[SystemSafety] Bursting the anti formal methods bubble

Peter Bishop pgb at adelard.com
Thu Oct 26 13:00:30 CEST 2017


Some years ago, I trawled through FAA Airworthiness Directives,
(required improvements to address aircraft safety issues)
As noted in an earlier post, there is very little about software in
these reports.
But there were a lot of ADs for units that are *software intensive*
(Flight management, Autopilot, TCAS, etc).
So just because there is no direct mention of the software, we cannot
assume there are no software issues.

Peter Bishop

On 26/10/2017 10:03, Matthew Squair wrote:
> Perhaps we should say that software engineers have a denial problem?
> Updating Derek’s original 2009 post a little:
> 
> 1. Qantas QF72 - a dozen or more serious injuries (Inability of software
> to handle Byzantine fault)
> 2. Ariane 501 - loss of multi-million dollar mission/payload (poor code
> reuse)
> 3. Titan IVB-32 loss of multi-million dollar mission/payload (poor code
> reuse)
> 4. Therac 25B multiple patient deaths (race conditions in software)
> 5. 2011 24% of medical device recalls by US FDA due to software
> (multiple reasons - mostly patient safety related )
> 6. Toyota cruise control software defect - at least one death and one
> severe injury (defective watchdog design + spaghetti code) 
> 7. 2015 A400 crash - Four crew dead and two sever injuries (design fault
> - software cal data load error undetectable prior to flight) 
> 
> Back in the day when riverboat and steam engine boilers went ‘kaboom’ on
> a regular basis there was a clear recognition that this was technology
> problem and we got firm regulation and the supporting boiler safety
> codes. But software? Not so much it appears, my question is why is that? 
>  
> 
> 
> On 26 October 2017 at 3:43:31 am, Martyn Thomas
> (martyn at thomas-associates.co.uk <mailto:martyn at thomas-associates.co.uk>)
> wrote:
> 
>> Some of them are here: *JT James*, /A new, evidence-based estimate of
>> patient harms associated with hospital care/,
>> Journal of Patient Safety, 2013 Sep;9(3):122-8. doi:
>> 10.1097/PTS.0b013e3182948a69., for the reasons that Harold Thimbleby
>> has described.
>>
>> Martyn
>>
>>
>>
>> On 25/10/2017 17:23, Derek M Jones wrote:
>>>
>>> Software engineering has a dead body problem:
>>> http://shape-of-code.coding-guidelines.com/2009/11/18/where-are-the-dead-bodies/
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>> <mailto:systemsafety at TechFak.Uni-Bielefeld.DE>
> 
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> 

-- 

Peter Bishop
Chief Scientist
Adelard LLP
24 Waterside, 44-48 Wharf Rd, London N1 7UX
http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855

Registered office: Stourside Place, Station Road, Ashford, Kent TN12 1PP
Registered in England & Wales no. OC 304551. VAT no. 454 489808

This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.


More information about the systemsafety mailing list