Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!mit-eddie!mintaka!oliveb!mipos3!omepd!inteloa!snidely
From: snidely@inteloa.intel.com (David P. Schneider)
Newsgroups: comp.software-eng
Subject: Re: Information on current state of software safety desired
Message-ID: <5075@omepd.UUCP>
Date: 18 Oct 89 13:52:53 GMT
References: <1321@cs.rit.edu> <195@cherry5.UUCP> <1989Oct4.055359.15145@paris.ics.uci.edu> <10901@riks.csl.sony.co.jp> <1989Oct12.184705.11620@paris.ics.uci.edu> <13097@orstcs.CS.ORST.EDU>
Sender: news@omepd.UUCP
Reply-To: snidely@inteloa.UUCP (David P. Schneider)
Organization: BiiN(tm) Corp, Hillsboro, Oregon  97124-5961
Lines: 41

In article <13097@orstcs.CS.ORST.EDU>,
Ritchey Ruff (ruffwork@CS.ORST.EDU) writes:
>So, what's the point?  I think that one has to try to stick to
>"appropriate technology" (32 bit, 1Meg computers to control a simple
>car motor is what I'd call "inappropriate").  Mechanical systems are much
>better understood and often are much easier to analyze w.r.t. error
>and failure modes---if a simple mechanical system does the job, why
>use a complex electronic system? (money...)  

I'm a bit suspicious of this comment.  First, application of microcontroll-
ers  and  computers  is  often because the *simple* mechanical system is no
longer adequate, and the required *complex* mechanical upgrade is harder to
do than the electronic upgrade.

Car motors are a case in point.   19th century technology was sufficient to
provide mechanical governors and other control techniques that are adequate
for vehicles travelling at low speeds.  25-40 mph is still within the range
where  human oversight of low-level details is acceptable.  Engine require-
ments have become more demanding since then.  Most recently, the quest  for
pollution  reduction  while retaining performance.  Mechanical systems have
been discarded because of the difficulty in designing  and  build  them  to
meet these requirements.

As an anecdote against mechanical systems, consider this.  My father worked
for a VW/Porsche dealership in the late 60's.  The joke around the shop was
that the  mechanics had to be paid so much because it cost them so much mo-
ney  to keep their Porsches in tune.  The mechanical fuel injection used on
911s, just at the time that VW Type IIIs (square  backs)  were  introducing
analog  electronic  fuel  injection, supposedly went out of tune every time
you ran the car past 60 mph.

Also, there has been discussion in the RISKS forum that mechanical  systems
may  not  be  easier to analyze; they just have better known rules of thumb
("make your best calculation, and multiply by 2").  These  rules  of  thumb
allow  the engineers to work around problems in the analysis.  Software en-
gineers are just developing their rules of thumb, so of course they  aren't
widely followed or tested.

                                                David P. Schneider
                                                     BiiN (tm)
                                                 Wednesday, 10.18