General fault-tolerance requirements and features of telecommunication switching control systems are outlined and a development of fault-tolerance techniques on a multiple microprocessor system is briefly described.

This paper presents a design optimisation tool for distributed embedded real-time systems that 1) decides mapping, fault-tolerance policy and generates a fault-tolerant schedule, 2) is targeted for hard real-time, 3) has hard reliability goal, 4) generates static schedule for processes and messages, 5) provides fault-tolerance for k transient/soft faults, 6) optimises for minimal energy consumption, while considering impact of lowering voltages on the probability of faults, 7) uses constraint logic programming (CLP) based implementation.

Critical embedded systems need a dependable operating system and application. Despite all efforts to prevent and remove faults in system development, residual software faults usually persist. Therefore, critical systems need some sort of fault tolerance to deal with these faults and also with hardwa...

In this paper, we propose an approach for achieving detection and identification of faults, and provide fault tolerant control for systems that are modeled using timed hybrid Petri nets. For this purpose, an observer based technique is adopted which is useful in detection of faults, such as sensor faults, actuator faults, signal conditioning faults, etc. The concepts of estimation, reachability and diagnosability have been considered for analyzing faulty behaviors, and based on the detected faults, different schemes are proposed for achieving fault tolerant control using optimization techniques. These concepts are applied to a typical three tank system and numerical results are obtained.

monitor, in real-time,the signals from FTMP's system bus. The systemwas ... The Fault-Tolerant Multi-Processor system is a test-bed used for fault- .... Where the "_ -_" symbol means bidirectional data flow. A data rate estimate of each path link ...

The active fault-tolerant control approach relies heavily on the occurred faults. In order to improve the safety of the reconfigurable system, a methodology to incorporate actuator health in the fault-tolerant control design is proposed for a tracking problem. Indeed, information about actuator heal...

The use of software diversity (SD) to achieve fault tolerance in industrial control systems is examined, reviewing the results of recent experimental investigations and applications. Topics addressed include safety systems for rail transport, experimental safety systems for nuclear reactors, the control software for the Airbus and ATR aircraft, tolerating software design faults, and reliability modeling for fault-tolerant software. Extensive diagrams and flow charts are provided.

Jul 1, 2008 ... systems developed to characterize the response of a fault-tolerant ..... through more advanced scalable diagnosis strategies and robust distributed .... classifies the behavior of the SUT by applying a multi-observer-based fault ...

Runtime verification (RV) is a natural fit for ultra-critical systems, where correctness is imperative. In ultra-critical systems, even if the software is fault-free, because of the inherent unreliability of commodity hardware and the adversity of operational environments, processing units (and their hosted software) are replicated, and fault-tolerant algorithms are used to compare the outputs. We investigate both software monitoring in distributed fault-tolerant systems, as well as implementing fault-tolerance mechanisms using RV techniques. We describe the Copilot language and compiler, specifically designed for generating monitors for distributed, hard real-time systems. We also describe two case-studies in which we generated Copilot monitors in avionics systems.

This paper interests to the properties of fault-tolerant control system with respect to reliability of components. The aim of this paper is to present the need of reliability analysis in fault-tolerant control design. The focus of our study is on the reconfigurability analysis of systems with actuat...

Sensors are important parts of the navigation system. The decentralized filtering for sensor fault tolerance has great significance for improving system reliability. The method combining federated filtering and covariance intersection filtering is adopted to achieve the decentralized filtering of sensor fault tolerance, and the navigation accuracy and tolerance are analyzed. The simulation results indicate that the implementation of decentralized filtering on integrated navigation system that composed of multi sensors can bring the benefits of high accuracy and improve the system capability of fault tolerance due to the information redundancy. Thus, more completed and accurate navigation information about the movable sensor carrier can be provided.

Assumptions useful for fault tolerant quantum computing are stated and briefly discussed. We focus on assumptions related to properties of the computational system. The strongest form of the assumptions seems to be sufficient for achieving highly fault tolerant quantum computation. We discuss weakenings which are also likely to suffice.

Algorithms have been developed allowing operation of robotic systems under damaged conditions. Specific areas addressed were optimal sensor location, adaptive nonlinear control, fault-tolerant robot design, and dynamic path-planning. A seven-degree-of-freedom, hydraulic manipulator, with fault-tolerant joint design was also constructed and tested. This report completes this project which was funded under the Laboratory Directed Research and Development program.

Abstract This paper focuses on the problem of active fault-tolerant control for switched systems with time delay. By utilizing the fault diagnosis observer, an adaptive fault estimate algorithm is proposed, which can estimate the fault signal fast and exactly. Meanwhile, a delay-dependent criterion is obtained with the purpose of reducing the conservatism of the adaptive observer design. Based on the fault estimation information, an observer-based fault-tolerant controller is designed to guarantee the stability of the closed-loop system. In terms of linear matrix inequality, sufficient conditions are derived for the existence of the adaptive observer and fault-tolerant controller. Finally, a numerical example is included to illustrate the efficiency of the proposed approach. Copyright 2011...

This paper deals with the problem of active fault-tolerant control (FTC) for time-delay Takagi-Sugeno (T-S) fuzzy systems based on a fuzzy adaptive fault diagnosis observer (AFDO). A novel fuzzy fast adaptive fault estimation (FAFE) algorithm for T-S fuzzy models is proposed to enhance the performance of fault estimation, and sufficient conditions for the existence of the fault estimator are given in terms of linear matrix inequalities (LMIs). Using the obtained on-line fault estimation information, an observer-based fast active fault-tolerant controller is designed to compensate for the effect of faults by stabilizing the closed-loop system. Simulation results of a track trail system and a nonlinear numerical example are presented to illustrate the effectiveness of the proposed method.

In this paper fault-tolerant control is investigated for a class of nonlinear systems with model errors or external disturbance. Firstly a fault diagnosis method is proposed to estimate the faults based on the adaptive state observer. Then a novel fault-tolerant control scheme is designed to stabilize the nonlinear systems via the feedback linearization technique. The main advantage of the approach is that it is easy to implement and in most cases it can place the poles of the closed-loop systems arbitrarily. The effectiveness of the proposed scheme is demonstrated through the numerical simulation.

Fault diagnosis in large-scale systems that are products of modern technology present formidable challenges to manufacturers and users. This is due to large number of failure sources in such systems and the need to quickly isolate and rectify failures with minimal down time. In addition, for fault-tolerant systems and systems with infrequent opportunity for maintenance (e.g., Hubble telescope, space station), the assumption of at most a single fault in the system is unrealistic. In this project, we have developed novel block and sequential diagnostic strategies to isolate multiple faults in the shortest possible time without making the unrealistic single fault assumption.

The purpose of this research project is to improve current onboard decision support systems. Special focus is on the onboard prediction of the instantaneous sea state. In this project a new approach to increasing the overall reliability of a monitoring and decision support system has been established. The basic idea is to convert the given system into a fault-tolerant system and to improve multi-sensor data fusion for the particular system. The background of the project is the SeaSense system, which has been installed on several container ships and navy vessels. The SeaSense system provides a crude and simple estimation of the actual sea state (Hs and Tz), information about the longitudinal hull girder loading, seakeeping performance of the ship, and decision support on how to operate the ship within acceptable limits. The system is able to identify critical forthcoming events and to give advice regarding speed and course changes to decrease the wave-induced loads. The SeaSense system is based on the combineduse of a mathematical model and measurements from a set of sensors. The overall dependability of a shipboard monitoring and decision support system such as the SeaSense system can be improved using fault-tolerant techniques (Fault Diagnosis and System Re-design) and a Sensor Fusion Quality (SFQ) test. Fault diagnosis means to detect the presence of faults in the system. In case sea state estimation is conducted by a ship-wave buoy analogy the best solution is achieved when a set of three different ship responses are used. Faulty signals should be discarded from the procedure for sea state estimation if it is possible, if not the fault should be estimated. The fault diagnosis can be divided into three steps: Fault detection, fault isolation and fault estimation. Fault detection means to decide whether or not a fault has occurred. This step determines the time at which the system is subjected to the given fault. Fault isolation will find in which component a fault has occurred. This step determines the location of the fault. Fault estimation provides an estimate of magnitude of a fault. A supervisory function determines the severity of the fault once its origin has been isolated and its magnitude estimated. Fault-tolerant Sensor Fusion means that the monitoring and decision support system can accommodate faults so that the overall system continues to satisfy its goal and on the other hand in the absence of a fault, the system should be able to provide the most accurate information using the SFQ test.

In order to design a fault tolerant digital system, it is necessary to understand its behavior with the presence of faults in early design stage. Fault simulation is a process to purposely inject faults into a software circuit model and observe its faulty behavior. However, such simulation's runtime tends to grow exponentially when test circuit becomes large. FPGA-based fault emulation, which is fault simulation implemented in FPGA, is an efficient way to accelerate fault simulation process. This paper introduces a novel FPGA-based switch-level fault emulation system utilizing module-based dynamic partial reconfiguration. In this approach, faults are modeled at switch-level and mapped to gate-level description for efficient FPGA implementation. The circuit under test is partitioned using u...

Free-piston Stirling power conversion has been considered a candidate for ... architecture, systems were designed with kinematic Stirling engines with rotary .... and GRC, with various degrees of detail and different concepts for fault tolerance ...

Generation Tool (APGEN) will be modified to a ... high-speed scalable fault tolerant distributed avionics ... distributed system functionally executing VxWorks, ..... MATLAB. The TFP tool is currently used by missions like Deep Space 1, Cassini, ...

A property observed in high reliability fault tolerant control systems is the relatively rare occurrence of component failures compared to the frequent occurrence of redundancy management decision events. This property leads to a temporal decomposition of...

autonomous self-healing eDNA architecture is expensive in terms of execution time. .... The package transfer in the network is implemented with a fault-tolerant ..... 2009 NASA/ESA. Conference on Adaptive Hardware Systems (2009) 155– ...

Consensus is at the heart of fault-tolerant distributed computing systems. Much research has been devoted to developing algorithms for this particular problem. This paper presents a semi-automatic verification approach for asynchronous consensus algorithms, aiming at facilitating their development. ...

The goal of this project was to understand what key interchangeable elements form a scalable, fault-tolerant quantum information systems architecture. The effort was a collaboration between computer science and physical sciences involving four groups: MIT...

A new set-up for fault tolerant control (FTC) for stable systems is presented in this paper. The new set-up is based on a simple implementation of the Youla-Jabr-Bongiorno-Kucera (YJBK) parameterization. This implementation of the YJBK parameterization will allow a direct and simple reconfiguration of the feedback controller. Another central part of fault tolerant control is fault diagnosis. The controller implementation can be applied directly in connection with both passive diagnosis (PFD) as well as with active fault diagnosis (AFD). The presented FTC set-up is investigated with respect to sensor reconfiguration. Actuator reconfiguration can be dealt with in a similar way.

This paper presents an effective scheme for detecting incipient faults in post-fault systems (PFSs) subject to adaptive fault-tolerant control (AFTC). Through a survey of existing techniques, it is shown that the adaptivity of the AFTC counteracts the effect of an incipient fault in the PFS. This makes some of the conventional fault-detection strategies, such as Beard-Jones detection filters and adaptive observers, ineffective in this situation. It is shown that the unknown input observer (UIO) is an effective tool; hence, the UIO is designed to decouple the incipient fault from the AFTC such that the fault-detection residual is sensitive only to the incipient fault. Extensive simulation study is presented using an aircraft example to test three fault-detection approaches; it is demonstrat...

Faults in steering, navigation instruments or propulsion machinery are serious on a marine vessel since the consequence could be loss of maneuvering ability, and imply risk of damage to vessel personnel or environment. Early diagnosis and accomodation of faults could enhance safety. Fault-tolerant control is a methodology to help prevent that faults develop into failure. The means include on-line fault diagnosis, automatic condition assessment and calculation of remedial action to avoid hazards. This paper gives an overview of methods to obtain fault-tolerance: fault diagnosis; analysis of properties of a falty system; means to determine remedial actions. The paper illustrates the techniques by two marine examples, sensor fusion for automatic steering and control of the main engine.

