Method and apparatus for operational-level functional and degradation fault analysis

US 8,108,728 B2
Filed: 04/02/2010
Issued: 01/31/2012
Est. Priority Date: 04/02/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method for analyzing the fault tolerance (FT) capability of a system, the method comprising:

recording, on tangible media that is accessible by a host machine, a set of calibrated FT requirements that must be satisfied by the system;

using the host machine to generate an operations-level model of the system, wherein the operations-level model includes a mathematical model of the dynamics of the system and control logic for the system in the form of software operations, wherein each of the software operations includes input ports for receiving input signals and output ports for transmitting output signals;

introducing a set of signal errors to the model in the form of at least one of a noise error, a trajectory shift error, a spike error, and a time-line distortion error;

automatically characterizing a behavior of a set of components of the system, as represented by the model, as a discrete lookup table (LUT), wherein the LUT codifies the quality degradation of the input and output signals; and

using the host machine to analyze the FT capability of the system via the discrete LUT with respect to the calibrated FT requirements from the functional specification.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method are provided for analyzing fault tolerance of a system, and performing “what if?” analysis for various fault-tolerant system design options. The fault tolerance analysis approach handles logical failures and quality faults emanating from loss of precision in signal values. The method can detect quality faults, which can allow systems to be built which are resilient to precision losses. Two analysis steps are provided, one static and another simulation-based, which are used in tandem to check the fault tolerance of an automotive or other system. While a simulation-based method checks fault-resilience under specific test cases and fault-scenarios, the static analysis method quickly checks all test cases and fault-scenarios. The static analysis method makes approximations while performing the analysis, and any fault detected is reproduced using the simulation-based method. All analysis operations are performed on operations-level behavioral models of the applications, thereby reducing the cost of analysis.

20 Citations

View as Search Results

17 Claims

1. A method for analyzing the fault tolerance (FT) capability of a system, the method comprising:
- recording, on tangible media that is accessible by a host machine, a set of calibrated FT requirements that must be satisfied by the system;
  
  using the host machine to generate an operations-level model of the system, wherein the operations-level model includes a mathematical model of the dynamics of the system and control logic for the system in the form of software operations, wherein each of the software operations includes input ports for receiving input signals and output ports for transmitting output signals;
  
  introducing a set of signal errors to the model in the form of at least one of a noise error, a trajectory shift error, a spike error, and a time-line distortion error;
  
  automatically characterizing a behavior of a set of components of the system, as represented by the model, as a discrete lookup table (LUT), wherein the LUT codifies the quality degradation of the input and output signals; and
  
  using the host machine to analyze the FT capability of the system via the discrete LUT with respect to the calibrated FT requirements from the functional specification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - recording an alternate design scenario for the system on the tangible media; and
      
      automatically analyzing the alternate design scenario via the host machine using the LUT and the functional specification.
  - 3. The method of claim 1, further comprising:
    - checking via the host machine, as a first set of steps, all possible combinations of inputs and fault-scenarios in the functional specification; and
      
      checking via the host machine, as a second set of steps, an FT status of the system under a set of calibrated test cases and fault-scenarios using the LUT.
  - 4. The method of claim 1, further comprising:
    - determining the presence of a violation of the FT requirements during the first set of steps; and
      
      reproducing a set of system behavior leading to the violation in a second model.
  - 5. The method of claim 1, further comprising:
    - storing the characterized quality behavior of the components in the LUT; and
      
      processing the LUT using the host machine to determine the quality behavior of the system.
  - 6. The method of claim 1, further comprising:
    - using at least one of a LUT-based simulation and a discrete LUT-based static analysis method to detect a counterexample; and
      
      automatically reproducing the counterexample in the FT specification;
      
      wherein the counterexample describes a set of fault values in different components of the set of components, with the fault values causing the system to behave in such a manner as to violate the FT requirements.
  - 7. The method of claim 6, including using the LUT-based static analysis method, wherein the using LUT-based static analysis method includes using at least one of:
    - model checking, Boolean satisfiability solving, Satisfiability Modulo Theory solving, and search algorithms.
  - 8. The method of claim 1, further comprising:
    - inputting each of a test case, a fault-scenario, and the fault tolerance requirement specifications into the host machine, wherein;
      
      the fault-scenario is a set of triplets of the form of location, fault-type, and measure;
      
      the location denotes a signal afflicted by the fault; and
      
      the fault-type and measure denote the type and measure of error, respectively.
  - 9. The method of claim 1, wherein the model includes a FT selection block, the method further comprising using the FT selection block to detect and select a non-faulty input, and to transfer the non-faulty input to an output of the FT selection block.

10. An apparatus adapted for analyzing the fault tolerance (FT) capabilities of a system, the apparatus comprising:
- a host machine; and
  
  tangible media accessible by the host machine, and on which is recorded a functional specification defining a formalized set of fault tolerance (FT) requirements which the system must satisfy even in the presence of faults;
  
  wherein the host machine is configured for;
  
  generating an operations-level model of the system, including generating a mathematical model of the dynamics of components of the system and control logic in the form of software operations, with each of the software operations having input ports for receiving input signals and output ports for transmitting output signals;
  
  introducing a set of signal errors to the model in the form of at least one of a noise error, a trajectory shift error, a spike error, and a time-line distortion error;
  
  characterizing the behavior of a set of components of the model in response to the set of signal errors as a discrete lookup table (LUT), wherein the LUT codifies the quality degradation of the input and output signals; and
  
  analyzing the FT capability of the system using the discrete LUT with respect to the functional specification.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, further comprising an alternate design scenario recorded on the tangible media and accessible by the host machine, wherein the host machine is adapted for automatically analyzing the alternate scenario using the LUT and the functional specification.
  - 12. The apparatus of claim 10, wherein the host machine is configured for:
    - checking, as a first set of steps, all possible combinations of inputs and fault-scenarios in the functional specification; and
      
      checking, as a second set of steps, an FT status of the system under a set of calibrated test cases and fault-scenarios using the LUTs.
  - 13. The apparatus of claim 10, wherein the host machine is configured for:
    - determining the presence of a violation of the FT requirements during the first set of steps; and
      
      reproducing a set of system behavior leading to the violation in a native operations-level model.
  - 14. The apparatus of claim 10, wherein the host machine is configured for:
    - characterizing the quality behavior of individual electronic software and mechanical components of the system;
      
      storing the characterized quality behavior in at least one of the LUTs; and
      
      processing the stored information to determine the quality behavior of the system.
  - 15. The apparatus of claim 10, wherein the host machine is configured for:
    - using at least one of a LUT-based simulation and a discrete LUT-based static analysis method to detect a counterexample; and
      
      reproducing the counterexample in the operations-level model;
      
      wherein the counterexample describes a set of fault values in different components of the system, the fault values causing the system to behave in such a manner as to violate the FT requirements.
  - 16. The apparatus of claim 15, wherein the host machine is adapted for using the LUT-based static analysis method, and the LUT-based static analysis method includes at least one of:
    - model checking, Boolean satisfiability solving, Satisfiability Modulo Theory solving, and search algorithms.
  - 17. The apparatus of claim 16, wherein the host machine is adapted for recording, on the tangible media, each of:
    - a test case, a fault-scenario, and the FT requirement specifications, and wherein;
      
      the fault-scenario is a set of triplets of the form of location, fault-type, and measure;
      
      the location denotes a signal afflicted by the fault; and
      
      the fault-type and measure denote the type and measure of error, respectively.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company), Indian Institute of Technology Kharagpur
Inventors
Das, Dipankar, Chakrabarti, Partha P., Sinha, Purnendu
Primary Examiner(s)
Riad, Amine

Application Number

US12/753,166
Publication Number

US 20110246831A1
Time in Patent Office

669 Days
Field of Search

714/29
US Class Current

714/29
CPC Class Codes

G06F 2117/02 Fault tolerance, e.g. for t...

G06F 30/3323 using formal methods, e.g. ...

Method and apparatus for operational-level functional and degradation fault analysis

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for operational-level functional and degradation fault analysis

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links