Unit 2

By Priya Singh (Assistant Professor, Dept of SE, DTU)

Error, fault and failure

A software failure is a software functional imperfection resulting from the occurrence(s) of defects or faults.
A software fault or bug is an unintentional software condition that causes a functional unit to fail to perform its
required function due to some error made by the software designers.
An error is a mistake that unintentionally deviates from what is correct, right, or true; a human action that
results in the creation of a defect or fault.
 Types of time in Reliability
• Execution time: It is the processor’s actual time span on an input state run, i.e., the time which is spent on running
a test case of a specified run of system function.
• Calendar time: This type of time component is related to the number of days, weeks, months, or years the
processor spends on running a system function.
• Clock time: This time component is related to the elapsed time from the start of a computer run to its termination.
It is clear that the waiting and execution time of other programs is included in this component on a parallel
processor.
Note that system down time is not included in the execution and clock time component. It is important to know that
most of the software reliability models are based on the calendar time component as often the actual failure data
sets are defined on the calendar time component, but nowadays the execution time component is preferred in many
cases as it is accepted by most of the researchers that results are better with the execution time component. Even
then we need to relate the execution time component to the calendar time as this is more meaningful to the
software engineers and developers
Reliability estimation and Reliability prediction
Reliability assessment typically involves two basic activities—reliability estimation and reliability prediction.
Estimation activity is usually retrospective and determines achieved reliability from a point in the past to
present using the failure data obtained during system test or operation. The prediction activity usually
involves future reliability forecast based on available software metrics and measures. Depending on the
software development stage this activity involves either early reliability prediction using characteristics of
the software and software development process (case when failure data are unavailable) or
parameterization of the reliability model used for estimation and utilizes this information for reliability
prediction (case when failure data are available). In either activity, reliability models are applied on the
collected information, and using statistical inference techniques, reliability assessment is carried out
Software Versus Hardware Reliability
Need for Software Reliability
The reliability of many modern applications depends on the reliability of the software systems in them.
Consumer durables, such as toys microwave once, mobile phones, television receivers, etc. contain software and therefore
correct performance of both the hardware and software is essential to use them.
The reliability of software systems in safety-critical applications, such as nuclear power plants, space shuttles, etc. is quite
critical since the loss of mission can lead to catastrophic results.
Failure of consumer durables or PC systems can be annoying as well as affect productivity.
The reliability of the software system should therefore be adequate and commensurate with the needs of the user and
hence it is important to measure and quantify it.
• The reliability of hardware is improving due to maturity in design and manufacturing processes.
• • Reliability of software is a major area of concern since our discipline is still nascent. • Software-driven outages exceed
hardware outages by a factor of 10.
• • The ability to deliver reliable computer hardware can be considered to be given.
• Software reliability engineering is a major area of concern and focus in the 21st century.
• • According to Musa, “Software reliability is the most important in the most measurable aspect of software quality, and it is
very much customer-oriented.
• • The increasing global competition and high development costs have necessitated quantifying software quality in terms of
reliability achieved and to measure and control the level of quality delivered.
7. Model Classification
• The software reliability models are proposed based on a set of assumptions and hypotheses about
the failure pattern. Muas and Okumoto categorized the software reliability models based on the
following :
i. Time domain—wall clock versus execution time
ii. Type—depending on the probability distribution of the number of failures experienced by time
t.
Goel (1985) gave another type of classification of software reliability models which are as follows:
i. Time between (consecutive) failures models,
ii. Failure (fault count) models,
iii. Error seeding models, and
iv. Input domain based models.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Xie (2000) has divided the models that describe the dynamic aspects of failure occurrence
process into the following:
i. Markovian Models,
ii. Non-Homogenous Poisson Process Models, and
iii. Bayesian Models.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

According to Asad et al.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

Early Prediction Models These types of models use characteristics of the software development process from requirements to test and
extrapolate this information to predict the behaviour of software during operation.

Architecture-Based Models These models put emphasis on the architecture of the software and derive reliability estimates by combining
estimates obtained for the different modules of the software. The architecture-based software reliability models are further classified into
State-based models; Path-based models; and Additive models.

