仿生容错系统的可靠性分析

人工生命科学就是研究生物机体的特征,胚胎电子学介绍了新一代生物灵感容错FPGA系列,适合于人工生命的研究,胚胎电子阵列通过硬件冗余和阵列重构机构获得容错功能,本文论述和分析了根据κ-out-of-m可靠性模型的胚胎电子阵列的重构策略。讨论了行取消和细胞取消两种方案。     

Reliability analysis of a class of fault-tolerant systems

An architecture called the digital-data system is proposed to increase the reliability of a class of communication and network control systems. A general expression for the reliability of this system is derived using the total probability theorem, and the issue of minimizing the system cost is discussed. The architecture is quite general in that it models software fault-tolerant systems such as the recovery block scheme. Other software fault-tolerance schemes like the deadline mechanism for real-time recovery can also be modeled using this technique. A numerical example is given to illustrate the technique     

Reliability analysis and design of a fault-tolerant random access memory system

The design of a modular RAM system which is organized in a number of memory cards is examined. Two important factors are taken into account: the size of the memory chips used in a particular memory design, and the number of memory partitions which gives the maximum memory system reliability. Expressions are derived for three memory designs using two extreme failure models for the memory chips. These provide upper and lower bounds for the card and the entire memory system reliability, and allow the selection of an optimal configuration for a memory system which has a specified capacity and word length with (1) SEC or (2) SED-DED codes with spare memory cards.     

Module replication for fault-tolerant real-time distributed systems

This paper considers the problem of replicating and scheduling periodic tasks in a multiprocessor system, under timing and dependency constraints. The objective is to maximize the probability of successful completion (logically correct execution, within the time constraints) of all the tasks in the system. The authors assume a precedence graph that is general with chain, AND, OR and loop subgraphs. To achieve high probability of successful completion of the tasks in the system, several modules (that constitute the tasks) are chosen for replication and executed, regardless of whether a failure actually occurs or not. The replicated modules are chosen in an optimal way, and are added to the set of the executable tasks only if that increases the probability of successful completion. The failure model of the modules in the system is general and realistic. The allocation scheme assigns the original and the replicated modules to the processing nodes of the system, and determines their starting time as well as the schedule for communication among them. Their results improve upon the work done previously     

Reliability of majority voting based VLSI fault-tolerant circuits

The effect of compensating module faults on the reliability of majority voting based VLSI fault-tolerant circuits is investigated using a fault injection simulation method. This simulation method facilitates consideration of multiple faults in the replicated circuit modules as well as the majority voting circuits to account for the fact that, in VLSI implementations, the majority voting circuits are constructed from components of the same reliability as those used to construct the circuit modules. From the fault injection simulation, a survivability distribution is obtained which, when combined with an area overhead expression, leads to a more accurate reliability model for majority voting based VLSI fault-tolerant circuits. The new model is extended to facilitate the calculation of reliability of fault-tolerant circuits which have sustained faults but continue to operate properly. Analysis of the reliability model indicates that, for some circuits, the reliability obtained with majority voting techniques is significantly greater than predicted by any previous model     

Dynamic fault-tree models for fault-tolerant computer systems

Reliability analysis of fault-tolerant computer systems for critical applications is complicated by several factors. Systems designed to achieve high levels of reliability frequently employ high levels of redundancy, dynamic redundancy management, and complex fault and error recovery techniques. This paper describes dynamic fault-tree modeling techniques for handling these difficulties. Three advanced fault-tolerant computer systems are described: a fault-tolerant parallel processor, a mission avionics system, and a fault-tolerant hypercube. Fault-tree models for their analysis are presented. HARP (Hybrid Automated Reliability Predictor) is a software package developed at Duke University and NASA Langley Research Center that can solve those fault-tree models     

Reliability of voting in fault-tolerant software systems for smalloutput-spaces

Under a voting strategy in a fault-tolerant software system there is a difference between correctness and agreement. An independent N -version programming reliability model which distinguishes between correctness and agreement is proposed for treating small output spaces. An alternative voting strategy, consensus voting, is used to treat cases when there can be agreement among incorrect outputs, a case which can occur with small output spaces. The consensus voting strategy automatically adapts the voting to various version reliability and output-space cardinality characteristics. The majority-voting strategy provides reliability which is a lower bound, and the 2-out-of-n voting strategy provides reliability which is an upper bound, on the reliability by consensus voting. The reciprocal of the cardinality of output space is a lower bound on the average reliability of fault-tolerant system versions below which the system reliability begins to deteriorate as more versions are added     

Reliability analysis of complex models using SURE bounds

As computer and communication systems become more complex it becomes increasingly more difficult to analyze their hardware reliability, because simple models can fail to adequately-capture subtle but important features. This paper describes several ways the authors have addressed this problem for analyses based upon White's SURE theorem. They show: how reliability analysis based on SURE mathematics can attack very large problems by accepting recomputation in order to reduce memory usage; how such analysis can be parallelized both on multiprocessors and on networks of ordinary workstations, and obtain excellent performance gains by doing so; how the SURE theorem supports efficient Monte Carlo based estimation of reliability; and the advantages of the method. Empirical studies of large models solved using these methods show that they are effective in reducing the solution-time of large complex problems     

Performance and dependability analysis of fault-tolerant networks

Fault-tolerant networks continue their operation even in the presence of some failures. However, failures of components or subsystems can considerably affect the performance behaviour. This paper illustrates the use of Stochastic Reward Models (SRMs) for evaluating combined performance and dependability of fault-tolerant networks. A SRM is composed of a stochastic process, describing the evolution of the system, and a superimposed reward structure, reflecting different performance levels. To study the overall network behaviour, different network performance/dependability are introduced and discussed. Due to the arising complexity of exact SRMs a complexity reduction approach is proposed. For highly reliable networks an approximation of the model is presented.     

Reliability modeling of life-critical, real-time systems

We discuss the role of modeling in the design and validation of life-critical, real-time systems. The basics of Markov, Markov reward, and stochastic reward net models are covered. An example of a nuclear power plant cooling system is developed in detail. Multilevel models, model calibration, and model validation are also discussed     

Reliability of checkpointed real-time systems using time redundancy

Real-time computers are often used in embedded, life-critical applications where high reliability is important. A common approach to making such systems dependable is to vote on redundant processors executing multiple copies of the same task is described. The processors which make up such voted systems are subjected not only to independently occurring permanent and transient failure, but also to correlated transients brought about by electromagnetic interference from the operating environment. To counteract these transients, checkpointing and time redundancy are required, in addition to processor redundancy. This work analyzes the use of time and device redundancy in systems subject to correlated failure. The tradeoffs in checkpoint placement in such a system are found to be considerably different from those for non-redundant systems without real-time constraints. The authors compare fault-tolerant designs and without a rollback capability, accounting for the increased hardware-failure rate due to processor duplication when faults are detected in hardware, and the doubled execution times when detection is implemented in software     

Reliability models for facilities switching

Facilities switching has been proposed for use in remote line units in telecommunication systems as a means of reducing both maintenance cost and customer-perceived failure rate. The authors present mathematical models of the cost/availability/modularity tradeoffs involved. Numerical methods are used to plot these cost-availability tradeoffs for several scenarios, including an electronic cross-connect frame in an electronic remote unit, and an optical cross-connect frame in an optical remote unit. It is demonstrated that it is possible to model the reliability of a given configuration of linecards and facilities switches in closed form for some service schedules, notably a deterministic scheduled maintenance discipline. For a set of four switch-cost functions, the optimum modularity is insensitive to the linecard failure rate. The optimum modularity of a facilities switch was also insensitive to the parameters chosen for a particular type of cost function over the range of parameters modeled     

Markov chain reduction and analysis of GSPN models for task allocation in distributed systems

In this paper, we present a Markov chain (MC) reduction technique for analysis of a certain class of MCs. It requires only O(t) steps to analyze an MC having t states by this technique, as compared to O(t³) steps required by the usual matrix inversion method. We also present a generalized stochastic Petri net (GSPN) model for task allocation in distributed computer systems, where execution and inter-module communication costs are treated as random variables with exponential probability distribution. We show that the MC of this task system falls into a class to which the reduction technique is applicable. As an illustration of the reduction technique, we use a GSPN model of the task system to find the mean completion time of the system.     

Performance analysis of fault-tolerant systems in parallelexecution of conversations

The execution overhead inherent in the conversation scheme, which is a scheme for realizing fault-tolerant cooperating processes free of the domino effect, is analyzed. Multiprocessor multicomputer systems capable of parallel execution of conversation components are considered and a queuing network model of such systems is adopted. Based on the queuing model, various performance indicators, including system throughput, average number of processors idling inside a conversation due to the synchronization required, and average time spent in the conversation, have been evaluated numerically for several application environments. The numeric results are discussed and several essential performance characteristics of the conversation scheme are derived. For example, when the number of participant processes is not large, say less than six, the system performance is highly affected by the synchronization required on the processes in a conversation, and not so much by the probability of acceptance-test failure     

Electrical steering of vehicles - fault-tolerant analysis and design

The topic of this paper is systems that need be designed such that no single fault can cause failure at the overall level. A methodology is presented for analysis and design of fault-tolerant architectures, where diagnosis and autonomous reconfiguration can replace high cost triple redundancy solutions and still meet strict requirements to functional safety. The paper applies graph-based analysis of functional system structure to find a novel fault-tolerant architecture for an electrical steering where a dedicated AC-motor design and cheap voltage measurements ensure ability to detect all relevant faults. The paper shows how active control reconfiguration can accommodate all critical faults and the fault-tolerant abilities are demonstrated on a warehouse truck hardware.     

Supporting network management with real-time traffic models

Real-time routing and flow control in circuit-switched networks is investigated. An algorithm which updates routing tables and flow-control parameters according to changing load conditions is derived. The network is described by means of stochastic difference equations. A control structure imposed by hardware requirements and realistic network status information patterns is considered. It is shown that the global objectives can be achieved by means of shortest-route algorithms with state-dependent route lengths. Implementation issues which are related to traffic estimation and prediction are discussed. The performance of a particular algorithm implementation is investigated by simulation     

Building models of real-time systems from application software

We present a methodology for building timed models of real-time systems by adding time constraints to their application software. The applied constraints take into account execution times of atomic statements, the behavior of the system's external environment, and scheduling policies. The timed models of the application obtained in this manner can be analyzed by using time analysis techniques to check relevant real-time properties. We show an instance of the methodology developed in the TAXYS project for the modeling and analysis of real-time systems programmed in the Esterel language. This language has been extended to describe, by using pragmas, time constraints characterizing the execution platform and the external environment. An analyzable timed model of the real-time system is produced by composing instrumented C-code generated by the compiler. The latter has been re-engineered in order to take into account the pragmas. Finally, we report on applications of TAXYS to several nontrivial examples.     

工业以太网可靠性和实时性的探讨与分析

本文首先描述了工业控制领域对控制网络的可靠性与实时性的严格要求,接着讨论了传统现场总线网络系统在高可靠性、高实时性方面的优势以及其专有性与低互操作性的劣势,进而转入对开放标准的以太网技术进行讨论.通过分析普通商用以太网不满足工业控制网络可靠性要求的原因,转入重点探讨分析了工业以太网是如何从硬件设备和通信协议两方面改善商用以太网的可靠性与实时性.工业以太网可靠性设计人员可以以本文作为参考.     

Reliability models of a class of self-healing rings

SDH/SONET technology provides the economical and convenient deployment of fault-tolerant high-speed telecommunication networks. This paper analyses a class of SDH/SONET self-healing rings (SHR), i.e. bi-directional SHRs (with two and four fibres) and uni-directional SHRs (including line-switched USHRs and path-switched USHRs). We derived, for both the two-terminal and the all-terminal, reliability models of the above mentioned SHR architectures.     

某相控阵预警雷达实时任务调度策略的设计

针对相控阵预警雷达,给出一种基于多级队列混合优先级和雷达事件时间配额的调度策略,通过对队列优先级和事件截止期的分析得到一组执行序列。并且根据上帧中各队列事件的实际用时,自适应地调整下一帧中波束请求或雷达事件所占的时间配额。