Re: [SystemSafety] Software reliability (or whatever you would prefer to call it) [UNCLASSIFIED]

From: Derek M Jones < >
Date: Tue, 10 Mar 2015 16:00:14 +0000


Martin,

> 2. In some environments (including space and aero) bit flipping in operation is not uncommon due to interactions with intersecting particles.

If your computer is less than 10 years old you are living in a bit-flip environment:
http://shape-of-code.coding-guidelines.com/2011/11/07/compiling-to-reduce-the-impact-of-soft-errors-on-program-output/

and thanks to Intel sticking to Moore's law things are going to get worse:
http://shape-of-code.coding-guidelines.com/2013/12/13/unreliable-cpus-and-memory-the-end-result-of-moores-law/

> (My opinions, not necessarily those of my employer)
>
> Martin
>
> -----Original Message-----
> Sent: 10 March 2015 13:12
> To: Yiannis I Papadopoulos
> Cc: systemsafety_at_xxxxxx > Subject: Re: [SystemSafety] Software reliability (or whatever you would prefer to call it)
>
> Hi Yiannis,
>
> I just wanted to point out that quantum effects can introduce randomness into the real (macroscopic) world.
> By design (as in the case of ERNIE) or unintentionally (as in the spurious FAIL indications of real-world measuring devices).
>
> For information (I've just done a web search to jog my memory) the devices in question were PDRM82 dose-rate meters, produced in great quantities by Plessey for the British government during the 1980s.
>
> But no - I've got no intention of writing papers about quantum reliability. Though I have to admit that the term has a certain ring to it :-)
>
> BTW you won't see an IF mutate into a FOR, because that's a conceptual thing. However, you might see a load into register
> R7 (say) mutate into a load into register R5 because of a bit-flip in the instruction as it gets transferred from memory to the instruction pipeline, and the result could be just as devastating.
>
> I have seen this happen in real-world hardware. The cause in this case was incorrect programming of a chip-select unit - we needed to add an extra wait state *after* reading from the hardware device in question to give it time to get off the bus. Without that extra wait state it sometimes interfered with a later instruction fetch. It was totally deterministic on any given build of the software. But change a few instructions somewhere the the effect would pop up somewhere else.
>
> If the trend in miniaturisation of processing elements continues, there may well be the possibility of a quantum mechanism causing a transient bit flip like this. Actually, there is a possibility even now, but the likelihood is so small as to be negligible (or at least hiding behind much bigger effects such as electrical or electromagnetic interference).
>
> Dave
>
> On 2015-03-10 12:14:40 +0000, Yiannis I Papadopoulos wrote:
>> Hi David! Thanks for the amusing post :)
>>
>> "I hate to destroy your comfortable illusion, but a long time ago (in
>> a galaxy quite close to where you live) the ERNIE machine that decided
>> who won the weekly and monthly premium bond draw in the UK used the
>> random noise in a particular kind of diode as the source for the
>> random numbers. I believe the noise is a quantum effect."
>>
>> Does this quantum effect show that there is "randomness" in the world? If quantum phenomena caused real randomness then the world would be fairly unpredictable. But still, the laws of physics are pretty deterministic and the macro-world is pretty predictable.
>>
>> On a more mundane level, unfortunately I have not seen yet much "real randomness" when I program, analyse, test and verify code. For example I have never seen an "if" mutating into a "for" or a stamement that is either an "if" or a "for" depending on the observer :). Admittedly it would have been fun, but never happened nevertheless.
>>
>> In any case, if you really believe that quantum mechanics introduces
>> real randomness in the macrocosm, and has impact on this discussion,
>> then I am really looking forward to reading your paper about how to
>> incorporate quantum mechanics in the assessment and verification of
>> systems and software (happy to coauthor too :)
>>
