[SystemSafety] Safety-Critical Systems eJournal

Peter Bernard Ladkin ladkin at causalis.com
Mon Jan 31 19:21:44 CET 2022



On 2022-01-31 14:59 , Derek M Jones wrote:
> 
> Dewi Daniels and Nick Tudor's article hits a few nails on the head.

What they nail well is the proposition that engineers who think along the lines they indicate about 
probabilities and statistical modelling are going to make lots of mistakes. I suppose many indeed 
do: the warning not to misuse statistics is apt.

One of the issues which keeps coming up is that many engineers seem to have a Laplacian concept of 
probability. What's wrong with that was discussed extensively 350 years ago. Nevertheless, Daniels 
and Tudor seem to want to use one; of course it gets you into trouble with your reasoning: after 350 
years, this is surely nothing new. Maybe it bears repeating, but if so this particular message is 
lost. They don't clearly say "if you think like this, here is the trouble it lands you in."

I was generally disappointed me by the quality of their discussion.

They don't discuss, for example, the nature of statistical propositions. Such propositions don't 
talk of likelihood of outcomes per se; they talk of confidence in the likelihood of outcomes. 
Concerning SW, such propositions don't say "the SW is x% likely to fail"; they say "we may have y 
confidence that the SW is x% likely to fail." That is a big difference. There is no mention of 
confidence and its assessment in the paper.

Concerning the discussion of Bernoulli modelling in particular:

* In Section 3.3.1, they miss out important modelling presuppositions.

* In Section 3.3.2, the probability they adduce is not the probability which is to be used in 
Bernoulli modelling.

* In Section 3.3.3, the inference they would suggest one would draw is in fact inconsistent with one 
of the presuppositions of Bernoulli modelling.

* In Section 3.3.4, they are suggesting that some might prefer other statistical models. Quite so; 
they do. Our colleagues Jens Braband and Hendrike Schäbe just go with renewal processes.

* In Section 3.3.5, I don't see how the existence of Easter Eggs in a piece of SW might invalidate 
Bernoulli modelling.

* In Section 3.3.6, the argument is purely rhetorical. Of course you cannot predict how SW behaves 
in the absence of any preconditions or assumptions. I can't tell that my neighbour's not going to 
shoot me dead tomorrow morning. However, if I know he doesn't have a gun in the house, and I do make 
reasonable assumptions about how his past congenial and courteous behaviour is likely to persist, I 
can have some confidence he won't.

Concerning 3.3.1, 3.3.2, 3.3.3 and 3.3.5, one of the authors (Daniels) already knows what the 
technical responses from statistical modellers to the authors' points would be. I am disappointed he 
did not feel the need to present and discuss those responses.

PBL

Prof. i.R. Dr. Peter Bernard Ladkin, Bielefeld, Germany
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de




-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20220131/020cb838/attachment.sig>


More information about the systemsafety mailing list