On the effectiveness of a message-driven confidence-driven protocol for guarded software upgrading

Ann T. Tai, Kam S. Tso, Leon Alkalai, Savio N. Chau, William H. Sanders

Research output: Contribution to journalArticlepeer-review


A methodology called guarded software upgrading (GSU) is proposed to accomplish dependable onboard evolution for long-life deep-space missions. The core of the methodology is a low-cost error containment and recovery protocol that escorts an upgraded software component through onboard validation and guarded operation, mitigating the effect of residual faults in the upgraded component. The message-driven confidence-driven (MDCD) nature of the protocol eliminates the need for costly process coordination or atomic action, yet guarantees that the system will reach a consistent global state upon the completion of the rollback or roll-forward actions carried out by individual processes during error recovery. To validate the ability of the MDCD protocol to enhance system reliability when a software component undergoes onboard upgrading in a realistic, non-ideal environment, we conduct a stochastic activity network model-based analysis. The results confirm the effectiveness of the protocol as originally surmised. Moreover, a comparative study reveals that the dynamic confidence-driven approach is superior to static approaches and is the key to the attainment of cost-effectiveness.

Original languageEnglish (US)
Pages (from-to)211-236
Number of pages26
JournalPerformance Evaluation
Issue number1-4
StatePublished - Apr 2001

ASJC Scopus subject areas

  • Software
  • Modeling and Simulation
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'On the effectiveness of a message-driven confidence-driven protocol for guarded software upgrading'. Together they form a unique fingerprint.

Cite this