Re: [BLACKBOX] Secure Software - Dependable Software from [at]} on 2009-09-26 (BB-FullArchive.mbox)

From: [at]} <Bernhard>
Date: Sat, 26 Sep 2009 11:34:47 +0200

----boundary-LibPST-iamunique-682396282_-_-
Content-type: text/plain

> capability that used DirectX, which set the floating point unit to 32
> bit accuracy, and left it there.

who is to blame for that?

.NET runtime?
DirectX runtime?
CP runtime?
the design(ers) of the FPU?

> to set the floating point control register explicitly, and we should
> call this in our source code before each and every floating point
> operation?

what happens if context switches occur?

Bernhard

----- Original Message -----
From: "Campbell, Robert (SELEX GALILEO, UK)"
<robert.d.campbell{([at]})nowhere.xy
To: <BLACKBOX{([at]})nowhere.xy
Sent: Thursday, September 24, 2009 10:43 AM
Subject: Re: [BLACKBOX] Secure Software - Dependable Software

>> On Tue, 22 Sep 2009, Chris Burrows wrote:
>>
>> David Jackson of MIT has written an interesting article
>> titled "A Direct
>> Path to Dependable Software". In part he says ...

>> You can download the complete article from:

>> http://sdg.csail.mit.edu/pubs/2008/cacm-08.pdf

An interesting article ...

Some years ago I wrote a fairly extensive piece of code to solve a
difficult
mathematical problem in CP / BlackBox. Some time later a colleague (who
uses C# / .NET)
had the same problem, and so wanted access to my solution. I compiled
the code into a .NET
dll using the Gardens Point CP compiler, he linked it into his C#, and
all seemed well - a
success!.

A year or so later some inaccuracies were noticed, then the CP module
began to 'hang' in
infinite loops. This was a big problem, caused a lot of anguish, and
gave CP a bad name locally.

Ultimately we traced the immediate cause to the assumption made in the
CP code that the floating
point unit was working in 64 or 80 bits accuracy. In fact the C#
application had grown a 3D graphics
capability that used DirectX, which set the floating point unit to 32
bit accuracy, and left it there.

Result - a non-(*dependable*) programme.

Do we just accept this? - or should there be a solution? Maybe the CP
(*language*) needs a command
to set the floating point control register explicitly, and we should
call this in our source code
before each and every floating point operation?

I would prefer a more elegant and efficient solution.

Maybe some (*mistake*) was made in the way the C# application was coded
(I honestly don't
know whose 'fault', if indeed it was a fault, this problem was). But
that fact that such a
fault can occur without obvious prompting seems to me to be a
dependability issue very similar
to a memory leak or an out-of-bounds array access; things that a
dependable language would
simply eliminate.

Regards

Robert
SELEX Sensors and Airborne Systems Limited
Registered Office: Sigma House, Christopher Martin Road, Basildon, Essex
SS14 3EL
A company registered in England & Wales. Company no. 02426132
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

