[SystemSafety] What do we know about software reliability?

Daniel Kästner kaestner at absint.com
Wed Sep 16 09:00:38 CEST 2020


Hi all,

coming from the software side, I agree with Hugues that it's easiest to talk about a concrete example.

And we could even narrow it down further, let's say:
--->
begin

if A then 
  do_nothing 
else
  fail by float-to-int cast for some particular values --as in the Ariane example
end if

end
<---
Any decent sound static analyzer will point out that you have a defect there. 

But you might not run in the critical situation by testing, and the critical values might not directly correspond to control decisions, so you can't easily detect that you missed something by structural test coverage.

Let's assume you don't have such an analyzer, and the software ran "reliably" for some time, what is the consequence of that? Does it mean that you don't need to fix it, if somehow you become aware of it? 

Best regards,
  Daniel.


----- Original Message -----
From: "hugues bonnin" <hugues.bonnin at free.fr>
To: systemsafety at lists.techfak.uni-bielefeld.de
Sent: Wednesday, September 16, 2020 2:02:44 AM
Subject: Re: [SystemSafety] What do we know about software reliability?

Hi all,

I have an alternative "toy" to propose: do you think that this software is reliable (written in ada-like code)?

begin

if A then 
  do_nothing 
else
  fail --potentially hurt and kill people
end if

end

The specification of the software is to do nothing; 
NB: I'm not asking if it is the best implementation, whatever the criteria are, but just : "is it reliable?"

regards,

Hugues


----- Mail original -----
> De: "Peter Bernard Ladkin" <ladkin at causalis.com>
> À: systemsafety at lists.techfak.uni-bielefeld.de
> Envoyé: Mardi 15 Septembre 2020 19:58:45
> Objet: Re: [SystemSafety] What do we know about software reliability?
> 
> Bev and I and Dewi have a colleague who poses the following question.
> 
> "We have clients who have installed hundreds of [examples of our kit]
> over the last ten years, and
> have never seen any failure. They want to use it in further systems
> that they build. What arguments
> do we/they need to provide in order validly to justify such further
> use?"
> 
> So, what is the answer to that question?
> 
> PBL
> 
> Prof. Peter Bernard Ladkin, Bielefeld, Germany
> Styelfy Bleibgsnd
> Tel+msg +49 (0)521 880 7319  www.rvs-bi.de
> 
> 
> 
> 
> 
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription:
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
-- 
Dr.-Ing. Daniel Kaestner -------------------------------------------------------------------- 
AbsInt Angewandte Informatik GmbH Email: kaestner at AbsInt.com 
Science Park 1 Tel: +49-681-3836028 
66123 Saarbruecken Fax: +49-681-3836020 
GERMANY [ http://www.absint.com/ | http://www.AbsInt.com ] 
---------------------------------------------------------------------------------------------------- 
Geschaeftsfuehrung: Dr.-Ing. Christian Ferdinand 
Eingetragen im Handelsregister des Amtsgerichts Saarbruecken, HRB 11234


More information about the systemsafety mailing list