高可靠实时多阶段系统可靠性分析
|
摘要
随着微电子技术、信息技术、制造技术的迅猛发展,人类社会的各种关键应用领域(如航天运载、核能控制、武器装备、空间探测、电信交换、交通控制、医疗器械等)中逐渐涌现出一类复杂系统。这类系统有很高的实时性要求和可靠性要求;系统运行具有明显的阶段性;系统结构普遍采用分布式冗余机制从而具有动态可变的系统结构。本文把这类系统统称为高可靠实时多阶段系统(DEpendable Real-time Multiple-phased Systems, DERMS)。
在开发DERMS过程中,一个重要的步骤就是分析给定的系统设计是否满足预定的可靠性需求,即DERMS可靠性分析。针对DERMS可靠性分析国内外研究人员提出了两种方法:面向静态DERMS的故障树分析方法和面向动态DERMS的状态空间分析方法。通过对研究现状进行分析发现已有的研究并不成熟、系统,突出表现在:1)已有的基于BDD的故障树分析方法,系统BDD生成效率低;2)已有的基于随机过程的状态空间分析方法,只考虑了简单、小规模动态DERMS并没有考虑具有复杂行为的大规模动态DERMS。针对这两个问题本文进行了深入系统的研究。
针对静态DERMS组合系统故障树的BDD变量排序问题,论文给出了PDO排序策略、组合排序策略、一般排序策略和改进一般排序策略四类策略,并对各类策略的性能进行了细致的分析和比较,最后基于分支定界搜索给出了一个的策略选择方法。基于16个测试样本的实验数据表明,相关研究中普遍采用的后向PDO排序方法只能够以7/16的概率成为10种备选策略中的最优策略,并且没有一个排序方法能够以大于5/8的概率成为10种备选策略中的最优策略,所以本文给出的分支定界策略选择方法是一个很实用的策略选择方法。
针对静态DERMS组合系统故障树的BDD生成算法问题,论文从Zhang提出的PDO操作和PDOCombine算法入手,通过从扩大变量排序使用范围和提升运行性能这两个角度不断的对原始的PDOCombine算法进行改进从而获得了变量排序使用范围更广、性能更好的QuickPDOCombine算法。如对于一个较复杂的静态DERMS实例分析表明,虽然最终生成的系统BDD为155个节点但已有算法耗时近2分钟并且要求能够存储具有358,575个节点的中间BDD,而本文给出的算法耗时只需1.2秒并且只要求155个BDD节点的存储空间。
针对动态DERMS的阶段可靠性分析问题,论文重点给出了共享维修子系统、独立维修子系统和不可维修冗余子系统的可靠性分析方法。已有研究对于共享维修子系统的可靠性分析是基于MRGP过程的分析,本文在已有研究基础上简化了核心矩阵的推导方法和计算方法。已有研究对于独立维修子系统的可靠性分析都是假设维修活动是指数分布的Markov过程分析,针对实际维修活动通常是确定的或者一般性分布情况,本文推导了相应的组合分析公式。公式的组合性能够有效缓解了状态空间分析中存在的状态爆炸问题。
针对动态DERMS的系统可靠性分析问题。论文引入了阶段粘合剂—分支矩阵,并在阶段转换无记忆假设的基础上推导了系统任务可靠度的通用计算公式,提出了两种系统任务可靠度求解方法:解析式求解法和数值卷积积分求解法。通过案例分析表明,所给出的任务可靠度分析方法,在定制系统开发过程中可以用于验证和评估设计人员给出的设计;在通用系统开发过程中可以用于指导任务设计和选择。
综上所述,本文围绕DERMS可靠性分析问题,针对已有基于BDD的故障树分析方法和基于随机过程的状态空间分析方法的不足之处进行了系统研究,提出了新的高效算法和统一分析框架,使得这两种方法能够被有效的应用到实际的大规模复杂DERMS可靠性分析中去。
A DEpendable Real-time Multiple-phased system (DERMS) is defined as a system, which is subject to multiple, consecutive, non-overlapping phases of operation. During each phase it has to accomplish a specified task. Thus, the system configuration, failure criteria, and failure behavior can change from phase to phase. Many DERMS instances are deployed in various critical applications. Because of their deployment in critical applications, the reliability analysis of DERMS is an issue of primary relevance that has been widely investigated. Much work has been proposed either based on combinatorial models or on state space oriented models. Our research shows that two main problems can be found in the analysis methods proposed in the literature:1) For the BDD-based fault tree analysis of static DERMS, how to generate the system BDD efficiently is the most important thing. Our research work shows that the existing methods in the literature are too inefficient to be used for industrial DERMS instances, and 2) For the sake of a cost effective analytical solution, state space oriented methods necessarily need to introduce many simplifying modeling and analytical assumptions, which make them become inapplicable to real dynamic DERMS instances. This paper focuses on these two problems and produces some beautiful results.
Variable ordering for static DERMS fault tree is critical to the BDD method. Several ordering schemes proposed in the literature have various deficiencies in applicability and performance. To attack the weak points of the state-of-the-art, this paper builds an ordering heuristic library based on a heuristic classification. It includes PDO ordering heuristic, combining ordering heuristic, simple ordering heuristic and revised simple ordering heuristic. A heuristic selection method based on branch-and-bound technique is also presented to avoid the intensive computation of some extremely bad ordering heuristics. The set of possible selection choices are 10 alternative heuristics, and the widely used ordering heuristic backward PDO has a 7/16 chance to become the best ordering heuristic from the set of 10 for the test set of 16 given DERMS and there is such an ordering heuristic backward PDO has more than 5/8 chance to become the best ordering heuristic from the set of 10, so the presented heuristic selection method is a very practical method.
For the problem of system BDD generation of static DERMS fault tree, this paper starts from the PDO operation and PDO algorithm presented by Zhang, and improves the original algorithm to obtain a better algorithm, which can be applicable to much more DERMS instances and has better performance. The test data show that for a slightly complex static DERMS with a final system BDD with 155 nodes, the existed algorithm needs 2 minutes computation time and 358,575 nodes storage space, but our algorithm only needs 1.2 seconds computation time and 155 nodes storage space.
For the problem of reliability analysis of single phase, this paper starts from the classic structure characteristics of dynamic DERMS and presents a two-phase analysis methodology, which firstly analyzes independent component quorums and then produces phase reliability from the quorum reliability results. All component quorums can be divided into three groups: share-repair quorums, self-repair quorums and no-repair quorums. Based on the MRGP-based analysis method for share-repair quorums proposed by the related work, this paper makes some improvements on the derivation and computation for the kernel matrices. The existed analysis methods for self-repair quorums proposed by the related work are based on Markov process, but this paper considers generally distributed repair activities and derives an efficient combinatorial formulation for their reliability analysis.
For the problem of reliability analysis of system mission, this paper starts from branching matrix, which is used to bind all single phase results, and the assumption that memory is losable at phase boundaries, and then presents a general analysis formulation, and proposes two special solutions: analytical solution and numerical solution, according to different types of phase duration and intraphase stochastic processes. Equipped with our dynamic DERMS reliability analysis methods, the design scheme for a custom-tailor system can be verified quickly and the application scenario selection can be achieved for general purpose systems.
With the help of the algorithms and analysis solutions presented by this paper, the reliability of many large-scale industrial DERMS can be efficiently analyzed.
在开发DERMS过程中,一个重要的步骤就是分析给定的系统设计是否满足预定的可靠性需求,即DERMS可靠性分析。针对DERMS可靠性分析国内外研究人员提出了两种方法:面向静态DERMS的故障树分析方法和面向动态DERMS的状态空间分析方法。通过对研究现状进行分析发现已有的研究并不成熟、系统,突出表现在:1)已有的基于BDD的故障树分析方法,系统BDD生成效率低;2)已有的基于随机过程的状态空间分析方法,只考虑了简单、小规模动态DERMS并没有考虑具有复杂行为的大规模动态DERMS。针对这两个问题本文进行了深入系统的研究。
针对静态DERMS组合系统故障树的BDD变量排序问题,论文给出了PDO排序策略、组合排序策略、一般排序策略和改进一般排序策略四类策略,并对各类策略的性能进行了细致的分析和比较,最后基于分支定界搜索给出了一个的策略选择方法。基于16个测试样本的实验数据表明,相关研究中普遍采用的后向PDO排序方法只能够以7/16的概率成为10种备选策略中的最优策略,并且没有一个排序方法能够以大于5/8的概率成为10种备选策略中的最优策略,所以本文给出的分支定界策略选择方法是一个很实用的策略选择方法。
针对静态DERMS组合系统故障树的BDD生成算法问题,论文从Zhang提出的PDO操作和PDOCombine算法入手,通过从扩大变量排序使用范围和提升运行性能这两个角度不断的对原始的PDOCombine算法进行改进从而获得了变量排序使用范围更广、性能更好的QuickPDOCombine算法。如对于一个较复杂的静态DERMS实例分析表明,虽然最终生成的系统BDD为155个节点但已有算法耗时近2分钟并且要求能够存储具有358,575个节点的中间BDD,而本文给出的算法耗时只需1.2秒并且只要求155个BDD节点的存储空间。
针对动态DERMS的阶段可靠性分析问题,论文重点给出了共享维修子系统、独立维修子系统和不可维修冗余子系统的可靠性分析方法。已有研究对于共享维修子系统的可靠性分析是基于MRGP过程的分析,本文在已有研究基础上简化了核心矩阵的推导方法和计算方法。已有研究对于独立维修子系统的可靠性分析都是假设维修活动是指数分布的Markov过程分析,针对实际维修活动通常是确定的或者一般性分布情况,本文推导了相应的组合分析公式。公式的组合性能够有效缓解了状态空间分析中存在的状态爆炸问题。
针对动态DERMS的系统可靠性分析问题。论文引入了阶段粘合剂—分支矩阵,并在阶段转换无记忆假设的基础上推导了系统任务可靠度的通用计算公式,提出了两种系统任务可靠度求解方法:解析式求解法和数值卷积积分求解法。通过案例分析表明,所给出的任务可靠度分析方法,在定制系统开发过程中可以用于验证和评估设计人员给出的设计;在通用系统开发过程中可以用于指导任务设计和选择。
综上所述,本文围绕DERMS可靠性分析问题,针对已有基于BDD的故障树分析方法和基于随机过程的状态空间分析方法的不足之处进行了系统研究,提出了新的高效算法和统一分析框架,使得这两种方法能够被有效的应用到实际的大规模复杂DERMS可靠性分析中去。
A DEpendable Real-time Multiple-phased system (DERMS) is defined as a system, which is subject to multiple, consecutive, non-overlapping phases of operation. During each phase it has to accomplish a specified task. Thus, the system configuration, failure criteria, and failure behavior can change from phase to phase. Many DERMS instances are deployed in various critical applications. Because of their deployment in critical applications, the reliability analysis of DERMS is an issue of primary relevance that has been widely investigated. Much work has been proposed either based on combinatorial models or on state space oriented models. Our research shows that two main problems can be found in the analysis methods proposed in the literature:1) For the BDD-based fault tree analysis of static DERMS, how to generate the system BDD efficiently is the most important thing. Our research work shows that the existing methods in the literature are too inefficient to be used for industrial DERMS instances, and 2) For the sake of a cost effective analytical solution, state space oriented methods necessarily need to introduce many simplifying modeling and analytical assumptions, which make them become inapplicable to real dynamic DERMS instances. This paper focuses on these two problems and produces some beautiful results.
Variable ordering for static DERMS fault tree is critical to the BDD method. Several ordering schemes proposed in the literature have various deficiencies in applicability and performance. To attack the weak points of the state-of-the-art, this paper builds an ordering heuristic library based on a heuristic classification. It includes PDO ordering heuristic, combining ordering heuristic, simple ordering heuristic and revised simple ordering heuristic. A heuristic selection method based on branch-and-bound technique is also presented to avoid the intensive computation of some extremely bad ordering heuristics. The set of possible selection choices are 10 alternative heuristics, and the widely used ordering heuristic backward PDO has a 7/16 chance to become the best ordering heuristic from the set of 10 for the test set of 16 given DERMS and there is such an ordering heuristic backward PDO has more than 5/8 chance to become the best ordering heuristic from the set of 10, so the presented heuristic selection method is a very practical method.
For the problem of system BDD generation of static DERMS fault tree, this paper starts from the PDO operation and PDO algorithm presented by Zhang, and improves the original algorithm to obtain a better algorithm, which can be applicable to much more DERMS instances and has better performance. The test data show that for a slightly complex static DERMS with a final system BDD with 155 nodes, the existed algorithm needs 2 minutes computation time and 358,575 nodes storage space, but our algorithm only needs 1.2 seconds computation time and 155 nodes storage space.
For the problem of reliability analysis of single phase, this paper starts from the classic structure characteristics of dynamic DERMS and presents a two-phase analysis methodology, which firstly analyzes independent component quorums and then produces phase reliability from the quorum reliability results. All component quorums can be divided into three groups: share-repair quorums, self-repair quorums and no-repair quorums. Based on the MRGP-based analysis method for share-repair quorums proposed by the related work, this paper makes some improvements on the derivation and computation for the kernel matrices. The existed analysis methods for self-repair quorums proposed by the related work are based on Markov process, but this paper considers generally distributed repair activities and derives an efficient combinatorial formulation for their reliability analysis.
For the problem of reliability analysis of system mission, this paper starts from branching matrix, which is used to bind all single phase results, and the assumption that memory is losable at phase boundaries, and then presents a general analysis formulation, and proposes two special solutions: analytical solution and numerical solution, according to different types of phase duration and intraphase stochastic processes. Equipped with our dynamic DERMS reliability analysis methods, the design scheme for a custom-tailor system can be verified quickly and the application scenario selection can be achieved for general purpose systems.
