HardwareSoftware Success Failure Input Output

N-Version Programming Fault-Tolerant Programming Version 1 Version 2 Version N … Voter M Identical Outputs Correct Result Failure Recovery Blocks Scheme Version 1 AT Correct Result + - Version 2 AT Correct Result + - … Version N AT Correct Result + - Failure

t1t1 t1t1 t2t2 t3t3 t4t4 t5t5 t2t2 t3t3 t4t4 t5t5 TT failure success voting N-Version Programming M=3 Parallel Execution of Versions Consecutive Execution of Versions

Fault-Tolerant System Structure … … … Software Running on Different Hardware Blocks Software Running on Single Hardware Block

t 1 +t 4 t 1 +t t 1 +t 2 +t 3 +t t3t t3t L=1L=2 L=3L=4L=5 Effect of Parallel Versions Execution

Characteristics of Version Execution Time Computational Resources Reliability Characteristics of System Expected Execution Time E(T) Reliability Pr{ T < T* } Conditional Expected Execution Time E(T) | T < T* Reliability/Performance Analysis Problem

Distribution of System Execution Time Q(k/n)=Pr{ k out of n first versions succeed } i 1 : {1…n-k+1} i 2 : { i 1 +1 …n-k+2} Pj=Pr{ system succeeds after execution of version j } = r j Q(M-1/j-1)

UGF Approach Single version i: j first versions: For j = M: PMPM P j-1 PjPj

UGF Approach For each component c: P cM, P cM+1,…, P cn T cM, T cM+1,…, T cn For the entire system:

t1+t3t1+t Effect of Versions Sequencing t2+t4+t5t2+t4+t5 t3+t4t3+t4 t1+t2+t5t1+t2+t5 3-out-of-5 system

versions McMc ncnc No of component t r t r t r t r t r Parameters of Software System

R(300(E(T)E(T)T max T min Sequence of versionsProblem formulation No |132|54321|213|132 Min E(T) |312|43521|321|123 Max R(300) |123|12345|123|123 increasing t |213|52134|132|231 Max E(T) 4 Optimal Version Sequences

T* Software Structure Optimization R(T*) MAX |C < C* R(T*) MAX | C < C*

R(250)(T)E(T)ET max T min CSequence of versionsC* |541|37162|324| |241|64231|234| |431|31562|43| |241|4562|43|41100 Optimal Fault-Tolerant System Structures