Academia.eduAcademia.edu

Optimization models for reliability of modular software systems

1993, IEEE Transactions on Software Engineering

This paper presents four optimization models to demonstrate that the optimization of software reliability within the available resources can be accomplished. The models help us find the optimal software system structure while considering basic information on reliability and cost of modules. Each model is applicable to a distinct situation. All four models maximize reliability while ensuring that expenditures remain within budget.

zyxwv 11 IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 19, NO. 11, NOVEMBER 1993 1119 zyx Concise Papers Optimization Models for Reliability of Modular Software Systems Oded Berman and Noushin Ashrafi because these modules may be developed by completely different groups, different tools, and in different environments [2]. In this study we show the application of well-known optimization models to determine the optimal redundancy level of fault-tolerant software systems. The models use basic information on module reliability and cost and allow the tradeoff between these two factors. Belli and Jedrzejowicz have developed two optimization models for faulttolerant software. Their first model is similar to the second model of this study, however, their expression of reliability is quite complicated and no solution to the problem has been offered. Our earlier work [I] used optimization models to determine the redundancy level of a software package consisting of several independent functions where each function is performed by a program with known reliability and cost. Our current work, however, breaks down this approach one step further and deals with software systems consisting of one or more programs where each program consists of series of modules, which upon sequential execution will perform a function. The optimal redundancy level of the modules is to be determined. Four models are presented, each applicable to a different software system structure (ranging from a very simple structure to more sophisticated ones). The diversity of the models gives the software engineer flexibility in choosing an appropriate model for a given software system. The next section explains the structure of the models. Then we present formulations and solution methods for each model. The final section offers concluding remarks and a discussion of the limitation of the proposed models. zyxwvutsrqponm Abstract-This paper presents four optimizationmodels to demonstrate that the optimization of software reliability within the available resources can be accomplished. The models help us find the optimal software system structure while considering basic information on reliability and cost of modules. Each model is applicable to a distinct situation. All four models maximize reliability while ensuring that expenditures remain within budget. Index Terms- Dynamic programming, fault tolerance, integer pro- gramming, modularization, optimization, software reliability. I. INTRODUCTION I N developing software systems, the manager’s goal is to produce a software system within limited resources and in accordance with user requirements. One important user requirement concerns the reliability of the software. Reliability for a software system is defined as the probability that software operates without failure in a specified environment, during a specified exposure period [5]. Failure is defined as a discrepancy between expected and actual output. Fault is a defect in the program that, when executed, causes a failure. One method to improve software reliability is by the application of redundancy. A careful use of redundancy may allow the system to tolerate faults generated during software design and coding thus improving software reliability. Improving software reliability, using redundancy, however, requires additional resources. The question then is “how to incorporate redundancy into software structure such that reliability is maximized and cost remains under control?” A number of reliability models for prediction and assessment of the reliability of fault-tolerant software systems have been developed. However, the problem of reliability optimization for fault-tolerant software has not been addressed by many researchers. Belli and Jedrzejowicz [3] contribute this lack of interest partly to “. . . the complexity of reliability optimization problems, difficulties in identification of dependencies between the resources and component reliabilities . . ., and lack of necessary information on components’ reliability properties.” The advancement of technology and the immense software development cost has made the use of COTS (commercial off-the-shelf) modules a reality and may be a necessity. Boehm [4] suggests the use of COTS software whenever possible, as an appropriate process model for a software development project. Considering the concept of COTS in software development and the availability of mathematical models to assess module reliability, it is now possible to have information on module reliability and cost. Furthermore, the failure independence of the redundant modules are more acceptable zy zyxw zyxwvutsr A . Notations Number of functions the software system is required to perform. Number of modules within the software system. Frequency of the use of function k , k = 1, 2,. . . ,K. Number of versions available for module i , i = 1,. . . , n. Estimated reliability of version j of module i . Binary variable that is equal to 1 if version j is selected for module i , else 0. Estimated reliability of module i . Estimated reliability of the software system. Cost of developing version j for module i . Available budget. B. Assumptions 1) Modular programming is used for software development. 2) Module versions are developed independently, and their reliabilities and costs can be estimated. Note that this assumption makes the models directly applicable only to those software systems that are developed using COTS modules. These modules are independently generated and tested. Their reliability can be estimated using any of the reliability estimation models available. Their cost is the purchasing cost. 3) There is a specified budget for the software system. zyxwvutsrq zyxwvuts Manuscript received January 1993; revised May 1993. Recommended by F. Bustani. 0. Berman is with the Faculty of Management, University of Toronto, Toronto, Ont., M5S 1V1, Canada. N. Ashrafi is with the Department of Management Science and Information Systems, College of Management, University of Massachusetts/Boston, Boston, MA 02125. IEEE Log Number 9213119. 11. SOFTWARE SYSTEM STRUCTURES Consider software systems that are developed using modular techniques and are required to perform one or more functions as 0098-5589/93$03.00 0 1993 IEEE 1120 zyxwvutsrqponmlkji zyxwvu IEEE TRANSACTIONS ON SOFIWARE ENGINEERING, VOL. 19, NO. 11, NOVEMBER 1993 specified by the user. Each function is performed by executing a program where each program is further divided into several modules. Each module may be called by more than one program. We assume that functionally equivalent and independently developed versions of modules are available, each with an estimated reliability and cost. Optimization models of this study will determine the optimal rcdundancy level of the modules for each software structure so as to maximize reliability at a limited given cost. Four models for different Given B = 6 the problem can be formulated as follows: max (0.9X11 + 0.8X12 + 0 3 5 x 1 3 ) . (0.95x21 + 0.8X22 + 0.7X23)(0.98X31 + 0.94x32) zyx zyxwvutsrqponmlkjih zyxwvutsrqponml zyxwvutsrqp zyxwvutsrqpo zyxwvutsrqpo subject to x 1 1 + xl2 + =1 x 1 3 ay21 + x 2 2 + =1 x 2 3 x31+x32=1 software structures are formulated. A . Model I : Selecting the Optimal Set of Modules for One Function System (without Redundancy) 3x11 Software system consists of a single program performing one major function. The program is comprised of a set of modules, which are executed sequentially. There are more than one version of each module available but, due to budget limitation and/or noncritical nature of the software, keeping multiple versions of modules is not desirable. The model developed for this situation allows the optimal selection of a set of modules for the single program such that the rzliability is maximized while meeting the constraint that the overall development cost remains within budget. Formulation of Model 1: The problem of maximizing reliability by choosing the optimal set of modules can be formulated as follows: n max R = n R z (PI z=l subject to m 2 Ex,,= 1, i = 1,.. . , n JZ1 + xi2 + 2x13 + 3x21 + 2x22 + 1x23 + 3x31 + 2x32 5 6 where x11, X12r x13, X21r"',X32 =o, 1. The optimal solution found by our Branch and Bound method is (X12, X Z ~ x3 , 2)with objective function value of 0.714 and cost = $6. B. Model 2: Selecting the Optimal Set of Modules for One Function Sofrware System (with Redundancy) The second situation addressed in this paper occurs, when the software system performs a more critical function whose failure can be very severe. In such situations, software can be made fault-tolerant by keeping redundant versions for each module. It is reasonable to assume that the allocated budget, for systems performing such functions, is large enough to allow redundancy of modules. The objective in this situation is to determine the optimal set of modules, allowing redundancy, so as to maximize the reliability of the software system while remaining within the budget. Formulation of Model 2: We now discuss the same problem described in the previous section allowing redundancy. The problem can be formulated as follows: n max R = X , , = 0, 1 i = l,...,n fl~* Z=1 j = l,...,mz (PZ1 subject to where x,,= 0 , 1 i =l,...,n j =l,...,mt where ,=I m 2 The objective function of P1 reflects that the modules are executed sequentially. The set of constraints (i) ensures that exactly one version I S selected for each module. Constraints (ii) guarantees that total expenditures will not exceed B. Problem P1 is a nonlinear integer programming problem. We wggest a Branch and Bound approach [7] to solve the problem. A \imple numerical example for this model is given below. Readers interested in our Branch and Bound scheme can refer to Appendix 4. Suppose PI = 3, ml = 3, m2 = 3, and m3 = 2. The reliability ind cost of the modules are given as follows: R I , = 0.90, cll = $3. R L =~ 0.95. C2l = $3, Ri2 = 0.80, cl2 c22 R ~ =I 0.98 R32 c 3 1= c32 $3 = $1, R22 = 0.80, = $2, 0.94 = $2. Ri3 = 0.85 c13 = $2 R23 = 0.70 c23 = $1 Ext,2 1, ,=1 i = 19 ... 3n 22Xt,C., I B (ii) ~13=1 m, R, = 1 - fl (1 - R z 3 ) X ' 3 . (7) .=1 The reliability of module i is defined as the probability that at least one of the m, versions is performing correctly (given as one minus the probability that none of the m, versions is performing correctly). Constraint set (i) guarantees that for each module i at least one version is selected. Problem P2 can be solved using Dynamic Programming [6] algorithm. A numerical example is given below and, Appendix B presents our Dynamic Programming approach. Using the same numerical example that was used for model 1, with a budget of $10, the optimal solution is found to be x31 = 1, XZI= x 2 3 = 1, XIZ= x13 = 1 and the overall reliability of the system is 0.9359. zyxwvuts I I I I , zyxwvuts zyxwvutsrq zyxwvutsrqp zyxwvutsrqp zyxwvutsrqp zyxwvutsr zyxwvutsrqponm zyxwvutsr zyxwvutsrqp IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 19, NO. 11, NOVEMBER 1993 1121 C. Model 3: Selecting the Optimal Set of Modules for a System with K Functions (without Redundancy) D.Model 4. Selecting the Optimal Set of Modules for a The third model deals with software systems consisting of several programs each performing a specific function. Each program contains a series of modules. Programs can be called by their corresponding functions and modules can be called by any program. The objective of this model is to determine the optimal set of modules for the programs, not allowing redundancy, such that the reliability of the software system is maximized while remaining within the budget. Formulation of Model 3: Let s k denote the set of modules corresponding to program k. For each module i E sk there are m , versions available. We note that the same module can be called by different programs. We number all the modules to be called by all programs from 1 to n. The problem of maximizing reliability by choosing an optimal set of modules (without redundancy) can be formulated as follows: The problem we discuss in this section is identical to P3 except that redundancy is now permitted, i.e., we allow the choice of more than one version for each one of the modules. The problem can be formulated as follows: K max R = E F k System with K Functions (with Redundancy) fl R, subject to m, Ex;,2 1, J=1 (ii) (P3) x,, = 0, 1 subject to m 2 Ex*, = 1, j=1 n i= l,...,n (9 m. (ii) X,, = 0, 1 i =l,...,n j = l,...,mt where R, is given by (1). Problem P3 can be solved by a Branch and Bound approach very similar to the one for PI with minor modifications. A numerical example is given below. Consider the example at the bottom of the page. The problem can be formulated as max [ 0.70[(0.8OXii 0.30[(0.70x21 + 0.85X12)(0.7OXzi + 0.9OX~z)]+ + 0.9Oxzz)(0.953 + 0.9Ox32)] 1 1 subject to + XlZ + + 2x11 + 3 x 1 2 + 1 x 1 2 + 3x22 + 4x31 + 3x32 =1 =1 =1 x 1 1 x 2 1 x 2 2 x 3 1 x 3 2 X,, = 0, 1 i = 1, 2, 3 5 8 j = l , . . . , mc . The objective function above can be rewritten as max0.392X11Xlz + 0.504XllX22 + 0 . 4 1 6 5 X 1 ~ X ~ l + 0.5355X12x22 + 0.1995Xzlx31 + 0.189X2lX32 + 0.2565X22X31 + 0.243X22x32. The optimal solution is (X11, X22, x 3 2 ) which costs $8 and has an optimal objective function value of 0.747. Observe that when B = $10 the optimal solution is (X12, X22, x31)with an objective function value of 0.792. K = 2, SI = ( 1 , 2}, R11 = 0.80 c 1 1=$2 = (2, 3}, Rlz = 0.85 c 1 2 = $3 s2 = 0.30, = 2, R 2 2 = 0.90 111. CONCLUSIONS AND DISCUSSIONS F2 n = 3, m2 m3 = $3 j = 1,"..mt This paper presents optimization models for software systems that are developed using modular design technique. Four different software structures are considered: 1) one program, no redundancy; 2) one program, with redundancy; 3 ) multiple programs, no redundancy; 4) multiple programs, with redundancy. The optimization problems are solved by using our version of established optimization methods. The practical usefulness of this study is to draw the attention of software practitioners to an existing methodology which may be used to make an optimal selection out of an available pool of modules with known reliability and cost. All four models maximize software reliability while ensuring that expenditures remain within available resources. The software manager is allowed to select the appropriate model for a given situation. Finally, we would like to comment on two assumptions made throughout the paper. First, it is assumed that it is known whether or not a function is performing in satisfactory manner. This assumption is not restrictive since the models can be basically modified to include an auxiliary program (with its known reliability and cost). This auxiliary program can be used to determine whether or not a function is operating in a satisfactory manner. Second, for the models with redundancy it is assumed that there is statistical independence among = 2, Rzl = 0.70 c 2 1 = $1 c22 i = l , . . ., n where R, is given by (7). Because of the set of constraints (i) and since we deal with K > 1 functions, none of the methods discussed so far in this paper can be used to solve problem P4. Moreover, because the objective function is nonlinear we cannot solve the problem directly as an integer programming problem. In Appendix C we show how the problem can be solved using integer programming. Using the same numerical example that was used for model 3, we obtain the results that are given below. After transforming the problem to Integer Programming, the problem is solved using Lindo on an IBM PC. The optimal solution for a budget of $9 is X11 = X21 = X22 = x 3 2 = 1 and the optimal objective function value is 0.8052, which is slightly better than 0.792 the objective function value of P3 for a larger budget of $10. F1 = 0.70, mi m. n z E S ~ k=l i = 1 , . . .,n B = $8 =2 R31 = 0.95 c 3 1 = $4 R32 = 0.90 c 1 2 = $3. 1122 zyxwvutsrqp zyxwvutsrqponmlkjihgfe IEEE TRANSACTIONS ON SOFIWARE ENGINEERING, VOL. 19, NO. 11, NOVEMBER 1993 zyxwv zyxwvutsrqp zyxwvutsrqpon zyxwvutsrqp zyx zyxwvutsrqponm different program versions (by using, for example, COST modules). This is indeed a strong assumption that needs to be used with caution. APPENDIX First we note that problem P1 APPENDIXB Let us define the state of the system S to be the budget available and state i to reflect module i for i = 1 , . . . ,n. Let R, (S) be the reliability of the system composed of module i, i 1,.. . ,n. Given that S is the budget available ( B - S) is the budget left for modules l,...,i - 1 The recursive formula for R , ( S ) when i < n is zyxwvuts zyx + A is feasible if . Let X, be the selected module for task i for i = 1 , . . . n and let Xe for 2 = 1. . . . . 7 2 be the optimal solution of P 1 when constraint (ii) is ignored. Obviously if (X,", . . . , X : ) is a feasible solution of P 1 it must also be an optimal solution of P 1 with an objective function value of where the maximization takes place for X , , values for which m, m2 EX,,2 1 and ,=1 (3) x C t 3 X z5 J S. 3=1 The recursive formula for R, (S) is Without any loss of generality suppose (SI, . . . , ) for k < n is a partial solution of P I . An upper bound on this partial solution is given by 1 m, [ R,(s) = max 1 - n ( 1 - R,,)~'"J 3=1 (9) where the maximization takes place over X n Jvalues such that (4) zyxwvuts The left part of (4) reflects the actual contribution of the partial solution to the objective function value while the right part indicates the optimal choice ignoring the budget constraint (i.e., choosing ,. . . , Obviously, (XI.* . . ,X k ) cannot lead to any possible feasible solution if Given state the range and state s, for be Rt(S) in 1-1 (xi+, xz)). k=z k=l APPENDIX (5) 1 - -Y,,R,, The upper bound (4) is attained only if (11) m, r=l+l R, = 1 - n(l- X , , R , , ) + where Ce is the cost corresponding to Xp for i = k 1, . . . , T I . The Branch and Bound procedure starts with choosing a known feasible solution to the problem that can serve as a lower bound (denoted by LB). One feasible solution (if one exists) is given by choosing the cheapest version for each module. In each level i of the decision tree we make a choice of one version for module i , 1 5 I 5 n . For each partial solution three numbers are calculated. 1) a-the upper bound value given by (4). 2) b-the lowest possible cost of any solution that include the partial solution given in the expression left to the inequality sign of (5). 3) c-the cost of solution (SI, -Yr... . ,X k , X;+, , . . . ,Xz ) given in the expression left to the inequality sign of (6). A partial solution X I . XZ,. . . ,A-k is fathomed if either (i) b > R; or (ii) a < L B . A new solution is found whenever c 5 13 [solution (-XI, -X~..*..XI, X;+,,...,X:)] . A new feasible solution becomes the new incumbent solution if n > LB. The Branch and Bound starts by branching the root node in level 0 to m 1 hranches, each corresponding to a choice of XI, for j = 1.. . . ,m l . The next node to branch is chosen to be the node with the largest upper bound. % 9,,= 0. 1 since, if S,,= 0 then (1 - R z J ) X a=~ 1 and if X,, = 1 then ( 1 - R,, ) = 1 - R,, . Therefore, (7) can be rewritten as k z=1 C Now we show how to rewrite the objective function as a linear function. Note that (1- R,,)'*J in (7) can be written as (12) ,=l and the objective function of P4 can be expressed as The objective function (13) is still not linear since it includes product of binary variables. However, using [6] to express a product of rt binary variables 2, as n I *=1 we define r1 y = nzz. y = 0. 1 t=1 by the two linear functions 21 1 n - 2 1 + + " . + 2, - y 5 2 2 1 + z;1z + . . . + -2, n 11 -y -I 2 0. , I I l l zyxwvuts zy I zyxwvutsrqponm zyxwvutsrqpo zyxwvutsrqp zyxwvutsrqp IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 19, NO. 11, NOVEMBER 1993 REFERENCES [l] N. Ashrafi and 0. Berman, “Optimal design of large software systems considering reliability and cost,” submitted to IEEE Trans. Reliubilify,vol. 41, no. 2, pp. 281-287, 1992. [2] A. Avizienis and J. P. Kelly, “Fault tolerance by design diversity: Concepts and experiments,” Computer, vol. 17, no. 8, pp. 67-80, 1984. [3] F. Belli and P. Jedrzejowicz, “An approach to reliability optimization of software with redundancy,” IEEE Trans. Software Eng., vol. 17, 1123 no. 3, pp. 310-312, 1991. [4] B. W. Boehm, Softwure RiskManagement (Tutorial). New York: IEEE Computer Society Press, 1989. [5] J. D.Musa, “A theory of software reliability and its application,” IEEE Trans. Software Eng., vol. SE-1, no. 3, pp. 312-327, 1975. [6] H. A. Taha, Operations Research: An Introduction. New York: Macmillan, 1976. [7] H. M. Wagner, Principles of Operations Research. Englewood Cliffs, NJ: Prentice-Hall, 1975.