Rigorously assessing software reliability and safety

This paper summarises the state of the art in the assessment of software reliability and safety ("dependability"), and describes some promising developments. A sound demonstration of very high dependability is still impossible before operation of the software; but research is finding ways to make rigorous assessment increasingly feasible. While refined mathematical techniques cannot take the place of factual knowledge, they can allow the decision-maker to draw more accurate conclusions from the knowledge that is available

Analysis of Jump Linear Systems Driven by Lumped Processes

Safety critical control systems such as flight control systems use fault-tolerant technology to minimize the effect of faults and increase the dependability of the system. In fault-tolerant systems, the system availability process indicates the current operational mode of an interconnection of digital logic devices. It is a process that results from the transformation of the stochastic processes characterizing the availability of the devices forming the system. To assess safety critical control systems, the following measures of performance will be considered: the steady-state mean output power, the mean output energy, the mean time to failure and the mean time to repair. For this assessment it is important to determine the characteristics of the system availability process since both stability and the aforementioned measure of performance are directly dependent on it. When the system availability process results from a transformation of a homogeneous Markov chain, it is well-known that the resulting process is not necessarily a homogeneous Markov chain. In particular, when the Markov chain characterizing the faults is a zeroth order Markov chain, it is shown that the availability process results in another zeroth order Markov chain. Thus, all the results which are known to analyze closed-loop systems driven by a homogeneous Markov chain can be applied to the zeroth order Markov chain. However, simpler formulas that do not trivially follow from these Markov chain results can be derived in this case. Part of this dissertation is dedicated to the derivation of these new formulas. On the other hand, when the system availability results in either a non-homogeneous Markov chain or a non-Markov chain, the existing Markov results can not be directly applied. This problem is addressed here. The necessity for better integration of the fault tolerant and the control designs for safety critical systems is also addressed. The dependability of current designs is primarily assessed with measures of the interconnection of fault tolerant devices: the reliability metrics that include the mean time to failure and the mean time to repair. These metrics do not directly take into account the interaction of the fault tolerant components with the dynamics of the system. In this dissertation, a first step to better integrate fault tolerant and the control designs for safety critical systems is made. These are the problems that motivated this work. Therefore, the goals of this dissertation are: to develop a suitable methodology to analyze a jump linear system when the driving process is characterized by a zeroth order Markov chain, a non-homogeneous Markov chain and a non-Markov chain; and to integrate the analysis of jump linear systems with the reliability theory for network architectures

An Empirical Study of the Effectiveness of 'Forcing Diversity' Based on a Large Population of Diverse Programs

Use of diverse software components is a viable defence against common-mode failures in redundant softwarebased systems. Various forms of "Diversity-Seeking Decisions" (“DSDs”) can be applied to the process of developing, or procuring, redundant components, to improve the chances of the resulting components not failing on the same demands. An open question is how effective these decisions, and their combinations, are for achieving large enough reliability gains. Using a large population of software programs, we studied experimentally the effectiveness of specific "DSDs" (and their combinations) mandating differences between redundant components. Some of these combinations produced much better improvements in system probability of failure per demand (PFD) than "uncontrolled" diversity did. Yet, our findings suggest that the gains from such "DSDs" vary significantly between them and between the application problems studied. The relationship between DSDs and system PFD is complex and does not allow for simple universal rules (e.g. "the more diversity the better") to apply

Software reliability and dependability: a roadmap

Shifting the focus from software reliability to user-centred measures of dependability in complete software-based systems. Influencing design practice to facilitate dependability assessment. Propagating awareness of dependability issues and the use of existing, useful methods. Injecting some rigour in the use of process-related evidence for dependability assessment. Better understanding issues of diversity and variation as drivers of dependability. Bev Littlewood is founder-Director of the Centre for Software Reliability, and Professor of Software Engineering at City University, London. Prof Littlewood has worked for many years on problems associated with the modelling and evaluation of the dependability of software-based systems; he has published many papers in international journals and conference proceedings and has edited several books. Much of this work has been carried out in collaborative projects, including the successful EC-funded projects SHIP, PDCS, PDCS2, DeVa. He has been employed as a consultant t

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India