[SystemSafety] Post Office Horizon System

Michael Jackson jacksonma at acm.org
Thu Jan 7 21:47:17 CET 2021 

Derek, 

If the code is designed on the assumption that a value assigned by statement s to a particular database record variable will remain unchanged until another assignment is executed in the code by statement t, then a fault experience can occur if the variable value is changed during a 'not-visible-in-the-code' event of the kind I mentioned in my email. It is obviousy not simple to check for all such possibilities by adding further code (such as assertion checks: quite apart from any other consideration, there may be an infinite regress). 

-- Michael

> On 7 Jan 2021, at 18:48, Derek M Jones <derek at knosof.co.uk> wrote:
> 
> Michael,
> 
>> ... In the Horizon case, can we consider only the likelihood of a 'coding mistake' in the progam texts? This, surely, is like analysing a rail crash by examining only the code of the interlocking system's programs. The fault may lie elsewhere.
> 
> Two things are needed for a fault experience to occur.
> 
> 1) a mistake in the code,
> 
> 2) the 'right' input value(s).
> 
> Nearly all research focuses on (1) because the information is
> readily available.
> 
> The likelihood of the 'right' input values occurring will depend on the
> quantity of input values and the variability in these values.
> 
> There are techniques that can be used to estimate certain kinds of (1),
> given information on fault experiences (assumptions are made about the
> distribution of (2):
> http://shape-of-code.coding-guidelines.com/2018/03/18/estimating-the-number-of-distinct-faults-in-a-program/
> 
> I don't know of any techniques of estimating (2), and this
> looks really difficult.  One possibility is counting users
> and trying to estimate the variability in their usage.
> 
> -- 
> Derek M. Jones           Evidence-based software engineering
> tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety

More information about the systemsafety mailing list