Page 287 -
P. 287

270   Chapter 10   Sociotechnical systems




                                                                                     Operation


                                                       Failure
                                                       Propagation                  Software
                                                                              Failure
                                                                              Consequence


                                                         Initial
                  Figure 10.3 Failure                    Failure              Hardware
                  propagation


                                        the system unusable. Some users may not need some of the system functions,
                                        so the system may be acceptable without them. However, a system that is
                                        unreliable or too slow is likely to be rejected by all its users.

                                      Emergent dependability properties, such as reliability, depend on both the proper-
                                    ties of individual components and their interactions. The components in a system are
                                    interdependent. Failures in one component can be propagated through the system
                                    and affect the operation of other components. However, it is often difficult to antici-
                                    pate how these component failures will affect other components. It is, therefore,
                                    practically impossible to estimate overall system reliability from data about the
                                    reliability of system components.
                                      In a sociotechnical system, you need to consider reliability from three perspectives:

                                    1.  Hardware reliability What is the probability of hardware components failing
                                        and how long does it take to repair a failed component?
                                    2.  Software reliability How likely is it that a software component will produce an
                                        incorrect output? Software failure is distinct from hardware failure in that soft-
                                        ware does not wear out. Failures are often transient. The system carries on
                                        working after an incorrect result has been produced.
                                    3.  Operator reliability How likely is it that the operator of a system will make an
                                        error and provide an incorrect input? How likely is it that the software will fail
                                        to detect this error and propagate the mistake?


                                      Hardware, software, and operator reliability are not independent. Figure 10.3
                                    shows how failures at one level can be propagated to other levels in the system.
                                    Hardware failure can generate spurious signals that are outside the range of inputs
                                    expected by the software. The software can then behave unpredictably and produce
                                    unexpected outputs. These may confuse and consequently stress the system operator.
                                      Operator error is most likely when the operator is feeling stressed. So a hardware
                                    failure may then mean that the system operator makes mistakes which, in turn, could
                                    lead to further software problems or additional processing. This could overload the
   282   283   284   285   286   287   288   289   290   291   292