Retour au site du LAAS-CNRS

Abstract

Early assessment of the adequacy of fault tolerance mechanisms, and the subsequent removal of fault tolerance deficiency faults (ftd-faults), are essential tasks in the design process of dependable computer systems. The paper is centred on the description and application of the features of MEFISTOL, the fault injection tool for VHDL models, being developed at LAAS for supporting the strategy that we have proposed for testing fault tolerance mechanisms. The paper first describes the overall testing framework in which MEFISTO-L is incorporated. Then the tool is described in terms of its objectives, attributes, implementation and use; special attention is given to the main original and innovative features: i) the embedded VHDL code analyser facilitating the identification of the signals to be injected at different levels of the model hierarchy, ii) the observation and injection mechanisms, iii) their synchronisation, and iv) their automatic placement in the target VHDL model.

Abstract

Early verification of the adequacy of fault tolerance mechanisms, and the subsequent removal of fault tolerance deficiency faults (ftd-faults), are essential tasks in the design process of dependable computer systems. The paper is centred on the description and application of the new features of MEFISTO-L, the fault injection tool for VHDL models, being developed at LAAS for supporting the strategy that we have proposed for testing fault tolerance mechanisms. The paper first describes the overall testing framework in which MEFISTO-L is incorporated. Then, the testing strategy, and in particular the test outcome issue, is depicted. The tool is described in terms of its objectives, attributes, implementation and use; special attention is given to the main original and innovative features: i) the embedded VHDL code analyser facilitating the identification of the signals to be injected at different levels of the model hierarchy, ii) the observation and injection mechanisms, iii) their synchronisation, and iv) their automatic placement in the target VHDL model. Finally, an example of application of MEFISTO-L for specifying a fault injection campaign is presented.

Abstract

It is well-known that the dependability that can be achieved by a fault-tolerant system is particularly sensitive to both the asymptotic value of coverage and to the time distribution of coverage. However, most previous work on coverage evaluation by statistical processing of the results of fault-injection experiments has only been concerned with estimating asymptotic coverage. In this paper, we tackle the problem of estimating the parameters of models that also account for coverage latency. After discussing some data sets resulting from fault-injection experiments on practical systems, we propose a series of coverage latency models that might be considered to account for the observed phenomena in a system dependability evaluation. We consider both exponential and non-exponential models, and assess their pertinence by means of a sensitivity study. We confirm previous results that latency can have an extremely important effect on the achievable dependability. We also show that the shape of the latency distribution has only a minor impact in the practical case of systems with high asymptotic coverage. A simple action model based on an exponential latency distribution is therefore proposed. We show how worst-case confidence limits can be obtained for the parameters of this action model and study the effects of data truncation that are unavoidable in any practical measurements of latency. We conclude by a critical assessment of the proposed estimation technique and a demonstration of its application to practical data sets.

Mots-Clés / Keywords

Abstract

This paper describes and illustrates the application of a strategy for testing fault tolerance by means of fault injection. The proposed approach encompasses a method for modelling fault tolerance together with a strategy for testing several classes of fault tolerance mechanisms. The modelling approach distinguishes two main abstraction levels: (i) a data flow diagram of the general organisation of the fault tolerance and of the interactions between the fault tolerance mechanisms, (ii) behavioural models of the individual mechanisms. The behavioural models allow for structural or functional testing criteria to be identified. They are used for determining the activities to be applied and the faults to be injected in order to cover the selected criteria. The target fault tolerant system considered for exemplifying our approach features several fault tolerance mechanisms (self-checking, voting, clock synchronization, etc.) and is implemented as a VHDL model. It is built on a versatile environment allowing the analysis of fault-tolerant realtime distributed architectures. The MEFISTO tool has been extended to support the proposed fault injection scheme.

Mots-Clés / Keywords