Skip to main content
SpringerLink
Log in

MLDD(Multi-Layered Design Diversity) architecture for achieving high design fault tolerance capabilities

  • Session 8: Software diversity
  • Conference paper
  • First Online:
Book cover Dependable Computing — EDCC-1 (EDCC 1994)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 852))

Included in the following conference series:

Abstract

The application of design diversity to multiple layers is a very promising way to achieve high tolerance to design faults. We proposed the MLDD (Multi-Layered Design Diversity) architecture that adopts design diversity with one set of specifications for each of three layers: the application program layer, the operating system layer and the hardware layer. An argument against using a common specification for an entire layer is that a flaw in the specification contaminates every implementation of the layer. The effectiveness of the MLDD architecture depends upon the assumption that the use of the same specification for developing multiple implementations of a layer does not lead to related errors. In this paper, we test the validity of this assumption using three commercial operating systems developed independently based on the ITRON2 specification.

In the MLDD architecture, each layer is provided with error detection, error masking and error recovery functions for dealing with errors originating in the layer. We describe the backward error recovery scheme for the operating system layer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. J. P. Kelly and A. Avizienis, “Fault tolerance by design diversity: Concepts and experiments,” IEEE Computer, pp. 67–80, 1984.

    Google Scholar 

  2. J. Sklaroff, “Redundancy management technique for space shuttle computers,” IBM Journal of Research and Development, pp. 20–28, 1976.

    Google Scholar 

  3. U. Voges, ed., Software Diversity in Computerized Control Systems. Springer-Verlag, 1988.

    Google Scholar 

  4. A. Avizienis, “Software fault tolerance,” Information Processing 89 (IFIP CONGRESS 1989), pp. 491–498, 1989.

    Google Scholar 

  5. B. Littlewood and D. R. Miller, “Conceptual modeling of coincident failures in multiversion software,” IEEE Transactions on Software Engineering, pp. 1596–1614, 1989.

    Google Scholar 

  6. A. Watanabe, H. Takada, and K. Sakamura, “The multi-layered design diversity architecture: Application of the design diversity approach to multiple system layers,” in Proceedings of the Ninth TRON Project Symposium, pp. 116–121, IEEE Computer Society Press, Dec. 1992.

    Google Scholar 

  7. K. S. Tso, A. Avizienis, and J. P. Kelly, “Error recovery in multi-version software,” 5th International Workshop on Safety of Computer Control Systems (SAFE-COMP'86), pp. 35–41, 1986.

    Google Scholar 

  8. B. Randell, “System structure for software fault tolerance,” IEEE Transactions on Software Engineering, pp. 220–232, 1975.

    Google Scholar 

  9. K. Sakamura, ed., The 8th TRON Project Symposium (International), 1991, IEEE Computer Society Press, Dec. 1991.

    Google Scholar 

  10. K. Sakamura, ed., The 9th TRON Project Symposium (International), 1992, IEEE Computer Society Press, Dec. 1992.

    Google Scholar 

  11. K. Sakamura, ed., The 10th TRON Project Symposium (International), 1993, IEEE Computer Society Press, Dec. 1993.

    Google Scholar 

  12. K. Sakamura, ITRON2 Specification. TRON Association, 1989.

    Google Scholar 

  13. K. Sakamura, Specification of the CHIP Based on the TRON Architecture. TRON Association, 1989.

    Google Scholar 

  14. A. Shimohara, T. Minohara, K. Kudoh, and H. Itoh, “REALOS/F32: Implementation of ITRON2 specification on Gmicro F32,” in TRON Project 1989 (K. Sakamura, ed.), pp. 33–43, Springer-Verlag, 1989.

    Google Scholar 

  15. S. Yamada, K. Horikoshi, T. Shimizu, and H. Takeyama, “HI32: An itronspecification operating system for the H32/200,” in TRON Project 1989 (K. Sakamura, ed.), pp. 77–97, Springer-Verlag, 1989.

