Physical Fault Models and Fault Tolerance - Models in Hardware Testing

Hardware Reference

In-Depth Information

real physical faults (Section 8.3.3 ) , (4) summarizing the results of a comprehen-

sive study, aimed at comparing four injection techniques (Section 8.3.4 ) . Finally,

Section 8.3.5 concludes this part by providing some additional insights derived from

the study.

8.3.1

Some Rationale About Fault Injection

The successful deployment of a dependable computing system heavily relies on

various forms of hardware and/or software redundancies that are aimed at handling

faults/errors, i.e., which embody the fault tolerance features of the system. A large

number of studies (both theoretical and experimental) have shown that the adequacy

and the efficiency, i.e., the coverage ( Bouricius et al. 1969 ) , of the fault tolerance

mechanisms (FTMs) have a paramount influence on the dependability and in partic-

ular on the measures (reliability, availability, etc.) usually considered for assessing

the level of dependability actually obtained.

For a pragmatic and objective assessment of the coverage of the FTMs, it is es-

sential to be able to test them against the typical sets of “inputs” they are a meant

to cope with: the faults and resulting errors; hence, the rationale for applying test

sequences consisting in fault injection experiments. Moreover, the difficulty in accu-

rately modeling/simulating the erroneous behaviors of a complex computing system

sustain the need of relying on experimental techniques in complement to more for-

mal approaches. Moreover, the scarcity of the fault events prevents from relying on

the natural occurrence of faulty conditions: controlled experiments that speed-up

the occurrence of errors are needed.

Fault injection, i.e., the deliberate introduction of faults into a system (the tar-

get system) is applicable every time fault and/or error notions are concerned in the

development process. Classically, fault injection testing is based on the design and

realization of a test sequence. More precisely, a fault injection test sequence is char-

acterized by an input domain and an output domain ( Arlat et al. 1990 ).

8.3.1.1

The FARM Attributes

The input domain I corresponds to a set of injected faults F and a set A that specifies

thedatausedforthe activation of the target system and thus, of the injected faults.

Both F and A are the lever to provoke errors suitable to exercise the FTMs. 2 The

output domain O corresponds to a set of readouts R that are collected to characterize

the target system behavior in presence of faults and a set of measures M that are

derived from the analysis and processing of the FA R sets. Together, the FARM sets

2 Recent work oriented towards the development of (fault injection-based) dependability bench-

marks (e.g., see Kanoun and Spainhower 2008 ) has adapted the notions attached to the A and F

domains to the ones of Workload and Faultload , respectively.

Search WWH ::

Custom Search

Home