[SystemSafety] Difference between software reliability and astrology

Tue Aug 20 22:13:06 CEST 2024

On 2024-08-20 20:40 , Paul Sherwood wrote:
>
> These memoryless distributions seem chosen to model relatively simple software 

They are not "chosen", they exist. Either your software behaviour fulfils the property, or it doesn't.

> As you said in 2015
>
> "We conclude that establishing the reliability of RTOS practically using the Bernoulli/Poisson 
> mathematics in this manner looks close to infeasible. Yet Annex D currently states in its second 
> sentence “This approach is considered particularly appropriate as part of the qualification of 
> operating systems, [etc.]” !
>
> It seems to me that for complex software in general, we'll need something better?

Better? Like what?

If the behaviour of your software doesn't fulfil the constraints of particular stochastic processes, 
all you can say is that you can't evaluate the software using those stochastic processes. If you 
want to try to magic up stochastic processes that fit the behaviour of your software, be my guest. 
Until that point, statistical evaluation of your software would not be possible. That, in 
particular, would invalidate all claims you might want to make via "statistics".

> - the standards have been oriented towards simpler software (with justification, because 
> complexity makes safety more difficult), and simple software (particularly software designed for 
> safety-critical use running on simple hardware) can be considered practically deterministic.

It is necessary to be more specific. My point concerned the IEC 61508 standard, and you might find 
people working with that standard who wouldn't necessarily agree that it is "oriented towards 
simpler software".

I think what we would all agree is that, if your software doesn't fulfil the requirements of a 
standard such as 61508, then it doesn't. If that is so for all standards concerning safety-related 
software (such as for rail, or for civil aviation), then you are out of luck in claiming your 
software is somehow nevertheless appropriate for use in that area.

> - for more complex software the Bernoulli/Poisson model may be applicable in some cases, but not 
> generally.

I don't know why you would conflate Bernoulli processes and Poisson processes.

There are a couple of basic facts here. You are lacking any useful statistical evaluation procedure 
for something like the Linux kernel. Furthermore, it wasn't developed according to any of the 
standards, in any industry branch, for safety-related software. So you can't use it in any of those 
applications. Nothing that has been said during discussion changes either of those two facts.

PBL

Prof. Dr. Peter Bernard Ladkin
Causalis Limited/Causalis IngenieurGmbH, Bielefeld, Germany
Tel: +49 (0)521 3 29 31 00