    Google Scholar 

  16. H. Tsubota, O. Yamamoto, T. Shimizu, and K. Saitoh, “MR3210 based on ITRON2 specification realtime os,” in TRON Project 1989 (K. Sakamura, ed.), pp. 17–31, Springer-Verlag, 1989.

    Google Scholar 

  17. A. Yokozawa, K. Fukuoka, and K. Tamaru, “Considerations of the performance of a real-time os,” in TRON Project 1990 (K. Sakamura, ed.), pp. 25–42, Springer-Verlag, 1990.

    Google Scholar 

  18. T. Nishimukai, H. Inayoshi, K. Takagi, K. Iwasaki, I. Kawasaki, M. Hanayama, and T. Okada, “Cache-based pipeline architecture in the Hitachi H32/200 32-bit microprocessor,” in Proceedings of the International Conference on Computer Design, (Rye Brook, NY), pp. 102–105, Oct. 1988.

    Google Scholar 

  19. T. Kitahara and T. Satoh, “The Gmicro/300 32-bit microprocessor,” IEEE MICRO, vol. 10, pp. 68–75, June 1990.

    Article  Google Scholar 

  20. S. Matsui, M. Yamamoto, I. Kawasaki, S. Narita, F. Arakawa, K. Uchiyama, and K. Hashimoto, “Gmicro/500 microprocessor: Pipeline structure of superscalar architecture,” in Proceedings of the Ninth TRON Project Symposium (K. Sakamura, ed.), pp. 56–62, IEEE Computer Society Press, Dec. 1992.

    Google Scholar 

  21. J. P. Kelly and A. Avizienis, “A specification-oriented multi-version software experiment,” 13th International Symposium on Fault-Tolerant Computing (FTCS-13), pp. 120–126, 1983.

    Google Scholar 

  22. P. G. Bishop, D. G. Esp, M. Barnes, P. Humphreys, G. Dahll, and J. Lahti, “PODS — a project on diverse software,” IEEE Transactions on Software Engineering, pp. 929–940, 1986.

    Google Scholar 

  23. J. C. Kinght and N. G. Leveson, “An empirical study of failure probabilities in multi-version software,” 16th International Symposium on Fault-Tolerant Computing (FTCS-16), pp. 165–170, 1986.

    Google Scholar 

  24. J. C. Knight and N. G. Leveson, “An experimental evaluation of the assumption of independence in multiversion programming,” IEEE Transactions on Software Engineering, pp. 96–109, 1986.

    Google Scholar 

  25. S. S. Brilliant, J. C. Knight, and N. G. Leveson, “Analysis of faults in an N-version software experiment,” IEEE Transactions on Software Engineering. pp. 238–247, 1990.

    Google Scholar 

  26. K. Sakamura, ITRON Specification. TRON Association, 1987.

    Google Scholar 

  27. Y. Saito, H. Takada, and K. Sakamura, “Specifying and testing ITRON using a formal specification description language,” Proceedings of TRON Technical Workshop. vol. 4. pp. 63–74, Mar. 1992. in Japanese.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tokyo, 7-3-1, Hongo, Bunkyo-ku, Tokyo, Japan

    Aki Watanabe & Ken Sakamura

Authors
  1. Aki Watanabe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ken Sakamura
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Klaus Echtle Dieter Hammer David Powell

Rights and permissions

Reprints and permissions

Copyright information

© 1994 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Watanabe, A., Sakamura, K. (1994). MLDD(Multi-Layered Design Diversity) architecture for achieving high design fault tolerance capabilities. In: Echtle, K., Hammer, D., Powell, D. (eds) Dependable Computing — EDCC-1. EDCC 1994. Lecture Notes in Computer Science, vol 852. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58426-9_140

Download citation

  • DOI: https://doi.org/10.1007/3-540-58426-9_140

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-58426-1

  • Online ISBN: 978-3-540-48785-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation