SlideShare uma empresa Scribd logo

Dependability Engineering 2 (CS 5032 2012)

Transferir como PPTX, PDF
Ian Sommerville
Ian Sommerville
TecnologiaNegócios
1 de 27
Dependability engineering Lecture 2 Dependability engineering, CSE, 2010 Slide 1
Hardware fault tolerance • Depends on triple-modular redundancy (TMR). • Three identical components that receive the same input and whose outputs are compared. • If one output is different, it is ignored and component failure is assumed. • Based on most faults resulting from component failures rather than design faults and a low Dependability engineering, CSE, 2010 probability of simultaneous Slide 2
Triple modular redundancy Dependability engineering, CSE, 2010 Slide 3
N-version programming • Multiple versions of a software system carry out computations at the same time. There should be an odd number of computers involved, typically 3. • The results are compared using a voting system and the majority result is taken to be the correct result. • Approach derived from the notion of triple-modular redundancy, as used in hardware systems. Dependability engineering, CSE, 2010 Slide 4
N-version programming Dependability engineering, CSE, 2010 Slide 5
N-version programming • The different system versions are designed and implemented by different teams. It is assumed that there is a low probability that they will make the same mistakes. The algorithms used should but may not be different. • There is some empirical evidence that teams commonly misinterpret specifications in the same way and chose the same algorithms in their systems. Dependability engineering, CSE, 2010 Slide 6
Software diversity • Approaches to software fault tolerance depend on software diversity where it is assumed that different implementations of the same software specification will fail in different ways. • It is assumed that implementations are (a) independent and (b) do not include common errors. • Strategies to achieve diversity – Different programming languages – Different design methods and tools – Explicit specification of different algorithms Dependability engineering, CSE, 2010 Slide 7
Problems with design diversity • Teams are not culturally diverse so they tend to tackle problems in the same way • Characteristic errors – Different teams make the same mistakes. Some parts of an implementation are more difficult than others so all teams tend to make mistakes in the same place; • Specification errors; – If there is an error in the specification then this is reflected in all implementations; – This can be addressed to some extent by using multiple specification representations. Dependability engineering, CSE, 2010 Slide 8
Specification dependency • Both approaches to software redundancy are susceptible to specification errors. If the specification is incorrect, the system could fail • This is also a problem with hardware but software specifications are usually more complex than hardware specifications and harder to validate. • This has been addressed in some cases by developing separate software specifications from the same user specification. Dependability engineering, CSE, 2010 Slide 9
Improvements in practice • In principle, if diversity and independence can be achieved, multi-version programming leads to very significant improvements in reliability and availability. • In practice, observed improvements are much less significant but the approach seems leads to reliability improvements of between 5 and 9 times. • Are such improvements are worth the considerable extra development costs for multi-version programming? • Is it cheaper to increase the reliability of a single version using fault avoidance and fault detection techniques? Dependability engineering, CSE, 2010 Slide 10
Dependable programming • Good programming practices can be adopted that help reduce the incidence of program faults. • These programming practices support – Fault avoidance – Fault detection – Fault tolerance Dependability engineering, CSE, 2010 Slide 11
Good practice guidelines for dependable programming Dependable programming guidelines 1. Limit the visibility of information in a program 2. Check all inputs for validity 3. Provide a handler for all exceptions 4. Minimize the use of error-prone constructs 5. Provide restart capabilities 6. Check array bounds 7. Include timeouts when calling external components 8. Name all constants that represent real-world values Dependability engineering, CSE, 2010 Slide 12
Control the visibility of information in a program • Program components should only be allowed access to data that they need for their implementation. • This means that accidental corruption of parts of the program state by these components is impossible. • You can control visibility by using abstract data types where the data representation is private and you only allow access to the data through predefined operations such as get () and put (). Dependability engineering, CSE, 2010 Slide 13
Check all inputs for validity • All program take inputs from their environment and make assumptions about these inputs. • However, program specifications rarely define what to do if an input is not consistent with these assumptions. • Consequently, many programs behave unpredictably when presented with unusual inputs and, sometimes, these are threats to the security of the system. • Consequently, you should always check inputs before processing against the assumptions made about these inputs. Dependability engineering, CSE, 2010 Slide 14
Validity checks • Range checks – Check that the input falls within a known range. • Size checks – Check that the input does not exceed some maximum size e.g. 40 characters for a name. • Representation checks – Check that the input does not include characters that should not be part of its representation e.g. names do not include numerals. • Reasonableness checks – Use information about the input to check if it is reasonable Dependability engineering, CSE, 2010 an extreme value. rather than Slide 15
