COMMENT ⊗   VALID 00007 PAGES
C REC  PAGE   DESCRIPTION
C00001 00001
C00002 00002	sdi[e85,jmc]		Computing for SDI
C00004 00003	Various physicists and computer scientists have asserted that
C00006 00004		There have recently been claims by various scientists that
C00012 00005	3rd para.
C00014 00006	Hon. John W. Warner
C00015 00007	Nareth, A., v.p. Bell Labs
C00016 ENDMK
C⊗;
sdi[e85,jmc]		Computing for SDI

Parnas and CPSR say that the computer part of SDI cannot be debugged.
I don't know about the other parts of SDI --- the detection devices
(radar, etc.) or about the defense devices themselves, but there is
no law of computer science that says that even the most complex
programs cannot be verified.  If the SDI programs are extremely
complex, then it will require great effort and maybe a long time.
A simulated environment will be required for conventional debugging.
The simulated environment must also be available as an interacting
program in order to use program verification techniques.  The
programs must be able to adapt to the uncertainties in the models
used for the physical environment and the enemy weapons.  For this
reason mathematical verification techniques will be especially
important.

There is also the fact that the enemy penetration aids will involve
computer programs that are hard to debug.

Perfection is not required in order to have a deterrent effect.

David L. Parnas, Herbert Lin UCS in technology review July 85, Atlantic,

William Dickinson, John Warner

half cocked
Various physicists and computer scientists have asserted that
the computer programs required for the Strategic Defense Initiative
cannot in principle be made to work reliably.  We think they are
wrong.  [Of course, where there is a will to fail obstacles can always be
found.]

There is no law of computer science that enables drawing a conclusion
that programs cannot be made to work reliably even when they cannot
be tested under wartime conditions.  It may be difficult, and it
may require innovations in the technology of testing computer programs
comparable to the progress required by other aspects of SDI.  However,
a determined effort by first class people has excellent chances
of success.

We don't agree.

There is no reason why these technical challenges cannot be overcome.

Jastrow suggests:

Problems of comparable length and complexity have already been tackled.
	There have recently been claims by various scientists that
the computer programs that would be required to realize the
Strategic Defense Initiative (SDI) are impossible to make reliable,
and therefore the project must be abandoned.  These claims have
been made both by a few physicists and by a few computer scientists.
As far as we can see, these scientists are speaking beyond their
competence in order to lend support to the anti-SDI cause.

	The actual requirements for SDI computer systems are completely
undetermined, because they depend on what physical devices are to be
used for detecting missiles, distinguishing them from whatever decoys
may be used, and whatever physical effects may be used to destroy
the missiles.  Since these matters are still in the research stage,
the computer requirements are completely unknown.

	Therefore, those opposed to the SDI are raising arguments
of a general character.  Someone has come up with the idea that
programs of 10 million instructions will be required.  As long as
the requirements are unknown, that number is as good or bad as
any other.  There are only a few programs that big in operation.

	The argument continues by asserting that the only way to
make the program reliable is to have a nuclear war in order to
test all parts of it.  This is a mistake.

	First of all, there is no principle of computer science
that limits what size programs can be made reliable.  Making a
big program reliable that cannot be repeatedly tested in a
all situations is difficult, but it has been done, and techniques
exist and more can be developed.  Many present programs have parts
designed to deal with emergencies that are too dangerous or expensive to
allow to happen for test purposes, and many techniques are available to
make them reliable.

	These techniques include the following.  First, simulated
environments can be created that are even more demanding than
the real world is expected to be.  Second, mathematical techniques
exist for proving parts of a program correct and checking these
proofs by computer.

	If the SDI progams prove to be very demanding, and this
is quite possible, there is time to develop the necessary program
verification techniques in parallel with the development of the
SDI hardware.  As with other parts of the SDI project, the
computing part will require dedicated work by competent scientists
and engineer.
We are sure that the computer scientists who work on this
vital project will do their share.

	Those who oppose this effort to end Mutually Assured
Destruction have no basis in computer science for predicting
its failure.  They must rely on the general principle, ``Where
there is a will to fail, obstacles can always be found''.

***
 
	It seems to us that the issue of the scientific merit 
of the SDI initiative has been confused with its 
political desirability. We look forward to the time
when the technical issues brought up can
be discussed with the same professional detachment as any
other challenging "leading edge" research in computer science.
To simply claim that large scale program verification is 
undoable is to consign major parts of computer science to the
realm of mysticism. This runs counter to the basic principles
of scientific inquiry, on which our western culture is built
and nourished ever since the days of Rene Descartes and David Hume.

3rd para.
The arguments raised regarding SDI are of a general character.
The Fletcher panel says a program of 10 million instructions
will be required.  This is a very long program.  It is asserted
by these scientists that it cannot be written, and if it were
written it could not be checked.  However, the program put into
use by AT&T when the nation changed over to electronic switching
is about that long and is even more complex in its structure,
yet the program worked when it was turned on, although it had
never been tested end-to-end.

after "argument" add "against SDI"
delete 4 lines
to
"Many present programs ...
after "allow" insert "them"
period after "test purposes"
... reliable.

The AT&T experience shows that these techniques can be successful
even if a complex program is not tested "in battle".

delete paragraph beginning "If the SDI ..."

delete "to end MAD"
Hon. John W. Warner
U.S. Senate
421 Russell Senate Office Bldg.
Wash. D.C. 20510

Hon. William L. Dickinson
U.S. House of Representatives
2406 Rayburn House Office Bldg.
Washington, D.C. 20515
Nareth, A., v.p. Bell Labs