fault tolerance fundamentals

Fault Tolerance Fundamentals

ITV Model-based Analysis and Design of Embedded SoftwareTechniques and methods for Critical Software

Anders P. RavnAalborg University

August 2011

Fault Tolerance

Means to isolate component faults

Prevents system failures

May increase system dependability

Dependability - attributes• Availability• Reliability• Safety• Confidentiality• Integrity• Maintainability

Dependability - impairments

• Faults • Errors• Failures

System and Component

Propagation among Components

Error Classification

(Fault Error)

• Effect

• Extent

• latent• effective

• local• distributed

Failure Classification

(Fault Error Failure)

• Consequence • benign• malign (a mishap)

Fault Tolerance

Means to isolate component faults

Prevents system failures

May increase system dependability

... And mask them

Fault Tolerance

FT - levels

• Full tolerance

• Graceful Degradation

• Fail safeBW p. 107

FT basis: Redundancy

• Time

• Space

Try Retry Retry ...

TryTryTry

...

BW p. 109

Fault Tolerance

Basic Strategies

The ideal FT-component

Exception HandlerNormal mode

Request/response

Request/response

Interfaceexception

Interfaceexception

Failureexception

Failureexception

Model Design Procedure1. Model the correct component and check that it

has the desired properties.2. Model relevant faults and introduce them as

internal transitions to error states. Check that this fault-affected.

3. Introduce into the model the mechanisms for fault detection, error recovery and masking and check that the desired properties are valid for this design.

Exercise

• What is the purpose of a watchdog-timer?• How could it be used in a space based

redundancy scheme?• - in a time based redundancy scheme?