Research reports ESPRIT., Project 300,, REQUEST ;, 1.
CONTENTS NOTE
Text of Note
1 Introduction --; 2 Overview --; 2.1 The Concept of Software Fault-tolerance --; 2.2 Failure Dependence --; 2.3 Evaluation of Reliability of Fault Tolerant Software --; 2.4 Adjudication Mechanisms --; 2.5 Conclusion --; References --; 3 Considerations on Software Diversity on the Basis of Experimental and Theoretical Work --; 3.1 The Different Failure Sets of a Two-fold Diverse System --; 3.2 Experimental Approach --; 3.3 Theoretical Approach --; 3.4 Additional Requirements --; 3.5 Comparison Between Single and Diverse Use of Programs --; 3.6 Conclusion --; References --; 4 The Impact of Forced Diversity on the Failure Behaviour of Multiversion Software --; 4.1 Introduction --; 4.2 Common Failure Behaviour of Forced and Unforced Diverse Systems w. r. t. the Voter Majority --; 4.3 Common Failure Behaviour of Forced and Unforced Diverse Systems w. r. t. the Voter Granularity --; 4.4 Conclusion --; References --; 5 Functional Diversity --; 5.1 Introduction --; 5.2 Limitations of Normal Diversity --; 5.3 Description of Functional Diversity Methodology --; 5.4 Advantages of Functional with respect to Normal Diversity --; 5.5 Disadvantages of Functional Diversity --; 5.6 Application Fields --; 5.7 Choice of the Modelling Approach for Functional Diversity --; 5.8 Classical Semantic Approach --; 5.9 Functional Semantics --; 5.10 Semantic Modelling of Functional Diversity --; 5.11 Functional Diversity Metrication --; 5.12 Definition of Functional Diversity Metrics --; 5.13 Classification of the Metrics --; 5.14 Reliability Analysis for Functionally Diverse Systems --; 5.15 Static Specification Analysis --; 5.16 Reliability Evaluation --; 5.17 Semantic Specification Language --; 5.18 Semantic Specification Analysis Methodology --; References --; 6 Estimation of Failure Correlation in Diverse Software Systems with Dependent Components --; 6.1 Introduction --; 6.2 Evaluation of the Inaccuracy Resulting from the Independence Assumption --; 6.3 The Case of Available Failure Observations --; 6.4 The Case of No Available Failure Observations --; 6.5 Conclusion --; References --; 7 Measurement of Diversity Degree by Quantification of Dissimilarity in the Input Partition --; 7.1 Input Partition and Coverage Diversity --; 7.2 Partition Diversity during the Testing Phase --; 7.3 Conclusion --; References --; 8 Comparison of Mnemonics for Software Diversity Assessment --; 8.1 The Initial Prototype Investigation --; 8.2 Enhancement of the Prototype --; 8.3 Further Improvements to Technique --; 8.4 Conclusions --; References --; 9 The FRIL Model Approach for Software Diversity Assessment --; 9.1 Software Attributes Affecting Diversity --; 9.2 Measuring Diversity --; 9.3 The FRIL Model for Software Diversity Assessment --; 9.4 Extension of the Work --; References --; 10 Reliability Evaluation --; 10.1 Introduction --; 10.2 State of The Art of Reliability Models for Fault Tolerant Software --; 10.3 System States of Fault Tolerant Architectures --; 10.4 Analysis of System Sub-states --; 10.5 Modelling Approach --; 10.6 Modelling Methods --; 10.7 Evaluation of the Equations --; References --; 11 The Impact of Voter Granularity in Fault-Tolerant Software on System Reliability and Availability --; 11.1 Definition of System States --; 11.2 Effect of Voter Granularity on System States --; 11.3 Examples --; 11.4 Strategic Choice of Optimal Granularity --; 11.5 Mixed Solutions --; 11.6 Conclusion --; References --; 12 A Theoretical Evaluation of the Acceptance Test in Recovery Block Programming --; 12.1 Introduction --; 12.2 General Features and Examples of Acceptance Tests --; 12.3 Formal Definition of Acceptance Test Characteristics --; 12.4 An Error Model for the Acceptance Test Behaviour --; 12.5 Conclusion --; References --; 13 Location of Checkpoints by Considering Information Reduction --; 13.1 Introduction --; 13.2 Failure Masking --; 13.3 Function Classes Reducing Information --; 13.4 Impact of Information Reduction on Failure Dependence --; 13.5 Information Reduction for Binary Values --; 13.6 Location of Checkpoints --; 13.7 Example --; 13.8 Conclusion --; References --; 14 Conclusions --; 14.1 Hardware Failure vs. Software Failure --; 14.2 Diversity and the Design of Fault-tolerant Software Systems --; 14.3 Assessment of Software Fault-tolerance --; 14.4 Prospect.
SUMMARY OR ABSTRACT
Text of Note
This volume summarizes the results obtained by the group working on softwarefault tolerance within the REQUEST (Reliability and Quality of European Software Technology) project of the ESPRIT programme of the European Communities. It should be read by anyone with a professional interest in safety-critical and fault-tolerant computing. A generic model is developed for evaluating the reliability of fault-tolerant software systems. Emphasis is put on identification of problem areas in the development and assessment of fault-tolerant software systems and in the components. Examples of crucial failures are those of diverse versions due to a common cause, or failures in the adjudicator which acts on outputs of diverse versions. The causes for common failures of versions are similarities in the solutions of specified problems. Methods were developed to determine similarity among versions by means of well-known software engineering methods. Concerning adjudicators, the influences of several factors on failure detection capability are discussed and guidelines are given for optimal design. A methodology is developed to determine dissimilarity on the level of diverse specifications. Cost-based support is given for deciding whether diversity should be used in a software system or a single program shouldbe enhanced by additional verification effort.