- Bev Littlewood & David Wright
- The Use of Multilegged Arguments to increase confidence in safety claims for software-Based Systems: A Study based on a BBN Analysis of an idealized example
- IEEE Trans Software Engineering V33n5(May 2007)pp347-365
- =EXAMPLE THEORY RELIABILITY RISKS Arguments BAYES PROBABILITY BBN CAUSALITY SPECIFICATION CORRECTNESS TESTING
- When should two different arguments for the safety of a system increase our belief that a system is safe?
- Answer: when the arguments do not depend (too much) on a common source of defects.
- Compare with the simpler [Littlewood00] example.
- Example BBN:=following,

Net- Z: random_variable(Bit)= specification is correct
- O: random_variable(Bit)= test oracle is correct
- S: random_variable(Beta_distribution(0,1,...)) = probability of failure on demand.
- T: random_variable(Bit)= probability of failure during testing.
- V: random_variable(Bit)= formal verification proves correctness.
- C: random_variable(Bit) = Claim that system is fit for use should be accepted.
Dependencies:= (Z+>O | Z+>S | Z+>V | O+>T | S+> T | S+>V | T+>C | V+>C ).

Example dependency: the correctness of the oracle O depends on the correctness of the specification (Z).

Example dependency: the parameters of the distribution of S depend on whether the specification is correct(Z).

In general, for each dependency XY+>W tabulate for each X&Y value the probability of each W value given the XY values. If W is a continuous random variable then tabulate the probability density functions. The table is called a conditional probability table. See paper for a large example.

- A BBN implicitly defines a set of Conditional_independencies.
Example Conditional_independencies:= following,

**Table**Independent 0f Given O S V Z T Z V O S C O S Z V T

(Close Table)

So: if Z is given then O is independent of S and V. - CI::BBN=conditionally_independent, two events are independent under certain conditions.
- conditionally_independent(A,B,C)::BBN= ( Pr(A B C) = Pr(A|C) Pr(B|C) Pr(C) ).
- ...
- Bayes's formula allows us to calculate the distribution of S and C given that T and V are true, see Bayes_theorem.

(End of Net)

Search for bibliographic items containing a matching string.

Search for a specific bibliographic item by name.

To see the complete bibliography (1Mb+) select:[Bibliography]