Provide a handler for all exceptions • A program exception is an error or some unexpected event such as a power failure. • Exception handling constructs allow for such events to be handled without the need for continual status checking to detect exceptions. • Using normal control constructs to detect exceptions needs many additional statements to be added to the program. This adds a significant overhead and is potentially error-prone. Dependability engineering, CSE, 2010 Slide 16
Exception handling Dependability engineering, CSE, 2010 Slide 17
Exception handling • Three possible exception handling strategies – Signal to a calling component that an exception has occurred and provide information about the type of exception. – Carry out some alternative processing to the processing where the exception occurred. This is only possible where the exception handler has enough information to recover from the problem that has arisen. – Pass control to a run-time support system to handle the exception. • Exception handling is a mechanism to provide some fault tolerance Dependability engineering, CSE, 2010 Slide 18
Minimize the use of error-prone constructs • Program faults are usually a consequence of human error because programmers lose track of the relationships between the different parts of the system • This is exacerbated by error-prone constructs in programming languages that are inherently complex or that don’t check for mistakes when they could do so. • Therefore, when programming, you should try to avoid or at least minimize the use of these error- prone constructs. Dependability engineering, CSE, 2010 Slide 19
Error-prone constructs • Unconditional branch (goto) statements • Floating-point numbers – Inherently imprecise. The imprecision may lead to invalid comparisons. • Pointers – Pointers referring to the wrong memory areas can corrupt data. Aliasing can make programs difficult to understand and change. • Dynamic memory allocation – Run-time allocation can cause memory overflow. Dependability engineering, CSE, 2010 Slide 20
Error-prone constructs • Parallelism – Can result in subtle timing errors because of unforeseen interaction between parallel processes. • Recursion – Errors in recursion can cause memory overflow as the program stack fills up. • Interrupts – Interrupts can cause a critical operation to be terminated and make a program difficult to understand. • Inheritance – Code is not localised. This can result in unexpected behaviour when changes are made and problems of understanding the code. Dependability engineering, CSE, 2010 Slide 21
Error-prone constructs • Aliasing – Using more than 1 name to refer to the same state variable. • Unbounded arrays – Buffer overflow failures can occur if no bound checking on arrays. • Default input processing – An input action that occurs irrespective of the input. – This can cause problems if the default action is to transfer control elsewhere in the program. In incorrect or deliberately malicious input can then trigger a program failure. Dependability engineering, CSE, 2010 Slide 22
Provide restart capabilities • For systems that involve long transactions or user interactions, you should always provide a restart capability that allows the system to restart after failure without users having to redo everything that they have done. • Restart depends on the type of system – Keep copies of forms so that users don’t have to fill them in again if there is a problem – Save state periodically and restart from the saved state Dependability engineering, CSE, 2010 Slide 23
Check array bounds • In some programming languages, such as C, it is possible to address a memory location outside of the range allowed for in an array declaration. • This leads to the well-known ‘bounded buffer’ vulnerability where attackers write executable code into memory by deliberately writing beyond the top element in an array. • If your language does not include bound checking, you should therefore always check that an array access is within the bounds of the array. Dependability engineering, CSE, 2010 Slide 24
Include timeouts when calling external components • In a distributed system, failure of a remote computer can be ‘silent’ so that programs expecting a service from that computer may never receive that service or any indication that there has been a failure. • To avoid this, you should always include timeouts on all calls to external components. • After a defined time period has elapsed without a response, your system should then assume failure and take whatever actions are required to recover from this. Dependability engineering, CSE, 2010 Slide 25
Name all constants that represent real-world values • Always give constants that reflect real-world values (such as tax rates) names rather than using their numeric values and always refer to them by name • You are less likely to make mistakes and type the wrong value when you are using a name rather than a value. • This means that when these ‘constants’ change (for sure, they are not really constant), then you only have to make the change in one place in your program. Dependability engineering, CSE, 2010 Slide 26
Key points • Software diversity is difficult to achieve because it is practically impossible to ensure that each version of the software is truly independent. • Dependable programming relies on the inclusion of redundancy in a program to check the validity of inputs and the values of program variables. • Some programming constructs and techniques, such as goto statements, pointers, recursion, inheritance and floating-point numbers, are inherently error- prone. You should try to avoid these constructs when developing dependable systems. Dependability engineering, CSE, 2010 Slide 27

