HC Deb 23 May 1991 vol 191 cc610-1W
Mr. Dalyell

To ask the Secretary of State for Defence (1) if he will make it his policy to accept full responsibility for any damage, injury or death attributable to errors in the design of the VIPER—verifiable integrated processor for enhanced reliability—microprocessor where it is used in safety-critical computer systems controlled by his Department;

(2) what steps his Department has taken with regard to the use of the VIPER microprocessor in safety-critical computer systems controlled by his Department in response to questions as to its design and safety of operation raised in reports published by researchers employed by his Department at the university of Cambridge;

(3) what assessment he has made of the consequences of his Department's premature announcements as to the reliability of the VIPER microprocessor and its premature market launch through commercial licensees appointed by his Department;

(4) what steps his Department is taking to discourage the use of the VIPER microprocessor in civil safety-critical computer systems.

Mr. Kenneth Carlisle

The VIPER microchip was designed to a formal mathematical specification. There is debate among theoreticians about the extent to which VIPER can be said to be "proved" in a formal mathematical sense, but this should not be allowed to undermine the importance of the VIPER achievement: it was the first microchip to be designed to a formal mathematical specification; it was verified by the best methods available; and its design has been more rigorously documented and tested than that of any other microprocessor currently available commercially.

The comments made by the department of mathematics, university of Cambridge, were in the context of the continuing research programme being carried out by the electronics division, DRA, RSRE Malvern and related to the rigour of the mathematical proof process. To date, no errors have been found in the VIPER design.

My Department remains convinced that VIPER represents the best currently available microprocessor design for use in both civil and defence safety critical applications. If, however, any question about responsibility for damage, injury or death were to arise, it would be dealt with in the light of the relevant legal considerations.

VIPER is not currently used in any safety-critical computer systems controlled by MOD. Further comment at this stage would be inappropriate in view of current legal proceedings.