Embed Size (px)
Citation preview
Dependability
TSW 10Anders P. Ravn
Aalborg UniversityNovember 2009
Characteristics of a RTS
• Timing Constraints• Dependability Requirements• Concurrent control of separate components • Facilities to interact with special purpose
hardware
Dependability - impediments
• Faults • Errors• Failures
BW Ch 2, ...
Fault Error Failure ...Fault
System and Component
Dependability - attributes
• Availability• Reliability• Safety• Confidentiality• Integrity• Maintainability
BW Ch 2
Dependability - means
• Fault prevention • Fault tolerance• Error Removal• Failure Forecasting
BW Ch 2
Fault classification
• Origin
• Kind
• Property
• physical (internal/external)
• logical (design/interaction)
• omission
• value
• timing
byzantine
• duration (permanent, transient)
• consistency (determinate, nondeterminate)
• autonomy (spontaneous, event-dependent)
Error Classification
• (Fault Error)
• Effect
• Extent
• latent
• effective
• local
• distributed
Failure Classification
• (Fault Failure)
• Consequence • benign
• malign (a mishap)
BW (Failure modes) Ch 2
Dependability - means
• Fault prevention • Fault tolerance• Error Removal• Failure Forecasting
Fault Prevention
• Careful Design
• Conservative Design
• process (procedures)
• notations
• tools
• robust functionality
• testability
• tracability
Dependability - means
• Fault prevention • Fault tolerance• Error Removal• Failure Forecasting
Error Removal
• Verification (analysis of design)
• Test (analysis of implementation)
Dependability - means
• Fault prevention • Fault tolerance• Error Removal• Failure Forecasting
Failure Forecasting
• Calculation – analysis of design
• Simulation – measurement on design
• Test -- measurement on implementation
Dependability - means
• Fault prevention • Fault tolerance• Error Removal• Failure Forecasting
BW Ch 2
Fault Tolerance
Means to isolate component faults
Prevents system failures
May increase system dependability
... And mask them
Fault Tolerance
FT - levels
• Full tolerance
• Graceful Degradation
• Fail safeBW Ch 2
FT basis: Redundancy
• Time
• Space
Try Retry Retry ...
TryTry
Try
...
BW Ch 2
N-version programming
V1 V2 V3
Driver (comporator)
Comparison vectors (votes)
Comparison status indicators
BW Ch 2Comparison points
Fault classification (scope of N-VP)
• Origin
• Kind
• Property
• physical (internal/external)
• logical (design/interaction)
• omission
• value
• timing
byzantine
• duration (permanent, transient)
• consistency (determinate, nondeterminate)
• autonomy (spontaneous, event-dependent)
++
(+)++(+)
+ / (+)
+ / ++ / +
Dynamic Redundancy
1. Error detection
2. Damage confinement and assessment
3. Error recovery
4. Fault treatment and continued service
BW Ch 2
Error Detection
f: State x Input State x Output• Environment (exception)• Application
BW Ch 2
Assertion:• precondition (input)• postcondition (input, output)• invariant(state, state’)
Timing:• WCET(f, input) • Deadline (f,input)
D
Damage Confinement
• Static structure
• Dynamic structure
BW Ch 2
object
object
II
Error Recovery
• Forward • Backward
BW Ch 2
Repair the state – if you can !
• define recovery points• checkpoint state at r. p.• roll back• retry
Domino effect
Recovery blocks
ENSURE acceptance_testBY { module_1 }ELSE BY { module_2 } ...ELSE BY { module_m }ELSE ERROR
BW Ch 2
The ideal FT-component
Exception HandlerNormal mode
Request/response
Request/response
Interfaceexception
Interfaceexception
Failureexception
Failureexception
BW Ch 2