Recomendados

Software Reliability
Software ReliabilitySoftware Reliability
Software Reliabilityranapoonam1
 
Software archiecture lecture06
Software archiecture lecture06Software archiecture lecture06
Software archiecture lecture06Luktalja
 
Software Reliability Engineering
Software Reliability EngineeringSoftware Reliability Engineering
Software Reliability Engineeringguest90cec6
 
Software and Hardware Reliability
Software and Hardware ReliabilitySoftware and Hardware Reliability
Software and Hardware ReliabilitySandeep Patalay
 
Dependable Systems -Dependability Means (3/16)
Dependable Systems -Dependability Means (3/16)Dependable Systems -Dependability Means (3/16)
Dependable Systems -Dependability Means (3/16)Peter Tröger
 
Software reliability
Software reliabilitySoftware reliability
Software reliabilityBaptiste Wicht
 
Systematic Model based Testing with Coverage Analysis
Systematic Model based Testing with Coverage AnalysisSystematic Model based Testing with Coverage Analysis
Systematic Model based Testing with Coverage AnalysisIDES Editor
 
Ch 2 Apraoaches Of Software Testing
Ch 2 Apraoaches Of Software Testing Ch 2 Apraoaches Of Software Testing
Ch 2 Apraoaches Of Software Testing Prof .Pragati Khade
 

Recomendados

Software Reliability
Software ReliabilitySoftware Reliability
Software Reliabilityranapoonam1
 
Software archiecture lecture06
Software archiecture lecture06Software archiecture lecture06
Software archiecture lecture06Luktalja
 
Software Reliability Engineering
Software Reliability EngineeringSoftware Reliability Engineering
Software Reliability Engineeringguest90cec6
 
Software and Hardware Reliability
Software and Hardware ReliabilitySoftware and Hardware Reliability
Software and Hardware ReliabilitySandeep Patalay
 
Dependable Systems -Dependability Means (3/16)
Dependable Systems -Dependability Means (3/16)Dependable Systems -Dependability Means (3/16)
Dependable Systems -Dependability Means (3/16)Peter Tröger
 
Software reliability
Software reliabilitySoftware reliability
Software reliabilityBaptiste Wicht
 
Systematic Model based Testing with Coverage Analysis
Systematic Model based Testing with Coverage AnalysisSystematic Model based Testing with Coverage Analysis
Systematic Model based Testing with Coverage AnalysisIDES Editor
 
Ch 2 Apraoaches Of Software Testing
Ch 2 Apraoaches Of Software Testing Ch 2 Apraoaches Of Software Testing
Ch 2 Apraoaches Of Software Testing Prof .Pragati Khade
 
Analysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product LineAnalysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product LineDharmalingam Ganesan
 
Software Design for Testability
Software Design for TestabilitySoftware Design for Testability
Software Design for Testabilityamr0mt
 
Requirements Based Testing
Requirements Based TestingRequirements Based Testing
Requirements Based TestingSSA KPI
 
Software testing
Software testingSoftware testing
Software testingMahfuz1061
 
Software reliability tools and common software errors
Software reliability tools and common software errorsSoftware reliability tools and common software errors
Software reliability tools and common software errorsHimanshu
 
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012TEST Huddle
 
Design for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersDesign for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersTechWell
 
Design for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersDesign for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersTechWell
 
