TRADE-OFFS IN DEVELOPING FAULT-TOLERANT SOFTWARE

Design diversity has emerged as a powerful mechanism for incorporating software fault tolerance in ultra-reliable systems. In this paper we study the trade-offs available during the development process of fault -tolerant software employing the recovery block approach [2]. When the total available testing time is bounded, our analysis determines how appropriately to allocate testing time to the various redundant module s that make up the fault tolerant system so as to maximise its reliabi lity. This requires a study of the interactions between the various mo dules in the software system. For example error coverage and the false alarm probability of acceptance test in the recovery block scheme may be interrelated and it may not be possible to simultaneously improve both. Hence there exists a trade-off between acceptance test coverage and false alarm probability. The impact of such trade-offs on system r eliability is also studied.