Combining Fault Avoidance, Removal and Tolerance: an Integrated Basis for Software Veriication and Validation

Fault avoidance, fault removal and fault tolerance represent three successive lines of defense against the contingency of faults in software systems and their impact on system reliability. The law of diminishing returns advocates that these three sets of methods be put to bear to achieve eeective software veriication and validation: each method is used in the context where it is most eeective. In this paper, we present an integrated approach to veriication and validation, where we identify what aspects each set of methods is best adapted to deal with. 1 Successive Lines of Defense Despite three decades of intensive research, the veriication and validation of software products remains an active research area. A great deal of progress has been achieved in this eld, but the advent of new programming languages and new software development paradigms, combined with the increasing reliance on software and the increasing complexity of software applications, have maintained the pressure for more research. All the methods of veriication and validation revolve around the theme of dealing with the existence and the manifestation of faults. Traditionally, these methods are classiied into three categories, which diier by how early faults are identiied and dealt with; the categories can be seen as successive lines of defense against the eeects of faults on software quality. Fault Avoidance. These methods take the view that it is possible to build fault-free software, and focus on means to specify, verify and derive software products that are free of faults. Fault Removal. These methods take the view that despite our best eeorts, developed software may still contain faults, and apply methods to remove faults from existing software products.