Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University."— Presentation transcript:

1 Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University

2 Fault Tolerance Means to isolate component faults Prevents system failures May increase system dependability

3 Dependability - attributes Availability Reliability Safety Confidentiality Integrity Maintainability BW p. 129

4 Dependability - impairments Faults Errors Failures BW p. 103,...,130 FaultErrorFailure... Fault

5 System and Component

6 Dependability - means Fault prevention Fault tolerance Error Removal Failure Forecasting BW p. 106,..., 130

7 Fault classification Origin Kind Property physical (internal/external) logical (design/interaction) omission value timing byzantine duration (permanent, transient) consistency (determinate, nondeterminate) autonomy (spontaneous, event-dependent)

8 Error Classification (Fault  Error) Effect Extent latent effective local distributed

9 Failure Classification (Fault  Error  Failure) Consequence benign malign (a mishap) BW (Failure modes) p. 105

10 Fault Avoidance Careful Design Conservative Design process (activities) notations tools robust functionality testability tracability

11 Error Removal Verification (analysis of design) Test (analysis of implementation)

12 Failure Forecasting Calculation – analysis of design Simulation – measurement on design Test -- measurement on implementation

13 Fault Tolerance Means to isolate component faults Prevents system failures May increase system dependability... And mask them

14 Dependability - means Fault prevention Fault tolerance Error Removal Failure Forecasting BW p. 106,...

15 Fault Tolerance

16 FT - levels Full tolerance Graceful Degradation Fail safe BW p. 107

17 FT basis: Redundancy Time Space TryRetry... Try... BW p. 109

18 N-version programming V1 V2 V3 Driver (comparator) Comparison vectors (votes) Comparison status indicators BW p. 109 Comparison points

19 Fault classification (scope of N-VP) Origin Kind Property physical (internal/external) logical (design/interaction) omission value timing byzantine duration (permanent, transient) consistency (determinate, nondeterminate) autonomy (spontaneous, event-dependent) + (+) ++ (+) + / (+) + / +

20 Dynamic Redundancy 1.Error detection 2.Damage confinement and assessment 3.Error recovery 4.Fault treatment and continued service BW p. 114

21 Error Detection f: State x Input  State x Output Environment (exception) Application BW p. 115 Assertion: precondition (input) postcondition (input, output) invariant(state, state’) Timing: WCET(f, input) Deadline (f,input) D

22 Damage Confinement Static structure Dynamic structure BW p. 117 object I I

23 Error Recovery Forward Backward BW p. 118 Repair the state – if you can ! define recovery points checkpoint state at r. p. roll back retry Domino effect

24 Recovery blocks ENSURE acceptance_test BY { module_1 } ELSE BY { module_2 }... ELSE BY { module_m } ELSE ERROR BW p. 120

25 The ideal FT-component Exception HandlerNormal mode Request/response Interface exception Interface exception Failure exception Failure exception BW p. 126

26 Safety Assessment Find faults that may lead to mishaps, analyze their relations, and estimate their consequences. May involve probabilistic reasoning (Reliability Engineering)

27 Fault Tree - Events Primary Events: Basic event – fault in atomic component Undeveloped Event – fault in composite component (may be analyzed later) External event – expected event from environment Intermediate event: Nodes inside a fault-tree

28 Fault Tree - Gates... condition Inhibit gate

29 Example – ”Wake too late” Wake too late Alarm clock fails Phone fails ”Inner clock” fails

30 Example ”Alarm clock fails” Beeper fails Button fails Alarm clock fails electronics fail SW fails Power fails Button read failsBeeper not set

31 Cut Set A cut set is a set of events that causes a top level event A singleton cut set is a single point of failure

32 Example – ”Wake too late” Wake too late Alarm clock fails Phone fails ”Inner clock” fails

33 Example ”Alarm clock fails” Beeper fails Button fails Alarm clock fails electronics fail SW fails Power fails Button read failsBeeper not set

34 Extensions etc. Probabilities on edges Event tree (forward analysis from initiating event) Combinations (cause-consequence diagrams) Many tools Kirsten M. Hansen, Anders P. Ravn and Victoria Stavridou, From Safety Analysis to Formal Specification, IEEE Trans. Softw. Eng.24,pp. 573-584, July 1998

35 Example

36 Fault Hypotheses

37 Fault-Tolerant System

38 Impulse Generator

39 CU

40 Voter and Arbiter

41 Parameters

42 Properties

43 Procedure 1.Model the correct component and check that it has the desired properties. 2.Model relevant faults and introduce them as internal transitions to error states. Check that this fault-affected. 3. Introduce into the model the mechanisms for fault detection, error recovery and masking and check that the desired properties are valid for this design.

Download ppt "Software Fault Tolerance – The big Picture RTS April 2008 Anders P. Ravn Aalborg University."

Similar presentations

Tolerating Timing faults TSW November 2009 Anders P. Ravn Aalborg University.

Tolerating Timing faults TSW November 2009 Anders P. Ravn Aalborg University.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
Fault-Tolerant Systems Design Part 1.

Fault-Tolerant Systems Design Part 1.
Software Quality Assurance (SQA). Recap SQA goal, attributes and metrics SQA plan Formal Technical Review (FTR) Statistical SQA – Six Sigma – Identifying.

Software Quality Assurance (SQA). Recap SQA goal, attributes and metrics SQA plan Formal Technical Review (FTR) Statistical SQA – Six Sigma – Identifying.
Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.

Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.
Fault Tolerance -Example TSW November 2009 Anders P. Ravn Aalborg University.

Fault Tolerance -Example TSW November 2009 Anders P. Ravn Aalborg University.
Dependability TSW 10 Anders P. Ravn Aalborg University November 2009.

Dependability TSW 10 Anders P. Ravn Aalborg University November 2009.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
© Burns and Welling, 2001 Characteristics of a RTS n Large and complex n Concurrent control of separate system components n Facilities to interact with.

© Burns and Welling, 2001 Characteristics of a RTS n Large and complex n Concurrent control of separate system components n Facilities to interact with.
Fault Tolerance: Basic Mechanisms mMIC-SFT September 2003 Anders P. Ravn Aalborg University.

Fault Tolerance: Basic Mechanisms mMIC-SFT September 2003 Anders P. Ravn Aalborg University.
CSE 322: Software Reliability Engineering Topics covered: Dependability concepts Dependability models.

CSE 322: Software Reliability Engineering Topics covered: Dependability concepts Dependability models.
8. Fault Tolerance in Software 8.1 Introduction Is it true that a program that has once performed a given task as specified will continue to do so? Yes,

8. Fault Tolerance in Software 8.1 Introduction Is it true that a program that has once performed a given task as specified will continue to do so? Yes,
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
ABCSG - Dependable Systems - 01/06/2006 1 ABCSG Dependable Systems.

ABCSG - Dependable Systems - 01/06/ ABCSG Dependable Systems.
Dependability ITV Real-Time Systems Anders P. Ravn Aalborg University February 2006.

Dependability ITV Real-Time Systems Anders P. Ravn Aalborg University February 2006.
7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.

7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.
Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.

Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.
Safety Analysis – A quick introduction RTS February 2006 Anders P. Ravn Aalborg University.

Safety Analysis – A quick introduction RTS February 2006 Anders P. Ravn Aalborg University.
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

Similar presentations

Ads by Google