Comparative analysis of two architectural alternatives for the N-version programming (NVP) system

Abstract

This paper presents a quantitative analysis of two configurations of one architectural approach to the integration of hardware and software fault tolerance. The importance of this work is to determine if there is a clear-cut advantage to using one configuration of N-version programming (NVP) over the other. A previous preliminary sensitivity analysis on the individual parameter values showed that downloading a faulty software version had the most significant effect on the reliability and safety of the system. The other parameters that we varied had little or no effect on the systems' performances, or on the relationship between the two systems. This fact demonstrates that our results are relatively robust for the particular parameter values that were chosen. Of course a significantly different set of parameter values may yield different results. Closed form solutions proved difficult to manage. We investigate the well-known anomaly for hardware fault tolerant TMR systems to see if the anomaly still holds when software faults are considered. The anomaly considered is that, for a TMR hardware fault tolerant system, discarding an operational component upon the first failure (and continuing in simplex mode) actually improves reliability. When software faults are considered in a more comprehensive analysis, the anomaly no longer holds.