Docstoc

Modelling and Analysis of Decision makers in Fault -Tolerant Systems

Document Sample
Modelling and Analysis of Decision makers in Fault -Tolerant Systems Powered By Docstoc
					   Modelling and Analysis of Decision
   makers in Fault -Tolerant Systems

          Undergraduate Dissertation Project - Final Dissertation
                       Module Code: COM 3021

                  Written by: Soureh Latif Shabgahi
         Department of Computer Science, University of Sheffield
                  Regent Court, 211 Portobello Street
                          Sheffield S1 4DP

                     Email: aca06sl@sheffield.ac.uk
                      Supervisor: Dr. Georg Struth
                                06/05/09



             This report is submitted in partial fulfilment of the
requirement for the degree of Bachelor of Science with Honours in Computer
                      Science by Soureh Latif Shabgahi
      By: Soureh Latif Shabgahi     Modelling and Analysis of Decision makers in Fault Tolerant Systems



Signed declaration

   All sentences or passages quoted in this dissertation from other people's work have
   been specifically acknowledged by clear cross-referencing to author, work and
   page(s). Any illustrations which are not the work of the author of this dissertation have
   been used with the explicit permission of the originator (where possible) and are
   specifically acknowledged. I understand that failure to do this amounts to plagiarism
   and will be considered grounds for failure in this dissertation and the degree
   examination as a whole.


   Name:


   Signature:


   Date:




                                               ii
         By: Soureh Latif Shabgahi     Modelling and Analysis of Decision makers in Fault Tolerant Systems



Abstract
This project discusses fault tolerant systems and their importance in our life. We are surrounded
with visible and invisible processors and computers that can be found in embedded systems.
Processing components of cars, computer-based control systems of aircrafts and medical
healthcare equipment are examples of such embedded systems. We need these systems to be able
to acknowledge any existing faults and tolerate these faults and errors, without the loss of service
and still function properly. Fault detection, correction, isolation, masking, and fault recovery are
different aspects of fault tolerant systems.
This project will study different strategies of decision makers (voters), and will compare their
performance in different situations. Four voter types will be implemented in MATLAB
environment and some criteria and measures will be defined to enable studying and comparing
the behaviour of the voters (in form of graphs) in different situations. This is so that we
understand the suitability of each voter for real applications such as safety critical applications.
Moreover, a test-bed in MATLAB will enable us to test these voters. Having obtained the results
of voters in different situations, the results show that for example for safety critical applications
(such as air-crafts), the majority voter in fact has the highest safety (and should be used) and the
weighted average has the lowest.
The project finishes with some future work ideas including areas that can be studied, such as
voting in medical systems and elections.




                                                 iii
        By: Soureh Latif Shabgahi    Modelling and Analysis of Decision makers in Fault Tolerant Systems




Acknowledgements
First and foremost I would like to thank my supervisor, Dr. Georg Struth, for agreeing to
supervise me with this project I proposed myself and for providing invaluable comments on
chapters of this document and on problems and questions raised at different stages of the work.

I would also like to thank to Mike Brown and James Gregory for the time they spent proof
reading and error checking the first few chapters of this document which made it to the final
version of this project. I would also like to add that their comments are much appreciated.
Furthermore, I would like to thank Dr. Joab Winkler for acting as the second marker of my
project.




                                               iv
              By: Soureh Latif Shabgahi                            Modelling and Analysis of Decision makers in Fault Tolerant Systems



Contents
Signed declaration........................................................................................................... ii
Abstract ........................................................................................................................... iii
Acknowledgements ........................................................................................................ iv
Project Introduction: ...................................................................................................... 1
Chapter 1 ......................................................................................................................... 4
Fault Tolerant Systems ................................................................................................... 4
  1.1. Introduction ............................................................................................................ 4
  1.2. Fault Tolerance ....................................................................................................... 5
  1.3. Chapter Summary ................................................................................................... 5
Chapter 2 ......................................................................................................................... 6
Background ..................................................................................................................... 6
  2.1. Introduction to fault tolerant systems and applications .......................................... 6
  2.2. Application Areas for Fault-Tolerant Systems ....................................................... 6
      2.2.1. Long-life applications ................................................................................................................. 6
      2.2.2. Critical-computation applications ............................................................................................... 6
      2.2.3. Maintenance postponement applications .................................................................................... 8
      2.2.4. High-availability applications..................................................................................................... 8
 2.3. Fault tolerance processes ........................................................................................ 8
 2.4. Fault Masking ......................................................................................................... 9
 2.5. Chapter summary.................................................................................................. 10
Chapter 3 ....................................................................................................................... 11
Fault Masking and Voting Mechanisms ..................................................................... 11
 3.1. Introduction .......................................................................................................... 11
 3.2. Fault Masking Methods ........................................................................................ 11
 3.3 .Hardware Fault Masking (N-Modular Redundancy)............................................ 11
 3.4. Software Fault-Masking Strategies ...................................................................... 12
      3.4.1. N-Version Programming (NVP) ............................................................................................... 13
      3.4.2. Recovery Blocks (RB) .............................................................................................................. 14
   3.5. The Voting Mechanisms ....................................................................................... 15
   3.6. Classification of voters ......................................................................................... 15
      3.6.1. Bit voters .................................................................................................................................. 15
      3.6.2. Word voters .............................................................................................................................. 16
      3.6.3. Vector voters ............................................................................................................................ 16
      3.6.4. Weighted voters ........................................................................................................................ 16
   3.7. Word voters .......................................................................................................... 16
      3.7.1. Majority voter ........................................................................................................................... 16
      3.7.2. Plurality voter ........................................................................................................................... 19
      3.7.3. Median voter............................................................................................................................. 19
      3.7.4. Average voter ........................................................................................................................... 19
      3.7.5. Weighted average voter ............................................................................................................ 20
 3.8. Chapter Summary ................................................................................................. 21
Chapter 4 ....................................................................................................................... 22
Voting Implementation ................................................................................................. 22
 4.1. Chapter Introduction ............................................................................................. 22
 4.2. Majority Voter ...................................................................................................... 22
      4.2.1. Implementation of 3_input exact majority voter ...................................................................... 22
      4.2.2. Implementation of 5_input exact majority voter ...................................................................... 22
      4.2.3. The use of “sort” function in the implementation of majority voter ......................................... 23


                                                                                    v
              By: Soureh Latif Shabgahi                          Modelling and Analysis of Decision makers in Fault Tolerant Systems


      4.2.4. sort-based 5_input majority voter ............................................................................................. 23
      4.2.5. sort-based n-input majority voter ............................................................................................. 23
      4.2.6. n-input inexact majority voter .................................................................................................. 23
   4.3. Plurality voter ....................................................................................................... 24
      4.3.1. Explaining the algorithm by Plurality voting algorithm ........................................................... 24
      4.3.2. Implementation of the algorithm .............................................................................................. 25
      4.3.3. ‘Find’ and ‘Length’ in MATLAB ............................................................................................ 25
      4.3.4. 3_input Plurality voter .............................................................................................................. 26
      4.3.5. 5_input Plurality voter .............................................................................................................. 26
      4.3.6. n-input exact Plurality voter ..................................................................................................... 27
      4.3.7. n-input Inexact Plurality voter .................................................................................................. 27
      4.3.8. Applications of plurality algorithm .......................................................................................... 27
   4.4. Median voter ......................................................................................................... 27
      4.4.1. Implementation of median voter............................................................................................... 27
   4.5. Weighted average voter ........................................................................................ 27
      4.5.1. ‘Lorczak Formula’ for weighting factors ................................................................................. 28
      4.5.2. Implementation of 3-input weighted average voter .................................................................. 28
      4.5.3. Implementation of 5-input weighted average voter .................................................................. 28
      4.5.4. Implementation of N-input weighted average voter ................................................................. 28
 4.6. Chapter Summary ................................................................................................. 28
Chapter 5 ....................................................................................................................... 29
Testing Voting Algorithms: Measures and Test-Bed ................................................ 29
 5.1. Classification of voter outputs .............................................................................. 29
 5.2. Attributes of a good voter ..................................................................................... 30
 5.3. Performance Measures ......................................................................................... 31
      5.3.1. Safety measure ......................................................................................................................... 31
      5.3.2. Availability measure. ................................................................................................................ 31
      5.3.3. Survivability measure (Hazard) ................................................................................................ 32
   5.4. Testing Bed ........................................................................................................... 33
      5.4.1. Capabilities of the test-bed ....................................................................................................... 33
      5.4.2. Test-bed structure ..................................................................................................................... 34
      5.3.1. Input Data Generation .............................................................................................................. 34
      5.3.2. Input Data replicator ................................................................................................................. 34
      5.3.3. System modules ........................................................................................................................ 35
      5.3.4. Random noise generator ........................................................................................................... 35
      6.3.5. Noise Injection ......................................................................................................................... 36
 5.4 Test Program.......................................................................................................... 37
 5.5. Chapter Summary ................................................................................................. 38
Chapter 6 ....................................................................................................................... 39
Results and Discussion.................................................................................................. 39
 6.1. Introduction .......................................................................................................... 39
 6.2. Graphically representation of the results of each voter separately ....................... 39
 6.3. Graphically comparing the agreed results of all voters on one graph .................. 41
 6.4. Graphically comparing the correct results of all voters on one graph .................. 42
 6.5. Graphically comparing the incorrect results of all voters in one graph................ 42
 6.6. Comparing the safety of voters ............................................................................. 42
 6.7. Comparing the availability of voters .................................................................... 43
 6.8. Comparing the survivability of voters .................................................................. 44
 6.9. Studying the impact of voter size on its safety performance ................................ 44
 6.10. Studying the impact of voting threshold on its safety performance ................... 46
 6.11. Studying the impact of changing noise value of voters on their safety .............. 47