Verifying Architectural Design Rules of a Flight Software Product Line
Verifying Architectural Design Rules of a Flight Software Product LineVerifying Architectural Design Rules of a Flight Software Product Line
Verifying Architectural Design Rules of a Flight Software Product LineDharmalingam Ganesan
 
Software cost estimation
Software cost estimationSoftware cost estimation
Software cost estimationdjview
 
Software Engineering Sample Question paper for 2012
Software Engineering Sample Question paper for 2012Software Engineering Sample Question paper for 2012
Software Engineering Sample Question paper for 2012Neelamani Samal
 
Software engineering 23 software reliability
Software engineering 23 software reliabilitySoftware engineering 23 software reliability
Software engineering 23 software reliabilityVaibhav Khanna
 
Chen.tim
Chen.timChen.tim
Chen.timNASAPMC
 
Fundamental of testing
Fundamental of testingFundamental of testing
Fundamental of testingDr. Ahmed Al Zaidy
 
Software reliability & quality
Software reliability & qualitySoftware reliability & quality
Software reliability & qualityNur Islam
 
Michael.aguilar
Michael.aguilarMichael.aguilar
Michael.aguilarNASAPMC
 
Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Sung Kim
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityAnn Marie Neufelder
 
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...Mahindra Satyam
 
Defect removal effectiveness
Defect removal effectivenessDefect removal effectiveness
Defect removal effectivenessRoy Antony Arnold G
 
Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Peter Tröger
 
Bm 9 marketing element for be and csr
Bm 9 marketing element for be and csrBm 9 marketing element for be and csr
Bm 9 marketing element for be and csrphysics101
 

Mais conteúdo relacionado

Mais procurados

Analysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product LineAnalysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product LineDharmalingam Ganesan
 
Software Design for Testability
Software Design for TestabilitySoftware Design for Testability
Software Design for Testabilityamr0mt
 
Requirements Based Testing
Requirements Based TestingRequirements Based Testing
Requirements Based TestingSSA KPI
 
Software testing
Software testingSoftware testing
Software testingMahfuz1061
 
Software reliability tools and common software errors
Software reliability tools and common software errorsSoftware reliability tools and common software errors
Software reliability tools and common software errorsHimanshu
 
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012TEST Huddle
 
Design for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersDesign for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersTechWell
 
Design for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersDesign for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersTechWell
 
Verifying Architectural Design Rules of a Flight Software Product Line
Verifying Architectural Design Rules of a Flight Software Product LineVerifying Architectural Design Rules of a Flight Software Product Line
Verifying Architectural Design Rules of a Flight Software Product LineDharmalingam Ganesan
 
Software cost estimation
Software cost estimationSoftware cost estimation
Software cost estimationdjview
 
Software Engineering Sample Question paper for 2012
Software Engineering Sample Question paper for 2012Software Engineering Sample Question paper for 2012
Software Engineering Sample Question paper for 2012Neelamani Samal
 
Software engineering 23 software reliability
Software engineering 23 software reliabilitySoftware engineering 23 software reliability
Software engineering 23 software reliabilityVaibhav Khanna
 
Chen.tim
Chen.timChen.tim
Chen.timNASAPMC
 
Software reliability & quality
Software reliability & qualitySoftware reliability & quality
Software reliability & qualityNur Islam
 
Michael.aguilar
Michael.aguilarMichael.aguilar
Michael.aguilarNASAPMC
 
Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Sung Kim
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityAnn Marie Neufelder
 
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...Mahindra Satyam
 

Mais procurados (20)

Analysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product LineAnalysis of Testability of a Flight Software Product Line
Analysis of Testability of a Flight Software Product Line
 
Software Design for Testability
Software Design for TestabilitySoftware Design for Testability
Software Design for Testability
 
Requirements Based Testing
Requirements Based TestingRequirements Based Testing
Requirements Based Testing
 
Software testing
Software testingSoftware testing
Software testing
 
Software reliability tools and common software errors
Software reliability tools and common software errorsSoftware reliability tools and common software errors
Software reliability tools and common software errors
 
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
 
Design for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersDesign for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and Testers
 
Design for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and TestersDesign for Testability: A Tutorial for Devs and Testers
Design for Testability: A Tutorial for Devs and Testers
 
