ARMS-D-Request@MIT-MC.ARPA (Moderator) (01/11/86)
Arms-Discussion Digest Friday, January 10, 1986 8:06PM
Volume 6, Issue 17.2
Today's Topics:
See 17.1
----------------------------------------------------------------------
Date: Thu 9 Jan 86 21:26:59-PST
From: Jim McGrath <J.JPM@Epic>
Subject: Re: SDI Testing
Reply-to: mcgrath%mit-oz@mit-mc.arpa
Herb Lin just replied in Arms-d to a message I send to him and the
Risks mailing list. Unfortunately, it was not sent to the Arms-d
mailing list. Thus people got a chance to read a reply before seeing
the original (which is in a follow up message).
Apologies to those of you who are trying to follow this discussion.
Jim
------------------------------
Date: Thu 9 Jan 86 21:28:23-PST
From: Jim McGrath <J.JPM@Epic>
Subject: Re: SDI Testing
Reply-to: mcgrath%mit-oz@mit-mc.arpa
From: Jim McGrath <J.JPM at LOTS-A>
Thus I would expect that a "realistic" (i.e. to a certain
acceptable degree of reliability) testing of the Aegis carrier
defense system to be as hard as testing SDI, even though the
later is perhaps an order of magnitude smaller than the
former.
Did you flip these? SDI only 1/10 the size of AEGIS? AEGIS is 1
M lines; SDI at 100K ?? As the man says, no way.
Yes I did flip them - although that does not change the implied
meaning of the sentence (i.e. SDI is larger than Aegis, but the
systems are of comparable testing complexity).
Also, you better not use AEGIS as your model of reliability. Its
record in its first operational tests wasn't very good.
You are the second person to infer (incorrectly) that I was stating
that Aegis was reliable. I never stated that Aegis was reliable. I
was only comparing the relative difficulty of realistic testing
between the two. Actually, If I had to lay down a bet this minute it
would be that Aegis is not very reliable (by whatever reasonable
definition of reliable we adopt).
Although I thought the logic of my message was clear, I'll restate it
in non-conversational tones:
1. are other systems of complexity similar to SDI? NOT software of
complexity similar to SDI, but systems (which includes hardware,
human actors, and general environmental interaction), since it is
only realistic to talk about testing systems, not software in
isolation.
2. If you answer yes to 1 (and for a first cut I proposed the Aegis
system - software, hardware, human operators, and environmental
influences) then are these systems reliable? (That is, can they
be proved or tested to the desired degree of reliability?)
3 If you answer yes to 2, then use the same procedures for SDI.
Provided that the standards of reliability are not required to be
drastically different, SDI is feasible.
4 If you answer no to 2, and if the required reliability of these
other systems is similar to that of SDI, then use the same procedures
you used for them on SDI. The result is an untestable system,
but you are already living with untestable system from which you require
the same degree of reliability. So why worry?
5. If you answered no to question 1, or hold SDI to a substantially
higher degree of reliability than existing systems, then the logic
fails. The problem I have with this debate is that the anti-SDI
people are not addressing either of these two points adequately.
On the former, people have been concentrating on size of code for
SDI. Ignoring whether an increase in an order of magnitude is a
barrier for a program planned a decade ahead, this ignores the
system complexity issue. All you can say is that the software
complexity is high. If the hardware complexity is low, and the
environment more predictable, these trends may negate one another.
On the latter point, I have not seen good reasons to require higher
reliability.
Both points may be resolvable in favor of the anti-SDI people. But
until they are, I have to adopt a neutral position (bet you thought
I was pro-SDI. Only in contrast to those who have been responding
to my messages).
Jim
------------------------------
Date: Thu 9 Jan 86 22:15:44-PST
From: Jim McGrath <J.JPM@Epic>
Subject: Aegis reliability
Reply-to: mcgrath%mit-oz@mit-mc.arpa
From: Herb Lin <LIN@MC.LCS.MIT.EDU>
Also, you better not use AEGIS as your model of
reliability. Its record in its first operational tests
wasn't very good.
From: Jim McGrath <Mcgrath%mit-oz@mit-mc.arpa>
You are the second person to infer (incorrectly) that I was
stating that Aegis was reliable. I never stated that Aegis
was reliable. I was only comparing the relative difficulty of
realistic testing between the two.
...If you think that realistic testing on AEGIS was done, then I
think you're wrong. Relative difficulty, you say? If SDI will be
as testable as AEGIS, we're in trouble.
Herb, you left out the sentence that immediately followed the passage
from me that you quoted: "Actually, If I had to lay down a bet this
minute it would be that Aegis is not very reliable (by whatever
reasonable definition of reliable we adopt)." From that you could
have inferred (correctly) that, although I had little information, I
doubted that Aegis was realistically tested (thanks by the way for the
test data).
Jim
------------------------------
End of Arms-Discussion Digest
*****************************