This Article 
 Bibliographic References 
 Add to: 
The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software
January 1993 (vol. 19 no. 1)
pp. 3-12

This work affirms that the quantification of life-critical software reliability is infeasible using statistical methods, whether these methods are applied to standard software or fault-tolerant software. The classical methods of estimating reliability are shown to lead to exorbitant amounts of testing when applied to life-critical software. Reliability growth models are examined and also shown to be incapable of overcoming the need for excessive amounts of testing. The key assumption of software fault tolerance-separately programmed versions fail independently-is shown to be problematic. This assumption cannot be justified by experimentation in the ultrareliability region, and subjective arguments in its favor are not sufficiently strong to justify it as an axiom. Also, the implications of the recent multiversion software experiments support this affirmation.

[1] Leveson, N.G., "Software Safety: What, Why, and How,"ACM Computing Surveys, Vol. 18, No. 2, June 1986, pp. 125-163.
[2] I. Peterson, "A digital matter of life and death,"Science News, Mar. 1988.
[3] E. Joyce, "Software bugs: A matter of life and liability,"Datamation, May 1987.
[4] N. R. Mann, R. E. Schafer, and N. D. Singpurwalla,Methods for Statistical Analysis of Reliability and Life Data. New York: Wiley, 1974.
[5] A. A. Abdel-Ghaly, P. Y. Chan, and B. Littlewood, "Evaluation of competing software reliability predictions,"IEEE Trans. Software Eng., vol. SE-12, no. 9, Sept. 1986.
[6] B. Littlewood and P. A. Keiller, "Adaptive software reliability modeling," inProc. 14th Int. Symp. Fault-Tolerant Computing, 1984, pp. 108-113.
[7] B. Littlewood, "Stochastic reliability-growth: A model for fault-removal in computer programs and hardware designs,"IEEE Trans. Reliability, pp. 313-320, 1981.
[8] P. A. Keiller and D. R. Miller, "On the use and the performance of software reliability growth models,"Reliability Engineering and System Safety, pp. 95-117, 1991.
[9] B. Littlewood, "Predicting software reliability,"Phil. Trans. Roy. Soc. London, pp. 513-526, 1989.
[10] P. M. Nagel and J. A. Skrivan, "Software reliability: Repetitive run experimentation and modeling," NASA Contractor Rep. 165836, Feb. 1982.
[11] A. Avizienis, "The n-version approach to fault-tolerant software,"IEEE Trans. Software Eng., pp. 1491-1501, Dec. 1985.
[12] R. K. Scott, J. W. Gault and D. F. McAllisier, "Fault tolerant software reliability modeling,"IEEE Trans. Software Eng., vol. SE-13, pp. 582-592, May 1987.
[13] D. Miller, "Making statistical inferences about software reliability," NASA Contractor Rep. 4197, Nov. 1988.
[14] J. Knight and N. Leveson, "An experimental evaluation of the assumption of independence in multiversion programming,"IEEE Trans. Software Eng., vol. SE-12, no. 1, pp. 96-109, Jan. 1986.
[15] T. J. Shimeall and N. G. Leveson, "An empirical comparison of software fault-tolerance and fault elimination,"IEEE Trans. Software Eng., pp. 173-183, Feb. 1991.
[16] J. C. Knight and N. G. Leveson, "A reply to the criticisms of the Knight&Leveson experiment,"ACM SIGSOFT Software Eng. Notes, Jan. 1990.

Index Terms:
reliability; life-critical real-time software; statistical methods; fault-tolerant software; growth models; software fault tolerance; multiversion software experiments; fault tolerant computing; real-time systems; safety; software reliability
R.W. Butler, G.B. Finelli, "The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software," IEEE Transactions on Software Engineering, vol. 19, no. 1, pp. 3-12, Jan. 1993, doi:10.1109/32.210303
Usage of this product signifies your acceptance of the Terms of Use.