The proliferation of increasingly powerful and complex multiprocessor systems has made fault-tolerant design a necessity. Optimizing fault tolerance in multiprocessor systems is a very difficult task because it involves multi-dimensional tradeoffs. The system architecture, the computation structure, the implementation technology, the frequency, duration, and location of faults, and many other factors all have certain impact on the effectiveness of a particular fault recovery procedure. The author has attempted to solve this difficult problem by a graph theoretic approach. In this dissertation, he introduces this approach and concentrate on the analysis and optimization of fault tolerance in multiprocessor systems. Specifically, a reconfiguration model that allows a faulted job to be recovered with minimum space and time overhead and without performance degradation is formally introduced. Additionally, eleven parameters are precisely defined to facilitate the evaluation of the fault tolerance of different multiprocessor systems for executing a given set of target applications. They also allow the quantitative comparison of various fault recovery techniques so that efficient algorithms can be developed. The graph theoretic approach presented is widely applicable to multiprocessor systems and applications with various topologies. In this dissertation, the author concentrates on two well-known systems, namely, the mesh and hypercube, and two frequently used computation structures, namely, the path an complete binary tree. Solutions and algorithms for determining various optimization parameters are presented.

The prime objective of Fault-tolerant Control (FTC) systems is to handle faults and discrepancies using appropriate accommodation policies. The issue of obtaining information about various parameters and signals, which have to be monitored for fault detection purposes, becomes a rigorous task with the growing number of subsystems. The structural approach, presented in this paper, constitutes a general framework for providing information when the system becomes complex. The methodology of this approach is illustrated on the ship propulsion benchmark.

Abstract in english This paper introduces a methodology for modeling and analyzing fault-tolerant manufacturing systems that not only optimizes normal productive processes, but also performs detection and treatment of faults. This approach is based on the hierarchical and modular integration of Petri Nets. The modularity provides the integration of three types of processes: those representing the productive process, fault detection, and fault treatment. The hierarchical aspect of the approac (more) h permits us to consider processes on different levels of detail (i.e. factory, manufacturing cell, or machine). Case studies considering detection and treatment of faults are presented, and a simulation tool is applied for verifying the models.

Self-stabilization is a versatile approach to fault-tolerance since it permits a distributed system to recover from any transient fault that arbitrarily corrupts the contents of all memories in the system. Byzantine tolerance is an attractive feature of distributed systems that permits to cope with arbitrary malicious behaviors. We consider the well known problem of constructing a maximum metric tree in this context. Combining these two properties leads to some impossibility results. In this paper, we provide two necessary conditions to construct maximum metric tree in presence of transients and (permanent) Byzantine faults.

This paper proposes a fault-tolerant control (FTC) scheme for polytopic linear parameter varying (LPV) systems. First, a fault compensator is proposed. Its structure is simple, but it is effective against actuator faults. Then, in order to show its basic idea, the authors consider a state feedback FTC scheme based on the fault compensator. Next, the FTC algorithm is extended to an output feedback FTC scheme. The FTC scheme for LPV systems involves a fault compensator based on the estimated fault and an observer based on linear matrix inequality (LMI). The proposed FTC method is applicable to a variety of systems and guarantees bounded states of the system in the event of actuator faults. Numerical examples are given to demonstrate its effectiveness.   

Distributed fault-tolerance can mask the effect of a limited number of per- manent faults, while self-stabilization provides forward recovery after an arbitrary number of transient fault hit the system. FTSS protocols combine the best of both worlds since they are simultaneously fault-tolerant and self-stabilizing. To date, FTSS solutions either consider static (i.e. fixed point) tasks, or assume synchronous scheduling of the system components. In this paper, we present the first study of dynamic tasks in asynchronous systems, considering the unison problem as a benchmark. Unison can be seen as a local clock syn- chronisation problem as neighbors must maintain digital clocks at most one time unit away from each other, and increment their own clock value infinitely often. We present many im- possiblity results for this difficult problem and propose a FTSS solution when the problem is solvable that exhibits optimal fault containment.

The Networked Control Systems (NCS) are complex systems which integrate information provided by several domians such as automatic control, computer science, communication network. The work presented in this paper concerns fault detection, isolation and compensation of communication network. The proposed method is based on the classical approach of Fault Detection and Isolation and Fault Tolerant Control (FDI/FTC) currently used in diagnosis. The modelling of the network to be supervised is based on both couloured petri nets and network calculus theory often used to represent and analyse the network behaviour. The goal is to implement inside network devices algorithms enabling to detect, isolate and compensate communication faults in an autonomous way.

A parallel algorithm for constructing k-valued fault-tolerant diagnostic tests is described. This algorithm combines two algorithms, viz. a parallel algorithm for constructing an irredundant implication matrix designed to distinguish objects from different patterns and a parallel algorithm for constructing irredundant h-fold column coverings. The IMSLOG intelligent instrumental software (IIS), on the basis of which we construct intelligent systems for various disciplines is described. A sufficient condition for constructing diagnostic tests tolerant to the given number of measurement (entry) errors of values of characteristic features of the object under investigation is applied to ensure fault-tolerance. Suggestions for further research are given.

It will help test the shape, guidance and other systems for the X-37. ... SIGI Space Integrated Global Positioning System Inertial Navigation System; test of control ... string system is not as reliable as the fault-tolerant system planned for the X-37.

Motorized antenna is a key element in overseas satellite telecommunication. The control system directs the on-board antenna toward a chosen satellitewhile the high sea waves disturb the antenna. Certain faults (communication system malfunction or signal blocking) cause interruption in the communication connection resulting in loss of the tracking functionality, and instability of theantenna. In this brief, a fault tolerant control (FTC) system is proposed for thesatellite tracking antenna. The FTC system maintains the tracking functionality by employing proper control strategy. A robust fault diagnosis system is designed to supervise the FTC system. The employed fault diagnosis solution is able to estimate the faults for a class of nonlinear systems acting under external disturbances. Effectiveness of the method is verified through implementation and test on an antenna system.

This paper addresses fault tolerant control for position mooring of a shuttle tanker operating in the North Sea. A complete framework for fault diagnosis is presented but the loss of a sub-sea mooring line buoyancy element is given particular attention, since this fault could lead to line breakage and risky abortion of an oil-loading operation. With signicant drift forces from waves, non-Gaussian elements dominate in residuals and fault diagnosis need be designed using dedicated change detection for the type of distribution encountered. In addition to dedicated diagnosis, an optimal position algorithm is proposed to accommodate buoyancy element failure and keep the mooring system in a safe state. Detection properties and fault-tolerant control are demonstrated by high delity simulations

This paper studies the problem of fault accommodation of time-varying delay systems using adaptive fault diagnosis observer. Based on the proposed fast adaptive fault estimation (FAFE) algorithm using only a measured output, a delay-dependent criteria is first established to reduce the conservatism of the design procedure, and the FAFE algorithm can enhance the performance of fault estimation. On the basis of fault estimation, the observer-based fault-tolerant tracking control is then designed to guarantee tracking performance of the closed-loop systems. Furthermore, comprehensive analysis is presented to discuss the calculation steps using linear matrix inequality technique. Finally, simulation results of a stirred tank reactor model are presented to illustrate the efficiency of the propo...

Manufacturing defects in the deep sub-micron VLSI process and aging resulted problems of devices during lifecycle are inevitable, and fault-tolerant routing algorithms are important to provide the required communication for NoCs in spite of failures. The proposed algorithm, referred to as scalable and reconfigurable fault-tolerant distributed routing (RFDR), partitions the system into nine regions using the concept of divide-and-conquer. It is a distributed algorithm, and each router guarantees fault-tolerance within one's own region and the system can be still sustained with multiple fault areas. The proposed RFDR has excellent scalability with hardware cost keeping constant independent of system size. Also it is completely reconfigurable when new nodes fail. Simulations under various synthetic traffic patterns show its better performance compared to Extended-XY routing algorithm. Moreover, there is almost no hardware overhead compared to Logic-Based Distributed Routing (LBDR), but the fault-tolerance capacity is enhanced in the proposed algorithm. Hardware cost is reduced 37% compared to Reconfigurable Distributed Scalable Predictable Interconnect Network (R-DSPIN) which only supports single fault region.   

Recent experimental advances have demonstrated technologies capable of supporting scalable quantum computation. A critical next step is how to put those technologies together into a scalable, fault-tolerant system that is also feasible. We propose a Quantum Logic Array (QLA) microarchitecture that forms the foundation of such a system. The QLA focuses on the communication resources necessary to efficiently support fault-tolerant computations. We leverage the extensive groundwork in quantum error correction theory and provide analysis that shows that our system is both asymptotically and empirically fault tolerant. Specifically, we use the QLA to implement a hierarchical, array-based design and a logarithmic expense quantum-teleportation communication protocol. Our goal is to overcome the primary scalability challenges of reliability, communication, and quantum resource distribution that plague current proposals for large-scale quantum computing.

This book presents papers on supercomputers as given at a conference on computers and communications. Topics considered at the conference included dataflow programming languages, compilers, distributed systems, natural language, prolog, logic programming, computer vision and computer-aided processes, expert systems, computer system design and architecture, parallel processing, data base management, logic circuits, and fault tolerant computers.

This paper describes a new approach and a system SCREEN for fault-tolerant speech parsing. SCREEEN stands for Symbolic Connectionist Robust EnterprisE for Natural language. Speech parsing describes the syntactic and semantic analysis of spontaneous spoken language. The general approach is based on incremental immediate flat analysis, learning of syntactic and semantic speech parsing, parallel integration of current hypotheses, and the consideration of various forms of speech related errors. The goal for this approach is to explore the parallel interactions between various knowledge sources for learning incremental fault-tolerant speech parsing. This approach is examined in a system SCREEN using various hybrid connectionist techniques. Hybrid connectionist techniques are examined because of their promising properties of inherent fault tolerance, learning, gradedness and parallel constraint integration. The input for SCREEN is hypotheses about recognized words of a spoken utterance potentially analyzed by a spe...

Early Orion GN&C system designs optimized for robustness, simplicity, and utilization of commercially available components. During the System Definition Review (SDR), all subsystems on Orion were asked to re-optimize with component mass and steady state power as primary design metrics. The objective was to create a mass reserve in the Orion point of departure vehicle design prior to beginning the PDR analysis cycle. The Orion GN&C subsystem team transitioned from a philosophy of absolute 2 fault tolerance for crew safety and 1 fault tolerance for mission success to an approach of 1 fault tolerance for crew safety and risk based redundancy to meet probability allocations of loss of mission and loss of crew. This paper will discuss the analyses, rationale, and end results of this activity regarding Orion navigation sensor hardware, control effectors, and trajectory design.

Hadoop is an open-source data processing framework that includes a scalable, fault-tolerant distributed file system, HDFS. Although HDFS was designed to work in conjunction with Hadoop's job scheduler, we have re-purposed it to serve as a grid storage element by adding GridFTP and SRM servers. We have tested the system thoroughly in order to understand its scalability and fault tolerance. The turn-on of the Large Hadron Collider (LHC) in 2009 poses a significant data management and storage challenge; we have been working to introduce HDFS as a solution for data storage for one LHC experiment, the Compact Muon Solenoid (CMS).

Hadoop is an open-source data processing framework that includes a scalable, fault-tolerant distributed file system, HDFS. Although HDFS was designed to work in conjunction with Hadoop's job scheduler, we have re-purposed it to serve as a grid storage element by adding GridFTP and SRM servers. We have tested the system thoroughly in order to understand its scalability and fault tolerance. The turn-on of the Large Hadron Collider (LHC) in 2009 poses a significant data management and storage challenge; we have been working to introduce HDFS as a solution for data storage for one LHC experiment, the Compact Muon Solenoid (CMS).

Various strategies for achieving fault tolerance in large scale control systems are discussed. The positive and negative impacts of distribution through network communication are presented. The ATOMOS framework for standardized reliable marine automation is presented along with the corresponding reliability issues. A generic framework for simulation of network traffic under fault conditions is suggested and the first practical experiences from a prototype implementation are reported.

The problem of fault-tolerant controller design for a class of polytopic uncertain systems with actuator faults is studied in this paper. The actuator faults are presented as a more general and practical continuous fault model. Based on the affine quadratic stability (AQS), the stability of the polytopic uncertain system is replaced by the stability at all corners of the polytope. For a wide range of problems including Formula Not Shown and mixed Formula Not Shown controller design, sufficient conditions are derived to guarantee the robust stability and performance of the closed-loop system in both normal and fault cases. In the framework of the linear matrix inequality (LMI) method, an iterative algorithm is developed to reduce conservativeness of the design procedure. The effectiveness o...

Dependability analysis is crucial to control the risks resulting from failures in modern industrial systems. This paper proposes a modeling approach that constructs dynamic models of fault-tolerant (FT) systems based on Stochastic Activity Networks (SANs). This approach allows the systematic inclusi...

We present a constraint logic programming (CLP) approach for synthesis of fault-tolerant hard real-time applications on distributed heterogeneous architectures. We address time-triggered systems, where processes and messages are statically scheduled based on schedule tables. We use process re-execution for recovering from multiple transient faults. We propose three scheduling approaches, which each present a trade-off between schedule simplicity and performance, (i) full transparency, (ii) slack sharing and (iii) conditional, and provide various degrees of transparency. We have developed a CLP framework that produces the fault-tolerant schedules, guaranteeing schedulability in the presence of transient faults. We show how the framework can be used to tackle design optimization problems.The proposed approach has been evaluated using extensive experiments.

Quantum computers are expected to offer phenomenal increases of computational power. In spite of many proposals based on various physical systems, scalable quantum computation in a fault-tolerant manner is still beyond current technology. Optical models have some prominent advantages such as relatively quick operation time compared to decoherence time. However, massive resource requirements and the gap between the fault tolerance limit and the realistic error rate should be significantly reduced. Here, we develop a novel approach with all-optical hybrid qubits devised to combine advantages of well-known previous approaches. It enables one to efficiently perform universal gate operations in a simple and near-deterministic way using all-optical hybrid entanglement as off-line resources. Remarkably, our approach outperforms the previous ones when considering both the resource requirements and fault tolerance limits. Our work paves an efficient way for the optical realization of scalable quantum computation.

A clustered neural network, in which neuronal information is represented by a cluster (population of neurons), rather than a single neuron, is a possible solution to construct fault-tolerant single-electron circuits. We designed single-electron circuits based on a clustered neural network that performs differential enhancement where differences between the cluster's outputs receiving various magnitudes of inputs are enhanced after the processing. Simulation results showed that the degradation of the performance of the clustered single-electron neural network was significantly lower than that of a non-clustered network, which indicates that this approach is one possible way to construct fault-tolerant computing systems on nanodevices.   

With the rise in automation the increase in fault detectionand isolation & reconfiguration is inevitable. Interest in fault detection and isolation (FDI) for nonlinear systems has grown significantly in recent years. The design of FDI is motivated by the need for knowledge about occurring faults in fault-tolerant control systems (FTC systems). The idea of FTC systems is to detect, isolate, and handle faults in such a way that the systems can still perform in a required manner. One prefers reduced performance after occurrence of a fault to the shut down of (sub-) systems. Hence, the idea of fault-tolerance can be applied to ordinary industrial processes that are not categorized as high risk applications, but where high availability is desirable. The quality of fault-tolerant control is totally dependent on the quality of the underlying algorithms. They detect possible faults, and later reconfigure control software to handle the effects of the particular fault event. In the past mainly linear FDI methods were developed, but as most industrial plants show nonlinear behavior, nonlinear methods for fault diagnosis could probably perform better. This thesis considers the design of FDI for nonlinear systems. It consists of four different contributions. First, it presents a review of the idea and the theory behind the geometric approach for FDI. Starting from the original solution for linear systems up to the latest results for input-affine systems the theory and solutions are described. Then the geometric approach is applied to a nonlinear ship propulsion system benchmark. The calculations and application results are presented in detail to give an illustrative example. The obtained subsystems are considered for the design of nonlinear observers in order to obtain FDI. Additionally, an adaptive nonlinear observer design is given for comparison. The simulation results are used to discuss different aspects of the geometric approach, e.g. the possibility to use it as a general approach. The third contribution considers stability analysis of observers used for FDI. It gives proofs of stability for the observers designed for the ship propulsion system. Furthermore, it stresses the importance of the time-variant character of the linearization along a trajectory. It leads to a different stability analysis than for linearization at one operation point. Finally, the preliminary concept of (actuator) fault-output decoupling is described. It is a new idea based on the solution of the input-output decoupling problem. The idea is to include FDI considerations already during the control design.

This paper presents an experimental evaluation of a hybrid fault detection and isolation scheme against three successive faults in skew-configured inertial sensors of an unmanned aerial vehicle (UAV). An additional small and low-cost inertial measurement unit is installed with a skewed angle to a primary inertial measurement unit. A parity space method and an in-lane monitoring method are combined to increase system tolerance to the occurrence of multiple successive faults during flight. The first and second faults are detected and isolated by the parity space method. The third fault is detected by the parity space method and isolated by the in-lane monitoring method based on the discrete wavelet transform. Hardware in-the-loop tests and flight experiments with a fixed-wing UAV are perform...

The management of redundancy in computer systems was studied and guidelines were provided for the development of NASA's fault-tolerant distributed systems. Fault recovery and reconfiguration mechanisms were examined. A theoretical foundation was laid for redundancy management by efficient reconfiguration methods and algorithmic diversity. Algorithms were developed to optimize the resources for embedding of computational graphs of tasks in the system architecture and reconfiguration of these tasks after a failure has occurred. The computational structure represented by a path and the complete binary tree was considered and the mesh and hypercube architectures were targeted for their embeddings. The innovative concept of Hybrid Algorithm Technique was introduced. This new technique provides a mechanism for obtaining fault tolerance while exhibiting improved performance.

The problem of reliability in high performance control and in fault tolerant control is considered in this paper. A feedback controller architecture for high performance and fault tolerance is considered. The architecture is based on the Youla-Jabr-Bongiorno-Kucera (YJBK) parameterization. By using the nominal controller in the architecture as a simple and robust controller, it is possible to use the YJBK transfer function for optimization of the closed-loop performance. This can be done both in connections with normal operation of the system as well as in connection with faults in the system. The architecture will also allow changing the applied sensors and/or actuators when switching between different controllers. This switchingget particular simple for open-loop stable systems.

informal reports representing results of PC-based research and development activities being .... tasks such as diagnosis, student modeling, and task selection. ... class are treated using Petri nets, data are entered specifying the internal states of the ob- ... for system monitoring, reconfiguration, fault tolerance and interactive ...

We are designing, perhaps for the first time, closed-loop fault-tolerant control for uncertain nonlinear systems. Our solution is based on a new algebraic estimation technique of the derivatives of a time signal, which • yields good estimates of the unknown parameters and of the residuals, i.e., of ...

We propose a technique for discrete controller synthesis, with optimal synthesis on bounded paths, in order to model, design, and optimize fault-tolerant distributed systems, taking into account several criteria (e.g., the execution costs of the tasks and their quality of service). Different combina...

Simple Linux Utility for Resource Management (SLURM) is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters of thousands of nodes. Components include machine status, partition management, job management, scheduling and stream copy modules. This paper presents an overview of the SLURM architecture and functionality.

Increasing soft error rates for semiconductor devices manu- factured in later technologies enforces the use of fault tolerant techniques such as Roll-back Recovery with Checkpointing (RRC). However, RRC introduces time overhead that increases the completion (execution) time. For non-real-time system...

Apr 1, 2005 ... Lack of fault tolerance and cleanliness tolerance in vent paths, which results in time/labor-consuming ...... Lack of operational margin in dimensional design tolerances that “stack-up” and ...... Dredging Operations. 6. $0.40 ...

We show that thresholds for fault-tolerant quantum computation are solely determined by the quality of single-system operations if one allows for d-dimensional systems with $8 \\leq d \\leq 32$. Each system serves to store one logical qubit and additional auxiliary dimensions are used to create and purify entanglement between systems. Physical, possibly probabilistic two-system operations with error rates up to 2/3 are still tolerable to realize deterministic high quality two-qubit gates on the logical qubits. The achievable error rate is of the same order of magnitude as of the single-system operations. We investigate possible implementations of our scheme for several physical set-ups.

The use of self-checking nodes and links for implementing fault-tolerant VLSI multicomputers is proposed. The system consists of a large number of VLSI computers interconnected by high-speed dedicated links. Hardware which performs error detection is combined with system-level protocols which handle error recovery and fault treatment. The self-checking nodes notify the rest of the system when their output is erroneous. In order to achieve high fault coverage, error detection is accomplished by duplication and matching. The critical circuit in this scheme is a comparator, which must not be susceptible to faults which can remain undetected and later mask the failure of the functional modules. With both NMOS and CMOS technologies it is possible to implement a self-testing comparator which will produce an error indication if the comparator incurs any single physical defect. 13 references.

Advances in automation have provided integration of monitoring and control functions to enhance the operator's overview and ability to take remedy actions when faults occur. Automation in plant supervision is technically possible with integrated automation systems as platforms, but new design methods are needed to cope efficiently with the complexity and to ensure that the functionality of a supervisor is correct and consistent. In particular these methods are expected to significantly improve fault tolerance of the designed systems. The purpose of this work is to develop a software module implementing an automated technique for Failure Modes and Effects Analysis (FMEA). This technique is based on the matrix formulation of FMEA for the investigation of failure propagation through a system. As main result, this technique will provide the design engineer with decision tables for fault handling that show how fault migration can be stopped.

Abstract in english In this paper the behavior of assertion-based error detection mechanisms is characterized under faults injected according to a quite general fault model. Assertions based on the knowledge of the application can be very effective at detecting corruption of critical data caused by hardware faults. The main drawbacks of that approach are identified as being the lack of protection of data outside the section covered by assertions, namely during input and output, and the possi (more) ble incorrect execution of the assertions. To handle those weak-points the Robust Assertions technique is proposed, whose effectiveness is shown by extensive fault injection experiments. With this technique a system follows a new failure model, that is called Fail-Bounded, where with high probability all results produced are either correct or, if wrong, they are within a certain bound of the correct value, whose exact distance depends on the output assertions used. Any kind of assertions can be considered, from simple likelihood tests to high coverage assertions such as those used in the Algorithm Based Fault Tolerance paradigm. We claim that this failure model is very useful to describe the behavior of many low-cost fault-tolerant systems, that have low hardware and software redundancy, like embedded systems, were cost is a severe restriction, yet full availability is expected.

As supercomputers become larger and more powerful, they are growing increasingly complex. This is reflected both in the exponentially increasing numbers of components in HPC systems (LLNL is currently installing the 1.6 million core Sequoia system) as well as the wide variety of software and hardware components that a typical system includes. At this scale it becomes infeasible to make each component sufficiently reliable to prevent regular faults somewhere in the system or to account for all possible cross-component interactions. The resulting faults and instability cause HPC applications to crash, perform sub-optimally or even produce erroneous results. As supercomputers continue to approach Exascale performance and full system reliability becomes prohibitively expensive, we will require novel techniques to bridge the gap between the lower reliability provided by hardware systems and users unchanging need for consistent performance and reliable results. Previous research on HPC system reliability has developed various techniques for tolerating and detecting various types of faults. However, these techniques have seen very limited real applicability because of our poor understanding of how real systems are affected by complex faults such as soft fault-induced bit flips or performance degradations. Prior work on such techniques has had very limited practical utility because it has generally focused on analyzing the behavior of entire software/hardware systems both during normal operation and in the face of faults. Because such behaviors are extremely complex, such studies have only produced coarse behavioral models of limited sets of software/hardware system stacks. Since this provides little insight into the many different system stacks and applications used in practice, this work has had little real-world impact. My project addresses this problem by developing a modular methodology to analyze the behavior of applications and systems during both normal and faulty operation. By synthesizing models of individual components into a whole-system behavior models my work is making it possible to automatically understand the behavior of arbitrary real-world systems to enable them to tolerate a wide range of system faults. My project is following a multi-pronged research strategy. Section II discusses my work on modeling the behavior of existing applications and systems. Section II.A discusses resilience in the face of soft faults and Section II.B looks at techniques to tolerate performance faults. Finally Section III presents an alternative approach that studies how a system should be designed from the ground up to make resilience natural and easy.

A failure modes study was the basis for establishing the protection system requirements and for identifying possible design alternatives or options that may be considered. Components of the protection system are discussed with respect to the redundancy and monitoring needed to assure high reliability, as measured by the probability that the system will respond when needed but will not respond inadvertently. High reliability is achieved by making the system fault tolerant using redundancy, decision logic, and computer monitoring.

