ARMS-D-Request@MIT-MC.ARPA (Moderator) (01/11/86)
Arms-Discussion Digest Friday, January 10, 1986 8:06PM Volume 6, Issue 17.2 Today's Topics: See 17.1 ---------------------------------------------------------------------- Date: Thu 9 Jan 86 21:26:59-PST From: Jim McGrath <J.JPM@Epic> Subject: Re: SDI Testing Reply-to: mcgrath%mit-oz@mit-mc.arpa Herb Lin just replied in Arms-d to a message I send to him and the Risks mailing list. Unfortunately, it was not sent to the Arms-d mailing list. Thus people got a chance to read a reply before seeing the original (which is in a follow up message). Apologies to those of you who are trying to follow this discussion. Jim ------------------------------ Date: Thu 9 Jan 86 21:28:23-PST From: Jim McGrath <J.JPM@Epic> Subject: Re: SDI Testing Reply-to: mcgrath%mit-oz@mit-mc.arpa From: Jim McGrath <J.JPM at LOTS-A> Thus I would expect that a "realistic" (i.e. to a certain acceptable degree of reliability) testing of the Aegis carrier defense system to be as hard as testing SDI, even though the later is perhaps an order of magnitude smaller than the former. Did you flip these? SDI only 1/10 the size of AEGIS? AEGIS is 1 M lines; SDI at 100K ?? As the man says, no way. Yes I did flip them - although that does not change the implied meaning of the sentence (i.e. SDI is larger than Aegis, but the systems are of comparable testing complexity). Also, you better not use AEGIS as your model of reliability. Its record in its first operational tests wasn't very good. You are the second person to infer (incorrectly) that I was stating that Aegis was reliable. I never stated that Aegis was reliable. I was only comparing the relative difficulty of realistic testing between the two. Actually, If I had to lay down a bet this minute it would be that Aegis is not very reliable (by whatever reasonable definition of reliable we adopt). Although I thought the logic of my message was clear, I'll restate it in non-conversational tones: 1. are other systems of complexity similar to SDI? NOT software of complexity similar to SDI, but systems (which includes hardware, human actors, and general environmental interaction), since it is only realistic to talk about testing systems, not software in isolation. 2. If you answer yes to 1 (and for a first cut I proposed the Aegis system - software, hardware, human operators, and environmental influences) then are these systems reliable? (That is, can they be proved or tested to the desired degree of reliability?) 3 If you answer yes to 2, then use the same procedures for SDI. Provided that the standards of reliability are not required to be drastically different, SDI is feasible. 4 If you answer no to 2, and if the required reliability of these other systems is similar to that of SDI, then use the same procedures you used for them on SDI. The result is an untestable system, but you are already living with untestable system from which you require the same degree of reliability. So why worry? 5. If you answered no to question 1, or hold SDI to a substantially higher degree of reliability than existing systems, then the logic fails. The problem I have with this debate is that the anti-SDI people are not addressing either of these two points adequately. On the former, people have been concentrating on size of code for SDI. Ignoring whether an increase in an order of magnitude is a barrier for a program planned a decade ahead, this ignores the system complexity issue. All you can say is that the software complexity is high. If the hardware complexity is low, and the environment more predictable, these trends may negate one another. On the latter point, I have not seen good reasons to require higher reliability. Both points may be resolvable in favor of the anti-SDI people. But until they are, I have to adopt a neutral position (bet you thought I was pro-SDI. Only in contrast to those who have been responding to my messages). Jim ------------------------------ Date: Thu 9 Jan 86 22:15:44-PST From: Jim McGrath <J.JPM@Epic> Subject: Aegis reliability Reply-to: mcgrath%mit-oz@mit-mc.arpa From: Herb Lin <LIN@MC.LCS.MIT.EDU> Also, you better not use AEGIS as your model of reliability. Its record in its first operational tests wasn't very good. From: Jim McGrath <Mcgrath%mit-oz@mit-mc.arpa> You are the second person to infer (incorrectly) that I was stating that Aegis was reliable. I never stated that Aegis was reliable. I was only comparing the relative difficulty of realistic testing between the two. ...If you think that realistic testing on AEGIS was done, then I think you're wrong. Relative difficulty, you say? If SDI will be as testable as AEGIS, we're in trouble. Herb, you left out the sentence that immediately followed the passage from me that you quoted: "Actually, If I had to lay down a bet this minute it would be that Aegis is not very reliable (by whatever reasonable definition of reliable we adopt)." From that you could have inferred (correctly) that, although I had little information, I doubted that Aegis was realistically tested (thanks by the way for the test data). Jim ------------------------------ End of Arms-Discussion Digest *****************************