The avalanche paradigm: an experimental software programming technique for improving fault-tolerance

Abstract

Fault propagation is both boon and curse. For programs undergoing V&V, propagation is a boon, since fault detection is the goal. After software deployment, particularly for safety critical applications, propagation can result in hazardous outputs, which are a curse. Methods to decrease fault propagation for deployed systems are warranted, and we have provided just such a technique in this paper. Fault-tolerant mechanisms are more or less effective depending on where they are placed in a program. This paper combines two different techniques in order to find places where fault-tolerant mechanisms are most likely to defend against hazards. The two techniques are: (1) dynamic fault-injection to estimate the likelihood that anomalies will lead to hazards, and (2) a static analysis that predicts (via a heuristic) the likelihood that program state anomalies ("corruptions") will propagate to subsequent program states during execution.