Khaza Anuarul Hoque

Towards an accurate reliability, availability and maintainability analysis approach for satellite systems based on probabilistic model checking

From navigation to telecommunication, and from weather forecasting to military, or entertainment services-satellites play a major role in our daily lives. Satellites in the Medium Earth Orbit (MEO) and geostationary orbit have a life span of 10 years or more. Reliability, Availability and Maintainability (RAM) analysis of a satellite system is a crucial part at their design phase to ensure the highest availability and optimized reliability. This paper shows the formal modeling and verification of RAM related properties of a satellite system. In a previously reported approach, time between possible failures and time between repairs are assumed to follow an exponential distribution, which does not represent a realistic scenario. In contrast, in our work, discrete time delays in the classical Continuous Time Markov Chain (CTMC) are approximated using the Erlang distribution. This is done by approximating nonexponential holding time with several intermediate states based on a phase type distribution. The RAM properties are then verified using the PRISM model checker. We present and compare modeling results with those obtained with a previously reported approach that demonstrate an improved modeling accuracy.

Early Analysis of Soft Error Effects for Aerospace Applications Using Probabilistic Model Checking

SRAM-based FPGAs are increasingly popular in the aerospace industry for their field programmability and low cost. However, they suffer from cosmic radiation induced Single Event Upsets (SEUs), commonly known as soft errors. In safety-critical applications, the dependability of the design is a prime concern since failures may have catastrophic consequences. An early analysis of dependability and performance of such safety-critical applications can reduce the design effort and increases the confidence. This paper introduces a novel methodology based on probabilistic model checking, to analyze the dependability and performability properties of safety-critical systems for early design decisions. Starting from a high-level description of a model, a Markov reward model is constructed from the Control Data Flow Graph (CDFG) of the system and a component characterization library targeting FPGAs. Such an exhaustive model captures all the failures and repairs possible in the system within the radiation environment. We present a case study based on a benchmark circuit to illustrate the applicability of the proposed approach and to demonstrate that a wide range of useful dependability and performability properties can be analyzed using our proposed methodology.

Probabilistic model checking based DAL analysis to optimize a combined TMR-blind-scrubbing mitigation technique for FPGA-based aerospace applications

SRAM-based FPGAs are increasingly popular in the aerospace industry for their field programmability and low cost. However, they suffer from cosmic radiation induced Single Event Upsets (SEUs), commonly known as soft errors. In safety-critical applications, the dependability of the design is a prime concern since failures may have catastrophic consequences. An early analysis of dependability of such safety-critical applications will enable designers to develop a design that meets the high availability and reliability requirements of the DO-254 standard. This paper introduces a novel methodology based on probabilistic model checking, to analyze the dependability properties of safety-critical systems and to suggest required mitigation techniques, such as Triple Modular Redundancy (TMR) or TMR with less frequent scrubs for early design decisions. Starting from a high-level description of a system, a Markov model is constructed from the Control Data Flow Graph (CDFG) expressing the functionality and from failure/mitigation parameters for the targeted FPGAs. Such an exhaustive model captures all the failures and repairs possible in the system within the radiation environment. We present a case study on a benchmark circuit to illustrate the applicability of the proposed approach to demonstrate that a wide range of useful dependability properties can be analyzed using our proposed methodology.

Formal analysis of fault tree using probabilistic model checking: A solar array case study

Fault Tree Analysis (FTA) is a widespread technique used to assess the reliability of safety-critical systems. The traditional way of conducting FTA is either through paper and pencil proof or through computer simulation techniques, which are inefficient and prone to inaccuracy. In this paper, we propose the use of probabilistic model checking to automatically analyze fault trees of safety-critical systems. Our methodology consists in the probabilistic formalization of the gates used in a fault tree to a Discrete-Time Markov Chain (DTMC) and a Markov Decision Process (MDP), and the subsequent probabilistic verification using PRISM tool to quantitatively analyze the system. To illustrate the proposed approach we perform the fault tree analysis of a solar array system, used as power source for the DFH-3 satellite. The results show that harsh thermal environment is the main cause of system failures.

MDG-SAT: an automated methodology for efficient safety checking

Multiway decision graph (MDG) is a canonical representation of a subset of many-sorted first-order logic. It generalises the logic of equality with abstract types and uninterpreted function symbols. The area of satisfiability (SAT) has been the subject of intensive research in recent years, with significant theoretical and practical contributions. In this paper, we propose a new design verification tool integrating MDG and SAT, to check the safety of a design by invariant checking. Using MDG to encode the set of states provides a powerful mean of abstraction. We use a SAT solver to search for paths of reachable states violating the property under certain encoding constraints. In addition, we introduce an automated conversion-verification methodology to convert a directed formula (DF) into a conjunctive normal form (CNF) formula that can be fed to a SAT solver. The formal verification of this conversion is conducted within the HOL theorem prover. Finally, we present experimental results and a case study to show the correctness and the efficiency of our proposed methodology.

