基于RTEMS的软件容错系统设计

在空间环境下运行的计算机系统,高空辐射可能引发各种各样的异常或错误而导致故障。为了提高系统的可靠性,同时尽可能减少对系统实时性能的影响,需要对其进行有效的容错。针对节点和应用软件的故障检测和故障恢复进行研究与分析,提出了多种灵活有效的软件容错策略与设计方案,并基于四节点的多机硬件体系结构和RTEMS软件操作系统,设计并实现了一个系统原型。运行结果显示,该方案有效地提高了嵌入式实时系统的可靠性。     

实时容错分布式计算机系统

介绍了一个由3个节点通过FDD连接而成的实时容错分布式计算机系统。它的每个节点是一个多机容错操作系统，具有分布处理和实时计算能力，此外，它具有多级重构及实时文件管理功能，并为用户提供了良好的配置工具，方便用户对系统的使用和开发。     

嵌入式电力监控系统中温备份技术的研究与实现

嵌入式电力监控系统是一个对可靠性要求非常高的系统,需要具有容错能力的软件进行维护.针对嵌入式设备硬件资源及计算能力的限制,研究分析了影响备份系统可靠性的故障模型,提出了一种满足该模型的基于温备份的容错解决方案,深入讨论了在温备份的解决方案中实时数据的同步策略,给出了具体的设计与实现.按该同步策略,采用故障注入法对实现进...     

一种改进的实时嵌入式系统容错优化方法

容错技术中硬件冗余会产生较高的设计和生产成本.针对该问题,提出一种改进的实时嵌入式系统容错优化方法,基于检查点容错技术综合分析系统故障性能、硬实时任务时间约束和软实时任务的效用函数值.以设计的容错模型为基础,计算系统故障概率保证其在故障最大概率值内,给出硬任务截止时间确定可调度性,并应用改进的禁忌搜索算法获得软任务效用函数最佳值,算法有2种简单的邻节点结构,其禁忌准则遵循邻节点方法禁忌,优化效率明显改善.实验结果表明,该方法可进行故障分析等综合分析,并能迅速获得最大效用函数值.     

基于C/OS-II的多MCU容错设计与应用

在分析C/OS-II系统的基础上增加多MCU容错实时操作功能,可以对当前任务运行状态实时进行一致性操作,使多MCU中的一个节点在出现死节而崩溃时,其他节点可以实现死节的决策,并恢复其坏死节点的任务状态使其继续运行。通过三MCU方式结构及运行验证,改进的系统表现出稳定可靠的容错能力。     

基于μC/OS-Ⅱ的多MCU容错设计与应用

在分析μC/OS-Ⅱ系统的基础上增加多MCU容错实时操作功能,可以对当前任务运行状态实时进行一致性操作,使多MCU中的一个节点在出现死节而崩溃时,其他节点可以实现死节的决策,并恢复其坏死节点的任务状态使其继续运行.通过三MCU方式结构及运行验证,改进的系统表现出稳定可靠的容错能力.     

实时双机嵌入式容错系统实现与可调度性研究

针对电力直流监控系统的可靠性要求,采用实时双机嵌入式容错系统的设计以实现功能.采用了基于内核抢占式的实时多任务操作系μC/OS-Ⅱ进行容错设计、修改了内核调度,并讨论、验证了容错的任务可调度性.可靠性检测结果表明,双机容错系统的功能可以满足实际要求.     

实时嵌入式容错系统的关键技术研究

简要回顾了容错技术的发展过程并分析了不同故障模型下系统的客错方式.对于瞬时故障、间歇性故障的容错可采用软件冗余方法,在实时嵌入式系统中采用软件容错时必须考虑任务的可调度性;而永久性故障则采用硬件冗余方法来解决.在此基础上,描述了一种实时双机嵌入式容错系统的模型,研究了构建容错系统需要解决的双机同步、故障检测及仲裁切换等关键问题和相应的解决方法.     

