Fault Tree Aalyss of Software Relablty Allocato Jawe XIANG, Kokch FUTATSUGI School of Iformato Scece, Japa Advaced Isttute of Scece ad Techology - Asahda, Tatsuokuch, Ishkawa, 92-292 Japa ad Yaxag HE Computer School, Wuha Uversty Wuha, Hube, 40072 Cha ABSTRACT Tradtoal methods for Software Relablty Allocato (SRA) ofte suffer from laggg behd system desg stage, qute complexty, cosderable subectvty, or badly rely o the experetal data, so the accuracy ad effectveess of the result s doubtful. Our goal s to develop a set of methods that address these weakesses. I ths paper, we propose a ovel method to gude software relablty allocato by usg software fault tree aalyss (SFTA). Wth respect to the mult-user oreted software, we troduce a ew algorthm to fgure out each compoet s mportace, ad establsh a ew relablty allocato model based o software utlty ad total developmet cost. Keywords: Software Relablty Allocato, Software Fault Tree Aalyss, Mmal Cut Set, Software Utlty.. INTRODUCTION Software Relablty Allocato (SRA) s a mportat process software relablty egeerg, t deals wth the settg of relablty goals for dvdual compoets such that a specfed system relablty goal s met ad the compoet goals are well balaced amog themselves []. But most of the exstg software relablty models estmate the relablty of software the testg ad operatoal stages, after the completo of the tal stage of product developmet. These models aswer the questo: how relable s the system? They could ot aswer the questo: how relable should system compoets be? They provde o gudace o how much tme ad effort should be sped o dfferet compoets of the product the plag, desg, ad early codg ad developmet stages, the stages are crucal to subsequet relablty of the system. Hece they could have hardly ay mpact o the plag ad desg stages of software proect. A umber of relablty allocato models have bee developed. Fatemeh Zahed ad Noush Ashraf cotrbuted a SRA model based o system structure, utlty, prce ad cost, by usg the method of Aalytc Herarchy Process (AHP) [2, ], ad the relablty of each module s derved from the herarchy of user utlty, fucto, program ad module, ot by the heret relablty relatoshps amog the system modules ad the actual relablty demad of each module; Oded Berma ad Noush Ashraf proposed four optmzato models for relablty of modular software systems [4], but t oly draws the atteto o how to make a optmal selecto out of a avalable pool of modules wth kow relablty ad cost, gve o gudace o how to allocate relablty to system modules the plag ad desg stage of the system; Mchael R.lyu dscussed optmzato methods of relablty allocato ad testg schedule for software systems wth sgle or multple applcatos [5], but t also does ot fgure out teral relatoshps amog system modules, whch s very mportat to guld the relablty allocato. Software Fault Tree Aalyss (SFTA) s a method for detfyg ad documetg the combatos of lower-level software evets that allow a top-level evet (or root ode) to occur. Whe the root ode s a hazard, the SFTA asssts the requremets process by descrbg the ways whch the system ca reach that usafe state []. The safety requremets for the system ca the be derved from the software fault tree, ether drectly [7][8] or drectly va a shared model [9]. I the work descrbed here, we use SFTA to assst aalyzg ad verfyg the logc relatoshp of the system modules ad ther respectve relablty requremets. Based o these aalyses, we preset a ovel algorthm to allocate the software relablty, ad ca solve the problem amog the system relablty obect, total developmet cost, ad the utlty of mult-user oreted software. The rest of the paper s orgazed as follows. Secto 2 provdes some backgroud kowledge of SFTA. Secto elaborates a fast relablty allocato model based o SFTA. Secto 4 dscusses how to defe each module s mportace of mult-user oreted software. Secto 5 presets a effcet relablty allocato algorthm, whch s based o the software utlty ad total developmet cost. Secto cotas cocludg remarks. 2. BACKGROUND OF SFTA Fault Trees Aalyss (FTA) have bee wdely used for relablty aalyss for years. They were frst developed the 90s to facltate aalyss of the Mutema mssle system [0] ad have bee supported by a rch body of research sce ther cepto.
