Three methods of achieving software fault tolerance are examined and reliability models for each proposed. Since it is common practice to assume statistical independence among program versions in fault-tolerant syste...
详细信息
Three methods of achieving software fault tolerance are examined and reliability models for each proposed. Since it is common practice to assume statistical independence among program versions in fault-tolerant systems, independent reliability models are introduced. However, experiments have shown that some dependence does exist, so models assuming statistical dependence also are presented. The proposed models are used to demonstrate the superiority of the Consensus Recovery Block method over the other 2 methods. The models prove that the Consensus Recovery Block is less susceptible to acceptance test errors than the Recovery Block and is more reliable than a Recovery Block composed of the same programs. Furthermore, the Consensus Recovery Block is shown to be more reliable than ann-versionprogramming system consisting of the same programs. This is especially true when the occurrence of multiple correct outputs is possible. A simple cost model demonstrates use of the models for relative cost comparisons in achieving a given reliability.
The n-version approach to the development of fault-tolerant software is discussed, along with the major requirements for its application. The goal of software fault tolerance is to enable software to function in the p...
详细信息
The n-version approach to the development of fault-tolerant software is discussed, along with the major requirements for its application. The goal of software fault tolerance is to enable software to function in the presence of errors. With n-versionprogramming, this is accomplished by developing multiple independent versions of a software module from a single formal specification. Experiments inn-versionprogramming at the University of California at Los Angeles (California) are described along with the DEDIX system, ann-version development tool that provides distributed supervision and a testbed for n-version software implementation. With n-versionprogramming, software verification and validation efforts can be reduced and cost savings inprogramming overhead can be achieved since freelance programmers working at their preferred locations on their own equipment can be enlisted to produce independent software versions.
n-versionprogramming has been offered as a method of incorporating fault tolerance into software. Multiple versions of a program are prepared and run in parallel. Their outputs are gathered and examined by a voter,...
详细信息
n-versionprogramming has been offered as a method of incorporating fault tolerance into software. Multiple versions of a program are prepared and run in parallel. Their outputs are gathered and examined by a voter, and if they are not identical, it is assumed that the majority is correct. A description is presented of an experiment in which the basic axiom that programs that have been developed independently will fail independently is tested. The results of the tests show that the programs, individually, were extremely dependable, but the number of tests in which more than one program failed was substantially more than expected. The results of these tests are presented along with an examination of some of the faults that were found in the programs. The experiment concludes that n-versionprogramming must be used with care and that analysis of its reliability must include the effect of dependent errors.
The Project on Diverse Software (PODS) was a collaborative software reliability research project whose main goals were: 1. to evaluate the merits of using diverse software, 2. to evaluate the computer-based specificat...
详细信息
The Project on Diverse Software (PODS) was a collaborative software reliability research project whose main goals were: 1. to evaluate the merits of using diverse software, 2. to evaluate the computer-based specification language ''X,'' and 3. to compare the effects of representative high-level and low-level languages on productivity and reliability. To achieve these goals, an experiment was mounted that simulated a normal software development process to produce 3 diverse programs to the same requirement. Major conclusions for the project included: 1. Diverse software with majority voting failed less often than any individual program, but some common faults did exist at the end of normal software development. 2. Testing diverse programs ''back-to-back'' proved to be a powerful method of identifying residual faults. 3. The residual faults were all related to the specification of requirements, and thus, the requirement specification was the only known cause of common mode failure.
Multiple, joint occurrences of errors (coincident errors) can significantly affect the effectiveness of fault-tolerant software. A theoretical framework is developed for assessing the effectiveness of a multiversion p...
详细信息
Multiple, joint occurrences of errors (coincident errors) can significantly affect the effectiveness of fault-tolerant software. A theoretical framework is developed for assessing the effectiveness of a multiversionprogramming approach to the development of fault-tolerant software under conditions of coincident error and for analyzing the impacts of coincident errors. The impacts of coincident errors will depend on an intensity function, which defines the tendency of programmers to introduce similar types of design faults such that software components will fail together during execution. A sufficient condition is derived under which a multi-version development strategy will yield improved fault tolerance over a single-version strategy. However, under high intensity of coincident error, a multiversion approach will actually lead to deterioration of fault tolerance. Finally, it is shown that fault tolerance models that assume that component versions fail independently will underestimate the number of software components needed to improve fault tolerance under coincident error.
暂无评论