[SystemSafety] Degraded software performance [diverged from Fault, Failure and Reliability Again]
Michael J. Pont
M.Pont at SafeTTy.net
Thu Mar 5 16:14:24 CET 2015
Peter,
I'm not a statistician, and I'm not qualified to judge the details of your
paper. In this case, I don't think that matters (but I accept that I may be
wrong about this).
My perspective.
I spend my working life helping organisations to create software for
embedded systems that need to have deterministic (real-time) behaviour.
I've done work in the aerospace sector but most of the systems that I work
on at present are in the ISO 26262 or IEC 61508 category.
I have personal concerns about IEC 61508-7 Annex D because I think it is too
easy for organisations to get an RTOS "qualified" (and I think RTOSs are
used far more often than they should be).
My interpretation of the current issue is very straightforward (I accept
that you may call it naïve): the software doesn't change. To talk about
"software reliability" in the same sense as "hardware reliability" therefore
makes no sense to me.
More specifically, the approach described in Annex D of IEC 61508 (2010) is
- in my view - simply a form of "Black Box" testing. It is a long way from
the type of test and verification process that I would expect to see for
other software components in an IEC 61508 or related design.
Given your starting point, it's not clear to me that what you propose is
really going to be very much better than the current version of Annex D (but
I don't pretend that I have tried to do more than skim your paper).
As an alternative, it seems obvious to me that - if we have any faith in the
rest of the standard - we should apply this development process to *all*
parts of the system software (including the RTOS).
Even if we stuck with the present annex (or perhaps your alternative) but
[i] replaced "software reliability" with "system reliability", and [ii]
required detailed code and design reviews as an additional requirement, I'd
feel happier.
Simply my views.
Michael.
-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Peter Bernard Ladkin
Sent: 05 March 2015 13:46
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Degraded software performance [diverged from
Fault, Failure and Reliability Again]
Michael,
On 2015-03-05 13:29 , Michael J. Pont wrote:
> I believe that there are many people on this list who take the view
> that concept of "software reliability" (as used in this appendix) is
> flawed and unhelpful. Replacing this with another appendix that is
> based on the same concept does not seem to me to be a huge step forward.
There are more people on this list with a good publications record in the
statistical evaluation of software than there are people who have recently
expressed an opinion that the entire approach is flawed.
Not that numbers say anything, of course. Except in committee votes.
What is most obvious is that those denigrating statistical evaluation are
almost exclusively aerospace. The clientele of IEC 61508 excludes aerospace
and medical devices. I wonder, though, how aerospace, at least civil
aerospace, can lecture anyone else on coherence when it can't align its
practice with its written requirements?
It is almost equally obvious - at least to me - that almost none of the
commentary addressed arguments which actually appear in the papers.
PBL
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld,
33594 Bielefeld, Germany Je suis Charlie
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE
More information about the systemsafety
mailing list