Re: N-version software compared to others

From: (Peter Hamer)
Organization: BNR Europe Ltd, London Road, Harlow, England.
Date:         07 Jul 96 14:15:59 
References:   1 2 3
Followups:    1 2
Next article
View raw article
  or MIME structure

To pick up one point in a long and interesting posting.

In article <airliners.1996.1022@ohare.Chicago.COM> Tom Speer <> writes:
>Charles Radley wrote:
>> ...It is less effective than some techniques, more effective than
>> others.  It can be accomplished  more easily than Formal Methods, but
>> is probably less effective....
>I looked into the pro's and con's of N-version programming, and ran
>accross some interesting studies.
>The reason for this striking finding is that all versions were coded
>from common requirements (naturally).  Where the requirements
>specification is ambiguous or hard to understand, it's difficult for
>everyone.  Plus, programmers tend to have similar backgrounds, and so if
>one person has misconceptions, then many people can share the same.  So
>people tend to make many of the same mistakes.
>So, if you have to convince a certification authority that there is no
>possiblilty of a software fault, then formal methods are your only hope.
>You can't rule it out with N-version programming.

If the weak-link in N-version programming is the fact that the requirement
is ambiguous and difficult to understand, surely the same holds true for
formal methods? The formalization of the requirements might be internally
water-tight, but its chances a of capturing the intentions of a large and
complex informal spec are questionable.

I'm not arguing against formal methods, just saying that a system
development path using them shares some of the failure mechanisms
of more traditional system development paths. Finding out what
the user needs [ie should have asked for] remains a hard problem.


PS Somewhat off topic, I remember a correction to a pilots handbook
   giving a new minimum-fuel flight path for landing. The new path
   had the advantage of remaining above ground-level at all times!
   Sometimes important details are difficult to fit into a chosen
   formalism or support in its reasoning mechanisms.