11.4
What is the common characteristic of all architectural styles that are geared to supporting software fault tolerance?Redundancy and Diversity are the most common characteristics among architectural systems that support fault tolerance. The idea is that if one of the systems in place to prevent system failure fails, then there will be at least one other, slightly different protection in place to keep the system running.
11.7
It has been suggested that the control software for a radiation therapy machine, used to treat patients with cancer, should be implemented using N-version programming. Comment on whether or not you think this is a good suggestion.N-version programming will likely be the safest implementation of software to control a radiation therapy machine. Similar to the software systems that control aircraft and nuclear reactors, if the software for a radiation therapy machine were to fail, lives could be lost. Although I believe that N-version programming is a good way to implement software for a radiation therapy machine, relying on software alone in a system that can easily kill a person is a terrible idea. A radiation therapy machine must have hardware safety checks in addition to software safety checks. For instance, a software issue in the Therac-25 radiation therapy machine was directly related to the deaths of more than one person. The software issue present in the Therac-25 was also found in the Therac-20, an older model, but the Therac-20 never caused any physical injury. This was because the Therac-20 had hardware safety checks so that when a signal for a massive dose of radiation was sent from the software to the hardware, certain fuses and breakers would be tripped, preventing a patient from receiving a potentially fatal radiation overdose.
11.9
Explain why you should explicitly handle all exceptions in a system that is intended to have a high level of availability.As the number of unhandled exceptions increase, the probability that one of those unhandled exceptions will be encountered during runtime increases. Availability is defined as the probability that a system, at a point in time, will be operational and able to deliver the requested services. This means that if the probability of encountering an unchecked exception is high, so is the probability that a system will not be operational at a given time. Therefore, in order to have a highly available system, all exceptions must be explicitly handled.
12.5
A train protection system automatically applies the brakes of a train if the speed limit for a segment of track is exceeded, or if the train enters a track segment that is currently signaled with a red light (i.e., the segment should not be entered). There are two critical-safety requirements for this train protection system:- The train shall not enter a segment of track that is signaled with a red light.
- The train shall not exceed the specified speed limit for a section of track.
- If the speed limit of the upcoming segment of track is lower than the current speed of the train and the signal is green, gradually apply the brakes until the new speed limit is reached.
- If the speed limit of the upcoming segment of track is higher than the current speed of the train and the signal is green, gradually accelerate until the new speed limit is reached.
- If the upcoming segment of track is signaled with a red light, begin applying the brakes so that the train can safely stop at the signal.
- If the signal status changes from red to green while slowing down to approach the signal and the train is currently moving faster than the upcoming speed limit, continue gradually slowing down to match the speed limit of the upcoming speed limit.
- If the signal status changes from red to green while slowing down to approach the signal and the train is currently moving slower than the upcoming speed limit, gradually speed up to match the speed limit of the upcoming speed limit.