The Silver Bullet News
To Drastically Improve Software Reliability and Productivity
Latest News and Issues (September - October 2004)
This page is where you will find short news articles and other musings related to the Silver Bullet hypothesis and Project COSA. All articles are listed in the reverse order of their date of publication.
October 26, 2004
Bitter Medicine, 12:10 AM EST
The Silver Bullet site has received thousands of visitors from all over the world in the last few months. This is good news because it is a sign that the COSA software model is being seriously discussed as a possible cure for unreliable software. Of course, COSA has the "dark side of the force" (to borrow an expression from Star Wars) to contend with. It must overcome the naysayers, the knee-jerkers, the not-invented-here crowd, the false prophets, the snake oil salesmen, the know-it-alls, the plagiarizers, the paranoid investors and the merely clueless. And let us not forget those who have long ago given up on a cure. But as evidenced by the number of return visits to the site, no amount of prevarication, ignorance or ill will is going to keep thinking people from making up their own minds.
The dark side is certainly a force to be reckoned with. It will put up a fierce fight and use every dirty trick in the book to hold on to the status quo for as long as possible. But it is all to no avail because, in the end, it will lose the war. It will lose for two principal reasons:
The question is, how much more pain is the software community willing to endure before it finally agrees to take its medicine? Let's examine some of the advantages and disadvantages from the point of view of the various players.
Well, there is good news and there is bad news. The bad news is that there is no doubt that COSA will eventually eliminate the entire software reliability industry. The reason is that every business will be able to develop its own robust software applications in record time. No doubt, this will be bitter medicine for many.
But the good news outweigh the bad news, in my opinion. First off, COSA will re-energize the computer hardware industry: we will need a whole new breed of fast CPUs optimized for signal-based, synchronous software. Second, COSA will open up software development to a large segment of the population who were previously excluded from participating, the end users. I foresee an upcoming explosion in software creativity and productivity, one which will make the golden days of the eighties pale in comparison.
I am not a believer in big government but I think that the COSA software model should be supported by every government in the world because it is for the greater good of humanity. This is not the time for one country or corporation to try to gain an unfair advantage in the market through legal or other means.
Fair and sensible standards are one area where governments should be very active, in my opinion. It would be a monumental mistake if different countries and/or companies decided to adopt incompatible standards for the new software model. Standardizing COSA must be an international undertaking preferably done by a single non-profit organization set up or chosen for that purpose. I have already mentioned the Open Group as a possible choice in a previous news item. So what's in it for the government? The answer is that, once COSA is adopted and allowed to flourish, the vastly increased revenue from an expanding global economy will be more than welcome.
Given the dog-eat-dog business climate, it is tempting (and it would have been relatively easy for me) to acquire patent "protection" for every COSA innovation. However, I have always felt that the eventual adoption of the COSA model by the computer community is so critical to the safety and welfare of the public at large that I must oppose any attempt by any organization or individual to seek any sort of intellectual property advantage. There will be plenty of opportunities for everybody.
Although I have known since the first day I sat down to learn assembly language programming (1980) that the computer industry should have adopted a non-algorithmic software model from the beginning, many of the key concepts and principles underlying the COSA model did not crystallize in my mind overnight. It may seem easy after the fact but it took me a long time to expunge all vestiges of the algorithmic mindset out of my system. For example, the connection between reliability and the use of a non-algorithmic model did not occur to me until much later. What I am driving at is that the hard work has already been done. Now anybody with internet access can download it free of charge. So what's in it for me? When do I get paid?
In a free market economic system, the price of a commodity or service is a value judgment on the part of the buyer. In matters having to do with intellectual labor, I subscribe to an honor system: The buyer should pay the seller whatever he or she thinks the product is worth after using it. In this case, the buyer is society in general and the computer industry in particular. It is up to society to decide whether or not my contribution to software engineering is valuable. If it deems that COSA is worth anything, then I expect payment in return. Otherwise, I expect nothing. Having said that, my biggest reward will be the satisfaction of seeing the COSA model implemented in every computer on the planet.