                                                                                  vi
             By: Soureh Latif Shabgahi                   Modelling and Analysis of Decision makers in Fault Tolerant Systems


  6.12. Studying the impact of changing noise factor of voters on their safety ............. 50
  6.13. Interpreting the outcomes of tests ....................................................................... 51
  6.14. Chapter Summary ............................................................................................... 53
Chapter 7 ....................................................................................................................... 54
Conclusions and Future work ...................................................................................... 54
  7.1. Project Conclusions .............................................................................................. 54
  7.2. Future work........................................................................................................... 56
Bibliography: ................................................................................................................. 58
Appendix A: Tables ...................................................................................................... 61
  1.     Majority Voter ................................................................................................... 61
  2.     Plurality Voter ................................................................................................... 62
  3.     Median Voter ..................................................................................................... 63
  4.     Weighted Average Voter ................................................................................... 64
  5.     Weighted Majority Voter................................................................................... 65
Appendix B: Implementation....................................................................................... 66
  1.     Majority Voter: .................................................................................................. 66
  2.     Plurality Voter: .................................................................................................. 69
  3.     Median Voter: .................................................................................................... 73
  4.     Weighted Average Voter: .................................................................................. 73




                                                                      vii
Project Introduction:
In the modern world, we are surrounded by computers and machines, some obvious and visible
and some not so obvious. We have come to rely more and more on computer systems, where
they are involved and integrated into almost every aspect of our lives. For example, most modern
cars have central computers for controlling various aspects of their operation. Other major
examples are the safety-critical control systems such as air-traffic control, communication
networks and devices, systems involved in healthcare, and systems managing ATM withdrawals.
Scientists and engineers design and build these complex computer systems, using a variety of
tools and techniques, with the hope of cutting down on the number of faults built into them.
Given this, thought needs to be put to the way in which the functionality and safety of these
systems can be ensured. With the fact that as technology is advancing, it is probable that more
and more core systems in society and our lives will be computerized in some way, or to greater
extents. However, it is not always obvious and possible to ensure that these systems will work
correctly, due to the fact that as a system becomes more complex, the harder it becomes to test.

Generally speaking, rigorous testing takes place on the system, to catch any possible problem
scenarios. The system needs to be able to acknowledge any existing faults, and tolerate and
manage these errors during operation without loss of service. Especially for safety-critical
systems (such as aircraft), it is vital that if the system encounters a problem, it should be able to
tolerate and manage those errors during operation, without the loss of service. This latter ability
is known as fault-tolerance.

This work introduces application areas of fault-tolerant systems, where the existing applications
can be categorized into four primary areas: long-life applications, safety-critical computations,
maintenance postponement applications, and high availability applications, each one studied
separately. Furthermore different approaches to fault tolerance are covered; with more attention
given to fault masking as it is most relevant to this project i.e. hardware and software fault
masking approaches studied in depth. Both hardware and software fault masking approaches use
voting mechanism for arbitrating between the results of redundant modules. Voters are an
important part of fault-tolerant systems, and are introduced to achieve reliability. They receive a
set of input(s) and apply an algorithm to determine the correct or adjudicated result. There are
many types of voters, and depending on the nature of input objects, voting algorithms are
classified into 4 groups (bit voters, word voters, vector voters and weighted voters). For word
voters the majority, plurality, median and weighted average voters all introduced in detail with
examples, as well as being implemented in MATLAB environment.

Furthermore, some criteria and measures are defined to enable us to study the behavior of these
voters in different situations, and compare their behavior to understand the suitability of each one
for real applications. Moreover, attributes of a good voter are provided with examples. On the
other hand, some performance measures are introduced, where having obtained the results of
voters in different error conditions; the suitability of each voter for different applications is
examined. For this purpose, some performance measures have been defined for evaluating
voters, as well as introducing safety, availability and survivability measures.
          By: Soureh Latif Shabgahi         Modelling and Analysis of Decision makers in Fault Tolerant Systems


A testing-bed is implemented in MATLAB, to enable testing the voters in different conditions
and scenarios and for comparing their behaviors. Furthermore testing with different input
profiles and values of voter-threshold, selecting the number of modules to be perturbed, and
selecting the size of errors to be injected are all capabilities of the test-bed and are also provided.

In the last parts of this work, the experimental results of voters are presented and the test-bed
gives the number of correct, incorrect, agreed and disagreed outputs of the examined voter after
n runs. The behaviour of the majority, plurality, median and weighted average voters in different
situations are compared in the form of graphs. The results are also organized by graphically
representing the results of each voter separately, comparing the agreed, correct and incorrect
results, as well as the safety, availability and survivability of all voters. All results are presented
on different graphs. Furthermore, the impact of voter size (the number of voter inputs: 3MR,
5MR and 7MR) on their safety, availability and survivability, the impact of changing voting
threshold value of inexact voters on their safety, the impact of changing noise/perturbation value
of inexact voters on their safety and the impact of changing noise/perturbation factor of inexact
voters on their safety have been studied. (These impacts have not been studied on availability
and survivability due to page limitations of this work.)

We can now put together the results of tests that were performed. In fact, we are faced with three
sets: a set of voting algorithms V = {majority, plurality, median, weighted average}, a set of
performance measures P = {availability, safety, survivability}, and a set of applications S = {A: long-
life applications, and maintenance postponement apps, C: safety-critical apps, D: high-available apps.} each with
particular nature. The question is: “For each category of these applications what is the most
suitable voter(s)?” To answer this question, we should refer to graphs generated in this section.
By considering Figures 6.11 and recalling that; safety = (c + d) / n, the following tables are
obtained. Table 6.4 gives the ranking order of voters in terms of safety in the presence of all
sized errors where all modules are perturbed. Similarly, Table 6.5 presents that ranking for cases
in which two modules are perturbed. The tables show that with one exception, the majority and
plurality voters give the highest level of safety. The exception is that the weighted average voter
gives the highest level of safety for small-size errors. As a result, for highly-safe applications
such as airplane control systems and patient monitoring systems in hospitals, usually one of these
voters (mostly majority due to its implementation simplicity) is used. On the other hand, with
one exception the weighted average and median voters give the lowest level of safety in all
cases. The exception is that the plurality voter which gives the lowest level of safety for small-
size errors. By considering all types of errors which occur in real-life applications, the majority
would be the best and the weighted average and median voter the worst. Similar discussions
could be made for availability and survivability of voters, ranking them to find the best highly
available and survivable voter, if there was no page limit to this project.
Other important findings include, the median and weighted average voters generate more agreed
results than majority and plurality voters with small errors. Therefore in applications which
require more agreed results, these two voters are most suitable to be used.
The median and weighted average voters generate more correct results than majority and
plurality, and the majority produces more correct results than the plurality with small errors.
With small errors, the majority voter gives less incorrect results than the plurality and is better
than the median and weighted average voter. Thus for safety critical applications, the majority
voter is the best.


                                                       2
         By: Soureh Latif Shabgahi    Modelling and Analysis of Decision makers in Fault Tolerant Systems


Furthermore, the safety of median and weighted average voters is less than the safety of majority
and plurality voters. In fact the majority voter has the highest safety and the weighted average
has the lowest. It can be shown that by increasing the size of noise/ perturbation, majority and
plurality show more level of safety than the others.
Comparing the graphs produced show that by increasing the voter inputs/size, the safety of
majority voter is considerably improved i.e. 7MR behaves better than 5MR and this behaves
better than 3MR. Also, the safety of plurality voter is considerably decreased from 3MR to
5MR. However from 5MR to 7MR the change is not considerable and the safety of median voter
is improved i.e. 7MR behaves better than 5MR and this behaves better than 3MR. The safety of
weighted average voter is also improved but not considerably.

By increasing the values of the voting threshold, the safety of the majority and plurality voters
are decreased. This is because with large thresholds, more incorrect results are allowed/ passed
towards the voter outputs. On the other hand, the safety of the median and weighted average
voters does not change with larger threshold values. This is because their behaviour is not
dependent on voting threshold. They always produce a result, regardless of the threshold value.

As noise value increases, the number of correct outputs is decreased, but the number of
disagreed outputs considerably increases. In fact, the decreasing amount of correct results is less
than the amount of increasing disagreed results. Therefore disagreed results have more affect on
the safety of the voter. On the other hand, the safety of the median and weighted average voters
decreases by increasing noise value. The reason is that these voters rely only on the number of
correct outputs, and because by increasing the noise value the number of correct outputs
decreases, thus safety of voters is also decreased.
When one module is faulty, all the voters perform perfectly. In a 3-input voter (TMR) perturbing
one module has no effect on its performance and the other two modules are non-faulty and
majority and plurality is met. However when two modules are faulty, the safety level of all voters
decreases. This is also true when all modules become faulty.

The last chapter of the project provides both the conclusions from the end of each chapter, as
well as introducing some future work ideas, with some examples of areas that can be studied.
These examples include voting in medical systems, voting in elections and studying more voting
algorithms.




                                                 3
         By: Soureh Latif Shabgahi      Modelling and Analysis of Decision makers in Fault Tolerant Systems



                                         Chapter 1

                              Fault Tolerant Systems
1.1. Introduction
In the modern world, we are surrounded by computers and machines, some obvious and visible,
and some not so obvious. We have come to rely more and more on computer systems, where
they are involved and integrated into almost every aspect of our lives. For example, most modern
cars have central computers for controlling various aspects of their operation. Other major
examples are the safety-critical control systems such as air-traffic control, communication
networks and devices, systems involved in healthcare, and systems managing ATM withdrawals.
Scientists and engineers design and build these complex computer systems, using a variety of
tools and techniques, with the hope of cutting down on the number of faults built into them.
Given this, thought needs to be put to the way in which the functionality and safety of these
systems can be ensured. With the fact that as technology is advancing, it is probable that more
and more core systems in society and our lives will be computerized in some way, or to greater
extents. However, it is not always obvious and possible to ensure that these systems will work
correctly, due to the fact that as a system becomes more complex, the harder it becomes to test.

