Page 382 -
P. 382

Chapter 13   References  365




                         13.8. Give two reasons why different versions of a system based around software diversity may fail
                              in a similar way.
                         13.9. Explain why you should explicitly handle all exceptions in a system that is intended to have a
                              high level of availability.
                        13.10. The use of techniques for the production of safe software, as discussed in this chapter,
                              obviously includes considerable extra costs. What extra costs can be justified if 100 lives
                              would be saved over the 15-year lifetime of a system? Would the same costs be justified if 10
                              lives were saved? How much is a life worth? Do the earning capabilities of the people affected
                              make a difference to this judgment?



                     REFERENCES

                         Avizienis, A. (1985). ‘The N-Version Approach to Fault-Tolerant Software’. IEEE Trans. on Software
                         Eng., SE-11 (12), 1491–501.
                         Avizienis, A. A. (1995). ‘A Methodology of N-Version Programming’. In Software Fault Tolerance.
                         Lyu, M. R. (ed.). Chichester: John Wiley & Sons. 23–46.
                         Boehm, B. (2002). ‘Get Ready for Agile Methods, With Care’. IEEE Computer, 35 (1), 64–9.
                         Brilliant, S. S., Knight, J. C. and Leveson, N. G. (1990). ‘Analysis of Faults in an N-Version Software
                         Experiment’. IEEE Trans. On Software Engineering, 16 (2), 238–47.
                         Dijkstra, E. W. (1968). ‘Goto statement considered harmful’. Comm. ACM., 11 (3), 147–8.

                         Hatton, L. (1997). ‘N-version design versus one good version’. IEEE Software, 14 (6), 71–6.
                         Knight, J. C. and Leveson, N. G. (1986). ‘An experimental evaluation of the assumption of
                         independence in multi-version programming’. IEEE Trans. on Software Engineering., SE-12 (1),
                         96–109.

                         Leveson, N. G. (1995). Safeware: System Safety and Computers. Reading, Mass.: Addison-Wesley.
                         Lindvall, M., Muthig, D., Dagnino, A., Wallin, C., Stupperich, M., Kiefer, D., May, J. and Kahkonen, T.
                         (2004). ‘Agile Software Development in Large Organizations’. IEEE Computer, 37 (12), 26–34.
                         Parnas, D. L., Van Schouwen, J. and Shu, P. K. (1990). ‘Evaluation of Safety-Critical Software’. Comm.
                         ACM, 33 (6), 636–51.
                         Pullum, L. L. (2001). Software Fault Tolerance Techniques and Implementation. Norwood, Mass.:
                         Artech House.

                         Storey, N. (1996). Safety-Critical Computer Systems. Harlow, UK: Addison-Wesley.
                         Torres-Pomales, W. (2000). ‘Software Fault Tolerance: A Tutorial.’
                         http://ntrs.nasa.gov/archive/nasa/casi./20000120144_2000175863.pdf.
   377   378   379   380   381   382   383   384   385   386   387