Software Reliability Growth Models These types of models capture failure behaviour of software during testing and extrapolates it to
determine its behaviour during operation using failure data information and observed trends deriving reliability predictions. The SRGM are
further classified as concave models and S-shaped models.
Input Domain-Based Models These models use properties of the input domain of the software to derive a correctness probability estimate
from test cases that executed properly.

Hybrid Black Box Models These models combine the features of input domain-based models and SRGM.

Hybrid White Box Models The models use selected features from both white box models and black box models. However, since the models
consider the architecture of the system for reliability prediction, these models are considered as hybrid white box models.

The early prediction and architecture-based models are together known as called as white box models which regard software as consisting of
multiple components, while software reliability growth models and input domain-based models are together known as black box models
which regard software as a single unit. Black box models are studied widely by many eminent research scholars and engineers.
Popstojanova and Trivedi [12] classified black box models as failure rate models, failure count models, static models, Bayesian models, and
Markov models. Most of the research work in software reliability modeling is done on failure count models, Bayesian models, and Markov
models
SRGM
• Software Reliability Growth Models (SRGMs) are meant to be used during the
software testing phase.
• They can be used during the operational phase also if faults causing failures are
removed immediately.
• The SRGMs are probabilistic in nature. Therefore, it may be important to
understand the underlying statistical principles governing SRGMs.
• In subsequent slides, we’ll understand the underlying statistical principles and
thereafter study some of the simple SRGMs proposed in the early days of software
reliability engineering.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

Some Assumptions of SRGMs
• Goel (1985) has brought out a comprehensive list of underlying assumptions of the SRGMs.
• Some of them are listed as given:
1. Time intervals between failures are independent.
2. Every failure leads to detecting the exact cause and the fault is immediately corrected.
3. No new faults are introduced during the fault removal process
4. Failure rate decreases with time in some models.
5. Most models assure failure rate is proportional to the number of remaining faults.
6. Reliability is a function of the number of remaining faults assuming that the usage of the
software will be uniform
7. Time is used as a basis for determining changes in failure rate assuming testing effort is
proportional to either calendar time or execution time.
8. Testing is representative of the operational usage. Each model discussed here assumes some or
all of the assumptions listed above.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

2. Random Experiment
• Testing a software system with pre-selected test cases and looking for failures during
execution of the software system is a 'random experiment’— an experiment whose
outcome cannot be determined in advance with certainty, but all possible outcomes of
such an experiment are known in advance.
• In this case, pass and fail are the two possible outcomes.
• The only outcome or event of interest in the sample space in this experiment is the 'failure
of the software system, observed during testing.
• We are interested in finding out the probability of occurrence of failure at a given time or
at the execution of a given test case.
• A random variable X is a function that assigns probability, i.e., a real value, of the
occurrence of software failure at a given time.
• SRGMs can describe measures associated with failures such as times to failures, inter
failure times or the cumulative number of failures at a given time as a random process
(Huang et al., 2005).

By Priya Singh (Assistant Professor, Dept of SE, DTU)

3. Stochastic Process
• Processes such as hardware failure can be modeled by standard distribution functions
such as Exponential or Weibull distribution functions.
• However, since software failure patterns are complex, a simple random variable
represented by such standard distribution functions will not be able to model the failure
pattern accurately. We need a collection of random variables to model the failure process
of a given software system.
• A stochastic process X is a collection of random variables {X (t), t € T}, indexed by the
parameter t, where t varies over an index set T. The values assumed by X(t) are called
states. We can interpret t as time and X(t) as the state of the process at time t.
• If the index set T is countable as in the case of the number of test cases executed on a
software system, X is called discrete-time stochastic process. If T is a continuum, it is
called continuous-time process. The software failure process is a stochastic process.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

4. Renewal Theory
Renewal theory with specific reference to software testing and failures-
• At the commencement of software testing, the software system is operating at time t = 0.
• A failure occurs at time X and immediately, the fault causing failure is detected and
corrected.
• Then renewal is said to have occurred in the software system.
• The testing continues and at time X measured from X, the software system fails again.
• The testing continues in this manner i.e. when a failure occurs, the fault causing the
failure is corrected and then the testing resumes.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• The nth failure and consequent renewal takes place at time X measured from the time X
• Therefore the time to nth failure or the total time to nth failure is given by (Kapur et al.,
1999):
Sn= X1 + X2 + ... +Xn
• It is to be noted that the time between failures X1, X2, ..., Xn, are identically and
independently distributed random variables.
• Let M(t) denote the number of renewals in time t. The process {M(t); t >0} is called a
renewal process with each Xi, (i=1,2,...) having the same distribution F(t) with density
f(t).
• According to Kapur et al. (1999), a ‘renewal process' is a one-state process that renews
infinitely often during the infinite interval and, it has been widely used in solving
problems in reliability theory. The time instant at which the system is renewed is called
the 'regeneration point'.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

5. MarkovProcess
• The process in which the future course of the system depends solely on its present state
and not in the past history is known as the 'Markov process’.
• A Markov process is a stochastic process whose outcome in (n + 1)st trial depends
directly on the outcome of nth trial and only on it (Medhi, 1984).
• Let a stochastic process { Xn = 0,1,...} take on countable number of possible values. If X
= i, then the process is said to be in state i at time n. When the process is in state i, the
probability that it will next be in state j is given by Pij-

for all states io, i ..., in-1, i, j and all n>0.

• The Markov property states that-

By Priya Singh (Assistant Professor, Dept of SE, DTU)

6. Theory of Poisson Processes
A. Counting Process
A stochastic process {M(t), t>=0} is said to be a counting process, if M(t) represents the
total number of events that have occurred up to time t. It is called a renewal process if each
X, (i=1,2,...) has the same distribution F(t) with density f(t).
The counting process M(t) must satisfy the following (Ross, 2004 and Trivedi, 2005):

By Priya Singh (Assistant Professor, Dept of SE, DTU)

B. Poisson Process
Poisson process is an important type of counting process. If each Xi follows an exponential
distribution, then the stochastic process {(M(t), t>=0} is called a Poisson process.
The counting process {(M(t), t>=0} is said to be a Poisson process having rate λ, λ>0, if-

Note that o(h) denotes a quantity having an order of magnitude smaller than h and it tends
to be zero for smaller values of h. i.e.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Trivedi (2005) further defines the Poisson process as follows:
If the intervals between successive events are independent and identically
distributed according to an exponential distribution and if the number
of events in the interval (0,1) is denoted by M(t), then, the stochastic process {M(t), t>=0}
is Poisson process with mean rate λ.
This is called Homogeneous Poisson Process with constant rate 2.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

C. Non-Homogeneous Poisson Process
The Poisson process can be generalized by allowing the rate at the time to be function of t
or in other words λ varies with time.
The counting process {M(t), t>=0} is said to be Non-Homogeneous Poisson process with
intensity function λ(t), t>=0 (Ross, 2004) if-

• Such a counting process is called the Non-Homogeneous Poisson Process (NHPP) with
intensity function λ(t).

By Priya Singh (Assistant Professor, Dept of SE, DTU)

D. Generalization of Poisson Process
Trivedi (2005) has also given a generalization of Poisson process which is given as follows:
A natural generalization of the Poisson process is obtained by removing the restriction of
the exponential interevent time.
Let X; be the time between (i – 1)st and ith events.
Let {X; | i = 1, 2, ...} be a sequence of independent, non-negative, identically distributed
random variables.
The random variable X; is interpreted as the time between the occurrence of ith event and (i
– 1)st event and it can follow any arbitrary distribution.
It is not restricted to exponential distribution alone as in the case of NHPP.
When time between failures follows any arbitrary distribution—such as Weibull or
generalized exponential distribution—then such a Poisson process is called generalized
Non-Homogeneous Poisson Process.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• This generalized counting process, {M(t), t >0}, is also called a renewal process (Medhi,
1984, Ross, 2004 Trivedi, 2005).
• Since the inter-arrival times are independent and identically distributed, it follows that at
each renewal the process probabilistically starts over (Ross, 2004).
• The generalized counting process with intensity function 2(t) is called the generalized
Non-Homogeneous Poisson Process.
• In the above paragraphs the relationships between Renewal process, Markov process,
Counting process and Poisson process—Homogeneous Poisson Process, NHPP and
generalized NHPP were discussed.
• A basic understanding of the above is essential to understand SRGMs. Now, we review
the existing SRGMs.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

8. Markovian Models
• The models discussed in this section are representative of the earliest class of models
proposed for software reliability and they are known as Markovian Models (Xie, 2000).
• Many software reliability models belong to this category.
• A stochastic process {X(t), t >= 0} is said to be a Markov process, if its future
development depends only on the present state of the process and not on the past. It is
called Markov Property.
• Markov assumption implies memory-less property of the process. Therefore it is
associated with exponential distribution. Due to the simplicity of exponential distribution,
it is widely used in reliability analysis.
• Generally, the time between two events of a Markov Process has an exponential
distribution with the parameter dependent on the state being visited. The process {N(t),
t>=0} where N(t) is the number of events in a Markov process, is called a Markov
counting process.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• E.g.- Number of software failures, number of detected faults etc.
• In a Birth-death Markov process—birth increases the size of the process by one and death
decreases the size by one. Fault removal process is death process and fault introduction is
a birth process.
• Here, a random variable Ti denotes the time between the (i-1)st and ith failures—and it
follows a known distribution whose parameters depend on the remaining faults.
• The assumed distribution reflects the improvement in software reliability, as faults are
removed from the software product. The model parameters are estimated from observed
Time Between Failures (TBF) and then, the required reliability estimates of the software
are obtained from the fitted model.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

A. The First Model
According to Musa (1980), the first paper on software reliability was published in 1967 by
G.R. Hudson.
Hudson viewed software development as a birth and death process—a type of Markov
process in which fault generation was a birth and fault correction was a death, and the
number of faults existing in the software product at any time defined the state of the
process.
He confined his work to pure death processes. As a result of his assumptions, he obtained a
Weibull distribution for interval between failures. The model gave reasonable agreement, if
the system test phase is split into three overlapping sub-phases and separately modeled.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

B. Jelinski-Moranda (J-M) Model
well known software reliability model.
It is a Markovian model.
The J-M model assumes that the hazard rate of the software product reduces with correction of
every fault.
The model is based on the following assumptions (Farr, 1996):
i. There are a number of faults in the code prior to the commencement of system testing;
ii. Failures are independent
iii. The rate of fault detection is proportional to the current fault content (remaining faults) of
the software
iv.The fault detection rate or failure intensity remains constant over the intervals between
successive failures
v. A fault is corrected instantaneously without introducing new faults
vi. The times between failures are independent, exponentially distributed random variables

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Let Ti, i=1,2... be the time between (i-1)th and ith failures with failure free interval, then the
hazard rate which is also known as failure rate is given by the following equation:

• Thus, the hazard rate will decrease by a constant for each fault corrected.
• The publication of this model gave a new direction to the software reliability engineers to
take into account the faults corrected, to determine the hazard rate at any given time.
• The model also proved that hazard rate decreases with fault correction and thereby the
reliability grows. Therefore, it is possible to improve reliability of the software code by
testing it and removing faults causing failures.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

Example-

By Priya Singh (Assistant Professor, Dept of SE, DTU)

By Priya Singh (Assistant Professor, Dept of SE, DTU)
C. Goel-Okumoto (G-O) Imperfect Debugging Model
The above models assume that faults are removed with certainty, but it may not be the case
always.
It means that debugging and correcting faults can be imperfect at times. Imperfect debugging
means that the correct fault is not fixed.
G-O proposed an extension to the J-M model to take care of this possibility. In the G-O
imperfect debugging model, the hazard rate during the time interval between the (i-1)st and ith
failure is given by the following equation:

By Priya Singh (Assistant Professor, Dept of SE, DTU)

Example

By Priya Singh (Assistant Professor, Dept of SE, DTU)

By Priya Singh (Assistant Professor, Dept of SE, DTU)
D. Musa's basic execution time model (BET)
Musa proposed a practical SRGM in the year 1972. Although it was not known then as
NHPP model, it was indeed an NHPP model.
Musa proposed two SRGMs as given below:
i. Musa's Basic Execution Time Model (BET)
ii. Logarithmic Poisson Execution Time Model (LPET)

Musa and Ackerman (1989) assert that software failure occurrence is a Poisson process and
failure intensity should decrease as testing proceeds due to detection and correction of
faults that cause failures.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

