Comparative analysis of two architectural alternatives for the N-version programming (NVP) system

This paper presents a quantitative analysis of two configurations of one architectural approach to the integration of hardware and software fault tolerance. The importance of this work is to determine if there is a clear-cut advantage to using one configuration of N-version programming (NVP) over the other. A previous preliminary sensitivity analysis on the individual parameter values showed that downloading a faulty software version had the most significant effect on the reliability and safety of the system. The other parameters that we varied had little or no effect on the systems´ performances, or on the relationship between the two systems. This fact demonstrates that our results are relatively robust for the particular parameter values that were chosen. Of course a significantly different set of parameter values may yield different results. Closed form solutions proved difficult to manage. We investigate the well-known anomaly for hardware fault tolerant TMR systems to see if the anomaly still holds when software faults are considered. The anomaly considered is that, for a TMR hardware fault tolerant system, discarding an operational component upon the first failure (and continuing in simplex mode) actually improves reliability. When software faults are considered in a more comprehensive analysis, the anomaly no longer holds