A Formal Model for Constraint-Based Deployment Calculation and Analysis for Fault-Tolerant Systems
In many embedded systems like in the automotive domain, safety-critical features are increasingly realized by software. Some of these features are often required to behave fail-operational, meaning that they must stay alive even in the presence of random hardware failures.
We propose a new fault-tolerant SW/HW architecture for electric vehicles with inherent safety capabilities that enable fail-operational features. In this paper, we introduce a constraint-based approach to calculate valid deployments of mixed-critical software components to the execution nodes. To avoid harm, faulty execution nodes have to be isolated from the remaining system. We treat the isolations of execution nodes and the required changes to the deployment to keep those software components alive that realize fail-operational features. The affected software components have to be resumed on intact execution nodes. However, the remaining system resources may become insufficient to execute the full set of software components after an isolation of an execution node. Hence, some components might have to be deactivated, meaning that features might get lost. Our approach allows to formally analyze which subset of features can still be provided after one or more isolations. We present an arithmetic system model with formal constraints of the deployment-problem that can be solved by a SMT-Solver. We evaluate our approach by showing an example problem and its solution.
KeywordsFault-Tolerance Fail-Operational Mixed-Critical Deployment Dependability SMT-Solver
Unable to display preview. Download preview PDF.
- 1.Avizienis, A., Laprie, J., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. on Dependable and Secure Computing (1), 11–33 (2004)Google Scholar
- 2.Blanke, M., Staroswiecki, M., Wu, N.E.: Concepts and methods in fault-tolerant control. In: Proceedings of the American Control Conf., vol. 4. IEEE (2001)Google Scholar
- 3.Sommer, S., Camek, A., Becker, K., Buckl, C., Knoll, A., Zirkler, A., Fiege, L., Armbruster, M., Spiegelberg, G.: Race: A centralized platform computer based architecture for automotive applications. In: IEEE Vehicular Electronics Conference / Int. Electric Vehicle Conference (VEC-IEVC) (2013)Google Scholar
- 4.Armbruster, M., Fiege, L., Freitag, G., Schmid, T., Spiegelberg, G., Zirkler, A.: Ethernet-Based and Function-Independent Vehicle Control-Platform: Motivation, Idea and Technical Concept Fulfilling Quantitative Safety-Requirements from ISO 26262. In: Adv. Microsystems for Automotive Applications (AMAA), pp. 91–107 (2012)Google Scholar
- 6.International Organization for Standardization: ISO/DIS 26262-1 - Road vehicles - Functional safety, Part 1 Glossary. Technical report, ISO/TC 22 (2011)Google Scholar
- 7.Becker, K., Armbruster, M., Schätz, B., Buckl, C.: Deployment Calculation and Analysis for a Fail-Operational Automotive Platform. In: 1st Workshop on Engineering Dependable Systems of Systems (EDSoS) (2014)Google Scholar
- 9.Shelton, C., Koopman, P., Nace, W.: A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems. In: Int. Workshop on Object-Oriented Real-Time Dependable Systems (WORDS), pp. 156–163. IEEE (2003)Google Scholar
- 10.Boone, B., De Turck, F., Dhoedt, B.: Automated deployment of distributed software components with fault tolerance guarantees. In: 6th Int. Conf. on Software Engineering Research, Management and Applications (SERA), pp. 21–27. IEEE (2008)Google Scholar