Generally speaking, rigorous testing takes place on the system, to catch any possible problem
scenarios. The system needs to be able to acknowledge any existing faults, and tolerate and
manage these errors during operation without loss of service. Especially for safety-critical
systems (such as aircraft), it is vital that if the system encounters a problem, it should be able to
tolerate and manage those errors during operation, without the loss of service. This latter ability
is known as fault-tolerance. [11]

Voters are an important part of fault-tolerant systems, and are introduced to achieve reliability.
They work by comparing the results from two or more variants of a program to determine the
correct result, if any. Voters tend to be single points of failure for most software fault tolerance
techniques, and should be designed and developed to be highly reliable, efficient and effective.
The voter receives a set of input(s) and applies an algorithm to determine the correct or
adjudicated result. If a voter fails to determine a correct result, this will be indicated. Otherwise,
the status indicator will signal success. The correct result and the status indicator are then
returned to the method that invoked the voter. There are many types of voters, including the
majority, plurality, the average, median, and the weighted average voter, which are going to be
implemented. The main goals of the project therefore include designing the algorithm for these
voter types before implementation. After implementing the voter types, a general test bed will be
produced and the behavior of implemented voters will be studied in various conditions [30, 35,
41].

Finally, the test bed will generate many comparative graphs for the different voting algorithms in
to highlight their safety, availability, survivability, and will show the impact of parameters such
as voting threshold value, injected noise value, noise factor, the number of voter inputs on their
performance.


                                                   4
         By: Soureh Latif Shabgahi      Modelling and Analysis of Decision makers in Fault Tolerant Systems


All the programming will be done in MATLAB environment. MATLAB allows easy
implementation of algorithms as well as allowing matrix manipulation, plotting of functions and
data, creation of user interfaces, and interfacing with programs in other languages. As well as
being a high-level technical computing language, MATLAB is also a language that is tailored to
the application of work, therefore does not require the use of objects, (where objects are a part of
object oriented languages such as Java, C/C++ and Python). As the majority, plurality, median
and weighted average voters require no use of objects; MATLAB is a more suitable language to
be used, over other languages. [26, 27, 28]

Furthermore, this was a self defined project, and the reason for choosing this topic was that it
gave me the opportunity to learn about the area of fault tolerance, and to write a survey of the
different types and kinds of voters that are used within fault-tolerant systems. The report will
start with background information, introducing fault tolerant methods and techniques. The
different voter types will also be introduced, before their implementation and testing, which will
lead to the results and conclusions section.

1.2. Fault Tolerance
Fault-tolerance is the term used to describe the acknowledgment of any existing faults or errors
within a system. According to [3] “A ‘fault’ is a feature of a system that precludes it from
operating according to its specification.” In the context of fault-tolerance, a ‘fault’ is a problem
that is encountered by the system, as a physical defect or flaw, which can occur either in
hardware or software, and can be of any scale, from minor to critical [32]. By acknowledging
existing faults, the system should be able to tolerate and manage those errors/ faults during
operation, without the loss of service [1, 2].

We are not only concerned with whether a system works correctly, but whether it still manages
to carry on working, if some fault is found within the system [4]. This is important, as no matter
how much profession and care is put into the design and building of systems, sooner or later an
individual component will fail. Even a small failure could have disastrous consequences.
Particularly in safety- critical cases (such as aircraft), the system has a direct impact on the safety
of (generally human) lives, in terms of life/death [5, 6, 11].

A further example could be the human body. It is itself a complex system that functions on a day
to day basis, regardless of how well we are feeling at the time. If we hurt our arm, we would not
stop moving or shut down as a result of encountering an “error” found in the body. We would
expect to carry on moving and working, even though we are unable to move our arm at the time.
As a result, systems built by engineers, also need to be introduced in a fashion that would
function regardless of a fault or error encountered. Furthermore, fault-tolerant design is also
known as fail-safe design, enabling a system to continue operating in all circumstances,
regardless of the fault found in the hardware or software [23]. A car could be an example of a
fail-safe system; if it was to get a flat tire, the vehicle can still be driven. It is also a fail stop
system. If its braking system becomes faulty, the driver can stop the car in some way.

1.3. Chapter Summary
This chapter introduced the basic concepts, importance and application areas of fault tolerant
systems.

                                                   5
         By: Soureh Latif Shabgahi         Modelling and Analysis of Decision makers in Fault Tolerant Systems



                                            Chapter 2

                                           Background
2.1. Introduction to fault tolerant systems and applications
In the previous chapter fault tolerant systems were introduced and a few examples were given as
to how and where fault tolerant systems can be used in real life. In this chapter different type of
applications for which approaches to fault tolerance are used, are explained. In section 2.2 the
application areas for fault tolerant systems are introduced. Section 3 explains different processes
to achieve a fault tolerant system. The chapter ends with some conclusion remarks.

2.2. Application Areas for Fault-Tolerant Systems
The existing applications of fault-tolerant computing systems can be categorised into four
primary areas: long-life applications, safety-critical computations, maintenance postponement
applications, and high availability applications. Each application requires different design
requirements and challenges and therefore different fault-tolerance mechanisms [51].
2.2.1. Long-life applications
The most common examples of long-life applications are the unmanned space flight and
satellites. For example the Pioneer 10 spacecraft was launched in 1972, and became the first
man-made object to pass beyond all known planets in 1983. During pioneer 10’s flight it has
returned fascinating pictures of other planets such as Jupiter and the moon. The Mariner,
Explorer, and Voyager missions are all other examples of long-life space missions.
Furthermore, satellites are required to function correctly in space for extended periods of time.
The cost of designing, building, and launching a satellite is far too high to allow electronic
failures to render the satellite ineffective in space. Even though the space shuttle is now capable
of retrieving satellites for repair, the cost of such repair is still extremely high, and many
satellites are in orbits beyond the reach of the shuttle. Consequently, fault tolerance is required in
satellite systems.
Typical requirements of a long-life application are to have a 0.95 probability of being operational
at the end of a ten-year period. However, unlike other applications long-life systems can often
allow extended outages as long as the system can eventually be made operational once again. For
example, a one-week outage can be insignificant when you consider the five or ten-year
operational life of a satellite. In addition, long-life applications can frequently allow the system
to be reconfigured manually by the operators. The fault tolerant Spaceborne Computer (FTSC),
the Self-Testing and Repairing, STAR, computer and the fault-Tolerant Building Block
Computer are examples of systems designed for long-life applications [52, 53, 54].
2.2.2. Critical-computation applications
Perhaps the most widely publicised applications of fault-tolerant computing are those in which
the computations are critical to human safety, environmental cleanliness, or equipment
protection. Examples include safety-critical control systems such as air-traffic control (aircraft
flight control systems), communication networks and devices, military systems, systems
involved in healthcare and certain types of industrial controllers. Scientists and engineers design
and build these complex computer systems, using a variety of tools and techniques, with the

                                                      6
         By: Soureh Latif Shabgahi               Modelling and Analysis of Decision makers in Fault Tolerant Systems


hope of cutting down on the number of faults built into them. Given this, thought needs to be put
to the way in which the functionality and safety of these systems can be ensured.
In critical-computation applications, the incorrect performance of the system will almost
certainly yield devastating results. However, it is not always obvious and possible to ensure that
these systems will work correctly, due to the fact that as a system becomes more complex, the
harder it becomes to test.
A typical requirement for a critical-computation application is to have a reliability of 0.97
(0.999,999,9) at the end of a three-hour period. Requirements can vary, however, depending on
the particular function that the system is performing.
As an example of a fault-tolerant system used in a critical-computation application, consider the
architecture of the X-29 aircraft flight control system, as shown in Figure 2.1 [51]. If the control
system fails to perform correctly, the aeroplane will not be flyable. A hybrid analogue / digital
fly-by-wire flight control system is used to provide closed-loop control of the aircraft. The term
fly-by-wire simply means that there are no mechanical connections between the pilot’s stick and
the control surfaces (for example the ailerons, elevators, and rudder). Instead, an electronic
system samples the position of the pilot’s stick, calculates the desired position of the control
surfaces, and commands a motor to move the control surfaces. The connection between the
pilot’s stick and the control surfaces is completely electrical; consequently, the loss of the
electronics implies the loss of the ability to fly the aircraft.

                                                        Computer 1



                      Sensors


                                                                                       Control surface
                                                         Computer 2
                                                                                         actuators
                      Cockpit
                    controls and
                      displays




                                                         Computer 3




                                   Analogue to                                  Digital to
                                                           Digital              Analogue
                                     Digital
                                   conversion
                                                         Computer              conversion



                                                           Analogue
                                                          Computer                Switch



                      Figure 2.1 The architecture of the x-29 flight control system


                                                            7
         By: Soureh Latif Shabgahi      Modelling and Analysis of Decision makers in Fault Tolerant Systems


Figure 2.1 shown the architecture of the x-29 flight control system, cf. ‘Design and Analysis of Fault-
Tolerant Digital Systems’ by Johnson [51].