Now is not the time for companies to use intellectual property laws to selfishly block so-called competitors out of the market. There will be plenty of opportunities to go around for everyone. Now is the time for the entire computer community to come together and solve the software reliability crisis once and for all.
I do not hide the fact that I have been looking for a corporate or government sponsor. At the same time, I realize that the intellectual property mindset is so ingrained in our culture that my liberal stance is likely to be detrimental to my goal of securing private funds. That being said, what's in it for the investor? The answer is that the first software company to implement a proprietary COSA system and use it to develop rock-solid solutions for its customers is bound to make a killing in the market. No company can be legally forced to divulge its source code or share its development tools with another. These are trade secrets which are protected by law. Of course, since the COSA model is no secret, others will be free to implement their own proprietary COSA-compliant systems and eventually compete on an equal footing. But it is a fact that being first to market with a revolutionary product or service is always a tremendous advantage.
The initial investment for a COSA development project will be minimal. I estimate that a comprehensive COSA desktop operating system, including all the necessary software construction tools, support for mass storage and networking, and the usual office application suite, will take less than two years to implement. The total cost should be about two million dollars (US), a mere pittance compared to the eventual benefits and the huge sums that have already been wasted. A COSA virtual machine to be used in legacy systems and embedded applications will take a lot less time and money. COSA easily lends itself to different niche markets and business models.
October 7, 2004
Event Handling, 12:10 AM EST
I have already written at length about the need to resolve data dependencies. Data are the passive objects that comprise the internal environment of a COSA system. Changes in data are internal sensory events that must be communicated to all relevant active objects in a timely manner. As I have shown, data dependencies at the cell level are handled automatically in COSA. This ensures complete coverage of internally triggered events. But changes in data are not the only events that occur in a software system. Events are also triggered by external phenomena such as key presses, mouse movements, I/O interrupts, etc... Oftentimes, new events are generated as a result of a combination of other events (see logic and sequence detectors).
One of the distinguishing characteristics of COSA is that all events, whether external or internal, are treated exactly the same way: they are all sensory signals which must be dealt with and cannot be ignored. In conventional algorithmic software, it is up to the programmer to write code that will call various subroutines to handle the events. If the subroutine is not called (for whatever reason), the event is ignored, which often leads to catastrophic failures. I have taken to calling it the software vision problem.
The reason that this is problematic is that testing for a given change may occur in many places in an algorithmic program. For example, every subroutine that needs to test for a given change in a variable must either provide its own test code in the form of a comparison operation or call another subroutine to perform the test on its behalf. In either case, the test cannot be performed unless the subroutine is called. Furthermore, the correct timing of a test is crucial since the importance of an event is valid only within a limited temporal window.
This problem does not exist in COSA because a COSA program does not depend on function calls. COSA is 100% event-driven. Every action or operation is performed as a result of an event. No exception! The mechanism is such that events cannot be ignored by the objects that need them. The result is what I call total vision, which is probably the most significant factor in ensuring rock-solid reliability in a signal-driven reactive software system.
October 2, 2004
Data-centered Software Systems, 8:40 PM EST
Recently, it occurred
to me that the COSA operating system belongs to
a class of software systems known as "data-centered software
systems" although I cannot say that I am enamored with the choice
of label. I would much prefer "change-driven software
systems." I did a search on Google and came across an article (see
below) that, at first glance, seems to understand the correlation
between reliability and the need to properly manage data dependencies.
The paper explains the importance of keeping relevant components
informed of changes in data regardless of what causes the changes or
when they occur. Data
dependencies are handled automatically in
a COSA development environment with the use of "effector-sensor associations" (ESA).
COSA goes one step further, however, by enforcing relationships at the
elementary object or cell (effector/sensor) level, not just the component level. The
result is the complete elimination of blind code. This will, in turn,
lead to rock solid reliability.
October 1, 2004
The COSA Reliability Principle (CRP), 12:45 PM EST
According to the COSA Reliability Principle or CRP, the robustness of a COSA program is proportional to its complexity. In other words, the higher the complexity, the stronger the reliability. I know it goes against intuition but this is how it works. Check it out.
