On 16 Apr 2008, at 19:44, Robert Dober wrote:
> On Wed, Apr 16, 2008 at 6:23 PM, Eleanor McHugh
> <eleanor / games-with-brains.com> wrote:
>> On 16 Apr 2008, at 14:42, Phillip Gawlowski wrote:
>>
>>> I doubt, however, that there is a single undefined state in the =20
>>> Space
>>> Shuttle's software. No uncaught exception, no reliance on language
>>> features to do the right things, but well understood and diligent
>>> implementation of those, together with rigorous QA.
>>>
>>
>> It's a lovely idea, but ponder the impact of G=F6del's Incompleteness
>> Theorems or Turing's proof of the Halting Problem. In practice =20
>> there are
>> program states which can occur which cannot be identified in =20
>> advance because
>> they are dependent on interactions with the environment, or are =20
>> artefacts of
>> the underlying problem space.
>>
> I am not sure but on a first approach I believe that neither G=F6del =
nor
> Turing apply because they are talking about systems describing
> themselves. IIRC it is a theorem in TNT(1) making an assumption about
> TNT in the first case and a turing machine reading the description of
> a turing machine on its tape in the second case.
> I do not believe that Aircraft Control Systems have this degree of
> self awareness, but I can stand corrected if I am wrong, because
> although I have been taught a lot about TM and TNT I do not know a lot
> about Aircraft Control.

Any process that is algorithmic is necessarily implementable as a =20
Turing machine so I'd argue that the very act of coding the system =20
with a process defines TNT(1) whilst the target system itself becomes =20=

TNT. Therefore until the system runs in situ and responds to its =20
environment one cannot make any firm statements regarding when the =20
system will halt. And if you can't tell when an autopilot will halt, =20
you have the potential for all kinds of mayhem...

Of course this is a terrible abuse of Church-Turing, but it seems to =20
fit the real world pretty well.

>> That's why run-time error handling and fail-safe behaviour are so =20
>> important
>> regardless of the rigour of Q&A processes.
> That however I agree with!

:)


Ellie
Who wonders what the hell this thread will look like in Google searches.

Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net
----
raise ArgumentError unless @reality.responds_to? :reason