NASA: on testing versus multiple implementations

happybeing · May 27, 2017, 3:26pm

Here’s an short piece from NASA on three approaches to designing high reliability systems:

testing
multiple independent implementations
formal methods

It concludes that formal methods are the only way to achieve very high reliability because 1) rigorous testing takes too long, and 2) multiple implementations tend not to work, and can never be show to work because testing to compare would take too long.

It says multiple implementations will give the illusion of extra reliability, but that data suggests otherwise. So for us testing is good :-).

https://shemesh.larc.nasa.gov/fm/fm-why.html

hunterlester · May 27, 2017, 10:59pm

Thank you for sharing this piece.

I’m so curious to learn more.

I found this paper on formal methods: Formal Methods

Does anyone have experience with applying formal methods? I’d like to see how it practically works.

The paper mentions that engineers need to be versed in type theory to properly apply formal methods. Sounds like Rust may be developed in this manner. I’m going to ask around…

Topic		Replies	Views
If you think porting to RUST is NOT important then you need to look at this Development	1	770	April 16, 2015
Fabulous post on MaidSafe blog about XOR Blog Posts	10	2380	December 6, 2018
Discussion of Genetic / Open Ended Algorithms on SAFE Apps genetic , openended , algorithm , optimisation	27	3883	December 12, 2019
Devhub Trending on Hacker News Press	35	2777	May 16, 2020
Discussion of a collaborative commons and data marketplace on SAFE Apps	9	1744	August 24, 2023

NASA: on testing versus multiple implementations

Related Topics