----
To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to 
LISTSERV{([at]})nowhere.xy----
To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy----boundary-LibPST-iamunique-682396282_-_-
Content-type: application/rtf
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="rtf-body.rtf"
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZnJvbXRleHQgXGRlZmYwe1xmb250dGJsDQp7XGYwXGZz
d2lzcyBBcmlhbDt9DQp7XGYxXGZtb2Rlcm4gQ291cmllciBOZXc7fQ0Ke1xmMlxmbmlsXGZjaGFy
c2V0MiBTeW1ib2w7fQ0Ke1xmM1xmbW9kZXJuXGZjaGFyc2V0MCBDb3VyaWVyIE5ldzt9fQ0Ke1xj
b2xvcnRibFxyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTt9DQpcdWMxXHBh
cmRccGxhaW5cZGVmdGFiMzYwIFxmMFxmczIwID4gY2FwYWJpbGl0eSB0aGF0IHVzZWQgRGlyZWN0
WCwgd2hpY2ggc2V0IHRoZSBmbG9hdGluZyBwb2ludCB1bml0IHRvIDMyXHBhcg0KPiBiaXQgYWNj
dXJhY3ksIGFuZCBsZWZ0IGl0IHRoZXJlLlxwYXINClxwYXINCndobyBpcyB0byBibGFtZSBmb3Ig
dGhhdD9ccGFyDQpccGFyDQouTkVUIHJ1bnRpbWU/XHBhcg0KRGlyZWN0WCBydW50aW1lP1xwYXIN
CkNQIHJ1bnRpbWU/XHBhcg0KdGhlIGRlc2lnbihlcnMpIG9mIHRoZSBGUFU/XHBhcg0KXHBhcg0K
PiB0byBzZXQgdGhlIGZsb2F0aW5nIHBvaW50IGNvbnRyb2wgcmVnaXN0ZXIgZXhwbGljaXRseSwg
YW5kIHdlIHNob3VsZFxwYXINCj4gY2FsbCB0aGlzIGluIG91ciBzb3VyY2UgY29kZSBiZWZvcmUg
ZWFjaCBhbmQgZXZlcnkgZmxvYXRpbmcgcG9pbnRccGFyDQo+IG9wZXJhdGlvbj9ccGFyDQpccGFy
DQp3aGF0IGhhcHBlbnMgaWYgY29udGV4dCBzd2l0Y2hlcyBvY2N1cj9ccGFyDQpccGFyDQpCZXJu
aGFyZFxwYXINClxwYXINCi0tLS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0gXHBhcg0KRnJvbTog
IkNhbXBiZWxsLCBSb2JlcnQgKFNFTEVYIEdBTElMRU8sIFVLKSIgXHBhcg0KPHJvYmVydC5kLmNh
bXBiZWxsQFNFTEVYR0FMSUxFTy5DT00+XHBhcg0KVG86IDxCTEFDS0JPWEBMSVNUUy5PQkVST04u
Q0g+XHBhcg0KU2VudDogVGh1cnNkYXksIFNlcHRlbWJlciAyNCwgMjAwOSAxMDo0MyBBTVxwYXIN
ClN1YmplY3Q6IFJlOiBbQkxBQ0tCT1hdIFNlY3VyZSBTb2Z0d2FyZSAtIERlcGVuZGFibGUgU29m
dHdhcmVccGFyDQpccGFyDQpccGFyDQo+PiBPbiBUdWUsIDIyIFNlcCAyMDA5LCBDaHJpcyBCdXJy
b3dzIHdyb3RlOlxwYXINCj4+XHBhcg0KPj4gRGF2aWQgSmFja3NvbiBvZiBNSVQgaGFzIHdyaXR0
ZW4gYW4gaW50ZXJlc3RpbmcgYXJ0aWNsZVxwYXINCj4+IHRpdGxlZCAiQSBEaXJlY3RccGFyDQo+
PiBQYXRoIHRvIERlcGVuZGFibGUgU29mdHdhcmUiLiBJbiBwYXJ0IGhlIHNheXMgLi4uXHBhcg0K
XHBhcg0KPj4gWW91IGNhbiBkb3dubG9hZCB0aGUgY29tcGxldGUgYXJ0aWNsZSBmcm9tOlxwYXIN
ClxwYXINCj4+IGh0dHA6Ly9zZGcuY3NhaWwubWl0LmVkdS9wdWJzLzIwMDgvY2FjbS0wOC5wZGZc
cGFyDQpccGFyDQpccGFyDQpBbiBpbnRlcmVzdGluZyBhcnRpY2xlIC4uLlxwYXINClxwYXINClNv
bWUgeWVhcnMgYWdvIEkgd3JvdGUgYSBmYWlybHkgZXh0ZW5zaXZlIHBpZWNlIG9mIGNvZGUgdG8g
c29sdmUgYVxwYXINCmRpZmZpY3VsdFxwYXINCm1hdGhlbWF0aWNhbCBwcm9ibGVtIGluIENQIC8g
QmxhY2tCb3guIFNvbWUgdGltZSBsYXRlciBhIGNvbGxlYWd1ZSAod2hvXHBhcg0KdXNlcyBDIyAv
IC5ORVQpXHBhcg0KaGFkIHRoZSBzYW1lIHByb2JsZW0sIGFuZCBzbyB3YW50ZWQgYWNjZXNzIHRv
IG15IHNvbHV0aW9uLiBJIGNvbXBpbGVkXHBhcg0KdGhlIGNvZGUgaW50byBhIC5ORVRccGFyDQpk
bGwgdXNpbmcgdGhlIEdhcmRlbnMgUG9pbnQgQ1AgY29tcGlsZXIsIGhlIGxpbmtlZCBpdCBpbnRv
IGhpcyBDIywgYW5kXHBhcg0KYWxsIHNlZW1lZCB3ZWxsIC0gYVxwYXINCnN1Y2Nlc3MhLlxwYXIN
ClxwYXINCkEgeWVhciBvciBzbyBsYXRlciBzb21lIGluYWNjdXJhY2llcyB3ZXJlIG5vdGljZWQs
IHRoZW4gdGhlIENQIG1vZHVsZVxwYXINCmJlZ2FuIHRvICdoYW5nJyBpblxwYXINCmluZmluaXRl
IGxvb3BzLiBUaGlzIHdhcyBhIGJpZyBwcm9ibGVtLCBjYXVzZWQgYSBsb3Qgb2YgYW5ndWlzaCwg
YW5kXHBhcg0KZ2F2ZSBDUCBhIGJhZCBuYW1lIGxvY2FsbHkuXHBhcg0KXHBhcg0KVWx0aW1hdGVs
eSB3ZSB0cmFjZWQgdGhlIGltbWVkaWF0ZSBjYXVzZSB0byB0aGUgYXNzdW1wdGlvbiBtYWRlIGlu
IHRoZVxwYXINCkNQIGNvZGUgdGhhdCB0aGUgZmxvYXRpbmdccGFyDQpwb2ludCB1bml0IHdhcyB3
b3JraW5nIGluIDY0IG9yIDgwIGJpdHMgYWNjdXJhY3kuIEluIGZhY3QgdGhlIEMjXHBhcg0KYXBw
bGljYXRpb24gaGFkIGdyb3duIGEgM0QgZ3JhcGhpY3NccGFyDQpjYXBhYmlsaXR5IHRoYXQgdXNl
ZCBEaXJlY3RYLCB3aGljaCBzZXQgdGhlIGZsb2F0aW5nIHBvaW50IHVuaXQgdG8gMzJccGFyDQpi
aXQgYWNjdXJhY3ksIGFuZCBsZWZ0IGl0IHRoZXJlLlxwYXINClxwYXINClJlc3VsdCAtIGEgbm9u
LSgqZGVwZW5kYWJsZSopIHByb2dyYW1tZS5ccGFyDQpccGFyDQpccGFyDQpEbyB3ZSBqdXN0IGFj
Y2VwdCB0aGlzPyAtIG9yIHNob3VsZCB0aGVyZSBiZSBhIHNvbHV0aW9uPyBNYXliZSB0aGUgQ1Bc
cGFyDQooKmxhbmd1YWdlKikgbmVlZHMgYSBjb21tYW5kXHBhcg0KdG8gc2V0IHRoZSBmbG9hdGlu
ZyBwb2ludCBjb250cm9sIHJlZ2lzdGVyIGV4cGxpY2l0bHksIGFuZCB3ZSBzaG91bGRccGFyDQpj
YWxsIHRoaXMgaW4gb3VyIHNvdXJjZSBjb2RlXHBhcg0KYmVmb3JlIGVhY2ggYW5kIGV2ZXJ5IGZs
b2F0aW5nIHBvaW50IG9wZXJhdGlvbj9ccGFyDQpccGFyDQpJIHdvdWxkIHByZWZlciBhIG1vcmUg
