Re: [SystemSafety] Static Analysis

From: Peter Bernard Ladkin < >
Date: Mon, 03 Mar 2014 13:30:57 +0100


On 2014-03-03 10:51 , Michael Jackson wrote:
> I think Patrick Graydon's point is that in any system involving the physical world
> (including human behaviour) there are inescapable concerns that lie beyond the
> reach of mathematical and logical reasoning and demand tests and experiments
> for their investigation........
> The phrase 'try-it-and-see' sounds like a sneer; but perhaps it is a valuable reminder
> that mathematical certainty of safety is simply not achievable.

IEC 61508 accepts that mathematical certainty of safety is not achievable either.

I have nothing against testing, far from it! (But, as Martyn, I do have my reservations about testing being used as a means deliberately to detect bugs rather than as a means to assure via relative exception-freedom that the development was appropriate.)

I was interpreting "try it and see" from Derek Jones's original point, cited by Les Chambers:

> If you have to implement a system quickly, where there is lots
> uncertainty about what needs to be done and how to do it, there
> are advantages to rolling out partially working systems. You get
> to learn a lot.
> ..........
> I don't think we should dismiss the suck it and see approach. It does
> have some advantages.

That doesn't sound like testing. That sounds like experimenting. Les pointed out that learning from accidents is de rigueur but learning through accidents is an unacceptable development method for critical systems.

Whether or not I read Patrick correctly, I wanted to clarify that in safety-critical areas the standards, and laws based on them, do not accept "rolling out partially working systems" unless they can be shown per the criteria to fulfil their safety requirements anyway.

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Tel+msg +49 (0)521 880 7319

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Mar 03 2014 - 13:31:10 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST