Physical Fault Models and Fault Tolerance - Models in Hardware Testing

Hardware Reference

In-Depth Information

Fig. 8.17

Distribution of exceptions provoked by the HI, PF and EI techniques

The results of the analysis conducted on the MARS self-checking node showed

that the four injection techniques are rather complementary, i.e., they exercise, to a

large extent, different types of error detection mechanisms. This advocates for the

application of various techniques to improve the confidence in the assessment of the

properties of a target fault-tolerant system.

Indeed, the extensive sets of test sequences significantly contributed to get con-

viction in the ability of the MARS nodes to sustain the “fail silence” property.

It was also shown that, beyond the hardware and system software error detection

mechanisms (EDMs), the application-level detection mechanisms are necessary for

achieving a very high coverage on the fail silence assumption. Indeed, although the

time-slice controller effectively prevents fail silence violations in the time domain,

fail silence violations in the value domain were observed for all four injection tech-

niques when double execution of tasks was not used.

We conclude by addressing some practical issues that have also to be taken into

account when selecting a fault injection technique. In addition to fault represen-

tativeness (i.e., the plausibility of the supported fault model with respect to actual

faults) that is one concern that is often raised in conjunction with fault injection

experiments, and for the study of which we provided a conceptual frame and objec-

tive insights, a wide range of criteria can be considered to assess the merits of the

fault injection techniques. Without any claim for an exhaustive analysis, we have

considered the following eight basic properties: reachability , controllability , with

respect to space and time , repeatability (with respect to experiments), reproducibil-

ity (with respect to results), non-intrusiveness , the possibility for time measurement

(e.g., error detection latency) and the efficacy to generate significant experiments.

A characterization of the considered fault injection techniques with respect to

these eight basic properties is shown in Table 8.6 . Further insights can be found

in Arlatetal. ( 2003 ) . For each property, the techniques are graded according to the

scale none , low , medium and high . It is worth noting that, although it is quite generic

Search WWH ::

Custom Search

Home