Techniques for the Fast Simulation of Models of Highly dependable Systems

With the ever-increasing complexity and requirements of highly dependable systems, their evaluation during design and operation is becoming more crucial. Realistic models of such systems are often not amenable to analysis using conventional analytic or numerical methods. Therefore, analysts and designers turn to simulation to evaluate these models. However, accurate estimation of dependability measures of these models requires that the simulation frequently observes system failures, which are rare events in highly dependable systems. This renders ordinary Simulation impractical for evaluating such systems. To overcome this problem, simulation techniques based on importance sampling have been developed, and are very effective in certain settings. When importance sampling works well, simulation run lengths can be reduced by several orders of magnitude when estimating transient as well as steady-state dependability measures. This paper reviews some of the importance-sampling techniques that have been developed in recent years to estimate dependability measures efficiently in Markov and nonMarkov models of highly dependable system

Failure distance based bounds of dependability measures

El tema d'aquesta tesi és el desenvolupament de mètodes de fitació per a una classe de models de confiabilitat basats en cadenes de Markov de temps continu (CMTC) de sistemes tolerants a fallades.Els sistemes considerats a la tesi es conceptualitzen com formats per components (hardware o software) que fallen i, en el cas de sistemes reparables, són reparats. Els components s'agrupen en classes de forma que els components d'una mateixa classe són indistingibles. Per tant, un component és considerat com a una instància d'una classe de components i el sistema inclou un bag de classes de components definit sobre un cert domini. L'estat no fallada/fallada del sistema es determina a partir de l'estat no fallada/fallada dels components mitjançant una funció d'estructura coherent que s'especifica amb un arbre de fallades amb classes d'esdeveniments bàsics. (Una classe d'esdeveniment bàsic és la fallada d'un component d'una classe de components.)La classe de models basats en CMTC considerada a la tesi és força àmplia i permet, per exemple, de modelar el fet que un component pot tenir diversos modes de fallada. També permet de modelar fallades de cobertura mitjançant la introducció de components ficticis que no fallen per ells mateixos i als quals es propaguen les fallades d'altres components. En el cas de sistemes reparables, la classe de models considerada admet polítiques de reparació complexes (per exemple, nombre limitat de reparadors, prioritats, inhibició de reparació) així com reparació en grup (reparació simultània de diversos components). Tanmateix, no és possible de modelar la reparació diferida (és a dir, el fet de diferir la reparació d'un component fins que una certa condició es compleixi).A la tesi es consideren dues mesures de confiabilitat: la no fiabilitat en un instant de temps donat en el cas de sistemes no reparables i la no disponibilitat en règim estacionari en el cas sistemes reparables.Els mètodes de fitació desenvolupats a la tesi es basen en el concepte de "distància a la fallada", que es defineix com el nombre mínim de components que han de fallar a més dels que ja han fallat per fer que el sistema falli.A la tesi es desenvolupen quatre mètodes de fitació. El primer mètode dóna fites per a la no fiabilitat de sistemes no reparables emprant distàncies a la fallada exactes. Aquestes distàncies es calculen usant el conjunt de talls mínims de la funció d'estructura del sistema. El conjunt de talls mínims s'obté amb un algorisme desenvolupat a la tesi que obté els talls mínims per a arbres de fallades amb classes d'esdeveniments bàsics. El segon mètode dóna fites per a la no fiabilitat usant fites inferiors per a les distàncies a la fallada. Aquestes fites inferiors s'obtenen analitzant l'arbre de fallades del sistema, no requereixen de conèixer el conjunt de talls mínims i el seu càlcul és poc costós. El tercer mètode dóna fites per a la no disponibilitat en règim estacionari de sistemes reparables emprant distàncies a la fallada exactes. El quart mètode dóna fites per a la no disponibilitat en règim estacionari emprant les fites inferiors per a les distàncies a la fallada.Finalment, s'il·lustren les prestacions de cada mètode usant diversos exemples. La conclusió és que cada un dels mètodes pot funcionar molt millor que altres mètodes prèviament existents i estendre de forma significativa la complexitat de sistemes tolerants a fallades per als quals és possible de calcular fites ajustades per a la no fiabilitat o la no disponibilitat en règim estacionari.The subject of this dissertation is the development of bounding methods for a class of continuous-time Markov chain (CTMC) dependability models of fault-tolerant systems.The systems considered in the dissertation are conceptualized as made up of components (hardware or software) that fail and, for repairable systems, are repaired. Components are grouped into classes, the components of the same class being indistinguishable. Thus, a component is regarded as an instance of some component class and the system includes a bag of component classes defined over a certain domain. The up/down state of the system is determined from the unfailed/failed state of the components through a coherent structure function specified by a fault tree with basic event classes. (A basic event class is the failure of a component of a component class.)The class of CTMC models considered in the dissertation is quite wide and allows, for instance, to model the fact that a component may have different failure modes. It also allows to model coverage failures by means of introducing fictitious components that do not fail by themselves and to which uncovered failures of other components are propagated. In the case of repairable systems, the considered class of models supports very complex repair policies (e.g., limited repairpersons, priorities, repair preemption) as well as group repair (i.e., simultaneous repair of several components). However, deferred repair (i.e., the deferring of repair until some condition is met) is not allowed.Two dependability measures are considered in the dissertation: the unreliability at a given time epoch for non-repairable systems and the steady-state unavailability for repairable systems.The bounding methods developed in the dissertation are based on the concept of "failure distance from a state," which is defined as the minimum number of components that have to fail in addition to those already failed to take the system down.We develop four bounding methods. The first method gives bounds for the unreliability of non-repairable fault-tolerant systems using (exact) failure distances. Those distances are computed using the set of minimal cuts of the structure function of the system. The set of minimal cuts is obtained using an algorithm developed in the dissertation that obtains the minimal cuts for fault trees with basic event classes. The second method gives bounds for the unreliability using easily computable lower bounds for failure distances. Those lower bounds are obtained analyzing the fault tree of the system and do not require the knowledge of the set of minimal cuts. The third method gives bounds for the steady-state unavailability using (exact) failure distances. The fourth method gives bounds for the steady-state unavailability using the lower bounds for failure distances.Finally, the performance of each method is illustrated by means of several large examples. We conclude that the methods can outperform significantly previously existing methods and extend significantly the complexity of the fault-tolerant systems for which tight bounds for the unreliability or steady-state unavailability can be computed

A method for the computation of reliability bounds for non-repairable fault-tolerant systems

A realistic modeling of fault-tolerant systems requires to take into account phenomena such as the dependence of component failure rates and coverage parameters on the operational configuration of the system, which cannot be properly captured using combinatorial techniques. Such dependencies can be modeled with detail using continuous-time Markov chains (CTMC’s). However, the use of CTMC models is limited by the well-known state space explosion problem. In this paper we develop a method for the computation of bounds for the reliability of non-repairable fault-tolerant systems which requires the generation of only a subset of states. The tightness of the bounds increases as more detailed states are generated. The method uses the failure distance concept and is illustrated using an example of a quite complex fault-tolerant system whose failure behavior has the above mentioned types of dependencies.Postprint (published version

Tight steady-state availability bounds using the failure distance concept

Continuous-time Markov chains are commonly used for dependability modeling of repairable fault-tolerant computer systems. Realistic models of non-trivial fault-tolerant systems often have very large state spaces. An attractive approach for dealing with the largeness problem is the use of pruningmethods with error bounds. Several such methods for computing steady-state availability bounds have been proposed recently. This paper presents a new method which exploits the failure distance concept to bound more efficiently the behavior in the non-generated state space. It is proved that the bounding method gives tighter bounds than previous methods. Numerical analysis shows that the new bounds can be significantly tighter.Postprint (published version

