Reasoning about the Reliability Of
Diverse Two-Channel Systems In which One Channel is "Possibly
Perfect"
Bev Littlewood (City University, UK) and John Rushby
IEEE Transactions on Software Engineering,
Vol. 38, No. 5, September/October 2012, Pages~1178--1194.
Selected as the
Spotlight Paper for
the issue and available to the public for free for 30 days.
Abstract
This paper refines and extends an earlier
paper by the first author.
It considers the problem of reasoning about the reliability of
fault-tolerant systems with two "channels" (i.e., components) of
which one, A, because it is conventionally engineered and presumed
to contain faults, supports only a claim of reliability, while the
other, B, by virtue of extreme simplicity and extensive analysis,
supports a plausible claim of "perfection."
We begin with the case where either channel can bring the system to a
safe state. The reasoning about system probability of failure on
demand (pfd) is divided into two steps. The first concerns
aleatory uncertainty about (i) whether channel A will fail on
a randomly selected demand and (ii) whether channel B is imperfect.
It is shown that, conditional upon knowing p_A (the probability that
A fails on a randomly selected demand) and p_B (the probability
that channel B is imperfect), a conservative bound on the
probability that the system fails on a randomly selected demand
is simply p_A x p_B. That is, there is conditional
independence between the events "A fails" and "B is
imperfect." The second step of the reasoning involves
epistemic uncertainty represented by an assessor's beliefs
about the distribution of (p_A, p_B) and it is here that dependence
may arise. However, we show that under quite plausible assumptions, a
conservative bound on system pfd can be constructed from point
estimates for just three parameters. We discuss the feasibility of
establishing credible estimates for these parameters.
We extend our analysis from faults of omission to those of commission,
and then combine these to yield an analysis for monitored
architectures of a kind proposed for aircraft.
PDF
BibTeX Entry
@article{Littlewood&Rushby:TSE12,
AUTHOR = {Bev Littlewood and John Rushby},
TITLE = {Reasoning About The Reliability Of Diverse Two-Channel
Systems In Which One Channel Is ``Possibly Perfect''},
JOURNAL = {IEEE Transactions on Software Engineering},
VOLUME = 38,
NUMBER = 5,
PAGES = {1178--1194},
MONTH = sep # {/} # oct,
YEAR = 2012
}
Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page