Analysis of Error Propagation Between Software Processes

All software systems can contain faults. In critical systems, this problem is alleviated by controlling the possible effects of a fault being executed, typically through techniques for achieving fault tolerance. Ensuring that failures are properly isolated, and not allowed to propagate, is essential when developing critical systems. In much of the research on error propagation analysis the focus has been on probabilistic models. While these models are well suited for quantitative analysis, they are usually not very specific with regard to the actual mechanisms that might allow a failure to propagate between entities. Quantitative analysis is often applied on code level and not seen as influenced by and in conjunction with the operating system. A more detailed insight into the actual mechanisms can be beneficial to decide whether or not error propagation is a concern for a given source code. A method for studying mechanisms of error propagation between software processes was proposed in (Sarshar, 2007). This chapter describes the method, which (1) facilitates the study of error propagation between software processes; (2) identifies mechanisms for error propagation; and (3) provides means to determine whether these can be automatically detected by a static analyser. In this context a process represents a program in execution, typically managed by an operating system. Processes can communicate with each other via inter-process communication and their shared resources. Examples of shared resources can be the operating system itself and the memory. The analysed problem is how one process can cause another process to fail and concerns interaction methods available in the source code of a program. The work criteria and scope are described in the following: • Consider processes running on a single CPU computer with an operating system. • The method should only require the source code and minimal manual input to work. • The source code must compile without any errors prior to the analysis. • The primary interest is to determine whether error propagation is a concern or not. This chapter further reports on the applicability of the method in a case where a module of a core surveillance framework named SCORPIO has been analysed. The framework is a support system for nuclear power plants supporting monitoring and prediction of core conditions. Some of the terminologies used in this chapter are briefly described in the following (Storey, 1996):