Re: [SystemSafety] Software reliability (or whatever you would prefer to call it) [UNCLASSIFIED]

From: King, Martin (NNPPI) < >
Date: Fri, 6 Mar 2015 13:30:35 +0000

This message has been marked as UNCLASSIFIED by King, Martin (NNPPI)

Many safety shutdown systems will spend a considerable proportion of their time (90%+) in one of two plant states (operational and maintenance) with parameters that are quite limited in range. The two dominant states usually have parameter values that are quite disparate. Most of the remainder of the time is spent transitioning between these two states. In an ideal world the limited range of parameter values that will cause a shutdown will never occur - in practise they will normally occur extremely rarely over the life of the plant. Is this really the input value distribution that we want to test our equipment with?

Martin King
(My opinions etc, not necessarily those of my employer or colleagues!)  

-----Original Message-----
Sent: 06 March 2015 13:04
To: systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Software reliability (or whatever you would prefer to call it)

I agree. That's why I added the point about explicit assumtions before using such measurements to predict the future.

There is usually a hidden assumption that the future input distribution will match that encountered during the measurement. But it's hard to justify having high confidence that such an assumption will prove correct.


On 06/03/2015 12:32, Derek M Jones wrote:
> Martyn,
>> The company calculates some measure of the amount of usage before
>> failure. Call it MTBF.
> Amount of usage for a given input distribution.
> A complete reliability model has to include information on the
> software's input distribution.
> There is a growing body of empirical work that builds fault models
> based on reported faults over time. Nearly all of them suffer from
> the flaw of ignoring the input distribution (they also tend to ignore
> the fact that the software is changing over time, but that is another
> story).

The System Safety Mailing List

The following attachments and classifications have been attached: The data contained in, or attached to, this e-mail, may contain confidential information. If you have received it in error you should notify the sender immediately by reply e-mail, delete the message from your system and contact +44 (0) 1332 622800(Security Operations Centre) if you need assistance. Please do not copy it for any purpose, or disclose its contents to any other person.

An e-mail response to this address may be subject to interception or monitoring for operational reasons or for lawful business practices.

(c) 2015 Rolls-Royce plc

Registered office: 62 Buckingham Gate, London SW1E 6AT Company number: 1003142. Registered in England.

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Fri Mar 06 2015 - 14:30:50 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST