Re: [SystemSafety] Qualifying SW as "proven in use"

From: Peter Bernard Ladkin < >
Date: Mon, 17 Jun 2013 14:53:28 +0200

To address your second point.

On 6/17/13 2:06 PM, Steve Tockey wrote:
> .... I have a simple
> example of a trivial 1/2 page of code that can't be fully tested (exhaustive input coverage) in the
> age of the known universe. In fact, even if one were able to execute 1 million test cases per second
> and one had started the testing 14 billion years ago (estimated "big bang") one would still be about
> 10 to the 74th power MILLION YEARS short of completely testing this mere half page of code.

If you can't perform exhaustive coverage, then it is not possible that use of this SW will have exercised all possible combinations of input parameters.

One obvious condition on "proven in use" is that all future input-parameter combinations must have occurred in the past. So that renders your point moot.

One other obvious condition is that you are only going to see in the future reachable states that have been attained in the past. That is accomplished through the proxy of "sequences of function invocations", functions here being those defined in the specification, not in some programming language.

The question is whether something like this is enough. My note suggests by example not.

Your observation also addresses the level, source code, at which it could be argued that problems occur least often. I know of one major embedded-system component supplier who says that the majority of their problems occur "below" the level of compiling and linking.

I suggest that, once the object code is running on whatever HW, you are faced with a Markov process. I argue that in my note.


Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319

The System Safety Mailing List
Received on Mon Jun 17 2013 - 14:53:37 CEST

This archive was generated by hypermail 2.3.0 : Sun Feb 17 2019 - 20:17:05 CET