Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oct. 2006 Fault Masking Slide 1 Fault-Tolerant Computing Dealing with Low-Level Impairments.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Oct. 2006 Fault Masking Slide 1 Fault-Tolerant Computing Dealing with Low-Level Impairments."— Presentation transcript:

1 Oct. 2006 Fault Masking Slide 1 Fault-Tolerant Computing Dealing with Low-Level Impairments

2 Oct. 2006 Fault Masking Slide 2 About This Presentation EditionReleasedRevised FirstOct. 2006 This presentation has been prepared for the graduate course ECE 257A (Fault-Tolerant Computing) by Behrooz Parhami, Professor of Electrical and Computer Engineering at University of California, Santa Barbara. The material contained herein can be used freely in classroom teaching or any other educational setting. Unauthorized uses are prohibited. © Behrooz Parhami

3 Oct. 2006 Fault Masking Slide 3 Fault Masking

4 Oct. 2006 Fault Masking Slide 4

5 Oct. 2006 Fault Masking Slide 5 Multilevel Model Component Logic Service Result Information System Legend: Tolerance Entry Last lecture Today

6 Oct. 2006 Fault Masking Slide 6 Handling Faults RepairDiscardAbort Prevent Remove ExposeMask AvoidTolerate Fault Quality AssuranceTestingDynamic RedundancyStatic Redundancy Full? MonitorTest Yes No PerfectFixedRestoredUnaffectedInjuredScreenedFailed-safeDegradedFailed DetectMiss DetectMiss C o m p o n e n t o r S y s t e m S t a t e Reconfigure

7 Oct. 2006 Fault Masking Slide 7 Some Options for Fault Tolerance 1. Detect and replace Dynamic redundancy (cold/hot standby) Detection via -- coding, watchdog timer, self-checking -- duplication (pair-and-spares) 2. Mask Static redundancy May revert to simplex instead of duplex Design challenges include -- synchronization for voting -- voting on imprecise results 3. Mask, diagnose, and reconfigure Hybrid redundancy Fault masked at output, but diagnosed -- e.g., via comparison with voter output Faulty circuit is replaced by spare Becomes static upon spare exhaustion V 2 3 1 Voter D 2 1 Detector Spare V S 2 3 1 4 Switch-voter Spare

8 Oct. 2006 Fault Masking Slide 8 Comparing Fault Tolerance Schemes AdvantagesDrawbacks Less powerCoverage factor (cold standby) Long lifeTolerance latency (just add spares) Immediate maskingPower/area penalty High safetyVoter critical Immediate maskingPower/area penalty Long life andSwitch-voter critical high safety V 2 3 1 Voter D 2 1 Detector Spare V S 2 3 1 4 Switch-voter Spare

9 Oct. 2006 Fault Masking Slide 9 Inherent Fault Masking in Logic Circuits 0  1 fault in b is critical b c a d f g e h z 1 0 0 0 0 0 1 0 0 0  1 fault in c or d is not critical (it is masked) 1  0 fault in a or h is not critical (it is masked) Even nonredundant circuits have some masking capability Is there a way to exploit the inherent masking capabilities of logic gates to achieve fault tolerance?

10 Oct. 2006 Fault Masking Slide 10 Interwoven Redundant Logic Let x1, x2, x3, and x4 be 4 copies of the signal x 1  0 b c a d f g e h z a1a2b1b2a1a2b1b2 a1a2b1b2a1a2b1b2 a3a4b3b4a3a4b3b4 a3a4b3b4a3a4b3b4 e1e1 e2e2 e3e3 e4e4 f1f1 f2f2 f3f3 f4f4 e1e4f1f4e1e4f1f4 1  0 change is critical for AND, subcritical for OR 0  1 change is critical for OR, subcritical for AND To mask h critical faults: Number of gates multiplied by (h + 1) 2 Gate inputs multiplied by h + 1 For h = 1, the scheme is known as Quadded logic Alternating layers of ANDs and ORs can mask each other’s critical faults 1 1 1 1

11 Oct. 2006 Fault Masking Slide 11 Interwoven Logic for Nanoelectronics Half-adder implemented in quadded logic From: http://ieeexplore.ieee.org/iel5/54/32070/01492293.pdfhttp://ieeexplore.ieee.org/iel5/54/32070/01492293.pdf IEEE D&T July-Aug. 2005 pp. 328-339 b c a s b a c s

12 Oct. 2006 Fault Masking Slide 12 Highly Reliable Logic with “Crummy” Relays Moore & Shannon, 1956 a: prob [contact made | energized] c: prob [contact made | not energized] “Make” contact (normally open) a > c “Break” contact (normally closed) a < c xy xy1 No matter how crummy the relays (i.e., how close the values of a and c), one can interconnect many of them in a redundant series-parallel structure to achieve arbitrarily high reliability

13 Oct. 2006 Fault Masking Slide 13 TMR with Perfect Voter Condition on the module reliability: R = R m [1 + (1 – R m )(2R m – 1)] (1 – R m )(2R m – 1) > 0  R m > 1/2 V 2 3 1 Voter R RmRm 1.0 0.0 1.0 0.50.0 0.5 TMR better Simplex better R t 0 0.5 1.0 ln 2 0.0 TMR Simplex MTTF: TMR 5 /6 Simplex R = 3R m 2 – 2R m 3 > R m ? RIF TMR/Simplex = (1 – R m )/(1 – R) = 1/[1 – R m (2R m – 1)]

14 Oct. 2006 Fault Masking Slide 14 TMR with Imperfect Voter Condition on the voter reliability R v > 1 / [3R m – 2R m 2 ] V 2 3 1 Voter TMR better RvRv RmRm 0.51.0 0.885 0.95 0.75 0.560.94 Simplex better Condition on the module reliability 3 – 9 – 8/R v 4 3 + 9 – 8/R v 4 < R m < dR v min / dR m = (–3 + 4R m ) / (3R m – 2R m 2 ) 2 Example: R v = 0.95 requires that 0.56 < R m < 0.94 R = R v (3R m 2 – 2R m 3 ) > R m ?

15 Oct. 2006 Fault Masking Slide 15 TMR with Compensating Faults V 2 3 1 Voter Example: R m = 0.998, p 0 = p 1 = 0.001 R = 0.999,984 + 0.000,006 = 0.999,990 Basic TMR Compensation RIF TMR/Simplex = 0.002 / 0.000,016 = 125 RIF Compen/TMR = 0.000,016 / 0.000,010 = 1.6 R m = 1 – p 0 – p 1 (0- and 1-fault probabilities) R = (3R m 2 – 2R m 3 ) + 6p 0 p 1 R m

16 Oct. 2006 Fault Masking Slide 16 Implementing a Bit-Voter TMR bit-voting: y = x 1 x 2  x 2 x 3  x 3 x 1 (carry output of a single-bit full-adder) What about 5MR, 7MR? V 2 3 1 Bit-voter x1x1 x2x2 x3x3 y Other designs are also possible Arithmetic: add the bits, compare to threshold Mux-based Selection-based (majority of bit values is their median) 3-out-of-5 voter built of 2-input gatesTwo mux-based designs for a 3-out-of-5 bit-voter Gate-level design quickly explodes in size

17 Oct. 2006 Fault Masking Slide 17 Complexity of Different Bit-Voter Designs Cost of majority bit-voters as a function of the number n of inputs

18 Oct. 2006 Fault Masking Slide 18 Voting at the Word Level Using bit-by-bit voting may be dangerous One might think that in this example, any of the module outputs could be correct, so that producing 1 0 at the output isn’t all that wrong x 1 = 0 0 x 2 = 1 0 x 3 = 1 1 y = 1 0 However, with bit-by-bit voting, the output may be different from all inputs x 1 = 0 0 0 x 2 = 1 0 1 x 3 = 1 1 0 y = 1 0 0 Design of bit- and word-voting networks discussed in: Parhami, B., “Voting Networks,” IEEE TR, Aug. 1991

19 Oct. 2006 Fault Masking Slide 19 Some Simple Voter Designs If in the case of 3-way disagreement any of the inputs can be chosen, then a simple design is possible One can perform pseudo voting that yields the median of 3 analog signals (Dennis, N.G., Microelectronics and Reliability, Aug. 1974) Median and mean voting are also possible with digital signals This design can be readily generalized to a larger number of inputs 2 3 1 x1x1 x2x2 x3x3 y Compare 0101 Disagree

20 Oct. 2006 Fault Masking Slide 20 Switch for Standby Redundancy Standby redundancy requires an n-to-1 switch to select the output of the currently active module The detectors use various info to deduce fault conditions -- Error coding -- Reasonableness checks -- Watchdog timer D 2 1 Detector Spare D 2 1 Spares D 3 D n-to-1 switch Once a fault has been detected, the switch reconfigures the system by flagging the faulty unit and activating next spare in sequence If we use an n-to-2 switch and compare the two selected outputs, the configuration is known as “pair-and-spares”

21 Oct. 2006 Fault Masking Slide 21 Switch for Hybrid Redundancy Hybrid redundancy with n active and s spare modules requires an (n + s)-to-n switch to select the outputs of the active modules Self-purging redundancy is a variant of hybrid redundancy in which all modules are active at the outset, but they are purged as they disagree with the majority output V S 2 3 1 4 Switch-voter Spare...... Voter in self-purging redundancy is a threshold voter that considers the inputs with weights of 1 (active) or 0 (purged)

22 Oct. 2006 Fault Masking Slide 22 Applications of nMR and Hybrid Redundancy The Space Shuttle: Uses 5-way redundancy in hardware Originally, 3 operational units and 2 spares (one warm, one cold) More recently, 4 operational units and 1 spare Additionally, uses two independently developed software systems Japanese Shinkansen “Bullet” Train Triple-duplex system (6-fold redundancy)......

Download ppt "Oct. 2006 Fault Masking Slide 1 Fault-Tolerant Computing Dealing with Low-Level Impairments."

Similar presentations

Principles of Engineering System Design Dr T Asokan

Principles of Engineering System Design Dr T Asokan
Computer Architecture

Computer Architecture
Oct. 2007Fault MaskingSlide 1 Fault-Tolerant Computing Dealing with Low-Level Impairments.

Oct. 2007Fault MaskingSlide 1 Fault-Tolerant Computing Dealing with Low-Level Impairments.
Fault-Tolerant Systems Design Part 1.

Fault-Tolerant Systems Design Part 1.
COE 444 – Internetwork Design & Management Dr. Marwan Abu-Amara Computer Engineering Department King Fahd University of Petroleum and Minerals.

COE 444 – Internetwork Design & Management Dr. Marwan Abu-Amara Computer Engineering Department King Fahd University of Petroleum and Minerals.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
Nov. 2005Math in ComputersSlide 1 Math in Computers A Lesson in the “Math + Fun!” Series.

Nov. 2005Math in ComputersSlide 1 Math in Computers A Lesson in the “Math + Fun!” Series.
(C) 2005 Daniel SorinDuke Computer Engineering Autonomic Computing via Dynamic Self-Repair Daniel J. Sorin Department of Electrical & Computer Engineering.

(C) 2005 Daniel SorinDuke Computer Engineering Autonomic Computing via Dynamic Self-Repair Daniel J. Sorin Department of Electrical & Computer Engineering.
3. Hardware Redundancy Reliable System Design 2010 by: Amir M. Rahmani.

3. Hardware Redundancy Reliable System Design 2010 by: Amir M. Rahmani.
Self-Checking Circuits

Self-Checking Circuits
Binocular Bilateral Controller: A Hardware Fault Tolerant Implementation Marylène Audet March 2001 VLSI Testing.

Binocular Bilateral Controller: A Hardware Fault Tolerant Implementation Marylène Audet March 2001 VLSI Testing.
Oct. 2007State-Space ModelingSlide 1 Fault-Tolerant Computing Motivation, Background, and Tools.

Oct. 2007State-Space ModelingSlide 1 Fault-Tolerant Computing Motivation, Background, and Tools.
Making Services Fault Tolerant

Making Services Fault Tolerant
Oct. 2006 State-Space Modeling Slide 1 Fault-Tolerant Computing Motivation, Background, and Tools.

Oct State-Space Modeling Slide 1 Fault-Tolerant Computing Motivation, Background, and Tools.
Nov. 2006 Malfunction Diagnosis and Tolerance Slide 1 Fault-Tolerant Computing Dealing with Mid-Level Impairments.

Nov Malfunction Diagnosis and Tolerance Slide 1 Fault-Tolerant Computing Dealing with Mid-Level Impairments.
Oct. 2007Defect Avoidance and CircumventionSlide 1 Fault-Tolerant Computing Dealing with Low-Level Impairments.

Oct. 2007Defect Avoidance and CircumventionSlide 1 Fault-Tolerant Computing Dealing with Low-Level Impairments.
Oct. 2006 Error Correction Slide 1 Fault-Tolerant Computing Dealing with Mid-Level Impairments.

Oct Error Correction Slide 1 Fault-Tolerant Computing Dealing with Mid-Level Impairments.
Quantum Error Correction SOURCES: Michele Mosca Daniel Gottesman Richard Spillman Andrew Landahl.

Quantum Error Correction SOURCES: Michele Mosca Daniel Gottesman Richard Spillman Andrew Landahl.
Oct. 2006 Combinational Modeling Slide 1 Fault-Tolerant Computing Motivation, Background, and Tools.

Oct Combinational Modeling Slide 1 Fault-Tolerant Computing Motivation, Background, and Tools.
Nov. 2006Reconfiguration and VotingSlide 1 Fault-Tolerant Computing Hardware Design Methods.

Nov. 2006Reconfiguration and VotingSlide 1 Fault-Tolerant Computing Hardware Design Methods.

Similar presentations

Ads by Google