This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
The Fault Assumptions in Distributed Integrated Architectures
Technical Paper
2007-01-3798
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
Distributed integrated architectures in the automotive and avionic domain result in hardware cost reduction, dependability improvements, and improved coordination between application subsystems compared to federated systems. In order to support safety-critical application subsystems, a distributed integrated architecture needs to support fault-tolerance strategies that enable the continued operation of the system in the presence of failures. The basis for the implementation and validation of fault-tolerance strategies are realistic fault assumptions, which are captured in a fault hypothesis. This paper describes a fault hypothesis for distributed integrated architectures, which takes into account the sharing of the communication and computational resources of a single distributed computer system among multiple application subsystems. Each node computer serves for the execution of multiple jobs. In analogy, the communication network interconnecting the node computers has to support message exchanges of more than one application subsystem. Using a generic system model of a distributed integrated architecture, we argue in favor of a differentiation of fault containment regions for hardware and software faults. Based on these fault containment regions, we discuss the failure modes, the failure rates, the maximum number of failures, and the recovery intervals. In particular, the fault hypothesis describes the assumptions concerning the respective frequencies of transient and permanent failures in consideration of recent semiconductor trends.
Recommended Content
Topic
Citation
Obermaisser, R. and Peti, P., "The Fault Assumptions in Distributed Integrated Architectures," SAE Technical Paper 2007-01-3798, 2007, https://doi.org/10.4271/2007-01-3798.Also In
Aerospace Safety- Design, Maintenance/Operations, and Safety/Security
Number: SP-2141; Published: 2007-09-17
Number: SP-2141; Published: 2007-09-17
References
- Kopetz H. Real-Time Systems, Design Principles for Distributed Embedded Applications Kluwer Academic Publishers Boston, Dordrecht, London 1997
- Butler R.W. Caldwell J.L. Di Vito B.L. Design strategy for a formally verified reliable computing platform Proc. of the 6th Annual Conference on Systems Integrity, Software Safety and Process Security 125 133 June 1991
- Bishop P.G. Bloomfield R.E. A methodology for safety case development Proc. of the Safety-critical Systems Symposium Birmingham, UK February 1998
- Kopetz H. The fault hypothesis for the time-triggered architecture Proc. of the IFIP World Computer Congress 2004
- Powell D. Failure mode assumptions and assumption coverage Proc. of the 22nd IEEE Annual Int. Symposium on Fault-Tolerant Computing (FTCS- 22) 386 395 Boston, USA July 1992
- Obermaisser R. Peti P. Huber B. El Salloum C. DECOS: An integrated time-triggered architecture. e&i journal (journal of the Austrian professional institution for electrical and information engineering) 3 83 95 March 2006 http://www.springerlink.com
- Aeronautical Radio, Inc. 2551 Riva Road, Annapolis, Maryland 21401 ARINC Specification 651: Design Guide for Integrated Modular Avionics November 1991
- AUTOSAR GbR AUTOSAR - Technical Overview V2.0.1 June 2006
- Bouyssounouse B. Sifakis J. Embedded Systems Design Springer Verlag 2005
- Giusto P. Ferrari A. Lavagno L. Brunel J.-Y. Fourgeau E. Sangiovanni-Vincentelli A. Automotive virtual integration platforms: why's, what's, and how's Proc. of the IEEE Int. Conference on Computer Design: VLSI in Computers and Processors 370 378 September 2002
- Rushby J. Modular certification Computer Science Laboratory SRI International 333 Ravenswood Avenue, Menlo Park, USA 2001
- Simon H.A. The Sciences of the Artificial MIT Press 1996
- Sifakis J. A framework for component-based construction Proc. of 3rd IEEE Int. Conference on Software Engineering and Formal Methods (SEFM05) 293 300 September 2005
- Kopetz H. Obermaisser R. Temporal composability Computing & Control Engineering Journal 13 156 162 August 2002
- Short M. Pont M.J. Hardware in the loop simulation of embedded automotive control system Proc. of the 8th Int. IEEE Conference on Intelligent Transportation Systems 426 431 Vienna, Austria September 2005
- Heinecke H. Schnelle K.-P. Fennel H. Bortolazzi J. Lundh L. Leflour J. Mat´ e J.-L. Nishikawa K. Scharnhorst T. AUTomotive Open System ARchitecture - An Industry-Wide Initiative to Manage the Complexity of Emerging Automotive E/E-Architectures Proceedings of the Convergence Int. Congress & Exposition On Transportation Electronics Detroit, MI, USA October 2004 SAE 2004-21-0042
- Scharnhorst Th. Heinecke H. Schnelle K.-P. Fennel H. Bortolazzi J. Lundh L. Heitk¨amper P. Leflour J. Mate J.-L. Nishikawa K. AUTOSAR - challenges and achievements 2005 VDI Berichte 1907. Verein Deutscher Ingenieure 2005