With the help of the algorithms and analysis solutions presented by this paper, the reliability of many large-scale industrial DERMS can be efficiently analyzed.
引文
1 J. Esary, H. Ziehms. Reliability analysis of phased missions. Proceedings of Reliability and Fault Tree Analysis. 1975:213-236
2 G.R. Burdick, J.B. Fussell, D.M. Rasmuson, and J.R. Wilson. Phased Mission Analysis: A Review of New Developments and an Application. IEEE Transactions on Reliability, 1977, 26:43-49
3 A. Pedar, V.V.S. Sarma, Phased-mission analysis for evaluating the effectiveness of aerospace computing systems, IEEE Transactions on Reliability. 1981, 30(5):429 - 437.
4吴晗平.多阶段任务系统的可靠度研究.现代防御技术. 1995, (1):32~35.
5郭波,张涛,张泉,谭跃进.备件组合方案下的多阶段任务成功性评估模型.系统工程理论与实践. 2005, 25(2):94~100.
6陈玉波,于永利,张柳,聂成龙.多阶段任务系统可靠性模型研究.系统工程与电子技术. 2006, 28(1):146~149.
7张涛,郭波,谭跃进,刘芳.一种基于BDD的多阶段任务系统可靠度新算法.系统工程与电子技术. 2005, 27(3):446~470.
8谢红卫,宫二玲,贺勇军.时变结构多阶段任务系统的可靠度研究.国防科技大学学报. 1999, 21(5):41~45.
9陈光宇,黄锡滋,唐小我.多阶段系统可靠性的混合式分析.系统工程理论与实践. 2005, 25 (2):86~93.
10 A. Bondavalli et al. DEEM: A tool for the dependability modeling and evaluation of multiple phased systems. Proceedings of the Dependable Systems and Networks (FTCS-30 and DCCA-8), New York, USA, 2000:23–236
11 A. Bondavalli, S. Chiaradonna, F. D. Giandomenico, I. Mura. Dependability modeling and evaluation of multiple-phased systems using DEEM. IEEE Transactions on Reliability, 2004, 53(4):509-522.
12 H.A. Watson and Bell Telephone Laboratories. Launch Control Safety Study. Bell Telephone Laboratories, 1961:4-23.
13 W.E. Veseley, F.E Goldberg, N.H. Roberts, and D.F. Haasl. Fault Tree Handbook. U. S. Nuclear Regulatory Commission, NUREG-0492, Washington DC,1981:2-10.
14 W.E. Vesely. Analysis of fault trees by kinetic tree theory. Idaho Nuclear Corp. 1969:10-20.
15 J.B. Fussell, W.E. Vesely. A new methodology for obtaining cut sets for fault trees. Transactions on American Nuclear Society, 1972, 15:262-263.
16 R.G. Bennetis. On the analysis of fault trees. IEEE Transactions on Reliability. 1975, 24:175-185.
17 N.N. Bengiarnin. B.A. Bowen, K.F. Schenk. An efficient algorithm for reducing the complexity of computation in fault tree analysis. IEEE Transactions on Nuclear Science. 1976. 23(5): 1442-1446.
18 Y. Ma, K.S. Trivedi. An algorithm for reliability analysis of phased-mission systems, Reliability Engineering and System Safety, 1999, 66(2):157-170.
19 A.K. Somani and K.S. Trivedi. Phased-Mission Systems Using Boolean Algebraic Methods. Performance Evaluation Review. 1994:98-107.
20 X. Zang, H. Sun, K. S. Trivedi. A BDD-based algorithm for reliability evaluation of phased mission systems. IEEE Transactions on Reliability, 1999, 48(1):50-60.
21 S.B. Akers. Binary decision diagrams. IEEE Transactions on Computers, 1979, 28(6):509-516.
22 R.E. Bryant. Graph-based Algorithms for Boolean Function Manipulation. IEEE Transactions on Computers, 1986, 35(8):677-691.
23 A. Rauzy. New algorithms for fault tree analysis. Reliability Engineering and System Safety, 1993, 40:203–211.
24 R.M. Sinnamon, J.D. Andrews. New Approaches to Evaluating Fault Trees. Proceedings of the ESREL 95 conference, 1995:201-209.
25 R.M. Sinnamon, J.D. Andrews. Fault Tree Analysis and Binary Decision Diagrams. Proceedings of the RAMS 96, Las Vegas, 1996:121-127.
26 R.M. Sinnamon, J. D. Andrews. Quantitative fault tree analysis using binary decision diagrams. European Journal of Automation, 1996, 30(8):1051–1071.
27 J. D. Andrews, S. J. Dunnett. Event-tree analysis using binary decision diagrams. IEEE Transactions on Reliability, 2000, 49(2):230-238.
28 A. Rauzy. Mathematical Foundation of Minimal Cutsets. IEEE Transactions on Reliability, 2001, 50(4):389-396.
29 Group Aralia. Computation of Prime Implicants of a Fault Tree Within Aralia. Proceedings of the European Safety and Reliability Association Conference (ESREL'95). 1995:190-202.
30 L. Xing, J. B. Dugan. Comments on PMS BDD generation in 'A BDD-based algorithm for Reliability Analysis of phased-mission systems'. IEEE Transactions on Reliability, 2004, 53(2):169-173
31 B. Bollig, I. Wegener. Improving the variable ordering of OBDDs is NP-complete. IEEE Transactions on Computers. 1996, 45(9):993-1002.
32 M. Alam and U.M. Al-Saggaf. Quantitative Reliability Evaluation of Reparaible Phased-Mission Systems Using Markov Approach. IEEE Transactions on Reliability. 1986, 35:498-503
33 J.B. Dugan. Automated Analysis of Phased-Mission Reliability. IEEE Transactions on Reliability, 1991, 40:45-52
34 A. Bondavalli, I. Mura, and M. Nelli. Analytical Modelling and Evaluation of Phased-Mission Systems for Space Applications. Proceedings of the IEEE High Assurance System Eng. Workshop (HASE '97), 1997:85-91
35 I. Mura and A. Bondavalli. Hierarchical modeling and evaluation of phased-mission systems. IEEE Transactions on Reliability, 1999, 48:360–368
36 I. Mura, A. Bondavalli. Markov Regenerative Stochastic Petri Nets to Model and Evaluate Phased Mission Systems Dependability. IEEE Transactions on Computers. 2001, 50(12):1337~1351.
37 I. Mura, A. Bondavalli, X. Zang, and K.S. Trivedi. Dependability Modelling and Evaluation of Phased Mission Systems: A DSPN Approach. Proceedings of the IFIP Dependable Computing for Critical Applications (DCCA-7), 1999:299-318
38 M. Smotherman, K. Zemoudeh. A Non-Homogeneous Markov Model for Phased-Mission Reliability Analysis. IEEE Transactions on Reliability, 1989, 38:585-590
39 K. Kim, K. Park. Phased-mission system reliability under Markov environment. IEEE Transactions on Reliability, 1994, 43(2):301~309.
