS (was: SPARK User Group 2008) Stuart
2008-06-01 20:47 ` SPARK User Group 2008 Michael
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox