Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ganssle 1 MAPLD 2005/S110 Learning from Jack Ganssle Disaster.

Published byMyra Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "Ganssle 1 MAPLD 2005/S110 Learning from Jack Ganssle Disaster."— Presentation transcript:

1 Ganssle 1 MAPLD 2005/S110 Learning from Jack Ganssle Disaster

2 Ganssle 2 MAPLD 2005/S110 The Tacoma Narrows Bridge 4 months after opening, Nov 7, 1940

3 Ganssle 3 MAPLD 2005/S110 Forgotten Failures Montrose Bridge, Scotland 1838 Menai Strait Bridge, Wales, 1839 Basse-Chaine Bridge, 1850 Roche-Bernard Bridge, France, 1852 Wheeling Suspension Bridge, 1854 Dryburgh Abbey Bridge, Scotland, 1818 Niagara-Lewiston Bridge, 1864 Niagara-Clifton Bridge, 1889 Bronx-Whitestone, 1939 Deer Isle Bridge, 1939

4 Ganssle 4 MAPLD 2005/S110 Costs GeorgeGolden Bronx- Tacoma Washington Gate Whitestone Narrows Completed 1935 1937 1939 1940 Span 3500 ft 4200 ft 2300 ft 2800 ft Cost $59.5m $35m $19.7m $6.4m

5 Ganssle 5 MAPLD 2005/S110 Lessons Cheaper is often more expensive Management decisions do not repeal the laws of physics Not learning from the past means repeating the past – endlessly Codes are a powerful way to insure projects are done correctly

6 Ganssle 6 MAPLD 2005/S110 Clementine Lessons learned: Schedules can’t rule Tired people make mistakes Error handlers save systems Never sacrifice testing

7 Ganssle 7 MAPLD 2005/S110 NEAR Lessons Learned: Tired people make mistakes. Use the VCS Test everything! Engineers rock! We must learn from disaster

8 Ganssle 8 MAPLD 2005/S110 Mars Polar Lander/Deep Space 2 Lessons learned: Tired people make mistakes Test everything! Test like you fly; fly what you test

9 Ganssle 9 MAPLD 2005/S110 Pathfinder Error handlers save systems Lessons learned: There’s no such thing as a glitch – believe your tests!

10 Ganssle 10 MAPLD 2005/S110 Mars Exploration Rover Lessons learned: Test like you fly; fly what you test We must learn from disaster Poor error handler

11 Ganssle 11 MAPLD 2005/S110 Titan IVb Centaur Lessons Learned: Test like you fly; fly what you test Use the VCS

12 Ganssle 12 MAPLD 2005/S110 Ariane 5 Lessons Learned: Improve error handling Assume software can fail Test everything! Be careful with ported code

13 Ganssle 13 MAPLD 2005/S110 Chinook Lessons Learned: Do reviews… before shipping! Test like you fly; fly what you test

14 Ganssle 14 MAPLD 2005/S110 Therac 25 Lessons Learned: Use tested components Use accepted practices Use peer reviews

15 Ganssle 15 MAPLD 2005/S110 Radiation Deaths in Panama May ‘01: Over 20 dead patients Possible to enter data in such a way to confuse machine; unit prints a safe treatment plan but overexposes. Lessons Learned: Test carefully Better Requirements Use a defined process & peer reviews

16 Ganssle 16 MAPLD 2005/S110 Pacemakers Lessons Learned: Test everything! Flash is not a schedule enhancer

17 Ganssle 17 MAPLD 2005/S110 Near Meltdown Lessons Learned: Test everything! Improve error handling

18 Ganssle 18 MAPLD 2005/S110 Lessons Learned: Be careful with ported code Blame the engineers Uwatec dive computer (1995) The Challenger

19 Ganssle 19 MAPLD 2005/S110 A Hot Day Lessons Learned: Test everything!

20 Ganssle 20 MAPLD 2005/S110 Lessons Learned: Choose your IP carefully

21 Ganssle 21 MAPLD 2005/S110 Forgotten Failures 2000 - Ford Explorer recall 2004 - Grand Prix leap-year glitch 1992 – Crash of only F-22 prototype 2003 – BMW traps Thai politician 2003 – BMW recalls 15000 745is 2000 – Ford Explorer recall 747, 767, A340 avionics lockups 2003 – Slammer worm attacks nuke 1974 – Loss of a job for 7 years 1991 – Patriot missile failure

22 Ganssle 22 MAPLD 2005/S110 Our Criminal Behavior No Peer Reviews Implicated in the Chinook helicopter, Multidata Radiotherapy device, Therac 25. Average uninspected code contains 50-100 bugs per 1000 LOC. Inspections find most of these. Cheaply.

23 Ganssle 23 MAPLD 2005/S110 Our Criminal Behavior Inadequate testing Implicated in the Clementine, NEAR, Mars Polar Lander, Pathfinder, Mars Expedition Rover, Titan IVb, Ariane, Sea Launch, Chinook, Therac 25, Multidata, pacemakers, Los Alamos incident, huge digital thermometer. Implicated in the NEAR, Pathfinder, Titan IVb, EFF, and FAA incidents. Ignoring or cheating the VCS

24 Ganssle 24 MAPLD 2005/S110 Our Criminal Behavior Lousy error handlers Implicated in the Ariane, Los Alamos incident, Clementine, Yorktown, Mars Expedition Rover, and many others This means adopting a culture of anticipating and planning for failures! And for FPGA users it means adopting a philosophy that things do fail!

25 Ganssle 25 MAPLD 2005/S110 Our Criminal Behavior The use of dangerous tools! C (worst)500 bugs/KLOC C (average) 167-26 ADA (worst) 50 ADA (average) 25 SPARK (average) 4

26 Ganssle 26 MAPLD 2005/S110 The Boss’s Criminal Behavior Corollary: Tired people make mistakes Implicated in the Clementine, NEAR, Mars Polar Lander and many others Schedules can’t rule:

27 Ganssle 27 MAPLD 2005/S110 The Boss’s Criminal Behavior Be wary of financial shortcuts! Implicated in the Takoma Narrows Bridge, Ariane, MGM fire, and many others Reuse is extremely difficult. See “Confessions of a Used Program Salesman” by Will Tracz Implicated in the Ariane, Uwatec and many others. Reuse is not a panacea

28 Ganssle 28 MAPLD 2005/S110 Are we criminals? Or are we still in the dark ages? But there’s a lot we do know, so we’re negligent – and will be culpable – if we don’t consistently use best practices.

Download ppt "Ganssle 1 MAPLD 2005/S110 Learning from Jack Ganssle Disaster."

Similar presentations

CSE 599F: Formal Verification of Computer Systems.

CSE 599F: Formal Verification of Computer Systems.
A Gift of Fire, 2edChapter 4: Can We Trust the Computer?1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues for Computers.

A Gift of Fire, 2edChapter 4: Can We Trust the Computer?1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues for Computers.
Social Implications of a Computerized Society Computer Errors Instructor: Oliver Schulte Simon Fraser University.

Social Implications of a Computerized Society Computer Errors Instructor: Oliver Schulte Simon Fraser University.
CS 4001Mary Jean Harrold1 High Cost of Software Failure Denver Airport Baggage System (1995): $280M Ariane 5 Explosion (1996): $7B Mars Rover (2004): Unknown.

CS 4001Mary Jean Harrold1 High Cost of Software Failure Denver Airport Baggage System (1995): $280M Ariane 5 Explosion (1996): $7B Mars Rover (2004): Unknown.
An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.

An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.
1. Software in our lives, then and now  Medical (processing and analysis, Computer Aided Surgery, other various equipment)  Financial and business (banking,

1. Software in our lives, then and now  Medical (processing and analysis, Computer Aided Surgery, other various equipment)  Financial and business (banking,
Therac-25 Lawsuit for Victims Against the AECL

Therac-25 Lawsuit for Victims Against the AECL
Syllabus Case Histories WW III Almost Medical Killing Machine

Syllabus Case Histories WW III Almost Medical Killing Machine
Software Engineering Disasters

Software Engineering Disasters
Slides prepared by Cyndi Chie and Sarah Frye. Fourth edition revisions by Sharon Gray. A Gift of Fire Fourth edition Sara Baase Chapter 8: Errors, Failures,

Slides prepared by Cyndi Chie and Sarah Frye. Fourth edition revisions by Sharon Gray. A Gift of Fire Fourth edition Sara Baase Chapter 8: Errors, Failures,
1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.

1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.
EAS 140 Engineering Solutions Lecture #27 How Engineers Learn from Failure.

EAS 140 Engineering Solutions Lecture #27 How Engineers Learn from Failure.
Motivation Why study Software Engineering ?. What is Engineering ? 2 Engineering (Webster) – The application of scientific and mathematical principles.

Motivation Why study Software Engineering ?. What is Engineering ? 2 Engineering (Webster) – The application of scientific and mathematical principles.
Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani University of Bozen- Bolzano Lesson 4 – Software Testing.

Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani University of Bozen- Bolzano Lesson 4 – Software Testing.
Sources of Risks CIT304 University of Sunderland.

Sources of Risks CIT304 University of Sunderland.
A Gift of Fire Third edition Sara Baase

A Gift of Fire Third edition Sara Baase
A Gift of Fire Third edition Sara Baase

A Gift of Fire Third edition Sara Baase
Jacky: “Safety-Critical Computing …” ► Therac-25 illustrated that comp controlled equipment could be less safe. ► Why use computers at all, if satisfactory.

Jacky: “Safety-Critical Computing …” ► Therac-25 illustrated that comp controlled equipment could be less safe. ► Why use computers at all, if satisfactory.
Mysteries of Earth and Mars Mars Facts and Exploration.

Mysteries of Earth and Mars Mars Facts and Exploration.
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 0.

ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 0.

Similar presentations

Ads by Google