1. Execution Time Models
• Basic Execution Time Model
• Logarithmic Poisson Model
• Comments-
i. BET model is applicable to a uniform operational
profile whereas LPT model is applicable under highly
non-uniform operational-profile.
ii. For, LPT, the failure intensity reduces to zero and the
number of failures experienced reaches infinity even
though the number of faults in the software may be finite.
iii. In this case the parameters of interest are not the
number of errors in software, but the failure intensity
and the rate at which failures are occurring.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

Musa (1999) advocates that selection of test cases should be in accordance with the operational
profile of the software since reliability is user-oriented.
This will lead to prioritizing the execution of the functions on the basis of frequency of use by a
typical user.
Basic assumptions of Musa's BET model:
i. Faults are independent and distributed with constant rate of encounter.
ii. Execution time between failures is large compared to instruction execution time.
iii. Test space covers use space (tests selected from a complete set of use input sets).
iv. Set of inputs for each run selected randomly.
v. Fault causing failure is corrected immediately, otherwise reoccurrence of that failure is not
counted.
Musa BET model assumes that decrement in failure intensity function is constant for every failure.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

In the BET model, Musa proposes the following:

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Musa also assumes one fault may cause one failure. The mean value function of the basic
execution time model proposed by Musa is given by (Musa, 1999)-

• This model assumes that the faults are equally likely to cause failures. The model is
derivable from G-O model, but is based on execution time..

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Note that a in G-O model is the total number of faults corrected at infinite time and N is
the total number of failures at infinite time.
• We can use them interchangeably if 1 fault leads to 1 failure and vice versa. The failure
intensity function is the derivative of mean value function. It is given by the following for
Musa BET model.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Example 1

By Priya Singh (Assistant Professor, Dept of SE, DTU)

Solution

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Example 2

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Solution-

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Example 3

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Solution

By Priya Singh (Assistant Professor, Dept of SE, DTU)

9. Bayesian Models
• It is second major category of SRGMs.
• Most reliability models assume reliability growth, only when a failure occurs and the fault
causing it is corrected. There is another class of models that take a different approach to
reliability growth, which are known as Bayesian models.
• They view that observation of no failures is also an indication of reliability growth,
reflecting the growing confidence in the software by the user.
• Markovian and NHPP models sometimes may not describe the software failure data
adequately. This could be due to the following reasons:
i. Model parameter estimates can be very unstable and sometimes unreasonable. The
main reasons for the problems are:
-Likelihood function used for estimation of parameters changes slightly during a
long interval of the parameter estimation domain; and
-Difficulty in selection of initial values and ranges from past experience, which is
required in parameter estimation process of SRGMs.
By Priya Singh (Assistant Professor, Dept of SE, DTU)
• Bayesian techniques have been used to overcome these problems.
• The Bayesian models are described by two distributions namely prior distribution and
posterior distribution.
• The prior distribution reflects the view of the model parameters from past data. It is an
important consideration in this methodology (Farr, 1996). Based on information from past
projects, parameter of the model is assumed to follow a particular distribution known as
'prior distribution’.
• Based on the actual data collected and prior distribution, a posterior distribution can be
identified for the failure process (Younes, 1994).

By Priya Singh (Assistant Professor, Dept of SE, DTU)

A. Littlewood-Verrall (L-V) Bayesian Model
• The Littlewood-Verrall (L-V) model is the best example of the Bayesian class of models (Farr,
1996). The distribution of failure times is assumed to be exponential with a certain failure rate
as in J-M model etc., but the failure rate is assumed to be a random variable rather than a
constant as in other models discussed earlier.
• The L-V model assumes that successive execution times between failures are independent
random variables T1, T2 , Ti with PDF's as given below (Littlewood, 1980):

• ľ h e model also assumes λi as an unknown paíameteí whose unceítainty is due to

the íandomness of the testing and the íandom location of the softwaíe faults.
• Hence L-V model descíibes as a sequence of independent íandom vaíiables with
gamma píioí distíibution as follows:

