Hardware Reference
In-Depth Information
The application is taken from the rolling ball demonstration ( Kopetz et al. 1991 ):
a ball is kept rolling along a circular path on a tiltable plane by controlling the two
horizontal axes of the plane by servo motors and observing the position of the ball
with a video camera. However, the tiltable plane and the camera are not present in
the set-up used in the fault injection experiments; instead, the data from the camera
is simulated by a data generation task running on the data generation node. The
task provides the nominal and actual values of the position, speed and acceleration
of the ball.
A fifth node is included that serves as a gateway between a local area network
(LAN) and the MARS network. It is required for loading the entire application and
for reloading the NUT. A host computer (Unix workstation) connected to the LAN
is used for supervising the experiments, i.e., reloading failed nodes and collecting
data from each experiment for further analysis.
Figure 8.16 also depicts the specific interactions with the HWIFI devices. The ex-
periments are managed by the workstation and controlled by the comparator node.
When the comparator node detects an error, it reports the error type to the worksta-
tion and turns off the power to the NUT with the signal P-NUT. Signal F-NUT
is used to discontinue fault injection. 6 Then, the NUT is powered-up again and
restarted. Upon restart, the memorized error data is sent to the workstation via two
serial lines (one for each processing unit). 7 Once the NUT has been restarted, the
workstation immediately initiates the downloading of the application via the gate-
way node. When the application has been restarted, the comparator node enables
fault injection (signal F-NUT) and a new experiment run begins.
8.3.4.3
Examples of Results
Several combinations of the end-to-end EDMs were used for the four fault injection
techniques considered:
NOAM: no application level mechanisms, i.e., single execution and no check-
sums
SEMC: single execution, message checksums
DEMC: double executions, message checksums
TEMC: triple executions, message checksums; only for HI experiments
We focus only on the NOAM case for which all techniques provide a large ratio
of hardware error detection (more than 70%). Indeed, when the application-level
EDMs are enabled, an important percentage of hardware detections is maintained
for the HWIFI techniques (and to some extent for SWIFI on the code segment -
more than 60%), but that percentage is significantly reduced (less than 5%) when
injecting on the data segment. This suggests that the faults injected in the code
6 Such a direct control on the injected fault is not possible in the case of the software-implemented
fault injection technique used (see Section 8.3.2.4).
7 If the error was not detected by the NUT itself, then the node has no error information available
and sends only a status message.
Search WWH ::




Custom Search