Data validation and reliability calculations in digital protection systems

Imperial Users onl

Improving availability bounds using the failure distance concept

Continuous-time Markov chains are commonly used for dependability modeling of repairable fault-tolerant computer systems. Realistic models of non-trivial fault-tolerant systems easily have very large state spaces. An attractive approach which has been proposed to deal with the largeness problem is the use of pruning-based methods which provide error bounds. Using results from Courtois and Semal, a method for bounding the steady-state availability has been recently developed by Muntz, de Souza e Silva, and Goyal. This paper presents a new method based on a different approach which exploits the concept of failure distance to better bound the behavior out of the non-generated state space. The proposed method yields tighter bounds. Numerical analysis shows that the improvement is typically significant.Postprint (published version

Efficient exploration of availability models guided by failure distances

Recently, a method to bound the steady-state availability using the failure distance concept has been proposed. In this paper we refine that method by introducing state space exploration techniques. In the methods proposed here, the state space is incrementally generated based on the contributions to the steady-state availability band of the states in the frontier of the currently generated state space. Several state space exploration algorithms are evaluated in terms of bounds quality and memory and CPU time requirements. The more efficient seems to be a waved algorithm which expands transition groups. We compare our new methods with the method based on the failure distance concept without state exploration and a method proposed by Souza e Silva and Ochoa which uses state space exploration but does not use the failure distance concept. Using typical examples we show that the methods proposed here can be significantly more efficient than any of the previous methods.Postprint (published version

Solving dependability/performability irreducible Markov models using regenerative randomization

Markov models are commonly used to asses the dependability/performability of fault-tolerant systems. Computation of many dependability/performability measures for repairable fault-tolerant systems requires the transient analysis of irreducible Markov models. Examples of such measures are the unavailability at time t and the expected interval unavailability at time t. Randomization (also called uniformization) is a well-known Markov transient analysis method and has good properties: numerical stability, well-controlled computation error, and ability to specify the computation error in advance. However, the randomization method is computationally expensive when the model is stiff, as is the case for Markov models of repairable fault-tolerant systems when the mission time of interest is large. Steady-state detection is a technique recently proposed to speedup randomization when the model is irreducible. This paper points out that another method, regenerative randomization, which has the same good properties as randomization, also covers irreducible models, and compares, for the important class of irreducible failure/repair models with exponential failure and repair time distributions and repair in every state with failed components, the efficiency of the regenerative randomization method with that of randomization with steady-state detection. In the frequent case in which the initial state is the state without failed components the regenerative randomization method can be faster than randomization with steady-state detection, specially when the model is large and the failure rates are much smaller than the repair rates. For other initial probability distributions, the regenerative randomization method seems to perform worse than randomization with steady-state detection.Postprint (published version

Bounding steady-state availability models with phase type repair distributions

We propose a method to obtain bounds for the steady-state availability using Markov models in which only a small portion of the state space is generated. The method is applicable to models with phase type repair distributions and involves the solution of only 4 linear systems of the size of the generated state space, independently on the number of “return” states. A numerical example is presented to illustrate the method.Postprint (author’s final draft

Two new algorithms to compute steady-state bounds for Markov models with slow forward and fast backward transitions

Two new algorithms are proposed for the computation of bounds for the steady-state reward rate of irreducible finite Markov models with slow forward and fast backward transitions. The algorithms use detailed knowledge of the model in a subset of generated states G and partial information about the model in the non-generated portion U of the state space. U is assumed partitioned into subsets U_k,1\leq k\leq N with a “nearest neighbor” structure. The algorithms involve the solution of, respectively, |M| + 2 and 4 linear systems of size |G|, where M is the set of values of k corresponding to the subsets U_k through which the model can jump from G to U. Previously proposed algorithms for the same type of models required the solution of |S| linear systems of size |G| + N , where S is the subset of G through which the model can enter G from U, to achieve the same bounds as our algorithms, or gave less tighter bounds if state cloning techniques were used to reduce the number of solved linear systems. An availability model with system state dependent repair rates is used to illustrate the application and performance of the algorithms.Postprint (published version