Page 315 -
P. 315
298 Chapter 11 Dependability and security
Input Set I e Inputs Causing
Erroneous Outputs
Program
Figure 11.4
A system as an Output Set O e Erroneous
input/output Outputs
mapping
therefore experience some system failures. User 1 and User 3, however, never use
inputs from the erroneous set. For them, the software will always be reliable.
The practical reliability of a program depends on the number of inputs causing erro-
neous outputs (failures) during normal use of the system by most users. Software faults
that only occur in exceptional situations have little practical effect on the system’s reli-
ability. Consequently, removing software faults may not significantly improve the
overall reliability of the system. Mills et al. (1987) found that removing 60% of known
errors in their software led to a 3% reliability improvement. Adams (1984), in a study
of IBM software products, noted that many defects in the products were only likely to
cause failures after hundreds or thousands of months of product usage.
System faults do not always result in system errors and system errors do not nec-
essarily result in system failures. The reasons for this are as follows:
1. Not all code in a program is executed. The code that includes a fault (e.g., the
failure to initialize a variable) may never be executed because of the way that the
software is used.
Possible
Inputs
User Erroneous
1 Inputs
User User
3 2
Figure 11.5 Software
usage patterns
