This project is developing a framework for designing dependable systems. DEPEND is a simulation-based environment that supports the design of systems for fault tolerance and high availability. It takes as inputs both VHDL and C++ system description and produces as output dependability characteristics including fault coverage, availability and performance. At the core of DEPEND are simulation engines supported by a fault injector, a set of fault dictionaries and component libraries. The fault injector provides mechanisms to inject faults. The component libraries contain model-building blocks with detailed functional descriptions and characteristics. The fault dictionaries embody possible fault effects of the given fault types, devices and circuits.
DEPEND employs a hierarchical modeling and simulation approach (see Figure 1) that is intended to allow design evaluation starting with device-level, physical constructs and proceeding through the chip-level, functional behavior and up to system-level dependability. Fault effects at the higher levels, such as the chip or system, are simulated using fault dictionaries derived at the lower levels, such as a device or a gate.
Figure 1: Simulation
Hierarchy in the DEPEND Environment
This approach allows realistic
faults to be injected into the system. The primary
(low-level) fault dictionaries are created using
transistor- and logic-level simulation. Faults are injected
at the physical device level by emulating the effects of
heavy ions and alpha particles using a 3D device simulator
DESSIS (device level) and the SPICE simulator (transistor
level). The proper variation of the energy and the angle of
incidence of the ionizing particles simulates realistic
effects in an iterative fashion. Simulations are done on
various sub-micron logic gate circuits.
Currently we are refining the design framework and tools
based on the use of compiler techniques and fault libraries
to enhance performance. We are developing new fault models
and fault dictionaries with different circuits and
technology. The capabilities of the design framework are
demonstrated by examples, such as one based on the Myrinet
high-speed network.
DEPEND has been used to evaluate several systems including
an embedded jet-engine controller, the Myrinet host
interface, and several commercial fault-tolerant
architectures, such as the Tandem Integrity System and
Lucent Technologies' Bell Labs Distributed System for
Telecommunication Services. DEPEND and the DEPEND
simulation methodology are licensed by the University of
Illinois to SUN Microsystems, Lucent Technologies,
Honeywell, Raytheon, Tandem and Ansaldo (the parent company
of Union Switching Company).
Future research will address development and implementation
of a high-speed simulation engine with the potential for
using hardware simulation support. A demonstration of the DEPEND environment
is available.