[SystemSafety] Deterministic or not?
Prof. Dr. Peter Bernard Ladkin
ladkin at causalis.com
Wed Aug 7 12:37:39 CEST 2024
On 2024-08-07 10:58 , Paul Sherwood wrote:
> Peter,
>
> Accepting Dewi's statement that "Prof. Peter Ladkin is one of the World's leading experts on
> practical statistical evaluation of critical software", I hope you don't mind me asking you this
> question directly.
>
> Do you consider that the behaviour of critical software running on a multicore microprocessor can
> and should be deterministic?
Pass.
I think it certainly "can" be deterministic if the processor is so configured and the software is
simple enough and was built to principles such as those of SPARK. But I don't know that it is
reasonable to expect behaviour to be deterministic in general safety-related circumstances. Twenty
years ago, Kevin & co related a Byzantine failure in critical civil-aviation control software; Dewi
has related a more recent case at Airbus. Certainly you don't want those kinds of indeterminism
occurring, which is why it is an airworthiness issue. But to say "should" likely goes beyond the
state of the practice.
I attach a note Harold Thimbleby, Martyn and I wrote just over a month ago. It contains a bit more
detail, in particular a list (from Martyn) of all the co-occurring things which can cause even
single-threaded perfect-semantics SW behaviour to be non-deterministic.
PBL
Prof. Dr. Peter Bernard Ladkin
Causalis Limited/Causalis IngenieurGmbH, Bielefeld, Germany
Tel: +49 (0)521 3 29 31 00
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20240618StochasticDeterministic.pdf
Type: application/pdf
Size: 198046 bytes
Desc: not available
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20240807/5f81fc64/attachment-0001.pdf>
More information about the systemsafety
mailing list