As shown by Figure 2.1 the control system uses three identical computers performing the same
operations. The results from each computer are examined, and the output from the system is
formed via a majority vote of the three results. Consequently, a single computer performing
incorrectly will be masked by the two computers that are performing correctly. Each computer
within the system consists of both a digital computer and an analogue computer. The analogue
computer is used as a backup that can assume the functions of the system if the digital computer
fails. The analogue backup provides protection against software design errors that could
simultaneously affect all the digital computers.
2.2.3. Maintenance postponement applications
Maintenance postponement applications appear most frequently when maintenance operations
are extremely costly, inconvenient, or difficult to perform. Remote processing stations and
certain space applications are good examples. In space, maintenance can be impossible to
perform; at remote sites, the cost of unexpected maintenance can be prohibitive. The main goal is
to use fault tolerance to allow maintenance to be postponed until a more convenient and cost-
effective time. A telephone switching system is an example of a system that could require
maintenance postponement [55]. Many telephone switching systems are located in remote areas
where it is necessary to provide telephone service, but it is costly to perform the maintenance and
service operations. The primary objective is to design the system such that unscheduled
maintenance can be avoided. Therefore, the telephone company can visit the facility periodically
and repair the system or perform routine maintenance. Between maintenance visits, the system
handles failures and service disruption autonomously.
2.2.4. High-availability applications
Availability is rapidly becoming a key parameter in many applications. Banking and other time-
shared systems are good examples of high availability applications. Users of these systems want
to have a high probability of receiving service when it is requested.

2.3. Fault tolerance processes
Fault tolerance is sometimes referred to as redundancy management and for our purposes;
redundancy is the provision of functional capabilities that would be unnecessary in a faultless or
otherwise known as fault-free environment. Redundancy is not sufficient but necessary for fault
tolerance. A computer system may provide redundant functions or outputs so that at least one
result is correct in the presence of a fault for example, but if the user must somehow examine the
outputs and select the one that is correct, and then the only fault tolerance is being performed by
the user. If the system however picks the correct redundant result for the user, the computer
system is then not only redundant, but it is also fault tolerant. Redundancy management marshals
the non-faulty resources to provide the correct result. Fault tolerance involves the following
actions [12, 15, 16]

Fault Detection
This is the process of determining that a fault has occurred and is present within the system.


                                                   8
         By: Soureh Latif Shabgahi     Modelling and Analysis of Decision makers in Fault Tolerant Systems




Fault Diagnosis
This is the process of determining what caused the fault, or specifying exactly which component
or subsystem is faulty.
Fault Containment
This is the process that prevents the propagation of faults from their origin at one point in a
system, to a point where it can have an effect on the service to the user.
Fault Masking
This is the process of insuring that only correct values are passed through to the system boundary
in spite of a failed component.
Fault Compensation
It may be necessary for the system to provide a response to compensate for the output of the
faulty subsystem (if a fault has occurred and is confined to a subsystem).
Fault Repair
This refers to faults being removed from a system. In fault tolerant systems that are well-
designed, faults are contained before they propagate to the extent that the delivery of system
service is affected. This will leaves a portion of the system unusable because of residual faults. If
subsequent faults occur, the system may not be able to cope because of this loss of resources,
unless these resources are reclaimed through a recovery process, insuring that no faults remain in
the system resources or system state.
Fault Coverage
The measure of success of redundancy management or fault tolerance is referred to as coverage.
Informally, coverage is the probability of a system failure given that a fault occurs. Simplistic
estimates of coverage merely measure redundancy by accounting for the number of redundant
success paths in a system. More sophisticated estimates of coverage account for the fact that each
fault potentially alters a systems ability to resist further faults. The usual model is a Markov
process where each fault or repair action transitions the system to a new state, some of which are
states of failure. Furthermore, because a distinct state is generated for each stage in each possible
failure and repair process, the models of Markov, can consist of thousands of states for even
simple systems [40, 56].

The implementation of the actions described above, depend upon the form of redundancy
employed such as hardware / software redundancy or time redundancy. Since this work is about
fault masking, we explain this in the next section in more detail.

2.4. Fault Masking
With fault tolerant systems, there is something called fault masking, which requires that the
system can perform its specified functions correctly, even in the presence of hardware failures,
user faults, and software errors. Therefore, fault masking strategies may be implemented in
hardware or software. There are different approaches for both hardware fault masking and
software fault (error) masking. These approaches will be reviewed during the course of this
document [7].
In many applications, the reliability of the overall system has to be higher than the reliability of
the individual components that are used within the application. Designers must devise
mechanisms in such a way, that allow the system to either completely mask the effects of a


                                                  9
         By: Soureh Latif Shabgahi     Modelling and Analysis of Decision makers in Fault Tolerant Systems


component failure or recover from it so quickly that it does not affect the application seriously
[8, 11].
Furthermore, in fault masking, if one module becomes faulty, the remaining fault-free modules
mask the result of the faulty module. One example could be with the performance of the (two-
out-of-three) majority voter type, which will be looked at later on [34, 23].
The main approach to hardware fault masking is N-Modular redundancy. Redundancy is the
concept that implies the addition of information and resources, beyond what is needed for the
operation of a normal system. Redundancy can take one of several forms, including hardware
redundancy [33]. On the other hand, in the software domain, formal methods and massive tests
cannot guarantee that error- free software will be achieved, as some specification and design
errors remain in the software product. Software fault (error) masking methods, attempt to
overcome these errors/ faults during the software execution time. There are two well known
methods for software fault masking - the N-Version Programming (which is analogous to NMR)
and the, recovery blocks (which is analogous to standby sparing methods) [29, 32]. Later on,
these approaches will be described in more detail.


                                       Hardware                          N-Modular Redundancy
    Fault Masking

                                                                          N-Version Programming
                                       Software
                                                                          Recovery Blocks

                     Figure 2.2 Methods for hardware and software fault masking.

Figure 2.2 shows methods for each hardware and software fault masking, cf. ‘Fault- Tolerant Computer
System Design’ by Pradhan [11] and ‘An Empirical Evaluation of Consensus Voting and Consensus
Recovery Block Reliability in the Presence of failure Correlation’ by Vouk, McAllister, Eckhardt, and
Kim [29].

2.5. Chapter summary
In this chapter, major application areas for which approaches to fault tolerance are used, were
explained of these safety-critical computing systems are vital in our today's life. Different
approaches to achieve a fault tolerant system including detection, correction, removal, masking
and isolation techniques were also mentioned.




                                                  10
         By: Soureh Latif Shabgahi     Modelling and Analysis of Decision makers in Fault Tolerant Systems



                                        Chapter 3

              Fault Masking and Voting Mechanisms
3.1. Introduction
In the previous chapter a range of fault tolerant mechanisms were explained. This chapter
focuses on fault masking approach, which mainly uses a voting algorithm. Firstly, fault masking
methods will be introduced, while going on to introduce hardware and software fault masking
methods. Voting mechanisms and their classification will then be introduced. From the different
voter types introduced word voters will then be discussed in more detail.

3.2. Fault Masking Methods
In many applications, the reliability of the overall system has to be higher than the reliability of
the individual components that are used within the application. Designers must devise
mechanisms in such a way, that allow the system to either completely mask the effects of a
component failure or recover from it so quickly that it does not affect the application seriously
[8, 11].
Fault tolerant systems with masking capability can perform their specified functions correctly,
even in the presence of hardware failures, user faults, and software errors. Fault masking
strategies may be implemented in hardware or software. There are different approaches for both
hardware fault masking and software fault (error) masking [7]. A fault masking system uses
redundant modules. Redundancy is the concept that implies the addition of information and
resources, beyond what is needed for the operation of a normal system. In a masking system, if
one module becomes faulty, the remaining fault-free modules mask the result of the faulty
module. One example could be with the performance of the (two-out-of-three) majority voter
type, which will be looked at later on [34, 23].
N-Modular redundancy is the main mechanism of hardware fault masking [33]. There are also
two well known methods for software fault masking - the N-Version Programming (which is
analogous to NMR) and the, recovery blocks [29, 32]. Later on, these approaches will be
described in more detail.

3.3 .Hardware Fault Masking (N-Modular Redundancy)
With modular redundancy, by assigning two modules it is possible to withstand a failed primary
but some considerable time is usually necessary to reconfigure. In addition, the success of such
designs rests upon the quality of the fault-detection logic. N-modular redundant systems can
mask module failures and also offer continued service. The numbers of failed modules that can
be readily tolerated are: (N-1)/2, where N is usually an odd number, in order to avoid a tie.
The basic concept of TMR (as the most popular form of NMR system, with N=3) is to triplicate
the hardware, and perform a majority vote (which we will come onto), to determine the output of
the system [10].




                                                 11
         By: Soureh Latif Shabgahi     Modelling and Analysis of Decision makers in Fault Tolerant Systems


                                          Module 1


       Input Entered                      Module 2                Voter                       Output

                                          Module 3

                        Figure 3.1 A Triple Modular Redundant System (TMR).

Figure 3.1 shows the basic diagram of a Triple Modular Redundant System (TMR), cf. ‘Fault- Tolerant
Computer System Design’ by Pradhan [11]. The diagram demonstrates one module becomes faulty; the
two remaining fault-free modules mask the results of the faulty module when voting is performed. (We
will come onto voting.)

The primary difficulty with TMR is the voter. If the voter fails, the complete system would fail.
Any single component within a system whose failure leads to a failure of the whole system is
called a single-point of failure. Several techniques can be used to overcome the effects of voter
failure. One approach is to triplicate the voters and provide three independent outputs [35]. The
three functional modules each receive the same identical inputs and perform identical functions
using those inputs. The results generated by the three modules are voted on, in order to produce
three results. Each result is correct as long as no more than one module or input is faulty. The
primary trade off in NMR is the fault tolerance achieved versus the hardware required. It is the
case that clearly, practical applications must limit the amount of redundancy that can be
employed. Power, cost, size and weight limitations very often determine the value of N in an
NMR system. We will now look at a few examples of where TMR systems are used.
In safety- critical systems such as aircraft, it is important to have more than one motor, so if one
fails, there are others for back-up. In modern times, all aircrafts have three motors, working in a
TMR structure.
Another example of TMR could be its application at the computer level, where m1, m2 and m3
represent computers that control an aircraft. For example, three redundant computers control the
opening of the wings. The computers provide back-up for each other, in a case where one fails to
open the wings.
In summary, modules of TMR systems can be represented as complex as a motor, or as simple
and small as a part of a computer (for example ALU or sensors) [11, 20].

