10 dependable architectures
play

10 Dependable Architectures The material of this course has been - PowerPoint PPT Presentation

Feb 08, 2024 •409 likes •1.07k views

EPFL, Spring 2017 10 Dependable Architectures The material of this course has been initially created by Prof. Dr. H. Kirrmann and adapted by Dr. Y-A. Pignolet & J-C. Tournier Fault Error - Failure Fault: Defect in system (bug) Error:

  1. EPFL, Spring 2017 10 Dependable Architectures The material of this course has been initially created by Prof. Dr. H. Kirrmann and adapted by Dr. Y-A. Pignolet & J-C. Tournier

  2. Fault – Error - Failure Fault: Defect in system (bug) Error: Difference between intended and actual behavior Failure: Not satisfying specification Internal External may may failure error fault = system doesn’t perform cause cause required function Fault examples Error examples SW bug Missing values Stuck bit Measured value ≠ real value Loose connector … … Industrial Automation | 2017 2

  3. Fault Tolerance Mechanisms Identify and record the cause(s) of error(s), Error 1 location/type, concurrent or pre-emptive detection Fault isolation Error 2 Reconfiguration (online repair) Passivation Transform from state with errors into state Error 3 Recovery without errors (forward, backward recovery) Fault Masking Error 4 Compensation Error Corrections Deliver the required service in the presence of faults Industrial Automation | 2017 3 Sli de

  4. Main dependable computer architectures input inputs diagnostics D D processor processor D processor on-line workby fail-over logic off-switch inputs outputs output a) Integer b) Persistent " rather nothing than wrong " " rather wrong than nothing " processor processor processor (fail-silent, fail-stop, "fail-safe") "fail-operate “ 1oo1d (1oo2d) 2/3 Exercise: 2/3 voter Compute the reliability and availability of all architectures, without and with outputs repairs. c) Integer & persistent error masking, massive redundancy (2oo3v) Industrial Automation | 2017 4

  5. 10.1 Error Detection and Fail-Silent 10.1 Error detection and fail-silent computers - check redundancy - duplication and comparison 10.2 Fault-Tolerant Structures 10.3 Issues in Workby operation - Input Processing - Synchronization - Output Processing 10.4 Issues in Standby Implementation - Standby Redundancy Structures - Checkpointing - Recovery 10.5 Examples of Dependable Architectures - ABB dual controller - Boeing 777 Primary Flight Control - Space Shuttle PASS Computer Industrial Automation | 2017 5

  6. Error Detection: Classification  Error detection is the base of “ safe ” computing ( “ fail-silent ” ) -> disable outputs if error detected  Error detection is the base of fault-tolerant computing ( “ fail-operate ” ) -> switchover if error detected, passivate faulty unit. Key factors:  “ hamming distance ” : how many simultaneous errors can be detected  coverage ( recouvrement , Deckungsgrad) probability that an error is discovered within useful time (definition of "useful time": before any damages occur, before automatic shutdown,…)  latency ( latence , Latenz) time between occurrence and detection of an error Industrial Automation | 2017 6

  7. Error Detection: Classification Errors can be detected, (in order of increasing latency): – on-line (while the specified function is performed)  by continuous monitoring/supervision – off-line (in a time period when the unit is not used for its specified function)  by periodic testing – during periodic maintenance (when the unit is tested and calibrated)  by thorough testing, uncovering lurking errors Industrial Automation | 2017 7

  8. Error detection The correctness of a result can be checked by: relative tests (comparison tests): by comparing several results of redundant units or computations (not necessary identical) pessimistic, i.e. differences due to (allowed) indeterminism count as errors high coverage, high cost absolute tests (acceptance tests): by checking the result against an a priori consistency condition (plausibility check) optimistic, i.e. even if result is consistent it may not be correct (but can catch some design errors) Industrial Automation | 2017 8

  9. Error Detection: Possibilities relative test absolute test duplication and comparison watchdog (time-out) (either hardware duplication or control flow checking on-line time redundancy) error-detecting code (CRC, etc.) triplication and voting illegal address checking comparison with check of program version precomputed test result (fixed check of watchdog function off-line inputs) check code for program code e.g. memory test Industrial Automation | 2017 9

  10. Detection of Errors Caused by Physical Faults Depends on type of component, its error rate and its complexity. Component Error characteristics Typical error detection medium to high error rate, Data transmission lines parity, memoryless CRC, watchdog Regular memory elements medium error rate, parity, large storage Hamming codes, EDC CRC on disk. Processors and controllers low error rate, duplication and comparison, high complexity coded logic Auxiliary elements high error rate, mechanical integrity, (hard disk, ventilation) high diversity voltage supervision, watchdogs,... Industrial Automation | 2017 10

  11. Watchdog Processor (absolute test) watchdog processor supply application processor voltage time cyclic > k ms application reset (every k ms) trusted switch inhibit The application processor periodically resets the watchdog timer. If it fails to do so, the watchdog processor will shut down and restart the processor. Industrial Automation | 2017 11

  12. Duplication and Comparison (relative test) safe input Advantage: high coverage, short latency spreader Problem non-determinism: digital computers are made of analogue elements clock with variable delays, thresholds, asynchronous worker checker clocks... sync The safety-relevant parts (comparator and  switch) are useless if not regularly checked. comparator switch fail-silent output worker and checker are identical and deterministic. Conditions: inputs are (made) identical and synchronized (interrupts !) output must be synchronized to allow comparison. Variant: the checker only checks the plausibility of the results (requires definition of what is forbidden) Industrial Automation | 2017 12

  13. Error detection method by coding (absolute test) This method is used in network and storage, where error patterns are simple. It consists in adding a code (parity, checksum, cyclic redundancy check,…) to the useful data that guarantees its integrity. r check bits k data bits n-bit code word Coding is more efficient than duplication and comparison. Coding has also been applied to processing elements, but complexity can be large. For each operation, a corresponding operation on the check bits has to be done. A A’ B B’ C C’ value code Industrial Automation | 2017 13

  14. Error detection by predicates (absolute check) Results of computation are checked against predicates that must be fulfilled, e.g. the sum of two positive integers is a positive integer Plausibility checks require knowledge of the specification: • e.g. not all traffic lights may be green at the same time Plausibility may involve different information sources: • e.g. compare wheel speed with GPS speed Danger is - detection of wrong errors (legal situations not foreseen by application, e.g. flight altitude below sea level) - not detecting real errors (the result is wrong, but plausible) Error coverage is not 100% ! Industrial Automation | 2017 14

  15. Integer processors Integer processors are capable of detecting all single errors and switch their outputs to a safe state in case of error (“fail - silent” processors) (often called “fail - safe” processors, but they are only safe when used in plants where a safe state can be reached by passive means). This requires a high coverage, that is usually achieved by duplication and comparison. For operation, both computers must be operational, this is a 2oo2 structure (2 out of 2). Industrial Automation | 2017 15

  16. Integer Computers: Self-Testing System self-testing parallel processors E E E backplane bus P P P (e.g. duplication D D D (self-test by & comparison) parity) Computers include stable storage E E increasingly means to I/O D MEM (with error detection D detect their own errors. and correction) changeover logic serial bus to safe state (CRC) Vs safe value What happens if the safe switch fails ? Industrial Automation | 2017 16

  17. Integer outputs: selection by the plant The dual channel should be extended as far as possible into the plant E worker checker worker checker controller D M act if both agree act if any does act if error detection agrees (workby) (workby) (error detector controls power) Industrial Automation | 2017 17

  18. 10.2 Fault-tolerant structures 10.1 Error detection and fail-silent computers - check redundancy - duplication and comparison 10.2 Fault-Tolerant Structures 10.3 Issues in Workby operation - Input Processing - Synchronization - Output Processing 10.4 Issues in Standby operation - Standby Redundancy Structures - Checkpointing - Recovery 10.5 Examples of Dependable Architectures - ABB dual controller - Boeing 777 Primary Flight Control - Space Shuttle PASS Computer Industrial Automation | 2017 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Architectures of Dependable Systems: From Closed to Open Systems V. Issarny et al.

Software Architectures of Dependable Systems: From Closed to Open Systems V. Issarny et al.

Software Architectures of Dependable Systems: From Closed to Open Systems V. Issarny et al. INRIA Rocquencourt, France Architecture-based Development of Complex Software Systems Benefits wrt systems robustness Methods and tools

562 views • 27 slides
ARCHI TECTURAL CHOI CES FOR DEPENDABLE SYSTEMS Nicole Levy Laboratoire PRISM Universit de

ARCHI TECTURAL CHOI CES FOR DEPENDABLE SYSTEMS Nicole Levy Laboratoire PRISM Universit de

3 rd Workshop on Architectures for Dependable Systems (WADS) 26 th ICSE May 2004 - Edinburgh ARCHI TECTURAL CHOI CES FOR DEPENDABLE SYSTEMS Nicole Levy Laboratoire PRISM Universit de Versailles St.-Quentin Nicole.Levy@prism.uvsq.fr

448 views • 28 slides
Layered Assurance Scheme for Mul4-Core Architectures J.

