On the effectiveness of a message-driven confidence-driven protocol for guarded software upgrading

In order to accomplish dependable onboard evolution, we develop a methodology which is called 'guarded software upgrading' (GSU). The core of the methodology is a low-cost error containment and recovery protocol that escorts an upgraded software component through onboard validation and guarded operation, safeguarding mission functions. The message-driven confidence-driven (MDCD) nature of the protocol eliminates the need for costly process coordination or atomic action, yet guarantees that the system will reach a consistent global state upon the completion of the rollback or roll-forward actions carried out by individual processes during error recovery. To validate the ability of the MDCD protocol to enhance system reliability when a software component undergoes onboard upgrading in a realistic, non-ideal environment, we conduct a stochastic activity network model based analysis. The results confirm the effectiveness of the protocol as originally surmised. Moreover, the model-based analysis provides useful insight about the system behavior resulting from the use of the protocol under various conditions in its execution environment, facilitating effective use of the protocol.