Formal Design of Asynchronous Fault Detection and Identification Components using Temporal Epistemic Logic

Autonomous critical systems, such as satellites and space rovers, must be able to detect the occurrence of faults in order to ensure correct operation. This task is carried out by Fault Detection and Identification (FDI) components, that are embedded in those systems and are in charge of detecting faults in an automated and timely manner by reading data from sensors and triggering predefined alarms. The design of effective FDI components is an extremely hard problem, also due to the lack of a complete theoretical foundation, and of precise specification and validation techniques. In this paper, we present the first formal approach to the design of FDI components for discrete event systems, both in a synchronous and asynchronous setting. We propose a logical language for the specification of FDI requirements that accounts for a wide class of practical cases, and includes novel aspects such as maximality and trace-diagnosability. The language is equipped with a clear semantics based on temporal epistemic logic, and is proved to enjoy suitable properties. We discuss how to validate the requirements and how to verify that a given FDI component satisfies them. We propose an algorithm for the synthesis of correct-by-construction FDI components, and report on the applicability of the design approach on an industrial case-study coming from aerospace.Comment: 33 pages, 20 figure

SYSTEM-LEVEL HYBRID FAULT DIAGNOSABILITY WITH GENERAL TEST INVALIDATION

On the basis of a self-checking system model with general test invalidation the problem of diagnosability in the case of permanent and intermittent faults known as hybrid fault situation is discussed. Two hybrid fault models have been introduced that take into consideration the behaviour of the faulty tester. On the basis of the relationship that exists between the permanent and hybrid fault models, given the number of all units in a system, the upper bound of the number of diagnosable faulty units is defined without restriction on the test connection assignment

Efficient diagnosis of multiprocessor systems under probabilistic models

The problem of fault diagnosis in multiprocessor systems is considered under a probabilistic fault model. The focus is on minimizing the number of tests that must be conducted in order to correctly diagnose the state of every processor in the system with high probability. A diagnosis algorithm that can correctly diagnose the state of every processor with probability approaching one in a class of systems performing slightly greater than a linear number of tests is presented. A nearly matching lower bound on the number of tests required to achieve correct diagnosis in arbitrary systems is also proven. Lower and upper bounds on the number of tests required for regular systems are also presented. A class of regular systems which includes hypercubes is shown to be correctly diagnosable with high probability. In all cases, the number of tests required under this probabilistic model is shown to be significantly less than under a bounded-size fault set model. Because the number of tests that must be conducted is a measure of the diagnosis overhead, these results represent a dramatic improvement in the performance of system-level diagnosis techniques

(t, k)-diagnosable system: A generalization of the PMC models

ln this paper, we introduce a new model for diagnosable systems called (t, k)-diagnosable system which guarantees that at least k faulty units (processors) in a system are detected provided that the number of faulty units does not exceed t. This system includes classical one-step diagnosable systems and sequentially diagnosable systems. We prove a necessary and sufficient condition for (t, k)-diagnosable system, and discuss a lower bound for diagnosability. Finally, we deal with a relation between (t, k)-diagnosability and diagnosability of classical basic models

Energy-aware test connection assignment for the self-diagnosis of a wireless sensor network

Abstract Sensor nodes in Wireless Sensor Networks (WSNs) are prone to failures due to the fragile hardware, malicious attacks, or hostile or harsh environment. In order to assure reliable, long-term monitoring of the phenomenon under investigation, a major challenge is to detect node malfunctions as soon as possible and with an energy efficient approach. We address this problem by using a system-level diagnosis strategy in which the sink issues to the WSN a self-diagnosis task that involves a number of mutual tests among sensors. Based on the test outcomes, the sink executes the diagnosis procedure. This work presents an algorithm for the assignment of tests among the sensors of a WSN that assures the desired system diagnosability and that is aware of energy consumption. We show by simulation experiments that the present approach, as compared to a previous one, enables consistent energy savings on the sensors

Testing the bus guardian unit of the FTMP

Fault-tolerant multiprocessor (FTMP) operation is discussed. Fault-modeling in the bus guardian units (BGUs) is covered. Testing the BGU is discussed. A testing algorithm is proposed