Layered Assurance Scheme for Mul4-Core Architectures J.

Layered Assurance Scheme for Mul4-Core Architectures J. Alves-Foss, X. He and J. Song Center for Secure and Dependable Systems University of

255 views • 21 slides
Applying Design Diversity to Aspects of System Architectures and Deployment Configurations to

Applying Design Diversity to Aspects of System Architectures and Deployment Configurations to

Applying Design Diversity to Aspects of System Architectures and Deployment Configurations to Enhance System Dependability Matthew J. Hawthorne Dewayne E. Perry The University of Texas at Austin Introduction Dependable Systems:

652 views • 20 slides
Multi-core Architectures Interconnect Technology Virendra Singh Associate Professor Computer

Multi-core Architectures Interconnect Technology Virendra Singh Associate Professor Computer

Multi-core Architectures Interconnect Technology Virendra Singh Associate Professor Computer Architecture and Dependable Systems Lab Department of Electrical Engineering Indian Institute of Technology Bombay http://www.ee.iitb.ac.in/~viren/

633 views • 36 slides
Multi-core Architectures Interconnect Technology Virendra Singh Associate Professor Computer

Multi-core Architectures Interconnect Technology Virendra Singh Associate Professor Computer

Multi-core Architectures Interconnect Technology Virendra Singh Associate Professor Computer Architecture and Dependable Systems Lab Department of Electrical Engineering Indian Institute of Technology Bombay http://www.ee.iitb.ac.in/~viren/

500 views • 49 slides
Behavioral Contracts and Service Substitutability: A Contribution to Dependable SOA Haldor

Behavioral Contracts and Service Substitutability: A Contribution to Dependable SOA Haldor

1 Behavioral Contracts and Service Substitutability: A Contribution to Dependable SOA Haldor Samset and Rolv Brk, Norwegian University of Science and Technology NTNU, Department of Telematics NTNU, June 2008 Dependable SOA 2 What is

555 views • 13 slides
Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectures Architectural styles Software architectures Architectures versus middleware Self-management in distributed systems 1 / 26 Architectures Architectural styles Architectural styles Basic idea Organize into

571 views • 33 slides
RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE

RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE

RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE 2002 Workshop on Architecting Dependable Systems Orlando, Florida, USA Chang Liu, Debra J. Richardson Information And Computer Science University

840 views • 24 slides
Fourth Workshop on Dependable and Secure Nanocomputing Organizers: Jean Arlat, LAAS- CNRS

Fourth Workshop on Dependable and Secure Nanocomputing Organizers: Jean Arlat, LAAS- CNRS

The 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks June 28-July 1, 2010 Chicago, IL, USA Fourth Workshop on Dependable and Secure Nanocomputing Organizers: Jean Arlat, LAAS- CNRS Cristian

198 views • 9 slides
Overview Agent Architectures Definition of agent architecture Classical Architectures for

Overview Agent Architectures Definition of agent architecture Classical Architectures for

Overview Agent Architectures Definition of agent architecture Classical Architectures for robots consists of functional components Situated Automata eliminates explicit deliberation Behavior-Based Architectures behaviors as essential

641 views • 11 slides
Anti-Honeypot Technology Thorsten Holz Laboratory for Dependable Distributed Systems

Anti-Honeypot Technology Thorsten Holz Laboratory for Dependable Distributed Systems

Dependable Distributed Systems Anti-Honeypot Technology Thorsten Holz Laboratory for Dependable Distributed Systems holz@i4.informatik.rwth-aachen.de Thorsten Holz Laboratory for Dependable Distributed Systems 21st Chaos Communication

576 views • 57 slides
South Dakota Department of Revenue Professional, Dependable, Accauntable . .. in parmerslzip with

South Dakota Department of Revenue Professional, Dependable, Accauntable . .. in parmerslzip with

DoR Presentation to Tax Committees Thursday, January 22, 2015 10:24 AM South Dakota Department of Revenue Professional, Dependable, Accauntable . .. in parmerslzip with Sauth Dakota 1 Department Organizational Chart Professional, Dependable,

755 views • 27 slides
WADS 2009 On the Design of Adaptive-and-dependable Systems Lessons learned and experiences at

WADS 2009 On the Design of Adaptive-and-dependable Systems Lessons learned and experiences at

