Low-energy standby-sparing for hard real-time systems

Time-redundancy techniques are commonly used in real-time systems to achieve fault tolerance without incurring high energy overhead. However, reliability requirements of hard real-time systems that are used in safety-critical applications are so stringent that time-redundancy techniques are sometimes unable to achieve them. Standby sparing as a hardwareredundancy technique can be used to meet high reliability requirements of safety-critical applications. However, conventional standby-sparing techniques are not suitable for lowenergy hard real-time systems as they either impose considerable energy overheads or are not proper for hard timing constraints. In this paper we provide a technique to use standby sparing for hard real-time systems with limited energy budgets. The principal contribution of this work is an online energymanagement technique which is specifically developed for standby-sparing systems that are used in hard real-time applications. This technique operates at runtime and exploits dynamic slacks to reduce the energy consumption while guaranteeing hard deadlines. We compared the low-energy standby-sparing (LESS) system with a low-energy timeredundancy system (from a previous work). The results show that for relaxed time constraints, the LESS system is more reliable and provides about 26% energy saving as compared to the time-redundancy system. For tight deadlines when the timeredundancy system is not sufficiently reliable (for safety-critical application), the LESS system preserves its reliability but with about 49% more energy consumptio

A Survey of Fault-Tolerance Techniques for Embedded Systems from the Perspective of Power, Energy, and Thermal Issues

The relentless technology scaling has provided a significant increase in processor performance, but on the other hand, it has led to adverse impacts on system reliability. In particular, technology scaling increases the processor susceptibility to radiation-induced transient faults. Moreover, technology scaling with the discontinuation of Dennard scaling increases the power densities, thereby temperatures, on the chip. High temperature, in turn, accelerates transistor aging mechanisms, which may ultimately lead to permanent faults on the chip. To assure a reliable system operation, despite these potential reliability concerns, fault-tolerance techniques have emerged. Specifically, fault-tolerance techniques employ some kind of redundancies to satisfy specific reliability requirements. However, the integration of fault-tolerance techniques into real-time embedded systems complicates preserving timing constraints. As a remedy, many task mapping/scheduling policies have been proposed to consider the integration of fault-tolerance techniques and enforce both timing and reliability guarantees for real-time embedded systems. More advanced techniques aim additionally at minimizing power and energy while at the same time satisfying timing and reliability constraints. Recently, some scheduling techniques have started to tackle a new challenge, which is the temperature increase induced by employing fault-tolerance techniques. These emerging techniques aim at satisfying temperature constraints besides timing and reliability constraints. This paper provides an in-depth survey of the emerging research efforts that exploit fault-tolerance techniques while considering timing, power/energy, and temperature from the real-time embedded systems’ design perspective. In particular, the task mapping/scheduling policies for fault-tolerance real-time embedded systems are reviewed and classified according to their considered goals and constraints. Moreover, the employed fault-tolerance techniques, application models, and hardware models are considered as additional dimensions of the presented classification. Lastly, this survey gives deep insights into the main achievements and shortcomings of the existing approaches and highlights the most promising ones

Recovery Time Considerations in Real-Time Systems Employing Software Fault Tolerance

Safety-critical real-time systems like modern automobiles with advanced driving-assist features must employ redundancy for crucial software tasks to tolerate permanent crash faults. This redundancy can be achieved by using techniques like active replication or the primary-backup approach. In such systems, the recovery time which is the amount of time it takes for a redundant task to take over execution on the failure of a primary task becomes a very important design parameter. The recovery time for a given task depends on various factors like task allocation, primary and redundant task priorities, system load and the scheduling policy. Each task can also have a different recovery time requirement (RTR). For example, in automobiles with automated driving features, safety-critical tasks like perception and steering control have strict RTRs, whereas such requirements are more relaxed in the case of tasks like heating control and mission planning. In this paper, we analyze the recovery time for software tasks in a real-time system employing Rate-Monotonic Scheduling (RMS). We derive bounds on the recovery times for different redundant task options and propose techniques to determine the redundant-task type for a task to satisfy its RTR. We also address the fault-tolerant task allocation problem, with the additional constraint of satisfying the RTR of each task in the system. Given that the problem of assigning tasks to processors is a well-known NP-hard bin-packing problem we propose computationally-efficient heuristics to find a feasible allocation of tasks and their redundant copies. We also apply the simulated annealing method to the fault-tolerant task allocation problem with RTR constraints and compare against our heuristics

A Framework for Power Recovery Probability Quantification in Nuclear Power Plant Station Blackout Sequences

The safety of Generations II and III nuclear power plants relies on the availability of AC power, which is required for decay heat removal. This AC power (designated offsite power) is provided by sources outside the power plant via a grid that is susceptible to both random and induced failures. When offsite power is lost, alternative emergency sources on-site are started to drive the plant's safety systems. If, however, a situation arises where these sources are also unavailable or unable to provide the required power for the entire period the offsite sources are unavailable, a complete loss of power to the safety buses ensues. This phenomenon is known as Station Blackout (SBO), and its severity depends on its duration as well as, the plant's initial status. Consequently, the time-dependent non-recovery probability of AC power is a key parameter in the risk assessment and management of nuclear power plants. In this work, an easy-to-use and generally applicable reliability framework is proposed to model power recovery in station blackout sequences. It employs a load flow technique integrated into an efficient event-driven Monte-Carlo simulation algorithm. The resulting framework quantifies the probability of power recovery as a function of both time and power level, including other relevant indices. It, therefore, serves the purpose of a rational decision support tool in the mitigation of station blackout accidents. The proposed framework is used to analyse station blackouts emanating from grid and switchyard failures at the Maanshan nuclear power plant in Taiwan

Modeling and analysis of high availability techniques in a virtualized system

Availability evaluation of a virtualized system is critical to the wide deployment of cloud computing services. Time-based, prediction-based rejuvenation of virtual machines (VM) and virtual machine monitors, VM failover and live VM migration are common high-availability (HA) techniques in a virtualized system. This paper investigates the effect of combination of these availability techniques on VM availability in a virtualized system where various software and hardware failures may occur. For each combination, we construct analytic models rejuvenation mechanisms to improve VM availability; (2) prediction-based rejuvenation enhances VM availability much more than time-based VM rejuvenation when prediction successful probability is above 70%, regardless failover and/or live VM migration is also deployed; (3) failover mechanism outperforms live VM migration, although they can work together for higher availability of VM. In addition, they can combine with software rejuvenation mechanisms for even higher availability; (4) and time interval setting is critical to a time-based rejuvenation mechanism. These analytic results provide guidelines for deploying and parameter setting of HA techniques in a virtualized system

A study of the selection of microcomputer architectures to automate planetary spacecraft power systems

Performance and reliability models of alternate microcomputer architectures as a methodology for optimizing system design were examined. A methodology for selecting an optimum microcomputer architecture for autonomous operation of planetary spacecraft power systems was developed. Various microcomputer system architectures are analyzed to determine their application to spacecraft power systems. It is suggested that no standardization formula or common set of guidelines exists which provides an optimum configuration for a given set of specifications

ALSEP termination report

The Apollo Lunar Surface Experiments Package (ALSEP) final report was prepared when support operations were terminated September 30, 1977, and NASA discontinued the receiving and processing of scientific data transmitted from equipment deployed on the lunar surface. The ALSEP experiments (Apollo 11 to Apollo 17) are described and pertinent operational history is given for each experiment. The ALSEP data processing and distribution are described together with an extensive discussion on archiving. Engineering closeout tests and results are given, and the status and configuration of the experiments at termination are documented. Significant science findings are summarized by selected investigators. Significant operational data and recommendations are also included

Performability modelling of homogenous and heterogeneous multiserver systems with breakdowns and repairs

This thesis presents analytical modelling of homogeneous multi-server systems with reconfiguration and rebooting delays, heterogeneous multi-server systems with one main and several identical servers, and farm paradigm multi-server systems. This thesis also includes a number of other research works such as, fast performability evaluation models of open networks of nodes with repairs and finite queuing capacities, multi-server systems with deferred repairs, and two stage tandem networks with failures, repairs and multiple servers at the second stage. Applications of these for the popular Beowulf cluster systems and memory servers are also accomplished. Existing techniques used in performance evaluation of multi-server systems are investigated and analysed in detail. Pure performance modelling techniques, pure availability models, and performability models are also considered. First, the existing approaches for pure performance modelling are critically analysed with the discussions on merits and demerits. Then relevant terminology is defined and explained. Since the pure performance models tend to be too optimistic and pure availability models are too conservative, performability models are used for the evaluation of multi-server systems. Fault-tolerant multi-server systems can continue service in case of certain failures. If failure does not occur at a critical point (such as breakdown of the head processor of a farm paradigm system) the system continues serving in a degraded mode of operation. In such systems, reconfiguration and/or rebooting delays are expected while a processor is being mapped out from the system. These delay stages are also taken into account in addition to failures and repairs, in the exact performability models that are developed. Two dimensional Markov state space representations of the systems are used for performability modelling. Following the critical analysis of the existing solution techniques, the Spectral Expansion method is chosen for the solution of the models developed. In this work, open queuing networks are also considered. To evaluate their performability, existing modelling approaches are expanded and validated by simulations, for performability analysis of multistage open networks with finite queuing capacities. The performances of two extended modelling approaches are compared in terms of accuracy for open networks with various queuing capacities. Deferred repair strategies are becoming popular because of the cost reductions they can provide. Effects of using deferred repairs are analysed and performability models are provided for homogeneous multi-server systems and highly available farm paradigm multi-server systems. Since one of the random variables is used to represent the number of jobs in one of the queues, analytical models for performance evaluation of two stage tandem networks suffer because of numerical cumbersomeness. Existing approaches for modelling these systems are actually pure performance models since breakdowns and repairs cannot be considered. One way of modelling these systems can be to divide one of the random variables to present both the operative and non-operative states of the server in one dimension. However, this will give rise to state explosion problem severely limiting the maximum queue capacity that can be handled. In order to overcome this problem a new approach is presented for modelling two stage tandem networks in three dimensions. An approximate solution is presented to solve such a system. This approach manifests itself as a novel contribution for alleviating the state space explosion problem for large and/or complex systems. When two state tandem networks with feedback are modelled using this approach, the operative states can be handled independently and this makes it possible to consider multiple operative states at the second stage. The analytical models presented can be used with various parameters and they are extendible to consider systems with similar architectures. The developed three dimensional approach is capable to handle two stage tandem networks with various characteristics for performability measures. All the approaches presented give accurate results. Numerical solutions are presented for all models developed. In case the solution presented is not exact, simulations are performed to validate the accuracy of the results obtained

Feasibility Analysis of Solar Power for the Safety of Fast Reactors during beyond Design Basis Events

This chapter presents a new design that unites the favorable technical and ecological characteristics of the solar and nuclear power plants. The current designs of nuclear reactors promise integral configuration of the primary coolant loop, secondary coolant loop, and a number of passive safety functions and overall simplification of the reactor. The present nuclear reactor design emphasizes on the safety of the reactor core at all times, i.e., controlling the reactor, cooling the reactor core, and maintaining containment. In case of non-availability of standby emergency DGs during beyond design basis event like Fukushima incident, etc., leading to extended station blackout conditions, the passive decay heat removal system will be affected. Hence, additional DGs have been made as a mandatory requirement in nuclear power plants. In case the ADG could not be mobilized during BDBE, an additional backup power source not affected by BDBE is appreciated. Hence in addition to the diesel power sources (EDG and ADG), a new design was developed for integration of diesel power with solar power. The hybrid system was designed to improve the reliability and availability of passive heat removal system, to ensure a reliable supply without interruption, and to improve the overall system reliability (by the integration with the battery bank). This hybrid power also gives the redundant power supply to the safety critical systems. This chapter also features a detailed reliability analysis carried out for power supplies to the safety critical loads. In addition a comparison was made between PV/diesel/battery with diesel/battery. These new hybrid systems conserves diesel fuel and reduce CO2 as well as particulate emissions that are harmful to environment health. Integration of solar power to the existing battery power will increase the reliability and extended availability of the system and thereby ensures safety of the plant during crisis/calamities