Formal analysis of SEU mitigation for early dependability and performability analysis of FPGA-based space applications

Abstract SRAM-based FPGAs are increasingly popular in the aerospace industry due to their field programmability and low cost. However, they suffer from cosmic radiation induced Single Event Upsets (SEUs). In safety-critical applications, the dependability of the design is a prime concern since failures may have catastrophic consequences. An early analysis of the relationship between dependability metrics, performability-area trade-off, and different mitigation techniques for such applications can reduce the design effort while increasing the design confidence. This paper introduces a novel methodology based on probabilistic model checking, for the analysis of the reliability, availability, safety and performance-area tradeoffs of safety-critical systems for early design decisions. Starting from the high-level description of a system, a Markov reward model is constructed from the Control Data Flow Graph (CDFG) and a component characterization library targeting FPGAs. The proposed model and exhaustive analysis capture all the failure states (based on the fault detection coverage) and repairs possible in the system. We present quantitative results based on an FIR filter circuit to illustrate the applicability of the proposed approach and to demonstrate that a wide range of useful dependability and performability properties can be analyzed using the proposed methodology. The modeling results show the relationship between different mitigation techniques and fault detection coverage, exposing their direct impact on the design for early decisions.

Applying formal verification to early assessment of FPGA-based aerospace applications: Methodology and experience

SRAM-based Field Programmable Gate Arrays (FP-GAs) have been used in the aerospace application for more than a decade. Unfortunately, a significant disadvantage of these devices is their sensitivity to radiation effects that can cause bit flips in memory elements and ionisation induced faults in semiconductors, commonly known as Single Event Upsets (SEUs). An early dependability analysis on SRAM FPGA-based safety-critical application will enable the designers to develop a more reliable and robust design complying with design requirements, such as the DO-254 standard. We propose a methodology based on probabilistic model checking, to analyze the dependability and performability properties of such designs to guide design decisions. Probabilistic model checking is a well known formal verification technique, and the main advantage is that the analysis is exhaustive, which results in numerically exact answers to the temporal logic queries that contrast with discrete-event simulations. In the proposed methodology, starting from the high-level description of a system, a Markov (reward) model is constructed from the extracted Control Data Flow Graph (CDFG). Various dependability and performability related properties are then verified automatically using the PRISM model checker tool.

An automated SAT encoding-verification approach for efficient model checking

In this paper, we introduce an automated conversion-verification methodology to convert a Directed Formula (DF) into a Conjunctive Normal Form (CNF) formula that can be fed to a SAT solver. In addition, the formal verification of this conversion is conducted within the HOL theorem prover. Finally, we conduct experimental results with different-sized formulas to show the effectiveness of our methodology.

SAT based model checking for MDG models

Multiway Decision Graph (MDG) is a canonical representation of a subset of many-sorted first-order logic. It generalizes the logic of equality with abstract types and uninterpreted function symbols. The area of Satisfiability (SAT) ha s been the subject of intensive research in recent years, with significant theoretical and practical contributions. From a practical perspective, a large number of very effective SAT solvers have recently been proposed, most of which based on improvements made to the original Davis-Putnam algorithm. Local search algorithms have allowed solving extremely large satisfiable instances of SAT. The combination between various verification methodologies will enhance the capabilities of each and overcome their limitations. In this paper, we introduce a model checking methodology for MDG based models using MDG tool and SAT solver. We use SAT solver searching for feasible paths of reachable states satisfying the property under certain encoding constraints. Finally, we provide a case study showing the correctness and the efficiency of our approach.

Dependability Modeling and Optimization of Triple Modular Redundancy Partitioning for SRAM-based FPGAs

Abstract SRAM-based FPGAs are popular in the aerospace industry for their field programmability and low cost. However, they suffer from cosmic radiation-induced Single Event Upsets (SEUs). Triple Modular Redundancy (TMR) is a well-known technique to mitigate SEUs in FPGAs that is often used with another SEU mitigation technique known as configuration scrubbing. Traditional TMR provides protection against a single fault at a time, while partitioned TMR provides improved reliability and availability. In this paper, we present a methodology to analyze TMR partitioning at early design stage using probabilistic model checking. The proposed formal model can capture both single and multiple-cell upset scenarios, regardless of any assumption of equal partition sizes. Starting with a high-level description of a design, a Markov model is constructed from the Data Flow Graph (DFG) using a specified number of partitions, a component characterization library and a user defined scrub rate. Such a model and exhaustive analysis captures all the considered failures and repairs possible in the system within the radiation environment. Various reliability and availability properties are then verified automatically using the PRISM model checker exploring the relationship between the scrub frequency and the number of TMR partitions required to meet the design requirements. Also, the reported results show that based on a known voter failure rate, it is possible to find an optimal number of partitions at early design stages using our proposed method.SRAM-based FPGAs are popular in the aerospace industry for their field programmability and low cost. However, they suffer from cosmic radiation-induced Single Event Upsets (SEUs). Triple Modular Redundancy (TMR) is a well-known technique to mitigate SEUs in FPGAs that is often used with another SEU mitigation technique known as configuration scrubbing. Traditional TMR provides protection against a single fault at a time, while partitioned TMR provides improved reliability and availability. In this paper, we present a methodology to analyze TMR partitioning at early design stage using probabilistic model checking. The proposed formal model can capture both single and multiple-cell upset scenarios, regardless of any assumption of equal partition sizes. Starting with a high-level description of a design, a Markov model is constructed from the Data Flow Graph (DFG) using a specified number of partitions, a component characterization library and a user defined scrub rate. Such a model and exhaustive analysis captures all the considered failures and repairs possible in the system within the radiation environment. Various reliability and availability properties are then verified automatically using the PRISM model checker exploring the relationship between the scrub frequency and the number of TMR partitions required to meet the design requirements. Also, the reported results show that based on a known voter failure rate, it is possible to find an optimal number of partitions at early design stages using our proposed method.