Verifying Architectural Design Rules of a Flight Software Product Line
Verifying Architectural Design Rules of a Flight Software Product LineVerifying Architectural Design Rules of a Flight Software Product Line
Verifying Architectural Design Rules of a Flight Software Product Line
 
Software cost estimation
Software cost estimationSoftware cost estimation
Software cost estimation
 
Software Engineering Sample Question paper for 2012
Software Engineering Sample Question paper for 2012Software Engineering Sample Question paper for 2012
Software Engineering Sample Question paper for 2012
 
Software engineering 23 software reliability
Software engineering 23 software reliabilitySoftware engineering 23 software reliability
Software engineering 23 software reliability
 
Chen.tim
Chen.timChen.tim
Chen.tim
 
Fundamental of testing
Fundamental of testingFundamental of testing
Fundamental of testing
 
Software reliability & quality
Software reliability & qualitySoftware reliability & quality
Software reliability & quality
 
Michael.aguilar
Michael.aguilarMichael.aguilar
Michael.aguilar
 
Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliability
 
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
Software FMEA and Software FTA – An Effective Tool for Embedded Software Qual...
 
Defect removal effectiveness
Defect removal effectivenessDefect removal effectiveness
Defect removal effectiveness
 

Destaque

Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Peter Tröger
 
Bm 9 marketing element for be and csr
Bm 9 marketing element for be and csrBm 9 marketing element for be and csr
Bm 9 marketing element for be and csrphysics101
 
Bm 8 brand equity & management
Bm 8 brand equity & managementBm 8 brand equity & management
Bm 8 brand equity & managementphysics101
 
Bm 10 mr and e-marketing
Bm 10 mr and e-marketingBm 10 mr and e-marketing
Bm 10 mr and e-marketingphysics101
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance Systemprakashjjaya
 
Pen holder project
Pen holder projectPen holder project
Pen holder projectphysics101
 

Destaque (10)

Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)
 
Bm 9 marketing element for be and csr
Bm 9 marketing element for be and csrBm 9 marketing element for be and csr
Bm 9 marketing element for be and csr
 
Bm 8 brand equity & management
Bm 8 brand equity & managementBm 8 brand equity & management
Bm 8 brand equity & management
 
F6
F6F6
F6
 
Manuala hw
Manuala hwManuala hw
Manuala hw
 
F1
F1F1
F1
 
Availability Wrt Reliability
Availability Wrt ReliabilityAvailability Wrt Reliability
Availability Wrt Reliability
 
Bm 10 mr and e-marketing
Bm 10 mr and e-marketingBm 10 mr and e-marketing
Bm 10 mr and e-marketing
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance System
 
Pen holder project
Pen holder projectPen holder project
Pen holder project
 

Semelhante a Dependability Engineering 2 (CS 5032 2012)

Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013Ian Sommerville
 
Week 14 Unit Testing.pptx
Week 14 Unit Testing.pptxWeek 14 Unit Testing.pptx
Week 14 Unit Testing.pptxmianshafa
 
Dependable Systems -Software Dependability (15/16)
Dependable Systems -Software Dependability (15/16)Dependable Systems -Software Dependability (15/16)
Dependable Systems -Software Dependability (15/16)Peter Tröger
 
Galorath.dan
Galorath.danGalorath.dan
Galorath.danNASAPMC
 
Quality attributes in software architecture
Quality attributes in software architectureQuality attributes in software architecture
Quality attributes in software architectureGang Tao
 
Презентация
ПрезентацияПрезентация
Презентацияguest22d71d
 
Introduction to Software Testing
Introduction to Software TestingIntroduction to Software Testing
Introduction to Software TestingHenry Muccini
 
Software_Testing_Overview.pptx
Software_Testing_Overview.pptxSoftware_Testing_Overview.pptx
Software_Testing_Overview.pptxJayPrakash255
 
Testing In Software Engineering
Testing In Software EngineeringTesting In Software Engineering
Testing In Software Engineeringkiansahafi
 
