Formal assessment of reliability specifications in embedded cyber-physical systems

Reliability has become an integral component of the design intent of embedded cyber-physical systems. Safety-critical embedded systems are designed with specific reliability targets, and design practices include the appropriate allocation of both spatial and temporal redundancies in the implementation to meet such requirements. With increasing complexity of such systems and considering the large number of components in such systems, redundancy allocation requires a formal scientific basis. In this work, we profess the analysis of the redundancy requirement upfront with the objective of making it an integral part of the specification. The underlying problem is one of synthesizing a formal specification with built-in redundancy artifacts, from the formal properties of the error-free system, the error probabilities of the control components, and the reliability target. We believe that upfront formal analysis of redundancy requirements is important in budgeting the resource requirements from a cost versus reliability perspective. Several case-studies from the automotive domain highlight the efficacy of our proposal.

[1]  Pallab Dasgupta,et al.  Formal Verification of Architectural Power Intent , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[2]  Pallab Dasgupta,et al.  A Roadmap for Formal Property Verification , 2006 .

[3]  Nancy G. Leveson,et al.  An investigation of the Therac-25 accidents , 1993, Computer.

[4]  Ansuman Banerjee,et al.  POWER-TRUCTOR: An Integrated Tool Flow for Formal Verification and Coverage of Architectural Power Intent , 2013, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[5]  Nils J. Nilsson,et al.  Principles of Artificial Intelligence , 1980, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[6]  Barry W. Johnson Design & analysis of fault tolerant digital systems , 1988 .

[7]  Oded Maler,et al.  The Unmet Challenge of Timed Systems , 2014, FPS@ETAPS.

[8]  Hagbae Kim,et al.  Design and Analysis of an Optimal Instruction-Retry Policy for TMR Controller Computers , 1996, IEEE Trans. Computers.

[9]  Algirdas Avizienis,et al.  Fault Tolerance by Design Diversity: Concepts and Experiments , 1984, Computer.

[10]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[11]  Robert Geist,et al.  Selection of a checkpoint interval in a critical-task environment , 1988 .

[12]  Stephan Merz,et al.  Model Checking , 2000 .

[13]  Robert S. Swarz,et al.  Reliable Computer Systems: Design and Evaluation , 1992 .

[14]  Dave E. Eckhardt,et al.  A theoretical investigation of generalized voters for redundant systems , 1989, [1989] The Nineteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[15]  Pallab Dasgupta,et al.  Taming the component timing: A CBD methodology for real-time embedded systems , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[16]  Rosziati Ibrahim Formal Methods for Component-Based Systems , 1998, ECOOP Workshops.

[17]  R. Ramaswami,et al.  Book Review: Design and Analysis of Fault-Tolerant Digital Systems , 1990 .

[18]  Ansuman Banerjee,et al.  Design-Intent Coverage - A New Paradigm for Formal Property Verification , 2006, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[19]  Kameyama,et al.  Design of Dependent-Failure-Tolerant Microcomputer System Using Triple-Modular Redundancy , 1980, IEEE Transactions on Computers.

[20]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[21]  C. Krishna,et al.  Reliability of checkpointed real-time systems using time redundancy , 1993 .

[22]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[23]  William K. Lam Hardware Design Verification: Simulation and Formal Method-Based Approaches (Prentice Hall Modern Semiconductor Design Series) , 2005 .

[24]  Hagbae Kim,et al.  A Time Redundancy Approach to TMR Failures Using Fault-State Likelihoods , 1994, IEEE Trans. Computers.

[25]  Pallab Dasgupta,et al.  Time-budgeting: a component based development methodology for real-time embedded systems , 2012, Formal Aspects of Computing.

[26]  Byung Kook Kim,et al.  Reliability analysis of real-time controllers with dual-modular temporal redundancy , 1999, Proceedings Sixth International Conference on Real-Time Computing Systems and Applications. RTCSA'99 (Cat. No.PR00306).

[27]  Alberto Martelli,et al.  Additive AND/OR Graphs , 1973, IJCAI.

[28]  Pallab Dasgupta,et al.  Formal Methods for Early Analysis of Functional Reliability in Component-Based Embedded Applications , 2013, IEEE Embedded Systems Letters.

[29]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[30]  Alon Itai,et al.  Timing Verification by Successive Approximation , 1992, CAV.

[31]  Byung Kook Kim,et al.  Probabilistic Schedulability Analysis of Harmonic Multi-Task Systems with Dual-Modular Temporal Redundancy , 2004, Real-Time Systems.

[32]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[33]  M. Kameyama,et al.  Design of Dependent-Failure-Tolerant Microcomputer System Using Triple-Modular Redundancy , 1980 .