Re: [BLACKBOX] Secure Software - Dependable Software from Campbell, Robert (SELEX GALILEO, UK) on 2009-09-24 (BB-FullArchive.mbox)

From: Campbell, Robert (SELEX GALILEO, UK) <robert.d.campbell{([at]})nowhere.xy>
Date: Thu, 24 Sep 2009 09:43:28 +0100

----boundary-LibPST-iamunique-86821822_-_-
Content-type: text/plain

>> On Tue, 22 Sep 2009, Chris Burrows wrote:
>>
>> David Jackson of MIT has written an interesting article
>> titled "A Direct
>> Path to Dependable Software". In part he says ...

>> You can download the complete article from:

>> http://sdg.csail.mit.edu/pubs/2008/cacm-08.pdf

An interesting article ...

Some years ago I wrote a fairly extensive piece of code to solve a
difficult
mathematical problem in CP / BlackBox. Some time later a colleague (who
uses C# / .NET)
had the same problem, and so wanted access to my solution. I compiled
the code into a .NET
dll using the Gardens Point CP compiler, he linked it into his C#, and
all seemed well - a
success!.

A year or so later some inaccuracies were noticed, then the CP module
began to 'hang' in
infinite loops. This was a big problem, caused a lot of anguish, and
gave CP a bad name locally.

Ultimately we traced the immediate cause to the assumption made in the
CP code that the floating
point unit was working in 64 or 80 bits accuracy. In fact the C#
application had grown a 3D graphics
capability that used DirectX, which set the floating point unit to 32
bit accuracy, and left it there.

Result - a non-(*dependable*) programme.

Do we just accept this? - or should there be a solution? Maybe the CP
(*language*) needs a command
to set the floating point control register explicitly, and we should
call this in our source code
before each and every floating point operation?

I would prefer a more elegant and efficient solution.

Maybe some (*mistake*) was made in the way the C# application was coded
(I honestly don't
know whose 'fault', if indeed it was a fault, this problem was). But
that fact that such a
fault can occur without obvious prompting seems to me to be a
dependability issue very similar
to a memory leak or an out-of-bounds array access; things that a
dependable language would
simply eliminate.

Regards

Robert
SELEX Sensors and Airborne Systems Limited
Registered Office: Sigma House, Christopher Martin Road, Basildon, Essex SS14 3EL
A company registered in England & Wales. Company no. 02426132
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************

----
To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy----boundary-LibPST-iamunique-86821822_-_-
Content-type: application/rtf
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="rtf-body.rtf"
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZnJvbXRleHQgXGRlZmYwe1xmb250dGJsDQp7XGYwXGZz
d2lzcyBBcmlhbDt9DQp7XGYxXGZtb2Rlcm4gQ291cmllciBOZXc7fQ0Ke1xmMlxmbmlsXGZjaGFy
c2V0MiBTeW1ib2w7fQ0Ke1xmM1xmbW9kZXJuXGZjaGFyc2V0MCBDb3VyaWVyIE5ldzt9fQ0Ke1xj
b2xvcnRibFxyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTt9DQpcdWMxXHBh
cmRccGxhaW5cZGVmdGFiMzYwIFxmMFxmczIwID4+IE9uIFR1ZSwgMjIgU2VwIDIwMDksIENocmlz
IEJ1cnJvd3Mgd3JvdGU6XHBhcg0KPj4gXHBhcg0KPj4gRGF2aWQgSmFja3NvbiBvZiBNSVQgaGFz
IHdyaXR0ZW4gYW4gaW50ZXJlc3RpbmcgYXJ0aWNsZSBccGFyDQo+PiB0aXRsZWQgIkEgRGlyZWN0
XHBhcg0KPj4gUGF0aCB0byBEZXBlbmRhYmxlIFNvZnR3YXJlIi4gSW4gcGFydCBoZSBzYXlzIC4u
LlxwYXINClxwYXINCj4+IFlvdSBjYW4gZG93bmxvYWQgdGhlIGNvbXBsZXRlIGFydGljbGUgZnJv
bTpccGFyDQpccGFyDQo+PiBodHRwOi8vc2RnLmNzYWlsLm1pdC5lZHUvcHVicy8yMDA4L2NhY20t
MDgucGRmXHBhcg0KXHBhcg0KXHBhcg0KQW4gaW50ZXJlc3RpbmcgYXJ0aWNsZSAuLi5ccGFyDQpc
cGFyDQpTb21lIHllYXJzIGFnbyBJIHdyb3RlIGEgZmFpcmx5IGV4dGVuc2l2ZSBwaWVjZSBvZiBj
b2RlIHRvIHNvbHZlIGFccGFyDQpkaWZmaWN1bHRccGFyDQptYXRoZW1hdGljYWwgcHJvYmxlbSBp
biBDUCAvIEJsYWNrQm94LiBTb21lIHRpbWUgbGF0ZXIgYSBjb2xsZWFndWUgKHdob1xwYXINCnVz
ZXMgQyMgLyAuTkVUKVxwYXINCmhhZCB0aGUgc2FtZSBwcm9ibGVtLCBhbmQgc28gd2FudGVkIGFj
Y2VzcyB0byBteSBzb2x1dGlvbi4gSSBjb21waWxlZFxwYXINCnRoZSBjb2RlIGludG8gYSAuTkVU
XHBhcg0KZGxsIHVzaW5nIHRoZSBHYXJkZW5zIFBvaW50IENQIGNvbXBpbGVyLCBoZSBsaW5rZWQg
aXQgaW50byBoaXMgQyMsIGFuZFxwYXINCmFsbCBzZWVtZWQgd2VsbCAtIGFccGFyDQpzdWNjZXNz
IS5ccGFyDQpccGFyDQpBIHllYXIgb3Igc28gbGF0ZXIgc29tZSBpbmFjY3VyYWNpZXMgd2VyZSBu
b3RpY2VkLCB0aGVuIHRoZSBDUCBtb2R1bGVccGFyDQpiZWdhbiB0byAnaGFuZycgaW5ccGFyDQpp
bmZpbml0ZSBsb29wcy4gVGhpcyB3YXMgYSBiaWcgcHJvYmxlbSwgY2F1c2VkIGEgbG90IG9mIGFu
Z3Vpc2gsIGFuZFxwYXINCmdhdmUgQ1AgYSBiYWQgbmFtZSBsb2NhbGx5LlxwYXINClxwYXINClVs
dGltYXRlbHkgd2UgdHJhY2VkIHRoZSBpbW1lZGlhdGUgY2F1c2UgdG8gdGhlIGFzc3VtcHRpb24g
bWFkZSBpbiB0aGVccGFyDQpDUCBjb2RlIHRoYXQgdGhlIGZsb2F0aW5nXHBhcg0KcG9pbnQgdW5p
dCB3YXMgd29ya2luZyBpbiA2NCBvciA4MCBiaXRzIGFjY3VyYWN5LiBJbiBmYWN0IHRoZSBDI1xw
YXINCmFwcGxpY2F0aW9uIGhhZCBncm93biBhIDNEIGdyYXBoaWNzXHBhcg0KY2FwYWJpbGl0eSB0
aGF0IHVzZWQgRGlyZWN0WCwgd2hpY2ggc2V0IHRoZSBmbG9hdGluZyBwb2ludCB1bml0IHRvIDMy
XHBhcg0KYml0IGFjY3VyYWN5LCBhbmQgbGVmdCBpdCB0aGVyZS5ccGFyDQpccGFyDQpSZXN1bHQg
