A Formal Model for Constraint-Based Deployment Calculation and Analysis for Fault-Tolerant Systems

  • Klaus Becker
  • Bernhard Schätz
  • Michael Armbruster
  • Christian Buckl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8702)


In many embedded systems like in the automotive domain, safety-critical features are increasingly realized by software. Some of these features are often required to behave fail-operational, meaning that they must stay alive even in the presence of random hardware failures.

We propose a new fault-tolerant SW/HW architecture for electric vehicles with inherent safety capabilities that enable fail-operational features. In this paper, we introduce a constraint-based approach to calculate valid deployments of mixed-critical software components to the execution nodes. To avoid harm, faulty execution nodes have to be isolated from the remaining system. We treat the isolations of execution nodes and the required changes to the deployment to keep those software components alive that realize fail-operational features. The affected software components have to be resumed on intact execution nodes. However, the remaining system resources may become insufficient to execute the full set of software components after an isolation of an execution node. Hence, some components might have to be deactivated, meaning that features might get lost. Our approach allows to formally analyze which subset of features can still be provided after one or more isolations. We present an arithmetic system model with formal constraints of the deployment-problem that can be solved by a SMT-Solver. We evaluate our approach by showing an example problem and its solution.


Fault-Tolerance Fail-Operational Mixed-Critical Deployment Dependability SMT-Solver 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Avizienis, A., Laprie, J., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. on Dependable and Secure Computing (1), 11–33 (2004)Google Scholar
  2. 2.
    Blanke, M., Staroswiecki, M., Wu, N.E.: Concepts and methods in fault-tolerant control. In: Proceedings of the American Control Conf., vol. 4. IEEE (2001)Google Scholar
  3. 3.
    Sommer, S., Camek, A., Becker, K., Buckl, C., Knoll, A., Zirkler, A., Fiege, L., Armbruster, M., Spiegelberg, G.: Race: A centralized platform computer based architecture for automotive applications. In: IEEE Vehicular Electronics Conference / Int. Electric Vehicle Conference (VEC-IEVC) (2013)Google Scholar
  4. 4.
    Armbruster, M., Fiege, L., Freitag, G., Schmid, T., Spiegelberg, G., Zirkler, A.: Ethernet-Based and Function-Independent Vehicle Control-Platform: Motivation, Idea and Technical Concept Fulfilling Quantitative Safety-Requirements from ISO 26262. In: Adv. Microsystems for Automotive Applications (AMAA), pp. 91–107 (2012)Google Scholar
  5. 5.
    Henzinger, T.A., Horowitz, B., Kirsch, C.M.: Giotto: A time-triggered language for embedded programming. In: Henzinger, T.A., Kirsch, C.M. (eds.) EMSOFT 2001. LNCS, vol. 2211, pp. 166–184. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    International Organization for Standardization: ISO/DIS 26262-1 - Road vehicles - Functional safety, Part 1 Glossary. Technical report, ISO/TC 22 (2011)Google Scholar
  7. 7.
    Becker, K., Armbruster, M., Schätz, B., Buckl, C.: Deployment Calculation and Analysis for a Fail-Operational Automotive Platform. In: 1st Workshop on Engineering Dependable Systems of Systems (EDSoS) (2014)Google Scholar
  8. 8.
    de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Shelton, C., Koopman, P., Nace, W.: A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems. In: Int. Workshop on Object-Oriented Real-Time Dependable Systems (WORDS), pp. 156–163. IEEE (2003)Google Scholar
  10. 10.
    Boone, B., De Turck, F., Dhoedt, B.: Automated deployment of distributed software components with fault tolerance guarantees. In: 6th Int. Conf. on Software Engineering Research, Management and Applications (SERA), pp. 21–27. IEEE (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Klaus Becker
    • 1
  • Bernhard Schätz
    • 1
  • Michael Armbruster
    • 2
  • Christian Buckl
    • 1
  1. 1.fortiss GmbH, An-Institut Technische Universität MünchenMünchenGermany
  2. 2.Siemens AG, Corporate Research and TechnologiesMünchenGermany

Personalised recommendations