总线上的实时非干预可再现故障注入模式

研究总结了总线上的实时非干预可再现同步故障注入模式，并给出了它的具体实现。研究基础是针对目前国内应用比较广泛的以Intel8086／80186、386EX、5l系列兼容单片机为MPU／MCU的高可靠目标系统，是该类目标系统软件实时仿真测试环境的一个重要组成部分。测试过程将不影响目标系统的实时性能和功能，并可实现测试过程的行为再现。它的实现利用了现代微机的高性能、多任务多线程以及FPGA、PCI等技术。作为故障注入模式的一种，其具有新颖性和重要的实用价值。     

Hybrid Methods for Detection and Identification of Faults in Dynamic Systems

Since the 1960s, when automation became essential to productivity, methods for the detection and identification of faults have been proposed. Physical systems are diversified and can be mechanical, electrical, pneumatic, electronic, or a combination of these. In addition, real plants have a large number of these devices, which are for its own operation, sensoring or control. Therefore the solutions given for detection of faults are generally very specific or particular. This paper aims to describe and analyze two hybrid methods of detection and fault identification based on residue and to check whether their inclusion with other methods, combining different techniques, can produce a better fault detection and identification system. The methods use the state observers for the generation of residues, which serve for the detection and identification and the set called the bank of signatures to identify the faults. Thereafter, the methods use different approaches to diagnose the fault: the first uses the approach of the mean square error, and the second uses a decision tree.     

Neural network models and statistical tests as flexible base for intelligent fault diagnosis

The increasing complexity of industrial control systems and industrial processes makes it necessary to frequent use tools and techniques for reliability and safety analysis, particularly to early detection and localization of faults. By applying conventional approaches to diagnose faults via both dynamic process and signal models and parameters estimation and knowledge processing the inherent redundances can be used to make it more effective and to detect faults earlier. But in many cases, it is not enough to design the unique fault diagnosis procedure, but it is also essential to provide its flexible adaptation to changes of environment of the controlled system, including structures, parameters, tasks of the operators, their (changing) knowledge, cognitive capabilities etc. The major efforts have to be made to develop new generation of knowledge-based fault detection (FD) systems with both analytical and heuristical knowledge to be easily adapted to the changes in the system's environment. The paper desribes integrated approach to the “homogeneous” introducing the human-like thinking neuron schemes in all the stages of the model based fault diagnosis. Several examples are discussed.     

On-line control flow error detection using relationship signatures among basic blocks

Computer systems operating in space environment are subject to different radiation phenomena, whose effects may lead to a control flow fault occurring in software system, which can cause unpredictable behaviors of computer-based systems. According to the specialty of space environment, We propose a technique called RSCFC (Relationship Signatures for Control Flow Checking) which is based on the partition of programs into basic blocks. Firstly, it exploits the relationship among the blocks, then assigns a signature, into which the relationship is coded, to each basic block. Control flow faults are detected through taking AND operation between the run-time signature and the location info of the current block with extra instructions induced at the beginning and the end of each block. A fault injection experiment was performed with several C benchmark programs. The result suggests that about 33% (20.7-68.8%) of the injected branching faults produced undetected incorrect outputs without RSCFC; however, with RSCFC, the above number declines to 11% (2.8-20.4%). Compared with previous techniques, RSCFC has the characteristics of both high fault coverage and low memory and performance overhead.     

基于软件仿真技术的外源性故障注入方法研究

针对当前复杂系统测试性试验中存在的无法模拟外部条件性存在的设备故障、外部输入输出故障模式单一等故障注入问题,定义了外源性故障的概念;针对外源性故障具有的功能逻辑和运行场景特性、故障源繁杂特性、模拟难度大成本高特性、总线交联特性,总结了外源性故障注入的基本要求;提出了一种面向外总线复杂应用数据仿真的外源性故障注入方法,面向总线应用层数据,从复杂系统的高级应用逻辑出发,模拟复杂系统交联环境、使用方式等故障行为,建立自动化的实时仿真故障注入环境,通过全数字仿真模型模拟交联环境的行为,进一步通过模型输入、输出或模型参数的改变,实施总线高级行为的故障注入。最后阐述了测试性试验中的外源性故障注入实施方案,分析了该方法的关键技术和环境构建思路,制定了外源性故障注入试验的实施流程。     

