Title :
The use of proof in diversity arguments
Author_Institution :
Centre for Software Reliability, City Univ., London, UK
fDate :
10/1/2000 12:00:00 AM
Abstract :
The limits to the reliability that can be claimed for a design-diverse fault-tolerant system are mainly determined by the dependence that must be expected in the failure behaviours of the different versions: claims for independence between version failure processes are not believable. We examine a different approach, in which a simple secondary system is used as a back-up to a more complex primary. The secondary system is sufficiently simple that claims for its perfection (with respect to design faults) are possible, but there is not complete certainty about such perfection. It is shown that assessment of the reliability of the overall fault-tolerant system in this case may take advantage of claims for independence that are more plausible than those involved in design diversity
Keywords :
software fault tolerance; design diversity; software fault tolerance; software reliability; version failure processes; Aerospace control; Air traffic control; Aircraft; Battery powered vehicles; Cultural differences; Fault tolerance; Fault tolerant systems; Phase frequency detector; Protection; Safety;
Journal_Title :
Software Engineering, IEEE Transactions on