40 R.E. Barlow and H.E. Lambert. Introduction to Fault Tree Analysis. Society for Industrial and Applied Mathematics, Philadelphia, PA, 1975:30-40.
41 L. Xing, J. B. Dugan. Analysis of generalized phased-mission system reliability, performance, and sensitivity. IEEE Transactions on Reliability. 2002,51(2):199–211.
42 K. Brace, R. Rudell, R. Bryant. Efficient implementation of a BDD package. Proceedings of the 27th ACM/IEEE Design Automation. 1990:40-45
43 L. M. Bartlett, J. D. Andrews. An ordering heuristic to develop the binary decision diagram based on structural importance. Reliability Engineering and System Safety, 2001, 72(1):31–38.
44 L. M. Bartlett, J. D. Andrews. Comparison of two new approaches to variable ordering for binary decision diagrams. Quality and Reliability Engineering International. 2001. 17(3):151–58.
45 M. Bouissou, F. Bruyere, A. Rauzy. BDD-based fault tree processing: a. comparison of variable ordering heuristics. Proceedings of the ESREL97, 1997:23-32.
46 J.D. Andrews and L.M. Bartlett. Efficient Basic Event Orderings for Binary Decision Diagrams. Proceedings of the Annual Reliability and Maintainability (RAMS) Symposium, Anahiem, Los Angeles, 1998:61-68.
47 L. M. Bartlett, J. D. Andrews. Efficient Basic Event Ordering Schemes for Fault Tree Analysis. Proceeding of the 13th Advances in Reliability Techniques Symposium , Manchester, 1998:1-9.
48 L. M. Bartlett, J. D. Andrews. Comparison of Variable Ordering Heuristics / Algorithms for Binary Decision Diagrams. Proceedings of SARS99 Annual Safety and Reliability Society Conference, Manchester, 1999:1-15.
49 L. M. Bartlett, J. D. Andrews. Efficient Basic Event Ordering Schemes for Fault Tree Analysis. Quality and Reliability Engineering International. 1999, 15(2):95-102.
50 L. M. Bartlett, J. D. Andrews. Selecting An Ordering Heuristic For the Fault Tree to Binary Decision Diagram Conversion Process Using Neural Networks. IEEE Transactions on Reliability, 2002, 51(3): 344-349.
51 L. M. Bartlett. Improving the Neural Network Selection Mechanism for BDD Construction. Quality Reliability Engineering International, 2003, 20:217-223.
52 S. Minato, N. Ishiura, and S. Yajima. On variable ordering of binary decision diagrams for the application of the multi-level logic synthesis. Proceedings of the European Conf. Design Automation, 1991:50–54
53 M. Bouissou. An ordering heuristic for building binary decision diagrams fromfault trees. Proceedings of the Reliability and Maintainability Symposium, 1996:208–214.
54 D.F. Goldberg. Genetic Algorithms in Optimization and Machine Learning. Addison Wesely. 1997:45-60.
55 J.R. Quinlan. Discovering rules from large collections of examples: a case study. Expert Systems in the Macro Electronic Age. Edinburgh University Press. 1979:20-50.
56 C.M. Bishop. Neural Networks for Pattern Recognition. Clarendon, 1995:34-69.
57 H. Choi, V. G. Kulkarni, and K. S. Trivedi. Markov Regenerative Stochastic Petri Nets. Performance Evaluation, 1994, 20:335–357
58 A. Bobbio and M. Telek. Markov regenerative SPN with non-overlapping activity cycles. Proceedings of the Computer Performance and Dependability Symposium - IPDS95, 1995:124-133
59 A. Bobbio, V. Kulkarni, A. Puliafito, M. Telek, and K. Trivedi. Preemptive repeat identical transitions in Markov Regenerative Stochastic Petri Nets. Proceedings of the 6-th Petri Nets and Performance Models - PNPM95, 1995:113-122
60 A. Bobbio and M. Telek. Combined preemption policies in MRSPN. Proceedings of the Fault-tolerant systems and software, Narosa Publishing House, New Delhi, India, 1995:92-98
61 M. Telek and A. Bobbio. Markov regenerative stochastic Petri nets with age type general transitions. Proceedings of the 16-th Application and Theory of Petri Nets, 1995: 471-489
62 A. Bobbio, A. Puliafito, and M. Telek. New primitives for interlaced memory policies in Markov regenerative stochastic Petri nets. Proceedings of the Petri Net Performance Models'97, St Malo, France, IEEE CS Press, 1997:70-79
63 A. Horváth, A. Puliafito, M. Scarpa, M. Telek, and O. Tomarchio. Design and implementation of a WEB-based non-Markovian stochastic Petri net tool. Proceedings of the Advances in Computer and Information Sciences, Antalya, Turkey: IOS Press, Ohmsha, 1998:101-109
64 A. Bobbio, A. Puliafito, and M. Telek. A modeling framework to implement combined preemption policies in MRSPNs. IEEE Transactions on Software Engineering, 2000, 26: 36-54
65 J.B. Dugan, S.J. Bavuso, and M.A. Boyd. Dynamic fault tree models for fault-tolerant computer system. IEEE Transactions on Reliability, 1992, 41(3):363-377
66 J.B. Dugan, K.J. Sullivan, D. Coppit. Developing a lowcost high-quality software tool for dynamic fault-tree analysis. IEEE Transactions on Reliability, 2000, 49(1):49-59.
67 R. Gulati, J.B. Dugan. A modular approach for analyzing static and dynamic fault trees. Proceedings of the Reliability and Maintainability Symposium, 1997:57-63.
68 Relex Fault Tree: http://www.relexsoftware.com/products/faulttree.asp. Relex Software Corporation
69 D. Coppit, K.J. Sullivan and J.B. Dugan. Formal semantics of models for computational engineering: a case study on dynamic fault trees. Proceedings of the Software Reliability Engineering, 2000: 270-282
70 G.Ciardo et al. SPNP: Stochastic Petri net package. Proceedings of the IEEE Workshop Petri Nets and Performance Models (PNPM89), Kyoto, Japan, 1989:142–151
71 G. Clark et al. The M?bius modeling tool. Proceedings of the IEEE Workshop Petri Nets and Performance Models, Aachen, Germany, 2001:241–250
72 A. Zimmermann and J. Freiheit et al. Petri net modeling and performability evaluation with TimeNET 3.0. Proceedings of the 11th Modeling Techniques and Tools for Computer Performance Evaluation (TOOLS’2000), Schaumburg, Illinois, USA, 2000:188–202
73 S. Allmaier and S. Dalibor. PANDA– Petri net analysis and design assistant. Proceedings of the Modeling Techniques and Tools for Computer Performance Evaluation, Saint Malo, France, 1997:48-56.
74 C. Beounes et al. SURF-2: A program for dependability evaluation of complex hardware and software systems. Proceedings of the IEEE Fault-Tolerant Computing Symp. (FTCS-23), Toulouse, France, 1993:668–673
75 R. German, D. Logothetis, and K. S. Trivedi. Transient analysis of Markov regenerative stochastic Petri nets: A comparison of approaches. Proceedings of the 6th IEEE Workshop on Petri Nets and Performance Models (PNPM’95), Durham, North Carolina, U.S.A., 1995:103–112.
76 M. Telek, A. Bobbio, L. Jereb, and K. Trivedi. Steady state analysis of markov regenerative spn with age memory policy. Proceedings of the Performance Tools and MMB’95, Heidelberg, Germany, 1995:165–179
77 M. Telek, A. Bobbio, and A. Puliafito, Steady state solution of MRSPN with mixed preemption policies. Proceedings of the 2nd Performance and Dependability Symposium, Urbana-Champaign, IL, 1996:106-115
78 M. Telek and A. Horváth, Supplementary variable approach applied to the transient analysis of Age-MRSPNs. Proceedings of the Computer Performance and Dependability Symposium - IPDS '98, Durham, NC, USA, 1998:44-51
79 A. Bobbio and M. Telek. Non-exponential stochastic Petri nets: an overview of methods and techniques. Computer systems Science and engineering, 1998, 13(6):339-351
80 R. German and M. Telek. Towards a foundation of the analysis of Markov Regenerative Stochastic Petri Nets. Proceedings of the PNPM '99, Zaragoza, Spain, 1999:64-73
81 M. Telek and A. Horváth. Transient analysis of Age-MRSPNs by the method of supplementary variable. Performance Evaluation, 2001, 45:205-221
82 R. Gulati and J. B. Dugan. A modular approach for analyzing static and dynamic fault trees. Proceedings of the Reliability & Maintainability. 1997:57–63.
83 M. A. Boyd. Dynamic Fault Tree Models: Techniques for Analysis of Advanced Fault Tolerant Computer Systems. PhD thesis, Duke University, Department of Computer Science, 1991:45-98.
84 J. B. Dugan, K. J. Sullivan, and D. Coppit. Developing a low-cost, high-quality software tool for dynamic fault tree analysis. IEEE Transactions on Reliability, 2000, 49(1):49-59
85 P.A. Fishwick. Simulation model design and execution: building digital worlds. Prentice Hall, 1995:1-102.
86 M.H. MacDougall Simulating computer systems: techniques and tools. The MIT Press, 1987:1-213.
87 A. Law, D. Kelton. Simulation modeling and analysis, Second Edition. McGraw-Hill, 1991:1-210.
88 J. Banks, J. Carson. Discrete event simulation. Prentice Hall, 1984:1-98.
89 G.S. Fishman. Principles of discrete-event simulation, New York, Wiley,1978:1-34.
90 Mathewson. Simulation program generators. Simulation, 1974:181-189
91 J.C. Laprie. Dependable Computing and Fault Tolerance: Concepts and Terminology. Proceedings of the 15th IEEE Fault Tolerant Computing(FTCS-15), Ann Arbor, Michigan, 1985: 2-11
92 J.C. Laprie. Dependability of Computer Systems: Concepts, Limits, Improvements. Proceedings of the IEEE Workshop on Computer-Aided Design, Test, and Evaluation for Dependability, Beijing, 1996. International Academic Publishers: 23-33
93杨孝宗.容错技术与STRUTAS容错计算机.哈尔滨工业大学出版社, 1993:1-33.
94 P. Jalote. Fault Tolerance in Distributed Systems. Prentice-Hall, 1994:7-9.
95 D.K. Pradhan. Fault-Tolerant Computing: Theory and Techniques. Prentice-Hall, 1986: 35-48
96 A. Avizienis. The N-Version Approach to Fault-Tolerant Software. IEEE Transactions on Software Engineering. 1975, 11(12): 1491-1501.
97 B. Randell. System Structure for Software Fault Tolerance. IEEE Transactions on Software Engineering. 1975, 1(2): 222-232.
98 D. Costa, J. Carreira and J. G. Silva. WinFT: Using Off-the-shelf Computer on Industrial Environments. Proceedings of the 6th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA’97). 1997: 39-44.
99 M. Russinovich and Z. Segall. Fault-Tolerance for Off-the-shelf Applications and Hardware. Proceedings of the 25th International Symposium on Fault-Tolerant Computing. 1995: 67-71.
100 G. Muller, M. Banatre, N. Peyrouze, et al. Lessons from FTM: an Experiment in the Design & Implementation of a Low-Cost Fault-Tolerant Computer. IEEE Transactions on Reliability. 1996, 45(2): 332-340.
101 G. Miremadi, J. Karlsson and U. Gunneflo, et al. Two Software Techniques for On-line Error Detection. Proceedings of 22nd Symposium on Fault Tolerant Computing.1992: 328-335.
102 J.H. Wensly, L. Lamport and J. Goldberg et al. SIFT: Design and Analysis of a Fault-Tolerant Computer for Aircraft Control. Proceedings of the IEEE. 1978, 66(10): 1240-1255.
103 R. W. Buskens. Practical On-Line Diagnosis in Distributed Systems. Ph.D. Thesis, Carnegie Mellon University, 1994:1-6, 78-93.
104 B.W. Johnson. Design and Analysis of Fault–Tolerant Digital Systems. Addison-Wesley Publishing Company, 1999: 193-255.
105 D. Russell, C.R. Kime. System Fault Diagnosis: Closure and Diagnosability with Repair. IEEE Transactions on Computers, 1975, 24(11): 1078-1089.
106 K. Somani, V.K. Agarwal, D. Avis. A Generalized Theory for System Level Diagnosis. IEEE Transactions on Computers. 1987, 36(5): 538-546.
107 R. Bianchini, R. Buskens. Implementation of On-Line Distributed System-Level Diagnosis Theory. IEEE Transactions on Computers. 1992, 41(5): 616-626.
108 S. Kreutzer, S. Hakimi. System-Level Fault Diagnosis: A Survey. Microprocessing and Microprogramming, 1987, 20: 323-330.
109 F. Barsi, F. Grandoni, P. Maestrini. A Theory of Diagnosability of Digital Systems. IEEE Transactions on Computers. 1976, 25(6): 585-593.
110 T. Dahbura, K.K. Sabnani, L.L.King. The Comparison Approach to Multiprocessor Fault Diagnosis. IEEE Transactions on Computers. 1987, 36(3): 373-378.
111 D. Pradhan. Fault-Tolerant Computing Theory and Techniques. Englewood Cliffs, NJ: Prentice-Hall, 1986: 86-98.
112 J. Gaisler. Evaluation of a 32-bit Microprocessor with Built-in Concurrent Error-Detection. Proceedings of 27th Fault Tolerant Computing (FTCS-27), WA, Seattle, 1997:42-46.
113 B. Randall. System Structure for Software Fault Tolerance. IEEE Transactions on Software Engineering, 1975, 1(2):220-232
114汪东升,沈美明,郑纬民,裴丹.一种基于检查点的卷回恢复与进程迁移系统.软件学报. 1999, 10(1): 68-73.
