Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Wednesday June 03 2015, @09:48AM   Printer-friendly
from the wishful-thinking-and-faith dept.

Your average scripter likely isn't writing a whole lot of proofs or going through the rigors of formal program verification, generally. Which is fine because your average scripter also isn't writing software for jet airliners or nuclear power plants or robotic surgeons. But somebody is—and the odds are pretty good that your life has been in their hands very recently. How do you know they're not a complete hack ?

Well, you don't really. Which prompts the question: How is this sort of code tested? It was a short blog post written by Gene Spafford, a professor of computer science at Purdue University, that inspired this particular asking of the question.

http://motherboard.vice.com/read/how-is-critical-life-or-death-software-tested

[Related]: They Write the Right Stuff by Charles Fishman at Fast Company


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Rich on Wednesday June 03 2015, @02:06PM

    by Rich (945) on Wednesday June 03 2015, @02:06PM (#191596) Journal

    I work in sector where a device still may entirely cease to operate, but under absolutely no circumstances may output a wrong result, and I've been at it since before formal processes, at least for private industry, were widely introduced. It all boils down to a lot of testing, by people with good common sense who know what they are doing.

    No known process on this planet will provide the silver bullet. Even if you could formalize some specification to the point of being described in a parseable descriptive/functional language, would model that out on two entirely different systems by entirely different teams, and then mathematically prove that both match the spec, the spec can still be wrong, because the people writing it didn't have the full grasp of the real world (which is relativistic and indeterminate). You can buy a good amount of reliability of non NP-hard algorithms in newtonian 3-space here, but that comes at an insanely high price.

    In reality, rigorous real-life testing will usually do the job. I've heard that in the case of S. P. Korolev, it was more or less the simple metric of 4 good launches before a man would go. Although highly successful back in the day, that would certainly not suffice for today's more safety-conscious societies :)

    I would estimate that devices of the class I described require a testing effort of about 5 to 10 times the development effort. E.g. a product shipping with new software with a complexity of half a man-year of a single programmer will burn through four full time test engineers for a year. The introduction of formal development processes mostly added a huge audit paper trail, while it hardly changed what was considered needed to be done and done through testing.

    For development itself, it stayed pretty much as it ever was. More forms need to be filled today, though. And there is (peer) review, which very often is hardly more than the developer alone loudly thinking through the code once more. In a commercial environment, anyone who could show up prepared enough to be a "peer" is busily working on another project and is not allowed to spare time for anything else. Reviews do catch issues, though for the many of these issues, a diligently listening pet rabbit would have the same effect as a room full of expensive people on a review board.

    All the above seems to hold true for most embedded areas that i've seen, give or take a few specifics, be it critical telecom infrastructure, medical, or automotive. I've not seen much failure-is-fatal stuff (e.g. ABS/ESP, Fly-by-Wire,...) though.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3