3.4. Software Fault-Masking Strategies
Software is involved in almost every aspect of modern society. From government to
manufacturing, utilities, transportation and almost every other sector that influences our way of
life, is affected directly or indirectly by software systems [21]. Formal methods and testing are
essential to minimise design errors in software systems. However, even after the use of such
strategies, there is no guarantee that design errors do not remain in the system and are completely
covered. In highly dependable systems, it is therefore necessary to assume that some latent
design errors exist and that they must be tolerated during system execution time. In hardware
modules, faults due to ageing lead to errors in the system. Such errors can result in system failure
if no mechanism to tolerate faults is provided and available. In software, no ageing occurs and
faults are caused by specification, design or implementation errors. Software forms an ever
increasing proportion of modern computer systems and is now responsible for the greater
number of potential system failures. Software fault-tolerance seeks to prevent these design errors
from causing system failure. Two main paradigms have been proposed: N-version programming

                                                 12
          By: Soureh Latif Shabgahi     Modelling and Analysis of Decision makers in Fault Tolerant Systems


and the recovery block. Software faults must be tolerated by using redundancy in the software
production process, for example by the use of separate design and development teams [13, 44,
48].
3.4.1. N-Version Programming (NVP)
 Stated by [22, 29], an N-version software (NVS) unit, as a form of N-version programming, is a
fault tolerant software unit that depends on a generic decision algorithm to determine a
consensus result from the results delivered by two or more member versions of the NVS unit.
The process by which the NVS versions are produced is called N-version programming (NVP)
[44]. Design diversity requires that separate variants are independently implemented to provide
the same service. In N-version programming a number of variants (or software versions) are
designed and then executed simultaneously [17, 18]. The results of each variant are subjected to
majority voting, in order to mask out the results of any variant in disagreement. The following
describe some of the major issues involved in the development of a successful N-version system:
A. ensuring design diversity,
B. input consistency,
C. error propagation,
D. synchronisation,
E. recovery of failed variants   [11]

A. Ensuring design diversity
The success of N-version programming relies on the elimination of related faults between the
variants. The variants are developed by different teams that work in isolation from each other.
Diversity can be further enforced by specifying that the variants use different programming
languages. Major sources of related errors however, include errors or omissions in the
specification of the software. Diverse specifications have been used in trying to reduce the
impact of specification errors.
B. Input consistency
The system must synchronise the activities of the variants to ensure that each variant performs
computation on the same input set and will thus produce a similar output set, when assuming no
faults occur. For example, on a specific flight, each of the three digital flight control channels
declared the others had failed, and the backup analogue channel was not selected due to a design
fault. The problem that was revealed during the flight test, resulted from sensor noise and
sampling skew. Each variant operated correctly but was unable to reach agreement with the other
variants because of the differences in input signals. It is common to vote on the inputs to the N-
version system to prevent divergence of the variants. Redundant sensors must be sampled
simultaneously and care taken to minimise the effects of noise and sensor inaccuracies.

C. Error propagation
It is important that each variant executes independently of the others. There must be no
intermediate communications between the variants as this could allow errors in one variant to
propagate into another. It is possible to run each variant in turn on the same hardware, however,
the full benefits of N-version programming are achievable if each variant is run in parallel on
separate hardware. In many highly dependable applications the variants are run on diversely
designed hardware modules. This often has the benefit of further reducing the scope for related
errors between the variants.



                                                  13
          By: Soureh Latif Shabgahi    Modelling and Analysis of Decision makers in Fault Tolerant Systems


D. Synchronisation
In an N-version system, the overall performance is only as good as the slowest of the variants.
Progress can only be made when a majority of variants has produced results that are in
agreement. An improvement in performance may be obtained by subdivision of the variants into
smaller sections and voting on the intermediate results. The improvement can be obtained by
using a voting algorithm that does not wait for the slowest variant(s) if a majority agreement has
already been found [19, 44].
E. Recovery of failed variants
The N-version programming approach provides fault masking, assuming independence of the
variants. It is not desirable for the system to degrade from N variants to (N-1) variants and then
to (N-2) variants as faults occur. Recovery presents problems because the different variants will
not have identical internal states during normal operation. At the very least, some form of restart
facility will be required to attempt recovery in a failed variant. Thus a failed variant can be
restored from stable storage. This procedure may be too slow in time-constrained systems, in
which case an image may be maintained in a neighbouring node.
3.4.2. Recovery Blocks (RB)
Like N-version programming, the recovery block uses design diversity to overcome residual
design errors. However, in the traditional recovery block scheme, the secondary variant is only
executed if the primary variant fails. Therefore an acceptance test is used to check the results
from the primary variant. As a result, if the acceptance test fails, a secondary variant is executed
in an attempt to correct the error [36]. The strategy is usually expressed using syntax similar to
the one below, which has been reproduced from [43].
 ensure <acceptance test>
 by        <primary variant>
 else by <alternative variant 1>
  else by <alternative variant 2>
  ……….
  else by <alternative variant n>
else error

The primary variant produces a result set that is subjected to an acceptance test. If the acceptance
test finds an error then an alternative variant is executed in the hope that the same error will no
longer be present. An arbitrary number of alternative variants could be provided but in the
construct, the final else error indicates and shows a failure of the whole recovery block. The
variant must execute independently without any intermediate communication. This is necessary
to ensure that any errors do not spread through the variants.
In essence, the aim of recovery block is to mask the effects of internal (design, specification)
faults from the software of which it is a part of. Furthermore, it does not impose any constraints
on the programming style, language and methodology used, to implement the modules and
acceptance test.
Furthermore, timed recovery blocks can be used to ensure that unanticipated timing faults do not
escape detection. This technique includes a time-out in the acceptance test such that if the
primary fails, an alternative variant will be executed sufficiently early, to produce a result before
the deadline for the final acceptance test is reached. This approach allows the variants to be
ranked such that the most accurate but slowest (primary) is executed first. Graceful degradation
can be achieved, in the event of primary failure, by then executing a less accurate but faster


                                                 14
          By: Soureh Latif Shabgahi            Modelling and Analysis of Decision makers in Fault Tolerant Systems


variant [42]. The final variant might be used to rapidly insert some default or safe value. This
mechanism ensures that some meaningful value is produced rather than miss a deadline.

3.5. The Voting Mechanisms
As mentioned above, both hardware and software fault masking approaches use voting
mechanism for arbitrating between the results of redundant modules. The voting mechanism
compares the results of redundant modules of a system in order to determine and decide on the
correct result; if one exists. There are many different voter types from which the majority,
plurality, median and weighted average voters have been widely used in commercial computer-
based systems such as distributed client-server computing systems and industrial applications
such as military systems, air or train traffic control and new vehicles. [10, 11]
Voters tend to be single points of failure for hardware and software fault masking techniques,
and therefore should be designed and developed to be highly reliable, efficient and effective. The
voter receives a set of input/s and applies an algorithm to determine the correct or adjudicated
result. If a voter fails to determine a correct result, this will be indicated. Otherwise, the status
indicator will signal success. The correct result and the status indicator are then returned to the
method that invoked the voter.
A voter can be implemented either in hardware or software. The primary trade off between
hardware voting and software voting is speed and weight. In a hardware voter, the actual delay
between the application of the inputs and the availability of the output can be made very small,
depending on the propagation delays of the various electronic components used to construct the
circuit. The disadvantage of the hardware voter is the number of logic elements that must be
used; this increases in turn, the weight, size and cost of the system. For example, if a TMR with
triplicate voters is employed, three distinct hardware voters are required. The impact of the
hardware required for the voter is to increase the system’s power consumption, weight and size.
By taking the advantage of a processor’s computational capabilities, a software voter performs
the voting process with a minimum amount of an additional hardware. Also by simply modifying
the software, the software voter can modify the manner in which the voting is performed. The
disadvantage of the software voter is that the voting can require more time to perform simply
because the processor cannot execute instructions and process data as rapidly as a dedicated
hardware voter. The decision to use hardware or software voting typically depends on:
1. The availability of a processor to perform the voting
2. The speed at which voting must be performed
3. The criticality of space, power, and weight limitations
4. The number of different voters that must be provided
5. The flexibility required of the voter with respect to future changes in the system [24].

3.6. Classification of voters
Depending on the nature of input objects, voting algorithms can be classified into 4 groups, each
briefly explained in the following [45].
3.6.1. Bit voters
A bit voter makes a binary decision between the inputs i.e. that the voter inputs are one bit data
objects. Example of this voter is yes/no decision in social elections. Bit voters are structurally
simple and can be built-in with logic gates [57]. However, these voters are not of interest to this
project.


                                                          15
         By: Soureh Latif Shabgahi        Modelling and Analysis of Decision makers in Fault Tolerant Systems


3.6.2. Word voters
A word voter arbitrates between redundant n-bit input data objects. They are usually used in
industrial control systems, air-traffic control systems, and military applications and so on. From
word voters the majority, plurality, median and weighted average voters are discussed.
3.6.3. Vector voters
In vector voting, each input object is constructed from independent fields and voting action is
performed on these fields. Voters of this type are too complex and have more time-overhead.
They are used in manufacturing systems where a decision has to be made on multiple parameters
(values).
3.6.4. Weighted voters
A bit voter or word voter, in which some of the inputs have more preference than the others, is
called weighted voter. They are widely used in distributed field storage and clock
synchronisation systems where the main interest is to achieve a high availability level [58].

