From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,d923bb34ea827f56 X-Google-Attributes: gid103376,public From: kurtz@mustang.nrl.navy.mil (Bob Kurtz) Subject: Re: Ada / Boeing 777 Date: 1996/03/19 Message-ID: #1/1 X-Deja-AN: 143192307 references: <4ia0l3INNatk@faatcrl.faa.gov> <314D2D86.41A8@lfwc.lockheed.com> organization: Hughes STX @ US Naval Research Lab, Wash. DC newsgroups: comp.lang.ada Date: 1996-03-19T00:00:00+00:00 List-Id: In article <314D2D86.41A8@lfwc.lockheed.com>, Ken Garlington wrote: > Tim Rowe wrote: > > > > AIUI the Airbus range has triplicated *diverse* systems for critical > > functions. The 777 has triplicated *identical* systems (I'm trusting the > > press for this, so it may not be gospel). > > If I recall the TRI-Ada stuff on this, it's the same source code, compiled > with three different compilers for three different targets. So, it > depends on what you mean by "diversity." > > As Levison and Knight's work indicates (and my experience bears out), > code diversity don't mean much, though. So true. Difficult software tends to be difficult for everybody. And with most (or at least many) major software faults originating in requirements interpretation, who is to say that different software sets weren't *all* built wrong based on an incorrect interpretation of (probably vague) requirements? Or worse yet, you could have as many sets of perfect software as you like, all written to be compliant with faulty requirements. -- Bob Kurtz (kurtz@mustang.nrl.navy.mil) Hughes STX Corp., US Naval Research Lab, Washington DC