[SystemSafety] Qualifying SW as "proven in use"
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Mon Jun 17 14:53:28 CEST 2013
To address your second point.
On 6/17/13 2:06 PM, Steve Tockey wrote:
> .... I have a simple
> example of a trivial 1/2 page of code that can't be fully tested (exhaustive input coverage) in the
> age of the known universe. In fact, even if one were able to execute 1 million test cases per second
> and one had started the testing 14 billion years ago (estimated "big bang") one would still be about
> 10 to the 74th power MILLION YEARS short of completely testing this mere half page of code.
If you can't perform exhaustive coverage, then it is not possible that use of this SW will have
exercised all possible combinations of input parameters.
One obvious condition on "proven in use" is that all future input-parameter combinations must have
occurred in the past. So that renders your point moot.
One other obvious condition is that you are only going to see in the future reachable states that
have been attained in the past. That is accomplished through the proxy of "sequences of function
invocations", functions here being those defined in the specification, not in some programming language.
The question is whether something like this is enough. My note suggests by example not.
Your observation also addresses the level, source code, at which it could be argued that problems
occur least often. I know of one major embedded-system component supplier who says that the majority
of their problems occur "below" the level of compiling and linking.
I suggest that, once the object code is running on whatever HW, you are faced with a Markov process.
I argue that in my note.
PBL
--
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
More information about the systemsafety
mailing list