High performance and reliability are required for wind turbines to be competitive within the energy market. To capture their nonlinear behavior, wind turbines are often modeled using parameter-varying models. In this paper we design and compare multiple linear parameter-varying (LPV) controllers, designed using a proposed method that allows the inclusion of both faults and uncertainties in the LPV controller design. We specifically consider a 4.8 MW, variable-speed, variable-pitch wind turbine model with a fault in the pitch system.We propose the design of a nominal controller (NC), handling the parameter variations along the nominal operating trajectory caused by nonlinear aerodynamics. To accommodate the fault in the pitch system, an active fault-tolerant controller (AFTC) and a passive ...

Twisted hypercube-like networks (THLNs) are an important class of interconnection networks for parallel computing systems, which include most popular variants of the hypercubes, such as crossed cubes, M\\"obius cubes, twisted cubes and locally twisted cubes. This paper deals with the fault-tolerant hamiltonian connectivity of THLNs under the large fault model. Let $G$ be an $n$-dimensional THLN and $F \\subseteq V(G)\\bigcup E(G)$, where $n \\geq 7$ and $|F| \\leq 2n - 10$. We prove that for any two nodes $u,v \\in V(G - F)$ satisfying a simple necessary condition on neighbors of $u$ and $v$, there exists a hamiltonian or near-hamiltonian path between $u$ and $v$ in $G-F$. The result extends further the fault-tolerant graph embedding capability of THLNs.

Research has presented several approaches to achieve varying degrees of fault-tolerance in unmanned aircraft. Approaches in reconfigurable flight control are generally divided into two categories: those which incorporate multiple non-adaptive controllers and switch between them based on the output of a fault detection and identification element, and those that employ a single adaptive controller capable of compensating for a variety of fault modes. Regardless of the approach for reconfigurable flight control, certain fault modes dictate system restructuring in order to prevent a catastrophic failure. System restructuring enables active control of actuation not employed by the nominal system to recover controllability of the aircraft. After system restructuring, continued operation requires the generation of flight paths that adhere to an altered flight envelope. The control architecture developed in this research employs a multi-tiered hierarchy to allow unmanned aircraft to generate and track safe flight paths despite the occurrence of potentially catastrophic faults. The hierarchical architecture increases the level of autonomy of the system by integrating five functionalities with the baseline system: fault detection and identification, active system restructuring, reconfigurable flight control; reconfigurable path planning, and mission adaptation. Fault detection and identification algorithms continually monitor aircraft performance and issue fault declarations. When the severity of a fault exceeds the capability of the baseline flight controller, active system restructuring expands the controllability of the aircraft using unconventional control strategies not exploited by the baseline controller. Each of the reconfigurable flight controllers and the baseline controller employ a proven adaptive neural network control strategy. A reconfigurable path planner employs an adaptive model of the vehicle to re-shape the desired flight path. Generation of the revised flight path is posed as a linear program constrained by the response of the degraded system. Finally, a mission adaptation component estimates limitations on the closed-loop performance of the aircraft and adjusts the aircraft mission accordingly. A combination of simulation and flight test results using two unmanned helicopters validates the utility of the hierarchical architecture.

Whereas some applications require correct computation many others do not. A large domain where perfect functional performance is not always required is multimedia and DSP systems. Relaxing the requirement of 100% correctness for devices and interconnections may dramatically reduce costs of manufacturing, verification, and testing. The goal of this paper is to develop a method for trading computational correctness for an additional chip area involved by fault-tolerance implementation. The method is demonstrated for the BP array in the following way: only the most significant bits of the output word are made fault-tolerant. By introducing the concept of partially error-tolerant BP array, designers achieve one more degree of tradeoff freedom. Formal definitions of the proposed terms are given...

This paper describes a parallel algorithm for k-valued fault-tolerant diagnostic tests construction. The algorithm is implemented in a intelligent instrumental software IMSLOG. Fault-tolerance is ensured by applying a sufficient condition for the construction of diagnostic tests that are tolerant to a given number of errors of measurement (entry) values of the characteristic features of the object.

Research on wind turbine Operations & Maintenance (O&M) procedures is critical to the expansion of Wind Energy Conversion systems (WEC). In order to reduce O&M costs and increase the lifespan of the turbine, we study the application of Set-Valued Observers (SVO) to the problem of Fault Detection and Isolation (FDI) and Fault Tolerant Control (FTC) of wind turbines, by taking advantage of the recent advances in SVO theory for model invalidation. A simple wind turbine model is presented along with possible faulty scenarios. The FDI algorithm is built on top of the described model, taking into account process disturbances, uncertainty and sensor noise. The FTC strategy takes advantage of the proposed FDI algorithm, enabling the controller reconfiguration shortly after fault events. Additionally, a robust controller is designed so as to increase the wind turbine's performance during low severity faults. Finally, the FDI algorithm is assessed within a publicly available benchmark model, using Monte-Carlo simulation runs.

It is anticipated that self assembled ultra-dense nanomemories will be more susceptible to manufacturing defects and transient faults than conventional CMOS-based memories, thus the need exists for fault-tolerant memory architectures. The development of such architectures will require intense analysis in terms of achievable performance measures - power dissipation, area, delay and reliability. In this paper, we propose and develop a hybrid automation framework, called HMAN, that aids the design and analysis of fault-tolerant architectures for nanomemories. Our framework can analyze memory architectures at two different levels of the design abstraction, namely the system and circuit levels. To the best of our knowledge, this is the first such attempt at analyzing memory systems at different levels of abstraction and then correlating the different performance measures to provide the system designers guidelines for designing a robust nanomemory. We also illustrate the application of our framework to self-assembled crossbar architectures by analyzing a hierarchical fault-tolerant crossbar-based memory architecture that we have developed, and comparing this with existing crossbar architectures.

A logic and proof theory that was mechanized and successfully applied to prove nontrivial properties of a fully distributed fault tolerant system is described. The system is close to achieving the critical balance in man machine interaction necesary for successful application by users other than the system developers. Motivation for the form of man machine interaction embodied by STP is discussed. A formal description of the logic and the proof theory is contained, and the description illustrated with an example. The use of STP in a large scale effort to prove nontrivial properties on SIFT, a distributed Software Implemented Fault Tolerant operating system for aircraft flight control is discussed. Finally, directions for further work are described.

This paper adresses the design process of diagnosis and fault-tolerant control when the a system should operate despite multiple failures in sensors or actuators. Graph-teory based analysis of systems structure is demonstrated to be a unique design methodology that can cope with the diagnosis design for systems of high complexity, and also analyse the cases of cascaded or multiple faults. The paper takes as example a ship with two CP propellers, rudders and a bow thruster as actuators, and instrumentation with a suite of global position sensors, inertial navigation units and conventional gyro units to provide ship motion information. A salient feature of the design mehod is the ability to analyse cases where faults have occurrred and easily determine where in the faulty system diagnosability and controlability are retained.

This paper addresses the design process of diagnosis and fault-tolerant control when a system should operate despite multiple failures in sensors or actuators. Graph-theory based analysis of system's structure is demonstrated to be a unique design methodology that can cope with the diagnosis design for systems of high complexity, and also analyse the cases of cascaded or multiple faults. The paper demonstrates the design method on a ship with three actuators: two shafts with CP propellers and a bow thruster, and navigation instruments: global position sensors (GPS), inertial navigation units and conventional gyros to provide ship motion information. A salient feature of the design method is shown to be the ability to analyse cases where one or more faults have occurred and rapidly determine where in the faulty system reconfigurability, diagnosability and controllability are retained.

In this introductory article on the subject of quantum error correction and fault-tolerant quantum computation, we review three important ingredients that enter known constructions for fault-tolerant quantum computation, namely quantum codes, error discretization and transversal quantum gates. Taken together, they provide a ground on which the theory of quantum error correction can be developed and fault-tolerant quantum information protocols can be built. PMID:22908341

New services based on the best-effort paradigm could complement the current deterministic services of an electronic financial exchange. Four crucial aspects of such systems would benefit from a hybrid stance: proper use of processing resources, bandwidth management, fault tolerance, and exception handling. We argue that a more refined view on Quality-of-Service control for exchange systems, in which the principal ambition of upholding a fair and orderly marketplace is left uncompromised, would benefit all interested parties.

An electromechanical ac-powered rotary actuated four-bar linkage system for rotating the Shuttle/Centaur deployment adapter is described. The essential features of the deployment adapter rotation system (DARS) are increased reliability for mission success and maximum practical hazard control for safety. The requirements, concept development, hardware configuration, quality assurance provisions, and techniques used to meet two-fault tolerance requirements are highlighted. The rationale used to achieve a degree of safety equivalent of that of two-failure tolerance is presented. Conditions that make this approach acceptable, including single failure point components with regard to redundancy versus credibility of failure modes, are also discussed.

The matrix converter (MC) presents a promising topology that will have to overcome certain barriers (protection systems, durability, the development of converters for real applications, etc.) in order to gain a foothold in the industry. In some applications, where continuous operation must be insured in the case of a system failure, improved reliability of the converter is of particular importance. In this sense, this article focuses on the study of a fault tolerant MC. The fault tolerance of a converter is characterized by its total or partial response in the case of a breakage of any of its components. Taking into consideration that virtually no work has been done on fault tolerant MCs, this paper describes the most important studies in this area. Moreover, a new method is proposed for detecting the breakage of MC semiconductors. Likewise, a new variation of SVM modulation with failure tolerance capacity is presented. This guarantees the continuous operation of the converter and the pseudo-optimum control of a PMSM. This paper also proposes a novel MC topology, which allows the flexible reconfiguration of this converter, when one or several of its semiconductors are damaged. In this way, the MC can continue operating at 100% of its performance without having to double its resources. In this way, it can be said that the solution described in this article represents a step forward towards the development of reliable matrix converters for real applications. (author)

In this paper we will present a new technology that we are currently developing within the SFT: Scalable Fault Tolerance FastOS project which seeks to implement fault tolerance at the operating system level. Major design goals include dynamic reallocation of resources to allow continuing execution in the presence of hardware failures, very high scalability, high efficiency (low overhead), and transparency—requiring no changes to user applications. Our technology is based on a global coordination mechanism, that enforces transparent recovery lines in the system, and TICK, a lightweight, incremental checkpointing software architecture implemented as a Linux kernel module. TICK is completely user-transparent and does not require any changes to user code or system libraries; it is highly responsive: an interrupt, such as a timer interrupt, can trigger a checkpoint in as little as 2.5?s; and it supports incremental and full checkpoints with minimal overhead—less than 6% with full checkpointing to disk performed as frequently as once per minute.

In this paper, we explore the benefits and possibilities about the implementation of multi-agents simulation framework on a Hadoop cloud. Scalability, fault-tolerance and failure-recovery have always been a challenge for a distributed systems application developer. The highly efficient fault tolerant nature of Hadoop, flexibility to include more systems on the fly, efficient load balancing and the platform-independent Java are useful features for development of any distributed simulation. In this paper, we propose a framework for agent simulation environment built on Hadoop cloud. Specifically, we show how agents are represented, how agents do their computation and communication, and how agents are mapped to datanodes. Further, we demonstrate that even if some of the systems fail in the di...

Grid superscheduling requires support for efficient and scalable discovery of resources. Resource discovery activities involve searching for the appropriate resource types that match the user's job requirements. To accomplish this goal, a resource discovery system that supports the desired look-up operation is mandatory. Various kinds of solutions to this problem have been suggested, including the centralised and hierarchical information server approach. However, both of these approaches have serious limitations in regards to scalability, fault-tolerance and network congestion. To overcome these limitations, organising resource information using Peer-to-Peer (P2P) network model has been proposed. Existing approaches advocate an extension to structured P2P protocols, to support the Grid resource information system (GRIS). In this paper, we identify issues related to the design of such an efficient, scalable, fault-tolerant, consistent and practical GRIS system using a P2P network model. We compile these issues...