Software Fault Tree Aalyss (SFTA) s a method for detfyg ad documetg the combatos of lower-level software evets that allow a top-level evet (or root ode) to occur. Whe the root ode s hazard, the FTA asssts the requremets process by descrbg the ways whch the system ca reach that usafe state []. To aalyze the software relablty by usg the SFTA techology, frst we should defe the most udesrable evet as the root evet. All the root evets make up a root evets table, or call t a key fault evets table. For each root evet the table, s correspodg to a Fault Tree. By the logc relatoshps amog the compoets of the program, we ca aalyze what modules or seteces (mddle evets) may cause the root evet to occur. Cotue to aalyze the mddle evets utl we reach a sgle setece or a stop codto, amely reach the basc evet. The, based o these aalyses above, we ca draw the Fault Tree of the software. A cut set s a set of basc evets whose occurrece causes the system to fal []. A cut set s called a mmum cut set f t caot be reduced ad ca stll cause the system to fal []. A mmum cut set of a fault tree gves a mmum set of successful evets ecessary to satsfy the root. To get the mmum cut set, we troduce a top-dow algorthm, Fuseell-vesely algorthm [2]. ) From the root evet dowwards gradually, lst evets accordg to dfferet logc relatoshps. 2) If a gate below the root evet s a OR gate, the lst the put evets to dfferet rows. If t s a AND gate, the lst the put evets to oe row. ) Wth respect to the mddle evet, G, regard t as a root evet step, ad repeat the step 2, utl reach the basc evet. 4) Fally we get some sets of evets, they are the whole cut sets of the fault tree. 5) To get the mmum cut sets from the whole cut sets step (4), frst we arrage all the cut sets accordg to the umber of ther elemets, ad let each cut set be a product of basc evets. The to use the relatoshps of the evets below to absorb the redudat cut sets. At last, we get the mmum cut sets. A+A=A A+AB=A AA=A Leveso ad Harvey have also show that SFTA ca be performed at varous levels ad stages of software developmet. The hghest level of aalyss s the fuctoal descrpto. At the lowest level of vestgato SFTA aalyss the program code. I ths paper, we use SFTA at the level of fucto module, to aalyze ad vestgate the heret relablty relatoshps ad requremets of system modules. I our curret work, wth respect to software system, we regard ts fucto module/compoet as the basc evet, ad let the evet of system falure as the root evet. The, resortg to SFTA, we ca fd whch modules are more mportat, ad should be allocated hgher relablty & safety, because they are easer to make the system to fal f they are urelable.. FAULT TREE ANALYSIS OF SOFTWARE RELIABILITY ALLOCATION Presume that the maxmum acceptable Falure Rate (FR) s F, ad the system cossts of modules, let them be: m, m2,, m. By usg SFTA, we get x mmum cut sets. The we preset a algorthm below []. Algorthm If oe mmum cut set cotas modules, the the maxmum FR of each module ths mmum cut set s G G m m 2 Fm (=,2,,) () x If there exst tersectos the mmum cut sets, that s to say, the result of may have k dfferet values, let them be F y, y, 2, y m k. The we defe m T (,,,, ) F = M y y y y (2) 2 k It should be metoed that our algorthm s a geometrc mea algorthm some sese, whch s the reverse process of the tradtoal aalyss of software falure rate by usg SFTA [4]. The tradtoal method ca solve ths problem: gve pre-specfed or kow falure rate of each module (these data ca get from software testg stage), ca aalyze the falure rate of software system qualty ad quatty. Our dea s ust the verse method, gve the relablty requremet of software system the software plag or desg stage, try to determe ad vestgate each module s relablty ad ther heret relatoshps. To our kowledge, we are the frst to propose a relablty allocato algorthm by usg SFTA. I our algorthm, the results of F m are gotte by geometrc mea algorthm, ad may have lttle devato. But the process of aalyzg software fault tree, we ca gve software egeer (SE) a comprehesve uderstadg of the structure of software system ad relablty requremet of each module, help them to kow whch modules are most/more mportat modules (key module) ad allocate hgher relablty to these modules. Compared to the tradtoal methods, such as AHP oly get relatve weghts from users, our method s more reasoable ad relable, the devato s trflg ad acceptable. To expla the algorthm detal, let s frst exame a example. (Root Evet) (OR Gate) G 2 m G 4 G 5 (Mddle Evet) (AND Gate) m 4 m 5 m m Fgure : A fault tree as rug example Example : If a software system cossts of sx modules, let them be: m, m2, m, m4, m5, m. The system demads that the maxmum FR, F 0.0. How should we allocate the
Relablty to each module? The fault tree of the software system s gve above fgure. By usg Fuseell-vesely algorthm, frst we derve the whole cut sets of the fault tree fgure, K = { m }, K = { m, m }, K = { m, m, m }, K = { m, m, m }. But 2 2 4 5 4 4 5 m = m + mm4m5, or aother word, K s a subset of K, so fally we get three mmum cut sets, { m },{ m, m },{ m, m, m }. 2 4 5 The by usg Eq. (), we get the results: F F m = 0.0 m m2 2 = F = 0. Fm = F 0.25 4 m = F 5 m = That s to say, the maxmum FR of each module s (0.,0., 0.0,0.25,0.25,0.25), so ther relablty must be (0.9, 0.9,0.99,0.785,0.785,0.785). Aalyss: SFAT of software relablty allocato s very vsual, smple ad effectve. Not oly t ca be used the level of system aalyss, but also the level of subsystem ad module aalyss. Because the process of costructg software fault tree tself s a thorough comprehesve uderstadg process to the system, t requres that the SE must grasp the heret relatoshps amog system modules, make clear the fluece of each potetal usafe factor, so the result data of relablty s more ratoal. I addto, SFAT s a graphc deductve method, shows the system heret relatoshp clearly, whch make t very easy to fd the key modules ad allocate relablty vsually. Based o the defto of mmum cut set ad the aalyss above, we ca get a mportat ferece, f the umber of the module the mmum cut set s fewer, the the module the mmum cut set should be allocated hgher relablty. I example, because the umber of the module K < K2 < K4, we ca quckly get the cocluso: m s the key module or the most mportat module of the system, ad should be allocated hghest relablty, whle m4, m5, m could be allocated lower relablty correspodg to m. 4. DEFINE THE MODULE IMPORTANCE From the vewpot of the user, they are more cocered about the software utlty. Especally mult-user oreted software, because the mportace of each module may dfferet from dfferet user s (user group s) vewpot, so we must fd a way to affrm the relatve mportace of each module. Defto: Utlty s a cocept from the pot of vew of users. It refers to the depedablty whch user uses the software to acheve dfferet fuctos. Whe the utlty s hgh, t shows that the software qualty s also good. Gve a software cotas fucto modules, { m, m2,, m }, ts utlty s: (, ) = + 2 2 + + U r w w R w R w R () Where w s the mportace of module, the relatve mportace from the users vew the total assessmet of the software, ther value ca be derved by requremet aalyss. R s the relablty of module. For geeralty, defe 0< w < ad w =. = To get the value of method below [5]. w more obectvely, we adopt the Suppose software orets k users ad cotas modules, dog a survey to each module mportace by users. The arrage the result lst by descedg sequece of the module mportace. The result lst of user s lke { m, m 2,, m,,, m m}, where m deotes ay oe module of { m, m2,, m }. So, we ca get k result lsts below. { m, m,, m,, m, m } 2 { m, m,, m,, m, m } 2 2 2 2 2 2 { m, m,, m,, m, m } k k k k k 2 The, by defg the mportace value of the ordered modules as {,,,,, }, we ca get the 2 4 8 2 2 mportace value of module, where ϕ s the mportace value of module gve by user. w = = (4) k wm ϕ k = I addto, the results maybe show that dfferet modules may have the same mportace value, but t s a acceptable ormal stace. Let us demostrate ths algorthm wth a smple example. Example 2: Suppose a software system cotas sx modules: { m, m2, m, m4, m5, m }, vestgate ther relatve mportace from three dfferet users (user groups), ad get ther respectve result of mportace order as follows: { m, m, m2, m4, m5, m } ; { m2, m, m4, m, m, m 5} ; { m, m, m2, m, m5, m 4}. So, we ca fgure out: 2 = = ( + + ) = = = 0.27 2 4 48 9 w w m
