Abstract
The application of design diversity to multiple layers is a very promising way to achieve high tolerance to design faults. We proposed the MLDD (Multi-Layered Design Diversity) architecture that adopts design diversity with one set of specifications for each of three layers: the application program layer, the operating system layer and the hardware layer. An argument against using a common specification for an entire layer is that a flaw in the specification contaminates every implementation of the layer. The effectiveness of the MLDD architecture depends upon the assumption that the use of the same specification for developing multiple implementations of a layer does not lead to related errors. In this paper, we test the validity of this assumption using three commercial operating systems developed independently based on the ITRON2 specification.
In the MLDD architecture, each layer is provided with error detection, error masking and error recovery functions for dealing with errors originating in the layer. We describe the backward error recovery scheme for the operating system layer.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
J. P. Kelly and A. Avizienis, “Fault tolerance by design diversity: Concepts and experiments,” IEEE Computer, pp. 67–80, 1984.
J. Sklaroff, “Redundancy management technique for space shuttle computers,” IBM Journal of Research and Development, pp. 20–28, 1976.
U. Voges, ed., Software Diversity in Computerized Control Systems. Springer-Verlag, 1988.
A. Avizienis, “Software fault tolerance,” Information Processing 89 (IFIP CONGRESS 1989), pp. 491–498, 1989.
B. Littlewood and D. R. Miller, “Conceptual modeling of coincident failures in multiversion software,” IEEE Transactions on Software Engineering, pp. 1596–1614, 1989.
A. Watanabe, H. Takada, and K. Sakamura, “The multi-layered design diversity architecture: Application of the design diversity approach to multiple system layers,” in Proceedings of the Ninth TRON Project Symposium, pp. 116–121, IEEE Computer Society Press, Dec. 1992.
K. S. Tso, A. Avizienis, and J. P. Kelly, “Error recovery in multi-version software,” 5th International Workshop on Safety of Computer Control Systems (SAFE-COMP'86), pp. 35–41, 1986.
B. Randell, “System structure for software fault tolerance,” IEEE Transactions on Software Engineering, pp. 220–232, 1975.
K. Sakamura, ed., The 8th TRON Project Symposium (International), 1991, IEEE Computer Society Press, Dec. 1991.
K. Sakamura, ed., The 9th TRON Project Symposium (International), 1992, IEEE Computer Society Press, Dec. 1992.
K. Sakamura, ed., The 10th TRON Project Symposium (International), 1993, IEEE Computer Society Press, Dec. 1993.
K. Sakamura, ITRON2 Specification. TRON Association, 1989.
K. Sakamura, Specification of the CHIP Based on the TRON Architecture. TRON Association, 1989.
A. Shimohara, T. Minohara, K. Kudoh, and H. Itoh, “REALOS/F32: Implementation of ITRON2 specification on Gmicro F32,” in TRON Project 1989 (K. Sakamura, ed.), pp. 33–43, Springer-Verlag, 1989.
S. Yamada, K. Horikoshi, T. Shimizu, and H. Takeyama, “HI32: An itronspecification operating system for the H32/200,” in TRON Project 1989 (K. Sakamura, ed.), pp. 77–97, Springer-Verlag, 1989.
H. Tsubota, O. Yamamoto, T. Shimizu, and K. Saitoh, “MR3210 based on ITRON2 specification realtime os,” in TRON Project 1989 (K. Sakamura, ed.), pp. 17–31, Springer-Verlag, 1989.
A. Yokozawa, K. Fukuoka, and K. Tamaru, “Considerations of the performance of a real-time os,” in TRON Project 1990 (K. Sakamura, ed.), pp. 25–42, Springer-Verlag, 1990.
T. Nishimukai, H. Inayoshi, K. Takagi, K. Iwasaki, I. Kawasaki, M. Hanayama, and T. Okada, “Cache-based pipeline architecture in the Hitachi H32/200 32-bit microprocessor,” in Proceedings of the International Conference on Computer Design, (Rye Brook, NY), pp. 102–105, Oct. 1988.
T. Kitahara and T. Satoh, “The Gmicro/300 32-bit microprocessor,” IEEE MICRO, vol. 10, pp. 68–75, June 1990.
S. Matsui, M. Yamamoto, I. Kawasaki, S. Narita, F. Arakawa, K. Uchiyama, and K. Hashimoto, “Gmicro/500 microprocessor: Pipeline structure of superscalar architecture,” in Proceedings of the Ninth TRON Project Symposium (K. Sakamura, ed.), pp. 56–62, IEEE Computer Society Press, Dec. 1992.
J. P. Kelly and A. Avizienis, “A specification-oriented multi-version software experiment,” 13th International Symposium on Fault-Tolerant Computing (FTCS-13), pp. 120–126, 1983.
P. G. Bishop, D. G. Esp, M. Barnes, P. Humphreys, G. Dahll, and J. Lahti, “PODS — a project on diverse software,” IEEE Transactions on Software Engineering, pp. 929–940, 1986.
J. C. Kinght and N. G. Leveson, “An empirical study of failure probabilities in multi-version software,” 16th International Symposium on Fault-Tolerant Computing (FTCS-16), pp. 165–170, 1986.
J. C. Knight and N. G. Leveson, “An experimental evaluation of the assumption of independence in multiversion programming,” IEEE Transactions on Software Engineering, pp. 96–109, 1986.
S. S. Brilliant, J. C. Knight, and N. G. Leveson, “Analysis of faults in an N-version software experiment,” IEEE Transactions on Software Engineering. pp. 238–247, 1990.
K. Sakamura, ITRON Specification. TRON Association, 1987.
Y. Saito, H. Takada, and K. Sakamura, “Specifying and testing ITRON using a formal specification description language,” Proceedings of TRON Technical Workshop. vol. 4. pp. 63–74, Mar. 1992. in Japanese.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Watanabe, A., Sakamura, K. (1994). MLDD(Multi-Layered Design Diversity) architecture for achieving high design fault tolerance capabilities. In: Echtle, K., Hammer, D., Powell, D. (eds) Dependable Computing — EDCC-1. EDCC 1994. Lecture Notes in Computer Science, vol 852. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58426-9_140
Download citation
DOI: https://doi.org/10.1007/3-540-58426-9_140
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58426-1
Online ISBN: 978-3-540-48785-2
eBook Packages: Springer Book Archive