|
Abstract : |
In earlier studies of multiversion programming, both empirical and analytical, emphasis switched from notions of independence to one of minimization of coincident failure. We show that neither independence of failure, nor lack of coincident failure are the single important properties. Indeed, an N-version system may deliver an optimal performance (under some voting strategy) even when the incidence of coincident failure is arbitrarily high. The key notion that this study contributes is one of distinct different failure, and hence distinct-failure diversity. The important property is not whether versions fail on the same input so much as whether they fail in the same way. If the failures of an N-version system (on some input) are dispersed over a set of distinct alternative outcomes, then this (hitherto unacknowledged) aspect of diversity may be exploited to substantially enhance system reliability. We propose measures for the traditional coincident-failure diversity (CFD), for the new distinct failure-diversity (DFD), and for an integrated overall diversity (OD). We show how the DFD property of an N-version system may permit substantial performance enhancement despite maximum coincident failure. We demonstrate the extra practical benefits that accrue from an exploitation of this new treatment of multiversion software systems by application to previously published examples. Finally, we suggest how this new aspect of diversity (as well as several others) can be exploited to cast the potential for multiversion software engineering in a much more positive light than was produced by the previous studies which demonstrated the necessary absence of independent failure behaviour., |
