[SystemSafety] Fetzer

Peter Bernard Ladkin ladkin at causalis.com
Thu Jun 20 12:29:23 CEST 2019 

Brian,

(I have taken Cliff off the distribution, since he indicated a firm lack of interest.)

Thanks for the reference to your CACM paper with John D. Rereading it now, there is a lot right with
it. It seems to me that much of the message has been taken to heart by the dependable-SW community,
for which we may be thankful.

Your first major point is that the distinction needs to be made between an objective property of a
program and what we know about that property (and program), how we come to know it, and our
confidence in that knowledge.

This still gets people confused, even today. It has taken me some years to realise that there is no
good guide to how to make confidence estimates in the literature. There is, however, a brilliant
three-word indirect guide: "ask Peter Bishop".

Your anecdote about a teacher suggesting programs do not need to be tested if they have been
developed according to CbyC is an apt warning about overreach. And your citation of Avra Cohn's
study of VIPER reminded me that it was well known amongst many that formal verification of a portion
of a computation is only part of a dependability argument. It strikes me now that I had the good
fortune at the time to be working with people who all knew that.

I gave my five-line argument in a talk in Newcastle at Tom Anderson's invitation in the early 90's.
I also gave it to Friedrich von Henke's department in Ulm. I wrote it up (in more than a page - a
big mistake, I think) and sent it to Cliff for FAC; John Dobson reviewed it and didn't like it.
Thirty years on I still don't understand why people think there might be something wrong with it;
nor do I understand why none of the smart people who responded in the pages of CACM had thought of it.

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20190620/c903722a/attachment.sig>

More information about the systemsafety mailing list