[SystemSafety] A Critical-System Assurance Manifesto
Derek M Jones
derek at knosof.co.uk
Mon Dec 11 18:06:01 CET 2017
Peter,
> I think in this case the Bernoulli model is not concerned with
> detecting faults/fixing, but about estimating the likelihood that you
Ok, thanks.
> will not hit a defective region in the input space (which could in
> principle be the aggregate of many faults).
While in theory a visit to any part of the input space might have
the same probability, in practice some inputs occur much more
frequently than others. The evidence for this is not as plentiful
as for faults, but one of the reasons faults appear under unusual
circumstances is that a rarely visited part of the input space
is visited plus a fault exists (both have to occur together).
The Urn model is not a good description of visits to the input space,
for many problems.
> Peter Bishop
>
> On 11/12/2017 14:47, Derek M Jones wrote:
>> Peter,
>>
>>> * Statistical Evaluation
>> Chapter 1, the Urn model.
>>
>> The empirical evidence is that the Urn model is not a good
>> model of faults discovery.
>>
>> The Urn model gives equal weight to each item it contains.
>>
>> Some faults are more likely to be discovered than others, while
>> other faults are very rarely seen. This is not the Urn model
>> view of the world.
>>
>> The Urn model has lots of mathematical history associated with
>> it and appears in all the probability text books; which makes it
>> a favorite of professors.
>>
>> Isn't it about time that people started using a model with a
>> closer connection with reality?
>>
>
--
Derek M. Jones Software analysis
tel: +44 (0)1252 520667 blog:shape-of-code.coding-guidelines.com
More information about the systemsafety
mailing list