The reliability of diverse systems: a contribution using modelling of the fault creation process

Design diversity is a defence against design faults causing common-mode failure in redundant systems, but we badly lack knowledge about how much reliability it will buy in practice, and thus about its cost-effectiveness, the situations in which it is an appropriate solution and how it should be taken into account by assessors and safety regulators. Both current practice and the scientific debate about design diversity depend largely on intuition. More formal probabilistic reasoning would facilitate critical discussion and empirical validation of any predictions: to this aim, we propose a model of the generation of faults and failures in two separately-developed program versions. We show results on: (i) what degree of reliability improvement an assessor can reliably expect from diversity; and (ii) how this reliability improvement may change with higher-quality development processes. We discuss the practical relevance of these results and the degree to which they can be trusted.

[1]  Bev Littlewood,et al.  Choosing Between Fault-Tolerance and Increased V&V for Improving Reliability , 2000, PDPTA.

[2]  Nancy G. Leveson,et al.  Analysis of Faults in an N-Version Software Experiment , 1990, IEEE Trans. Software Eng..

[3]  Peter G. Bishop,et al.  PODS revisited-a study of software failure behaviour , 1988, [1988] The Eighteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[4]  Dave E. Eckhardt,et al.  A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors , 1985, IEEE Transactions on Software Engineering.

[5]  Peter T. Popov,et al.  The effect of testing on the reliability of single version and 1-out-of-2 software systems , 1995, Proceedings of Sixth International Symposium on Software Reliability Engineering. ISSRE'95.

[6]  Bev Littlewood,et al.  A note on reliability estimation of functionally diverse systems , 1999 .

[7]  Andy Roberts,et al.  How Accurate Is Scientific Software? , 1994, IEEE Trans. Software Eng..

[8]  Bev Littlewood,et al.  Assessment of the Reliability of Fault-Tolerant Software: A Bayesian Approach , 2000, SAFECOMP.

[9]  Bev Littlewood,et al.  Modeling software design diversity: a review , 2001, CSUR.

[10]  Les Hatton,et al.  N-Version Design vs. One Good Version , 1997, IEEE Softw..

[11]  Paul Ammann,et al.  Data Diversity: An Approach to Software Fault Tolerance , 1988, IEEE Trans. Computers.

[12]  Bev Littlewood,et al.  Conceptual Modeling of Coincident Failures in Multiversion Software , 1989, IEEE Trans. Software Eng..

[13]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[14]  Bev Littlewood,et al.  Evaluating Testing Methods by Delivered Reliability , 1998, IEEE Trans. Software Eng..