Next-generation exascale systems, those capable of performing a quintillion (10{sup 18}) operations per second, are expected to be delivered in the next 8-10 years. These systems, which will be 1,000 times faster than current systems, will be of unprecedented scale. As these systems continue to grow in size, faults will become increasingly common, even over the course of small calculations. Therefore, issues such as fault tolerance and reliability will limit application scalability. Current techniques to ensure progress across faults like checkpoint/restart, the dominant fault tolerance mechanism for the last 25 years, are increasingly problematic at the scales of future systems due to their excessive overheads. In this work, we evaluate a number of techniques to decrease the overhead of checkpoint/restart and keep this method viable for future exascale systems. More specifically, this work evaluates state-machine replication to dramatically increase the checkpoint interval (the time between successive checkpoint) and hash-based, probabilistic incremental checkpointing using graphics processing units to decrease the checkpoint commit time (the time to save one checkpoint). Using a combination of empirical analysis, modeling, and simulation, we study the costs and benefits of these approaches on a wide range of parameters. These results, which cover of number of high-performance computing capability workloads, different failure distributions, hardware mean time to failures, and I/O bandwidths, show the potential benefits of these techniques for meeting the reliability demands of future exascale platforms.

Autonomous multiple spacecraft formation flying space missions demand the development of reliable control systems to ensure rapid, accurate, and effective response to various attitude and formation reconfiguration commands. Keeping in mind the complexities involved in the technology development to enable spacecraft formation flying, this thesis presents the development and validation of a fault tolerant control algorithm that augments the AOCS on-board a spacecraft to ensure that these challenging formation flying missions will fly successfully. Taking inspiration from the existing theory of nonlinear control, a fault-tolerant control system for the RyePicoSat missions is designed to cope with actuator faults whilst maintaining the desirable degree of overall stability and performance. Autonomous fault tolerant adaptive control scheme for spacecraft equipped with redundant actuators and robust control of spacecraft in underactuated configuration, represent the two central themes of this thesis. The developed algorithms are validated using a hardware-in-the-loop simulation. A reaction wheel testbed is used to validate the proposed fault tolerant attitude control scheme. A spacecraft formation flying experimental testbed is used to verify the performance of the proposed robust control scheme for underactuated spacecraft configurations. The proposed underactuated formation flying concept leads to more than 60% savings in fuel consumption when compared to a fully actuated spacecraft formation configuration. We also developed a novel attitude control methodology that requires only a single thruster to stabilize three axis attitude and angular velocity components of a spacecraft. Numerical simulations and hardware-in-the-loop experimental results along with rigorous analytical stability analysis shows that the proposed methodology will greatly enhance the reliability of the spacecraft, while allowing for potentially significant overall mission cost reduction.

The NASA Glenn Research Center, partner universities, and defense contractors are working to develop intelligent power management and distribution (PMAD) technologies for future spacecraft and launch vehicles. The goals are to provide higher performance (efficiency, transient response, and stability), higher fault tolerance, and higher reliability through the application of digital control and communication technologies. It is also expected that these technologies will eventually reduce the design, development, manufacturing, and integration costs for large, electrical power systems for space vehicles. The main focus of this research has been to incorporate digital control, communications, and intelligent algorithms into power electronic devices such as direct-current to direct-current (dc-dc) converters and protective switchgear. These technologies, in turn, will enable revolutionary changes in the way electrical power systems are designed, developed, configured, and integrated in aerospace vehicles and satellites. Initial successes in integrating modern, digital controllers have proven that transient response performance can be improved using advanced nonlinear control algorithms. One technology being developed includes the detection of "soft faults," those not typically covered by current systems in use today. Soft faults include arcing faults, corona discharge faults, and undetected leakage currents. Using digital control and advanced signal analysis algorithms, we have shown that it is possible to reliably detect arcing faults in high-voltage dc power distribution systems (see the preceding photograph). Another research effort has shown that low-level leakage faults and cable degradation can be detected by analyzing power system parameters over time. This additional fault detection capability will result in higher reliability for long-lived power systems such as reusable launch vehicles and space exploration missions.

This paper discusses on-going work with the Integrated Plasma Simulator (IPS), a framework for coupled multiphysics simulations of plasmas, to allow simulations to run through the loss of nodes on which the simulation is executing. While many different techniques are available to improve the fault tolerance of computational science applications on high-performance computer systems, checkpoint/restart (C/R) remains virtually the only one that see widespread use in practice. Our focus here is to augment the traditional C/R approach with additional techniques that can provide a more localized and tailored response to faults based on the ability to restart failed tasks on an individual basis, and the use of information external to the application itself in order to guide decision-making, in many cases avoiding the need to stop and restart the entire simulation. This capability involves several features within the IPS framework, and leverages the Fault Tolerance Backplane, a publish/subscribe event service to disseminate fault-related information throughout HPC systems, to obtain information from the Reliability, Availability and Serviceability (RAS) subsystem of the HPC system. This work is described in the context of Cray XT-series computer systems for concreteness, but is applicable to other environments as well. As part of the analysis of this work, we discuss the requirements to generalize this approach to other complex simulation applications beyond the Integrated Plasma Simulator.

This paper describe a concept for fault tolerant controllers (FTC) based on the YJBK (after Youla, Jabr, Bongiorno and Kucera) parameterization. This controller architecture will allow to change the controller on-line in the case of faults in the system. In the described FTC concept, a safe mode controller is applied as the basic feedback controller. A controller for normal operation with high performance is obtained by including certain YJBK parameters (transfer functions) in the controller. This will allow a fast switch from normal operation to safe mode operation in case of critical faults in the system. The described FTC architecture allow the different feedback controllers to apply different sets of sensors and actuators.

We present the Telecommunications protocol processing subsystem using Reconfigurable Interoperable Gate Arrays (TRIGA), a novel approach that unifies fault tolerance, error correction coding and interplanetary communication protocol off-loading to implement CCSDS File Delivery Protocol and Datalink layers. The new reconfigurable architecture offers more than one order of magnitude throughput increase while reducing footprint requirements in memory, command and data handling processor utilization, communication system interconnects and power consumption.

We strictly study geometric phase gates driven by a classical fluctuating magnetic field. In the derivation of the stochastic Liouville equation of this system, we turn to the cumulant expansion method of Kubo and white noise assumption. The directional dependence of Berry and Aharonov-Anandan (AA) phase gates on noise is assuredly captured. For nonadiabatic evolution, enhancing angular frequency of the rotating magnetic field can be beneficial to realize fault-tolerant AA phase gates.

Under a U.S. Department of Energy program for radioisotope power systems, Lockheed Martin is developing an Engineering Unit of the Advanced Stirling Radioisotope Generator (ASRG). This is an advanced version of the previously reported SRG110 generator. The ASRG uses Advanced Stirling Convertors (ASCs) developed by Sunpower Incorporated under a NASA Research Announcement contract. The ASRG makes use of a Stirling controller based on power electronics that eliminates the tuning capacitors. The power electronics controller synchronizes dual-opposed convertors and maintains a fixed frequency operating point. The controller is single-fault tolerant and uses high-frequency pulse width modulation to create the sinusoidal currents that are nearly in phase with the piston velocity, eliminating the need for large series tuning capacitors. Sunpower supports this effort through an extension of their controller development intended for other applications. Glenn Research Center (GRC) supports this effort through system dynamic modeling, analysis and test support. The ASRG design arrived at a new baseline based on a system-level trade study and extensive feedback from mission planners on the necessity of single-fault tolerance. This paper presents the baseline design with an emphasis on the power electronics controller detailed design concept that will meet space mission requirements including single fault tolerance.

The study of a comparative analysis of distinct multiplex and fault-tolerant configurations for a PLC-based safety system from a reliability point of view is presented. It considers simplex, duplex and fault-tolerant triple redundancy configurations. The standby unit in case of a duplex configuration has a failure rate which is k times the failure rate of the standby unit, the value of k varying from 0 to 1. For distinct values of MTTR and MTTF of the main unit, MTBF and availability for these configurations are calculated. The effect of duplexing only the PLC module or only the sensors and the actuators module, on the MTBF of the configuration, is also presented. The results are summarized and merits and demerits of various configurations under distinct environments are discussed.

The authors overview, characterize, and classify some typical reconfiguration schemes in light of a proposed taxonomy. This taxonomy can be used as a guide for future research in design and analysis of reconfiguration schemes. Studying how to evaluate fault-tolerant arrays and how to exploit application characteristics to achieve dependable computing are important complementary directions of research towards reliable processor-array design. A related research problem is that of functional reconfiguration, that is, learning how to configure the topology of a parallel system to implement a different function or run a different application. Important directions of research include how to apply or extend processor-array reconfiguration algorithms to other topologies and how to marry functional and fault-tolerance reconfiguration requirements and solutions. The Diogenes approach discussed in this article is a case where this goal is naturally achieved.

The two LHC beam dump kicker systems consist each of 14 pulse generator and magnet subsystems. Their task is to extract on request the beams in synchronisation with the gap in the beam. This operation must be fail-safe to avoid disastrous consequences due to loss of the beam inside the LHC. Only a failing operation of one of the 14 pulse generators is allowed. To preserve this tolerance premature beam dumps are forced immediately after early detection of internal faults. However, these faults should occur rarely in order not to be a source of undesirable downtime of the LHC. The report determines first the level of reliability required for the main components of the system. In particular faults which could cause spontaneously non-synchronised beam dumps are identified. Then, technical solutions are evaluated on failure behaviour. Those having a most likely failure mode which does not cause dump triggers are favoured. These solutions need redundancy and are more complex but have the advantage to be fault toler...

Resolver sensor based angular position and speed sensing are extensively used in safety critical servo applications that demands accurate as well as high-resolution position and speed information for feedback control. In this paper, a novel scheme for position and speed sensing along with fault detection and identifications of a resolver sensor with systematic errors like magnitude imbalance, imperfect quadrature, and inductive harmonics is presented. The proposed scheme of resolver-to-digital (R/D) conversion mitigates the errors in position and speed estimate due to these common resolver imperfections and provides fault indicators such as good resolver signal, degradation of signal, and loss of signal for fault tolerant operation and diagnosis of malfunctions in the sensor system for saf...

In wormhole meshes, many routing algorithms prevent deadlocks by enclosing faulty nodes within faulty blocks. None of them however can tolerate the convex fault model without virtual channels. We propose a deterministic fault-tolerant wormhole routing algorithm for mesh networks that can handle disj...

This work presents the management functions for a distributed computer control system, which has been developed at Centro de Pesquisas de Energia Eletrica - CEPEL with the aim to automate hydroelectric power plants and extra high voltage power substations. The initial specifications developed are based on a architecture without redundancies which initially has the objective to get the effective knowledge of the system's behaviour. In the first part is given an introduction of dependability, with two aims: to present the basic concepts and terminology, and, to present a set of techniques in the area of computing systems fault tolerance. In control system is introduced, in terms of its architecture and functionality. The third part introduces the management activities for the distributed system are introduced together with a general model. Finally, the fault diagnosis in the distributed system is discussed, where is presented a new diagnosis algorithm. (author)

A fault-tolerant wormhole routing algorithm using multi-phase minimal routing paths for mesh networks is proposed in this paper. When routing messages come in contact with a fault region, they always select a local shortest path around the fault-region in clockwise or counter clockwise direction. Th...

Diagnosis and, when possible, prognosis of faults are essential for safe and reliable operation. The area of fault diagnosis has emerged over three decades. The majority of studies related to linear systems but real-life systems are complex and nonlinear. The development of methodologies coping with complex and nonlinear systems have matured and even though there are many un-solved problems, methodology and associated tools have become available in the form of theory and software for design. Genuine industrial cases have also become available. Analysis of system topology, referred to as structural analysis, has proven to be unique and simple in use and a recent extension to active structural techniques have made fault isolation possible in a wide range of systems. Following residual generation using these topologybased methods, deterministic and statistical change detection has proven very useful for on-line prognosis and diagnosis. For complex systems, results from non-Gaussian detection theory have been employed with convincing results. The paper presents the theoretical foundation for design methodologies that now appear as enabling technology for a new area of design of systems that are reliable in practise. Yet they are also affordable due to the use of fault-tolerant philosophies and tools that make engineering efforts minimal for their implementation. The paper includes examples for an autonomous aircraft and a baling system for agriculture.