115 D.P. Siewiorek, R.S. Swarz. Reliable Computer Systems: Design and Evaluation. Second edition. Digital Press, DEC, 1992: 3-219, 271-391.
2 G.R. Burdick, J.B. Fussell, D.M. Rasmuson, and J.R. Wilson. Phased Mission Analysis: A Review of New Developments and an Application. IEEE Transactions on Reliability, 1977, 26:43-49
3 A. Pedar, V.V.S. Sarma, Phased-mission analysis for evaluating the effectiveness of aerospace computing systems, IEEE Transactions on Reliability. 1981, 30(5):429 - 437.
4吴晗平.多阶段任务系统的可靠度研究.现代防御技术. 1995, (1):32~35.
5郭波,张涛,张泉,谭跃进.备件组合方案下的多阶段任务成功性评估模型.系统工程理论与实践. 2005, 25(2):94~100.
6陈玉波,于永利,张柳,聂成龙.多阶段任务系统可靠性模型研究.系统工程与电子技术. 2006, 28(1):146~149.
7张涛,郭波,谭跃进,刘芳.一种基于BDD的多阶段任务系统可靠度新算法.系统工程与电子技术. 2005, 27(3):446~470.
8谢红卫,宫二玲,贺勇军.时变结构多阶段任务系统的可靠度研究.国防科技大学学报. 1999, 21(5):41~45.
9陈光宇,黄锡滋,唐小我.多阶段系统可靠性的混合式分析.系统工程理论与实践. 2005, 25 (2):86~93.
10 A. Bondavalli et al. DEEM: A tool for the dependability modeling and evaluation of multiple phased systems. Proceedings of the Dependable Systems and Networks (FTCS-30 and DCCA-8), New York, USA, 2000:23–236
11 A. Bondavalli, S. Chiaradonna, F. D. Giandomenico, I. Mura. Dependability modeling and evaluation of multiple-phased systems using DEEM. IEEE Transactions on Reliability, 2004, 53(4):509-522.
12 H.A. Watson and Bell Telephone Laboratories. Launch Control Safety Study. Bell Telephone Laboratories, 1961:4-23.
13 W.E. Veseley, F.E Goldberg, N.H. Roberts, and D.F. Haasl. Fault Tree Handbook. U. S. Nuclear Regulatory Commission, NUREG-0492, Washington DC,1981:2-10.
14 W.E. Vesely. Analysis of fault trees by kinetic tree theory. Idaho Nuclear Corp. 1969:10-20.
15 J.B. Fussell, W.E. Vesely. A new methodology for obtaining cut sets for fault trees. Transactions on American Nuclear Society, 1972, 15:262-263.
16 R.G. Bennetis. On the analysis of fault trees. IEEE Transactions on Reliability. 1975, 24:175-185.
17 N.N. Bengiarnin. B.A. Bowen, K.F. Schenk. An efficient algorithm for reducing the complexity of computation in fault tree analysis. IEEE Transactions on Nuclear Science. 1976. 23(5): 1442-1446.
18 Y. Ma, K.S. Trivedi. An algorithm for reliability analysis of phased-mission systems, Reliability Engineering and System Safety, 1999, 66(2):157-170.
19 A.K. Somani and K.S. Trivedi. Phased-Mission Systems Using Boolean Algebraic Methods. Performance Evaluation Review. 1994:98-107.
20 X. Zang, H. Sun, K. S. Trivedi. A BDD-based algorithm for reliability evaluation of phased mission systems. IEEE Transactions on Reliability, 1999, 48(1):50-60.
21 S.B. Akers. Binary decision diagrams. IEEE Transactions on Computers, 1979, 28(6):509-516.
22 R.E. Bryant. Graph-based Algorithms for Boolean Function Manipulation. IEEE Transactions on Computers, 1986, 35(8):677-691.
23 A. Rauzy. New algorithms for fault tree analysis. Reliability Engineering and System Safety, 1993, 40:203–211.
24 R.M. Sinnamon, J.D. Andrews. New Approaches to Evaluating Fault Trees. Proceedings of the ESREL 95 conference, 1995:201-209.
25 R.M. Sinnamon, J.D. Andrews. Fault Tree Analysis and Binary Decision Diagrams. Proceedings of the RAMS 96, Las Vegas, 1996:121-127.
26 R.M. Sinnamon, J. D. Andrews. Quantitative fault tree analysis using binary decision diagrams. European Journal of Automation, 1996, 30(8):1051–1071.
27 J. D. Andrews, S. J. Dunnett. Event-tree analysis using binary decision diagrams. IEEE Transactions on Reliability, 2000, 49(2):230-238.
28 A. Rauzy. Mathematical Foundation of Minimal Cutsets. IEEE Transactions on Reliability, 2001, 50(4):389-396.
29 Group Aralia. Computation of Prime Implicants of a Fault Tree Within Aralia. Proceedings of the European Safety and Reliability Association Conference (ESREL'95). 1995:190-202.
30 L. Xing, J. B. Dugan. Comments on PMS BDD generation in 'A BDD-based algorithm for Reliability Analysis of phased-mission systems'. IEEE Transactions on Reliability, 2004, 53(2):169-173
31 B. Bollig, I. Wegener. Improving the variable ordering of OBDDs is NP-complete. IEEE Transactions on Computers. 1996, 45(9):993-1002.
32 M. Alam and U.M. Al-Saggaf. Quantitative Reliability Evaluation of Reparaible Phased-Mission Systems Using Markov Approach. IEEE Transactions on Reliability. 1986, 35:498-503
33 J.B. Dugan. Automated Analysis of Phased-Mission Reliability. IEEE Transactions on Reliability, 1991, 40:45-52
34 A. Bondavalli, I. Mura, and M. Nelli. Analytical Modelling and Evaluation of Phased-Mission Systems for Space Applications. Proceedings of the IEEE High Assurance System Eng. Workshop (HASE '97), 1997:85-91
35 I. Mura and A. Bondavalli. Hierarchical modeling and evaluation of phased-mission systems. IEEE Transactions on Reliability, 1999, 48:360–368
36 I. Mura, A. Bondavalli. Markov Regenerative Stochastic Petri Nets to Model and Evaluate Phased Mission Systems Dependability. IEEE Transactions on Computers. 2001, 50(12):1337~1351.
37 I. Mura, A. Bondavalli, X. Zang, and K.S. Trivedi. Dependability Modelling and Evaluation of Phased Mission Systems: A DSPN Approach. Proceedings of the IFIP Dependable Computing for Critical Applications (DCCA-7), 1999:299-318
38 M. Smotherman, K. Zemoudeh. A Non-Homogeneous Markov Model for Phased-Mission Reliability Analysis. IEEE Transactions on Reliability, 1989, 38:585-590
39 K. Kim, K. Park. Phased-mission system reliability under Markov environment. IEEE Transactions on Reliability, 1994, 43(2):301~309.
40 R.E. Barlow and H.E. Lambert. Introduction to Fault Tree Analysis. Society for Industrial and Applied Mathematics, Philadelphia, PA, 1975:30-40.
