Re: [SystemSafety] Does "reliable" mean "safe" and or "secure" or neither?

From: Peter Bernard Ladkin < >
Date: Sat, 23 Apr 2016 18:58:47 +0200


On 2016-04-23 13:34 , Nick Tudor wrote:
> As previously established...software does not have a reliability.

I think there is pretty much a consensus that the term "software reliability" does have a specified meaning in software engineering. There is even a Handbook of Software Reliability Engineering published by IEEE Computer Society Press (edited by Michael Lyu, 1995).

If anyone wants to claim the term has no meaning, then they are contradicting the IEC, and the IEEE, both in its standards and in its handbook-publishing, which I show below, and apparently ANSI (indirect reference from Koopman's 1999 course notes) as well as the standard texts Laprie-Avizienis-Randell-Landwehr 2004 and its predecessor Laprie 1992, Leveson 1995, Bedford and Cooke 2001, Rausand 2014, Birolini 2014, Somerville 2004. Phil Koopman gave a course on "Software Reliability" in 1999 whose notes are on-line (he uses the IEEE definition). Littlewood has been publishing in the area of software reliability for going on half a century (I'm not sure he'll thank me for saying that :-) ) as well as having been the long-time editor for IEEE TSE for articles on software reliability. There is, at City University London, a Centre for Software Reliability with a very distinguished research staff, many of whom are here. There is also another one at Newcastle University, which started and runs one of Europe's most successful industry-academic safety interest groups (until Tom and Joan finally retire in a few months).

That's a long list of notable people/textbooks/handbooks as well as two major electrotechnical standards organisations, who think the term has meaning, as well as two universities who use it in the names of research organisations of theirs. And that's just what I can put together quickly from what I have to hand. Not only that, these sources basically agree on what the meaning is, as we shall see below.

Then there is Nick Tudor, who claims the term has no meaning, who claims it has been so "established" here that it has no meaning. What astonishes me is that Nick thinks he has any support at all for that view.

Here are the definitions.

Electropedia, the on-line version of IEC 60050, which defines all technical terms in IEC standards, says, in definition 191-01-24, that
[begin cite IEC 60050]

191-01-24 reliability, <of an item>
[is the]

ability to perform as required, without failure, for a given time interval, under given conditions
[end cite IEC 60050]

where an "item" is

[begin cite IEC 60050]

191-01-01 item
[is the]

subject being considered

Note 1 to entry: The item may be an individual part, component, device, functional unit, equipment, subsystem, or system.

Note 2 to entry: The item may consist of hardware, software, people or any combination thereof.

[end cite IEC 60050]

A similar definition was available in the same document in 1985, referenced by the IFIP WG 10.4 dependability vocabulary (Laprie 1992). The 2004 Avizienis-Laprie-Randell-Landwehr vocabulary (an update of Laprie 1992) says (as did Laprie 1992) that reliability is continuity of correct service. Since the original referred to the IEC definition, I think it's fair to presume that the authors meant their shorter version to say something similar, but using different words. They obviously think the concept of reliability is applicable to software, as evidenced in this quote (from the 2004 document) "Reliability growth models, either for hardware, for software, or for both, are used to perform reliability predictions from data about past system failures".

Leveson talks about software reliability explicitly on pp28-30 of Safeware.

Phil Koopman has a whole series of lecture notes for a course given in 1999 entitled "Software Reliability" at https://users.ece.cmu.edu/~koopman/des_s99/sw_reliability/ The notes say that ANSI and the IEEE Handbook use the definition "According to ANSI, Software Reliability is defined as: the probability of failure-free software operation for a specified period of time in a specified environment. [ANSI91][Lyu95]" That is obviously conformant with the IEC definition, specifying the item as a piece of software.

Meine van de Meulen's collection of definitions (Definitions for Hardware and Software Safety Engineers, Springer 2000) has an entry for "Software Reliability" (of course), and quotes IEEE 982.1, 1988 and IEEE 729, 1983: "the probability that software will not cause the failure of a system for a specified time under specified conditions........" IEEE 729 is the Standard Glossary of Software Engineering Terminology. IEEE 982.1 is the Standard Dictionary of Measures to Produce Reliable Software. Van de Meulen also cites the definition from the well-known book Musa et al., Software Reliability; measurement, prediction, application (McGraw-Hill 1987).

Bedford and Cooke's standard text on Probabilistic Risk Analysis: Foundations and Methods (Cambridge U.P., 2001) has a whole chapter, Chapter 12, entitled "Software Reliability".

Marvin Rausand's book on Reliability of Safety-Critical Systems (Wiley, 2014) defines reliability as "the ability of an item to perform a required function, under given environmental and operational conditions, and for a stated period of time" and further clarifies "...item may be an element, a channel, a subsystem or the complete SIS, and it may include both hardware and software."

Alessandro Birolini's text on Reliability Engineering: Theory and Practice (Springer 2014) has an entry in the index for "software reliability" which directs to "software quality", which refers to Section 5.3 Design Guidelines for Software Quality. Software quality is "the degree to which a softare package possesses a stated combination of quality attributes" (p160) and a list of such quality attributes is given in Table 5.4 Important Software Quality Attributes and Characteristics, amongst which is "Defect Freedom (Reliability)" defined as "Degree to which a software package can execute its required functions without causing system failures".

Ian Somerville's standard text Software Engineering (7th edition, Pearson 2004) has a definition in his accompanying slides (I don't have the text to hand): "Software reliability
How likely is it that a software component will produce an incorrect output. Software failure is usually distinct from hardware failure in that software does not wear out."

I'm now bored. Time for a glass of wine and some Chaucer (Bernard O'Donoghue's got a great new "guided selection" out).

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Je suis Charlie
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Sat Apr 23 2016 - 18:59:27 CEST

This archive was generated by hypermail 2.3.0 : Tue Apr 23 2019 - 01:17:08 CEST