Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 7: Computer Reliability Ethics for the Information Age Third Edition.

Slides:



Advertisements
Similar presentations
A business makes payments for what it buys, In return it receives payments for goods it sells or services it provides.
Advertisements

“An Investigation of the Therac-25 Accidents” by Nancy G. Leveson and Clark S. Turner Catherine Schell CSC 508 October 13, 2004.
The Therac-25: A Software Fatal Failure
A Gift of Fire, 2edChapter 4: Can We Trust the Computer?1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues for Computers.
 After the 7 transactions, the ledger looks like Page 105 Figure 4.5. (Show On the White board)  There are 10 accounts in the ledger.  How do you calculate.
Social Implications of a Computerized Society Computer Errors Instructor: Oliver Schulte Simon Fraser University.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
1. Software in our lives, then and now  Medical (processing and analysis, Computer Aided Surgery, other various equipment)  Financial and business (banking,
Chapter 7 Computer Reliability. Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Slide 4- 2 Chapter Overview Introduction.
Computer Errors, Failures, and Risks Dr. Kapatamoyo 9/9/14.
Reliability Tony Massihi Etan Halberg Jacob Hakak.
Syllabus Case Histories WW III Almost Medical Killing Machine
Software Engineering Disasters
Software Reliability Engineering
Ethics in a Computing Culture
©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani University of Bozen- Bolzano Lesson 4 – Software Testing.
Modern Software Development Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Department of Computer Science City College of New York City College of New York Spring 2006 Copyright © 2006 by Abbe Mowshowitz CSc 375 SOCIAL ISSUES.
A Gift of Fire Third edition Sara Baase
Errors, Failures and Risks CS4020 Overview Failures and Errors in Computer Systems Case Study: The Therac-25 Increasing Reliability and Safety Dependence,
Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
Lecture 7, part 2: Software Reliability
Software Errors Who is to blame?. Almost everything in our daily lives is controlled by CPU’s and software… Does Embedded Software = Embedded Disasters?
USS Yorktown (1998) A crew member of the guided-missile cruiser USS Yorktown mistakenly entered a zero for a data value, which resulted in a division by.
Chapter 7 Computer Reliability Small and BIG ERRORS.
Chapter 8: Computer Reliability
The Ariane 5 Launcher Failure
Risks (and Rewards) 1-2 Quinn Chapter 8 Overview Introduction Data entry or data retrieval errors Software and billing errors Notable software system.
Ch 1: The Scope of Software Engineering
Copyright © Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 7: Computer Reliability Ethics for the Information Age Forth Edition by.
ITGS Software Reliability. ITGS All IT systems are a combination of: –Hardware –Software –People –Data Problems with any of these parts, or a combination.
Chapter 8: Errors, Failures, and Risk
1 Can We Trust the Computer? What Can Go Wrong? Case Study: The Therac-25 Increasing Reliability and Safety Perspectives on Failures, Dependence, Risk,
Introduction to Software Quality Assurance
Implications of Information Technology for the Audit Process
The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight.
Liability for Computer Errors Not covered in textbook.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 8: Errors, Failures, and Risks.
Security and Reliability THERAC CASE STUDY TEXTBOOK: BRINKMAN’S ETHICS IN A COMPUTING CULTURE READING: CHAPTER 5, PAGES
Intent Specification Intent Specification is used in SpecTRM
Modern Software Development Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
CS 4001Mary Jean Harrold 1 Can We Trust the Computer?
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Ethics for the Information Age Fourth Edition by Michael J. Quinn Chapter.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Ethics for the Information Age Fourth Edition by Michael J. Quinn Chapter.
Ethics of Software Testing Thomas LaToza CS 210 Final Presentation 12 / 2 / 2002.
Trust, Safety & Reliability INTRODUCTION TO COMPUTER ERRORS TEXTBOOK: BRINKMAN’S ETHICS IN A COMPUTING CULTURE READING: CHAPTER 5, PAGES ,
Therac-25 CS4001 Kristin Marsicano. Therac-25 Overview  What was the Therac-25?  How did it relate to previous models? In what ways was it similar/different?
CHAPTER 2 TYPES OF BUSINESS INFORMATION SYSTEM. INTRODUCTION Information System support business operations by processing data related to business operation.
1 Software Quality Assurance COMP 4004 Notes Adapted from S. Som é, A. Williams.
1 The Requirements Problem Chapter 1. 2 Standish Group Research Research paper at:  php (1994)
©2001 Southern Illinois University, Edwardsville All rights reserved. Today Finish Ethics Next Week Research Topics in HCI CS 321 Human-Computer Interaction.
Chapter 8: Errors, Failures, and Risk Zach Archer Daniel O’Hara Eric Strittmatter.
Topic 10Summer Ariane 5 Some slides based on talk from Sommerville.
1 Chapter 1- Introduction How Bugs affect our lives What is a Bug? What software testers do?
1 Advanced Computer Programming Project Management: Basics Copyright © Texas Education Agency, 2013.
Ch. 7 Consumer Law and Contracts 7-1 Sales Contracts.
Software Testing Introduction CS 4501 / 6501 Software Testing
Chapter 8: Computer Reliability
Ethics and Software Reliability
ECE 103 Engineering Programming Chapter 2 SW Disasters
A Gift of Fire Third edition Sara Baase
PowerPoint® Slides to Accompany
Chapter 7: Computer Reliability
Chapter 10 – Software Testing
Week 13: Errors, Failures, and Risks
Software Engineering for Safety: a Roadmap
A Gift of Fire Third edition Sara Baase
Software Engineering Disasters
Presentation transcript:

Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 7: Computer Reliability Ethics for the Information Age Third Edition by Michael J. Quinn

1-2 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-2 Chapter Overview Introduction Data-entry or data-retrieval errors Software and billing errors Notable software system failures Therac-25 Computer simulations Software engineering Software warranties

1-3 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-3 Introduction Computer systems are sometimes unreliable –Erroneous information in databases –Misinterpretation of database information –Malfunction of embedded systems Effects of computer errors –Inconvenience –Bad business decisions –Fatalities

1-4 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-4 Data-Entry or Data-Retrieval Errors A computerized system may fail because wrong data entered into it A computerized system may fail because people incorrectly interpret data they retrieve

1-5 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-5 Disfranchised Voters November 2000 general election Florida disqualified thousands of voters Reason: People identified as felons Cause: Incorrect records in voter database Consequence: May have affected election’s outcome

1-6 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-6 False Arrests Sheila Jackson Stossier mistaken for Shirley Jackson –Arrested and spent five days in detention Roberto Hernandez mistaken for another Roberto Hernandez –Arrested twice and spent 12 days in jail Terry Dean Rogan arrested after someone stole his identity –Arrested five times, three times at gun point

1-7 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-7 Accuracy of NCIC Records March 2003: Justice Dept. announces FBI not responsible for accuracy of NCIC information Exempts NCIC from some provisions of Privacy Act of 1974 Should government take responsibility for data correctness?

1-8 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-8 Dept. of Justice Position Impractical for FBI to be responsible for data’s accuracy Much information provided by other law enforcement and intelligence agencies Agents should be able to use discretion If provisions of Privacy Act strictly followed, much less information would be in NCIC Result: fewer arrests

1-9 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-9 Position of Privacy Advocates Number of records is increasing More erroneous records  more false arrests Accuracy of NCIC records more important than ever

1-10 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-10 Analysis: Database of Stolen Vehicles > 1 million cars stolen every year –Owners suffer emotional, financial harm –Raises insurance rates for all Transporting stolen car across a state line –Before NCIC, greatly reduced chance of recovery –After NCIC, nationwide stolen car retrieval At least 50,000 recoveries annually due to NCIC Few stories of faulty information causing false arrests Benefit > harm  Creating database the right action

