[SystemSafety] A small taste of what we're up against
Nick Tudor
njt at tudorassoc.com
Fri Oct 26 14:33:34 CEST 2018
The list may be relieved to know that I made it to the far end of the
flight. I understand some may have been worried. Lots of C based devices
and all that. Now I’m going to jump into my car ......
On Fri, 26 Oct 2018 at 14:10, Olwen Morgan <olwen at phaedsys.com> wrote:
>
> I'd also question whether air accident investigations actually work in a
> way that would be likely to discover a software fault as a cause of an
> accident. Proximal physical causes are regularly sought and found.
> Software-related causes may be more distal and harder to prove.
>
> Olwen
>
>
> On 26/10/2018 12:55, C. Michael Holloway wrote:
>
> On 2018-10-26 (05.07.05), martyn at thomas-associates.co.uk wrote:
>
> On 26/10/2018 09:14, Dewi Daniels wrote:
>
> There are over 25,000 certified jet airliners in service world-wide, many
> containing software written in C. There has not been a single hull-loss
> accident in passenger service ascribed to a software fault.
>
> It's hard to eliminate these considerations when trying to draw more
> widely applicable conclusions from the achievements in this sector.
>
> Unfortunately it is not hard to believe that a lack of understanding of
> these considerations contributes to people thinking that using C (and
> C-derived languages) for safety critical systems is a 'proven' good idea.
> The implicit argument goes something like this: The commercial aviation
> community uses C quite a lot; the safety record in commercial aviation is
> fabulous; thus, using C is clearly acceptable. Over the years, I've heard
> people from the automotive and medical sectors (along with many
> researchers) justify their practices with words that reduce to this
> specious argument. Unfortunately, the same mentality has crept (or perhaps,
> leapt) into most parts of the aviation sector not involving large
> airplanes.
>
> Of course, the missing premises, which are essential to formulating an
> argument corresponding to reality, involve the factors that Martyn
> mentioned (rigorous software engineering practices, meticulous
> investigations of accidents, and such things). Rather than recognizing the
> importance of these factors, a whole lot of people (including folks within
> my own organization) think rigorous practices serve only to increase costs
> unnecessarily.
>
>
> --
>
> *C. Michael Holloway* (cMh)
> Senior Research Computer Engineer
> NASA Langley Research Center, Hampton VA USA
> bit.ly/cmhpapers
>
> Verba volant, scripta manent
> spoken words fly away, written words remain
>
> (The words in this message are mine alone;
> neither blame nor credit NASA for them.)
>
> _______________________________________________
> The System Safety Mailing Listsystemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription:
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
--
Nick Tudor
Tudor Associates Ltd
Mobile: +44(0)7412 074654
www.tudorassoc.com
*77 Barnards Green Road*
*Malvern*
*Worcestershire*
*WR14 3LR*
*Company No. 07642673*
*VAT No:116495996*
*www.aeronautique-associates.com <http://www.aeronautique-associates.com>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181026/388c3d6c/attachment-0001.html>
More information about the systemsafety
mailing list