P. Bishop et R. Bloomfield, A CONSERVATIVE THEORY FOR LONG-TERM RELIABILITY-GROWTH PREDICTION, IEEE transactions on reliability, 45(4), 1996, pp. 550-560
This paper describes a different approach to reliability growth modeli
ng which enables long term predictions. Using relatively common assump
tions, it is shown that the average value of the failure rate of the p
rogram, after a particular use-time, t, is bounded by N/(e . t), where
N is the initial number of faults. This is conservative since it plac
es a worst-case bound on the reliability rather than making a best est
imate. The predictions might be relatively insensitive to assumption v
iolations over the longer term. The theory offers the potential for ma
king long-term software reliability growth predictions based solely on
prior estimates of the number of residual faults. The predicted bound
appears to agree with a wide range of industrial & experimental relia
bility data. Less pessimistic results can be obtained if additional as
sumptions are made about the failure rate distribution of faults. This
prediction depends on some relatively common assumptions: a stable in
put distribution, perfect diagnosis, and perfect correction; but we sh
ow that the predictions might be relatively insensitive to assumption
violations over the long term. The empirical data from field experienc
e seem to support the general I results of the theory, but much of the
data are taken from high-volume industrial systems where the assumpti
ons are most likely to apply. Further work is desirable to check the a
pplicability of the model assumptions and the theory. The worst case b
ound prediction can be unduly pessimistic, possibly by as much as a fa
ctor of 10. Less pessimistic, long-term bound predictions can be made
by assuming Gamma-distributed failure rates and including a measuremen
t of the initial failure rate. This extension to the simple bound theo
ry seems consistent with the empirical field data and estimates bounds
within a factor of 3. By its very nature, a theory that makes a bound
ing estimate is always less accurate than a conventional reliability-g
rowth model over the short term. However the general approach of incor
porating prior knowledge about the software is powerful, and, unlike c
onventional reliability-growth theories, can make conservative predict
ions of reliability growth over the long term (eg, 100s of use-years).
Another attractive feature of the theory is that it quantitatively li
nks the number-of-faults and reliability, and numerically justifies th
e conventional wisdom encapsulated in existing standards for high inte
grity software, which seeks to minimize faults by implementing high qu
ality production methods and by restricting software complexity.