41 L. Xing, J. B. Dugan. Analysis of generalized phased-mission system reliability, performance, and sensitivity. IEEE Transactions on Reliability. 2002,51(2):199–211.
42 K. Brace, R. Rudell, R. Bryant. Efficient implementation of a BDD package. Proceedings of the 27th ACM/IEEE Design Automation. 1990:40-45
43 L. M. Bartlett, J. D. Andrews. An ordering heuristic to develop the binary decision diagram based on structural importance. Reliability Engineering and System Safety, 2001, 72(1):31–38.
44 L. M. Bartlett, J. D. Andrews. Comparison of two new approaches to variable ordering for binary decision diagrams. Quality and Reliability Engineering International. 2001. 17(3):151–58.
45 M. Bouissou, F. Bruyere, A. Rauzy. BDD-based fault tree processing: a. comparison of variable ordering heuristics. Proceedings of the ESREL97, 1997:23-32.
46 J.D. Andrews and L.M. Bartlett. Efficient Basic Event Orderings for Binary Decision Diagrams. Proceedings of the Annual Reliability and Maintainability (RAMS) Symposium, Anahiem, Los Angeles, 1998:61-68.
47 L. M. Bartlett, J. D. Andrews. Efficient Basic Event Ordering Schemes for Fault Tree Analysis. Proceeding of the 13th Advances in Reliability Techniques Symposium , Manchester, 1998:1-9.
48 L. M. Bartlett, J. D. Andrews. Comparison of Variable Ordering Heuristics / Algorithms for Binary Decision Diagrams. Proceedings of SARS99 Annual Safety and Reliability Society Conference, Manchester, 1999:1-15.
49 L. M. Bartlett, J. D. Andrews. Efficient Basic Event Ordering Schemes for Fault Tree Analysis. Quality and Reliability Engineering International. 1999, 15(2):95-102.
50 L. M. Bartlett, J. D. Andrews. Selecting An Ordering Heuristic For the Fault Tree to Binary Decision Diagram Conversion Process Using Neural Networks. IEEE Transactions on Reliability, 2002, 51(3): 344-349.
51 L. M. Bartlett. Improving the Neural Network Selection Mechanism for BDD Construction. Quality Reliability Engineering International, 2003, 20:217-223.
52 S. Minato, N. Ishiura, and S. Yajima. On variable ordering of binary decision diagrams for the application of the multi-level logic synthesis. Proceedings of the European Conf. Design Automation, 1991:50–54
53 M. Bouissou. An ordering heuristic for building binary decision diagrams fromfault trees. Proceedings of the Reliability and Maintainability Symposium, 1996:208–214.
54 D.F. Goldberg. Genetic Algorithms in Optimization and Machine Learning. Addison Wesely. 1997:45-60.
55 J.R. Quinlan. Discovering rules from large collections of examples: a case study. Expert Systems in the Macro Electronic Age. Edinburgh University Press. 1979:20-50.
56 C.M. Bishop. Neural Networks for Pattern Recognition. Clarendon, 1995:34-69.
57 H. Choi, V. G. Kulkarni, and K. S. Trivedi. Markov Regenerative Stochastic Petri Nets. Performance Evaluation, 1994, 20:335–357
58 A. Bobbio and M. Telek. Markov regenerative SPN with non-overlapping activity cycles. Proceedings of the Computer Performance and Dependability Symposium - IPDS95, 1995:124-133
59 A. Bobbio, V. Kulkarni, A. Puliafito, M. Telek, and K. Trivedi. Preemptive repeat identical transitions in Markov Regenerative Stochastic Petri Nets. Proceedings of the 6-th Petri Nets and Performance Models - PNPM95, 1995:113-122
60 A. Bobbio and M. Telek. Combined preemption policies in MRSPN. Proceedings of the Fault-tolerant systems and software, Narosa Publishing House, New Delhi, India, 1995:92-98
61 M. Telek and A. Bobbio. Markov regenerative stochastic Petri nets with age type general transitions. Proceedings of the 16-th Application and Theory of Petri Nets, 1995: 471-489
62 A. Bobbio, A. Puliafito, and M. Telek. New primitives for interlaced memory policies in Markov regenerative stochastic Petri nets. Proceedings of the Petri Net Performance Models'97, St Malo, France, IEEE CS Press, 1997:70-79
63 A. Horváth, A. Puliafito, M. Scarpa, M. Telek, and O. Tomarchio. Design and implementation of a WEB-based non-Markovian stochastic Petri net tool. Proceedings of the Advances in Computer and Information Sciences, Antalya, Turkey: IOS Press, Ohmsha, 1998:101-109
64 A. Bobbio, A. Puliafito, and M. Telek. A modeling framework to implement combined preemption policies in MRSPNs. IEEE Transactions on Software Engineering, 2000, 26: 36-54
65 J.B. Dugan, S.J. Bavuso, and M.A. Boyd. Dynamic fault tree models for fault-tolerant computer system. IEEE Transactions on Reliability, 1992, 41(3):363-377
66 J.B. Dugan, K.J. Sullivan, D. Coppit. Developing a lowcost high-quality software tool for dynamic fault-tree analysis. IEEE Transactions on Reliability, 2000, 49(1):49-59.
67 R. Gulati, J.B. Dugan. A modular approach for analyzing static and dynamic fault trees. Proceedings of the Reliability and Maintainability Symposium, 1997:57-63.
68 Relex Fault Tree: http://www.relexsoftware.com/products/faulttree.asp. Relex Software Corporation
69 D. Coppit, K.J. Sullivan and J.B. Dugan. Formal semantics of models for computational engineering: a case study on dynamic fault trees. Proceedings of the Software Reliability Engineering, 2000: 270-282
70 G.Ciardo et al. SPNP: Stochastic Petri net package. Proceedings of the IEEE Workshop Petri Nets and Performance Models (PNPM89), Kyoto, Japan, 1989:142–151
71 G. Clark et al. The M?bius modeling tool. Proceedings of the IEEE Workshop Petri Nets and Performance Models, Aachen, Germany, 2001:241–250
72 A. Zimmermann and J. Freiheit et al. Petri net modeling and performability evaluation with TimeNET 3.0. Proceedings of the 11th Modeling Techniques and Tools for Computer Performance Evaluation (TOOLS’2000), Schaumburg, Illinois, USA, 2000:188–202
73 S. Allmaier and S. Dalibor. PANDA– Petri net analysis and design assistant. Proceedings of the Modeling Techniques and Tools for Computer Performance Evaluation, Saint Malo, France, 1997:48-56.
74 C. Beounes et al. SURF-2: A program for dependability evaluation of complex hardware and software systems. Proceedings of the IEEE Fault-Tolerant Computing Symp. (FTCS-23), Toulouse, France, 1993:668–673
75 R. German, D. Logothetis, and K. S. Trivedi. Transient analysis of Markov regenerative stochastic Petri nets: A comparison of approaches. Proceedings of the 6th IEEE Workshop on Petri Nets and Performance Models (PNPM’95), Durham, North Carolina, U.S.A., 1995:103–112.