ZWxlZ2FudCBhbmQgZWZmaWNpZW50IHNvbHV0aW9uLlxwYXINClxwYXINClxwYXINCk1heWJlIHNv
bWUgKCptaXN0YWtlKikgd2FzIG1hZGUgaW4gdGhlIHdheSB0aGUgQyMgYXBwbGljYXRpb24gd2Fz
IGNvZGVkXHBhcg0KKEkgaG9uZXN0bHkgZG9uJ3RccGFyDQprbm93IHdob3NlICdmYXVsdCcsIGlm
IGluZGVlZCBpdCB3YXMgYSBmYXVsdCwgdGhpcyBwcm9ibGVtIHdhcykuIEJ1dFxwYXINCnRoYXQg
ZmFjdCB0aGF0IHN1Y2ggYVxwYXINCmZhdWx0IGNhbiBvY2N1ciB3aXRob3V0IG9idmlvdXMgcHJv
bXB0aW5nIHNlZW1zIHRvIG1lIHRvIGJlIGFccGFyDQpkZXBlbmRhYmlsaXR5IGlzc3VlIHZlcnkg
c2ltaWxhclxwYXINCnRvIGEgbWVtb3J5IGxlYWsgb3IgYW4gb3V0LW9mLWJvdW5kcyBhcnJheSBh
Y2Nlc3M7IHRoaW5ncyB0aGF0IGFccGFyDQpkZXBlbmRhYmxlIGxhbmd1YWdlIHdvdWxkXHBhcg0K
c2ltcGx5IGVsaW1pbmF0ZS5ccGFyDQpccGFyDQpccGFyDQpSZWdhcmRzXHBhcg0KXHBhcg0KUm9i
ZXJ0XHBhcg0KU0VMRVggU2Vuc29ycyBhbmQgQWlyYm9ybmUgU3lzdGVtcyBMaW1pdGVkXHBhcg0K
UmVnaXN0ZXJlZCBPZmZpY2U6IFNpZ21hIEhvdXNlLCBDaHJpc3RvcGhlciBNYXJ0aW4gUm9hZCwg
QmFzaWxkb24sIEVzc2V4IFxwYXINClNTMTQgM0VMXHBhcg0KQSBjb21wYW55IHJlZ2lzdGVyZWQg
aW4gRW5nbGFuZCAmIFdhbGVzLiAgQ29tcGFueSBuby4gMDI0MjYxMzJccGFyDQoqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KlxwYXINClRoaXMgZW1haWwgYW5kIGFueSBhdHRhY2htZW50cyBhcmUgY29uZmlkZW50aWFsIHRv
IHRoZSBpbnRlbmRlZFxwYXINCnJlY2lwaWVudCBhbmQgbWF5IGFsc28gYmUgcHJpdmlsZWdlZC4g
SWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkXHBhcg0KcmVjaXBpZW50IHBsZWFzZSBkZWxldGUg
aXQgZnJvbSB5b3VyIHN5c3RlbSBhbmQgbm90aWZ5IHRoZSBzZW5kZXIuXHBhcg0KWW91IHNob3Vs
ZCBub3QgY29weSBpdCBvciB1c2UgaXQgZm9yIGFueSBwdXJwb3NlIG5vciBkaXNjbG9zZSBvclxw
YXINCmRpc3RyaWJ1dGUgaXRzIGNvbnRlbnRzIHRvIGFueSBvdGhlciBwZXJzb24uXHBhcg0KKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKipccGFyDQpccGFyDQpccGFyDQotLS0tXHBhcg0KVG8gdW5zdWJzY3JpYmUsIHNlbmQg
YSBtZXNzYWdlIHdpdGggYm9keSAiU0lHTk9GRiBCTEFDS0JPWCIgdG8gXHBhcg0KTElTVFNFUlZA
TElTVFMuT0JFUk9OLkNIIFxwYXINClxwYXINClxwYXINCi0tLS1ccGFyDQpUbyB1bnN1YnNjcmli
ZSwgc2VuZCBhIG1lc3NhZ2Ugd2l0aCBib2R5ICJTSUdOT0ZGIEJMQUNLQk9YIiB0byBMSVNUU0VS
VkBMSVNUUy5PQkVST04uQ0hccGFyDQp9
----boundary-LibPST-iamunique-682396282_-_---

Received on Sat Sep 26 2009 - 11:34:47 UTC

This archive was generated by hypermail 2.3.0 : Thu Sep 26 2013 - 06:30:41 UTC