1-11 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-11 Software and Billing Errors Assume data correctly fed into computerized system System may still fail if there is an error in its programming

1-12 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-12 Errors Leading to System Malfunctions Qwest sends incorrect bills to cell phone customers Faulty USDA beef price reports U.S. Postal Service returns mail addressed to Patent and Trademark Office Spelling and grammar error checkers increased errors BMW on-board computer failure Temporarily out-of-control Boeing 777

1-13 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-13 Errors Leading to System Failures Los Angeles County + USC Medical Center laboratory computer Japan’s air traffic control system Chicago Board of Trade London International Financial Futures and Options Exchange Comair’s Christmas Day shutdown

1-14 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-14 Analysis: E-Retailer Posts Wrong Price, Refuses to Deliver Amazon.com in Britain offered iPaq for £7 instead of £275 Orders flooded in Amazon.com shut down site, refused to deliver unless customers paid true price Was Amazon.com wrong to refuse to fill the orders?

1-15 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-15 Rule Utilitarian Analysis Imagine rule: A company must always honor the advertised price Consequences –More time spent proofreading advertisements –Companies would take out insurance policies –Higher costs  higher prices –All consumers would pay higher prices –Few customers would benefit from errors Conclusion –Rule has more harms than benefits –Amazon.com did the right thing

1-16 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-16 Kantian Analysis Buyers knew 97.5% markdown was an error They attempted to take advantage of Amazon.com’s stockholders They were not acting in “good faith” Buyers did something wrong

1-17 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-17 Notable Software System Failures Patriot Missile Ariane 5 AT&T long-distance network Robot missions to Mars Denver International Airport Direct recording electronic voting machines

1-18 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-18 Patriot Missile Designed as anti-aircraft missile Used in 1991 Gulf War to intercept Scud missiles One battery failed to shoot at Scud that killed 28 soldiers Designed to operate only a few hours at a time Kept in operation > 100 hours Tiny truncation errors added up Clock error of seconds  tracking error of 687 meters

1-19 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-19 Ariane 5 Satellite launch vehicle 40 seconds into maiden flight, rocket self-destructed –$500 million of uninsured satellites lost Statement assigning floating-point value to integer raised exception Exception not caught and computer crashed Code reused from Ariane 4 –Slower rocket –Smaller values being manipulated –Exception was impossible

1-20 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-20 AT&T Long-Distance Network Significant service disruption –About half of telephone-routing switches crashed –70 million calls not put through –60,000 people lost all service –AT&T lost revenue and credibility Cause –Single line of code in error-recovery procedure –Most switches running same software –Crashes propagated through switching network

1-21 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-21 Robot Missions to Mars Mars Climate Orbiter –Disintegrated in Martian atmosphere –Lockheed Martin design used English units –Jet Propulsion Lab design used metric units Mars Polar Lander –Crashed into Martian surface –Engines shut off too soon –False signal from landing gear

1-22 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-22 Denver International Airport BAE built automated baggage handling system Problems –Airport designed before automated system chosen –Timeline too short –System complexity exceeded development team’s ability Results –Added conventional baggage system –16-month delay in opening airport –Cost Denver $1 million a day

1-23 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-23 Direct Recording Electronic Voting Machines After problems with 2000 election, Congress passed Help America Vote Act of 2002 HAVA provided money to states to replace punch card voting systems Many states used HAVA funds to purchase direct recording electronic (DRE) voting machines Brazil and India have run national elections using DRE voting machines exclusively In November /3 of U.S. voters used DRE voting machines

1-24 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-24 Issues with DRE Voting Machines Voting irregularities –Failure to record votes –Overcounting votes –Misrecording votes Lack of a paper audit trail Vulnerability to tampering Source code a trade secret, can’t be examined Possibility of widespread fraud through malicious programming