WADS 2009 On the Design of Adaptive-and-dependable Systems Lessons learned and experiences at the University of Antwerp Vincenzo De Florio http://www.pats.ua.ac.be/vincenzo.deflorio Agenda Adaptive-and-Dependable Software Systems

674 views • 51 slides
Towards a high performance parallel platform for dependable embedded systems Mitsuhisa Sato

Towards a high performance parallel platform for dependable embedded systems Mitsuhisa Sato

Towards a high performance parallel platform for dependable embedded systems Mitsuhisa Sato University of Tsukuba JST-CREST Dependable Operating Systems for Embedded Systems Project Outline Background

482 views • 8 slides
Human Interface/ Human Error 18-849b Dependable Embedded Systems Charles P. Shelton February

Human Interface/ Human Error 18-849b Dependable Embedded Systems Charles P. Shelton February

Human Interface/ Human Error 18-849b Dependable Embedded Systems Charles P. Shelton February 25, 1999 Required Reading: Murphy, Niall; Safe Systems Through Better User Interfaces Supplemental Reading: Burns, A.; The HCI component of dependable

501 views • 14 slides
I M P A UNIVERSITT GIESSEN www.uni-giessen.de/cms/iamp Stefan Schippers, FLAIR workshop,

I M P A UNIVERSITT GIESSEN www.uni-giessen.de/cms/iamp Stefan Schippers, FLAIR workshop,

Electron-Ion Collisions in Heavy-Ion Storage-Rings Stefan Schippers Institut fr Atom- und Moleklphysik JUSTUS-LIEBIG- I M P A UNIVERSITT GIESSEN www.uni-giessen.de/cms/iamp Stefan Schippers, FLAIR workshop, Heidelberg, 15-16 May

744 views • 26 slides
AI Methodology Theoretical aspects Mathematical formalizations, properties, algorithms

AI Methodology Theoretical aspects Mathematical formalizations, properties, algorithms

AI Methodology Theoretical aspects Mathematical formalizations, properties, algorithms Engineering aspects The act of building (useful) machines Empirical science Experiments What's involved in Intelligence? A) Ability to interact

857 views • 39 slides
Scope of the Physical Layer Concerns how signals are used to transfer message bits over a link

Scope of the Physical Layer Concerns how signals are used to transfer message bits over a link

Scope of the Physical Layer Concerns how signals are used to transfer message bits over a link Wires etc. carry analog signals We want to send digital bits 10110 10110 Signal 1 Simple Link Model Well end with an

940 views • 46 slides
Environmental Impact of Air Traffic Flow Management Delays A EUROCONTROL Global Aviation

Environmental Impact of Air Traffic Flow Management Delays A EUROCONTROL Global Aviation

Environmental Impact of Air Traffic Flow Management Delays A EUROCONTROL Global Aviation Emissions Study performed by ENVISA Frank Jelinek EUROCONTROL Sandrine Carlier ENVISA Ivan de Lepinay ENVISA Jean-Claude Hustache ATM

615 views • 17 slides
Todays Outline Arrays Files Functions 1 Arrays <!DOCTYPE html PUBLIC

Todays Outline Arrays Files Functions 1 Arrays <!DOCTYPE html PUBLIC

IT360: Applied Database Systems PHP Arrays, Files, Functions Todays Outline Arrays Files Functions 1 Arrays <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

227 views • 10 slides
Todays Outline Arrays Files Functions 1 Arrays <?php

Todays Outline Arrays Files Functions 1 Arrays <?php

IT360: Applied Database Systems PHP Arrays, Files, Functions Todays Outline Arrays Files Functions 1 Arrays <?php require_once('page.inc.php'); require_once('arrayFunctions.inc.php'); //create the page $myPage = new

378 views • 10 slides
Scalable Socket I/O PG Consultants Peter Gordon peter@pg-consultants.com Objective

Scalable Socket I/O PG Consultants Peter Gordon peter@pg-consultants.com Objective

Scalable Socket I/O PG Consultants Peter Gordon peter@pg-consultants.com Objective To download some http pages Quickly Start Small One socket use IO::Socket::INET my $socket = new IO::Socket::INET(PeerAddr =>

659 views • 14 slides
Files Information used by a computer system may be Introduction to Computer Systems stored on

Files Information used by a computer system may be Introduction to Computer Systems stored on

Files Information used by a computer system may be Introduction to Computer Systems stored on a variety of storage mediums COMP2300/6300 (magnetic disks, magnetic tapes, optical disks, flash disks etc). A file system provides a uniform

178 views • 5 slides

More recommend