Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

From: Martyn Thomas < >
Date: Wed, 2 Mar 2016 11:45:18 +0000

On 01/03/2016 14:15, paul_e.bennett_at_xxxxxx
> There was a saying that went something like
> "You can make it simple enough there are obviously no errors
> or you can make it so complex there are no obvious errors"
> I tend to favour the former approach.

This comes from Tony Hoare's Turing Award lecture.

"There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. It demands the same skill, devotion, insight, and even inspiration as the discovery of the simple physical laws which underlie the complex phenomena of nature."

He also said (about PL/1):

"At first I hoped that such a technically unsound project would collapse but I soon realized it was doomed to success. Almost anything in software can be implemented, sold, and even used given enough determination. There is nothing a mere scientist can say that will stand against the flood of a hundred million dollars. But there is one quality that cannot be purchased in this way and that is reliability. The price of reliability is the pursuit of the utmost simplicity. It is a price which the very rich find most hard to pay."

and (among many other profound insights):

"The real value of tests is not that they detect bugs in the code, but that they detect inadequacies in the methods, concentration, and skills of those who design and produce the code."


The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Mar 02 2016 - 12:44:58 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:08 CEST