The impact of "difficulty" variation on the probability of coincident failure of diverse systems

Redundancy and diversity have long been used as means to obtain high reliability in critical systems. Whilst it is easy to claim that, say, a 1-out-of-2 diverse system will be more reliable than each of the two channels, assessing the actual reliability of such systems can be difficult. Some years ago, new probability models were developed to address this problem in the case of diverse software systems. They depend upon a notion of variation of ‘difficulty’ – more precisely ‘propensity to fail’ – across the input space. These models show that independence of failures will occur only in very special circumstances, and so such independence cannot simply be assumed. They were later shown to apply to certain kinds of hardware systems. If we cannot claim independence of channel failures, the computation of system reliability is difficult, because complete knowledge of the difficulty function is needed. This is unlikely to be available for software. Instead, we are unlikely to know more than the marginal pfd (probability of failure on demand) of the software. In this paper we consider the case of a 1-out-of-2 system in which one channel contains software, and the other channel contains only hardware equipment. We show that a useful upper (i.e. conservative) bound can be obtained for the system pfd using only the unconditional pfd for software (together with information about the variation of hardware ‘difficulty’, which is likely to be known or estimatable). Impact of difficulty variation on coincident failure probability 2