Issue No. 09 - Sept. (1986 vol. 12)
Peter G. Bishop , Central Electricity Research Laboratories, UK Central Electricity Generating Board, Surrey KT22 7SE, England
David G. Esp , Central Electricity Research Laboratories, UK Central Electricity Generating Board, Surrey KT22 7SE, England
Mel Barnes , UK Atomic Energy Authority
Peter Humphreys , UK Atomic Energy Authority
Gustav Dahll , Institute for Energy
Jaakko Lahti , Technical Research Center of Finland
The Project On Diverse Software (PODS) was a collaborative software reliability research project whose main objectives were: • To evaluate the merits of using diverse (or n-version) software. • To evaluate the computer-based specification language “X”. • To compare the effects of representative high-level and low-level languages on productivity and reliability. In addition, there was a secondary objective to monitor the software development process, with particular reference to the creation and detection of software faults. To achieve these objectives, an experiment was mounted which simulated a normal software development process to produce three diverse programs to the same requirement. The requirement was for a reactor over-power protection (trip) system. Diversity was ensured by having three independent teams to produce the software, using different specification methods (formal and informal) and different implementation languages (assembly language and Fortran). This also allowed the comparison of specification methods and programming languages to be made. After careful independent development and testing, the three programs were tested against each other in a special test harness to locate residual faults. All phases of the project were carefully documented for subsequent analysis. The major conclusions for this particular project were that: • Diverse software with majority voting failed less frequently than any individual program, but some common faults did exist at the end of normal software development. • Testing diverse programs “back-to-back” proved to be a powerful method of detecting residual faults. • The residual faults were all related to the specification of requirements, and hence, the requirement specification was the only known cause of common mode failure.
Software, Testing, Inductors, Specification languages, Software reliability, Documentation, Quality assurance, X, Fault classification, n-version programming, PODS, programming languages, reactor protection, software diversity, software faults, software reliability, specification languages
P. G. Bishop, D. G. Esp, M. Barnes, P. Humphreys, G. Dahll and J. Lahti, "PODS — A project on diverse software," in IEEE Transactions on Software Engineering, vol. 12, no. , pp. 929-940, 1986.