24 = = ( + + ) = = = 0.250 8 2 8 4 9 w2 w m 2 2 = = ( + + ) = = = 0. 4 4 2 9 w w m 7 = = ( + + ) = = 0.07 8 2 9 w4 w m 4 = = ( + + ) = = = 0.0 2 2 2 2 9 w5 w m 5 4 w = w m = ( + + ) = = 0.042 2 2 9 Ad we ca valdate that the costrat = w = s true. 5. RELIABILITY ALLOCATION MODEL OF MULTI-USER ORIENTED SOFTWARE BASED ON SOFTWARE UTILITY & COST Geeral speakg, the software developg cost could ot overrus the budget, C *, Whle t should esures that the software utlty as hgher as possble. If software cotas fucto modules, { m, m2,, m }, by usg SFTA get x mmum cut sets, K (=,2,,x). Let F be the FR of module, (=,2,,), R be the Relablty of module, where R = F, ad F be the FR of the whole system. By usg the method troduced above secto, got the mportace value of each module, ( w, w2,, w ), the, we have the software relablty allocato algorthm below [5]: Algorthm 2 (Software Relablty Allocato Model) Obect fucto: Costrats: max[ U = wr ] (5) R u R l = a + c R α v * ( a + c R) C () = I Eq. (), u s the upper lmt relablty of module, ad l s the lower lmt; a deotes the commoly cost gve to module by the costrat R, c s the adustable cost; α s equal to the value of mus the proft rate, whch the vedor expected; v s the sellg prce, so α v s the estmated developg cost of module, ad ts actual cost should ot exceed t. How to decde the sellg prce of module? Let V be the prce that the user would lke to pay for the software, ad the survey process of software evaluatg by the user, we have got the relatve global sgfcace of module, w, so the mplct prce of module s: v = w V (7) Whe the software s developed ad dstrbuted batches or for mass market, the V Eq. (7) s replaced by yv, where y s the estmate umber of copes of the software wll be sold. The fourth costrat Eq. () s the resource cotrol codto of the whole proect, where C * s the avalable developg resource, the whole cost of relablty must less tha t. There are oe lear obect fucto ad + lear costrats algorthm 2. It s a lear costraed optmzato problem. May software products for optmzato ca solve ths lear optmzato problem, ad most maframe computers have lear algorthms ther optmzato packages. Oe also ca fd PC software packages for solvg ths problem. For stace, GAMS [] s a example of a product avalable o both PC ad Maframe, or try http://gams.st.gov/ for Gude to Avalable Mathematcal Software. I ths paper, we suggest adoptg Geetc Algorthms [7, 8, 9, 20, 2] to solve ths problem. By the heret advatages of global optmzato ad mplct parallelsm of Geetc Algorthms, we ca solve the costraed optmzato problem effectvely whle other algorthms may be hard to ths problem, whch help us to use SFTA quattatve aalyss more coveetly ad effectvely. Let us demostrate the applcato of the relablty allocato model wth a smple example. Example : Suppose a software system cotas sx fucto modules, desged or developed for three ma user groups. Its aalyss of software fault tree ad calculato of module mportace are fgured out as example ad example 2 above. Assume the cash resource for the proect developmet s estmated to be $25,000. The proft mark up for ths proect * s 50%, so we get α = 0.5 ad C = 25,000. Assume the software system demads that the maxmum FR, F 0.0, how do we allocate relablty to each module, whle maxmally satsfed the users demad of software utlty? Based o the result of example ad the equato R = F, we ca get the lower lmt of each module s relablty: ( l l2 l l4 l5 l ) = (0.9 0.9 0.99 0.785 0.785 0.785) I ths example, we let the ut be $000 ad set: ( a a2 a a4 a5 a ) = (50 20 0 ) ; ( c c2 c c4 c5 c ) = (25 99 8 5 5 ) ; u =.
