Fault Tolerance Fundamentals
description
Transcript of Fault Tolerance Fundamentals
![Page 1: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/1.jpg)
Fault Tolerance Fundamentals
ITV Model-based Analysis and Design of Embedded SoftwareTechniques and methods for Critical Software
Anders P. RavnAalborg University
August 2011
![Page 2: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/2.jpg)
Fault Tolerance
Means to isolate component faults
Prevents system failures
May increase system dependability
![Page 3: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/3.jpg)
Dependability - attributes• Availability• Reliability• Safety• Confidentiality• Integrity• Maintainability
![Page 4: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/4.jpg)
Dependability - impairments
• Faults • Errors• Failures
![Page 5: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/5.jpg)
System and Component
![Page 6: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/6.jpg)
Propagation among Components
![Page 7: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/7.jpg)
Error Classification
(Fault Error)
• Effect
• Extent
• latent• effective
• local• distributed
![Page 8: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/8.jpg)
Failure Classification
(Fault Error Failure)
• Consequence • benign• malign (a mishap)
![Page 9: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/9.jpg)
Fault Tolerance
Means to isolate component faults
Prevents system failures
May increase system dependability
... And mask them
![Page 10: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/10.jpg)
Fault Tolerance
![Page 11: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/11.jpg)
FT - levels
• Full tolerance
• Graceful Degradation
• Fail safeBW p. 107
![Page 12: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/12.jpg)
FT basis: Redundancy
• Time
• Space
Try Retry Retry ...
TryTryTry
...
BW p. 109
![Page 13: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/13.jpg)
Fault Tolerance
![Page 14: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/14.jpg)
Basic Strategies
![Page 15: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/15.jpg)
The ideal FT-component
Exception HandlerNormal mode
Request/response
Request/response
Interfaceexception
Interfaceexception
Failureexception
Failureexception
![Page 16: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/16.jpg)
Model Design Procedure1. Model the correct component and check that it
has the desired properties.2. Model relevant faults and introduce them as
internal transitions to error states. Check that this fault-affected.
3. Introduce into the model the mechanisms for fault detection, error recovery and masking and check that the desired properties are valid for this design.
![Page 17: Fault Tolerance Fundamentals](https://reader035.fdocuments.in/reader035/viewer/2022081503/568160f4550346895dd02dd0/html5/thumbnails/17.jpg)
Exercise
• What is the purpose of a watchdog-timer?• How could it be used in a space based
redundancy scheme?• - in a time based redundancy scheme?