[SystemSafety] A Critical-System Assurance Manifesto
Peter Bishop
pgb at adelard.com
Wed Dec 13 18:14:14 CET 2017
On 12/12/2017 13:44, Derek M Jones wrote:
> Peter,
>
>> Statistical testing sets a bound on reliability for a *specified input
>> profile*. We cannot change the input profile and assume the bound still
>> holds.
>
> Can we ever hope to know what the input profile to a program
> might be?
>
> Without this attempts to build an accurate software reliability model
> are doomed.
>
In certain highly constrained situations, it is possible to define an
input profile. Specifically for nuclear protection there are plant
transients (demands) caused by some underlying plant incident. A plant
safety analysis quantifies the frequency of the different demands and
this mix of demands is used for reliability testing.
Of course it is unlikely that the test profile exactly matches the
operational profile, but there is a bit of theory that allows the
confidence bound derived from testing to be rescaled for departures from
the assumed profile, namely:
pfd_OP <= max(p(i)'/p(i) pfd_Test
Where p(i)' is the operational prob of demand i
and p(i)' is the test environment prob of demand i
The theory also shows that adding adding some extra "padding" tests to
low probability demands reduces the sensitivity to profile change.
Peter Bishop
--
Peter Bishop
Chief Scientist
Adelard LLP
24 Waterside, 44-48 Wharf Rd, London N1 7UX
http://www.adelard.com
Recep: +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855
Registered office: Stourside Place, Station Road, Ashford, Kent TN12 1PP
Registered in England & Wales no. OC 304551. VAT no. 454 489808
This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.
More information about the systemsafety
mailing list