Conservative claims for the probability of perfection of a software-based system using operational experience of previous similar systems

We begin by briefly discussing the reasons why claims of probability of non-perfection (pnp) may sometimes be useful in reasoning about the reliability of software-based systems for safety-critical applications. We identify two ways in which this approach may make the system assessment problem easier. The first concerns the need to assess the chance of lifetime freedom from failure of a single system. The second concerns the need to assess the reliability of multi-channel software-diverse fault tolerant systems - in this paper, 1-out-of-2 systems. In earlier work (Littlewood and Rushby 2012; Littlewood and Povyakalo 2013) it was proposed that, in certain applications, claims for possible perfection of one of the channels in such a system may be feasible. It was shown that in such a case there is a particularly simple conservative expression for system pfd (probability of failure on demand), involving the pfd of one channel, and the pnp of the other. In this paper we address the problem of how to assess such a pnp. In previous work (Zhao et al., 2015) we have addressed this problem when the evidence available is only extensive failure-free working of the system in question. Here we consider the case in which there is, in addition, evidence of the previous success of the software development procedures used to build the system: specifically, several previous similar systems built using the same process have exhibited failure-free working during extensive operational exposure.