[SystemSafety] A Fire Code for Software?

Steve Tockey Steve.Tockey at construx.com
Wed Mar 7 23:08:42 CET 2018 

Andy,
As I suspected, the issue is different definitions of “model based”. I would say that what you are talking about is “component based”. And yes, I agree, that a lot of that work is done in plug-and-pray fashion.

My definition of “model based” involves creating and maintaining precise specifications of semantics: policies that need to be enforced and processes that need to be carried out. These models are built in a subset of UML that’s had much more precise semantics defined for it. I mentioned on this list earlier than I’ve recently finished a new book on the topic (I can share a DropBox URL to the manuscript again if anyone is interested). The focus of these semantic models is precisely on understanding the user base. That’s why I wanted to clarify with you.


Enjoy your vacation, and definitely enjoy the rum,

— steve



From: Andy Ashworth <andy at the-ashworths.org<mailto:andy at the-ashworths.org>>
Date: Tuesday, March 6, 2018 at 1:03 PM
To: Steve Tockey <Steve.Tockey at construx.com<mailto:Steve.Tockey at construx.com>>
Cc: "paul_e.bennett at topmail.co.uk<mailto:paul_e.bennett at topmail.co.uk>" <paul_e.bennett at topmail.co.uk<mailto:paul_e.bennett at topmail.co.uk>>, "systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>" <systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>>
Subject: Re: [SystemSafety] A Fire Code for Software?

I’ve seen a number of so called software engineers using “pre-defined blocks” assembled in a plug-and-pray manner. My concern is we’re losing sight of the underlying fundamentals all too often sacrificing quality in favour of cost and schedule.

Any typos, courtesy of Antiguan rum punch - I’m on vacation!

Andy

Sent from my iPhone

On Mar 6, 2018, at 16:41, Steve Tockey <Steve.Tockey at construx.com<mailto:Steve.Tockey at construx.com>> wrote:


Andy,
You wrote:

“Model based software development, accountancy packages, stress analysis packages, etc. - all contribute to the diminution of understanding in the user base.”

What is your definition of “model based software development”? According to my definition, exactly the opposite is true: “Lack of model based software development contributes to the diminution of understanding in the user base”


— steve



From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de<mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de>> on behalf of Andy Ashworth <andy at the-ashworths.org<mailto:andy at the-ashworths.org>>
Date: Tuesday, March 6, 2018 at 11:27 AM
To: "paul_e.bennett at topmail.co.uk<mailto:paul_e.bennett at topmail.co.uk>" <paul_e.bennett at topmail.co.uk<mailto:paul_e.bennett at topmail.co.uk>>, "systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>" <systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>>
Subject: Re: [SystemSafety] A Fire Code for Software?

The THERAC 25 analysis by Nancy Leveson has directly attributed deaths to software. However, this was nearly 30 years ago and I’m fairly sure that today’s developers would glibly ignores the lessons due to the passage of time. Ultimately, I believe that the widespread use of the PC has resulted in several unintended consequences.

1. The public accept programming errors as a matter of course (the infamous blue screen of death) and cannot see that there are potential homicdal consequences.

2. The widespread availability of programming tools has created a generation of programmers who have little or no knowledge of engineering rigour.

3. The widespread availability of tools in general has created a generation who have access to the tools previously restricted to qualified professionals - we’ve taught people how to do things, without giving them an understanding of the underlying rationale. Model based software development, accountancy packages, stress analysis packages, etc. - all contribute to the diminution of understanding in the user base.

Andy

Get Outlook for iOS<https://aka.ms/o0ukef>



On Tue, Mar 6, 2018 at 3:13 PM -0400, <paul_e.bennett at topmail.co.uk<mailto:paul_e.bennett at topmail.co.uk>> wrote:


On 06/03/2018 at 7:00 PM, "Derek M Jones"  wrote:
>
>As I keep reminding people,
>safety related software has a (lack of) dead body problem.

I am certain there are dead bodies around, caused by software errors.
However, whether those dead bodies have been properly ascribed to
the software as a cause is debatable.

The Toyota case left us with several dead bodies attributable to poor
system design and shoddy software.

I don't know how many eventually died from the Therac case.

We should be cataloguing these dead body cases somewhere central,
perhaps with the financial backing of insurance companies, so that
there is a central resource where the lessons can be given.

Regards

Paul E. Bennett IEng MIET
Systems Engineer
Lunar Mission One Ambassador
--
********************************************************************
Paul E. Bennett IEng MIET.....
Forth based HIDECS Consultancy.............
Mob: +44 (0)7811-639972
Tel: +44 (0)1392-426688
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk<http://www.electric-boat-association.org.uk>..
********************************************************************

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at TechFak.Uni-Bielefeld.DE>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180307/d6cb4ae9/attachment-0001.html>

More information about the systemsafety mailing list