Verification of FT System Using Simulation Petr Grillinger.

Slides:

Advertisements

Similar presentations

Testing and Quality Assurance

Advertisements

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Chapter 4 Quality Assurance in Context

Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 19 Scheduling IV.

MotoHawk Training Model-Based Design of Embedded Systems.

Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.

1 CMSC 132: Object-Oriented Programming II Nelson Padua-Perez William Pugh Department of Computer Science University of Maryland, College Park.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

Stoimen Stoimenov QA Engineer QA Engineer SitefinityLeads,SitefinityTeam6 Telerik QA Academy Telerik QA Academy.

Chapter 11: Testing The dynamic verification of the behavior of a program on a finite set of test cases, suitable selected from the usually infinite execution.

Introduction to Software Testing

Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.

1 Functional Testing Motivation Example Basic Methods Timing: 30 minutes.

What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software faults & reliability Presented by: Presented by: Pooja Jain Pooja Jain.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 1.

CSCE 548 Secure Software Development Risk-Based Security Testing.

Software Quality Assurance Lecture #8 By: Faraz Ahmed.

 The software systems must do what they are supposed to do. “do the right things”  They must perform these specific tasks correctly or satisfactorily.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

Chapter 2 The process Process, Methods, and Tools

Chapter 8: Systems analysis and design

Balancing Practices: Inspections, Testing, and Others JAXA scenario (formal method) Masa Katahira Japanese Space Agency.

1 Validation & Verification Chapter VALIDATION & VERIFICATION Very Difficult Very Important Conceptually distinct, but performed simultaneously.

© 2012 IBM Corporation Rational Insight | Back to Basis Series Chao Zhang Unit Testing.

Software Testing Testing principles. Testing Testing involves operation of a system or application under controlled conditions & evaluating the results.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.

Testing Basics of Testing Presented by: Vijay.C.G – Glister Tech.

Software Development Software Testing. Testing Definitions There are many tests going under various names. The following is a general list to get a feel.

BE-SECBS FISA 2003 November 13th 2003 page 1 DSR/SAMS/BASP IRSN BE SECBS – IRSN assessment Context application of IRSN methodology to the reference case.

Introduction to Software Testing. Types of Software Testing Unit Testing Strategies – Equivalence Class Testing – Boundary Value Testing – Output Testing.

Software Reliability in Nuclear Systems Arsen Papisyan Anthony Gwyn.

Software Construction Lecture 18 Software Testing.

Lach1MAPLD 2005/241 Accessible Formal Verification for Safety-Critical FPGA Design John Lach, Scott Bingham, Carl Elks, Travis Lenhart Charles L. Brown.

Fault injection tool Fault Injection Tool Pavel Čírtek.

CprE 458/558: Real-Time Systems

Software Testing and Quality Assurance Practical Considerations (4) 1.

What is Testing? Testing is the process of finding errors in the system implementation. –The intent of testing is to find problems with the system.

The Software Development Process

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

Fault Tolerance Benchmarking. 2 Owerview What is Benchmarking? What is Dependability? What is Dependability Benchmarking? What is the relation between.

Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)

© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.

Software Quality Assurance and Testing Fazal Rehman Shamil.

 Simulation enables the study of complex system.  Simulation is a good approach when analytic study of a system is not possible or very complex.  Informational,

Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.

Evaluating the Fault Tolerance Capabilities of Embedded Systems via BDM M. Rebaudengo, M. Sonza Reorda Politecnico di Torino Dipartimento di Automatica.

Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.

SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.

Week#3 Software Quality Engineering.

Software Testing Strategies for building test group

CSCE 548 Secure Software Development Risk-Based Security Testing

Software Engineering (CSI 321)

Testing Tutorial 7.

Types for Programs and Proofs

Chapter 8 – Software Testing

Software Reliability Definition: The probability of failure-free operation of the software for a specified period of time in a specified environment.

Software Processes (a)

Critical Systems Validation

Introduction to Software Testing

Baisc Of Software Testing

Software Verification and Validation

Software Verification and Validation

Software Verification and Validation

Overview Activities from additional UP disciplines are needed to bring a system into being Implementation Testing Deployment Configuration and change management.

Software Testing Strategies

Presentation transcript:

Verification of FT System Using Simulation Petr Grillinger

Definitions Fault tolerant systems are used in safety critical applications. Fault tolerant (FT) system – a system that provides required functionality even in the presence of faults. Safety critical application – the cost of a failure is much higher than the price of the system, e.g. human lives are in danger, a production plant is stopped. Real-time (RT) system – the system responds to events immediately as they occur. Hard RT systems provide guaranteed deadlines.

Fault Tolerance A fault is a random or malicious defect introduced to the system. A fault may cause an error state of the system. A system enters error state if its normal operation can not be performed anymore (due to a fault). A recognized error does not mean a failure of the system. The system fails if it no longer meets the requirements for proper functions.

Possible Effects of a Fault Fault effectiveness is the probability that a fault actually does anything (a measure system efficiency). Error detection mechanism (EDM) is essential for FT systems (it is not possible to recover from undetected errors). Error Recovery may prevent system failure if the recovery time is small (or limit the consequences).

FT Verification Methods Formal methods use exact mathematical proofs to verify specified FT claims (exact results but difficult for complex systems). Fault injection (FI) experiments evaluate FT properties using artificially induced faults (usually probabilistic results). Variants are: –Hardware – EMI, heavy-ion, pin-level. –Software – malicious software, memory faults. –Simulation – depends on model abstraction level. –Hybrid – combines any of the techniques above.

Comparison of FI Methods Hardware FI: –Pros: Reliable results. –Cons: additional HW, intrusive, non-deterministic. Software FI: As HW FI (different type of faults) –Pros: no additional HW. Simulation FI: –Pros: deterministic, non-intrusive, no extra HW. –Cons: Validity of results depends on model quality, additional model development time.

Building of Simulation Model 1.Select level of abstraction to separate elementary function from unnecessary detail. 2.Design modular structure, separate functionality from simulation overhead. 3.Select simulation tool and programming language. 4.Implement and debug. 5.Verify that the model is valid and future experiments will have feedback to reality. 6.Design one or more testing applications that will use the model.

Abstraction Level Low or no abstraction (e.g. VHDL model): –The same behavior as the modeled system (when generated from a formal specification). –Low performance, high complexity (difficult to pinpoint the exact location of a bug). High level of abstraction: –Better performance, lower complexity (irrelevant details are hidden). –Limited validity (bugs introduced through the abstraction), limited usability.

ANSI C Standard Libraries C-SimC++ Builder FunctionalitySimulationVisualization TTP/C Protocol Application Specific fp…sp…vp… fa…sa…va… Modular Structure of TTP/C Experiment Environment fe…se…ve…

Implementation Language ANSI C – maximum portability and performance. Code for microcontrollers is often written in C. C++ – good performance, OOP principles, templates, STL support. Java – low performance, OOP principles, parallelism, portable GUI. High level simulation tool (e.g. Witness) – rapid development suitable for typical simulation tasks (e.g. queuing networks).

Testing Model Validity Possible methods: –Testing against specification: monitoring of system behavior under different parameter sets. Non- automated tests are time-consuming and provide little assurance about the validity (automated test require formal specification). –Parallel execution of model and reference system: often is automated and provides excellent validity proof (assuming the reference system is valid). Validation of the model is performed first without FI experiments, then with them. The second phase already gives useful results about FT.

Testing Application We need an application for debugging and massive experimentation (e.g. the sine-wave application in TTP/C model): –As simple as possible to track down problems without complications. –Using as much features of the model as possible to gain maximum coverage. We often need also a real-world application that covers a particular problem and verifies behavior of the system in certain circumstances (e.g. Brake-by-wire in the TTP/C model).

FT Verification Process Hypothesis – fault assumption, input, expected results. Fault model – type of fault, target, etc. Testing application – modeled system doing something sensible. Choosing appropriate application is not simple, often there must be several testing applications. Execution of the testing application with FI confirms or denies the hypothesis. A measure of experiment quality is FI coverage – the ratio of injected faults to all possible faults.

Advantages of Simulation Discrete-time allows to slice the time flow deliberately – no intrusion effect. Possibility to make changes to the model to see what happens, if… (e.g. to test a proposed modification, bug correction). Determinism – the ability to repeat the same experiment with the same results (e.g. we can ran rapid black box experiments with minimum logging first, then enable full log and repeat only the most interesting experiments) Access to every part of the model – used for monitoring and FI.

Results from FIT A model was made that executes approximately in real-time. Several minor flaws in the specification were found using the model. One bug in the HW implementation was found during validation of the model. A severe case of fault propagation has been found. A solution to the problem was proposed and using a modified model also verified.

Personal Insights Logging is extremely useful. It is often desirable to log only certain events or to start logging after a trigger. Visual interface (GUI) is also extremely useful to monitor simulation progress. It is also excellent for demonstrations. Temporal faults in discrete-time simulation require special handling. All hold operations must check the current time after they return. Floating point representation of time in C-Sim is not ideal (fixed point version with greater range may be better).