[Next] [Previous] [Up] [Top]

2 Requirements

2.3 Dependability Specifications

The degree of fault tolerance a system requires can be specified quantitatively or qualitatively.

2.3.1 Quantitative Goals

A quantitative reliability goal is usually expressed as the maximum allowed failure-rate. For example, the reliability figure usually stated as a goal for computer systems in commercial aircraft is less than 10-9 failures per hour. The problem with stating reliability requirements in this manner is that it is difficult to know when it has been achieved. Butler has pointed out that standard statistical methods cannot be used to show such reliability with either standard or fault tolerant software [Butler 91]. It is also clear that there is no way to achieve confidence that a system meets such a reliability goal through random testing. Nevertheless, reliability goals are often expressed in this manner.

2.3.2 Qualitative Goals

An alternative method of specifying a system's reliability characteristics is to specify them qualitatively. Typical specifications would include:

Fail-safe
Design the system so that, when it sustains a specified number of faults, it fails in a safe mode. For instance, railway signalling systems are designed to fail so that all trains stop.

Fail-op
Design the system so that, when it sustains a specified number of faults, it still provides a subset of its specified behavior.

No single point of failure
Design the system so that the failure of any single component will not cause the system to fail. Such systems are often designed so that the failed component can be replaced or repaired before another failure occurs.

Consistency
Design the system so that all information delivered by the system is equivalent to the information that would be delivered by an instance of a non-faulty system.

2.3.1 - Quantitative Goals
2.3.2 - Qualitative Goals
A Conceptual Framework for Systems Fault Tolerance - 30 MAR 95
[Next] [Previous] [Up] [Top]

Generated with CERN WebMaker