[SystemSafety] Software reliability (or whatever you would prefer to call it)

Peter Bishop pgb at adelard.com
Tue Mar 10 10:50:10 CET 2015 

Now I think I understand your point.
You just object to the term *software* reliability

If the term was *system* reliability in an specified
operational environment, and the system contained software
and the failure was always caused by software
- I take it that would be OK?

A alternative term like *software integrity* or some such would be 
needed to describe the property of being correct or wrong on a given input.
(In a lot of mathematical models this is represented as a "score 
function" that is either true or false for each possible input)

Peter Bishop

Nick Tudor wrote:
> Now back in the office...for a short while.
> 
> Good point David - well put.  
> 
> I would have responded: There exists a person N who knows a bit about 
> mathematics.  Person N applies some mathematics and asserts Truth.  
> Unfortunately, because of the incorrect application of the mathematics, 
> the claims N now makes cannot be relied upon.  The maths might well be 
> correct, but the application is wrong because - and I have to say it yet 
> again - the application misses fails to acknowledge that it is the 
> environment that is random rather than the software.  Software 
> essentially boils down to a string of one's and nought's. Given the same 
> inputs (and that always comes from the chaotic environment) then the 
> output will always be the same.  It therefore makes no sense to talk 
> about 'software reliability'.
> 
> Nick Tudor
> Tudor Associates Ltd
> Mobile: +44(0)7412 074654
> www.tudorassoc.com <http://www.tudorassoc.com>
> *
> *
> *77 Barnards Green Road*
> *Malvern*
> *Worcestershire*
> *WR14 3LR**
> Company No. 07642673*
> *VAT No:116495996*
> *
> *
> *www.aeronautique-associates.com <http://www.aeronautique-associates.com>*
> 
> On 9 March 2015 at 12:26, David Haworth <david.haworth at elektrobit.com 
> <mailto:david.haworth at elektrobit.com>> wrote:
> 
>     Peter,
> 
>     there's nothing wrong with the mathematics, but I've got
>     one little nit-pick about its application in the real world.
> 
>     The mathematics you describe gives two functions f and g,
>     one of which is the model, the other is the implementation.
> 
>     In practice, your implementation runs on a computer and so the
>     domain and range are not "the continuum". If your model is mathematical
>     (or even runs on a different computer), the output of one will
>     necessarily be different from the output of the other. That
>     may not be a problem in the discrete sense - you simply specify a
>     tolerance t > 0 in the form of:
> 
>     Corr-f-g(i) = 0 if and only if |f(i)-g(i)| < t
> 
>     etc.
> 
>     The problem becomes much larger in the real world of control
>     systems where the output influences the next input of the
>     sequence. The implementation and the model will tend to drift
>     apart. In the worst case what might be nice and stable in the
>     model might exhibit unstable behaviour in the implementation.
> 
>     You're then in the subject of mathematical chaos, where a
>     perfectly deterministic system exhibits unstable and unpredictable
>     behaviour. However, this email is too small to describe it. :-)
> 
>     Cheers,
>     Dave
> 
>     On 2015-03-09 11:48:57 +0100, Peter Bernard Ladkin wrote:
>      > Nick,
>      >
>      > Consider a mathematical function, f with domain D and range R.
>     Given input i \in D, the output is f(i).
>      >
>      > Consider another function, g, let us say for simplicity with the
>     same input domain D and range R.
>      >
>      > Define a Boolean function on D, Corr-f-g(i):
>      >
>      > Corr-f-g(i) = 0 if and only if f(i)=g(i);
>      > Corr-f-g(i) = 1 if and only if f(i) NOT-EQUAL g(i)
>      >
>      > If X is a random variable taking values in D, then f(X), g(X) are
>     random variables taking values in
>      > R, and Corr-f-g(X) is a random variable taking values in {0,1}.
>      >
>      > If S is a sequence of values of X, then let Corr-f-g(S) be the
>     sequence of values of Corr-f-g
>      > corresponding to the sequence S of X-values.
>      >
>      > Define Min-1(S) to be the least place in Corr-f-g(S) containing a
>     1; and to be 0 if there is no such
>      > place.
>      >
>      > Suppose I construct a collection of sequences S.i, each of length
>     1,000,000,000, by repeated
>      > sampling from Distr(X). Suppose there are 100,000,000 sequences I
>     construct.
>      >
>      > I can now construct the average of Min-1(S) over all the
>     1,000,000,000sequences S.i.
>      >
>      > All these things are mathematically well-defined.
>      >
>      > Now, suppose I have deterministic software, S. Let f(i) be the
>     output of S on input i. Let g(i) be
>      > what the specification of S says should be output by S on input
>     i. Corr-f-g is the correctness
>      > function of S, and Mean(Min-1(S)) will likely be very close to
>     the mean time/number-of-demands to
>      > failure of S if you believe the Laws of Large Numbers.
>      >
>      > I have no idea why you want to suggest that all this is
>     nonsensical and/or wrong. It is obviously
>      > quite legitimate well-defined mathematics.
>      >
>      > PBL
>      >
>      > Prof. Peter Bernard Ladkin, Faculty of Technology, University of
>     Bielefeld, 33594 Bielefeld, Germany
>      > Je suis Charlie
>      > Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de
>     <http://www.rvs.uni-bielefeld.de>
>      >
>      >
>      >
>      >
>      > _______________________________________________
>      > The System Safety Mailing List
>      > systemsafety at TechFak.Uni-Bielefeld.DE
>     <mailto:systemsafety at TechFak.Uni-Bielefeld.DE>
> 
>     --
>     David Haworth B.Sc.(Hons.), OS Kernel Developer   
>     david.haworth at elektrobit.com <mailto:david.haworth at elektrobit.com>
>     Tel: +49 9131 7701-6154 <tel:%2B49%209131%207701-6154>     Fax:
>     -6333                  Keys: keyserver.pgp.com
>     <http://keyserver.pgp.com>
>     Elektrobit Automotive GmbH           Am Wolfsmantel 46, 91058
>     Erlangen, Germany
>     Geschäftsführer: Alexander Kocher, Gregor Zink       Amtsgericht
>     Fürth HRB 4886
> 
>     Disclaimer: my opinion, not necessarily that of my employer.
> 
>     _______________________________________________
>     The System Safety Mailing List
>     systemsafety at TechFak.Uni-Bielefeld.DE
>     <mailto:systemsafety at TechFak.Uni-Bielefeld.DE>
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE

-- 

Peter Bishop
Chief Scientist
Adelard LLP
Exmouth House, 3-11 Pine Street, London,EC1R 0JH
http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855

More information about the systemsafety mailing list