Fault Tolerance Using Dynamic Reconfiguration on the POEtic Tissue

Fault tolerance is a crucial operational aspect of biological systems and the self-repair capabilities of complex organisms far exceeds that of even the most advanced electronic devices. While many of the processes used by nature to achieve fault tolerance cannot easily be applied to silicon-based systems, in this paper we show that mechanisms loosely inspired by the operation of multicellular organisms can be transported to electronic systems to provide self-repair capabilities. Features such as dynamic routing, reconfiguration, and on-chip reprogramming can be invaluable for the realization of adaptive hardware systems and for the design of highly complex systems based on the kind of unreliable components that are likely to be introduced in the not-too-distant future. In this paper, we describe the implementation of fault tolerant features that address error detection and recovery through dynamic routing, reconfiguration, and on-chip reprogramming in a novel application specific integrated circuit. We take inspiration from three biological models: phylogenesis, ontogenesis, and epigenesis (hence the POE in POEtic). As in nature, our approach is based on a set of separate and complementary techniques that exploit the novel mechanisms provided by our device in the particular context of fault tolerance.     

Timed Wp-method: testing real-time systems

Real-time systems interact with their environment using time constrained input/output signals. Examples of real-time systems include patient monitoring systems, air traffic control systems, and telecommunication systems. For such systems, a functional misbehavior or a deviation from the specified time constraints may have catastrophic consequences. Therefore, ensuring the correctness of real-time systems becomes necessary. Two different techniques are usually used to cope with the correctness of a software system prior to its deployment, namely, verification and testing. In this paper, we address the issue of testing real-time software systems specified as a timed input output automaton (TIOA). TIOA is a variant of timed automaton. We introduce the syntax and semantics of TIOA. We present the potential faults that can be encountered in a timed system implementation. We study these different faults based on TIOA model and look at their effects on the execution of the system using the region graph. We present a method for generating timed test cases. This method is based on a state characterization technique and consists of the following three steps: First, we sample the region graph using a suitable granularity, in order to construct a subautomaton easily testable, called grid automaton. Then, we transform the grid automaton into a nondeterministic timed finite state machine (NTFSM). Finally, we adapt the generalized Wp-method to generate timed test cases from NTFSM. We assess the fault coverage of our test cases generation method and prove its ability to detect all the possible faults. Throughout the paper, we use examples to illustrate the various concepts and techniques used in our approach.     

Ecological interface design and computer network management: The effects of network size and fault frequency

This article describes an experiment investigating the impact of ecological interface design (EID) on human performance in computer network management. This work domain is more dynamic than those previously studied under EID because there is a constant potential for the addition and removal of devices, as well as changing configurations, making it important to study the generalizability of the framework. Two interfaces were created for the University of Toronto campus network consisting of 220 nodes: a P interface based on existing design practices which presented primarily physical information and a P+F interface based on EID which presented both physical and functional information identified by an abstraction hierarchy analysis. Participants used one of the two interfaces to detect and diagnose faults or disturbances in the simulated network in real-time. Network size and fault frequency were both manipulated as within-participants variables. The P+F interface led to faster detection times overall, as well as improved fault detection rate and more accurate fault diagnosis under higher fault loads. These results suggest that the EID framework may lead to more robust monitoring performance in computer network management compared to existing interfaces.     

Design and implementation of highly reliable dual-computer systems

Two of the main parameters of real-time computer systems are reliability and performance. Researchers are always looking for solutions to increase the values of these parameters, which is the goal of this study. To this end, we propose an architecture for a dual-computer system that operates in real-time with fault tolerance implemented purely by hardware. The hardware, as designed and implemented, performs the following key services: 1) determination of the fault type (temporary or permanent) and 2) localization of the faulty computer without using self-testing techniques or diagnostic routines. Our design has several benefits: 1) the designed hardware shortens the recovery point time period; 2) the proposed nontrivial sequence of fault-tolerant services reduces (to two) the number of logical segments that must be re-run to recover computational processes; and 3) the determination of the fault type allows for the elimination of only computers with permanent faults. These contributions yield improvements in both the performance and reliability of the system.     

Transient fault tolerance in digital systems

It is hard to shield systems effectively from transient faults (fault avoidance techniques). So some other means must be employed to assure appropriate levels of transient fault tolerance (insensitivity to transient faults). They are based on fault-masking and fault recovery ideas. Having analyzed this problem, the author identifies critical design points and outlines some practical solutions that refer to efficient on-line detectors (detecting errors during the system operation) and error handling procedures. This framework provides a basis for understanding transient fault problems in digital systems. It can be helpful in selecting optimum techniques to mask or eliminate transient fault effects in developed systems     

模型驱动的VxWorks操作系统故障注入与鲁棒性测试研究

VxWorks 是目前广泛应用于机载、车载等复杂嵌入式系统的操作系统,它为应用程序提供了强大的故障捕捉和缺省的故障处理服务,并提供应用程序可挂载的故障处理接口。由于故障产生的时机和机理复杂,因此如何控制操作系统使其按照应用程序的测试需求抛出相应的故障,从而触发应用程序的故障处理,是对应用程序开展鲁棒性测试时需要解决的一个关键问题。本文以 VxWorks 嵌入式实时操作系统中捕捉的故障作为研究对象,提出了由故障建模、故障注入、测试控制和鲁棒性判定组成的故障设计与测试方法,以支持对基于 VxWorks 的应用程序开展鲁棒性测试。该测试方法将模型驱动测试与故障注入技术相结合,在平台无关层次描述故障,针对操作系统中对相应故障处理方式的不同,本文设计了函数替换和变量修改两种故障注入方法,并在VxWorks 5.5 上进行了实验,确认了相应方法和技术的有效性。     

基于嵌入式软件实时运行和测试的仿真环境的研究与设计

测试环境在嵌入式软件测试过程中起着重要作用,一些软件测试人员拥有好的测试软件,却苦于没有好的测试环境来支持。该文提出了一种基于嵌入式软件实时运行的通用仿真测试环境。在测试过程中,主要应用于系统测试,适用于一般嵌入式软件和容错软件的实时测试。采用了总线上的故障注入和数据采集方法。环境的实现利用了现代微机的高性能、多任务多线程,以及FPGA、PCI等技术。     

SPEK: a storage performance evaluation kernel module for block-level storage systems under faulty conditions

This paper introduces a new benchmark tool, SPEK (storage performance evaluation kernel module), for evaluating the performance of block-level storage systems in the presence of faults as well as under normal operations. SPEK can work on both direct attached storage (DAS) and block level networked storage systems such as storage area networks (SAN). Each SPEK consists of a controller, several workers, one or more probers, and several fault injection modules. Since it runs at kernel level and eliminates skews and overheads caused by file systems, SPEK is highly accurate and efficient. It allows a storage architect to generate configurable workloads to a system under test and to inject different faults into various system components such as network devices, storage devices, and controllers. Available performance measurements under different workloads and faulty conditions are dynamically collected and recorded in SPEK over a spectrum of time. To demonstrate its functionality, we apply SPEK to evaluate the performance of two direct attached storage systems and two typical SANs under Linux with different fault injections. Our experiments show that SPEK is highly efficient and accurate to measure performance for block-level storage systems.     

基于Multi-agent的实时系统运行故障监控研究

软件密集型装备中常常包含着许多担负监测和控制作用的嵌入式实时系统,它们常常属于安全关键或者任务关键系统(safety-critical/mission-critical system)。为了能够有效解决该类系统中的软件故障检测、诊断与修复任务,本文提出了基于Multi-agent的实时系统运行故障监控框架,旨在利用在多agent的协作构建运行故障监控系统来在系统运行当中验证系统是否满足时序逻辑描述的性质规约,并采用具体的算法进行故障定位和修复。     

Xception: a technique for the experimental evaluation ofdependability in modern computers

An important step in the development of dependable systems is the validation of their fault tolerance properties. Fault injection has been widely used for this purpose, however with the rapid increase in processor complexity, traditional techniques are also increasingly more difficult to apply. This paper presents a new software-implemented fault injection and monitoring environment, called Xception, which is targeted at modern and complex processors. Xception uses the advanced debugging and performance monitoring features existing in most modern processors to inject quite realistic faults by software, and to monitor the activation of the faults and their impact on the target system behavior in detail. Faults are injected with minimum interference with the target application. The target application is not modified, no software traps are inserted, and it is not necessary to execute the target application in special trace mode (the application is executed at full speed). Xception provides a comprehensive set of fault triggers, including spatial and temporal fault triggers, and triggers related to the manipulation of data in memory. Faults injected by Xception can affect any process running on the target system (including the kernel), and it is possible to inject faults in applications for which the source code is not available. Experimental, results are presented to demonstrate the accuracy and potential of Xception in the evaluation of the dependability properties of the complex computer systems available nowadays     

