Re: [SystemSafety] Software reliability (or whatever you would prefer to call it)

From: C. Michael Holloway < >
Date: Tue, 10 Mar 2015 06:34:22 -0400


I can't speak for Nick, but I object to the use of the term "reliability" being applied to anything other than failures (using the term loosely) resulting from physical degradation over time. I believe it is important to maintain a clear distinction between undesired behavior designed into a system, and undesired behavior that arises because something ceases to function according to its design. (Here "designed / design" is used broadly. It includes all intellectual activities from requirements to implementation.)
--
/*cMh*/

*C. Michael Holloway*
The words in this message are mine alone; neither blame nor credit NASA 
for them.

On 3/10/15 5:50 AM, Peter Bishop wrote:

> Now I think I understand your point.
> You just object to the term *software* reliability
>
> If the term was *system* reliability in an specified
> operational environment, and the system contained software
> and the failure was always caused by software
> - I take it that would be OK?
>
> A alternative term like *software integrity* or some such would be
> needed to describe the property of being correct or wrong on a given
> input.
> (In a lot of mathematical models this is represented as a "score
> function" that is either true or false for each possible input)
>
> Peter Bishop
>
> Nick Tudor wrote:
>> Now back in the office...for a short while.
>>
>> Good point David - well put.
>> I would have responded: There exists a person N who knows a bit about
>> mathematics. Person N applies some mathematics and asserts Truth.
>> Unfortunately, because of the incorrect application of the
>> mathematics, the claims N now makes cannot be relied upon. The maths
>> might well be correct, but the application is wrong because - and I
>> have to say it yet again - the application misses fails to
>> acknowledge that it is the environment that is random rather than the
>> software. Software essentially boils down to a string of one's and
>> nought's. Given the same inputs (and that always comes from the
>> chaotic environment) then the output will always be the same. It
>> therefore makes no sense to talk about 'software reliability'.
>>
>> Nick Tudor
>> Tudor Associates Ltd
>> Mobile: +44(0)7412 074654
>> www.tudorassoc.com <http://www.tudorassoc.com>
>> *
>> *
>> *77 Barnards Green Road*
>> *Malvern*
>> *Worcestershire*
>> *WR14 3LR**
>> Company No. 07642673*
>> *VAT No:116495996*
>> *
>> *
>> *www.aeronautique-associates.com
>> <http://www.aeronautique-associates.com>*
>>
>> On 9 March 2015 at 12:26, David Haworth <david.haworth_at_xxxxxx >> <mailto:david.haworth_at_xxxxxx >>
>> Peter,
>>
>> there's nothing wrong with the mathematics, but I've got
>> one little nit-pick about its application in the real world.
>>
>> The mathematics you describe gives two functions f and g,
>> one of which is the model, the other is the implementation.
>>
>> In practice, your implementation runs on a computer and so the
>> domain and range are not "the continuum". If your model is
>> mathematical
>> (or even runs on a different computer), the output of one will
>> necessarily be different from the output of the other. That
>> may not be a problem in the discrete sense - you simply specify a
>> tolerance t > 0 in the form of:
>>
>> Corr-f-g(i) = 0 if and only if |f(i)-g(i)| < t
>>
>> etc.
>>
>> The problem becomes much larger in the real world of control
>> systems where the output influences the next input of the
>> sequence. The implementation and the model will tend to drift
>> apart. In the worst case what might be nice and stable in the
>> model might exhibit unstable behaviour in the implementation.
>>
>> You're then in the subject of mathematical chaos, where a
>> perfectly deterministic system exhibits unstable and unpredictable
>> behaviour. However, this email is too small to describe it. :-)
>>
>> Cheers,
>> Dave
>>
>> On 2015-03-09 11:48:57 +0100, Peter Bernard Ladkin wrote:
>> > Nick,
>> >
>> > Consider a mathematical function, f with domain D and range R.
>> Given input i \in D, the output is f(i).
>> >
>> > Consider another function, g, let us say for simplicity with the
>> same input domain D and range R.
>> >
>> > Define a Boolean function on D, Corr-f-g(i):
>> >
>> > Corr-f-g(i) = 0 if and only if f(i)=g(i);
>> > Corr-f-g(i) = 1 if and only if f(i) NOT-EQUAL g(i)
>> >
>> > If X is a random variable taking values in D, then f(X), g(X) are
>> random variables taking values in
>> > R, and Corr-f-g(X) is a random variable taking values in {0,1}.
>> >
>> > If S is a sequence of values of X, then let Corr-f-g(S) be the
>> sequence of values of Corr-f-g
>> > corresponding to the sequence S of X-values.
>> >
>> > Define Min-1(S) to be the least place in Corr-f-g(S) containing a
>> 1; and to be 0 if there is no such
>> > place.
>> >
>> > Suppose I construct a collection of sequences S.i, each of length
>> 1,000,000,000, by repeated
>> > sampling from Distr(X). Suppose there are 100,000,000 sequences I
>> construct.
>> >
>> > I can now construct the average of Min-1(S) over all the
>> 1,000,000,000sequences S.i.
>> >
>> > All these things are mathematically well-defined.
>> >
>> > Now, suppose I have deterministic software, S. Let f(i) be the
>> output of S on input i. Let g(i) be
>> > what the specification of S says should be output by S on input
>> i. Corr-f-g is the correctness
>> > function of S, and Mean(Min-1(S)) will likely be very close to
>> the mean time/number-of-demands to
>> > failure of S if you believe the Laws of Large Numbers.
>> >
>> > I have no idea why you want to suggest that all this is
>> nonsensical and/or wrong. It is obviously
>> > quite legitimate well-defined mathematics.
>> >
>> > PBL
>> >
>> > Prof. Peter Bernard Ladkin, Faculty of Technology, University of
>> Bielefeld, 33594 Bielefeld, Germany
>> > Je suis Charlie
>> > Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>> <http://www.rvs.uni-bielefeld.de>
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > The System Safety Mailing List
>> > systemsafety_at_xxxxxx >> <mailto:systemsafety_at_xxxxxx >>
>> --
>> David Haworth B.Sc.(Hons.), OS Kernel Developer
>> david.haworth_at_xxxxxx >> Tel: +49 9131 7701-6154 <tel:%2B49%209131%207701-6154> Fax:
>> -6333 Keys: keyserver.pgp.com
>> <http://keyserver.pgp.com>
>> Elektrobit Automotive GmbH Am Wolfsmantel 46, 91058
>> Erlangen, Germany
>> Geschäftsführer: Alexander Kocher, Gregor Zink Amtsgericht
>> Fürth HRB 4886
>>
>> Disclaimer: my opinion, not necessarily that of my employer.
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety_at_xxxxxx >> <mailto:systemsafety_at_xxxxxx >>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety_at_xxxxxx >

_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Tue Mar 10 2015 - 11:34:38 CET

This archive was generated by hypermail 2.3.0 : Tue Feb 19 2019 - 13:17:06 CET