A methodology and application of fault simulation in the design process of large-scale systems

The complexity of large-scale systems makes closed-form analytical solutions to validating dependability intractable. Fault simulation is an attractive alternative to traditional fault injection methods in that fault simulation injects faults into simulation models of system components prior to physical prototyping. Fault simulation is useful for analysis of dependability parameters such as fault coverage, latency, propagation, and fault tolerance. Three drawbacks exist in the state-of-the-art in fault simulation: (1) fault simulation is performed in models of systems that are distinct from synthesizable designs, (2) fault simulation is supported at only one level of design abstraction (e.g. architectural, functional-block, or gate-level), and (3) fault simulation is performed for either hardware descriptions or software programs--a partial solution to large-scale system design.; This dissertation provides a methodology and supporting set of tools for incorporating fault simulation throughout the design process for large-scale systems. Providing a methodology for fault simulation within the design process holds great advantage for system designers. During each stage of design, fault simulation results provide feedback to the designer(s) about susceptible areas in the design that could result in undesired consequences. Designers use this information to refine the design for higher fault tolerance. This process is performed iteratively throughout the design process of the system. The key features of the methodology are: (1) fault simulation and dependability evaluation are performed in the design environment, (2) fault simulation is performed at multiple levels of design abstraction, and (3) fault simulation is supported in hardware designs as well as software programs. The methodology is applied to the design and analysis of two significant prototype commercial safety-critical systems: a watchdog monitor embedded in a distributed system and a digital signal processor used on-board trains for signal detection and discrimination. Furthermore, an analysis of the aliasing error probability of a linear compacting finite state machine--used to assure safety--yields novel results in modeling dependent-type data corruptions.