<html><head></head><body><div class="ydp56c6bd8ayahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div dir="ltr" data-setdir="false">Hi Olwen.</div><div dir="ltr" data-setdir="false">I was asking about monitoring - Mission Ops Info Mgmt.<br></div><div dir="ltr" data-setdir="false"> In the case of a controller, how often did the target t exceed the laws of physics?</div><div dir="ltr" data-setdir="false"> In a RT system, how often were design assumptions violated?</div><div dir="ltr" data-setdir="false"> In a sort algorithm, you might want to know statistics about the sort - wide / narrow ; fixed length variable length;runtime</div><div dir="ltr" data-setdir="false"> Simulated annealing - iterations, restarts, etc.<br></div><div dir="ltr" data-setdir="false"><br></div>
</div><div id="yahoo_quoted_4085797441" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Monday, July 6, 2020, 2:51:34 p.m. EDT, Olwen Morgan <olwen@phaedsys.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv4587333003"><div>
<p><br clear="none">
</p>
<p>Not sure, but I've certainly been involved in the design and use
of a suite of tests that have comprehensively destroyed the claims
of developers of some CASE tools. The was the suite of 8500+ tests
that Derek Jones and I (almost entirely Derek - he actually
developed the tests in between our telephone brain-storming
sessions) used to test - pretty well to destruction - Purify and
Sentinel mid 1990s.</p>
<p>We both strongly suspected the tools were claiming much more than
they could actually do, so I'd regard that as justifiably
malicious destructive testing. ... :-))</p>
<p>Indeed that was one of the origins of my approach to software
testing in general that I've cited in the CbyC/UT thread. You
could fairly have called that particular exercise
"saturation-bombing testing".<br clear="none">
</p>
<p><br clear="none">
</p>
<p>Olwen</p>
<p><br clear="none">
</p>
<div class="yiv4587333003yqt5518961825" id="yiv4587333003yqtfd67301"><div class="yiv4587333003moz-cite-prefix">On 06/07/2020 18:58, Brent Kimberley
wrote:<br clear="none">
</div>
<blockquote type="cite">
</blockquote></div></div><div class="yiv4587333003yqt5518961825" id="yiv4587333003yqtfd29903"><div><div class="yiv4587333003ydpb4c12b05yahoo-style-wrap" dir="ltr" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;">
<div dir="ltr"> Tangential question, who
uses non-destructive testing to detect errors?<br clear="none">
</div>
<div><br clear="none">
</div>
</div>
<div class="yiv4587333003yahoo_quoted" id="yiv4587333003yahoo_quoted_4504540420">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div> On Monday, July 6, 2020, 1:37:49 p.m. EDT, Martyn Thomas
<a rel="nofollow" shape="rect" class="yiv4587333003moz-txt-link-rfc2396E" ymailto="mailto:martyn@thomas-associates.co.uk" target="_blank" href="mailto:martyn@thomas-associates.co.uk"><martyn@thomas-associates.co.uk></a> wrote: </div>
<div><br clear="none">
</div>
<div><br clear="none">
</div>
<div>
<div dir="ltr">On 05/07/2020 12:47, Olwen Morgan wrote:<br clear="none">
> Does anyone here honestly believe that you could
successfully defend<br clear="none">
> omitting UT in an action for negligence if a system
developed using<br clear="none">
> CbyC failed and killed someone as a result of a
defect that could have<br clear="none">
> been detected by UT?<br clear="none">
<br clear="none">
Can you guarantee that your UT will detect all the errors
that any<br clear="none">
possible UT would have detected? If so, how?<br clear="none">
<br clear="none">
Are you using successful tests as the axioms on which you
can develop a<br clear="none">
rigorous inductive proof of correctness, which (if I
recall correctly)<br clear="none">
Tony Hoare said was how testing should be used?<br clear="none">
<br clear="none">
If not, in your hypothetical example, how are you going to
defend having<br clear="none">
omitted the unit tests that would have detected the errors
that caused<br clear="none">
the failure that killed someone?<br clear="none">
<br clear="none">
I think you are doing what the opponents of FMs often do
and assuming<br clear="none">
that the proponent of C-by-C is claiming they can deliver
perfection.<br clear="none">
I'm certainly not - I'm saying that software engineering
seeks to make<br clear="none">
software that is as fit as is reasonably practicable for
it's intended<br clear="none">
purpose and that in my experience, being as rigorous as
reasonably<br clear="none">
practicable is tautologically how to achieve that.<br clear="none">
<br clear="none">
In my experience, most software teams don't even try to be
rigorous. At<br clear="none">
best they are skilled craftspeople, not professional
engineers.<br clear="none">
Sometimes that's good enough. Sometimes it may even be
what you need.<br clear="none">
Caveat emptor.
<div class="yiv4587333003yqt3860111027" id="yiv4587333003yqtfd29537"><br clear="none">
<br clear="none">
Martyn<br clear="none">
<br clear="none">
<br clear="none">
_______________________________________________<br clear="none">
The System Safety Mailing List<br clear="none">
<a rel="nofollow" shape="rect" ymailto="mailto:systemsafety@TechFak.Uni-Bielefeld.DE" target="_blank" href="mailto:systemsafety@TechFak.Uni-Bielefeld.DE">systemsafety@TechFak.Uni-Bielefeld.DE</a><br clear="none">
Manage your subscription: <a rel="nofollow" shape="rect" target="_blank" href="https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety">https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety</a><br clear="none">
</div>
</div>
</div>
</div>
</div>
<br clear="none">
<fieldset class="yiv4587333003mimeAttachmentHeader"></fieldset>
<pre class="yiv4587333003moz-quote-pre">_______________________________________________
The System Safety Mailing List
<a rel="nofollow" shape="rect" class="yiv4587333003moz-txt-link-abbreviated" ymailto="mailto:systemsafety@TechFak.Uni-Bielefeld.DE" target="_blank" href="mailto:systemsafety@TechFak.Uni-Bielefeld.DE">systemsafety@TechFak.Uni-Bielefeld.DE</a>
Manage your subscription: <a rel="nofollow" shape="rect" class="yiv4587333003moz-txt-link-freetext" target="_blank" href="https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety">https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety</a></pre>
</div></div></div><div class="yqt5518961825" id="yqtfd63398">_______________________________________________<br clear="none">The System Safety Mailing List<br clear="none"><a shape="rect" ymailto="mailto:systemsafety@TechFak.Uni-Bielefeld.DE" href="mailto:systemsafety@TechFak.Uni-Bielefeld.DE">systemsafety@TechFak.Uni-Bielefeld.DE</a><br clear="none">Manage your subscription: <a shape="rect" href="https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety" target="_blank">https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety</a></div></div>
</div>
</div></body></html>