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Note that in J-M model λi was proportional to the remaining number of faults. Here it is
treated as a random variable and is assumed to have a Gamma prior distribution with
parameters a and ψ.
• The function ψ (.) describes the quality debugging and a good programmer will have a more
rapidly increasing function than a poor programmer.
• Therefore there are two sources of randomness in L-V model, one on account of time between
failures and second on account of λi, the hazard rate of the assumed prior distribution.
• Littlewood (1980) has shown that when these two sources of randomness are put together or
integrated, we get a Pareto distribution for PDF of time between failures. Thus the L-V
Bayesian model has a prior exponential distribution, but a posterior Pareto distribution.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• The variation of failure intensity with respect to
testing/debugging time is shown figure below.
• In L-V model, time between failures has a strictly
decreasing failure rate.
• In J-M model (Markovian model) we have a constant failure
rate during the time between failures.
• Both the L-V model and Markovian models assume that
failures are distributed exponentially with respect to time.
• However, while the Markovian model views failure rate
parameter as a function of faults remaining, Bayesian model
assumes that the failure rate parameter is itself a random
variable.
• Following the Littlewood-Verall model, a number of
Bayesian models with new assumptions have been proposed
by various researchers.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

10. Non-Homogeneous Poisson Píocess (NHPP) Models
• The third major category of software reliability growth models is based on the Non-
Homogeneous Poisson Process (NHPP) assumption.
• They are widely used by practitioners (Xie, 2000) because they can be applied to hardware
systems as well.
• Ultimately one is interested in finding the overall system reliability comprising of both
hardware and software. Hence if the NHPP model can be assumed both for hardware and
software systems it becomes easier to find system reliability.
• Furthermore, Poisson distribution is suitable for modeling rare and random events such as the
failure of telephone calls or software failures. The software failure occurrence is a Poisson
process (Musa, 1989).
• A process that follows a Poisson distribution with a time-dependent failure rate is called
NHPP.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Let M(t) be the cumulative number of failures occurring at time t,t>0.
• Goel and Okumoto (1979) proposed that M(t) can be modeled as NHPP.
• The basic assumption of NHPP model is that the cumulative number of failures occurring
by time t, M(t) follows a Poisson process with mean value function μ(t) and time between
failures follows an exponential distribution.
• The mean value function is the average cumulative number of failures associated with
each time point and for NHPP, it is-
μ(t)=E[M(t)]

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Some of the assumptions of NHPP models are given as follows (Goel, 1985, Farr, 1996 and Xie,
2002)-
i. A Software system is subject to failures at random times caused by software faults,
ii. There are no failures at time t=0.
iii. The probability that a failure will occur in a small interval h is λ(t)h + o(h) where λ(t) is
instantaneous failure intensity at time t.
iv. The probability that more than 1 failure will occur in a small interval h is o(h). This means that
there is little chance of more than 1 failure occurring at a small interval of time.
v. The expected number of failures during any time t to t + Δt is proportional to the expected
number of undetected faults at time t.
vi. The mean value function is also assumed to be a bounded non-decreasing function of time in
case of finite failure models such that-

vii. There are also infinite failure models where the above assumption is not valid.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Based on their study of actual failure data from many projects, Goel and Okumoto (1979)
proposed that the probability that M(t)=n, a non-negative integer is given as follows-

• It may be noted that the failure rate, which will hereinafter be called failure intensity
function or Rate of Occurrence of Failure (ROCOF); λ(t) is the rate of change of mean
value function or the number of failures per unit time and hence, it is the derivative of
mean value function with respect to time and is an instantaneous value. That is

By Priya Singh (Assistant Professor, Dept of SE, DTU)

A. Finite Failure NHPP Models
1. Schneidewind Model
• It was the first discrete NHPP model.
• The number of defects detected during intervals of unit length designated by index i, from
interval 1-t, is modeled by a random variable and the collection of fault counts over a series of
time intervals is modeled by a stochastic process.
• Schneidewind modeled the defect detection process by an NHPP with exponentially
decreasing failure intensity function λ(i), which is given as follows (Xie and Zaho, 1992):

• Note that i is a discrete number starting from 1. It can represent test case number or day 1,2...
or week 1,2,…
• The mean value function of the process μ(i), the expected number of defects detected is given
as follows:

By Priya Singh (Assistant Professor, Dept of SE, DTU)

