Information Technology Reference
In-Depth Information
government support two completely different implementations of the National Crime
Information Center? These alternatives seem unrealistic. On the other hand, redundancy
seems much more feasible when we look at data entry and data retrieval operations.
Two different data entry operators could input records into databases, and the computer
could check to make sure the records agreed. This would reduce the chance of bad
data being entered into databases in the first place. Two different people could look
at the results returned from a computer query, using their own common sense and
understanding to see if the output makes sense. A paper audit trail is a practical way
to add redundancy to an electronic voting machine.
While it may be infeasible to provide redundant software systems, safety-critical
systems should never rely completely upon a single piece of software. The Therac-25
overdoses occurred because the system lacked the hardware interlocks of the earlier
models.
The stories of computer system failures contain other valuable lessons. The Ariane
5 and Therac-25 failures show that it can be dangerous to reuse code. Assumptions that
were valid when the code was originally written may no longer be true when the code is
reused. Since some of these assumptions may not be documented, the new design team
may not have the opportunity to check if these assumptions still hold true in the new
system.
The automated baggage system at the Denver International Airport demonstrates
the difficulty of debugging a complex system. Tackling one problem at a time, solving it,
and moving on to the next problem proved to be a poor approach, because the overall
system design had serious flaws. For example, BAE did not even realize that simply
getting luggage carts to where they were needed in a fair manner was an incredibly
difficult problem. Even if BAE had solved all the low-level technical problems, this high-
level problem would have prevented the system from meeting its performance goals
during the busiest times.
Finally, systems can fail because of miscommunications among people. The Mars
Climate Orbiter is an example of this kind of failure. The software written by the team
in Colorado used English units, while the software written by the team in California used
metric units. The output of one program was incompatible with the input to the other
program, but a poorly specified interface allowed this error to remain undetected until
after the spacecraft was destroyed.
Computer simulations are used to perform numerical experiments that lead to
new scientific discoveries and help engineers create better products. For this reason,
it is important that simulations provide reliable results. Simulations are validated by
comparing predicted results with reality. If a simulation is designed to predict future
events, it can be validated by giving it data about the past and asking it to predict the
present. Finally, simulations are validated when their results are believed by domain
experts and policymakers.
The discipline of software engineering emerged from a growing realization of a
“software crisis.” While small programs can be written in an ad hoc manner, large
programs must be carefully constructed if they are to be reliable. Software engineering is
the application of engineering methodologies to the creation and evolution of software
