{"title":"在高保证控制应用中使用COTS软件","authors":"L. Sha","doi":"10.1109/HASE.1999.809485","DOIUrl":null,"url":null,"abstract":"The vast majority of COTS software components are not developed for high reliability applications. Using them directly in embedded systems with high reliability requirements could be hazardous, as shown in the incidents of Navy ships Yorktown, Vicksburg and USS Hue City.Challenges to Fault Avoidance Approach: Ensuring the reliability of COTS software at the users' site is not an easy task. COTS software components are not subject to customers' high assurance development processes. Customers can buy source code and then subject them to a high-assurance process and make any modifications that are needed. However, this is a high cost solution. Furthermore, once a COTS software component has been modified, it is unlikely compatible with vendors' future releases. As a result, most of the benefits of using COTS are lost. Therefore this approach - making proprietary modifications to COTS components - is inconsistent with the original motivation for their use.Challenges to Fault Tolerance Approach: There are basically two fault tolerance approaches: fault masking and forward recovery. Fault masking tries to prevent incorrect outputs from being used. For example, Recovery Block attempts to check if an output is correct before using it.Unfortunately, it is often difficult to determine the correctness of a computation without knowing what the correct answer is. Forward fault recovery attempts to recover after incorrect outputs are used and it is not suitable for all the applications. Nor is there a general domain independent approach to forward fault recovery.","PeriodicalId":369187,"journal":{"name":"Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Using COTS software in high assurance control applications\",\"authors\":\"L. Sha\",\"doi\":\"10.1109/HASE.1999.809485\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The vast majority of COTS software components are not developed for high reliability applications. Using them directly in embedded systems with high reliability requirements could be hazardous, as shown in the incidents of Navy ships Yorktown, Vicksburg and USS Hue City.Challenges to Fault Avoidance Approach: Ensuring the reliability of COTS software at the users' site is not an easy task. COTS software components are not subject to customers' high assurance development processes. Customers can buy source code and then subject them to a high-assurance process and make any modifications that are needed. However, this is a high cost solution. Furthermore, once a COTS software component has been modified, it is unlikely compatible with vendors' future releases. As a result, most of the benefits of using COTS are lost. Therefore this approach - making proprietary modifications to COTS components - is inconsistent with the original motivation for their use.Challenges to Fault Tolerance Approach: There are basically two fault tolerance approaches: fault masking and forward recovery. Fault masking tries to prevent incorrect outputs from being used. For example, Recovery Block attempts to check if an output is correct before using it.Unfortunately, it is often difficult to determine the correctness of a computation without knowing what the correct answer is. Forward fault recovery attempts to recover after incorrect outputs are used and it is not suitable for all the applications. Nor is there a general domain independent approach to forward fault recovery.\",\"PeriodicalId\":369187,\"journal\":{\"name\":\"Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1999-11-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HASE.1999.809485\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HASE.1999.809485","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using COTS software in high assurance control applications
The vast majority of COTS software components are not developed for high reliability applications. Using them directly in embedded systems with high reliability requirements could be hazardous, as shown in the incidents of Navy ships Yorktown, Vicksburg and USS Hue City.Challenges to Fault Avoidance Approach: Ensuring the reliability of COTS software at the users' site is not an easy task. COTS software components are not subject to customers' high assurance development processes. Customers can buy source code and then subject them to a high-assurance process and make any modifications that are needed. However, this is a high cost solution. Furthermore, once a COTS software component has been modified, it is unlikely compatible with vendors' future releases. As a result, most of the benefits of using COTS are lost. Therefore this approach - making proprietary modifications to COTS components - is inconsistent with the original motivation for their use.Challenges to Fault Tolerance Approach: There are basically two fault tolerance approaches: fault masking and forward recovery. Fault masking tries to prevent incorrect outputs from being used. For example, Recovery Block attempts to check if an output is correct before using it.Unfortunately, it is often difficult to determine the correctness of a computation without knowing what the correct answer is. Forward fault recovery attempts to recover after incorrect outputs are used and it is not suitable for all the applications. Nor is there a general domain independent approach to forward fault recovery.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