A.2. Goel-Okumoto (G-0) Model:
The popular NHPP model was proposed in the year 1979 by Goel-Okumoto (1979).
It was a trendsetter for the future NHPP models.
It was presented in a continuous-time version as against discrete random variables
as in the previous model.
By substituting a = α /β, b= β and i=t in the Schneidewind model, we can derive the
equation for mean value function of the G-O model given as follows:

where, a=Statistically expected number of software faults to be eventually detected

and b = Constant of proportionality.
The corresponding failure intensity function is given as follows:

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Example 1-

• Example 2-

• Example 3-

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Solution 1-

Solution 2-

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Solution 3

• Mostly all failures occurred with failure intensity at 3600s with b=0.002/seconds (small).
When b is high, fault detection is fast on account of more failures initially and hence
failure intensity function is higher. But at 3600sec, b=0.002/sec most faults have been
detected and hence failure intensity is lower than when b=0.0002.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

B. Infinite Failure NHPP Models
• Requirements growth is a common problem in software development projects. Because of
this phenomenon and imperfect debugging no upper bound could be used for the eventual
number of faults to be detected (Xic, 2000). This has given rise to another class of models
known as infinite failure NHPP models. Musa and Okumoto proposed an infinite failure
model. We will discuss some of the trend setting models of this kind in this section.
B.1 Logarithmic Poisson Execution Time Model (LPET):
• Musa's BET model assumes that faults are equally likely to cause failures.
• Musa-Okumoto (M-O) Logarithmic Poisson Execution Time (LPET) model was evolved by
assuming the converse of the previous assumption viz. that some faults are more likely to
cause failures and that the failure intensity declines exponentially with each correction (Musa
and Ackerman, 1989).
• This model is more suitable when operational profile is highly non-uniform.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• While the change in failure intensity function per failure remains constant in BET, it decreases
exponentially in the case of LPET as given below:

• The failure intensity for the logarithmic Poisson model will never become zero as in the case of BET
model. It will keep decreasing exponentially. It will become zero only when infinite failures have been
observed. The quantity θ is called the failure intensity decay parameter.
• Suppose we plot the natural logarithm of failure intensity against mean failures experienced, then we
can see by transforming the above equation that the failure intensity decay parameter θ is the magnitude
of the slope of the line we have plotted. It represents relative change of failure intensity per failure
experienced. The mean value function of the M-O model is given as-

• Okumoto (1985) clarifies that the parameter θ may be related to the efficiency of testing and repair
activity and a larger value of θ implies a higher efficiency since the failure intensity reduces at a faster
rate.
•

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• The equation for failure intensity function of the Musa-Okumoto logarithmic Poisson model is
given as follows:

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Example 1

a.

b.

c.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

•Solution
a. b.

c.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

B.2 Log-Power NHPP model:
• This is one of the simple NHPP models proposed by Xie and
Zhao.
• This model is unique since the model validation is
visible before even estimating the parameters.
• It is a graphical model.
• The slope of the fitted line and its intercept on the
vertical axis will straightaway give the estimate of the
parameters.
• The mean value function μ(t) of the log power model
proposed by Zhao and Xie (1992) is
given as follows:

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• The above equation can be written as follows by taking logarithm on both sides-

• Hence, if data fits in the model, the plot of mean value function vs. (1 + t) will be
a straight line on a log-log log scale.
• Zhao and Xie (1992) have brought out that by substituting x=ln(I+t)

• This is the popular Duane model. They argue that Duane model did not receive
much attention since it was overestimating the cumulative number of failures
because its mean value function approaches infinity too fast. Thus, Duane model
is also an infinite failure model.
By Priya Singh (Assistant Professor, Dept of SE, DTU)
The Learning Phenomenon of the Testing Team
• Learning is said to occur if testing efficiency appears to be improving dynamically during the
progress of the testing phase (Pham et al., 1999) in SDLC.
• According to Kuo et al. (2001), the failure rate has 3 possible trends as time progresses
increasing, decreasing or constant.
• The reliability models proposed in the early period such as Jelinski-Moranda, Goel-Okumoto,
BET, and LPET etc. assumed that the failure rate is the highest at the start of defect removal
process such as system test and as and when defects are removed, the failure rate reduces.
This assumption may be valid for some projects, but not for all projects.
• In some testing projects, it has been observed that the failure rate first increases and then starts
decreasing (I/D) due to the learning phenomenon of the testing team. This occurs due to poor
efficiency of the testing team at the beginning of testing phase, but improves down the line
dynamically.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

