- N-version programming
-
N-version programming (NVP), also known as multiversion programming, is a method or process in software engineering where multiple functionally equivalent programs are independently generated from the same initial specifications.[1] The concept of N-version programming was introduced in 1977 by Liming Chen and Algirdas Avizienis with the central conjecture that the "independence of programming efforts will greatly reduce the probability of identical software faults occurring in two or more versions of the program".[1][2] The aim of NVP is to improve the reliability of software operation by building in fault tolerance or redundancy.[1]
Contents
NVP approach
The general steps of N-version programming are:
- An initial specification of the intended functionality of the software is developed. The specification should unambiguously define: functions, data formats (which include comparison vectors, c-vectors, and comparison status indicators, cs-indicators), cross-check points (cc-points), comparison algorithm, and responses to the comparison algorithm.[1][2]
- From the specifications, two or more versions of the program are independently developed, each by a group that does not interact with the others.[1] The implementations of these functionally equivalent programs use different algorithms and programming languages.[1] At various points of the program, special mechanisms are built into the software which allow the program to be governed by the N-version execution environment (NVX).[2] These special mechanisms include: comparison vectors (c-vectors, a data structure representing the program's state), comparison status indicators (cs-indicators), and synchronization mechanisms.[1] The resulting programs are called N-version software (NVS).[2]
- Some N-version execution environment (NVX) is developed which runs the N-version software and makes final decisions of the N-version programs as a whole given the output of each individual N-version program.[2] The implementation of the decision algorithms can vary ranging from simple as accepting the most frequently occurring output (for instance, if a majority of versions agree on some output, then it is likely to be correct) to some more complex algorithm.[3]
Criticisms
- Researchers have argued that different programming teams can make similar mistakes.[4] In 1986, Knight & Leveson conducted an experiment to evaluate the assumption of independence in NVP, they found that the assumption of independence of failures in N-version programs failed statistically.[4][5][6]
- The weakness of an NVP program lies in the decision algorithm. The question of correctness of an NVP program depends partially on the algorithm the NVX uses to determine what output is "correct" given the multitude of outputs by each individual N-version program.[3] In theory, output from multiple independent versions is more likely to be correct than output from a single version.[3] However, there is debate whether or not the improvements of N-version development is enough to warrant the time, additional requirements, and costs of using the NVP method.[3]
Applications
N-version programming has been applied to software in switching trains, performing flight control computations on modern airliners, electronic voting (the SAVE System), and the detection of zero-day exploits, among other uses.[2][3][4]
See also
- Redundancy (engineering)
- Triple modular redundancy
- Data redundancy
- Fault tolerant design
- Reliability engineering
- Safety engineering
References
- ^ a b c d e f g N-Version Programming: A Fault-Tolerance Approach to Reliability of Software Operation, Liming Chen; Avizienis, A., Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'., Twenty-Fifth International Symposium on, Vol., Iss., 27-30 Jun 1995, Pages:113-
- ^ a b c d e f A.A. Avizienis, “The Methodology of N-version Programming”, Software Fault Tolerance, edited by M. Lyu, John Wiley & Sons, 1995.
- ^ a b c d e Liburd, Soyini. An N-version electronic voting system (Thesis). Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science, 2004.
- ^ a b c Lajos Nagy, Richard Ford, and William Allen. N-Version Programming for the Detection of Zero-day Exploits. The 2006 IEEE Topical Conference on Cybersecurity, Daytona Beach, Florida, April 2006.
- ^ Knight, J. C. and Leveson, N. G. 1986. An experimental evaluation of the assumption of independence in multiversion programming. IEEE Trans. Softw. Eng. 12, 1 (Jan. 1986), 96-109.
- ^ Knight, J. C. and Leveson, N. G. 1990. A reply to the criticisms of the Knight & Leveson experiment. SIGSOFT Softw. Eng. Notes 15, 1 (Jan. 1990), 24-35.
External links
Categories:
Wikimedia Foundation. 2010.