Building Dependable Software for Critical Applications: Multi-Version Software versus One Good Version

Quantified Score

Visualization

Abstract

An increasing range of industries have a growing dependence on software-based systems,many of which are safety-critical,real-time applications that require extremely high dependability.Multi-version programming has been proposed as a method for increasing the overall dependability of such systems -however,the increased cost of using this approach may mean that this increase in dependability is not worth the extra expense involved.We describe an experiment undertaken in order to establish for the first time whether or not the multi-version method can offer increased dependability over the traditional single-version development approach when given the same level of resources.Three programs were developed independently to control a real-time,safety-critical system,and were put together to form a decentralized multi-version system.Three functionally equivalent single-version systems were also implemented,each using the same amount of development resources as the combined resources of the multi-version system.The analytic results from this experiment show that 1)a single-version system is much more dependable than any individual version of the multi-version system,and 2) despite the poor quality of individual versions,the multi-version method still results in a safer system than the single-version solution.Although these results could not be considered conclusive in the general sense and the experiment itself needed to be improved in several areas, it is evident that regarding the single-version method as a "seem-to-be "safer design decision for critical applications is not generally justifiable.We conclude by describing plans for a follow up study based on our initial findings.Key words -Critical software and systems,fault tolerance,industrial embedded systems,multi-version software,reliability and safety