3.7. Word voters
As stated above, there are different types of word voters, including the majority, plurality,
median, and weighted average voter. These are explained in detail.
3.7.1. Majority voter
The majority voter is the most widely used in different applications. With majority voter, the
decisions of several classifiers are combined in order to achieve better recognised results.
Furthermore, it has been shown that majority voting techniques are by far the simplest and yet
they are able to perform as good as more complicated techniques. Majority voters take an odd
number of redundant inputs and arbitrate between them [33]. If a majority of inputs are in
agreement (consensus) with each other, the voter selects the agreed value as its output. In cases
of disagreement between inputs, the voter cannot produce an output. However, depending on the
system it is used in, it may activate an alarm system or diagnosing procedure or a series of shut-
down procedures (in a safe manner). Table 1 in Appendix A. presents a 3-inputs majority voter,
demonstrating with a few examples, the outputs given by this voter [9, 25, 29, 49].
Furthermore, the exact majority voter selects the majority of the variants as its adjudicated result.
For example if the number of variants is ‘n’, and n=3, then the agreement number ‘n’, is the
number of versions required to match for the systems success, and it must be anything 2 or
greater. In practice, the majority voter is generally seen as a 2 out of 3 voter [3, 4, 23].
On the other hand, Table 2 in Appendix A. presents a 5-input majority voter, and it is another
table demonstrating majority voting.
                                        x1
                                        x2           Majority            y
                                                      voter
                                        x3
                        Figure 3.2 Alternative way of demonstrating majority voter.

Figure 3.2 shows an alternative way of demonstrating the majority voter. x1, x2, x3 represent the inputs
given to the majority voter, and y is the output produced, cf. ‘Word-Voter: A New Voter Design for Triple
Modular Redundant Systems’ by Mitra [49].




                                                    16
         By: Soureh Latif Shabgahi        Modelling and Analysis of Decision makers in Fault Tolerant Systems


As the tables demonstrate, a 3-input majority voter has the capability to mask only faulty-
channel and a 5-input majority voter masks at most 2 faulty-input. It can be concluded that an ‘n’
input voter, masks (n-2)/2 faulty-input. In the presence of more faults, this type of voter is unable
to generate an output. In summary, in applications in which:
• it is sufficiently unlikely to have more than ( (n-1)/2 faulty inputs for an n-input voter) faulty
    values;
• stopping or reconfiguration of the system in disagreement voting cases is acceptable (and if
    output is producing no-result, has no dangerous consequences);

In inexact voter, when the difference between two inputs is less than a predefined value, named
as threshold, it is assumed that there has been an agreement reached and those two results are
considered as similar (or approximately identical). For example, by considering threshold = 0.5,
two voter inputs 10.2 and 10.6 are considered to be similar, since their difference is smaller than
0.5. Therefore, we can also use a voter threshold (VT) value, for defining an inexact majority
voter. It produces a result if two of three inputs are similar. (Similarly, the inexact plurality voter
is defined). It is obvious that the selection of threshold value is very critical. If it is selected a
small value, we may miss some of the correct results and if it is chosen as a large value, the
probability of obtaining wrong values are increased. Therefore, more care has to be taken when
selecting the voter threshold. The following example clarifies this issue [39, 46, 47, 50].

Suppose that the first and second modules of a TMR system with inexact majority voter, operate
correctly and produce correct values as follows: (x1 = 10.1  x2 = 10.6   x3 = 11)

If we select the threshold value of 0.2 (small), the voter cannot reach agreement (since the
difference of all inputs is larger than 0.2) and therefore no output is obtained. Thus, we will miss
a correct result from this voting cycle. If the threshold is chosen to be 1 (a large value), the voter
reaches easy agreement (since the difference of its all inputs is less than 1) and produces a result;
say 11. Since 11 is a wrong result, the voter, in fact, has given a wrong result.
Inexact voters are the general form of exact voters. In fact, for an exact voter the threshold value
is zero.

For the inexact majority, a predefined difference between Xi is acceptable, and the voter
threshold (VT) value is used. For example if the VT = 0.2, for:
                        [1     1.1   5]         y = 1 or 1.1
                        [1     0.9   5]         y = 1 or 0.9
                        [1     0.9 1.1]         y = 0.9
                        [1.2   1.5   1]         y=1
                        [1.2    2    3]         y = has no output/ no majority


Sometimes there will be a choice between two outputs. Whether the smallest or the largest output
is considered is not the issue. What is important is that the choice of output is kept consistent in
all cases, whether this may be the smallest or the largest value.




                                                    17
          By: Soureh Latif Shabgahi             Modelling and Analysis of Decision makers in Fault Tolerant Systems



                                           m1             x1= 11                        VT= 0.5
                   10 meters                        x2= 11.5        majority                          y = 11
                                           m2
                                                                                  Voter output
               Correct Input
                                           m3             x3= 10

                               Figure 3.3 Voter threshold introduced to majority voter.

Figure 3.3 shows a voter threshold value of 0.5being introduced to majority voting, which will in effect
result in an agreement being reached- or not, between the input values.

In fact, Figure 3.3 can be presented with an example. It can be a simple representation of an
aircraft for example, one which its height from the ground is being read. (10 metres) There are
three computers/ sensors (m1, m2, m3) that read the height; one would read this as 11 metres, one
as 11.5 metres and one as 10.
In practice, we do not know anything about the Correct Input, as it is not accessible. However, in
examples, we presume that we know the correct input. For this example given to Figure 3.4,
there is agreement but incorrectly. Therefore, in order to find a way, to see whether the output at
“y” is correct or not, is to once, compare the y with the Correct Input.
This is presented with Figure 5 shown below:
                                      m1
                                                 x1= 11                        VT= 0.5        AT = 0.5

   Correct Input                      m2                   Voter                            Compare
   α = 10                                   x2= 11.5                           y = 11
                                                                          Agreed result                  Final Result
                                      m3         x3= 10

                                                 α = 10
        Figure 3.4 Accuracy threshold and voter threshold introduced to majority voter.

Figure 3.4 representing an example where an accuracy threshold and voter threshold of 0.5 are
introduced to the system, which will decide whether the output is correct- or not.

It can be concluded that if the difference between ‘α’ and ‘y’ is less than the threshold value of
0.5, then ‘y’ / output is correct. However, if the difference is greater than the threshold value, the
agreed result is incorrect/ ‘y’ is incorrect.

To see whether the agreed result is correct or incorrect, it needs to be compared with the correct
input, using a comparator and a threshold called AT. Therefore, if the difference between α and y
is less than the AT, result is correct, otherwise incorrect.

All the information about majority voting can be used to generate Table 3 in Appendix A.
presenting a 3-input majority voter in 13 cases/ examples. The voter threshold and accuracy
threshold are considered to be values of 0.5. Agreed, represents when an output is given, whereas



                                                          18
         By: Soureh Latif Shabgahi      Modelling and Analysis of Decision makers in Fault Tolerant Systems


correct will only hold when comparing the output with the input, the difference is no more than
the threshold value of 0.5. If greater than 0.5, it will be incorrect.
3.7.2. Plurality voter
Furthermore, the plurality voter produces an output if a number of inputs (even less than a
majority number but at least 2) agree with each other. This type of voting means that the
candidate with the most votes is chosen. For example, for 3-input plurality voter, there must be
an existing agreement between (at least) 2 inputs and it is necessary, to produce a result. For 5-
input plurality voting, existence of agreement between two input is sufficient to generate an
output [33]. In the literature, this voter is sometimes regarded as the consensus voter. 3-input
plurality and majority voters are in fact identical in concept and operation. Table 4 in Appendix
A. presents a 5-input plurality voter. Note that in case 4, the majority voter was unable to
produce an output, whereas the plurality voter produces an output [31].
Table 5 in Appendix A. presents a 3-input plurality voter in 13 cases/ examples. The voter
threshold and accuracy threshold are considered to be values of 0.5. Agreed, represents when an
output is given, whereas correct will only hold when comparing the output with the input, the
difference is no more than the threshold value of 0.5. If greater than 0.5, it will be incorrect.
3.7.3. Median voter
The median voter selects the mid-value of its inputs as output regardless of there being
agreement or disagreement between the inputs. For a TMR system for example, with one faulty
input, the mid-value is always the correct value. Similarly, for a 5-input median voter with two
faulty inputs the mid-value is still a correct value and so on. However, a 3-input median voter
with more than one faulty input or a 5- input voter with more than two faulty inputs will generate
an incorrect result. Table 6 in Appendix A. presents a 5-input median voter. This voter selects
the median of the values inputted to the voter and its adjudicated result. A median voter can be
defined for variant outputs consisting of a single value in an ordered space. It uses a fast voting
algorithm and can be used on integers, floats, doubles or other numeric values [23, 49, 50].
As Table 6 shows, the voter produces a wrong result in case 4. It can be concluded that the
median voter has no capability to detect faults. It is efficient where at most (n-1)/2 inputs are
probably faulty, otherwise it produces the wrong answer. As a result, it can be said that this type
of voter is probably not the most suitable to be used for safety- critical systems.
Table 7 in Appendix A. presents a 3-input median voter in 13 cases/examples. The voter
threshold and accuracy threshold are considered to be values of 0.5. The ‘agreed’ column
represents when an output is given, whereas ‘correct’ will only hold when comparing the output
with the input, the difference is no more than the threshold value of 0.5. If greater than 0.5, it will
be incorrect.
3.7.4. Average voter
The average voter outputs the average of its input values as the final output. In contrast of the
majority, plurality, and median voters, where the voter output is in fact one of the input values,
the output of this voter is a new value distinct from its inputs. Straight away, the primary
disadvantage of this voter can be seen as the fact that it produces a wrong result even in the
presence of one faulty input (for a TMR system). The output of this voter in three sample cases is
shown in Table 8.