A time delay control methodology is adopted to cope with degraded control performance due to control surface damage of unmanned aerial vehicles, especially in the case of the automatic landing phase. It is a crucial challenge to maintain consistent control performance even under fault environments such as stuck and/or incipient actuator faults. Flight control systems designed using conventional feedback control methods in such cases may result in unsatisfactory performance, and even worse, may not guarantee the closed-loop stability, which is fatal for aircraft in the state of auto-landing. To overcome the shortfalls of the conventional approach, the time delay control scheme is adopted. This scheme is known to be robust against disturbance, model uncertainties and so on. Motivated by the fact that the abrupt and/or incipient actuator faults focused on in this paper could be considered as model uncertainties, we consider the application of the time delay controller to designing a fault tolerant control system. To show the effectiveness of the time delay control method, a nonlinear 6-DOF simulation is performed under model uncertainties and wind disturbances, and control performance is compared with that of conventional controllers in the case of multiple and single actuator faults.

Aerodynamic parameter estimation is an integral part of aerospace system design and life cycle process. Recent advances in computational power have allowed the use of online parameter estimation techniques in varied applications such as reconfigurable or adaptive control, system health monitoring, and fault tolerant control. The combined problem of state and parameter identification leads to a nonlinear filtering problem; furthermore, many aerospace systems are characterized by nonlinear models as well as noisy and biased sensor measurements. Extended Kalman filter (EKF) is a commonly used algorithm for recursive parameter identification due to its excellent filtering properties and is based on a first order approximation of the system dynamics. Recently, the unscented Kalman filter (UKF) ...

In large-scale industrial plants, the process control system has multiple system servers to provide seamless services to plant operators irrespective of any system server's failure. In this paper, we present an autonomic connection scheme between the system server and the Human-Machine Interface application (HMI) without additional configuration. The proposed scheme is based on the concept of autonomic computing, supporting the fault-tolerant and/or load-balancing features. Finally, the mathematical analysis shows that the proposed scheme can provide high availability of services to users.   

Motivated by the hypothesis that dilatancy plays a critical role in faulting in subduction zones, we are developing FDRA2 (Fault Dynamics with the Radiation-damping Approximation), a software package to simulate three-dimensional quasi-dynamic faulting that includes rate-state friction, thermal pressurization, and dilatancy (following Segall and Rice [1995]) in a finite-width shear zone. This work builds on the two-dimensional simulations performed by FDRA1 (Bradley and Segall [AGU 2010], Segall and Bradley [submitted]). These simulations show that at lower background effective normal stress (\\bar ?), slow slip events occur spontaneously, whereas at higher \\bar ? , slip is inertially limited. At intermediate \\bar ? , dynamic events are followed by quiescent periods and then long durations of repeating slow slip events. Models with depth-dependent properties produce sequences similar to those observed in Cascadia. Like FDRA1, FDRA2 solves partial differential equations in pressure and temperature on profiles normal to the fault. The diffusion equations are discretized in space using finite differences on a nonuniform mesh having greater density near the fault. The full system of equations is a semiexplicit index-1 differential algebraic equation (DAE) in slip, slip rate, state, fault zone porosity, pressure, and temperature. We integrate state, porosity, and slip explicitly; solve the momentum balance equation on the fault for slip rate; and integrate pressure and temperature implicitly. Adaptive time steps are limited by accuracy and the stability criterion governing explicit integration of hyperbolic, but not the more stringent one governing parabolic, PDE. To compute elasticity in a 3D half-space, FDRA2 compresses the large, dense matrix arising from the boundary element method using an H-matrix. The work to perform a matrix-vector product scales almost linearly, rather than quadratically, in the number of fault cells. A new technique to relate the error tolerance on the approximation to parameters of the compression algorithms (Bradley [submitted]) improves the compression efficiency for the third-order 1/r3 singularity with elastic Green's functions, relative to the standard method, by factors of two to five---importantly, while still providing the same straightforward error bound on the approximation. The compression (and so, roughly, the speedup) factor for a problem in which the fault is discretized by 156 ± 402 rectangles and the tolerance on the relative error is 10-5 is just over 75. We will describe our numerical methods and present preliminary simulation results.

We present a tight integration of a user-level thread scheduler and a zero-copy messaging system that has been designed and optimized for scalable and efficient fine-grain parallel processing, on commodity platforms, with support for fault-tolerance. The system delivers most of the performance of the underlying communication hardware to a multi-threaded application level, while introducing little CPU overhead. This is demonstrated by a performance analysis of an implementation using off-the-shelf commodity products: PCs, running the Linux operating system, equipped with fast and gigabit Ethernet network interface cards. (21 refs).

We describe a structured system for distributed mechanism design. It consists of a sequence of layers. The lower layers deal with the operations relevant for distributed computing only, while the upper layers are concerned only with communication among players, including broadcasting and multicasting, and distributed decision making. This yields a highly flexible distributed system whose specific applications are realized as instances of its top layer. This design supports fault-tolerance, prevents manipulations and makes it possible to implement distributed policing. The system is implemented in Java. We illustrate it by discussing a number of implemented examples.

Summary Current automation solutions have a limited capability concerning agile adaptation to unexpected internal and external disturbances. Distributed intelligent control systems based on agent technologies are seen as a promising approach to handle the dynamics in large complex systems reducing the complexity, increasing flexibility and enhancing fault tolerance. We developed a new architecture of automation agents capable to answer the major requirements in the process domain. The application of these technologies enables efficient process scheduling, monitoring and diagnosis. Moreover, in the case of the changing production conditions, the presented system architecture enables a flexible automatic reconfiguration of the control software.

A quorum system is a collection of subsets of nodes, called quorums, with the property that each pair of quorums have a non-empty intersection. Quorum systems are the key mathematical abstraction for ensuring consistency in fault-tolerant and highly available distributed computing. Critical for many applications since the early days of distributed computing, quorum systems have evolved from simple majorities of a set of processes to complex hierarchical collections of sets, tailored for general adversarial structures. The initial non-empty intersection property has been refined many times to a

Even though the conventional probabilistic safety assessment methods are immature for applying to microprocessor-based digital systems, practical needs force to apply it. In the Korea, UCN 5 and 6 units are being constructed and Korean Next Generation Reactor is being designed using the digital instrumentation and control equipment for the safety related functions. Korean regulatory body requires probabilistic safety assessment. This paper analyzes the difficulties on the assessment of digital systems and suggests an intermediate framework for evaluating their safety using fault tree models. The framework deals with several important characteristics of digital systems including software modules and fault-tolerant features. We expect that the analysis result will provide valuable design feedback. (authors)

This work deals with fault tolerance in distributed MANET (Mobile Ad hoc Networks) systems. However, the major issue for a failure detection protocol is to confound between a fault and a voluntary or an involuntary disconnection of nodes, and therefore to suspect correct nodes to be failing and conversely. Within this context, we propose in this paper a failure detection protocol that copes with MANET systems constraints. The aim of this work is to allow to the system to launch recovery process. For this effect, our protocol, called FDAN, is based on the class of heartbeat protocols. It takes into account: no preliminary knowledge of the network, the nodes disconnection and reconnection, resources limitation...Hence, we show that by using temporary lists and different timeout levels, we achieve to reduce sensibly the number of false suspicions.

Advanced materials and structures technologies are needed for future ES platforms. ... Large deployable and/or inflatable/rigidizable aperture systems ... Space rigidizable polymers ..... battery charge controllers, fault detection, fault isolation, autonomous fault recovery, active impedance control, active noise cancellation, ...

Many practical scientific applications would benefit from a simple checkpointing mechanism to provide automatic restart or recovery in response to faults and failures. CUMULVS is a middleware infrastructure for interacting with parallel scientific simulations to support online visualization and computational steering. The base CUMULVS system has been extended to provide a user-level mechanism for collecting checkpoints in a parallel simulation program. Via the same interface that CUMULVS uses to identify and describe data fields for visualization and parameters for steering, the user application can select the minimal program state necessary to restart or migrate an application task. The CUMULVS run-time system uses this information to efficiently recover fault-tolerant applications by restarting failed tasks. Application tasks can also be migrated -- even across heterogeneous architecture boundaries -- to achieve load balancing or to improve the task`s locality with a required resource. This paper describes the CUMULVS interface for checkpointing, the issues faced in utilizing this interface when developing fault-tolerant and migrating applications, and the direction of future research in this area.

The application of concatenated codes to fault tolerant quantum computing is discussed. We have previously shown that for quantum memories and quantum communication, a state can be transmitted with error {epsilon} provided each gate has error at most c{epsilon}. We show how this can be used with Shor`s fault tolerant operations to reduce the accuracy requirements when maintaining states not currently participating in the computation. Viewing Shor`s fault tolerant operations as a method for reducing the error of operations, we give a concatenated implementation which promises to propagate the reduction hierarchically. This has the potential of reducing the accuracy requirements in long computations.

The focus of situation-aware ubiquitous computing has increased lately. An example of situation-aware applications is a multimedia education system. Since ubiquitous applications need situation-aware middleware services and computing environment keeps changing as the applications change, it is challenging to detect errors and recover them in order to provide seamless services and avoid a single point of failure. This paper proposes an Adaptive Fault Tolerance Agent (AFTA) in situation-aware middleware framework and presents its simulation model of AFT-based agents. The strong point of this system is to detect and recover error automatically in case that the session's process comes to an end through a software error.

This report presents a propulsion system model for a low speed marine vehicle, which can be used as a test benchmark for Fault-Tolerant Control purposes. The benchmark serves the purpose of offering realistic and challenging problems relevant in both FDI and (autonomous) supervisory control area. The propulsion system model is presented in two versions: the first one consists of one engine and one propeller, and the othe one consists of two engines and their corresponding propellers placed in parallel in the ship. The corresponding programs are developed and are available.

Scientific workflow systems often operate in unreliable environments, and have accordingly incorporated different fault tolerance techniques. One of them is the checkpointing technique combined with its corresponding rollback recovery process. Different checkpointing schemes have been developed and at various levels: task- (or activity-) level and workflow-level. At workflow-level, the usually adopted approach is to establish a checkpointing frequency in the system which determines the moment at which a global workflow checkpoint - a snapshot of the whole workflow enactment state at normal execution (without failures) - has to be accomplished. We describe an alternative workflow-level checkpointing scheme and its corresponding rollback recovery process for hierarchical scientific workflows...

We present a solid-state laser system that generates 750 mW of continuous-wave single-frequency output at 313 nm. Sum-frequency generation with fiber lasers at 1550 nm and 1051 nm produces up to 2 W at 626 nm. This visible light is then converted to UV by cavity-enhanced second-harmonic generation. The laser output can be tuned over a 495 GHz range, which includes the 9Be+ laser cooling and repumping transitions. This is the first report of a narrow-linewidth laser system with sufficient power to perform fault-tolerant quantum-gate operations with trapped 9Be+ ions by use of stimulated Raman transitions.

This paper deals with reliability of motor drive systems. It focuses on the switching power converter which is the weakest drive part. It investigates a new architecture which provides intrinsic redundancy. The method used in this fault switch detection and diagnosis is based on a sliding mode observer. The original aspect of this new approach is that the observer influences the control algorithm in order to rule out or accept the possibility of the device failure. This leads to the right decision which induces the rebuilding of the converter topology. This fault tolerant control strategy assures continuous operation even though one switch failure occurs. This article has been submitted as part of “IET Colloquium on Reliability in Electromagnetic Systems”, 24 and 25 May 2007, Paris

In order to identify and segment the active faults, the literatures of structural geology, paleoseismology, and geophysical explorations were investigated. The existing structural geological criteria for segmenting active faults were examined. These are mostly based on normal fault systems, thus, the additional criteria are demanded for application to different types of fault systems. Definition of the seismogenic fault, characteristics of fault activity, criteria and study results of fault segmentation, relationship between segmented fault length and maximum displacement, and estimation of seismic risk of segmented faults were examined in paleoseismic study. The history of earthquake such as dynamic pattern of faults, return period, and magnitude of the maximum earthquake originated by fault activity can be revealed by the study. It is confirmed through various case studies that numerous geophysical explorations including electrical resistivity, land seismic, marine seismic, ground-penetrating radar, magnetic, and gravity surveys have been efficiently applied to the recognition and segmentation of active faults.