Whle based o example 2, we kow: ( w w2 w w4 w5 w ) = (0.27 0.25 0. 0.07 0.0 0.042) Estmate the software prce s $,000,000, the by Eq. (7), we ca get: ( v v2 v v4 v5 v ) = ( 27 250 7 42) Now, we are ready to formulate the relablty allocato model as: max[ U = wr ] = ( ) R =,2,, R 0.9 R2 0.9 R 0.99 R4 0.785 R5 0.785 R 0.785 50 + 25R 0.5(27) 20 + 99R2 0.5(250) 0 + 8R 0.5() + 5R4 0.5(7) + 5R5 0.5() + R 0.5(42) 8 + 25R + 99R2 + 8R + 5R4 + 5R5 + R 25 By usg Geetc Algorthm, we get a optmal result: ( R R2 R R4 R5 R) = 0.99529 0.98 0.99994 0.99894 0.99724 0.99958. ( ) Ad U = 0.99477, the attaable maxmal software utlty. It should be metoed out that ths example, our results of relablty allocato ad software utlty meet well wth the resource ad other costrats Eq. (), but some practcal proects, maybe there have o feasble soluto because of some specal facal costrats. To resolve these feasbltes, the SE group ad maagemet should decde to accept that o proft would be obtaed from some modules or broade/amed some restrats. Ths provdes a mportat sght to the relatoshp of techcal ad facal feasbltes of relablty goals at the module level, ad equps the maagemet wth the aalytcal tools for decdg o software qualty well advace of ay mplemetato.. CONCLUSIONS AND DISCUSSIONS From the aalyss above, whe the system relablty ad cost budget have bee gve, the model of software relablty allocato that we preseted ths paper ca solve the problem: get the maxmal utlty whle meet wth the costrats of techcal cosderatos, costs, resources ad prces. The model ths paper s a amalgamato of qualtatve ad quattatve formato reflectg the subectve vews ad obectve facts about the software system. We used SFTA to aalyze software structure ad get the relablty requremet (lower lmt of relablty) of each fucto module. We vestgated the user s vews about the software fucto modules ad gave a algorthm to fgure out module mportace wth respect to mult-user oreted software. Fally, we proposed a model to allocate software relablty whle maxmzg software utlty ad meetg wth ts costrats. We showed three examples to demostrate our algorthms. Compared to tradtoal algorthm of AHP, our method has two advatages. Frst, SFTA method ca ot oly fgure out the lower lmt relablty of each module, but also show the heret relatoshp of the system structure ad the actual relablty demad of each module, thus the allocato result s more reasoable. Whereas AHP oly smply dcates that the lower lmt relablty should be greater tha zero ad decded by the SE subectvely. Secod, the method to set user mportace of mult-user software s very smple ad effectve, ad the value ca be gaed the process of system desg, whch make t more effectvely to gude the relablty allocato. But ths process AHP s more complcate, ad t dd t gve the soluto to mult-user oreted software (Mchael R. Lyu etc descrbed aother method that how to solve the multple applcato problem usg o-lear programmg techques [5]). All these advatages cotrbute to the operablty ad effectveess of our SFTA method. I ths paper, we oly dscussed our methods at the level of fucto module, though SFTA ca be performed at varous levels ad stages of software developmet, eve to the level of program code. Ths s because that we used a smple ad effectve method to determe the user mportace, whch ca oly be performed at the fuctoal level. Obvously, oe s uable to ask drectly from the user to express hs preferece for each