Coverage Modeling for Dependability Analysis of Faulttolerant Systems

Several different models for predicting coverage in a faulttolerant system are discussed, including models for permanent, intermittent, and transient errors. Markov, semi-Markov, nonhomogeneous Markov, and extended stochastic Petri net models for computing coverage are developed. Two types of events which interfere with recovery are examined; methods for modeling such events (applicable if the events are deterministic or random) are given. The sensitivity of system reliability/availability to the coverage parameter and the sensitivity of the coverage parameter to various error handling strategies are investigated. Particularly, we discovered that a policy of attempting transient recovery upon detection of an error (as opposed to automatically reconfiguring the affected component out of the system) may actually increase the unreliability of the system. This result is true if the error detectability is not nearly perfect, so that the risk of producing an undetectable error (if the transient error is still present) is greater than the benefit gained by not discarding the component. © 1989 IEEE