[SystemSafety] Correctness by Construction

Brent Kimberley brent_kimberley at rogers.com
Wed Jul 15 05:21:27 CEST 2020


 Hi Michael.Perhaps I misinterpreted the question.  I though the question was how can software developers reason reliability about the physical world?
My response was write more code.  ;)   
More precisely have the software to develop inferences WRT sensor / actuator / FRU / logic / bus  - failure & train operators. ;)

For example write the requested logic plus an engine to progressively refine world view.  


For example for a fly by wire or environmental controls system: there may be certain assumptions about the physical sensors, actuators, structural members, buses, DAQs, energy sources, clocks, FRUs, by which the logic engages with the physical world.  The epistemology engine would continuously update it's world view assumptions and inform an ontology layer - used by the requested software logic - to interact with the physical world.
For four engines delivering power (and data) to four propulsion units - transmission grid.  The epistemology engine identifies events such as faults, updating the ontology model, and the requested software logic using the ontology layer could to control available propulsion units - routing power (and data) around faults - in a way which ideally preserves assets. 


    On Tuesday, July 14, 2020, 12:37:22 p.m. EDT, Michael Jackson <jacksonma at acm.org> wrote:  
 
 Brent: 

> On 14 Jul 2020, at 17:06, Brent Kimberley <brent_kimberley at rogers.com> wrote:
> 
> >> how are the software developers to reason reliably about the physical problem world where the important requirements are located and defined, and will---or will not---be satisfied? 
> 
> An automated World view inquiry framework? epistemology automation? ;)

I don't understand what point you are making. Please explain.

-- Michael

> 
> On Tuesday, July 14, 2020, 5:14:50 a.m. EDT, Michael Jackson <jacksonma at acm.org> wrote:
> 
> 
> Dewi: 
> 
> Yes: but how are requirements to be expressed and communicated to the software developers? And if the requirements are communicated, how are the software developers to reason reliably about the physical problem world where the important requirements are located and defined, and will---or will not---be satisfied? And is 'correctness' a proper word to use about artifacts in the physical world at the scales relevant to software engineering? 
> 
> Yours, 
> 
> -- Michael
> 
> > On 13 Jul 2020, at 20:55, Dewi Daniels <dewi.daniels at software-safety.com> wrote:
> > 
> > Michael,
> > 
> > In the context of “Correctness by Construction”, I would say that Correctness means “compliance with requirements”.
> > 
> > Yours,
> > Dewi
> > 
> > On Mon, 13 Jul 2020 at 13:59, Michael Jackson <jacksonma at acm.org> wrote:
> > Hoping for illuminating replies, I ask an open question. 
> > 
> > In the phrase "Correctness by Construction", what does 'correctness' mean? 
> > 
> > -- Michael
> > _______________________________________________
> > The System Safety Mailing List
> > systemsafety at TechFak.Uni-Bielefeld.DE
> > Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
> > -- 
> > Yours,
> > 
> > Dewi Daniels | Director | Software Safety Limited
> > 
> > Telephone +44 7968 837742 | Email dewi.daniels at software-safety.com
> > 
> > Software Safety Limited is a company registered in England and Wales. Company number: 9390590. Registered office: Fairfield, 30F Bratton Road, West Ashton, Trowbridge, United Kingdom BA14 6AZ
> > 
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20200715/a5f56a0c/attachment.html>


More information about the systemsafety mailing list