Managing High Availability with Low Cost
Managing High Availability with Low CostManaging High Availability with Low Cost
Managing High Availability with Low CostDataLeader.io
 
the-top-ten-things-that-have-been-proven-to-effect-software-reliability-1.pdf
the-top-ten-things-that-have-been-proven-to-effect-software-reliability-1.pdfthe-top-ten-things-that-have-been-proven-to-effect-software-reliability-1.pdf
the-top-ten-things-that-have-been-proven-to-effect-software-reliability-1.pdfmattcs901
 
Topic production code
Topic production codeTopic production code
Topic production codeKavi Kumar
 
Software Testing Strategies
Software Testing StrategiesSoftware Testing Strategies
Software Testing StrategiesAlpana Bhaskar
 
02. Fault Tolerance Pattern 위한 mindset
02. Fault Tolerance Pattern 위한 mindset02. Fault Tolerance Pattern 위한 mindset
02. Fault Tolerance Pattern 위한 mindseteva
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategiesSHREEHARI WADAWADAGI
 

Semelhante a Dependability Engineering 2 (CS 5032 2012) (20)

Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013CS 5032 L8 dependability engineering 2 2013
CS 5032 L8 dependability engineering 2 2013
 
Week 14 Unit Testing.pptx
Week 14 Unit Testing.pptxWeek 14 Unit Testing.pptx
Week 14 Unit Testing.pptx
 
Dependable Systems -Software Dependability (15/16)
Dependable Systems -Software Dependability (15/16)Dependable Systems -Software Dependability (15/16)
Dependable Systems -Software Dependability (15/16)
 
Galorath.dan
Galorath.danGalorath.dan
Galorath.dan
 
Quality attributes in software architecture
Quality attributes in software architectureQuality attributes in software architecture
Quality attributes in software architecture
 
Презентация
ПрезентацияПрезентация
Презентация
 
Introduction to Software Testing
Introduction to Software TestingIntroduction to Software Testing
Introduction to Software Testing
 
Software_Testing_Overview.pptx
Software_Testing_Overview.pptxSoftware_Testing_Overview.pptx
Software_Testing_Overview.pptx
 
Testing In Software Engineering
Testing In Software EngineeringTesting In Software Engineering
Testing In Software Engineering
 
Managing High Availability with Low Cost
Managing High Availability with Low CostManaging High Availability with Low Cost
Managing High Availability with Low Cost
 
Lecture 21
Lecture 21Lecture 21
Lecture 21
 
the-top-ten-things-that-have-been-proven-to-effect-software-reliability-1.pdf
the-top-ten-things-that-have-been-proven-to-effect-software-reliability-1.pdfthe-top-ten-things-that-have-been-proven-to-effect-software-reliability-1.pdf
the-top-ten-things-that-have-been-proven-to-effect-software-reliability-1.pdf
 
Testing Plan
Testing PlanTesting Plan
Testing Plan
 
Topic production code
Topic production codeTopic production code
Topic production code
 
Coding
CodingCoding
Coding
 
Software Testing Strategies
Software Testing StrategiesSoftware Testing Strategies
Software Testing Strategies
 
02. Fault Tolerance Pattern 위한 mindset
02. Fault Tolerance Pattern 위한 mindset02. Fault Tolerance Pattern 위한 mindset
02. Fault Tolerance Pattern 위한 mindset
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategies
 

Mais de Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale SystemsIan Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems designIan Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITSIan Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITSIan Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 

Mais de Ian Sommerville (20)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 

Último

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Dependability Engineering 2 (CS 5032 2012)