(12-21-2004) The item above is obsolete. See the new COSA Reliability Principle above.
September 30, 2004
Dr. Fred Brooks characterizes conceptual (design) errors as being part of the essence of software. According to Dr. Brooks, one can improve the accidental aspects of software development (programming tools, syntax error detectors, code checkers, etc...), but one can do nothing about the essence. He writes:
Probably the most frequent and hard to eliminate conceptual error is the failure to spot all the hidden dependencies between parts of a program. Unexpected side effects stem from the failure of the programmer to spot one or more dependency between new and old functions (objects) of a program. This is often referred to as the "brittleness of software." Of course, as we know, Dr. Brooks was referring to algorithmic software. But what if we had a non-algorithmic system that automatically resolved all dependencies? The result would be unprecedented reliability.
Embedded Systems Programming
Embedded Systems Programming of CMP Media has posted a short article that I had written in response to one of their feature articles. This has resulted in considerably increased traffic to the Silver Bullet site. Thank you CMP Media. The Silver Bullet message must be made known to as many people in the software development industry as possible. If you value software reliability, help spread the word wherever and whenever you can.
September 26, 2004
Software Design vs. Hardware Design, 4:35 PM EST
I added a new paragraph on software design to the Silver Bullet page. The essence of it is that hardware failures are mostly due to physical malfunctions whereas software failures are due to design defects. If we emulate hardware design in software, then software should become just as reliable as hardware.
Hurricane Jeanne went to the north of the Miami area. We had a lot of rain and some wind but nothing major. Miami has been miraculously lucky so far this season. Four hurricanes to hit Florida within the last five weeks and not one of them hit the city directly. Now, we are waiting for that other lady of misery, hurricane Lisa, who is in the Atlantic ocean east of the lesser Antilles.
September 24, 2004
Mean Jeanne, 9:55 PM EST
Hurricane Jeanne has already caused a lot of flood damage and killed over two thousand people in Haiti, the Dominican Republic and Puerto Rico. That's when it was only a tropical storm. Now it's a full hurricane and seems to be headed directly toward southern Florida. The forecast is that the eye will land just north of Miami in Broward or Palm Beach counties. Jeanne's winds (about 100 miles or 160 kilometers per hour) are now pounding the northern Bahamas islands, specially Great Abaco, Andros, Grand Bahama and Nassau. Jeanne is not as violent as Ivan the terrible, a category 4 hurricane, but we are expecting a lot of damage from uprooted trees, flying debris (left over from Frances) and flooding. This will be the fourth hurricane to hit Florida in less than two months. An all-time record! Maybe it's time for me to move somewhere else. I'll write a report in a couple of days. In the meantime, you can follow Jeanne's path of destruction at the NOAA site.
September 23, 2004
COSA Business Models, 5:00 PM EST
of the nice things about COSA is that it can accommodate several types
of business models that target specific niche markets.
Below is a list of products and/or services for which COSA is ideally
September 21, 2004
The FAA Is at it Again, 8:45 PM EST
Southern California's air traffic control system broke down last week and nearly caused a major disaster. Although the failure was blamed on human error, the real culprit was the software, a so-called "design glitch." Software complexity and unreliability are the bane of air traffic control and avionics software systems worldwide. As Dr. Fred Brooks pointed out, hard-to-manage complexity is an essential characteristic of software. Algorithmic software, that is. Big software systems are so brittle and unpredictable that any minor modification is likely to cause a catastrophic crash. Many managers are reluctant to fix "minor" annoyances and will try to find solutions around a problem which do not involve programming or code modification.
A couple of years ago, I approached the FAA and tried to convince them that there is a much better and safer way to program computers by using a non-algorithmic model. They rejected my suggestions out of hand (see the Open Letter to CyLab). In my opinion, this latest incident in Southern California will not be the last. Similar failures will increase in frequency if only because the current aging software system in use at most airports was not designed to handle today's air traffic volume. Sooner of later, a defect due to some modification or addition to the existing software will cause a major disaster.
