[SystemSafety] Logic

[Michael Tempest]

Peter

On 2/16/14, Les Chambers <les at chambers.com.au> wrote:
> Peter
> I am in furious agreement with Steve Tockey.

And so am I.

I observed two patterns over the 15-odd years that I worked for an
airborne military systems house (where I wrote mostly 178B level C
"commercial software", since the general practice was to design
systems where software could not contribute to hazards):
1) The programmers with an electronics engineering background found it
very difficult to express an argument (for example, why it is okay to
violate *this* coding standard rule *here*) and even more difficult to
review an argument. I fall into this category and I learned to do it
badly (by the standards of this list).
2) The programmers with a computer science or computer engineering
background generally understood formal methods and were often
enthusiastic about them, yet were not able to apply them
cost-effectively. Curiously (to me), they were not much better at
expressing arguments. They did do slightly better at reviewing
arguments.

I remain puzzled that, in addition to the above, these programmers
(including myself) did not really understand the meaning of the code
they wrote, this lack of understanding did not bother them, and they
nevertheless wrote software that worked and was certified, and along
the way they reviewed each others' software and found defects. It
clearly worked, but...

[snip]
> We must find a way to bring formal methods out of the lab and into general use.
[snip]
> My humble suggestion for a starting point is to start with something that
> programmers know and move on from there.
[snip]

As one of the "highly paid amateur" programmers, that would be very welcome.

Kind regards
Michael