                                                  19
         By: Soureh Latif Shabgahi          Modelling and Analysis of Decision makers in Fault Tolerant Systems



                                            case     x1     x2     x3         y

                                              1      10     10     12        10.6
                                              2      10      9      11        10
                                              3      10     11      12        11


                                           Table 8 A 3-input average voter.

Table 8 represents how this voter would respond to 3cases/ examples, where for each case, 3-inputs are
presented to the voter. x1, x2 and x3 each represent one input and y is the output given.

Table 8 shows in case 1 the voter generates a wrong result, in which there was an agreement
between two input values and in this case, the majority, plurality, and median voters were
successful. Therefore, due to this, the average voter has rarely been used in ultra-reliable systems
(Instead of this voter, the weighted average voter is used).
3.7.5. Weighted average voter
The problem of average voting can be resolved by introducing the weighted average voter. With
this voter, a weighting factor is assigned to each input (Figure 3.5) and the weighted mean of the
inputs are computed. Furthermore, an input with the smaller weighting factor has less impact on
the voter output, than one with a greater weighting factor. Formula 1 presents the formula
needed for calculating output y [23].

                                           x1 . w 1 + x 2 .w 2 + x 3 .w 3
                                     y =
                                                  w1 + w 2 + w 3            (1)
                             (x1 , w1)

                                                          voter               y
                             (x2 , w2)


                             (x3 , w3)

                                     Figure 3.5 A weighted average voter.

As Figure 3.5 shows, a weighting factor is assigned to each input x1, x2 and x3, and the weighted
mean of the inputs are computed. It is obvious that where w1=w2=w3, the weighted average voter
will function as/ like the average voter. Therefore, the average voter is a special case of the
weighted average voter. Table 9 in Appendix A. presents a weighted average voter given 4
examples.

Note that in case 2 from Table 9 the weighted average voter produces a result, more closer to the
likely correct value (which would be value 10), whereas the average voter gives (10 + 10 + 20 ) /
3 = 13.33, which is far from the correct answer. The success of this voter will depend on the
selection and allocation of weighting factors. The question remains is: how to select the
weighting factor.


                                                       20
        By: Soureh Latif Shabgahi     Modelling and Analysis of Decision makers in Fault Tolerant Systems




Weight assignment methods
Weights can be assigned in one of the following ways: Prior assignment and Dynamic
assignment.
The first method is based on the prior information about the channels such as designer
experience, channel records or reliability level of channels. From these, weight-assignment
approach based on the reliability level of modules is explained.
Suppose that software modules A, B and C have been designed for a TMR system. To ensure the
functionality correctness of individual modules and debugging purposes, the designer has to
perform a set of experimental tests. Having carried out 1000 acceptance tests, the designer finds
that module A has been successful in 970 cases, the module B in 780 cases and the module C in
450 cases for example. Now, it can be concluded that the reliability of the modules are: (R
standing for reliability)  R (A) = 0.97     R (B) = 0.78    R (C)= 0.45

These values can be used, during the operation phase of the system, as priory weighting factors
for a weighted average voter. More clearly, the output of a TMR system consists of modules A,
and B and C are computed as follows.
                                 0.97. x1 + 0.78. x 2 + 0.45. x 3
                              y=
                                              2.4

According to this equation, in calculating y, the output of module A has the highest impact and
the output of module C has the lowest effect in construction of their output values y.
On the other hand, in the second method, weights are calculated dynamically during the
operation time of the voter. Most types of these voters, use distance metric (distance between
voter-inputs) to compute weighting factors. A module result which is far from the other module
results is assigned to a smaller weight compared with a result that is close to any of the other
module results. This method will be explained in more detail in the next chapter.
Furthermore, Table 10 in Appendix A. presents a weighted average voter given in 3 cases/
examples, where for each case 3-inputs are presented as x1, x2 and x3.


3.8. Chapter Summary
Both hardware and software fault masking approaches have been explained in some detail. It was
emphasized that they are based on voting mechanisms, so various types of voting algorithms
from the literature have been introduced. A classification for voters has been provided and
different versions of widely used word voters introduced and discussed. The application area as
well as advantages and disadvantages of each voter explained briefly. The next chapter will
focus on the implementation issues of selected word voters.




                                                21
         By: Soureh Latif Shabgahi         Modelling and Analysis of Decision makers in Fault Tolerant Systems



                                            Chapter 4

                              Voting Implementation
4.1. Chapter Introduction
Previously four popular voting algorithms, the majority, plurality, median and weighted average
voters have been introduced and explained [37, 38]. In this chapter, these voters will be
implemented in MATLAB environment. Before starting this chapter, a number of definitions are
firstly introduced.
We will call two voters, A and B identical, if they are exactly the same i.e. A = B. We will also
call two values A and B similar, if they are inexactly the same i.e. their difference is no more
than a given threshold like α, | A – B | <= α. Two values A and B are in agreement if they are
either identical or similar.
Example: if α is assumed to be 0.5 then the values:
• (10 & 10) are in agreement
• (10 & 10.4) are in agreement since their difference is less than α.
• (10 & 10.7) are in disagreement since (10.7 – 10) > α
These three terms (identical, similar, agreement) will be frequently used in the remaining parts
of this work.

4.2. Majority Voter
4.2.1. Implementation of 3_input exact majority voter
Recall that, in an exact majority voter, if the majority of inputs are exactly identical, then the
voter has an output and the output will be the majorit value. As an example, a 3-input majority
voter, gives the value y = 10, for the following input-vector (x). x = [10 10 10.1]
                                           x1
                                      M1
                                            x2
                                      M2               Majority            y
                                            x3
                                      M3


                                      Figure 4.1 Majority example
Where [x1 x2 x3] from this figure represent input values [10 10 10.1]. This algorithm has been
implemented in MATLAB environment and presented by Table 1 in Appendix B., also
demonstrating with an example, the outputs given by this voter.
4.2.2. Implementation of 5_input exact majority voter
In a 5-input majority voter, if 3 of the inputs agree, then the voter gives that agreed value as its
output. This algorithm has been implemented in MATLAB environment and presented by Table
2 in Appendix B.
The program shows that we need 9 comparisons for the completion of a 5-input voter. It is
obvious that by increasing the size of the voter (i.e. the number of voter inputs), the “number of
comparisons” will also be increased and hence the complexity of the program as well as its
execution time will be increased. It is required to now improve our implementation; to decrease

                                                     22
         By: Soureh Latif Shabgahi         Modelling and Analysis of Decision makers in Fault Tolerant Systems


the number of required “comparison actions” as well as the execution-time of the program. One
good solution is to use the sort algorithm.
4.2.3. The use of “sort” function in the implementation of majority voter
The benefit of using the sort function in writing the majority algorithm, is shown here with an
example. Assume a 5-input majority voter with the following vector input:
                                      x = [11 10 11 10 11]
For examining the possibility of agreement between these input values, we first sort vector (x) to
produce the new vector (xs).         xs = [10 10 11 11 11].

Recalling that in a 5-input majority voter, the agreement of three inputs is required to produce a
voter-output. We now consider all of the 3-element sub-vector inside vector (x). In the given (xs),
these are as follows:
                               sorted vector x = xs [10 10 11 11 11]
sub-vector 1 = [10 10 11]
sub-vector 2 = [10 11 11]
sub-vector 3 = [11 11 11]

It is obvious that if at least one of the sub-vectors has identical elements, then agreement exits
for this case and the voter output is that element. Here, sub-vector 3 has that attribute and hence
the voter-output is 11. Moreover, since the sub-vectors are sorted vectors, only 3 comparisons
are needed to find the possibility of agreement. Therefore by using the sort technique, the
number of required “comparing actions” reduced from 9 to 3 for a 5-input voter. As a result, the
execution time of the voter will be increased.
It may be argued that the sort function, by itself needs some comparisons to sort its inputs and
thus the number of real comparisons for a sort-based 5-input majority voter is:
                             3 + “comparisons needs to sort 5 values”.

However, it can be shown that by using quick sort algorithms, a sort-based majority voter
behaves faster than an ordinary majority voter.
4.2.4. sort-based 5_input majority voter
Based on the use of sort-technique, the sort-based majority voting has been implemented in
MATLAB environment and presented by Table 3 in Appendix B.
However the program can be shortened and presented by Table 4 in Appendix B.
4.2.5. sort-based n-input majority voter
The last program, wrote in the previous section can be parameterised to get a generalised n-input
voter presented by Table 5 in Appendix B.
4.2.6. n-input inexact majority voter
The implementation for the inexact majority voter, will be achieved by a slight change made to
the exact_majg code. This change arrives from introducing a threshold value and changing the if
statement of the loop. This implemented has been presented by Table 6 in Appendix B.




                                                     23
           By: Soureh Latif Shabgahi    Modelling and Analysis of Decision makers in Fault Tolerant Systems



4.3. Plurality voter
4.3.1. Explaining the algorithm by Plurality voting algorithm
Plurality voter is the soft (conservative) version of the majority voter. It outputs a value from its
input values which has the largest cardinality. The cardinality of a value in a set of values is the
number of identical or similar values of that value in that set [64].

