[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliability and assurances

To: Mario Obejas <obejas@phylum.rsc.raytheon.com>
Subject: Re: Reliability and assurances
From: Paul Joslin <Paul.Joslin@sdrc.com>
Date: Mon, 10 Jan 2000 14:30:46 -0500
CC: sage-members@usenix.org
Organization: MIS
References: <200001101741.JAA03462@seasnake.rsc.raytheon.com>
Sender: owner-sage-members@usenix.ORG

I think it might be a question of phrasing.  When I first read this, I saw "work
any of the time" as equivalent to "work 100% of the time".  I think what he
means is "work at any given time".  As a counterexample, assume a mythical
subsystem that will never fail for time < t1, and always fail at time >= t1
(with 100% certainty).  Such as subsystem meets criteria A, and meets criteria B
when time < t1.
You could allow for less certainty by better defining 'assured'; is the
probability of failure < .95 enough, etc.

Devising such a subsystem is left as an exercise for the engineers.


Mario Obejas wrote:
> 
> Mark R. Lindsey wrote:
> >I'm working on a theory: if (A) you can't be assured that a subsystem is going
> >to work all of the time, then (B) you can't be assured that a subsystem is
> >going to work any of the time.
> >
> >Does that seem reasonable?
> 
> Not to me. Maybe you wrote it different than what you intended,
> e.g., you meant "system" instead of subsystem in your B clause.
> IMHO, your A and B clauses need to be switched.
> Let's substitute numerical values:
> all=100%
> any="<100%"
> 
> I'd agree with
> (B) If
>   one "can't be assured that a subsystem is going to work <100% of the time"
> (A) Then
>   one "can't be assured that a subsystem is going to work 100% of the time".
> 
> But respectfully, I don't agree with your original statement. As the example of
> redundancy pointed out, I can have a system (e.g., a RAID box) and be assured
> that a component *will* fail at some point, yet redundancy allows the
> containing system to work "100%" of the time. In other words, I can have
> components of known finite lifetimes in a system, yet the system has greater
> reliability than the best of its parts.

-- 
Paul R. Joslin            paul.joslin@weirdness.com            +1 513 576 2012
I might be able to shoehorn a reference count in on top of the numeric
value by disallowing multiple references on scalars with a numeric value,
but it wouldn't be as clean.  I do occasionally worry about that. --lwall

References:
- Re: Reliability and assurances
  - From: Mario Obejas <obejas@phylum.rsc.raytheon.com>

Prev by Date: Re: brief email survey
Next by Date: Examination results before...
Prev by thread: Re: Reliability and assurances
Next by thread: brief email survey
Index(es):
- Date
- Thread