  • 1. Dependability engineering Lecture 2 Dependability engineering, CSE, 2010 Slide 1
  • 2. Hardware fault tolerance • Depends on triple-modular redundancy (TMR). • Three identical components that receive the same input and whose outputs are compared. • If one output is different, it is ignored and component failure is assumed. • Based on most faults resulting from component failures rather than design faults and a low Dependability engineering, CSE, 2010 probability of simultaneous Slide 2
  • 3. Triple modular redundancy Dependability engineering, CSE, 2010 Slide 3
  • 4. N-version programming • Multiple versions of a software system carry out computations at the same time. There should be an odd number of computers involved, typically 3. • The results are compared using a voting system and the majority result is taken to be the correct result. • Approach derived from the notion of triple-modular redundancy, as used in hardware systems. Dependability engineering, CSE, 2010 Slide 4
  • 6. N-version programming • The different system versions are designed and implemented by different teams. It is assumed that there is a low probability that they will make the same mistakes. The algorithms used should but may not be different. • There is some empirical evidence that teams commonly misinterpret specifications in the same way and chose the same algorithms in their systems. Dependability engineering, CSE, 2010 Slide 6
  • 7. Software diversity • Approaches to software fault tolerance depend on software diversity where it is assumed that different implementations of the same software specification will fail in different ways. • It is assumed that implementations are (a) independent and (b) do not include common errors. • Strategies to achieve diversity – Different programming languages – Different design methods and tools – Explicit specification of different algorithms Dependability engineering, CSE, 2010 Slide 7
  • 8. Problems with design diversity • Teams are not culturally diverse so they tend to tackle problems in the same way • Characteristic errors – Different teams make the same mistakes. Some parts of an implementation are more difficult than others so all teams tend to make mistakes in the same place; • Specification errors; – If there is an error in the specification then this is reflected in all implementations; – This can be addressed to some extent by using multiple specification representations. Dependability engineering, CSE, 2010 Slide 8
  • 9. Specification dependency • Both approaches to software redundancy are susceptible to specification errors. If the specification is incorrect, the system could fail • This is also a problem with hardware but software specifications are usually more complex than hardware specifications and harder to validate. • This has been addressed in some cases by developing separate software specifications from the same user specification. Dependability engineering, CSE, 2010 Slide 9
  • 10. Improvements in practice • In principle, if diversity and independence can be achieved, multi-version programming leads to very significant improvements in reliability and availability. • In practice, observed improvements are much less significant but the approach seems leads to reliability improvements of between 5 and 9 times. • Are such improvements are worth the considerable extra development costs for multi-version programming? • Is it cheaper to increase the reliability of a single version using fault avoidance and fault detection techniques? Dependability engineering, CSE, 2010 Slide 10
  • 11. Dependable programming • Good programming practices can be adopted that help reduce the incidence of program faults. • These programming practices support – Fault avoidance – Fault detection – Fault tolerance Dependability engineering, CSE, 2010 Slide 11
  • 12. Good practice guidelines for dependable programming Dependable programming guidelines 1. Limit the visibility of information in a program 2. Check all inputs for validity 3. Provide a handler for all exceptions 4. Minimize the use of error-prone constructs 5. Provide restart capabilities 6. Check array bounds 7. Include timeouts when calling external components 8. Name all constants that represent real-world values Dependability engineering, CSE, 2010 Slide 12
  • 13. Control the visibility of information in a program • Program components should only be allowed access to data that they need for their implementation. • This means that accidental corruption of parts of the program state by these components is impossible. • You can control visibility by using abstract data types where the data representation is private and you only allow access to the data through predefined operations such as get () and put (). Dependability engineering, CSE, 2010 Slide 13
  • 14. Check all inputs for validity • All program take inputs from their environment and make assumptions about these inputs. • However, program specifications rarely define what to do if an input is not consistent with these assumptions. • Consequently, many programs behave unpredictably when presented with unusual inputs and, sometimes, these are threats to the security of the system. • Consequently, you should always check inputs before processing against the assumptions made about these inputs. Dependability engineering, CSE, 2010 Slide 14
  • 15. Validity checks • Range checks – Check that the input falls within a known range. • Size checks – Check that the input does not exceed some maximum size e.g. 40 characters for a name. • Representation checks – Check that the input does not include characters that should not be part of its representation e.g. names do not include numerals. • Reasonableness checks – Use information about the input to check if it is reasonable Dependability engineering, CSE, 2010 an extreme value. rather than Slide 15