In the mid nineties, the FAA blew more than $1.5 billion on a new advanced air traffic control system (the Advanced Automation System or AAS, developed by IBM) that was so riddled with bugs, most of it had to be abandoned. Its replacement (STARS, developed by Raytheon) went through several delays and cost overruns that went from $460 million (original estimate) to $1.4 billion dollars.
Not to be outdone, the British National Air Traffic Control Service (NATS) seems to be having all sorts of problems with its own 940 million Euro system (*) developed by Lockheed Martin, a subsidiary of General Electric. It is interesting to note that several competing companies who do business with the FAA (Boeing, Lockheed and Raytheon) have visited the Silver Bullet site in the last two weeks or so.
These are not isolated cases. History is littered with the remnants of expensive software engineering projects that were started but never deployed due to unreliability problems. The cost to industry and society has been staggering. It is the curse of the algorithm. But all is not lost. It is not too late for the FAA and other aviation agencies around the world to adopt the COSA software model and start saving both money and lives. I just hope they would make up their minds sooner rather than later.
* The Swanwick project was six years late and £180m over budget before going live in January 2002.
How can countries like India, China, Brazil and others come from behind and take the lead in the global computer market? Answer: All they have to do is develop and market operating systems and software construction tools that solve the reliability problem. In addition, they can set up IC manufacturing plants to design and build RISC processors tailored for the new software model. They can take advantage of the complacency and lethargy of the European and North American computer industry by being the first to appear on the market with a revolutionary technology.
I personally believe that the reliability of software is so important to world safety and security that it would be best that the initial development of the new technology be conducted under the auspices of an international organization. This body would be given the authority to create and enforce industry-wide standards pertaining to data structures for such things as cells, components and various low-level messages needed for a bare-bone operating system. One of the things that must be standardized early on is the assignment of unique message identification numbers for operating system-specific components. Actual implementation of the OS kernel, software development tools and optimized processors would be left to private industry. In my opinion, there is no need to form a new standards organization. The Open Group is perfect as it is.
September 20, 2004
The Sustainable Careers Consortium (SCC), 11:40 AM EST
CyLab is the Carnegie Mellon group in charge of the Sustainable Computing Consortium (SCC). The SCC was founded by NASA (who, it seems, provided most of the initial funding), CMU and several industry organizations with the expressed goal of improving software reliability and safety. I've done a little research and it is now clear to me that the folks at CyLab and the SCC are not interested in finding a solution to the software problem. One of the members of the SCC is none other than Cigital, a software reliability firm who is on the record for insisting that there is no silver bullet that will solve the crisis. Having companies like Cigital on board is like putting the foxes in charge of the chicken coop, in my opinion. Why? Simply because a final solution to the problem will put them out of business. This may not be a politically correct thing to say in some circles, but it is the truth.
About a couple of weeks ago, shortly after I posted the Open Letter to CyLab, the Silver Bullet site was accessed by several computers at CyLab. They downloaded every page (yes, I do monitor web traffic on the Silver Bullet pages) having to do with Project COSA. Not a peep out of CyLab since. This is not surprising in the least. What follows is a quote taken from an article titled "Making software NASA-tough" by Brian Robinson for the magazine Federal Computer Week:
This is according to William Scherlis, co-director of the SCC and principal research scientist at Carnegie Mellon's School of Computer Science. Isn't it amazing that a professor of computer science at CMU would have no compunction in characterizing a purely technological problem as a market phenomenon? Admittedly the article appeared in July 2002, but the point here is that this was their position from the beginning. Denying the possibility of developing a silver bullet and calling it a "magical technology bullet" is a way of saying, "we are going to work on it, but don't bother hoping for a solution. Just keep the money flowing in and all will be well with the world." Needless to say, most of it is the taxpayer's money. In the meantime, software glitches and low productivity are costing the world many billions of dollars a year in delays and lost revenue.
The SCC is two years old. Has it made any progress toward solving the software crisis since it was formed? I don't think so. How much longer can this go on?
