System Structure for Dependable Software Systems

Truly dependable software systems should be built with structuring techniques able to decompose the software complexity without hiding important hypotheses and assumptions such as those regarding their target execution environment and the expected faultand system models. A judicious assessment of what can be made transparent and what should be translucent is necessary. This paper discusses a practical example of a structuring technique built with these principles in mind: Reflective and refractive variables. We show that our technique offers an acceptable degree of separation of the design concerns, with limited code intrusion; at the same time, by construction, it separates but does not hide the complexity required for managing fault-tolerance. In particular, our technique offers access to collected system-wide information and the knowledge extracted from that information. This can be used to devise architectures that minimize the hazard of a mismatch between dependable software and the target execution environments.