TY - JOUR
T1 - On the effectiveness of a message-driven confidence-driven protocol for guarded software upgrading
AU - Tai, Ann T.
AU - Tso, Kam S.
AU - Alkalai, Leon
AU - Chau, Savio N.
AU - Sanders, William H.
N1 - Funding Information:
The authors are thankful to the anonymous reviewers for their helpful comments. The work reported in this paper was supported in part by NASA Small Business Innovation Research (SBIR) Contract NAS3-99125.
PY - 2001/4
Y1 - 2001/4
N2 - A methodology called guarded software upgrading (GSU) is proposed to accomplish dependable onboard evolution for long-life deep-space missions. The core of the methodology is a low-cost error containment and recovery protocol that escorts an upgraded software component through onboard validation and guarded operation, mitigating the effect of residual faults in the upgraded component. The message-driven confidence-driven (MDCD) nature of the protocol eliminates the need for costly process coordination or atomic action, yet guarantees that the system will reach a consistent global state upon the completion of the rollback or roll-forward actions carried out by individual processes during error recovery. To validate the ability of the MDCD protocol to enhance system reliability when a software component undergoes onboard upgrading in a realistic, non-ideal environment, we conduct a stochastic activity network model-based analysis. The results confirm the effectiveness of the protocol as originally surmised. Moreover, a comparative study reveals that the dynamic confidence-driven approach is superior to static approaches and is the key to the attainment of cost-effectiveness.
AB - A methodology called guarded software upgrading (GSU) is proposed to accomplish dependable onboard evolution for long-life deep-space missions. The core of the methodology is a low-cost error containment and recovery protocol that escorts an upgraded software component through onboard validation and guarded operation, mitigating the effect of residual faults in the upgraded component. The message-driven confidence-driven (MDCD) nature of the protocol eliminates the need for costly process coordination or atomic action, yet guarantees that the system will reach a consistent global state upon the completion of the rollback or roll-forward actions carried out by individual processes during error recovery. To validate the ability of the MDCD protocol to enhance system reliability when a software component undergoes onboard upgrading in a realistic, non-ideal environment, we conduct a stochastic activity network model-based analysis. The results confirm the effectiveness of the protocol as originally surmised. Moreover, a comparative study reveals that the dynamic confidence-driven approach is superior to static approaches and is the key to the attainment of cost-effectiveness.
UR - http://www.scopus.com/inward/record.url?scp=0035312037&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=0035312037&partnerID=8YFLogxK
U2 - 10.1016/S0166-5316(00)00054-7
DO - 10.1016/S0166-5316(00)00054-7
M3 - Article
AN - SCOPUS:0035312037
VL - 44
SP - 211
EP - 236
JO - Performance Evaluation
JF - Performance Evaluation
SN - 0166-5316
IS - 1-4
ER -