September 14, 2004
Computer Geeks: the Neo-Luddites?, 9:25 PM EST
In early nineteenth century England, at the dawn of the industrial revolution, an organized worker movement known as the Luddites (after Ned Ludd) revolted against what they considered to be a threat to their livelihood. They violently opposed the introduction of mechanized automated looms by smashing them with hammers. History tells us that the Luddites were no match against the rich and powerful industrialists. The movement was brutally squashed and many of its leaders were publicly hanged or forcibly deported.
One would expect that the average computer scientist or programmer would welcome any solution to the software reliability crisis with open arms. After all, they are the ones who have to deal with the bugs in their programs. It turns out that this is not the case. I get more blatant, in-your-face, hostility from software engineers and computer scientists than from any other sector of the computer business.
I had thought about it before but I never really tried to understand why something as easy to grasp as the COSA model should encounter so much resistance from the software development community. COSA is not, after all, rocket science. It occurred to me today (something happened which I am not at liberty to divulge) that any solution to the software reliability crisis is a major threat to the livelihood of programmers and software experts worldwide. Why? For two reasons a) Programmers spend the major part of their working hours, not writing code, but debugging it; and b) There is a huge software reliability industry out there whose continued prosperity depends on the sustained unreliability of software. Just do a search on Google for "software reliability" or "software quality assurance" to get an idea of how vast this industry has become.
It is obvious that unreliable software is keeping a lot of people gainfully employed. I am very well aware of the fact that the adoption of the COSA model by the industry is going to displace a lot of well-paying jobs. Am I fighting a losing battle? Maybe. Should I feel guilty? I don't think so. It is not my fault that our economic systems are based on human labor. And besides, nobody can stop the march of progress. What will happen when advanced robots and artificial intelligences replace everybody, i.e., when human labor and expertise become obsolete? I shudder at the thought. This is the world that we live in. An interesting world, to say the least.
September 13, 2004
Intel vs. AMD, 10:25 PM EST
Most of us are aware of the intense competition between Intel and Advance Micro Devices in the CPU marketplace. While Intel has about 82% of the total US market share, AMD recently outsold Intel in the retail desktop market 54% to 45%. They are giving Intel a run for their money, which is a good thing for consumers. It is becoming harder and harder to compete in this business by cranking up processing speed. Manufacturers need to find other ways to get an edge.
What would happen if a new computing paradigm appeared on the scene and rapidly displaced the old one? Of course, I'm thinking of the COSA model here (what else?), but what if this new computing model could be significantly enhanced by specially designed chip sets? Well, it goes without saying that the first chip manufacturer to release these chips would make a killing. Are the marketers and trend prognosticators at AMD and Intel savvy enough to anticipate when the computing world is going to change course? Maybe.
So far, AMD is having a hard time penetrating the commercial and notebook marketplace where Intel is the undisputed heavyweight champion. AMD is not even a contender yet. Will AMD see the writing on the wall? Do they have enough understanding of the market forces to perceive that the biggest problem in the computer industry is software reliability? Are they wise enough to foresee that any solution to this problem would drastically transform the market landscape, not only for software but for CPUs as well?
In order to tackle the new software model, the new CPUs must be designed to "understand" such new concepts as synapses, signal source and destination, and input and output processing lists. CPUs should no longer be seen as instruction processors but as cell processors. It is a radical new way of looking at things. Of course, one would be foolish to release a new CPU unless the specifications for the new operating system are stable enough. Fortunately, the COSA kernel is simple enough that it should not take long for it to stabilize.
There is no question about it, in my opinion: The non-algorithmic synchronous software model (the COSA model) will sooner or later replace the old system, for the simple reason that it will solve the reliability problem. If AMD wants to get a long-term foothold in this industry, I suggest that they start thinking about COSA right away and beat Intel to the market with a killer product. It's probably their only chance.
But then again, why does it have to be either AMD or Intel? Why can't it be a new contender? Why can't it be Motorola, or Transmeta, or Texas Instruments, or Sun Microsystems? And why can't it be the Japanese, or the Taiwanese, or the Brazilians, or the Finns, or some other country? And let us not forget mainland China. We'll just have to wait and see. There is a sweet smell of revolution in the air.
