From: dewar@merv.cs.nyu.edu (Robert Dewar)
Subject: Re: Critique of Ariane 5 paper (finally!)
Date: 1997/08/21
Date: 1997-08-21T00:00:00+00:00 [thread overview]
Message-ID: <dewar.872177977@merv> (raw)
In-Reply-To: 33FBD62C.3DD3@invest.amp.com.au
Thomas said
<<As an observer to this long-winded thread, can I suggest that you define
what
you mean by reliable? Software engineers such as myself often use the
term
"correctness" to mean what you seem to be talking about above. I would
define "reliability" as the ability of a system to execute correctly
over
some time, and with "normal" inputs ("robustness" would be a measure of
a
system handling pathological inputs). Reliability in my experience has
often been specified by an mtbf - mean time between failures - figure.
So
the aspect of quality we are interested in here is longevity of correct
operation, not just correct function. So, when you say "reliability",
exactly
what do you mean?>>
Sure I think we all accept your definition of reliability (the ability of
a system to execute correctly ....) although we might want to add something
about ease of modification and maintenance (for me these are also aspects
of reliability).
But that definition is not one we can use directly to ensure reliability.
Sure we can judge in retrospect whether we succeeded in generating a
realiable application, but we can't use this criterion directly to ensure
reliability in advance.
If you look at my earlier postings, you will see that the point you are
making is *precisely* the one that I emaphasized in my replies to Bertrand.
Now what Bertrand claims is that any methodology which results in reliable
programs MUST ALWAYS use an approach that includes an explicit use of DBC.
What I am saying is that there are many methods and techniques that we
use in practice for judging reliability.
Correctness is a different property from reliability as you point out (there
are unreliable correct programs, and reliable incorrect programs). However,
that does not mean that demonstration of correctness is not a useful tool
in the quest after reliability. The effort to demonstrate correctness may
well show up flaws that would indeed effect reliability. Of course even if
you prove total correctness, you have not demonstrated reliability, but then
that is true of other techniques (such as formal testing, etc). In practide,
we ensure reliability by using a variety of techniques and tools.
DBC in the sense in which Bertrand means it is a possible tool. It is
neither necessary nor sufficient, but it is one more useful tool (I cannot
imagine anyone contesting this point). However, use of DBC does not ensure
reliability, and failure to use it does not guarantee unreliability!
next prev parent reply other threads:[~1997-08-21 0:00 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-08-03 0:00 Critique of Ariane 5 paper (finally!) Ken Garlington
[not found] ` <dewar.870870888@merv>
[not found] ` <33E8FC54.41C67EA6@eiffel.com>
1997-08-07 0:00 ` Ken Garlington
1997-08-07 0:00 ` Ken Garlington
[not found] ` <33EB4935.167EB0E7@eiffel.com>
1997-08-08 0:00 ` Bertrand Meyer
1997-08-08 0:00 ` Ken Garlington
1997-08-08 0:00 ` Ken Garlington
1997-08-11 0:00 ` Bertrand Meyer
1997-08-12 0:00 ` Robert Dewar
1997-08-13 0:00 ` Samuel Mize
1997-08-13 0:00 ` Ken Garlington
[not found] ` <33F22AD8.41C67EA6@eiffel.com>
1997-08-13 0:00 ` Bertrand Meyer
1997-08-13 0:00 ` Ken Garlington
[not found] ` <33F28DBF.794BDF32@eiffel.com>
1997-08-13 0:00 ` Bertrand Meyer
1997-08-15 0:00 ` Ken Garlington
1997-08-15 0:00 ` Jon S Anthony
1997-08-16 0:00 ` Ken Garlington
1997-08-14 0:00 ` Robert S. White
1997-08-15 0:00 ` Ken Garlington
1997-08-16 0:00 ` Robert Dewar
1997-08-14 0:00 ` Samuel Mize
1997-08-15 0:00 ` Thomas Beale
1997-08-15 0:00 ` Samuel Mize
1997-08-15 0:00 ` Bertrand Meyer
1997-08-15 0:00 ` Jon S Anthony
1997-08-16 0:00 ` Ken Garlington
1997-08-14 0:00 ` Jon S Anthony
1997-08-14 0:00 ` Matthew Heaney
1997-08-14 0:00 ` Bertrand Meyer
1997-08-15 0:00 ` Jon S Anthony
1997-08-14 0:00 ` geldridg
1997-08-13 0:00 ` Bertrand Meyer
1997-08-13 0:00 ` Ken Garlington
1997-08-16 0:00 ` Robert Dewar
1997-08-16 0:00 ` Robert Dewar
1997-08-17 0:00 ` Bertrand Meyer
1997-08-19 0:00 ` Ken Garlington
1997-08-20 0:00 ` Robert Dewar
1997-08-21 0:00 ` Thomas Beale
1997-08-21 0:00 ` Robert Dewar [this message]
[not found] ` <33FD8685.AAAE3B4F@stratasys.com>
1997-08-22 0:00 ` Robert Dewar
[not found] ` <3401811D.1700E7BE@stratasys.com>
1997-08-25 0:00 ` Jon S Anthony
1997-08-29 0:00 ` Ken Garlington
1997-08-29 0:00 ` Jeff Kotula
1997-09-02 0:00 ` Ken Garlington
[not found] ` <33FE8732.4FBB@invest.amp.com.au>
1997-08-26 0:00 ` Nick Leaton
[not found] ` <33FFA324.4DB9@flash.net>
[not found] ` <34013F3E.27D4@invest.amp.com.au>
1997-08-29 0:00 ` Ken Garlington
1997-08-23 0:00 ` Ken Garlington
1997-08-20 0:00 ` Robert Dewar
[not found] ` <33FB3B29.41C67EA6@eiffel.com>
1997-08-20 0:00 ` Bertrand Meyer
[not found] ` <5tv9cs$85q@nntpa.cb.lucent.com>
[not found] ` <340341CA.2F1CF0FB@eiffel.com>
1997-08-27 0:00 ` Samuel Mize
1997-08-29 0:00 ` Ken Garlington
1997-08-21 0:00 ` W. Wesley Groleau x4923
1997-08-22 0:00 ` Bertrand Meyer
1997-08-22 0:00 ` W. Wesley Groleau x4923
1997-08-11 0:00 ` Don Harrison
1997-08-09 0:00 ` Marinos J. Yannikos
1997-08-07 0:00 ` Juergen Schlegelmilch
-- strict thread matches above, loose matches on Subject: below --
1997-08-21 0:00 aek
[not found] ` <33FC66AD.9A0799D4@calfp.co.uk>
1997-08-22 0:00 ` Robert S. White
1997-08-22 0:00 ` Samuel Mize
1997-08-22 0:00 ` Samuel Mize
1997-08-23 0:00 ` Ken Garlington
[not found] ` <33FFA4B1.3543@flash.net>
1997-08-26 0:00 ` Nick Leaton
[not found] ` <3406BEF7.2FC3@flash.net>
[not found] ` <3406E0F7.6FF7ED99@calfp.co.uk>
1997-09-02 0:00 ` Ken Garlington
1997-08-22 0:00 Critique of Ariane 5 paper (finally) AdaWorks
1997-08-22 0:00 Critique of Ariane 5 paper (finally!) Marin David Condic, 561.796.8997, M/S 731-96
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox