what constitutes an "acceptable" behavior of such a process. We capture this notion in our definition of the validity of an on-line change. We define an on-line change to be valid if some time after the change, the process reaches a reachable state of the new program version. Thus, validity ensures that following a change, the process starts behaving like the new version of the program after a "transition period". We first consider validity of on-line changes to programs written in sequential procedure based languages. For this purpose, a very simple model in which procedures and functions are not allowed is first considered. State is modelled as a mapping from variable names to values. For this model, we show that it is undecidable to find whether or not a given on-line change is valid. This result has important consequences. It means that computable necessary and sufficient conditions for validity of change can not be obtained. Undecidability in this simple model also

In this paper, we propose a new paradigm for increasing the reliability of a software system by combining reactive and proactive approaches. The proposed approach employs rollback and restart for masking transient failures, and employs on-line software version change to remove faults from the software. A model for reliability analysis of a system employing the proposed approach is presented. The analysis shows that substantial benefit in reliability can be obtained by employing the proposed approach. A prototype system which incorporates the proposed approach is also described. 1. Introduction One way to increase the reliability of a software system is to deploy software fault tolerance. The earliest approaches for handling software faults employed design diversity. With such techniques, if a module cannot provide service, then other modules, which have different designs, are used to provide the required service. The two well known methods for organizing the different versions of a m...