Reliability Modeling of Life-Critical, Real-Time Systems

Invited Paper In this paper, we discuss the role of modeling in the design and validation of life-critical, real-time systems. The basics of Markov, Markov reward, and stochastic reward net models are covered. An example of a nuclear power plant cooling system is developed in detail. Multilevel models, model calibration, and model validation are also discussed. I. INTRODUCTION Modem industrial control systems often require intemal decisions in real time, that is, the decisions have tight timing requirements attached, and violation of timing requirements invalidates the usefulness of the decisions. For example, in an automated flight control system the interval from craft attitude sensor reading to activating aileron actuators may have a subsecond limit. Violation of a single timing interval for such systems is usually not catastrophic, but repeated violations, especially in sequence, certainly can be. The difficulty in meeting tight timing constraints is compounded when, as is almost always the case, system components can fail. A fault-tolerant system is one capable of providing a critical level of service in the presence of one or more component failures. When failure to provide this critical level of service can endanger human lives, such as in aircraft and spacecraft flight control and nuclear power control, the systems are termed life-critical.