LSBhIG5vbi0oKmRlcGVuZGFibGUqKSBwcm9ncmFtbWUuXHBhcg0KXHBhcg0KXHBhcg0KRG8gd2Ug
anVzdCBhY2NlcHQgdGhpcz8gLSBvciBzaG91bGQgdGhlcmUgYmUgYSBzb2x1dGlvbj8gTWF5YmUg
dGhlIENQXHBhcg0KKCpsYW5ndWFnZSopIG5lZWRzIGEgY29tbWFuZFxwYXINCnRvIHNldCB0aGUg
ZmxvYXRpbmcgcG9pbnQgY29udHJvbCByZWdpc3RlciBleHBsaWNpdGx5LCBhbmQgd2Ugc2hvdWxk
XHBhcg0KY2FsbCB0aGlzIGluIG91ciBzb3VyY2UgY29kZVxwYXINCmJlZm9yZSBlYWNoIGFuZCBl
dmVyeSBmbG9hdGluZyBwb2ludCBvcGVyYXRpb24/XHBhcg0KXHBhcg0KSSB3b3VsZCBwcmVmZXIg
YSBtb3JlIGVsZWdhbnQgYW5kIGVmZmljaWVudCBzb2x1dGlvbi5ccGFyDQpccGFyDQpccGFyDQpN
YXliZSBzb21lICgqbWlzdGFrZSopIHdhcyBtYWRlIGluIHRoZSB3YXkgdGhlIEMjIGFwcGxpY2F0
aW9uIHdhcyBjb2RlZFxwYXINCihJIGhvbmVzdGx5IGRvbid0XHBhcg0Ka25vdyB3aG9zZSAnZmF1
bHQnLCBpZiBpbmRlZWQgaXQgd2FzIGEgZmF1bHQsIHRoaXMgcHJvYmxlbSB3YXMpLiBCdXRccGFy
DQp0aGF0IGZhY3QgdGhhdCBzdWNoIGFccGFyDQpmYXVsdCBjYW4gb2NjdXIgd2l0aG91dCBvYnZp
b3VzIHByb21wdGluZyBzZWVtcyB0byBtZSB0byBiZSBhXHBhcg0KZGVwZW5kYWJpbGl0eSBpc3N1
ZSB2ZXJ5IHNpbWlsYXJccGFyDQp0byBhIG1lbW9yeSBsZWFrIG9yIGFuIG91dC1vZi1ib3VuZHMg
YXJyYXkgYWNjZXNzOyB0aGluZ3MgdGhhdCBhXHBhcg0KZGVwZW5kYWJsZSBsYW5ndWFnZSB3b3Vs
ZFxwYXINCnNpbXBseSBlbGltaW5hdGUuXHBhcg0KXHBhcg0KXHBhcg0KUmVnYXJkc1xwYXINClxw
YXINClJvYmVydFxwYXINClNFTEVYIFNlbnNvcnMgYW5kIEFpcmJvcm5lIFN5c3RlbXMgTGltaXRl
ZFxwYXINClJlZ2lzdGVyZWQgT2ZmaWNlOiBTaWdtYSBIb3VzZSwgQ2hyaXN0b3BoZXIgTWFydGlu
IFJvYWQsIEJhc2lsZG9uLCBFc3NleCBTUzE0IDNFTFxwYXINCkEgY29tcGFueSByZWdpc3RlcmVk
IGluIEVuZ2xhbmQgJiBXYWxlcy4gIENvbXBhbnkgbm8uIDAyNDI2MTMyXHBhcg0KKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KipccGFyDQpUaGlzIGVtYWlsIGFuZCBhbnkgYXR0YWNobWVudHMgYXJlIGNvbmZpZGVudGlhbCB0
byB0aGUgaW50ZW5kZWRccGFyDQpyZWNpcGllbnQgYW5kIG1heSBhbHNvIGJlIHByaXZpbGVnZWQu
IElmIHlvdSBhcmUgbm90IHRoZSBpbnRlbmRlZFxwYXINCnJlY2lwaWVudCBwbGVhc2UgZGVsZXRl
IGl0IGZyb20geW91ciBzeXN0ZW0gYW5kIG5vdGlmeSB0aGUgc2VuZGVyLlxwYXINCllvdSBzaG91
bGQgbm90IGNvcHkgaXQgb3IgdXNlIGl0IGZvciBhbnkgcHVycG9zZSBub3IgZGlzY2xvc2Ugb3Jc
cGFyDQpkaXN0cmlidXRlIGl0cyBjb250ZW50cyB0byBhbnkgb3RoZXIgcGVyc29uLlxwYXINCioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqXHBhcg0KXHBhcg0KXHBhcg0KLS0tLVxwYXINClRvIHVuc3Vic2NyaWJlLCBzZW5k
IGEgbWVzc2FnZSB3aXRoIGJvZHkgIlNJR05PRkYgQkxBQ0tCT1giIHRvIExJU1RTRVJWQExJU1RT
Lk9CRVJPTi5DSH19AAAAMAw
----boundary-LibPST-iamunique-86821822_-_---

Received on Thu Sep 24 2009 - 10:43:28 UTC

This archive was generated by hypermail 2.3.0 : Thu Sep 26 2013 - 06:30:41 UTC