Re: Certifiable code

From: David Weintraub <david_at_weintraubworld_dot_net>
Date: Tue Aug 31 2004 - 21:41:19 CDT

I'm not trying to be funny here, but I think we should use the video
gaming industry as an example how electronic devices can be produced,
yet be considered to be ...er... "fair". By fair, I mean that there
doesn't exist some secret code to make a particular player a winner
because they know the special order to press the buttons. The machines
are considered "fair" because the odds stated on the machines are the
true odds. The machines have also been produced to prevent someone from
accidently throwing away a jackpot by accidently playing another round.

The gambling... I mean "gaming" industry wouldn't exist if people felt
that the video gaming machines were cheating. The various gambling
commissions in each state have strict testing procedures that each
machine must pass. Code is not allowed to be changed in these machines
without a complete regression test. Why states are more strict with a
video poker terminal than an electronic voting terminal is a good
question. But, it does provide us an example of producing electronic
devices that are generally considered to be solidly designed and
implemented.

On Aug 31, 2004, at 4:09 PM, Karl Auerbach wrote:

>
> We must soon squarely face the question "How does one write code and
> build systems that can pass certification?"
>
> There are certain aspects that I think are given by the nature of the
> audience or customers for this certification.
>
> These pre-ordained aspects are things like use of a process similar to
> that defined by ISO 9000x. (Not that I believe that these processes
> are necessarily good and I don't think we ought to argue about that,
> but rather it is my feeling that these are necessary in the eyes of
> the customer.)
>
> And I don't think that the certification target should be merely to
> pass the lowest of the low. Rather I believe that it should be done
> in a way that reflects the kind of practices we would like to see in
> other social-infrastructure software.
>
> So my questions of the moment are these:
>
> 1. What programming language? (This is not a monolithic question;
> different parts of the system could be written in different
> languages.)
>
> A) Can one certify code written in Python? What restrictions on
> use of Python are required. (Python is a highly mutable language
> that gives the programmer a great deal of control of the
> underlying
> machinery, which can result in very obscure code and far flung
> side
> effects. I don't think that Python code that did such things
> could,
> or ought to, pass a certification test.)
>
> B) What other languages? (Java? C++...) And if so, what
> restrictions
> on use?
>
> 2. What coding and comment standards should be applied?
>
> A) Should there be a full set of entry/exit assertions?
>
> B) Should there be standard per-module/per-procedure comment blocks.
>
> C) How much should variable/procedure/object names be semantically
> descriptive. (My own code, for example, often contains objects
> that have high descriptive names of 30 or more characters. That
> may be an extreme case, but is it something that we need to do
> for
> certification?)
>
> C) How should debugging/testing scaffold code be handled (and
> retained.)
>
> etc.
>
> etc
>
> This can become a very long topic, including other questions about
> code versioning, testing, regression testing (including maintanence of
> test logs), etc.
>
> --karl--
>
>

=======================================
Well, I've wrestled with reality for 35 years, doctor,
and I'm happy to state I finally won out over it."
-- Elwood P. Dowd
=======================================

David Weintraub
david@weintraubworld.net
david@weintraub.name
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue Aug 31 23:17:22 2004

This archive was generated by hypermail 2.1.8 : Tue Aug 31 2004 - 23:17:23 CDT