program ad module because hs vew of the software s a exteral oe that eds at the fuctoal level of the software herarchy [2]. O ths had, AHP s a effectve method to get user s relatve preferece for software fucto, program or module (the oto of module ths setece s dfferet from the oto of fucto module our model. It meas code module of program, whereas the oto of fucto module our model equals to the fucto of the software ths setece), whch usg the egevalue method (or other avalable computato methods [22]) for computg the relatve weghts at each level. So, from ths pot of vew, mergg these two approaches wll further mprove software relablty allocato practcal applcatos ad proects. 7. REFERENCES [] J. Musa, D. Iao, ad K. Okumoto, Software Relablty: Measuremet, Predcto. Aolcato, New York: McGraw-Hll. 987, pp. 97. [2] F.Zahed, N.Ashraf, Software Relablty Allocato Based o Structure, Utlty, Prce ad Cost, IEEE Trasacto o Software Egeerg, Vol. 7, No. 4, 99, pp. 45-5. [] F.Zahed, The Aalytc Herarchy Process A Survey of The Method ad Its Applcatos, Iterfaces, Vol., No. 4, 98, pp. 9-08. [4] Oded Berma ad Noush Ashraf, Optmzato
Models for Relablty of Modular Software Systems, IEEE Trasactos o Software Egeerg, Vol. 9, No., 99, pp. 9-2. [5] Mchael R. Lyu, Sampath Ragaraa ad Aad P. A. va Moorsel, Optmzato of Relablty Allocato ad Testg Schedule for Software Systems, Bell Laboratores ad Lucet Techologes. Avalable from: http://cteseer..ec.com/97728.html. [] Leveso, N. G., Safeware: System Safety ad Computers, Addso-Wesley, Readg, MA, USA, 995. [7] De Lemos, R., Saeed, A., ad Aderso, T., Aalyzg Safety Requremets for Process-cotrol Systems, IEEE Software, Vol. 2, No., 995, pp. 42-5. [8] Lutz, R., ad Woodhouse, R. M., Requremets Aalyss Usg Forward ad Backward Search, Aals of Software Egeerg, (997), pp. 459-475. [9] Hase, K. M., Rav, A. P., ad Stavrdou, V., From Safety Aalyss to Software Requremet, IEEE Trasactos o Software Egeerg, Vol. 24, No. 7, 998, pp. 57-584. [0] H.A. Watso ad Bell Telephoe Laboratores, Lauch Cotrol Safety Study, Bell Telephoe Laboratores, Murray Hll, NJ USA, 9. [] Rahea, D. G., Assurace Techologes: Prcples ad Practces, McGraw-Hll Egeerg ad Techology Maagemet Seres, McGraw-Hll, New York, 99. [2] Che Ka, Lu Shula, ad L Feglg, Mathematcs of Relablty & Applcato, The Jl Educato Press, 989. [] Xag Jawe, Xu Rezuo ad Xao Ygba, Fault Tree Aalyss of Software Relablty Allocato, Joural of Wuha Uversty (Natural Scece Edto), Vol. 45, No. 5(B), 999, pp. 84-8. [4] Mchael R. Lyu (ed.), Hadbook of Software Relablty Egeerg, McGraw-Hll, 995, pp. 9-27. [5] Xu Rezuo, Xag Jawe ad Xao Ygba, Fault Tree Aalyss of Mult-User Oreted Software Relablty Allocato, M-Mcro Systems, Vol. 22, No., 200, pp. 29-2. [] A. Brooke, D. Kedrck, ad A. Meeraus, GAMS: A User Gude, Redwood Cty, CA: Scetfc Press, 988. [7] J. Hollad, Geetc Algorthms, Sc. Amer., July 992, pp. 44-50. [8] Mchalewcz Z., Geetc Algorthms + Data Structures = Evoluto Program, Sprger-Verlag, Berl. 992. [9] Lu Yog, Kag Lsha ad Che Yupg, No-Numercal Parallel Algorthm (secod volume) Geetc Algorthms, [M] Beg, the Scece Press, 997. [20] J.H. Hollad, Adaptato Natural ad Artfcal System, The Uversty of Mchga Press, 975. [2] Srvas M ad Patalk L M., Geetc Algorthms: A Survey, Computer, Jue 994, pp. 7-2. [22] Zahed, F., A Smulato Study of Estmato Methods The Aalytc Herarchy Process, Soco-Ecoomc Plag Sceces, Vol. 20, No., 98, pp. 47-54.