The infeasibility of quantifying the reliability of life-critical real-time software

• Published in: IEEE transactions on software engineering Vol. 19; no. 1; pp. 3 - 12
• Main Authors: Butler, R.W., Finelli, G.B.
• Format: Journal Article
• Language: English
• Published: Legacy CDMS IEEE 01.01.1993; IEEE Computer Society
• Subjects: Application software; Binomial distribution; Computer errors; Computer Programming And Software; Control systems; Costs; Design; Digital computers; Failure; Fault tolerance; Growth models; Hardware; Probability; Reliability; Software; Software design; Software engineering; Software reliability; Software systems; Software testing; Statistical methods; Systems development; Theory; Validation
• ISSN: 0098-5589; 1939-3520
• DOI: 10.1109/32.210303

This work affirms that the quantification of life-critical software reliability is infeasible using statistical methods, whether these methods are applied to standard software or fault-tolerant software. The classical methods of estimating reliability are shown to lead to exorbitant amounts of testing when applied to life-critical software. Reliability growth models are examined and also shown to be incapable of overcoming the need for excessive amounts of testing. The key assumption of software fault tolerance-separately programmed versions fail independently-is shown to be problematic. This assumption cannot be justified by experimentation in the ultrareliability region, and subjective arguments in its favor are not sufficiently strong to justify it as an axiom. Also, the implications of the recent multiversion software experiments support this affirmation.< >