[SystemSafety] A Critical-System Assurance Manifesto

Peter Bishop pgb at adelard.com
Tue Dec 12 11:18:20 CET 2017 

Actually there is a problem with the urn analogy if each ball represents
a different point in the input space.

Random selection (drawing a ball) implies an equal probability of
selecting any point in the input space.

In practice this is not the case. Actual execution of software is
determined by the external world and can vary from one mode of use to
another. This "input profile" can be expressed as the probability of
selecting each point in the input space (which can vary).

So there could be an input profile where defective points are *never"
selected, and another profile where defective points are *always* selected.

Statistical testing sets a bound on reliability for a *specified input
profile*. We cannot change the input profile and assume the bound still
holds.

You could make the urn model fit by aggregating input points to create
groups (balls) of equal probability, but you would need to create a new
box of balls (with a different proportion of black and white balls) if
you changed the input profile.

Peter Bishop


On 12/12/2017 09:34, Peter Bernard Ladkin wrote:
> 
> 
> On 2017-12-12 10:18 , RICQUE Bertrand (SAFRAN ELECTRONICS & DEFENSE) wrote:
>> My understanding was that drawing process was supposed to be neutral when picking a token
> Whatever "neutral" means.
> 
> The key property is that there is a fixed probability p of picking a white ball.
> 
> This does not translate into saying that all the balls must be picked one after another (as if the
> balls represented inputs), or indeed any other way of picking the balls.
> 
> It might be a disadvantage of the Urn model that it seems to lead people to misleading conclusions
> such as that the inputs to a Bernoulli Process must fit a such-and-such-distribution curve.
> 
> PBL
> 
> Prof. Peter Bernard Ladkin, Bielefeld, Germany
> MoreInCommon
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319  www.rvs-bi.de
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> 

-- 

Peter Bishop
Chief Scientist
Adelard LLP
24 Waterside, 44-48 Wharf Rd, London N1 7UX
http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855

Registered office: Stourside Place, Station Road, Ashford, Kent TN12 1PP
Registered in England & Wales no. OC 304551. VAT no. 454 489808

This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.

More information about the systemsafety mailing list