[SystemSafety] Comparing reliability predictions with reality
Derek M Jones
derek at knosof.co.uk
Mon Feb 24 16:20:35 CET 2025
Peter,
> public project called Tokeneer, undertaken with the NSA, where the attempt was made to develop a bug-free small (10K
> LoC, as I remember) biomeasurement system for access control. They almost succeeded (I recall Rod Chapman saying that
> two bugs were belatedly discovered).
Faults found in Tokeneer have been the subject of previous posts to this
list.
Faults are created by users in the sense of no users no faults reported,
and more users more faults reported. Any claims of low reported fault
count need to be matched against number of users.
> There are lots of ways, increasingly accessible, in which objective properties of code and its documentation can be
> rigorously established. You of course need the right kind of tools, right choice of programming language, right
> compiler, and so on.
There are plenty of claims. Reliable evidence is non-existent.
Yes, there are plenty of anecdotes.
>> In systems safety there is the belief that following a process
>> will lead to reliable code. And the evidence for this is?
>
> In system safety there is the standard IEC 61508-3 which says formal methods are highly recommended for high-reliability
> requirements. It (rather, the definition of "formal methods" in IEC 61508-4 NextEd) refers to IEC 61508-3-2 which
> describes methods for establishing objective properties of documentation and code. There are four steps in this
> "waterfall", namely requirements, design, source code, and object code, and the key relation of "fulfils".
>
> The evidence for this approach succeeding lies in, for example, the entire project histories of Praxis/Praxis HIS/Altran
> UK/CapGemini.
These standards require that a process be followed and give
broad guidelines about what to do.
The fact that some companies have produced reliable software
provides evidence that it can be done (at some cost). If these
companies were to publish details of the processes they use
and associated reliability, then we would have some evidence.
> It astonishes me that there are still people who claim some kind of software expertise who deny the efficacy of all this.
The real world continues to be a wonder to you.
> And of course it is not the only example. Modern civil aerospace is full of very-highly-reliable software-based kit,
> developed according to evolutionary company practices following DO-178C and DO-333 (or EUROCAE ED-12C and ED-216).
> Evidence, again, in the operational histories of all this kit.
I think you need to distinguish between claims made and
evidence presented.
The Oxford English Dictionary lists 17 meanings (six are obsolete),
none of which match your usage
https://www.oed.com/search/dictionary/?scope=Entries&q=evidence&tl=true
and 14 for 'claim' (five being obsolete)
https://www.oed.com/search/dictionary/?scope=Entries&q=claim&tl=true
noun: evidence
the available body of facts or information indicating whether a belief or proposition is true or valid.
"the study finds little evidence of overt discrimination"
verb: evidence; 3rd person present: evidences; past tense: evidenced; past participle: evidenced; gerund or present
participle: evidencing
be or show evidence of.
--
Derek M. Jones Evidence-based software engineering
blog:https://shape-of-code.com
More information about the systemsafety
mailing list