1-25 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-25 Therac-25 Genesis of the Therac-25 Chronology of accidents and AECL responses Software errors Post mortem Moral responsibility of the Therac-25 team

1-26 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-26 Genesis of the Therac-25 AECL and CGR built Therac-6 and Therac-20 Therac-25 built by AECL –PDP-11 an integral part of system –Hardware safety features replaced with software –Reused code from Therac-6 and Therac-20 First Therac-25 shipped in 1983 –Patient in one room –Technician in adjoining room

1-27 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-27 Chronology of Accidents and AECL Responses Marietta, Georgia (June 1985) Hamilton, Ontario (July 1985) First AECL investigation (July-Sept. 1985) Yakima, Washington (December 1985) Tyler, Texas (March 1986) Second AECL investigation (March 1986) Tyler, Texas (April 1986) Yakima, Washington (January 1987) FDA declares Therac-25 defective (February 1987)

1-28 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-28 Software Errors Race condition: order in which two or more concurrent tasks access a shared variable can affect program’s behavior Two race conditions in Therac-25 software –Command screen editing –Movement of electron beam gun

1-29 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-29 Post Mortem AECL focused on fixing individual bugs System not designed to be fail-safe No devices to report overdoses Software lessons –Difficult to debug programs with concurrent tasks –Design must be as simple as possible –Documentation crucial –Code reuse does not always lead to higher quality AECL did not communicate fully with customers

1-30 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-30 Moral Responsibility of the Therac-25 Team Conditions for moral responsibility –Causal condition: actions (or inactions) caused the harm –Mental condition Actions (or inactions) intended or willed -OR- Moral agent is careless, reckless, or negligent Therac-25 team morally responsible –They constructed the device that caused the harm –They were negligent

1-31 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-31 Uses of Simulations Simulations replace physical experiments –Experiment too expensive or time-consuming –Experiment unethical –Experiment impossible Model past events Understand world around us Predict the future

1-32 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-32 Validating Simulations Verification: Does program correctly implement model? Validation: Does the model accurately represent the real system? Validation methods –Make prediction, wait to see if it comes true –Predict the present from old data –Test credibility with experts and decision makers

1-33 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-33 Software Engineering: Specification Determine system requirements Understand constraints Determine feasibility End products –High-level statement of requirements –Mock-up of user interface –Low-level requirements statement

1-34 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-34 Software Engineering: Development Create high-level design Discover and resolve mistakes, omissions in specification CASE tools to support design process Object-oriented systems have advantages After detailed design, actual programs written Result: working software system

1-35 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-35 Software Engineering: Validation (Testing) Ensure software satisfies specification Ensure software meets user’s needs Challenges to testing software –Noncontinuous responses to changes in input –Exhaustive testing impossible –Testing reveals bugs, but cannot prove none exist Test modules, then subsystems, then system

1-36 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-36 Software Quality Is Improving Standish Group tracks IT projects Situation in 1994 –1/3 projects cancelled before completion –1/2 projects had time and/or cost overruns –1/6 projects completed on time / on budget Situation in 2006 –1/6 projects cancelled –1/2 projects had time and/or cost overruns –1/3 projects completed on time / on budget

1-37 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-37 Shrinkwrap Warranties Some say you accept software “as is” Some offer 90-day replacement or money- back guarantee None accept liability for harm caused by use of software

1-38 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-38 Are Software Warranties Enforceable? Article 2 of Uniform Commercial Code Magnuson-Moss Warranty Act Step-Saver Data Systems v. Wyse Technology and The Software Link ProCD, Inc. v. Zeidenberg Mortensen v. Timberline Software

1-39 Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 7-39 Moral Responsibility of Software Manufacturers If vendors were responsible for harmful consequences of defects –Companies would test software more –They would purchase liability insurance –Software would cost more –Start-ups would be affected more than big companies –Less innovation in software industry –Software would be more reliable Making vendors responsible for harmful consequences of defects may be wrong Consumers should not have to pay for bug fixes