76 M. Telek, A. Bobbio, L. Jereb, and K. Trivedi. Steady state analysis of markov regenerative spn with age memory policy. Proceedings of the Performance Tools and MMB’95, Heidelberg, Germany, 1995:165–179
77 M. Telek, A. Bobbio, and A. Puliafito, Steady state solution of MRSPN with mixed preemption policies. Proceedings of the 2nd Performance and Dependability Symposium, Urbana-Champaign, IL, 1996:106-115
78 M. Telek and A. Horváth, Supplementary variable approach applied to the transient analysis of Age-MRSPNs. Proceedings of the Computer Performance and Dependability Symposium - IPDS '98, Durham, NC, USA, 1998:44-51
79 A. Bobbio and M. Telek. Non-exponential stochastic Petri nets: an overview of methods and techniques. Computer systems Science and engineering, 1998, 13(6):339-351
80 R. German and M. Telek. Towards a foundation of the analysis of Markov Regenerative Stochastic Petri Nets. Proceedings of the PNPM '99, Zaragoza, Spain, 1999:64-73
81 M. Telek and A. Horváth. Transient analysis of Age-MRSPNs by the method of supplementary variable. Performance Evaluation, 2001, 45:205-221
82 R. Gulati and J. B. Dugan. A modular approach for analyzing static and dynamic fault trees. Proceedings of the Reliability & Maintainability. 1997:57–63.
83 M. A. Boyd. Dynamic Fault Tree Models: Techniques for Analysis of Advanced Fault Tolerant Computer Systems. PhD thesis, Duke University, Department of Computer Science, 1991:45-98.
84 J. B. Dugan, K. J. Sullivan, and D. Coppit. Developing a low-cost, high-quality software tool for dynamic fault tree analysis. IEEE Transactions on Reliability, 2000, 49(1):49-59
85 P.A. Fishwick. Simulation model design and execution: building digital worlds. Prentice Hall, 1995:1-102.
86 M.H. MacDougall Simulating computer systems: techniques and tools. The MIT Press, 1987:1-213.
87 A. Law, D. Kelton. Simulation modeling and analysis, Second Edition. McGraw-Hill, 1991:1-210.
88 J. Banks, J. Carson. Discrete event simulation. Prentice Hall, 1984:1-98.
89 G.S. Fishman. Principles of discrete-event simulation, New York, Wiley,1978:1-34.
90 Mathewson. Simulation program generators. Simulation, 1974:181-189
91 J.C. Laprie. Dependable Computing and Fault Tolerance: Concepts and Terminology. Proceedings of the 15th IEEE Fault Tolerant Computing(FTCS-15), Ann Arbor, Michigan, 1985: 2-11
92 J.C. Laprie. Dependability of Computer Systems: Concepts, Limits, Improvements. Proceedings of the IEEE Workshop on Computer-Aided Design, Test, and Evaluation for Dependability, Beijing, 1996. International Academic Publishers: 23-33
93杨孝宗.容错技术与STRUTAS容错计算机.哈尔滨工业大学出版社, 1993:1-33.
94 P. Jalote. Fault Tolerance in Distributed Systems. Prentice-Hall, 1994:7-9.
95 D.K. Pradhan. Fault-Tolerant Computing: Theory and Techniques. Prentice-Hall, 1986: 35-48
96 A. Avizienis. The N-Version Approach to Fault-Tolerant Software. IEEE Transactions on Software Engineering. 1975, 11(12): 1491-1501.
97 B. Randell. System Structure for Software Fault Tolerance. IEEE Transactions on Software Engineering. 1975, 1(2): 222-232.
98 D. Costa, J. Carreira and J. G. Silva. WinFT: Using Off-the-shelf Computer on Industrial Environments. Proceedings of the 6th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA’97). 1997: 39-44.
99 M. Russinovich and Z. Segall. Fault-Tolerance for Off-the-shelf Applications and Hardware. Proceedings of the 25th International Symposium on Fault-Tolerant Computing. 1995: 67-71.
100 G. Muller, M. Banatre, N. Peyrouze, et al. Lessons from FTM: an Experiment in the Design & Implementation of a Low-Cost Fault-Tolerant Computer. IEEE Transactions on Reliability. 1996, 45(2): 332-340.
101 G. Miremadi, J. Karlsson and U. Gunneflo, et al. Two Software Techniques for On-line Error Detection. Proceedings of 22nd Symposium on Fault Tolerant Computing.1992: 328-335.
102 J.H. Wensly, L. Lamport and J. Goldberg et al. SIFT: Design and Analysis of a Fault-Tolerant Computer for Aircraft Control. Proceedings of the IEEE. 1978, 66(10): 1240-1255.
103 R. W. Buskens. Practical On-Line Diagnosis in Distributed Systems. Ph.D. Thesis, Carnegie Mellon University, 1994:1-6, 78-93.
104 B.W. Johnson. Design and Analysis of Fault–Tolerant Digital Systems. Addison-Wesley Publishing Company, 1999: 193-255.
105 D. Russell, C.R. Kime. System Fault Diagnosis: Closure and Diagnosability with Repair. IEEE Transactions on Computers, 1975, 24(11): 1078-1089.
106 K. Somani, V.K. Agarwal, D. Avis. A Generalized Theory for System Level Diagnosis. IEEE Transactions on Computers. 1987, 36(5): 538-546.
107 R. Bianchini, R. Buskens. Implementation of On-Line Distributed System-Level Diagnosis Theory. IEEE Transactions on Computers. 1992, 41(5): 616-626.
108 S. Kreutzer, S. Hakimi. System-Level Fault Diagnosis: A Survey. Microprocessing and Microprogramming, 1987, 20: 323-330.
109 F. Barsi, F. Grandoni, P. Maestrini. A Theory of Diagnosability of Digital Systems. IEEE Transactions on Computers. 1976, 25(6): 585-593.
110 T. Dahbura, K.K. Sabnani, L.L.King. The Comparison Approach to Multiprocessor Fault Diagnosis. IEEE Transactions on Computers. 1987, 36(3): 373-378.
111 D. Pradhan. Fault-Tolerant Computing Theory and Techniques. Englewood Cliffs, NJ: Prentice-Hall, 1986: 86-98.
112 J. Gaisler. Evaluation of a 32-bit Microprocessor with Built-in Concurrent Error-Detection. Proceedings of 27th Fault Tolerant Computing (FTCS-27), WA, Seattle, 1997:42-46.
113 B. Randall. System Structure for Software Fault Tolerance. IEEE Transactions on Software Engineering, 1975, 1(2):220-232
114汪东升,沈美明,郑纬民,裴丹.一种基于检查点的卷回恢复与进程迁移系统.软件学报. 1999, 10(1): 68-73.
115 D.P. Siewiorek, R.S. Swarz. Reliable Computer Systems: Design and Evaluation. Second edition. Digital Press, DEC, 1992: 3-219, 271-391.