The impact of "difficulty" variation on the probability of coincident failure of diverse systems
暂无分享,去创建一个
Redundancy and diversity have long been used as means to obtain high reliability in critical systems. Whilst it is easy to claim that, say, a 1-out-of-2 diverse system will be more reliable than each of the two channels, assessing the actual reliability of such systems can be difficult. Some years ago, new probability models were developed to address this problem in the case of diverse software systems. They depend upon a notion of variation of ‘difficulty’ – more precisely ‘propensity to fail’ – across the input space. These models show that independence of failures will occur only in very special circumstances, and so such independence cannot simply be assumed. They were later shown to apply to certain kinds of hardware systems. If we cannot claim independence of channel failures, the computation of system reliability is difficult, because complete knowledge of the difficulty function is needed. This is unlikely to be available for software. Instead, we are unlikely to know more than the marginal pfd (probability of failure on demand) of the software. In this paper we consider the case of a 1-out-of-2 system in which one channel contains software, and the other channel contains only hardware equipment. We show that a useful upper (i.e. conservative) bound can be obtained for the system pfd using only the unconditional pfd for software (together with information about the variation of hardware ‘difficulty’, which is likely to be known or estimatable). Impact of difficulty variation on coincident failure probability 2
[1] Dave E. Eckhardt,et al. A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors , 1985, IEEE Transactions on Software Engineering.
[2] Bev Littlewood,et al. Conceptual Modeling of Coincident Failures in Multiversion Software , 1989, IEEE Trans. Software Eng..
[3] R. P. Hughes,et al. A new approach to common cause failure , 1987 .