Reliability validation of group membership services for X-by-wire protocols.
详细信息
- 作者:Latronico ; Elizabeth Ann.
- 学历:Doctor
- 年:2005
- 导师:Koopman, Philip
- 毕业院校:Carnegie Mellon University
- 专业:Computer Science.;Engineering, Electronics and Electrical.
- ISBN:0542084082
- CBH:3171950
- Country:USA
- 语种:English
- FileSize:26348560
- Pages:221
文摘
Distributed fault tolerance algorithms are used for many ultra-reliable systems. For example, aviation fly-by-wire and automotive drive-by-wire network protocols need to reliably deliver data despite the presence of faults. Careful design is required, since ultra-reliable systems permit a failure rate on the order of just 10-9 failures per hour. Unfortunately, investing more effort at the design stage does not assure a more reliable product if no objective measurement technique is used at this stage.;The key idea of this dissertation is to estimate the reliability of a service by measuring the probability that the algorithm's maximum fault assumption will be violated. An algorithm's maximum fault assumption states the number of active faults that can be tolerated. The service (and the system) may fail if this assumption is violated. The maximum fault assumption can be tested at design time, before costly design commitments have been made.;This dissertation defines a methodology to measure the reliability of a service's maximum fault assumption. The methodology is applied to clock synchronization and group membership services from three safety-critical protocols---the FlexRay Consortium's FlexRay protocol, TTTech's Time Triggered Protocol Class C (TTP/C), and NASA Langley's Scalable Processor Independent Design for Electromagnetic Resilience (SPIDER). First, I compose an extensive, reusable physical fault model for the aviation and automotive domains. Next, I show how to map this physical fault model to the hybrid fault models in the specifications. For each protocol, I define a Markov model template consisting of an extensible set of states and transitions. Over twenty thousand models are then generated and solved using the NASA Langley Semi-markov Unreliability Range Estimator tool suite.;The methodology identifies the type of fault expected to cause the most failures, and locates trade-off points in the design space where a different fault type becomes dominant. Armed with this information, a designer can target improvements to create and validate a more reliable service. For FlexRay clock synchronization, the Welch and Lynch and the Strictly Omissive formally proven services are compared. For TTP/C and SPIDER membership, customizing the fault diagnosis algorithms to handle transient faults improves the overall estimated reliability.