[SystemSafety] Software reliability (or whatever you would prefer to call it) [UNCLASSIFIED]
King, Martin (NNPPI)
martin.king2 at rolls-royce.com
Tue Mar 10 16:54:44 CET 2015
This message has been marked as UNCLASSIFIED by King, Martin (NNPPI)
David
Two things:
1. Your dose-rate meter 'failure' was in fact a failure of specification - the input signal is an almost truly random pulse train described correctly by Poissonian statistics. There is a finite and non-zero probability of seeing any given interval between the input pulses.
2. In some environments (including space and aero) bit flipping in operation is not uncommon due to interactions with intersecting particles.
(My opinions, not necessarily those of my employer)
Martin
-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of David Haworth
Sent: 10 March 2015 13:12
To: Yiannis I Papadopoulos
Cc: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Software reliability (or whatever you would prefer to call it)
Hi Yiannis,
I just wanted to point out that quantum effects can introduce randomness into the real (macroscopic) world.
By design (as in the case of ERNIE) or unintentionally (as in the spurious FAIL indications of real-world measuring devices).
For information (I've just done a web search to jog my memory) the devices in question were PDRM82 dose-rate meters, produced in great quantities by Plessey for the British government during the 1980s.
But no - I've got no intention of writing papers about quantum reliability. Though I have to admit that the term has a certain ring to it :-)
BTW you won't see an IF mutate into a FOR, because that's a conceptual thing. However, you might see a load into register
R7 (say) mutate into a load into register R5 because of a bit-flip in the instruction as it gets transferred from memory to the instruction pipeline, and the result could be just as devastating.
I have seen this happen in real-world hardware. The cause in this case was incorrect programming of a chip-select unit - we needed to add an extra wait state *after* reading from the hardware device in question to give it time to get off the bus. Without that extra wait state it sometimes interfered with a later instruction fetch. It was totally deterministic on any given build of the software. But change a few instructions somewhere the the effect would pop up somewhere else.
If the trend in miniaturisation of processing elements continues, there may well be the possibility of a quantum mechanism causing a transient bit flip like this. Actually, there is a possibility even now, but the likelihood is so small as to be negligible (or at least hiding behind much bigger effects such as electrical or electromagnetic interference).
Dave
On 2015-03-10 12:14:40 +0000, Yiannis I Papadopoulos wrote:
> Hi David! Thanks for the amusing post :)
>
> "I hate to destroy your comfortable illusion, but a long time ago (in
> a galaxy quite close to where you live) the ERNIE machine that decided
> who won the weekly and monthly premium bond draw in the UK used the
> random noise in a particular kind of diode as the source for the
> random numbers. I believe the noise is a quantum effect."
>
> Does this quantum effect show that there is "randomness" in the world? If quantum phenomena caused real randomness then the world would be fairly unpredictable. But still, the laws of physics are pretty deterministic and the macro-world is pretty predictable.
>
> On a more mundane level, unfortunately I have not seen yet much "real randomness" when I program, analyse, test and verify code. For example I have never seen an "if" mutating into a "for" or a stamement that is either an "if" or a "for" depending on the observer :). Admittedly it would have been fun, but never happened nevertheless.
>
> In any case, if you really believe that quantum mechanics introduces
> real randomness in the macrocosm, and has impact on this discussion,
> then I am really looking forward to reading your paper about how to
> incorporate quantum mechanics in the assessment and verification of
> systems and software (happy to coauthor too :)
>
> Thanks and have a good day! :)
>
> Yiannis
>
> -----Original Message-----
> From: David Haworth [mailto:david.haworth at elektrobit.com]
> Sent: Tuesday, March 10, 2015 11:42 AM
> To: Yiannis I Papadopoulos
> Cc: Nick Tudor; systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] Software reliability (or whatever you
> would prefer to call it)
>
> Hi Yiannis,
>
> > (... no Heisenberg please ... if quantum mechanics introduced any
> > real randomness in the world as we know it, we would be in real trouble
> > :)
>
> I hate to destroy your comfortable illusion, but a long time ago (in a
> galaxy quite close to where you live) the ERNIE machine that decided
> who won the weekly and monthly premium bond draw in the UK used the
> random noise in a particular kind of diode as the source for the
> random numbers. I believe the noise is a quantum effect.
