Reliability and performance analysis of hardware–software systems with fault-tolerant software components

Abstract

This paper presents an algorithm for evaluating reliability and expected execution time for systems consisting of fault-tolerant software components running on several hardware units. The components are built from functionally equivalent but independently developed versions characterized by different reliability and execution time. Different number of versions can be executed simultaneously depending on the number of available units. The system reliability is defined as the probability that the system produces a correct output in a specified time.

Introduction

Software failures are caused by errors made in various phases of program development. When the software reliability is of critical importance, special programming techniques are used in order to achieve its fault tolerance. Two of the best-known fault-tolerant software design methods are N-version programming (NVP) and recovery block scheme (RBS) [1]. Both methods are based on the redundancy of software modules (functionally equivalent but independently developed) and the assumption that coincident failures of modules are rare. The fault tolerance usually requires additional resources and results in performance penalties (particularly with regard to computation time), which constitutes a tradeoff between software performance and reliability.

NVP was proposed by Chen and Avizienis [2]. This approach presumes the execution of N functionally equivalent software modules (called versions) that receive the same input and send their outputs to a voter, which is aimed at determining the system output. The voter produces an output if at least M out of N outputs agree (it is presumed that the probability that M wrong outputs agree is negligibly small). Otherwise, the system fails. Usually majority voting is used in which N is odd and M=(N+1)/2.

In some applications, the available computational resources do not allow all of the versions to be executed simultaneously. In these cases, the versions are executed according to some predefined sequence and the program execution terminates either when M versions produce the same output (success) or when after the execution of all the N versions the number of equivalent outputs is less than M (failure). The entire program execution time is a random variable depending on the parameters of the versions and on the number of versions that can be executed simultaneously.

RBS was proposed by Randell [3]. In this approach after execution of each version, its output is tested by an acceptance test block (ATB). If the ATB accepts the version output, the process is terminated and the version output becomes the output of the entire system. If all N versions do not produce the accepted output, the system fails. If the computational resources allow simultaneous execution of several versions, the versions are executed according to some predefined sequence and the entire program terminates either when one of versions produces the output accepted by the ATB (success) or when after the execution of all the N versions no output is accepted by the ATB (failure). If the acceptance test time is included into the execution time of each version, the RBS performance model becomes identical to the performance model of the NVP with M=1.

Estimating the effect of the fault-tolerant programming on system performance is especially important in safety critical real-time computer applications. This effect has been studied by Tai et al. in [4] and by Goseva-Popstojanova and Grnarov in [5], [6]. While in [4] a basic realization of NVP (N=3, M=2) consisting of versions with identical fault probabilities and different execution times has been considered, in [5], [6] NVP with arbitrary N has been studied in which both times to failure and execution times of different versions are identically distributed random variables.

In many cases, the information about version reliability and execution time is available from separate testing and/or reliability prediction models [7]. This information can be incorporated into a fault-tolerant program model in order to obtain an evaluation of its reliability and performance. The reliability model of NVP with versions having different reliability has been considered in [8]. However, in this study, the system performance evaluation problem has not been addressed and a general algorithm for evaluating NVP reliability for arbitrary N and M has not been suggested.

Since the performance of fault-tolerant programs depends on availability of computational resources, the impact of hardware availability should be taken into account when the system availability is evaluated. In [9] several simple configurations of hardware–software systems with N≤3 and number of hardware units not greater than three have been studied also without considering system performance.

This paper presents an algorithm for finding the reliability and performance measures for arbitrary fault-tolerant hardware–software systems with given hardware structure and availability of hardware units and given parameters of software versions. The novelty of the presented algorithm lies in its ability to take into account both hardware and software reliability for arbitrary number of software versions and hardware units and to evaluate both system reliability and performance measures.

The algorithm does not take into account the common cause failures which leads to overestimation of system reliability. However, even such optimistic estimates can be used for comparison of different system architectures and for optimization of software system structure as it has been done in [8], [10], [11], [12].

The probabilities of common cause failures can be evaluated separately (elicited from experimental study) and added to system unreliability in order to obtain more accurate reliability estimates.