Design strategy for a formally verified reliable computing platform

Butler, Ricky W.; Caldwell, James L.; Vito, Ben L. Di

doi:10.1109/cmpass.1991.161051

Cited by 13 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since today's technology cannot support the manufacturing of electronic devices with failure rates low enough to meet the reliability requirements, the reliability of an ultra-dependable system must be higher than the reliability of each of its node computers. This can only be achieved by utilizing fault-tolerant strategies that enable the continued operation of the system in the presence of node computer failures (Butler et al, 1991). The integrated architecture builds on top of a time-triggered architecture, which offers a consistent distributed computing base (Poledna et al, 2002) with a consistent distributed state induced by the sparse time.…”

Section: Improved Dependabilitymentioning

confidence: 99%

DECOS: an integrated time-triggered architecture

Obermaisser

Peti

Huber

et al. 2006

Elektrotech. Inftech.

View full text Add to dashboard Cite

Depending on the physical structuring of large distributed safety-critical real-time systems, one can distinguish federated and integrated system architectures. This paper describes an integrated system architecture which combines the complexity management advantages of federated systems with the functional integration and hardware benefits of an integrated approach. In order to control complexity, the overall functionality is divided into a set of application subsystems, each with dedicated architectural communication services, allowing developers to act as if they were building an application for a federated architecture. The introduced architecture builds upon the validated services of a time-triggered core architecture, which provides a physical network as a shared resource for the communication activities of more than one application subsystem. The communication resources are encapsulated and multiplexed between application subsystems. In analogy, encapsulated partitions are used to share node computers among software modules of multiple application subsystems. Architectural encapsulation mechanisms ensure that the assumptions and abstractions performed in the functional system structuring also hold after combining the different subsystems on the target platform. DECOS: eine integrierte zeitgesteuerte Architektur.In Abhä ngigkeit der physikalischen Strukturierung von großen verteilten sicherheitskritischen Echtzeitsystemen kö nnen fö derierte und integrierte Systemarchitekturen unterschieden werden. Diese Arbeit beschreibt eine integrierte Systemarchitektur, welche die Vorteile fö derierter Architekturen in Bezug auf Komplexitä tsmanagement mit den Vorteilen eines integrierten Ansatzes (d. h. bessere funktionale Integration und Ressourcenauslastung) vereint. Um die Komplexität des Gesamtsystems zu beherrschen, erfolgt eine Unterteilung in Applikationssubsysteme, die zudem mit spezifischen Architekturdiensten ausgestattet sind. Insbesondere werden die Kommunikationsdienste in deren Funktionalitä t und Zeitverhalten an die jeweiligen Applikationsanforderungen angepasst. Designer kö nnen das System daher in einer Weise entwickeln, wie dies eine fö derierte Architektur gestatten wü rde. Die vorgestellte integrierte Systemarchitektur basiert auf den validierten Diensten einer zeitgesteuerten Kernarchitektur, wobei das physikalische Netzwerk eines einzelnen, verteilten zeitgesteuerten Computersystems als gemeinsame Ressource fü r die Kommunikationsaktivitä ten mehrerer Applikationssubsysteme dient. Die Kommunikationsressourcen werden enkapsuliert und zwischen Applikationssubsystemen gemultiplext. Ebenso dienen enkapsulierte Partitionen innerhalb von Komponenten der Aufteilung von Komponentenressourcen (z. B. Prozessorzeit und Speicher) zwischen Softwaremodulen verschiedener Applikationssubsysteme. Die Enkapsulierungsmechanismen der Architektur auf Netzwerk-und Komponentenebene stellen sicher, dass die im Rahmen der funktionalen Systemstrukturierung getroffenen Annahmen und Abstraktionen auch nach der Integration d...

show abstract

Section: Improved Dependabilitymentioning

confidence: 99%

DECOS: an integrated time-triggered architecture

Obermaisser

Peti

Huber

et al. 2006

Elektrotech. Inftech.

View full text Add to dashboard Cite

show abstract

“…A Fault Containment Region (FCR) is defined as a subsystem that operates correctly regardless of any arbitrary logical or electrical fault outside the region [46]. The justification for building ultra-reliable systems from replicated resources rests on an assumption of failure independence among redundant units [2]. The independence of FCRs can be compromised by shared physical resources (e.g., power supply, timing source), external faults (e.g., Electromagnetic Interference (EMI), spatial proximity) and design.…”

Section: Fault-containment Regionsmentioning

confidence: 99%

“…In these ultra-dependable applications, a maximum failure rate of 10 −9 critical failures per hour is demanded [1][p. 10]. This can only be achieved by utilizing fault-tolerant strategies that enable the continued operation of the system in the presence of component failures [2].…”

Section: Introductionmentioning

confidence: 99%

The Fault Assumptions in Distributed Integrated Architectures

Obermaisser¹,

Peti²

2007

SAE Technical Paper Series

View full text Add to dashboard Cite

Distributed integrated architectures in the automotive and avionic domain result in hardware cost reduction, dependability improvements, and improved coordination between application subsystems compared to federated systems. In order to support safety-critical application subsystems, a distributed integrated architecture needs to support fault-tolerance strategies that enable the continued operation of the system in the presence of failures. The basis for the implementation and validation of faulttolerance strategies are realistic fault assumptions, which are captured in a fault hypothesis. This paper describes a fault hypothesis for distributed integrated architectures, which takes into account the sharing of the communication and computational resources of a single distributed computer system among multiple application subsystems. Each node computer serves for the execution of multiple jobs. In analogy, the communication network interconnecting the node computers has to support message exchanges of more than one application subsystem. Using a generic system model of a distributed integrated architecture, we argue in favor of a differentiation of fault containment regions for hardware and software faults. Based on these fault containment regions, we discuss the failure modes, the failure rates, the maximum number of failures, and the recovery intervals. In particular, the fault hypothesis describes the assumptions concerning the respective frequencies of transient and permanent failures in consideration of recent semiconductor trends.

show abstract

“…Since ECU failure rates are in the order of 10 −5 to 10 −6 , ultra-dependable applications require the system as a whole to be more reliable than any one of its ECUs. This can only be achieved by utilizing fault-tolerant strategies that enable the continued operation of the system in the presence of ECU failures [3].…”

Section: Dependabilitymentioning

confidence: 99%

An Integrated Architecture for Future Car Generations

Peti

Obermaisser

Tagliabò

et al.

Eighth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC'05)

View full text Add to dashboard Cite

Depending on the physical structuring of large distributed safety-critical real-time systems, one can distinguish federated and integrated system architectures. The DE-COS architecture combines the complexity management advantages of federated systems with the functional integration and hardware benefits of an integrated approach. This paper investigates the benefits of the DECOS integrated system architecture as an electronic infrastructure for future car generations. The shift to an integrated architecture will result in quantifiable cost reductions in the areas of system hardware cost and system development.In the paper we present a current federated Fiat car E/E architecture and discuss a possible mapping to an integrated solution based on the DECOS architecture. The proposed architecture provides a foundation for mixedcriticality integration with both safety-critical and non safety-critical subsystems. In particular, this architecture supports applications up to the highest criticality classes (10 −9 failures per hour), thereby taking into account the emerging dependability requirements of by-wire functionality in the automotive industry.

show abstract

Design strategy for a formally verified reliable computing platform

Cited by 13 publications

References 8 publications

DECOS: an integrated time-triggered architecture

DECOS: an integrated time-triggered architecture

The Fault Assumptions in Distributed Integrated Architectures

An Integrated Architecture for Future Car Generations

Contact Info

Product

Resources

About