>> Thanks and have a good day! :)
>>
>> Yiannis
>>
>> -----Original Message-----
>> From: David Haworth [mailto:david.haworth_at_xxxxxx >> Sent: Tuesday, March 10, 2015 11:42 AM
>> To: Yiannis I Papadopoulos
>> Cc: Nick Tudor; systemsafety_at_xxxxxx >> Subject: Re: [SystemSafety] Software reliability (or whatever you
>> would prefer to call it)
>>
>> Hi Yiannis,
>>
>>> (... no Heisenberg please ... if quantum mechanics introduced any
>>> real randomness in the world as we know it, we would be in real trouble
>>> :)
>>
>> I hate to destroy your comfortable illusion, but a long time ago (in a
>> galaxy quite close to where you live) the ERNIE machine that decided
>> who won the weekly and monthly premium bond draw in the UK used the
>> random noise in a particular kind of diode as the source for the
>> random numbers. I believe the noise is a quantum effect.
>>
>> https://en.wikipedia.org/wiki/Premium_Bond#ERNIE
>> https://en.wikipedia.org/wiki/Hardware_random_number_generator
>>
>> I also spent many "happy" hours analysing why a range of radiation
>> monitors produced by the company I then worked for reported that they
>> had failed occasionally. The answer was that the tiny scrap of
>> radioactive material that was built into the Geiger tube in the
>> equipment, that was intended to provide at least one measurable decay
>> event every 3 seconds or so would in reality sometimes not produce
>> anything for 10 seconds or more. What's more, the calculations that we
>> made and the simulations that we ran correlated with the observed
>> phenomenon remarkably accurately.
>>
>> So in some sense, the randomness introduced by quantum mechanics had a
>> direct effect on my own experience. And quite likely on all those who
>> have won prizes in the premium bond draw :-)
>>
>> Dave
>>
>> On 2015-03-10 10:37:33 +0000, Yiannis I Papadopoulos wrote:
>>> " Software essentially boils down to a string of one's and nought's.
>>> Given the same inputs (and that always comes from the chaotic
>>> environment) then the output will always be the same. It therefore
>>> makes no sense to talk about 'software reliability' "
>>>
>>>
>>> The premise is true but does the conclusion follow?
>>>
>>>
>>> Take the example of throwing a dice.
>>>
>>>
>>> If you know everything about the dice and its environment and apply the
>>> laws of physics you can determine the outcome. You can be god,
>>> replicate the exact conditions and you will get the same outcome every
>>> time (... no Heisenberg please ... if quantum mechanics introduced any
>>> real randomness in the world as we know it, we would be in real trouble
>>> :)
>>>
>>>
>>> So, what is the purpose then of talking about randomness, probability
>>> and statistics to describe such phenomena? I think the answer is that
>>> it is often the best, sometimes the only way, to reason about complex
>>> deterministic processes. It is done all the time in science, why not in
>>> software?
>>>
>>>
>>> --
>>>
>>> Yiannis Papadopoulos
>>>
>>> http://www2.hull.ac.uk/science/computer_science/our_staff/staff_profile
>>> s/yiannis_papadopoulos.aspx
>>
>>> **************************************************
>>> To view the terms under which this email is distributed, please go
>>> to http://www2.hull.ac.uk/legal/disclaimer.aspx
>>> **************************************************
>>
>>> _______________________________________________
>>> The System Safety Mailing List
>>> systemsafety_at_xxxxxx >>
>>
>> --
>> David Haworth B.Sc.(Hons.), OS Kernel Developer david.haworth_at_xxxxxx >> Tel: +49 9131 7701-6154 Fax: -6333 Keys: keyserver.pgp.com
>> Elektrobit Automotive GmbH Am Wolfsmantel 46, 91058 Erlangen, Germany
>> Geschäftsführer: Alexander Kocher, Gregor Zink Amtsgericht Fürth HRB 4886
>
>> **************************************************
>> To view the terms under which this email is distributed, please go to
>> http://www2.hull.ac.uk/legal/disclaimer.aspx
>> **************************************************
>
>

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com
_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx
Received on Tue Mar 10 2015 - 17:00:27 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST