Critical Systems using Parametric Expressions Mira Supal 1 , Arthur - PowerPoint PPT Presentation

Architecture Analysis of Safety Critical Systems using Parametric Expressions Mira Supal 1 , Arthur Bekaryan 2 , Joseph Wysocki 2 , and Rami Debouk 1 1 General Motors Corporation 2 HRL Laboratories, LLC April 4 th , 2006

Outline  Motivation  Objective  Modeling and Analysis ▪ Classical RAMS Modeling ▪ Analysis Approach ▪ Assumptions ▪ Parametric Expression  Results  Discussion  Summary 2 2006-01-1057

X-By-Wire Systems  Systems where driver-operated controls are electronically linked to the objects being controlled  X-by-wire systems have advantages over the mechanical systems they replace ▪ Augment normal capabilities of human drivers by incorporating additional intelligence in the control algorithms ▪ Serve as enablers for emerging safety technologies such as collision warning and lane keeping ▪ Packaging, improved reliability, reduction in the use of hydraulic fluids, and manufacturing and test cost savings 3 2006-01-1057

Fault Tolerant Architectures and Safety Critical Systems By-wire systems must be tolerant to faults with safety critical impacts   Fail Silent: may use redundancy or some other control technique  Fail Operational: requires redundancy Redundancy is necessary to ensure that these faults do not cause  subsystems to fail in a catastrophic manner Economical implementation of redundancy is required where one by-wire  feature may provide backup capabilities to another by-wire feature  The integration of by- wire systems requires an upfront “systems” design related to the fault tolerant architecture 4 2006-01-1057

Shared Redundancy Concept (Wysocki, Debouk, and Nouri, Proceedings of 2004 RAMS)  Sharing HW and distributing SW over shared HW  Main and backup processes for a given task run on different processors  A backup process may be a duplication of the primary process, or may provide reduced functionality (compared to the main process)  One subsystem may compensate for the failure of another subsystem 5 2006-01-1057

Objective  Architecture design could benefit from an early system safety assessment  Improve design  Shorten design cycle  Investigate and analyze the concept of a parametric expression for the design of architectures supporting safety/mission critical functions or subsystems  Can be used to determine the acceptability of the design and understand system tradeoffs (reliability vs. redundancy) at the highest design levels 6 2006-01-1057

Modeling and Analysis  Classical RAMS Modeling  Reliability Block Diagrams for an I/O relationship  Network connectivity  Components that fail independently  Failure and repair characteristics of each component  Fault tree analysis and simulations to account for dynamical behavior over system lifetime 7 2006-01-1057

Reliability Block Diagram (RBD) X 1N X 11 X 11 X 12 X 11 X 2N X 21 X 22 Level of Redundancy = M X M -1,N X M -1 ,1 X M -1,2 X M 1 X M 2 X M N N um ber of C om ponents = N 8 2006-01-1057

Analysis Approach Component X ij unavailability    X   ij X Q Pr    ij X ij X X ij ij 1   X ij MTTF X ij 1   X ij MTTR X ij MTTF: Mean Time To Failure MTTR: Mean Time To Repair 9 2006-01-1057

System Unavailability  Reduce the MxN RBD into a series of N aggregated components Parallel Network 1 Parallel Network 2 Parallel Network N  Compute the unavailability of the aggregated components     M     Network j X Pr Pr ij  i 1  Compute the unavailability of the system        N M         ij    System Pr 1 1              j 1 i 1 ij ij 10 2006-01-1057

Assumptions  Components have independent failures  Equal failure rates of component  Equal repair rates of components       t 2 t = system lifetime  11 2006-01-1057

Parametric Expression Figure of Merit (FOM) = w1 * D + w2 * F F = expected number of system failures D = total system downtime w1 and w2 are weighting factors 12 2006-01-1057

Total System Downtime Total System Downtime = Q System * t Q System = system unavailability t = system lifetime 13 2006-01-1057

Expected Number of System Failures    Component Unavailability Q        Failure Frequency (Reference 3 in paper)     The component unavailability and failure frequency need to be evaluated for all the cutsets within the system  Mathematically we have the n-component cutset unavailability as n   Q Q cutset i  i 1 14 2006-01-1057

Expected Number of System Failures  Mathematically we have the n-component cutset frequency as n n      Q cutset j i   j 1 i 1  i j  With all the assumptions we have  n n 1          and          n     Q         cutset        cutset   15 2006-01-1057

Expected Number of System Failures In order then to calculate the number of expected failures for the  overall system, it is necessary to first determine the failure frequency of the system    m 1      n 1 n                       m n   1                system             From Reference 3 in paper, the expected number of failures is  t    2   W t , 2 t ( t ) dt 1 t 1    m 1 or      n 1 n                       W ( 0 , t ) m n   1   t                          16 2006-01-1057

Results Parametric expression approach applied to the following 3  component architectures  Dual parallel  Dual networked  Triple parallel  Triple networked Results compared to classical Monte Carlo simulations of fault tree  analysis techniques of the same architectures Results compared to the output generated by the ITEM Toolkit (a  RAMS software tool) with the above architectures as RBD input 17 2006-01-1057

Results System Downtime Comparison DP Item DP Expression 100.000 DP Simulation Downtime (Hrs) 80.000 TP Item 60.000 TP Expression TP Simulation 40.000 DN Item 20.000 DN Expression 0.000 DN Simulation 0 5 0 3 5 8 0 3 3 8 2 0 5 1 3 0 2 0 . . . . . . . . . 0 1 2 2 8 3 5 6 0 TN Item 2 3 5 6 7 8 2 5 5 1 1 2 TN Expression MTTF/MTTR TN Simulation 18 2006-01-1057

Results DP Item System Expected Failures Comparison DP Expression 10.000 DP Simulation Number of Failures 8.000 TP Item 6.000 TP Expression TP Simulation 4.000 DN Item 2.000 DN Expression 0.000 DN Simulation 125.00 156.25 250.00 20.83 31.25 52.08 62.50 78.13 83.33 TN Item TN Expression MTTF/MTTR TN Simulation 19 2006-01-1057

Results Figure of Merit Comparison 2.500 DP Item DP Expression Normalized Downtime + Normalized # of Failures 2.000 DP Simulation TP Item 1.500 TP Expression TP Simulation DN Item 1.000 DN Expression DN Simulation 0.500 TN Item TN Expression TN Simulation 0.000 20.83 31.25 52.08 62.50 78.13 83.33 125.00 156.25 250.00 Normalized Availability 20 2006-01-1057

Discussion The experiments conducted suggest that the parametric expression  method provides results that approximate closely the results from the classical techniques. Furthermore, the results match for most of the architecture  representations that are of interest for safety critical systems Therefore, it follows that since the parametric expression method is  an efficient assessment it can effectively be used at the early stages of design for architecture exploration without compromising accuracy. 21 2006-01-1057

Discussion  To enable the parametric expression method concept for architecture exploration, we developed an interactive engineering tool.  The objective of the tool is to involve the designer in the exploration of design tradeoffs in reliability and redundancy. 22 2006-01-1057

Discussion  Through a graphical user interface, the designer selects a number of architecture structures and defines the reliability metrics of the system components.  All the equations are automatically evaluated within the tool.  Finally, results are automatically presented for viewing and evaluation.  Since the analysis is very simple and quick, it can accommodate an iterative process of exploration in which the designer can easily modify the architecture or even the component metrics to direct the exploration to design requirements. 23 2006-01-1057