Tolerating Timing faults TSW November 2009 Anders P. Ravn Aalborg University

FT basis: Redundancy Time Space TryRetry... Try... BW 2.5 p. 41

Dynamic Redundancy 1.Error detection 2.Damage confinement and assessment 3.Error recovery 4.Fault treatment and continued service BW p. 41

Error Detection f: State x Input  State x Output Environment (exception) Application BW Ch 13 Assertion: precondition (input,state) postcondition (input, state, state’, output) invariant(state, state’) Timing: WCET(f, input) Deadline (f,input) D

Fault Tree EC_i > C_i ET_i < T_i Missed D_i EI_i > I_i ET_k < T_kEC_k > C_k EB_i < B_i Platform fails

Error Detection Deadline D missed (Platform Error) Overrun of C Min. Interarrival time T too small Blocking time B too small

Damage Confinement Static structure one task lower priority tasks ? Dynamic structure BW p. 457

Error Recovery Forward Backward Repair the state – if you can ! define recovery points checkpoint state at r. p. roll back retry Domino effect