September 12, 2004
Silver Bullet Discussion Group, 12:25 PM EST
September 10, 2004
NASA's History of Software Failures, 1:25 PM EST
NASA's chronic string of catastrophic failures would be laughable if it weren't so tragic. Most of the failures were due to defects in their software. Just recently, NASA's 250+ million dollar Genesis probe crashed in the desert. None of the probe's chutes deployed as planned. Barring a physical malfunction, the reason will most likely be attributed to some sort of software failure, although an investigation to determine the cause of this latest accident is under way.
Alright, I agree that this is unfair to NASA since they've had some spectacular successes as well. It's just that some of the failures are almost unforgivable. I'm thinking of the 125 million dollar Mars Climate Orbiter that was lost because one part of the software was "thinking" in metric units while the other was using English units (inches, feet and pounds). Had NASA and its hired consultants been using a software construction and execution environment based on the COSA model, none of these "software accidents" would have happened.
A little over two years ago, I contacted several people at NASA to try to get them interested in my ideas on software reliability. The following is a list of the people I sent emails to.
Not one of the individuals listed above bothered to reply to my emails. That is rather rude, wouldn't you say? Now, I know that NASA has forked more than 23 million dollars of the tax payer's money over to Carnegie Mellon's CyLab in support of the Sustainable Computing Consortium (SCC). Will that money be wasted (it's been close to two years already) or will Dr. William Guttman, the SCC's director at CyLab come to his senses and do the right thing?
September 9, 2004
Open Letter to CyLab, 12:35 PM EST
I slightly modified the open letter to
CyLab: I added a link to the FAA
and Dr. Dan Mehan's email address. Please do your part and write to the FAA,
NASA, DARPA, CyLab (and anyone else who might
be interested in robust software around the world) and ask them to take a
look at the Silver Bullet article and at Project
COSA. There is no doubt in my mind that these ideas will solve the
global software reliability crisis.
The Silver Bullet site has been getting a lot of hits lately, especially from companies like Boeing, LM Ericsson and several financial and educational institutions from around the world, organizations for whom software defects are no laughing matter. When this whole thing explodes (and it will, sooner or later), the FAA's incompetence will be there for everyone to see. They had the solution in their lap many years ago and they dismissed it. In a rather uncourteous (they stopped replying to my emails) manner, I might add. They should have known better, given the critical nature of aviation and avionics software. But it is never too late. Let us hope they see the light.
September 4, 2004
Open Letter to CyLab, 2:15 PM EST
CyLab is a project hosted by Carnegie Mellon University in Pennsylvania. Its primary goal is to find better ways to develop dependable and secure computing, i.e., to find a viable solution to the software reliability crisis. CyLab is supported by the U.S. federal government and by various international corporations. Due to the serious nature of the reliability crisis, these companies decided to form what is known as the Sustainable Computing Consortium. The SCC is run by CyLab under the direction of Bill Guttman. Dr. Guttman is in a privileged and fortunate position to make a fateful decision regarding software reliability, a decision which will affect the future of the entire software industry. I direct this open letter to Dr. Guttman.
September 2, 2004
Hurricane Frances, 12:25 PM EST
I live in southern Florida and I am now getting ready for Hurricane Frances which is now over the Bahamas. I have experienced a category 4 hurricane many years ago in the eastern Caribbean and I know how dangerous it can be. If I'm still around after the hurricane, I'll write a report.
September 1, 2004
Closing Down, 10:30 AM EST
Ok. For something completely different. A lot of people have benefited freely from the information contained on this site. If it were completely up to me, I would continue to provide this information free of charge. But I can no longer afford it. Unless I get a source of funding in the next few days, I will be forced to close down the site. So I suggest that everyone copy the latest pages to your computers. Sorry.
In response to criticism from a few readers, I added a new section on Von Neumann architectures to the Silver Bullet page.
©2004-2006 Louis Savain
Copy and distribute freely