Computing Scores of Forwarding Schemes in Switched Networks with Probabilistic Faults

Time-triggered switched networks are a deterministic communication infrastructure used by real-time distributed embedded systems. Due to the criticality of the applications running over them, developers need to ensure that end-to-end communication is dependable and predictable. Traditional approaches assume static networks that are not flexible to changes caused by reconfigurations or, more importantly, faults, which are dealt with in the application using redundancy. We adopt the concept of handling faults in the switches from non-real-time networks while maintaining the required predictability. We study a class of forwarding schemes that can handle various types of failures. We consider probabilistic failures. For a given network with a forwarding scheme and a constant $\ell$, we compute the {\em score} of the scheme, namely the probability (induced by faults) that at least $\ell$ messages arrive on time. We reduce the scoring problem to a reachability problem on a Markov chain with a “product-like” structure. Its special structure allows us to reason about it symbolically, and reduce the scoring problem to #SAT. Our solution is generic and can be adapted to different networks and other contexts. Also, we show the computational complexity of the scoring problem is #P-complete, and we study methods to estimate the score. We evaluate the effectiveness of our techniques with an implementation.

💡 Research Summary

This paper addresses a critical challenge in real-time distributed embedded systems: ensuring dependable and predictable communication over time-triggered switched networks in the presence of probabilistic component failures. Traditional static time-triggered schedules offer determinism but lack flexibility and robustness, often pushing fault handling to the application layer through redundancy. The authors propose a novel framework that incorporates fault-handling within the network switches themselves—inspired by software-defined networking—while strictly maintaining the predictability required for hard real-time constraints.

The core problem is defined as computing the “score” of a given forwarding scheme. The inputs are a network topology with probabilistic edge failure rates, a set of messages to be routed, a deterministic forwarding scheme (F), a global timeout (t), and a guarantee threshold (ℓ). The score is the probability that at least ℓ messages arrive at their destinations within time t when the network operates under the forwarding scheme F and is subject to random link faults. This score serves as a powerful metric for predicting network performance, comparing different forwarding algorithms, and conducting sensitivity analysis on system parameters.

A forwarding scheme F is formally defined as a triple: a central forwarding algorithm (A) expressed as propositional logic rules, a per-switch total order on message priorities, and a per-message per-switch preference order on outgoing edges. This model captures switch limitations while allowing variability. The paper demonstrates how both classic Time-Triggered (TT) schedules and a “Hot-potato” routing algorithm for networks with small queues can be expressed within this framework.

The technical methodology for score computation involves a sophisticated two-step abstraction. First, for each message m, a deterministic automaton D_m is constructed, modeling the journey of that single message through the network according to the rules of F, given a sequence of fault events. Second, the automata for all messages are combined to simulate their concurrent execution, and a Markov chain C is superimposed by assigning probabilities to the fault events (input letters). The chain C has a “product-like” structure because the messages interact only through contention for switch resources (queues and links) under the shared fault pattern.

Leveraging this structure, the authors avoid explicitly constructing the exponentially large Markov chain. Instead, they build a Boolean formula ψ that symbolically encodes the execution of C. The size of ψ is proportional to the sum of the sizes of the individual D_m automata, not their product. There is a one-to-one correspondence between satisfying assignments of ψ and execution traces of the network. The score is then derived from the weighted count of those satisfying assignments that correspond to “good outcomes” (≥ ℓ timely arrivals), where the weight of an assignment is the probability of its specific fault pattern. Thus, the scoring problem is reduced to a weighted #SAT problem.

The paper establishes the fundamental computational complexity of the problem by proving that scoring a forwarding scheme is #P-complete. This provides a theoretical justification for employing powerful #SAT solvers and indicates the inherent difficulty of exact computation.

Given the complexity, the authors also investigate estimation techniques: 1) Using exact weighted #SAT solvers, 2) An iterative approximation algorithm that exploits the practical assumption of low failure probabilities by considering traces with increasingly many faults, and 3) Standard Monte Carlo simulation.

The proposed techniques are implemented and evaluated. The exact method via #SAT scales to small networks. The approximation counting method scales better but is generally outperformed by the Monte Carlo simulation, which scales well to moderate-sized networks while maintaining good accuracy, as validated against exact scores for small cases.

In summary, this work provides a formal and general framework for quantifying the reliability of forwarding schemes in real-time networks under probabilistic faults. It bridges the gap between real-time predictability and network fault tolerance. The reduction to weighted #SAT offers a precise analytical tool, while the Monte Carlo method provides a practical and scalable solution for design-space exploration. The framework is adaptable and poised to benefit from ongoing advancements in formal verification and counting algorithms.