Stories
Slash Boxes
Comments

SoylentNews is people

How is Critical 'Life or Death' Software Tested?

posted by n1 on Wednesday June 03 2015, @09:48AM   Printer-friendly
from the wishful-thinking-and-faith dept.

AnonTechie writes:

Your average scripter likely isn't writing a whole lot of proofs or going through the rigors of formal program verification, generally. Which is fine because your average scripter also isn't writing software for jet airliners or nuclear power plants or robotic surgeons. But somebody is—and the odds are pretty good that your life has been in their hands very recently. How do you know they're not a complete hack ?

Well, you don't really. Which prompts the question: How is this sort of code tested? It was a short blog post written by Gene Spafford, a professor of computer science at Purdue University, that inspired this particular asking of the question.

http://motherboard.vice.com/read/how-is-critical-life-or-death-software-tested

[Related]: They Write the Right Stuff by Charles Fishman at Fast Company

Original Submission

 
This discussion has been archived. No new comments can be posted.
How is Critical 'Life or Death' Software Tested? | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday June 03 2015, @11:55PM

    by Anonymous Coward on Wednesday June 03 2015, @11:55PM (#191822)

    It is pretty well known that complete testing is impossible. Consider the element of time. Have you tested every single time value of the clock that is possible? People talk about code coverage, but what does that mean? Does that mean every line is hit? Every possible combination of branches? All possible states? Consider an application that is a single API end point that takes in a HTTP post with a parsed string? To do complete testing, that might mean the factorial of bits allowed by the posting system. This is even ignoring the limitations of the other systems, such as apache or IIS that your API sits on top of. Or the interaction between your API and other system...or the operating system....or the meta data included in an HTTP post...or the hardware that the system runs on...or the speed of the client computer's network...or solar radiation (a real issue; http://www.cs.toronto.edu/~bianca/papers/sigmetrics09.pdf [toronto.edu] )... or time. So why pretend we can?

    I don't disagree that it is difficult for lay people to filter out the wheat from the chaff or the sentiment that we experts should be doing this regarding software development. Cem Kaner suggested a open certification (http://kaner.com/?p=392 ) process because we don't even have deep agreement on what testing actually is, much less how much is needed. To create a license from the state would suggest we actually do have a solid understanding of how to build software. Heck, most developers don't even know that toUppering Turkish characters can get you into trouble (http://www.i18nqa.com/iuc37-Texin-Critical%20values%20for%20i18n%20testing.pdf )! I think that we as a group don't really know how to develop software, even for medical systems (http://www.popsci.com/technology/article/2012-10/hacker-attackers-could-reverse-pacemakers-distance-delivering-deadly-shocks ), but I hope to get ourselves closer to that point in my lifetime.

    - JCD