Centre for Software Reliability

« Back.City » School of Informatics » Our organisation » CSR » Projects

• Informatics home
• Centre for Software Reliability
• About CSR
• Research Projects
• Publications
• Staff
• Academic Courses
• CPD and Short Courses
• Consultancy & Advisory Services
• National CSR
• Contact CSR
• CSR Site map

DISPO (DIverse Software PrOject)

Funded by British Energy, March 96 - December 2009

Funding to CSR, City University London: £880,000

Summary: Funding for diversity research in CSR, under what is now the CINIF programme, began in 1996 and continues to the present day. This work can be informally grouped into two main themes:

• work centred on diversity as a means to achieve systems dependability – particularly in the presence of faults in software: e.g. work on how to manage the pursuit of diversity that is useful to achieve diversity;
• work on the assessment of the dependability of diverse systems: e.g. as a means of obtaining confidence in a dependability claim as part of a safety case.

In the early part of the project, outputs included:

• Strategic advice to users: what can be expected in general
• ‘Independent faults’ models
• How effective is functional diversity?
• Is it better to use diversity or to seek high reliability in a single version?
• Advice on how to build diverse systems
• Advice on assessment and design for assessment
• Modeling reliability of a specific fault-tolerant program
• Bayesian inference for reliability estimation of fault-tolerant software
• The use of proof in diversity arguments
• Advice on diversity in the development process
• Application of diversity in software fault detection and removal

More recently, work on assessment of system dependability – i.e. work of most direct relevance to safety cases – has produced significant results:

• produced a set of valid conservative arguments based on binning of the demand space and/or on the “better among two versions” form of argument
• clarified the roles of various related dependability measures (pfd, probability of no safety-relevant fault, probability of survival) as these all lead to different forms of argument and the disparate kinds of evidence usually available are directly related to different measures
• demonstrated the risks of using arguments about averages, rather than distributions, in comparing system design options
• extended the modelling methods for diverse systems to “clear box” descriptions when each channel is made up of components
• We have clarified the roles of “confidence” and “diversity” in the arguments used in dependability
• shown (claim, confidence) pairs are the necessary output of a dependability case
• shown that simple assumptions about the efficacy of multi-legged arguments can be false
• produced a detailed mathematical model of a BBN for an idealized 2-legged argument

During the same period, work on achievement of diversity has clarified the roles of various “diversity seeking decisions” in the design process:

• produced a reasoned map of diversity seeking decisions (DSDs) in use and their roles in achieving diversity
• extended the previous LM model to rigorously answer whether introducing a specific form of “commonality” between two version development processes is guaranteed to bring either better system pfd or worse system pfd (an important special case is the selection of testing regimes)
• demonstrated by reasoning and an experiment that evidence about a DSD bringing fault diversity does not assure that that DSD is useful for system pfd

DISPO results released for publication are listed in our diversity research page.

Partners (until 1999): Safety Systems Research Centre (SSRC) - University of Bristol (UK).

CSR Personnel: Prof. Littlewood, Prof. Strigini, Prof. Bishop, Prof. Bloomfield and Dr. Popov.

Ex-DISPO Staff: Prof. Fenton, Mr Pizza and Dr Takang.

For further information on the above project, contact: Professor Bev Littlewood (bl@csr.city.ac.uk). Tel. 020 7040 8420 (from UK), or  +44 20 7040 8420 (outside UK)