Great progress has been made in assuring the functional correctness of digital systems. Coverage analysis, property-based testing, mock environments and formal proof systems can be applied to give very high levels of confidence of correct system behaviour. (That they are all too often not applied is a problem in social science, not computer science!). Despite this, many prototypes that demonstrate attractive functionality in a laboratory or test setting fail to deliver when deployed in the real world, often because non-functional aspects such as response time, efficiency, reliability or safety are unsatisfactory. These are typically not properly addressed until the system is largely implemented, when it may eventually become apparent that early design decisions were ill-advised, and changing them is expensive or even impossible.

Our ongoing goal, a journey that we began over 20 years ago, is to quantify ‘non-functional’ requirements in such a way that they can be treated on an equal footing with functional ones at all stages of the development and deployment process. This abstracts the inherent stochastic variability of the real-world as a data type used in reasoning about timeliness and resource consumption. Such system properties can be calculated at any stage of system development, from early design considerations to deployed systems. In many critical situations, delivering a response within a given time-bound is as much a requirement as the correctness of the answer, as is doing so within the available resources. This approach also informs the way that system performance can be measured for effective in-life management and maintenance throughout the full system life cycle.

This seminar will provide an overview of our journey so far, how we are reasoning about timeliness and “failure” using a formalism (with prototype tool support) called ‘∆QSD’. We will provide examples of how this can inform “design intuition”; capture reliability; and act as a socialisation tool with stakeholders in a complex development.