A. Yamada delayed S-shaped SRGM:
• Yamada et al. (1983) state that the NHPP model
proposed by Goel and Okumoto (1979) is based on
the exponential growth of mean value function.
However, the observed growth rate is sometimes S-
shaped due to the learning curve of the testing team
as shown in figure.
• Another reason for S shaped growth could be that
some faults may be hidden by other faults and cannot
be detected at the beginning of testing (Xie, 2000).

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• The Yamada delayed S-Shaped NHPP model has the mean value function
(Yamada et al., 1983) as follows:

• The above model cannot address strictly decreasing failure intensity function (Xie
2000). The failure intensity function of the Yamada delayed S shaped model can
be derived by taking derivative of the above equation with respect to time as
follows:

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Example 1

• Example 2

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Solution 1

• Solution 2

By Priya Singh (Assistant Professor, Dept of SE, DTU)

B. Goel generalized NHPP model:
• Goel (1985) proposed a generalization of G-O NHPP model.
• Here, the mean value function μ (t) is given as follows:

where a= expected number of faults to be eventually detected

b and c are constants that reflect the quality of testing.
• The above model is called Goel Generalized NHPP because the time between failure
follows 2-parameter Weibull distribution as against exponential distribution in the case of
G-O model, Yamada delayed S shaped model etc.
• The failure intensity function of this model can be derived by differentiating the above
equation for mean value function with respect to time. It is given as follows:

• When c equals 1, the above model reduces to G-O model.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Example 1

By Priya Singh (Assistant Professor, Dept of SE, DTU)

• Solution

By Priya Singh (Assistant Professor, Dept of SE, DTU)

C. Log-Logistic Model Gokhale and Trivedi
Gokhale and Trivedi (1998) reveal that in some of the failure data sets, the rate at which individual faults
manifest themselves as testing progresses, can also exhibit an increasing/decreasing behavior.
• An increasing/decreasing trend exhibited by the failure occurrence rate per fault cannot be captured by
the existing NHPP models. They describe the log-logistic reliability growth model, which can capture
the increasing/decreasing nature of the hazard function.
• Essentially they proposed a Log-logistic SRGM to address the I/D pattern of failure intensity function.
Acc, to Gokhale and Trivedi the S-shaped model has an increasing failure occurrence rate per fault.
They add "the nature of the overall failure intensity, λ(t) is governed by the nature of failure
occurrence rate per fault h(t)".
• The equation for mean value function of the Log-logistic model is given as follows:

• The equation for failure intensity function of the Log-logistic model is as follows:

where N, b and k are positive real numbers.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

D. Increasing/Decreasing failure intensity function:
• The failure intensity function can be parameterized and written as follows Gokhale and
Trivedi (1998):

• It is to be noted that (N- μ(t)) is equal to the remaining number of faults yet to be corrected at a
given time and it will decrease with time as the fault removal process continues. Therefore if
h(t) is monotonically decreasing, λ(t) will also decrease monotonically.
• Since I/D pattern of failure intensity arises because the test team is not efficient in the early
stages, but pick up the efficiency later, the number of faults remaining will decrease faster in
the later stages.
• Therefore, although in the initial stages of testing λ(t) may be increasing due to dominance
of h(t), the trend will be reversed in the later stages due to faster reduction of faults.

By Priya Singh (Assistant Professor, Dept of SE, DTU)

2. Calendar Time Models
• Goel–Okumoto Model
• Delayed S-Shaped Model
• Generalized SRGM (Erlang Model)
• Incorporating Fault Complexity Considering Learning Phenomenon

3. Testing time Models

• Rayleigh Test Effort Model
• Weibull Test Effort Model

By Priya Singh (Assistant Professor, Dept of SE, DTU)

4. Debugging based model
• Exponential Imperfect Debugging SRGM
• S-Shaped Imperfect Debugging SRGM

By Priya Singh (Assistant Professor, Dept of SE, DTU)