Example 1: Assuming the following set (for exact voter type):
x = [10 10.5 10 10.8 10.5 10 11]
The value 10 has cardinality = 3
The value 10.5 has cardinality = 2
The value 10.8 and 11 have cardinality = 1

Example 2: Assuming the following set of values and threshold = 0.5 (for inexact voter type):
x = [10 10.4 10.2 10.8 10.9 12] Find the cardinality of each value of this set:
•   The value 10 has cardinality = 3, because only the value 10 and 10.4 and 10.2 are similar i.e.
    their difference from each other is less than the threshold.
| 10 – 10 | = 0         < threshold
| 10 – 10.4 | = 0.4     < threshold
| 10 – 10.2 | = 0.2     < threshold
| 10 – 10.8 | = 0.8     > threshold
| 10 – 10.9 | = 0.9     > threshold
| 10 – 12 | = 2         > threshold
•   The second value of the set, 10.4 has cardinality = 5 because:
| 10.4 – 10 | = 0.4     < threshold
| 10.4 – 10.4 | = 0     < threshold
| 10.4 – 10.2 | = 0.2   < threshold
| 10.4 – 10.8 | = 0.4   < threshold
| 10.4 – 10.9 | = 0.5   < threshold
| 10.4 – 12 | = 1.6     > threshold
•   The value 10.2 of the set has cardinality = 3 because:
| 10.2 – 10 | = 0.2     < threshold
| 10.2 – 10.4 | = 0.2   < threshold
| 10.2 – 10.2 | = 0     < threshold
| 10.2 – 10.8 | = 0.6   > threshold
| 10.2 – 10.9 | = 0.7   > threshold
| 10.2 – 12 | = 1.8     > threshold
•   The value 10.8 of the set has cardinality = 3 since:
| 10.8 – 10 | = 0.8 > threshold
| 10.8 – 10.4 | = 0.4 < threshold
| 10.8 – 10.2 | = 0.6 > threshold
| 10.8 – 10.8 | = 0 < threshold
| 10.8 – 10.9 | = 0.1 < threshold
| 10.8 – 12 | = 1.2 > threshold
•   Similarly, the value 10.9 has cardinality = 3
•   Finally, the value 12 has cardinality = 1



                                                    24
         By: Soureh Latif Shabgahi          Modelling and Analysis of Decision makers in Fault Tolerant Systems


We can now define a cardinality vector (cv) for any given vector (x). Each element of the
cardinality vector is the cardinality of its associated value in (x). For example, the cardinality
vector of example 2 from above is as follows:
                                     x= [10 10.4 10.2 10.8 10.9 12]
                                           cv = [ 3 5 3 3 3 1]
In fact cv (1) = 3 is the cardinality of x(1) = 10 and cv (2) = 5 is the cardinality of x(2) = 10.4
and so on.
As mentioned at the beginning of this section, plurality algorithm selects the value with the
largest cardinality as its outputs. This means that for the previous example, the plurality voter
will select x(2) = 10.4 as its output because this value has the largest cardinality (5) value.

Example 3: What is the output value of the following set, voted by a plurality algorithm with
threshold = 1.                         x = [21 21.7 22.3 21.9 24]
Solution: We first find the cardinality value of each element of x.
cv = [ 3 4 3 4 1]
In this example, we have two values with cardinality 4 (i.e. 21.7 has cardinality 4 as well as 21.9)
In such situations, we can select arbitrarily, one of the values of 21.7 or 21.9 as the voter output.
4.3.2. Implementation of the algorithm
We can now implement the plurality voting algorithm in three steps. Given an input-vector x:
1. Find the cardinality vector of input-vector and name it cv.
2. Find the largest cardinality value of cv and call it max-car. It is possible we find more than one
max-car.
3. Select from x the value which is associated with max-car. If there were more than one max-
car, one of their associated values from x is selected arbitrarily as the voter output. These steps
are figured in the following flow chart.

      Input                                            Find max                Select from
                        Find cardinality                                                            Output the
                                                    cardinality value          (x) a value
 voter_inputs (x)         vector (cv)                                                                 value
                                                  from cv (max_car)           with max_car

                            Figure 4.2 The flow chart of plurality algorithm.

It must be stated that the plurality algorithm may be implemented by other methods. I thought
that using the concept of cardinality may simplify the writing of code and program. Based on the
mentioned three steps, the code can now be written and in fact it will be written three times. The
first time, it will be written for the 3-input voter, the second time for the 5-input voter and finally
for n-input voter. Before any implementation, as two strong commands (Find and Length) from
MATLAB are going to be used, the functions of these instructions are going to be described. It
had to be added that these two instructions have considerably shortened the programs.
4.3.3. ‘Find’ and ‘Length’ in MATLAB
The MATLAB command Length returns the size or dimension of the array it refers. For example
if x = [1 1.2 1.3] Length(x) returns 3, because the size of array x is 3. Similarly if we have x =
[1.2 1.8 2.4 2.5 10], Length(x) = 5.


                                                      25
         By: Soureh Latif Shabgahi      Modelling and Analysis of Decision makers in Fault Tolerant Systems


The MATLAB command Find appears in programs as follows: Find (k) where k is an
expression. It returns the non-zero indices of k. This will be explained in three examples.

Example 1: Suppose that: x = [1 1.2 1 1.2 1]
y = find (x == x(1) ) finds the location (indices) of elements of x that are equal to x(1). In this
case x(1) = 1 and the first, third and fifth elements of x are equal. Therefore the ‘find’ instruction
returns the vector [1 3 5]. Hence: y = [1 3 5].
Similarly:
        find (x == x(2) ) returns y= [2 4]
        find (x == x(3) ) returns y= [1 3 5]
         find (x == x(4) ) returns y= [2 4]
        find (x == x(5) ) returns y= [1 3 5]

Example 2: If x= [10 10.4 10.2 10.8 10.9 12]
     find ( x < x(1) ) returns null/nothing
     find ( x <= x(1) ) returns y = [1]
     find ( x <= x(2) ) returns y = [1 2 3]
     find ( x <= x(6) ) returns y = [1 2 3 4 5 6]
     find ( x <= ( x(1) + 0.5) ) returns y = [1 2 3]
     find ( x >= ( x(1) - 0.5) ) returns y = [1 2 3 4 5 6]

Example 3: Given x = [10 10.4 10.2 10.8 10.9 12], the following instructions find the indices of
all elements of x which have the value between 9.5 and 10.5
        find ( x >= 9.5 & x <= 10.5 )
This instruction may be written as the following: find (x >= (x(1) – 0.5) & x <= (x(1) + 0.5) )
Either of these instructions will return: y= [1 2 3]

Similarly: If we assume that T=0.5 then:
       find ( x >= (x(1) – T) & x <= (x(1) + T) ) returns y = [1 2 3]
       find ( x >= (x(2) – T) & x <= (x(2) + T) ) returns y = [1 2 3 4 5]
       find ( x >= (x(3) – T) & x <= (x(3) + T) ) returns y = [1 2 3]

It is now obvious that the combination of find and Length i.e. Length (find (k)) will return the
cardinality of k. I have used this instruction in my plurality voter program.
4.3.4. 3_input Plurality voter
Table 7 in Appendix B. presents a plurality voter implementation for 3-inputs.
It is obvious that if we do not use the instruction find from MATLAB, we should write a piece of
code ourselves, to find the maximum cardinality of the given input-vector of the voter. Table 8
in Appendix B. is presented in such a way.
4.3.5. 5_input Plurality voter
The 3-input plurality voter can be easily extended to a 5-input voter, as presented by Table 9 in
Appendix B.
This program has also been written without using the find command from MATLAB as Table 10
in Appendix B. presents.



                                                  26
         By: Soureh Latif Shabgahi       Modelling and Analysis of Decision makers in Fault Tolerant Systems


It can be seen that by increasing the size of the voter, the implementation of 5-input plurality
voter gets more difficult and complex.
4.3.6. n-input exact Plurality voter
We can now write our code as a generalised voter as Table 11 in Appendix B. presents.
4.3.7. n-input Inexact Plurality voter
Small changes can now be made to the n-input exact voter, based on the discussion in section 3
example3, to implement the final code for the n-input inexact voter, as Table 12 in Appendix B.
presents.
4.3.8. Applications of plurality algorithm
Some applications of the plurality algorithm have been presented.

A medical system has been presented for determining the condition of a patient’s heart, which
comprises a plurality of electrodes to produce cardiac signals. This will convert signals to a
digital form and data processing will process the signals in order to determine the plurality of
parameters of the patient’s heartbeat. It will also look at the health of the heart by determining
the condition the heart is at, using a binary decision algorithm [59, 60].
The plurality voting system has also been known as the single-winner voting system often used
to elect for example members of a legislative assembly (based on single-member constituencies).
In the UK, Canada, India, and the USA the most common plurality system which is a voting
system where a single winner is chosen in a given constituency, chosen for having more votes
than other representatives. Furthermore, plurality in voting has contrasted with the concept of
majority (more than half). Combining plurality and majority together will give: "A plurality of
votes being the total vote received by a candidate greater than that received by any opponent but
less than a majority of the vote" [61, 62].

4.4. Median voter
The median voter selects the mid-value of its inputs as outputs. The median voter can be easily
written by using the sort technique. The input-vector is firstly sorted, and then the mid-value
located number is selected as its output.
Example: input-vector x = [10 11 10 10.2 11.8] selects y = 11 as its output.
4.4.1. Implementation of median voter
The implementation for this voter has been presented by Table 13 in Appendix B, also
demonstrating with an example, the outputs given by this voter.


4.5. Weighted average voter
The weighted average voter which is sometimes referred to as the weighted voter produces the
weighted average of its inputs. The weighting factor assigned to each input, shows the
importance degree of that input. It is obvious that the input that is close to all other inputs is
assigned with larger weighting factor than the input which is the furthest from the other inputs.
Most types of these voters, use distance metric (distance between voter-inputs) to compute
weighting factors. The implementation of this voter, based on the Lorczak method is explained
[63].

                                                   27

				
DOCUMENT INFO