Fault tolerance in supervisory control systems: a knowledge-based approach

Fault tolerance in computerized systems involved in production has become an ever more important requirement. Existing fault tolerance approaches, wherever used, deal mainly with hardware faults. Nevertheless, the vast majority of contemporary system failures are software related. This paper introduces a knowledge-based approach to handling software related faults occurring in supervisory control systems. These systems are event driven and use data, stored in complex databases, to react to events coming from different kinds of devices by identifying, scheduling, initiating and monitoring operations. Failure of part of the supervisory control system's software to behave rationally when unexpected events occur is called an application fault. The approach introduced in this paper is based on a supervisory control system reference model which reveals the set of all possible application faults together with the major functions of the recovery processes associated with each fault, and leads to a high-level knowledge-based system architecture capable of handling every fault-related condition. This system is called PROFIT (Intelligent PROduction systems Fault Tolerance) and consists of three main components: the fault diagnosis module, the instant fault correction module and the learning module, co-ordinated by a PROFIT meta-level module. The prototype version of PROFIT is analysed and the development as well as the run-time environment that prove the applicability and effectiveness of the system are presented.     

高速列车牵引整流器多类故障联合诊断方法

提出了一种高速列车牵引整流器多类故障联合诊断方法. 首先, 基于三电平牵引整流器开路故障分析, 建立整流器所有功率器件开路故障以及正常运行的状态空间模型并构建相应状态观测器. 然后, 基于正常状态观测器进行故障检测, 检测到故障后, 基于故障观测器区分功率器件开路故障和网侧电流传感器故障, 进而诊断出功率器件开路故障位置和网侧电流传感器故障类型. 实时仿真结果验证了本文方法的正确性和有效性.     

A modelling and simulation based process for dependable systems design

Complex real-time system design needs to address dependability requirements, such as safety, reliability, and security. We introduce a modelling and simulation based approach which allows for the analysis and prediction of dependability constraints. Dependability can be improved by making use of fault tolerance techniques. The de-facto example, in the real-time system literature, of a pump control system in a mining environment is used to demonstrate our model-based approach. In particular, the system is modelled using the Discrete EVent system Specification (DEVS) formalism, and then extended to incorporate fault tolerance mechanisms. The modularity of the DEVS formalism facilitates this extension. The simulation demonstrates that the employed fault tolerance techniques are effective. That is, the system performs satisfactorily despite the presence of faults. This approach also makes it possible to make an informed choice between different fault tolerance techniques. Performance metrics are used to measure the reliability and safety of the system, and to evaluate the dependability achieved by the design. In our model-based development process, modelling, simulation and eventual deployment of the system are seamlessly integrated.     

基于建康管理技术的机载计算机智能故障诊断方法

为了满足飞机机载电子设备以状态监控为基础的视情维修保障策略,提升设备可维护性,提出了一种基于在线检测、故障预测、辅助决策的健康监控管理故障诊断方法,支持对机载电子设备的健康状态进行预测和评估。通过划分机载电子设备子功能的敏感威胁区域,对这些区域设计专门的威胁预警监控电路,进行功能危害监控,建立推理监控模型对监控电路故障进行预警监控,结合辅助决策的方式对预警到的故障进行定位,实现对电子设备的智能故障诊断。通过FMEA的分析与故障注入测试验证,该预警电路、推理模型和辅助决策能有效的预测故障及定位,具有较高的故障预测覆盖率,可提高机载计算机的维修性、降低维修时间,在电子设备视情维修策略上具备工程应用价值。     

Derivative free filtering in hydraulic systems for fault identification

Diagnosis of incipient faults in hydraulic systems is of prime importance due to the performance and reliability demands. This paper outlines the application of derivative free filtering in hydraulic systems for the purpose of real-time fault identification. A flexible experimental setup is constructed in order to simulate different types of faults. The method in this paper deals with internal leakage faults. A detailed non-linear model of the hydraulic actuator experimental setup is developed and validated. Robust control strategies typically hide the presence of faults during incipient stages, making identification of the fault difficult. A partial feedback linearization based robust position control strategy is also presented and faults are identified in the presence of robust control. Faults in the hydraulic systems are modeled as parametric faults and second order divided difference filtering (DDF) is used to estimate the states and the parameters. The efficacy of this estimation algorithm is demonstrated using different fault levels as well as different fault growth profiles. The accuracy and the reliability of the methodology are also demonstrated by identifying faults as small as .01 l/s.