DEPEND: A Hierarchical Framework for Designing Dependable Systems

This project is developing a framework for designing dependable systems. DEPEND is a simulation-based environment that supports the design of systems for fault tolerance and high availability. It takes as inputs both VHDL and C++ system description and produces as output dependability characteristics, including fault coverage, availability, and performance. At the core of DEPEND are simulation engines supported by a fault injector, component libraries, and a set of fault dictionaries. The fault injector provides mechanisms to inject faults. The component libraries contain model-building blocks with detailed functional descriptions and characteristics. The fault dictionaries embody possible fault effects of the given fault types, devices, and circuits.

DEPEND employs a hierarchical modeling and simulation approach (see Figure 1) that is intended to allow design evaluation, starting with device-level, physical constructs and proceeding through the chip-level, functional behavior, and up to system-level dependability. Fault effects at the higher levels, such as the chip or system, are simulated using fault dictionaries derived at the lower levels, such as a device or a gate.

Figure 1: Simulation Hierarchy in the DEPEND Environment

This approach allows realistic faults to be injected into the system. The primary (low-level) fault dictionaries are created using transistor- and logic-level simulation. Faults are injected at the physical device level by emulating the effects of heavy ions and alpha particles using a 3D device simulator DESSIS (device level) and the SPICE simulator (transistor level). The proper variation of the energy and the angle of incidence of the ionizing particles simulates realistic effects in an iterative fashion. Simulations are done on various submicron logic gate circuits.

Currently, we are refining the design framework and tools based on the use of compiler techniques and fault libraries to enhance performance. We are developing new fault models and fault dictionaries with different circuits and technology. The capabilities of the design framework are demonstrated by examples, such as one based on the Myrinet high-speed network.

DEPEND has been used to evaluate several systems, including an embedded jet-engine controller, the Myrinet host interface, and several commercial fault-tolerant architectures, such as the Tandem Integrity System and Lucent Technologies’ Bell Labs Distributed System for Telecommunication Services. DEPEND and the DEPEND simulation methodology are licensed by the University of Illinois to SUN Microsystems, Lucent Technologies, Honeywell, Raytheon, Tandem and Ansaldo (the parent company of Union Switching Company).

Future research will address development and implementation of a high-speed simulation engine with the potential for using hardware simulation support. A demonstration of the DEPEND environment is available.