Browse Prior Art Database

Fault Tolerant Programming

IP.com Disclosure Number: IPCOM000077574D
Original Publication Date: 1972-Aug-01
Included in the Prior Art Database: 2005-Feb-25
Document File: 4 page(s) / 52K

Publishing Venue

IBM

Related People

Elmendorf, WR: AUTHOR

Abstract

Described are techniques for providing and controlling redundancy in computer programs to render them tolerant of faults in programs and in the hardware.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 50% of the total text.

Page 1 of 4

Fault Tolerant Programming

Described are techniques for providing and controlling redundancy in computer programs to render them tolerant of faults in programs and in the hardware.

In masking program faults, there are two essential matters to consider: (1) the "permanence of a fault", and (2) its "consequence"; they form the two dimensions in the figure. The permanence is grouped as either "solid or intermittent", or "intermittent". The consequence is "inoperable resource", "incomplete execution", or "incorrect result".

The body of the figure identifies six types of program structures which, respectively, apply to the six possible combinations of "fault permanence" and "fault consequence".

These six types of program structures are analyzed along the bottom and right side of the figure into the "form of redundancy" and the "use of redundancy". The "use of redundancy" analysis is classified as: pooled results, pooled executions, and pooled resources. The pooled results analysis requires that execution can be completed without difficulty, though the results may be incorrect.

The pooled results analysis requires that multiple results be obtained and then compared with each other to judge the "correct" one (e.g. majority logic); externally-supplied reasonableness criteria may contribute to this judgement. The pooled-execution analysis initiates the execution of multiple redundant sequences; and any sequence to complete execution has its result accepted without challenge to its correctness, and all incomplete executions are ignored. The pooled resource analysis seeks to provide sufficient equivalent system resources, or sufficient equivalent accesses to a given resource, to assure the uninterrupted availability of the needed resource(s). These six types of methods are not mutually exclusive; composites of them can be constructed to handle composite fault-type expectations.

The figure includes two kinds of symbols which represent program resources in relation to a partially redundant program environment. The resources are: (1) a "sequence" (indicated in the figure by vvv) which is a segment of a program which is handled as a unit for execution, and (2) a "stimulus" (indicated in the figure by which is the point in the execution of a sequence represented by a pseudoinstruction counter.

Four program linkage types (designated as E, I, D and C) are necessary and sufficient to implement the six program structures in the figure. E (explosion) is the linkage point to the beginnings of a set of redundant stimuli. Oppositely, I (implosion) is the linkage point at the end of a set of redundant stimuli. It is also the point where the multiple sets of results are compared after redundant execution. D (divergence) is the linkage point to the beginnings of a set of redundant sequences. C (convergence) is the linkage point at the end of a set of redundant program sequences.

1

Page 2 of 4

The E linkage is executed in a program to cause the activation of...