Detailed marine geophysical surveys of the inner California continental borderland west of northern Baja California show that the region is underlain by two major, northwest-trending, Quaternary, dextral wrench fault systems. The San Clemente fault system lies along the western part of the inner borderland and is delineated by the San Clemente and San Isidro fault zones. Together, these fault zones connect to form a long (300 km), narrow (5-10 km), continuous zone of faulting that is very similar to the larger San Andreas fault system onshore. The Agua Blanca fault system is a complex zone of shear delineated by three or more subparallel wrench fault zones in the eastern part of the inner borderland. The westernmost San Diego Trough-Bahia Soledad fault zone consists of relatively long (50 km), continuous, main fault traces which cut the Quaternary sediments of the nearshore basin trough. The Coronado Bank-Agua Blanca fault zone is more complicated, with numerous discontinuous, subparallel, right- and left-stepping, anastomosing fault traces which are associated with significant structural relief. A nearshore zone of faults, marked by the Newport-Inglewood-Rose Canyon fault zone in the north and the Estero-Descanso fault zone in the south, parallels the coast and defines the eastern boundary of the California continental borderland structural province. All of these eastern fault zones merge into the transpeninsular Agua Blanca fault, and their N30/sup 0/W trend differs substantially from the trend of the major peninsular ranges fault zones.

Due to the beamline space constrictions and the modular design of the vacuum system, a conventional bellows can not be used everywhere in the PEP-II High-Energy Ring (HER) arcs. A zero-length ``Flex Flange`` was developed which actually performs better than a more standard bellows. The Flex Flange fits the space available while still preserving the modularity of the system. Furthermore, the design provides for an accurate match-up between adjoining octagonal copper chambers despite the large fabrication and assembly tolerances and high operational loads. Beam chamber continuity is ensured by an integral RF seal ring which is easy to install and fault-tolerant. Heating from synchrotron radiation and higher-order mode trapping is managed to ensure a robust connection despite the 3,000 mA beam current of the PEP-II HER. The Flex Flange concept is versatile and adaptable to many applications, yet economical both in space needed and cost.

This paper presents an interconnect resilient (IR) methodology with maximal interconnect fault tolerance, yield, and reliability for both single and multiple interconnect faults under stuck-at and open fault models. By exploiting multiple routes inherent in an interconnect structure, this method can tolerate faulty connections by efficiently finding alternative paths. The proposed approach is compatible with previous interconnect detection and diagnosis methods under oscillation ring schemes, and together they can be applied to implement a robust interconnect structure that may still provide correct communication even under multiple link faults in Network-on-Chips (NoCs). With such knowledge, designers can significantly improve interconnect reliability by augmenting vulnerable interconnect structures in NoCs. As a result, the experimental results show that alternative paths in NoCs can be found for almost all paths. Hence, the proposed method provides a good way to achieve fault tolerance and reliability/yield improvement.   

Motivated from the well-known problem of establishing efficient diagnostic techniques for detecting faults in fault-tolerant computer systems we study a problem for computing majority with restricted tests in a set of items of two types (e.g., faulty and non-faulty). Stated in a more abstract form, consider a bin containing n balls colored with two colors. In a k-query, k balls are selected by a questioner and an oracle gives an answer which (depending on the computation model being considered) is related to the distribution of colors of the balls in this k-tuple. The oracle never reveals the colors of the individual balls. Following a number of queries and answers the questioner is said to determine majority if either (1) it can output a ball of the majority color provided that such a col...

As High-End Computing machines continue to grow in size, issues such as fault tolerance and reliability limit application scalability. Current techniques to ensure progress across faults, like checkpoint-restart, are unsuitable at these scale due to excessive overheads predicted to more than double an applications time to solution. Redundant computation, long used in distributed and mission critical systems, has been suggested as an alternative to checkpoint-restart on its own. In this paper we describe the rMPI library which enables portable and transparent redundant computation for MPI applications. We detail the design of the library as well as two replica consistency protocols, outline the overheads of this library at scale on a number of real-world applications, and finally outline the significant increase in an applications time to solution at extreme scale as well as show the scenarios in which redundant computation makes sense.

The objective of the methods within the framework of the plug and play process control and particularly fault tolerant control is to establish control techniques which guarantee a certain performance through control reconfiguration at the occurrence of the faults or changes. These methods cannot be effective if sufficient redundancy does not exist in the process. A measure for control reconfigurability which reveals the level of redundancy in connection with feedback control is proposed in this paper for bilinear systems. The proposed control reconfigurability measure is the extension of its gramian-based analogous counterpart, which has been previously proposed for the linear processes. The control reconfigurability is calculated for the bilinear models of an electro-hydraulic drive to show its relevance to redundant actuating capabilities in the models.

GPGPUs are increasingly being used to as performance accelerators for HPC (High Performance Computing) applications in CPU/GPU heterogeneous computing systems, including TianHe-1A, the world's fastest supercomputer in the TOP500 list, built at NUDT (National University of Defense Technology) last year. However, despite their performance advantages, GPGPUs do not provide built-in fault-tolerant mechanisms to offer reliability guarantees required by many HPC applications. By analyzing the SIMT (single-instruction, multiple-thread) characteristics of programs running on GPGPUs, we have developed PartialRC, a new checkpoint-based compiler-directed partial recomputing method, for achieving efficient fault recovery by leveraging the phenomenal computing power of GPGPUs. In this paper, we introdu...

typically provide a greater degree of robustness or fault tolerance than the von Neu- mann sequential ... The learning schemes of a Learning Fuzzy Logic Con- ...... HQPfieid Neural Nets for Pattern Classification, MIT Lincoln Laboratory Techni- ...

Aug 31, 2011 ... I am currently in the US Navy as a nuclear propulsion officer candidate, ... My interests include robotics, artificial intelligence, and fault tolerant controls. ... Map with a Back-Propagation Neural Network in order to detect and ...

With respect to scalability and arbitrary topologies of the underlying networks in multiprogramming and multithread environment, fault tolerance in acknowledged ATAB and concurrent communications become a challenge to reliable general wormhole routing multicompter with arbitrary topologies. In this ...

One important issue in the motion planning of a kinematic redundant manipulator is fault tolerance. In general, if the motion planner is fault tolerant, the manipulator can achieve the required path of the end-effector even when its joint fails. In this situation, the contribution of the faulty joint to the end-effector is required to be compensated by the healthy joints to maintain the prescribed end-effector trajectory. To achieve this, this paper proposes a fault-tolerant motion planning scheme by adding a simple fault-tolerant equality constraint for the faulty joint. Such a scheme is then unified into a quadratic program (QP), which incorporates joint-physical constraints such as joint limits and joint-velocity limits. In addition, a numerical computing solver based on linear variatio...

We present and analyze protocols for fault-tolerant quantum computing using color codes. We present circuit-level schemes for extracting the error syndrome of these codes fault-tolerantly. We further present an integer-program-based decoding algorithm for identifying the most likely error given the syndrome. We simulated our syndrome extraction and decoding algorithms against three physically-motivated noise models using Monte Carlo methods, and used the simulations to estimate the corresponding accuracy thresholds for fault-tolerant quantum error correction. We also used a self-avoiding walk analysis to lower-bound the accuracy threshold for two of these noise models. We present and analyze two architectures for fault-tolerantly computing with these codes: one with 2D arrays of qubits are stacked atop each other and one in a single 2D substrate. Our analysis demonstrates that color codes perform slightly better than Kitaev's surface codes when circuit details are ignored. When these details are considered, w...

The gas turbine industry has a continued interest in improving engine ... The fault -tolerant magnetic bearing test facility was upgraded to operate to .... to create an ultraefficient, clean, intelligent, versatile, and durable gas turbine engine.

Battle Management and Command, Control and Communications (BM/C3) issues in the Strategic Defense Initiative (SDI) context were discussed at a two-day workshop at the Institute for Defense Analyses (IDA). Another workshop-probed civilian systems that require handling of large amounts of data and that have fault-tolerant features that may be useful in resolving the SDI BM/C3 problems. The findings are summarized in this report, with special emphasis on possible research to be supported by the Innovative Science and Technology Office of SDIO.

Database replication is widely used for fault-tolerance, scalability and performance. The failure of one database replica does not stop the system from working as available replicas can take over the tasks of the failed replica. Scalability can be achieved by distributing the load across all replicas, and adding new replicas should the load increase. Finally, database replication can provide fast local access, even if clients are geographically distributed clients, if data copies are located close to clients. Despite its advantages, replication is not a straightforward technique to apply, and

During the six month tenure of the grant, activities included continued research of hydrostatic bearings as a viable backup-bearing solution for a magnetically levitated shaft system in extreme temperature environments (1000 F), developmental upgrades of the fault-tolerant magnetic bearing rig at the NASA Glenn Research Center, and assisting in the development of a conical magnetic bearing for extreme temperature environments, particularly turbomachinery. It leveraged work from the ongoing Smart Efficient Components (SEC) and the Turbine-Based Combined Cycle (TBCC) program at NASA Glenn Research Center. The effort was useful in providing technology for more efficient and powerful gas turbine engines.

Summary form only given, substantially as follows. The authors describe the structure of multiprocessor special computers necessary for application to analysis for and control of networks. The processors are made as separate uniform computers. These processors are unified in the structure similar to the researching networks in the processes of the problem's decision. The principles of operation of the all-digital communication-and-switching system between the processors permit quick changes of the configuration of the problem. It is basis for construction of the computer survivability. The parallel special computer can survive under the different components failures. These computers are quite effective for the control different fault-tolerant networks and objects.

We are developing software to explore the fault tolerance of quantum dot cellular automata gate architectures in the presence of manufacturing variations and device defects. The Topology Optimization Methodology using Applied Statistics (TOMAS) framework extends the capabilities of the A Quantum Interconnected Network Array Simulator (AQUINAS) by adding front-end and back-end software and creating an environment that integrates all of these components. The front-end tools establish all simulation parameters, configure the simulation system, automate the Monte Carlo generation of simulation files, and execute the simulation of these files. The back-end tools perform automated data parsing, statistical analysis and report generation.

In this paper, we present a new protocol for optimistic rollback recovery in distributed systems. This protocol is completely asynchronous, minimizes rollback, and is independent of any particular underlying distributed computation to be made fault tolerant. This protocol improves on earlier work in asynchronous optimistic rollback recovery in that previous protocols either sacrificed some of these properties or required larger timestamps. Furthermore, we establish that this protocol is optimal, in that no rollback recovery protocol can achieve these properties and have asymptotically smaller timestamps.

The main purpose of this work has been to achieve active fault-tolerance in control systems, defined as a methodology where fault detection and isolation techniques are combined with supervisory control to achieve autonomous accommodation of faults before they develop into failures. The aim of this work has been to develop and employ concepts and methods that are suitable for use in different automation processes, with applicability in various industrial fields. The requirements for high productivity and quality has resulted in employing additional instrumentation and use of more sophisticated control algorithms. The drawback is, however, that these control systems have become more vulnerable to even simple faults in instrumentation. On the other hand, due to cost-optimality requirements, an extensive use of hardware redundancy has been prohibited. Nevertheless, the dependency and availability could be increased through enhancing control systems' ability to on-line perform fault detection and reconfiguration when a fault occurs and before a safety system shuts-down the entire process. The main contributions of this research effort are development and experimentation with methodologies for systematic analysis of reconfiguration and design of supervisor logic. In addition, useful experience is obtained through implementation of a fault-tolerant control scheme against a simulated ship and its propulsion system. A development methodology, which was suggested in the Control Engineering Department, is extended to cope with the important reconfiguration problem. In order to enable a designer to acquire knowledge about reconfiguration possibilities, the structural analysis method is added as an extension to the existing methodology. This extension builds upon the earlier method where fault propagation and severity analysis are the essential parts. Structural analysis (SA) enables the designer to distinguish between the parts of the systems with no redundant information and the parts with possible redundant information. This method, hence, provides the designer with information, which is necessary during the selection of remedial actions. Furthermore, it is shown how sensor information fusion is obtained by using the SA method. The construction of the supervisor's decision logic is essential for the active form of fault-tolerant control. In this regard, two approaches has been presented. The first aims at constructing the decision logic in form of a ``language''. This language is obtained as a direct result of the component based approach, presented in this thesis. This approach is based on the definition of a functional component, components placement in a control system hierarchy and the definition of system level hierarchy. The supervisor language includes all valid strings, representing the combination of valid components, that keep the system functional. This approach is simple and can be automated. In the second approach, implementation of supervisor functionality is realized on the basis of an extension to the traditional state-event machines. Due to parallelity (inherent modularity) the supervisor logic is more easily modified, updated, maintained, and tested. A salient feature is that a change in one task only necessitates redesign of essentially one corresponding state-event machine (SEM). A heuristic guideline is provided for designing the logic in form of SEMs. A ship propulsion system benchmark has been designed and used as a case study. This includes experimentation with the above methodologies and implementation of a fault-tolerant control against the simulation. Four generic faults have been considered. It has been shown how the SA method is easily employed to generate analytical redundancy relations, which in turn are then used for FDI purposes. Three different methods are used to generate residuals. These methods are: simple numerical calculation, a non-linear observer, and a Neuro-Fuzzy method. Employment of each method follows the assumption about the available system information. The results show that it is possible to detect and identify the faults. Obtained results emphasizes the significance of acquiring detailed knowledge about the system behavior during non-faulty as well as faulty situations. Using the structural model of the system, it is illustrated how to perform sensor information fusion when a sensor fault occurs. It is finally shown how the decision logic of the supervisor for the benchmark is designed. Main results in this dissertation have been presented at international conferences and parts of the dissertation have also been published in international journals.