分布式嵌入式环境下的容错软件设计

在用于一些关键任务的环境中,由于软件故障而导致的后果是无法容忍的,软件容错技术应运而生而且变得越来越重要。针对分布式嵌入式环境的特点设计了一个容错软件,介绍了容错软件的结构以及各个模块的功能,并分析了节点监测、故障检测和服务迁移等关键技术。     

基于Linux的嵌入式实时数据库的设计

实时数据库是嵌入式系统的核心，用来定义数据变量，负责与外部设备进行实时数据交换。在用组态软件开发嵌入式应用时,在开发环境中定义实时数据库结构、数据来源及类型，在嵌入式运行环境获取实时数据库的数据，并进行显示、报警、存盘等操作。着重介绍了基于Linux的嵌入式组态软件中实时数据库的设计及其实现。     

一个具有高可用性的动态容错VoD系统

提出了一个在VoD系统中具有高可用性的动态容错算法。针对分布式应用的特点,能对控制节点实现服务器切换的容错,数据服务节点负载均衡分配和故障节点提供服务的恢复。同时按照文章一致性保证机制可以实现媒体服务故障恢复对客户端的透明。通过对系统可用性分析和仿真试验表明,该算法可以有救地提高系统的可用性。     

RTEMS嵌入式系统中的软件容错设计

为了提高嵌入式系统在恶劣环境下的可靠性,除了在硬件上采用诸如双机冷备份之类的容错方案外,在实时操作系统级提供软件容错处理功能既可以减小硬件资源开销,又可以在不影响系统工作效率的前提下明显提高系统的容错纠错能力.本文针对RTEMS实时操作系统缺乏软件容错支持功能的不足,在操作系统级设计了一套两级软件容错的方案,提高了嵌入式系统的可靠性.     

基于虚拟机部署策略的云平台容错即服务方法

针对如何充分利用云基础架构层资源,满足上层云应用系统租户对应用系统容错的需求多样性和高可靠性要求的问题,提出一种面向租户和云服务提供商的、基于虚拟机部署策略的云平台容错即服务方法。该方法根据租户的特定容错需求适配适合的容错方法及容错级别,据此计算并最优化云服务提供商的收益和资源使用量,在此基础上对提供容错服务的虚拟机进行优化部署,充分利用底层虚拟机资源为租户的云应用系统提供更为可靠的容错服务。实验结果表明,所提方法能够在保障云服务提供商收益的基础上,为多租户云应用系统实现更灵活且可靠性更高的容错服务。     

系统集成中的容错设计问题

对系统集成中的容错设计进行了较为全面的分析,指出了系统集成时需要综合考虑的各种错因素,另外,对系统集成提出了一系列的容错措施,以期达到提高系统容错能力的目的。     

基于反射的容错CORBA系统的设计与实现

容错是实现系统可靠性的一个重要手段。单一的容错策略已经不能满足当今分布式系统动态变化的要求,因此容错策略可配置的重要性就凸现出来。该文结合编译期反射和运行期反射,提出了可配置CORBA容错结构,并使用OpenC＋＋和拦截器实现了一个容错CORBA原型系统。该方法不需要修改CORBA ORB,而只需要对应用作极少的改动。     

Automating the addition of fault tolerance with discrete controller synthesis

Discrete controller synthesis (DCS) is a formal approach, based on the same state-space exploration algorithms as model-checking. Its interest lies in the ability to obtain automatically systems satisfying by construction formal properties specified a priori. In this paper, our aim is to demonstrate the feasibility of this approach for fault tolerance. We start with a fault intolerant program, modeled as the synchronous parallel composition of finite labeled transition systems; we specify formally a fault hypothesis; we state some fault tolerance requirements; and we use DCS to obtain automatically a program, having the same behavior as the initial fault intolerant one in the absence of faults, and satisfying the fault tolerance requirements under the fault hypothesis. Our original contribution resides in the demonstration that DCS can be elegantly used to design fault tolerant systems, with guarantees on key properties of the obtained system, such as the fault tolerance level, the satisfaction of quantitative constraints, and so on. We show with numerous examples taken from case studies that our method can address different kinds of failures (crash, value, or Byzantine) affecting different kinds of hardware components (processors, communication links, actuators, or sensors). Besides, we show that our method also offers an optimality criterion very useful to synthesize fault tolerant systems compliant to the constraints of embedded systems, like power consumption.     

A modelling and simulation based process for dependable systems design

Complex real-time system design needs to address dependability requirements, such as safety, reliability, and security. We introduce a modelling and simulation based approach which allows for the analysis and prediction of dependability constraints. Dependability can be improved by making use of fault tolerance techniques. The de-facto example, in the real-time system literature, of a pump control system in a mining environment is used to demonstrate our model-based approach. In particular, the system is modelled using the Discrete EVent system Specification (DEVS) formalism, and then extended to incorporate fault tolerance mechanisms. The modularity of the DEVS formalism facilitates this extension. The simulation demonstrates that the employed fault tolerance techniques are effective. That is, the system performs satisfactorily despite the presence of faults. This approach also makes it possible to make an informed choice between different fault tolerance techniques. Performance metrics are used to measure the reliability and safety of the system, and to evaluate the dependability achieved by the design. In our model-based development process, modelling, simulation and eventual deployment of the system are seamlessly integrated.     

数据中心巡检机器人信息平台实时任务容错调度算法

为了实现数据中心巡检机器人信息平台实时任务容错性,提出一种基于自适应反馈均衡和码元调制技术的数据中心巡检机器人信息平台实时任务容错调度模型。首先构建路由冲突下的数据中心巡检机器人信息平台传输信道模型,优化数据中心巡检机器人信息传输协议。然后采用模糊C均值聚类的方法进行巡检机器人信息融合,结合自适应反馈均衡方法进行巡检机器人信息传输的信道均衡设计,采用码元调制方法进行信息平台的实时任务容错调度。最后进行仿真实验。结果表明,采用该方法进行数据中心巡检机器人信息平台实时任务调度的容错性较好,信息平台的信道均衡性较强,提高了数据中心巡检机器人信息平台的任务实时调度能力。     

Fault tolerant network design inspired by Physarum polycephalum

Physarum polycephalum, a true slime mould, is a primitive, unicellular organism that creates networks to transport nutrients while foraging. The design of these natural networks proved to be advanced, e.g. the slime mould was able to find the shortest path through a maze. The underlying principles of this design have been mathematically modelled in literature. As in real life the slime mould can design fault tolerant networks, its principles can be applied to the design of man-made networks. In this paper, an existing model and algorithm are adapted and extended with stimulation and migration mechanisms which encourage formation of alternative paths, optimize edge positioning and allow for automated design. The extended model can then be used to better design fault tolerant networks. The extended algorithm is applied to several national and international network configurations. Results show that the extensions allow the model to capture the fault tolerance requirements more accurately. The resulting extended algorithm overcomes weaknesses in geometric graph design and can be used to design fault tolerant networks such as telecommunication networks with varying fault tolerance requirements.     

Distributed adaptive fault‐tolerant leader‐following formation control of nonlinear uncertain second‐order multi‐agent systems

This paper presents a distributed integrated fault diagnosis and accommodation scheme for leader‐following formation control of a class of nonlinear uncertain second‐order multi‐agent systems. The fault model under consideration includes both process and actuator faults, which may evolve abruptly or incipiently. The time‐varying leader communicates with a small subset of follower agents, and each follower agent communicates to its directly connected neighbors through a bidirectional network with possibly asymmetric weights. A local fault diagnosis and accommodation component are designed for each agent in the distributed system, which consists of a fault detection and isolation module and a reconfigurable controller module comprised of a baseline controller and two adaptive fault‐tolerant controllers, activated after fault detection and after fault isolation, respectively. By using appropriately the designed Lyapunov functions, the closed‐loop stability and asymptotic convergence properties of the leader‐follower formation are rigorously established under different modes of the fault‐tolerant control system.