Jack Goldberg et. al. Development and analysis of the software implemented fault-tolerance (SIFT) computer. CR 172146, NASA, 1984.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....management takes a considerably large amount of CPU time. For instance, the Software Implemented Fault Tolerace (SIFT) computer s operating system overhead consumes a minimum of 50 percent of the frame size [12] The SIFT CPUs, the Bendix BDX 930, has a performance of approximately 0. 9 MIPS [7], slightly greater performance than the VIPER SBC. Therefore, it is the opinion of the writers that the VIPER processor, having a limited performance capability, would be inadequate for redundant multichannel systems where redundancy management (including fault detection, isolation, and ....

Goldberg, J., et al., Development and Analysis of the Software Implemented FaultTolerance (SIFT) Computer. NASA Contractor Report 172146, February 1984.

....in the system continually votes and replaces its state with voted values. Thus, the transient fault recovery process does not require fault detection. 1. 3 Previous Efforts Many techniques for implementing fault tolerance through redundancy have been developed over the past decade, e.g. SIFT [11], FTMP [12] FTP [13] MAFT [14] and MARS [15] An often overlooked but significant factor in the development process is the approach to system verification. In SIFT and MAFT, serious consideration was given to the need to mathematically reason about the system. In FTMP and FTP, the verification ....

Goldberg, Jack; et al.: Development and Analysis of the Software Implemented FaultTolerance (SIFT) Computer. NASA Contractor Report 172146, 1984.

.... in SRI s EHDM prover [12] The first work performed by CLI was an evaluation of the overall RSRE methodology [5] The first tasks undertaken toward the development of a basis of formally verified fault tolerant algorithms were a continuation of earlier work initiated in the SIFT project [28]. SIFT had been developed at SRI under Langley sponsorship. The SIFT fault tolerant architecture was based on exact match voting of results by synchronized replicated processors. The lowest level buildingblocks of such systems are implementations, in both hardware and software, of Byzantine ....

Jack Goldberg et al. Development and analysis of the software implemented fault-tolerance (SIFT) computer. NASA Contractor Report 172146, 1984.

....interface to the sensors and actuators is static as opposed to dynamic. Hence, there are fewer design errors to be corrected during the validation process. 7 Previous Efforts Many techniques for implementing fault tolerance through redundancy have been developed over the past decade, e.g. SIFT [4], FTMP [5] FTP [6] MAFT [17] The techniques differ with respect to: ffl the unit of fault isolation and reconfiguration ffl the voting strategy ffl the level of synchronization ffl the verification concept In FTMP, for example, the unit of reconfiguration is a memory module or a CPU ....

....the system. In FTMP and FTP, the verification concept was almost exclusively testing. Obviously, the approach advocated here is one of formal rigor in specification and verification of the system. Although several fault tolerant real time computing bases have been designed for control applications [4, 5, 6, 17], only the SIFT project attempted to use formal methods. Although many positive theoretical advances were made, the SIFT operating system was never completely verified [13] On the positive side, the concept of Byzantine Generals algorithms was developed [9] Also the first fault tolerant clock ....

Goldberg, Jack; et al. 1984: Development and Analysis of the Software Implemented Fault-Tolerance (SIFT) Computer. NASA, Contractor Report 172146.

....A major difference between the development effort presented in this paper and most other efforts is the use of formal methods 1 . This approach is born from the belief that the successful engineering of complex computing systems will require the application of mathematically 1 The SIFT [6] project was the first attempt to apply formal methods to the problems of digital flight control. based analysis analogous to the structural analysis performed before a bridge or airplane wing is built. The applied mathematics for the design of digital systems is logic, just as calculus and ....

....system complexity. The top curve represents the total probability of failure. We have opted for a less complex system in order to produce the best reliability. Previous Efforts Many techniques for implementing fault tolerance through redundancy have been developed over the past decade, e.g. SIFT [6], FTMP [9] FTP [10] MAFT [11] 3 Although it is infeasible to measure the contribution of the design flaws in the ultrareliable regime, its effect can be discussed theoretically. The techniques differ with respect to: o the unit of fault isolation and reconfiguration o the voting strategy o ....

[Article contains additional citation context not shown here]

J. Goldberg et al., "Development and analysis of the software implemented fault-tolerance (SIFT) computer, " NASA Contractor Report 172146, 1984.

....Communication Link Interprocessor Communication Link Processor Replicate R Processor Replicate 1 Actuators Sensors Figure 2: Generic hardware architecture. 3 Previous Efforts Many techniques for implementing fault tolerance through redundancy have been developed over the past decade, e.g. SIFT [2], FTMP [3] FTP [5] MAFT [12] and MARS [4] An often overlooked but significant factor in the development process is the approach to system verification. In SIFT and MAFT, serious consideration was given to the need to mathematically reason about the system. In FTMP and FTP, the verification ....

Jack Goldberg et al. Development and analysis of the software implemented fault-tolerance (SIFT) computer. Contractor Report 172146, NASA, 1984.

....involved and is unusually effective in enabling mechanized proof. The last two decades of our research can be seen as an effort to demonstrate the latter claim. In the late 1970 s we were concerned with proving the correctness of a program written in the machine code for the Bendix BDX930 computer [10]. At the time we wrote: To capture the semantics of the instruction set, we encoded in our logic a recursive function that describes the state changes induced by each BDX930 instruction. Thirty pages are required to describe the top level 2 Chapter 4 driver and the state changes induced by each ....

J. Goldberg, W. Kautz, P.M. Melliar-Smith, M. Green, K. Levitt, R. Schwartz, and C. Weinstock. Development and Analysis of the Software Implemented Fault-Tolerance (SIFT) Computer. Technical Report NASA Contractor Report 172146, National Aeronautics and Space Administration, Langley Research Center, Hampton, Va. 23665, 1984.

....to exchange and vote on the results of task computations. As previously suggested, clock synchronization hardware will be added to the architecture as well. 1. 2 Previous Efforts Many techniques for implementing fault tolerance through redundancy have been developed over the past decade, e.g. SIFT [Goldberg 1984], FTMP [Hopkins 1978] FTP [Lala 1986] MAFT [Walter 1985] and MARS [Kopetz 1989] An often overlooked but significant factor in the development process is the approach to system verification. In SIFT and MAFT, serious consideration was given to the need to mathematically reason about the system. ....

Jack Goldberg et al. Development and analysis of the software implemented faulttolerance (SIFT) computer. NASA Contractor Report 172146, 1984.

.... been decoupled from the applications (e.g. the redundant versions of the applications synchronize by messages) research and experience have led us to believe that solving the synchronization problem independently from the applications design can provide significant simplification of the system [73, 48]. The operating system is built on top of this clock synchronization foundation and thus the correctness of this foundation is essential. The clock synchronization algorithm and its implementation are prime candidates for formal methods. The verification strategy shown in figure 2 is being ....

Goldberg, Jack; et al.: Development and Analysis of the Software Implemented FaultTolerance (SIFT) Computer. NASA Contractor Report 172146, 1984.

.... been decoupled from the applications (e.g. the redundant versions of the applications synchronize by messages) research and experience have led us to believe that solving the synchronization problem independently from the applications design can provide significant simplification of the system [62, 43]. The operating system is built on top of this clocksynchronization foundation. Of course, the correctness of this foundation is essential. Thus, the clock synchronization algorithm and its implementation are prime candidates for formal methods. The verification strategy shown in figure 4 is being ....

Goldberg, Jack; et al.: Development and Analysis of the Software Implemented FaultTolerance (SIFT) Computer. NASA Contractor Report 172146, 1984.

.... been decoupled from the applications (e.g. the redundant versions of the applications synchronize by messages) research and experience have led us to believe that solving the synchronization problem independently from the applications design can provide significant simplification of the system [37, 38]. The operating system is built on top of this clocksynchronization foundation. Of course, the correctness of this foundation is essential. Thus, the clock synchronization algorithm and its implementation are prime candidates for formal methods. The verification strategy shown in figure 1 is being ....

Jack Goldberg et al., "Development and analysis of the software implemented fault-tolerance (SIFT) computer", NASA CR-172146, 1984.

No context found.

Jack Goldberg et. al. Development and analysis of the software implemented fault-tolerance (SIFT) computer. CR 172146, NASA, 1984.

No context found.

Goldberg, Jack; Kautz, William H.; Melliar-Smith, P. Michael; Green, Milton W.; Levitt, Karl N.; Schwartz, Richard L.; and Weinstock, Charles B.: Development and Analysis of the Software Implemented Fault-Tolerance (SIFT) Computer. NASA CR-172146, 1984.

No context found.

Goldberg, Jack; Kautz, William H.; Melliar-Smith, P. Michael; Green, Milton W.; Levitt, Karl N.; Schwartz, Richard L.; and Weinstock, Charles B.: Development and Analysis of the Software ImplementedFault-Tolerance #SIFT# Computer. NASA CR-172146, 1984.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC