Dependability Analysis and Enhancement of Real-Time

Embedded Systems

Dawid Trawczynski, MSc.Advisor: Janusz Sosnowski, Prof.

Warsaw University of Technology

Department of Electronics and Information Technology

Computer Science Institute

22 December, 2009

Outline

• Thesis and objective• Dependability problems in embedded

systems• Faults – models, detection and correction• Research methods• Case study• Summary

Thesis

Integrated structural and functional modeling of an embedded, real-time embedded system enables more accurate dependability (in comparison to existing approaches) analysis and enhancement. The effectiveness of the latter process is influenced by many factors such as control algorithms, characteristics of the controlled object, and system environment.

Objective

• Definition and analysis of fault models important in real-time (RT) embedded systems

• Development of an integrated environment needed to study fault effects in embedded systems

• Analysis and development of methods that can improve system’s resistance to faults

Dependability Problems in Embedded Systems

• Fault set extension and development of fault handling mechanisms

• Integration of various modeling and fault simulation tools

– controller (local, distributed, network, task scheduler)– controlled object and scheduler

• Selection of testing scenarios– normal– critical

• System behavior monitoring and its qualification– interaction dynamics and grading complexity

Fault Models

• Structural– transient („latched” i „non-latched”)– permanent– intermittent

• Abstract (functional)– control-flow in a real-time network’s protocol MAC

FSM– task execution delay– message transmission delay in a RT network– clock synchronization

Fault Detection and Handling• Integration of programmed procedures

with system exception handling• Mechanisms exploiting natural

system’s behavior and redundancy– simple and complex assertions– a TREE method for the task execution

delay fault

Dependability Analysis Methods

• Analytical and stochastic approaches(e.g., Markov Chains)

• Simulation methods – Model of the analyzed system– Real systems– Hybrids

• Fault injection– Software (SWIFI)– Hardware (HWIFI)

Integrated Simulation Environment

Integration of a real-time simulator and fault injector:TrueTime + Matlab/Simulink + FITS + MSVC

Simulation-Based Dependability Research Method

• Development of a structural and functional model for the application and environment

• Instrumentation of the target application• Integration of models with the fault simulator• Fault injection (abstract and transient ) –

testing scenarios, localization, and fault activation

• System’s behavior qualification

Case Study

Anti-Lock Braking System (ABS)

Single-Wheel ABS Model• PID controller modulating brake fluid pressure

• Environment consisting of a dynamic wheel, tire and suspension models

SWabs Algorithm

Four-Wheel ABS Model

DSlip and DSim Algorithms

Distributed Task

Schedule

Experiments

• Single and four-wheel ABS models• Tested the controller and RT network• Transient faults („latched” and „non-

latched”) and abstract (functional)• Application behavior statistics (C,I,S,T)

Integration of System Exception Handling

0%

20%

40%

60%

80%

100%

REG MEM FPU CODE INSTR

INC C T S

Selective Assertions

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Slip Tresh.

Slip Tresh. Wzm.

Filter TConst.

Filter Tconst. Wzm.

Filter Gain

Filter Gain Wzm.

Int. Sample Time

Int. Sample Time Wzm.

Tire Radius

Tire Radius Wzm.

C INC S T

Fault Resilience and Program Design

0%

20%

40%

60%

80%

100%

REG PTR

REGM

EM PTR

MEM

CODE PTR

CODE

INST PTR

INSTFPU PTR

FPU

C INC S T

Task Execution Delay Fault

Contributions• Fault set extension and development of new fault

handling methods• Development of an embedded system dependability

analysis method– method takes into account external environment– result qualification method and analysis of fault

effects on system behavior– effectiveness analysis of programmable fault

tolerance mechanisms• Integrated simulation environment

– enhancement of a RT simulator– interfacing of various design environments

• Complex implementation of a realistic case-study

Observations• Fault susceptibility is dependant on system

dynamics, control phase, and ability to mask faults via the feedback loop

• Effective fault handling can achieve over 90% transient fault coverage

• Complex handling mechanisms have significant drawbacks

• Result qualification and code separation are essential to guarantee trustworthy simulation results

• Future research– Automatic abstract fault injection and mapping to structural

faults– Fault injection benchmark development

Thank You for Attention!

Network PFSM MAC Control-Flow Fault

Worst-Case Task Execution Delay Fault

∑=

=n

kks

1it

∑=

+=n

kkk ts

1

'i ))((t φ

: fault-free task i WCET

: faulty task i WCET

Message Delay Fault

Cm,MDF = Cm + C'm

C'm = (8sm + smdf)τbit where smdf (β) = [0,103] bytes

bitmm

m ss

C τ

++

+= 847

5

834: CAN bus

Clock Synchronization Fault

fnew = (p-1) * fo, where 1 > p ≥ 0

p = [10-2, 100] sec./sec.