N-version programming has been offered as a method of incorporating fault tolerance into software. Multiple versions of a program are prepared and run in parallel. Their outputs are gathered and examined by a voter,...
详细信息
N-version programming has been offered as a method of incorporating fault tolerance into software. Multiple versions of a program are prepared and run in parallel. Their outputs are gathered and examined by a voter, and if they are not identical, it is assumed that the majority is correct. A description is presented of an experiment in which the basic axiom that programs that have been developed independently will fail independently is tested. The results of the tests show that the programs, individually, were extremely dependable, but the number of tests in which more than one program failed was substantially more than expected. The results of these tests are presented along with an examination of some of the faults that were found in the programs. The experiment concludes that N-version programming must be used with care and that analysis of its reliability must include the effect of dependent errors.
Recent work by Eckhardt and Lee shows that independently developed program versions will fail dependently: specifically that simultaneous failure of several is greater than would be the case under true independence. W...
详细信息
Recent work by Eckhardt and Lee shows that independently developed program versions will fail dependently: specifically that simultaneous failure of several is greater than would be the case under true independence. We show there is a precise duality between input choice and program choice in this model and consider a generalization in which different versions may be developed using diverse methodologies. The use of diverse methodologies is shown to decrease the probability of simultaneous failure of several versions. Indeed, it is theoretically possible to obtain versions which exhibit better than independent failure behavior. We try to formalize the notion of methodological diversity by considering the sequence of decision outcomes which comprises a methodology. We show that diversity of decisions implies likely diversity of behavior for the different versions developed under such forced diversity. For certain 1-out-of-n systems we obtain an optimal method for allocating diversity between versions. For 2-out- of-3 systems there seem to be no simple optimality results which do not depend on constraints which cannot be verified in practice. [ABSTRACT FROM AUTHOR]
We have conducted a large-scale experiment in N-version programming. A total of 27 versions of a program were prepared independently from the same specification at two universities. The results of executing the versio...
详细信息
We have conducted a large-scale experiment in N-version programming. A total of 27 versions of a program were prepared independently from the same specification at two universities. The results of executing the versions revealed that the versions were individually extremely reliable but that the number of input cases in which more than one failed was substantially more than would be expected if they were statistically independent. After the versions had been executed, the failures of each version were examined and the associated faults located. In this paper we pre- sent an analysis of these faults. Our goal in undertaking this analysis was to understand better the nature of the faults. We found that in some cases the programmers made equivalent logical errors, indicating that some parts of the problem were simply more difficult than others. We also found cases in which apparently different logical errors yielded faults that caused statistically correlated failures, indicating that there are special cases in the input space that present difficulty in various parts of the solution. A formal model is presented to explain this phenomenon. It appears that minor differences in the software development environment, such as the use of different programming languages for the different versions, would not have a major impact in reducing the incidence of faults that cause correlated failures. [ABSTRACT FROM AUTHOR]
The strategy of using multiple versions of independently developed software as a means to tolerate residual software design faults is suggested by the success of hardware redundancy for tolerating hardware failures. A...
详细信息
The strategy of using multiple versions of independently developed software as a means to tolerate residual software design faults is suggested by the success of hardware redundancy for tolerating hardware failures. Although, as generally accepted, the independence of hardware failures resulting from physical wearout can lead to substantial increases in reliability for redundant hardware structures, a similar conclusion is not immediate for software. The degree to which design faults are manifested as independent failures determines the effectiveness of redundancy as a method for improving software reliability. Interest in multiversion software centers on whether it provides an adequate measure of increased reliability to warrant its use in critical applications. The effectiveness of multiversion software is studied by comparing estimates of the failure probabilities of these systems with the failure probabilities of single versions. The estimates are obtained under a model of dependent failures and compared with estimates obtained when failures are assumed to be independent. The experimental results are based on 20 versions of an aero-space application developed and independently validated by 60 programmers from 4 universities. Descriptions of the application and development process are given, together with an analysis of the 20 versions.
An approach to the optimization of software reliability is proposed. The emphasis is put on the software redundancy to achieve fault tolerance, i.e., the results of the optimization process are applied to determine th...
详细信息
An approach to the optimization of software reliability is proposed. The emphasis is put on the software redundancy to achieve fault tolerance, i.e., the results of the optimization process are applied to determine the optimal structure of software to be developed. Two optimization models are formulated covering, respectively, modified recovery block scheme and multiversion programming approaches. Both cases are illustrated by simple examples.
The paper discusses the use of an optimization algorithm based on the behaviour of the ant colony to solve the problem of forming the composition of a multiversion fault-tolerant software package. A model for construc...
详细信息
ISBN:
(纸本)9783030263683;9783030263690
The paper discusses the use of an optimization algorithm based on the behaviour of the ant colony to solve the problem of forming the composition of a multiversion fault-tolerant software package. A model for constructing a graph for the implementation of the ant algorithm for the selected task is proposed. The modifications of the basic algorithm for both the ascending and the descending design styles of software systems are given. When optimizing for downstream design, cost, reliability, and evaluation of the successful implementation of each version with the specified characteristics are taken into account. When optimizing for up-stream design, reliability and resource intensity indicators are taken into account, as there is a selection from already implemented software modules. A method is proposed for increasing the efficiency of the ant algorithm, which consists in launching a group of "test" ants, choosing the best solution from this group and further calculating on the basis of it. A software system that implements both modifications of the basic ant algorithm for both design styles, as well as the possibility of applying the proposed multiple start technique to both modifications, is considered. The results of calculations obtained using the proposed software tool are considered. The results confirm the applicability of ant algorithms to the problem of forming a multiversion software package, and show the effectiveness of the proposed method.
暂无评论