>
> https://en.wikipedia.org/wiki/Premium_Bond#ERNIE
> https://en.wikipedia.org/wiki/Hardware_random_number_generator
>
> I also spent many "happy" hours analysing why a range of radiation
> monitors produced by the company I then worked for reported that they
> had failed occasionally. The answer was that the tiny scrap of
> radioactive material that was built into the Geiger tube in the
> equipment, that was intended to provide at least one measurable decay
> event every 3 seconds or so would in reality sometimes not produce
> anything for 10 seconds or more. What's more, the calculations that we
> made and the simulations that we ran correlated with the observed
> phenomenon remarkably accurately.
>
> So in some sense, the randomness introduced by quantum mechanics had a
> direct effect on my own experience. And quite likely on all those who
> have won prizes in the premium bond draw :-)
>
> Dave
>
> On 2015-03-10 10:37:33 +0000, Yiannis I Papadopoulos wrote:
> > " Software essentially boils down to a string of one's and nought's.
> > Given the same inputs (and that always comes from the chaotic
> > environment) then the output will always be the same. It therefore
> > makes no sense to talk about 'software reliability' "
> >
> >
> > The premise is true but does the conclusion follow?
> >
> >
> > Take the example of throwing a dice.
> >
> >
> > If you know everything about the dice and its environment and apply the
> > laws of physics you can determine the outcome. You can be god,
> > replicate the exact conditions and you will get the same outcome every
> > time (... no Heisenberg please ... if quantum mechanics introduced any
> > real randomness in the world as we know it, we would be in real trouble
> > :)
> >
> >
> > So, what is the purpose then of talking about randomness, probability
> > and statistics to describe such phenomena? I think the answer is that
> > it is often the best, sometimes the only way, to reason about complex
> > deterministic processes. It is done all the time in science, why not in
> > software?
> >
> >
> > --
> >
> > Yiannis Papadopoulos
> >
> > http://www2.hull.ac.uk/science/computer_science/our_staff/staff_profile
> > s/yiannis_papadopoulos.aspx
>
> > **************************************************
> > To view the terms under which this email is distributed, please go
> > to http://www2.hull.ac.uk/legal/disclaimer.aspx
> > **************************************************
>
> > _______________________________________________
> > The System Safety Mailing List
> > systemsafety at TechFak.Uni-Bielefeld.DE
>
>
> --
> David Haworth B.Sc.(Hons.), OS Kernel Developer david.haworth at elektrobit.com
> Tel: +49 9131 7701-6154 Fax: -6333 Keys: keyserver.pgp.com
> Elektrobit Automotive GmbH Am Wolfsmantel 46, 91058 Erlangen, Germany
> Geschäftsführer: Alexander Kocher, Gregor Zink Amtsgericht Fürth HRB 4886
> **************************************************
> To view the terms under which this email is distributed, please go to
> http://www2.hull.ac.uk/legal/disclaimer.aspx
> **************************************************
--
David Haworth B.Sc.(Hons.), OS Kernel Developer david.haworth at elektrobit.com
Tel: +49 9131 7701-6154 Fax: -6333 Keys: keyserver.pgp.com
Elektrobit Automotive GmbH Am Wolfsmantel 46, 91058 Erlangen, Germany
Geschäftsführer: Alexander Kocher, Gregor Zink Amtsgericht Fürth HRB 4886
The following attachments and classifications have been attached:
The data contained in, or attached to, this e-mail, may contain confidential information. If you have received it in error you should notify the sender immediately by reply e-mail, delete the message from your system and contact +44 (0) 1332 622800(Security Operations Centre) if you need assistance. Please do not copy it for any purpose, or disclose its contents to any other person.
An e-mail response to this address may be subject to interception or monitoring for operational reasons or for lawful business practices.
(c) 2015 Rolls-Royce plc
Registered office: 62 Buckingham Gate, London SW1E 6AT Company number: 1003142. Registered in England.
More information about the systemsafety
mailing list