  • 16. Provide a handler for all exceptions • A program exception is an error or some unexpected event such as a power failure. • Exception handling constructs allow for such events to be handled without the need for continual status checking to detect exceptions. • Using normal control constructs to detect exceptions needs many additional statements to be added to the program. This adds a significant overhead and is potentially error-prone. Dependability engineering, CSE, 2010 Slide 16
  • 18. Exception handling • Three possible exception handling strategies – Signal to a calling component that an exception has occurred and provide information about the type of exception. – Carry out some alternative processing to the processing where the exception occurred. This is only possible where the exception handler has enough information to recover from the problem that has arisen. – Pass control to a run-time support system to handle the exception. • Exception handling is a mechanism to provide some fault tolerance Dependability engineering, CSE, 2010 Slide 18
  • 19. Minimize the use of error-prone constructs • Program faults are usually a consequence of human error because programmers lose track of the relationships between the different parts of the system • This is exacerbated by error-prone constructs in programming languages that are inherently complex or that don’t check for mistakes when they could do so. • Therefore, when programming, you should try to avoid or at least minimize the use of these error- prone constructs. Dependability engineering, CSE, 2010 Slide 19
  • 20. Error-prone constructs • Unconditional branch (goto) statements • Floating-point numbers – Inherently imprecise. The imprecision may lead to invalid comparisons. • Pointers – Pointers referring to the wrong memory areas can corrupt data. Aliasing can make programs difficult to understand and change. • Dynamic memory allocation – Run-time allocation can cause memory overflow. Dependability engineering, CSE, 2010 Slide 20
  • 21. Error-prone constructs • Parallelism – Can result in subtle timing errors because of unforeseen interaction between parallel processes. • Recursion – Errors in recursion can cause memory overflow as the program stack fills up. • Interrupts – Interrupts can cause a critical operation to be terminated and make a program difficult to understand. • Inheritance – Code is not localised. This can result in unexpected behaviour when changes are made and problems of understanding the code. Dependability engineering, CSE, 2010 Slide 21
  • 22. Error-prone constructs • Aliasing – Using more than 1 name to refer to the same state variable. • Unbounded arrays – Buffer overflow failures can occur if no bound checking on arrays. • Default input processing – An input action that occurs irrespective of the input. – This can cause problems if the default action is to transfer control elsewhere in the program. In incorrect or deliberately malicious input can then trigger a program failure. Dependability engineering, CSE, 2010 Slide 22
  • 23. Provide restart capabilities • For systems that involve long transactions or user interactions, you should always provide a restart capability that allows the system to restart after failure without users having to redo everything that they have done. • Restart depends on the type of system – Keep copies of forms so that users don’t have to fill them in again if there is a problem – Save state periodically and restart from the saved state Dependability engineering, CSE, 2010 Slide 23
  • 24. Check array bounds • In some programming languages, such as C, it is possible to address a memory location outside of the range allowed for in an array declaration. • This leads to the well-known ‘bounded buffer’ vulnerability where attackers write executable code into memory by deliberately writing beyond the top element in an array. • If your language does not include bound checking, you should therefore always check that an array access is within the bounds of the array. Dependability engineering, CSE, 2010 Slide 24
  • 25. Include timeouts when calling external components • In a distributed system, failure of a remote computer can be ‘silent’ so that programs expecting a service from that computer may never receive that service or any indication that there has been a failure. • To avoid this, you should always include timeouts on all calls to external components. • After a defined time period has elapsed without a response, your system should then assume failure and take whatever actions are required to recover from this. Dependability engineering, CSE, 2010 Slide 25
  • 26. Name all constants that represent real-world values • Always give constants that reflect real-world values (such as tax rates) names rather than using their numeric values and always refer to them by name • You are less likely to make mistakes and type the wrong value when you are using a name rather than a value. • This means that when these ‘constants’ change (for sure, they are not really constant), then you only have to make the change in one place in your program. Dependability engineering, CSE, 2010 Slide 26
  • 27. Key points • Software diversity is difficult to achieve because it is practically impossible to ensure that each version of the software is truly independent. • Dependable programming relies on the inclusion of redundancy in a program to check the validity of inputs and the values of program variables. • Some programming constructs and techniques, such as goto statements, pointers, recursion, inheritance and floating-point numbers, are inherently error- prone. You should try to avoid these constructs when developing dependable systems. Dependability engineering, CSE, 2010 Slide 27