A study was performed to develop a fluid system design and show the feasibility of constructing an integrated modular engine (IME) configuration, using an expander cycle engine. The primary design goal of the IME configuration was to improve the propulsion system reliability. The IME fluid system was designed as a single fault tolerant system, while minimizing the required fluid components. This study addresses the design of the high pressure manifolds, turbopumps and thrust chambers for the IME configuration. A physical layout drawing was made, which located each of the fluid system components, manifolds and thrust chambers. Finally, a comparison was made between the fluid system designs of an IME system and a non-network (clustered) engine system.

In this paper, the fault tolerant control problem is addressed in a networked framework. An isolation filter together with a fault compensation mechanism are proposed for FDI/FTC. Several design procedures are studied. First, in the centralized architecture, the inputs and outputs information used f...

Advanced control schemes can be used to optimize energy production and cost of energy in modern wind turbines. These control schemes most often rely on wind speed estimations. These designs of wind speed estimators are, however, not designed to be fault tolerant towards faults in the used sensors. I...

In this paper the authors investigate the robustness of Artificial Neural Networks when encountering transient modification of information bits related to the network operation. These kinds of faults are likely to occur as a consequence of interaction with radiation. Results of tests performed to evaluate the fault tolerance properties of two different digital neural circuits are presented.

A new technology gyro, the hemispherical resonator gyro (HRG), has been developed which is ideally suited to strapdown navigation systems. The instrument offers greater reliability than current sensors due to its inherent simplicity. A fault-tolerant navigation system has been developed as a technology testbed to exhibit the instrument's capabilities. A successful flight test program of the system was completed in late 1989. This fault-tolerant navigation system is configured with six independent sensor channels consisting of paired gyros and accelerometers. Each sensor channel utilizes a microprocessor, programmed in C, to control sensor readout and compensate for thermal errors. A central navigation processor, programmed in Ada, combines data from the independent sensor channels to provide redundancy management and an optimized navigation solution. A dodecahedron mounting structure for the instrument cluster provides an optimum alignment of the redundant inertial axes. Redundancy management of the sensors is accomplished by an enhanced generalized likelihood test. Key features demonstrated for the HRG navigator are rapid reaction, operation over a wide temperature range, and navigation accuracy.

TDAQ system requires a comprehensive and flexible control system. Its role ranges from the so-called run-control, e.g. starting and stopping the data taking, to error handling and fault tolerance. It also includes initialization and verification of the overall system. Following the traditional approach a hierarchical system of customizable controllers has been proposed. For the final system all functionality will be therefore available in a distributed manner, with the possibility of local customization. After a technology survey the open source expert system CLIPS has been chosen as a basis for the implementation of the supervision and the verification system. The CLIPS interpreter has been extended to provide a general control framework. Other ATLAS Online software components have been integrated as plug-ins and provide the mechanism for configuration and communication. Several components have been implemented sharing this technology. The dynamic behavior of the individual component is fully described by th...

Project EOS is studying the problems of building adaptable real-time embedded operating systems for the scientific missions of NASA. Choices (A Class Hierarchical Open Interface for Custom Embedded Systems) is an operating system designed and built by Project EOS to address the following specific issues: the software architecture for adaptable embedded parallel operating systems, the achievement of high-performance and real-time operation, the simplification of interprocess communications, the isolation of operating system mechanisms from one another, and the separation of mechanisms from policy decisions. Choices is written in C++ and runs on a ten processor Encore Multimax. The system is intended for use in constructing specialized computer applications and research on advanced operating system features including fault tolerance and parallelism.

Providing fault tolerance in high-end petascale systems, consisting of millions of hardware components and complex software stacks, is becoming an increasingly challenging task. Checkpointing continues to be the most prevalent technique for providing fault tolerance in such high-end systems. Considerable research has focussed on optimizing checkpointing; however, in practice, checkpointing still involves a high-cost overhead for users. In this paper, we study the checkpointing overhead seen by various applications running on leadership-class machines like the IBM Blue Gene/P at Argonne National Laboratory. In addition to studying popular applications, we design a methodology to help users understand and intelligently choose an optimal checkpointing frequency to reduce the overall checkpointing overhead incurred. In particular, we study the Grid-Based Projector-Augmented Wave application, the Carr-Parrinello Molecular Dynamics application, the Nek5000 computational fluid dynamics application and the Parallel Ocean Program application-and analyze their memory usage and possible checkpointing trends on 65,536 processors of the Blue Gene/P system.

We present an economical and fault-tolerant load balancing strategy (EFTLBS) based on an operator replication mechanism and a load shedding method, that fully utilizes the network resources to realize continuous and highly-available data stream processing without dynamic operator migration over wide area networks. In this paper, we first design an economical operator distribution (EOD) plan based on a bin-packing model under the constraints of each stream bandwidth as well as each server's CPU capacity. Next, we devise super-operator (SO) that load balances multi-degree operator replicas. Moreover, for improving the fault-tolerance of the system, we color the SOs based on a coloring bin-packing (CBP) model that assigns peer operator replicas to different servers. To minimize the effects of input rate bursts upon the system, we take advantage of a load shedding method while keeping the QoS guarantees made by the system based on the SO scheme and the CBP model. Finally, we substantiate the utility of our work through experiments on ns-3.   

Various papers on control are presented. The general topics considered include: simulation and computational methods; linear systems and control; control of flexible structures; intelligent control systems; industrial control systems; computer-aided control engineering; robust adaptive control; frequency-domain methods; filtering, estimation, and tracking; optimization of discrete event systems; trajectory control of robot manipulators; digital signal processsing in process control; control of batch processes; robustness of state space models; stable factorization; aircraft and spacecraft guidance; model order reduction; computer networking of real-time control; and advances in automatic control education. Also addressed are: implementation of adaptive and self-tuning controls in machining, eigenvalue/eigenstructure assignment, robust nonlinear control of manipulators, redundant robot control, fault detection, ACES control theory and verification, decentralized control, damage-tolerant flight control systems, neural networks in control, distributed parameter and time-delay systems, and robust stabilization and control.

There are various multitudinous faults in Dongpu depression, which are closely related to oil and gas resources; therefore, fault interpretation is of great importance in structure research. The fault interpretation needs to not only consider the pattern of fault system but also pay attention to the interpretation skill. In terms of the sectional feature and lateral distribution, the faults in Dongpu depression can be grouped under four heads: graben fault system, antithetic fault system, synthetic fault system and terrace fault system. The essential skill for fault interpretation includes two points: the good identification of faulting points on seismic section, and the reasonable link of relevant faulting points on base map. The key measures the authors must take in linking relevant faulting points on base map are (1) the full consideration of aeral geological structure trend (major structure trend being considered first), (2) integrative analysis of base map and sections, (3) the application of fault cutting principle and (4) referring to cross line sections. Besides, drilling data should be used to make good fault interpretation.

Power consumption on big clusters is an important component of the operation cost of the data center, in particular, it increases the total cost of ownership (TCO). In this way, the implementation and usage of power optimization algorithms is crucial for an economic-wise management of the data center. The power manager introduced in this work is based on a dynamic provisioning algorithm autonomically managed that reduces human interactions and makes the system able to run using less energy and respond to errors automatically, as well. In addition, fault tolerance on big data centers is essential for the optimization of its usage and the warranty the coherence and consistency of the data al the process made on that data center. In a cluster whose nodes are dynamically provisioned, and which its topology is managed by a load balancing element, it is possible to take advantage of this feature to replace nodes with issues when free nodes are available. This work presents a fault tolerance system that integrates w...

The Network-on-Chip (NoC) is limited by the reliability constraint, which impels us to exploit the fault-tolerant routing. Generally, there are two main design objectives: tolerating more faults and achieving high network performance. To this end, we propose a new multiple-round dimension-order routing (NMR-DOR). Unlike existing solutions, besides the intermediate nodes inter virtual channels (VCs), some turn-legally intermediate nodes inside each VC are also utilized. Hence, more faults are tolerated by those new introduced intermediate nodes without adding extra VCs. Furthermore, unlike the previous solutions where some VCs are prioritized, the NMR-DOR provides a more flexible manner to evenly distribute packets among different VCs. With extensive simulations, we prove that the NMR-DOR maximally saves more than 90% unreachable node pairs blocked by faults in previous solutions, and significantly reduces the packet latency compared with existing solutions.   

Imaging of the sea floor offshore from Hartland Point (north Devon, U.K.), using high resolution multibeam bathymetry, reveals a strike-slip fault network. This consists of NE-trending left-lateral faults and NW-trending right-lateral faults that cut folded and steeply dipping strata (~ 60°). Faults were accurately mapped using the multibeam imagery, and lateral separations of marker beds measured along fault traces. These data are used to examine the spatial arrangement, fault displacement, and strain distribution within the network at different displacement cut-offs.At high displacement cut-offs, the fault network is dominated by a few long isolated right-lateral fault segments that bound fault blocks, but at lower displacement cut-offs shorter left-lateral and right-lateral fault segments make up fault tips and infill fault blocks. The majority (70%) of fault trace-length is taken up by small fault segments that have fault segments with > 10 m displacement. The topology and relative connectivity of the network is analysed in terms of a system of fault branches between tips (I-nodes) or intersections (X or Y-nodes), the relative proportions of which reflect the connectivity of the network. Although the kinematic behaviour of the fault network is controlled by large fault segments, connectivity is very dependent on the small fault segments.A comparison with a similar, nearby, strike-slip fault network at Westward Ho! (north Devon) shows many similarities and indicates that fault networks are better connected with increasing strain and that the network becomes better connected when strain is localized within damage zones rather than on individual faults.

In this research, we first define protocol subsets for SMART(System-integrated Modular Advanced Reactor) communication network based on the requirement of SMART MMIS transmission delay and traffic requirements and OSI(Open System Interconnection) 7 layers' network protocol functions. Also, current industrial purpose LAN protocols are analyzed and the applicability of commercialized protocols are checked. For the suitability test, we have applied approximated SMART data traffic and maximum allowable transmission delay requirement. With the simulation results, we conclude that IEEE 802.5 and FDDI which is an ANSI standard, is the most suitable for SMART. We further analyzed the FDDI and token ring protocols for SMART and nuclear plant network environment including IEEE 802.4, IEEE 802.5, and ARCnet. The most suitable protocol for SMART is FDDI and FDDI MAC and RMT protocol specifications have been verified with LOTOS and the verification results show that FDDI MAC and RMT satisfy the reachability and liveness, but does not show deadlock and livelock. Therefore, we conclude that FDDI MAC and RMT is highly reliable protocol for SMART MMIS network. After that, we consider the stacking fault of IEEE 802.5 token ring protocol and propose a fault tolerant MAM(Modified Active Monitor) protocol. The simulation results show that the MAM protocol improves lower priority traffic service rate when stacking fault occurs. Therefore, proposed MAM protocol can be applied to SMART communication network for high reliability and hard real-time communication purpose in data acquisition and inter channel network. (author). 37 refs., 79 figs., 39 tabs.

In this paper a scheme is presented for preventing violations of control signal constraints in a class of coupled systems. The scheme is an add-on solution to the existing control system; it works like a fault tolerant scheme, by accommodating the problem then occurring. The proposed scheme recomputes the reference values to the system such that control signal constraint violations are avoided. The new reference values are found using an energy balance of the system. The scheme is intended to handle rarely occurring constraint violations, so the only concern is that the system should be stable and not to optimize performance during all conditions. The scheme is applied to an example with a coal mill pulverizing coal for a power plant.