Towards fault-tolerant software architectures

Abstract

"Software engineering has produced no effective methods to eradicate latent software faults. " This sentence is, of course, a stereotype, but it is as true as a stereotype can get. And yet, it begs some questions. If it is not possible to construct a large software system without residual faults, is it at least possible to construct it to degrade gracefully if and when a latent fault is encountered? This paper presents the approach adopted on CAATS (Canadian Automated Air Traffic System), and argues that OO design and certain architectural properties are the enabling elements towards a true fault-tolerant software architecture.