[SystemSafety] Software reliability (or whatever you would prefer to call it)

Derek M Jones derek at knosof.co.uk
Mon Mar 9 02:15:51 CET 2015 

Hello,

> It has a simple purpose: to clean up the currently messy and incoherent Annex D of 61508.

If this is the intent then perhaps what is needed is a list of
suggested statistical books.

> Our aim here was not to innovate in any way, but to take the premises of the original annex, and make clear the assumptions underlying the (very simple) mathematics/statistics for any practitioners who wished to use it. The technical content of the annex, such as it is, concerns very simple Bernoulli and Poisson process models for (respectively) on-demand (discrete time) and continuous time software-based systems.How

How might a reader interpret an Annex that starts by
discussing one statistical technique and then goes on to show
how it can be applied in a software situation involving:
"... the satisfaction function of P, SatP: I " {“success”, “failure”}"

Does anybody expect the reader to say thanks very much and then
proceed to use a different statistical technique?

 > Thus there is an extensive discussion of the issue of state, and how 
this affects the plausibility of the necessary assumptions needed to 
justify claims for Bernoulli or Poisson behaviour.

This sounds like a good idea.  However, given the uncertainty about
which statistical model is appropriate for software reliability,
other statistical processes should be discussed at the same level
of importance.

> Note that there is no advocacy here. We do not say “Systems necessarily fail in Bernoulli/Poisson processes, so you must assess their reliability in this way”.

There is advocacy in the last paragraph.  Which, while not
say that systems fail in a particular way, does kind of
orient the reader in that direction.

"Further, [Anon15] suggests that the only software to which the 
Bernoulli-process interpretation
applies is software which makes no use of internal memory, so-called 
“stateless” software. Our
considerations above show that the execution of deterministic software 
from an initial state
constitutes a Bernoulli trial, and thus repeated execution a Bernoulli 
process. There is no condition
on memory use arising from our construal of a the execution of a 
deterministic program P forming a
Bernoulli process, contrary to what [Anon15] suggests."

> Whilst these are, we think, plausible models for many systems, they are clearly not applicable to all systems.

This would be a very useful statement to include in the annex,
along with an extensive discussion of the issue of state, and how
this affects the plausibility of the necessary assumptions needed to
justify claims for these other plausible models.

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com

More information about the systemsafety mailing list