600.436
High-Assurance Systems
Fall 01/Introduction
25
The Problem of “Systems”
¨Systems provide a tool for dealing with complexity by
inducing layered “scopes” (components) on the problem structure.
–This component structure is defined by the designed
behavior of the respective pieces.
–Underlying assumption: the components are not
hostile.
¨When we combine components in software, these scopes are
not preserved (no containment
boundaries)
–Failure propagation therefore does not observe the
architected component structure.
–Neither does hostile behavior
–Current language runtimes exacerbate the problem.
¨Understanding failures is hard in mechanical systems,
but software systems have many more
(and more highly interdependent) states.
¨To the developer, a critical need is to limit the scope
of each failure by making these states more
independent.