170 likes | 405 Views
Fault Injection Tool. Pavel Čírtek. Contents. Introduction C-Sim based components Fault injector component Conclusion. Definitions. Fault tolerant systems are used in safety critical applications.
E N D
Fault Injection Tool Pavel Čírtek Fault injection tool
Contents • Introduction • C-Sim based components • Fault injector component • Conclusion Fault injection tool
Definitions • Fault tolerant systems are used in safety critical applications. • Fault tolerant (FT) system – a system that provides required functionality even in the presence of faults. • Safety critical application – the cost of a failure is much higher than the price of the system, e.g. human lives are in danger, a production plant is stopped. • Real-time (RT) system – the system responds to events immediately as they occur. Hard RT systems provide guaranteed deadlines. Fault injection tool
Fault Tolerance • A fault is a random or malicious defect introduced to the system. A fault may cause an error state of the system. • A system enters error state if its normal operation can not be performed anymore (due to a fault). A recognized error does not mean a failure of the system. • The system fails if it no longer meets the requirements for proper functions. Fault injection tool
C-Sim based components • Simulation library • Simulation world • Simulation model • Simulation program Fault injection tool
Simulation library • A simulation library is a set of object types definitions and it is not executable itself. • Object type can be: • passive (LINK, HEAD) • active (PROCESS) • Construction for creating object type: • typedef struct {…} TYPE_NAME; • Types methods can be created as C language functions with one parameter typed as TYPE_NAME*. Fault injection tool
Simulation world • Simulation world is on object type that describes an activity, i.e. it is a process type or it contains at least one attribute of a process type or it contains an attribute of another world type • Public methods: • Constructor • Interaction(s) - functions to exchange data • Execution - specializad constructor. Creates a separate event list. Fault injection tool
Sim. model and program • Simulation model (SM) is a statically structured set of simulation worlds. • Sim. model instance is interconnected set of simulation worlds instances. • Sim. program (SP)executes sim. model. • Functions in sim. program: • init -creates a model instance • some form of main - simulation loop (because of present C-Sim doesn’t support a world execution constructor) Fault injection tool
Fault injector component • Problem of construction of an universal fault-injector component (world FIC) • It should be attached to any C-Sim based simulation model of FT system (world MFTC) • Two basic types of fault injection: • asynchronous – FI emits fault whenever • synchronous – FI emits fault according to model-time value and/or its internal state Fault injection tool
Simulation world of FI • Constructor (if any) only prepare environment for creating faults • Type of fault is a class that have its own constructor and attributes • A fault is an instance of this class • State of fault: • active – fault injection already running • passive – fault is waiting for an activation Fault injection tool
Fault types • Single-bit fault – random setting of a bit within a continuous memory array • Multiple fault – group of M single-bit faults in one model time-point • Burst of faults – Poisson stream of K multiple faults • Stream of bursts – Poisson stream of events, where one event means one burst of faults Fault injection tool
FIC config table • FIC config table (FICC)– one row describes one fault: • pointer to fault • state • index (key) • One instance of FICC should “inter-connect” both worlds FIC and MFTC Fault injection tool
Interaction (MFTC to FIC) • FIC have to have method run_fault(). This function is called from an instance of MFTC world whenever it wants to “trigger fault” • Parameters: • Pointer to FICC instance – identifies the interconnection object • Index (key) into FICC – selects the fault Fault injection tool
Interaction (FIC to MFTC) • MFTC should have methods: • fi_result() – returns a result of (a previous) fault injection. Parameter of function should be a pointer to FICC instance and index into FICC • init_fi() – should be called during SM construction. Parameter is pointer to FICC instance. Fault injection tool
Interaction • Three main ways of interaction: • From FIC to MFTC: • the fault injection itself (asynchronous faults) • the test of injection result • From MFTC to FIC • calling a fault (synchronous faults) Fault injection tool
Inicialization • initialization function should do following steps: • create instance of MFTC (using its constructor) • create instance of FIC (i.e. create all necessary faults instances) • create instance of FICC and fill fault parameters into rows of table • call MFTC init_fi() function Fault injection tool
Conclusion • current version of FIC is customized for a TTP/C protocol based on FT systems • advantages of this solutions: • universal FI component • synchronous fault calling • disadvantages: • no easy way for massive faults injection experiments Fault injection tool