Evaluation of fault-tolerant multiprocessor systems for high assurance applications

In designing high assurance systems, the dependability goals are achieved through the adoption of several fault-tolerance techniques. Unfortunately, their combined effect on the system cannot be, in the general case, derived by straightforward composition of the stand-alone component's analysis, because of mutual dependence of their controlling parameters. In this paper the assessment of overall system dependability induced by such integrated fault-tolerance organization is carried out through a stochastic simulation approach. To this purpose, a few fault-tolerant multiprocessor architectures, based on the integrated usage of standard error-processing structures with a recently-proposed diagnostic mechanism, called ?-count, are selected and evaluated. The diagnostic mechanism gets its input (error signals) from the error-processing mechanism, whose behaviour is in turn influenced by the rapidity and correctness with which ?-count identifies permanently/intermittently faulty processors. The choice of the basic fault-tolerance mechanisms to adopt, as well as the reference-system architecture, has been driven by the characteristics of the envisaged target applications: mainly, stringent dependability requirements, to be traded with adequate levels of performance and cost. The analysis has focused on performability, which is an appropriate measure to evaluate whether a certain design is 'better' than another under dependability and performance point of view.