Diversity and Multi-Version Systems

Diversity and Multi-Version Systems

Alexander Siora, Vladimir Sklyar, Vyacheslav Kharchenko, Eugene Brezhnev
DOI: 10.4018/978-1-5225-1933-1.ch026
(Individual Chapters)
No Current Special Offers


To protect safety-critical systems from common-cause failures that can lead to potentially dangerous outcomes, special methods are applied, including multi-version technologies operating at different levels of diversity. A model representing different diversity types during the development of safety-critical systems is suggested. The model addresses diversity types that are the most expedient in providing required safety. The diversity of complex electronic components (FPGA, etc.), printed circuit boards, manufacturers, specification languages, design, and program languages, etc. are considered. The challenges addressed are related to factors of scale and dependencies among diversity types, since not all combinations of used diversity are feasible. Taking these dependencies into consideration, the model simplifies the choice of diversity options. This chapter presents a cost effective approach to selection of the most diverse NPP Reactor Trip System (RTS) under uncertainty. The selection of a pair of primary and secondary RTS is named a diversity strategy. All possible strategies are evaluated on an ordinal scale with linguistic values provided by experts. These values express the expert's degree of confidence that evaluated variants of secondary RTS are different from primary. All diversity strategies are evaluated on a set of linguistic diversity criteria, which are included into a corresponding diversity attribute. The generic fuzzy diversity score is an aggregation of the linguistic values provided by the experts to obtain a collective assessment of the secondary RTS's similarity (difference) with a primary one. This rational diversity strategy is found during the exploitation stage, taking into consideration the fuzzy diversity score and cost.
Chapter Preview


In a modern world, there are many various regulations, which, in general case, cover the most important areas widely used by the mankind. It is possible to distinguish those related (in some way) to safety important I&C systems, grouped into several sets to cover general issues of critical I&C systems at various lifecycle stages (including their development, operation and maintenance), security, as well as covering various technology-related aspects.

Application of the modern information and electronic technologies and component-based approaches to development in critical areas, on the one hand, improve reliability, availability, maintainability and safety characteristics of digital I&Cs. On the other hand, these technologies cause additional risks or so-called safety deficits. Microprocessor (software)-based systems are typical example in that sense. Advantages of this technology are well-known, however a program realization may increase CCF probability of complex software-based I&Cs. Software faults and design faults as a whole are the most probable reason of CCFs. These faults are replicated in redundant channels and cause a fatal failure of computer-based systems. It allows to conclude that “fault-tolerant” system with identical channels may be “non-tolerant” or “not enough tolerant” to design faults. For example, software design faults caused more than 80% failures of computer-based rocket-space systems, which were fatal in 1990 years (Kharchenko et al., 2003) and caused 13% emergencies of space systems and 22% emergencies of carrier rockets (Tarasyuk et al., 2011).

Complete Chapter List

Search this Book: