Fault-Tolerant ComputingAbout This PresentationTerminology, Models, and Measures for DependabilitySlide 4Impairments to DependabilityThe Fault-Error-Failure CycleThe Four-Universe ModelUnrolling the Fault-Error-Failure CycleMultilevel ModelAnalogy for the Multilevel ModelWhy Our Concern with Dependability?Highly Dependable Computer SystemsAspects of DependabilityConcepts from Probability TheorySome Simple Probability DistributionsReliability and MTTFFailure Distributions of InterestComparing ReliabilitiesAvailability, MTTR, and MTBFSystem Up and Down TimesPerformability and MCBFSystem Up, Partially Up, and Down TimesIntegrity and SafetyOct. 2007 Terminology, Models, and Measures Slide 1Fault-Tolerant Computing Basic Concepts and ToolsOct. 2007 Terminology, Models, and Measures Slide 2About This PresentationEdition Released Revised RevisedFirst Oct. 2006 Oct. 2007This presentation has been prepared for the graduate course ECE 257A (Fault-Tolerant Computing) by Behrooz Parhami, Professor of Electrical and Computer Engineering at University of California, Santa Barbara. The material contained herein can be used freely in classroom teaching or any other educational setting. Unauthorized uses are prohibited. © Behrooz ParhamiOct. 2007 Terminology, Models, and Measures Slide 3Terminology, Models, and Measures for DependabilityOct. 2007 Terminology, Models, and Measures Slide 4Oct. 2007 Terminology, Models, and Measures Slide 5 Impairments to DependabilityErrorMalfunctionDegradationFailureFaultIntrusionHazardDefectFlawBugCrashOct. 2007 Terminology, Models, and Measures Slide 6 The Fault-Error-Failure CycleSchematic diagram of the Newcastle hierarchical model and the impairments within one level.FailureAspect ImpairmentStructure Fault State Error BehaviorIncludes both components and design0 00Fault CorrectsignalReplaced with NAND?Oct. 2007 Terminology, Models, and Measures Slide 7 The Four-Universe ModelCause-effect diagram for Avižienis’ four-universe model of impairments to dependability.Universe ImpairmentPhysical Failure Logical Fault Informational Error External CrashOct. 2007 Terminology, Models, and Measures Slide 8 Unrolling the Fault-Error-Failure CycleCause-effect diagram for an extended six-level view of impairments to dependability.Abstraction ImpairmentComponent Defect Logic Fault Information Error System Malfunction Service Degradation Result FailureLow- LevelMid- LevelHigh- LevelFirst CycleSecond CycleFailureAspect ImpairmentStructure Fault State Error BehaviorOct. 2007 Terminology, Models, and Measures Slide 9 Multilevel ModelComponentLogicServiceResultInformationSystemLow-Level ImpairedMid-Level ImpairedHigh-Level ImpairedInitial EntryDeviationRemedyLegned: IdealDefectiveFaultyErroneousMalfunctioningDegradedFailedLegend:ToleranceEntryOct. 2007 Terminology, Models, and Measures Slide 10 Analogy for the Multilevel ModelAn analogy for our multi-level model of dependable computing. Defects, faults, errors, malfunctions, degradations, and failures are represented by pouring water from above. Valves represent avoidance and tolerance techniques. The goal is to avoid overflow.Wall heights represent inter-level latenciesDrain valves represent tolerance techniquesConcentric reservoirs are analogs of the six model levels, with defect being innermostIIIIIII I I I I IInlet valves represent avoidance techniquesOct. 2007 Terminology, Models, and Measures Slide 11 Why Our Concern with Dependability?Reliability of n-transistor system, each having failure rate  R(t) = e–nt There are only 3 ways of making systems more reliableReduce Reduce n1.00.80.60.40.20.0e–n t.9999 .9990 .9900.9048.36791010 810 610 410 nt Reduce tAlternative:Change the reliability formula by introducing redundancy in systemOct. 2007 Terminology, Models, and Measures Slide 12 Highly Dependable Computer SystemsLong-life systems: Fail-slow, Rugged, High-reliabilitySpacecraft with multiyear missions, systems in inaccessible locationsMethods: Replication (spares), error coding, monitoring, shieldingSafety-critical systems: Fail-safe, Sound, High-integrityFlight control computers, nuclear-plant shutdown, medical monitoringMethods: Replication with voting, time redundancy, design diversityNon-stop systems: Fail-soft, Robust, High-availabilityTelephone switching centers, transaction processing, e-commerceMethods: HW/info redundancy, backup schemes, hot-swap, recoveryJust as performance enhancement techniques gradually migrate from supercomputers to desktops, so too dependability enhancement methods find their way from exotic systems into personal computersOct. 2007 Terminology, Models, and Measures Slide 13 Aspects of DependabilityReliabilityMaintainabilityAvailabilityPerformabilitySecurityIntegrityServiceabilityTestabilitySafetyRobustnessResilienceReliability, MTTF = MTFFRisk, consequenceControllability,observabilityPerformability, MCBFPointwise av., Interval av., MTBF, MTTROct. 2007 Terminology, Models, and Measures Slide 14 Concepts from Probability TheoryCumulative distribution function: CDFF(t) = prob[x  t] =  0 f(x) dx tProbability density function: pdff(t) = prob[t  x  t + dt] / dt = dF(t) / dt Time0 10 20 30 40 50Time0 10 20 30 40 50Time0 10 20 30 40 501.00.80.60.40.20.0CDFpdf0.050.040.030.020.010.00F(t)f(t)Expected value of xEx =  x f(x) dx = k xk f(xk) Lifetimes of 20 identical systemsCovariance of x and yx,y = E [(x – Ex)(y – Ey)] = E [x y] – Ex Ey Variance of xx =  (x – Ex)2 f(x) dx = k (xk – Ex)2 f(xk) 2Oct. 2007 Terminology, Models, and Measures Slide 15 Some Simple Probability DistributionsCDFpdfF(x)f(x)1Uniform Exponential NormalBinomialCDFpdfCDFpdfCDFOct. 2007 Terminology, Models, and Measures Slide 16 Reliability and MTTFReliability: R(t)Probability that system remains in the “Good” state through the interval [0, t] Two-state nonrepairable systemR(t + dt) = R(t) [1 – z(t) dt]Hazard functionConstant hazard function z(t) =   R(t) = e–t (system failure rate is independent of its age) R(t) = 1 – F(t) CDF of the system lifetime, or its unreliabilityExponential reliability lawMean time to failure: MTTFMTTF =  t f(t) dt =  R(t) dt  Expected value of lifetimeArea under the reliability curve(easily provable)Start stateFailureUp DownOct. 2007 Terminology, Models, and Measures