- Bachmann F. Bass L. Buhman C. Comella-Dorda S. Technical concepts of component-based software engineering Pittsburgh May 2000
- Szyperski C. Component Software: Beyond Object- Oriented Programming ACM Press and Addison-Wesley New York, NY 1998
- Brown A. W. Wallnau K. C. The current state of CBSE IEEE Software 15 5 37 46 October 1998
- Heitzer H.D. Development of a fault-tolerant steer-by-wire steering system Auto Technology 4 56 60 April 2003
- Obermaisser R. Peti P. Tagliabo F. An integrated architecture for future car generations Real-Time Systems Journal Springer Netherlands 0922-6443 April 2007
- Rushby J. Partitioning for avionics architectures: Requirements, mechanisms, and assurance NASA Langley Research Center June 1999
- Stallings W. Operating Systems: Internals and Design Principles Prentice Hall 4th September 2000
- Huber B. Peti P. Obermaisser R. El Salloum C. Using RTAI/LXRT for partitioning in a prototype implementation of the DECOS architecture Proc. of the Third Int. Workshop on Intelligent Solutions in Embedded Systems May 2005
- Kopetz H. Specification of the TTP/C Protocol TTTech Schönbrunner Straße 7, A-1040 Vienna July 1999 http://www.ttpforum.org
- FlexRay Consortium BMW AG, DaimlerChrysler AG, General Motors Corporation, Freescale GmbH, Philips GmbH, Robert Bosch GmbH, and Volkswagen AG FlexRay Communications System Protocol Specification Version 2.1 May 2005
- Hoyme K. Driscoll K. SAFEbus IEEE Aerospace and Electronic Systems Magazine 8 34 39 March 1993
- Rushby J. Bus architectures for safety-critical embedded systems Henzinger Tom Kirsch Christoph Proc. of the First Workshop on Embedded Software (EMSOFT 2001) 2211 Lecture Notes in Computer Science 306 323 Lake Tahoe, CA October 2001 Springer-Verlag
- Kinnan L. Wlad J. Rogers P. Porting applications to an ARINC 653 compliant IMA platform using VxWorks as an example Proc. of the 23rd Digital Avionics Systems Conference 2 10 October 2004
- Aeronautical Radio, Inc. 2551 Riva Road, Annapolis, Maryland 21401 ARINC Specification 653-1 (Draft 3): Avionics Application Software Standard Interface July 2003
- Subbarao A. The technology behind LynxOS v4.0's Linux ABI compatibility June 2002
- Obermaisser R. Peti P. Kopetz H. Virtual networks in an integrated time-triggered architecture Proc. of the 10th IEEE Int. Workshop on Object-oriented Real-time Dependable Systems (WORDS2005) 241 253 Sedona, Arizona February 2005
- LIN Consortium LIN Specification Package Revision 2.0 September 2003
- Rolina T. Past, present, and future of real-time embedded automotive software: A close look at basic concepts of AUTOSAR Proc. of SAE World Congress Detroit, Michigan April 2006
- Witwer B. Systems integration of the 777 airplane information management system (aims) IEEE Aerospace and Electronic Systems Magazine 11 4 17 21 April 1996
- Aeronautical Radio, Inc. 2551 Riva Road, Annapolis, Maryland 21401 ARINC Specification 653: Avionics Application Software Standard Interface, Part 1 - Required Services March 2006
- Aeronautical Radio, Inc. 2551 Riva Road, Annapolis, Maryland 21401 ARINC Specification 429: Digital Information Transfer System November 2001
- Aeronautical Radio, Inc. 2551 Riva Road, Annapolis, Maryland 21401 ARINC Specification 664 (Draft): Aircraft Data Network Part 7 - Deterministic Networks May 2003
- Aeronautical Radio, Inc. 2551 Riva Road, Annapolis, Maryland 21401 ARINC Specification 629: Multi Transmitter Data Bus - Part 1: Technical Description November 1991
- Aeronautical Radio, Inc. 2551 Riva Road, Annapolis, Maryland 21401 ARINC Specification 659: Back-plane Data Bus December 1993
- Peti P. Obermaisser R. A diagnostic framework for integrated time-triggered architectures Proc. of the 9th IEEE Int. Symposium on Object-oriented Real-time distributed Computing April 2006
- Obermaisser R. Peti P. Specification and execution of gateways in integrated architectures Proc. of the 10th IEEE Int. Conference on Emerging Technologies and Factory Automation (ETFA) Catania, Italy September 2005 IEEE
- TTTech Computertechnik AG Schönbrunner Strasse 7, Vienna, Austria Time-Triggered Protocol TTP/C - High Level Specification Document July 2002
- FlexRay Consortium FlexRay Communications System Protocol Specification Version 2.1 May 2005
- Lala J.H. Harper R.E. Architectural principles for safety-critical real-time applications Proc. of the IEEE 82 25 40 January 1994
- Ademaj A. Assessment of Error Detection Mechanisms of the Time-Triggered Architecture Using Fault Injection Technische Universit ¨ at Wien, Institut für Technische Informatik, Treitlstr 1040 Vienna, Austria 2003
- Kopetz H. Bauer G. The time-triggered architecture IEEE Special Issue on Modeling and Design of Embedded Software January 2003
- Bauer G. Kopetz H. Steiner W. The central guardian approach to enforce fault isolation in a time-triggered system Proc. of the 6th Int. Symposium on Autonomous Decentralized Systems (ISADS 2003) 37 44 Pisa, Italy April 2003
- Avizienis A. Laprie J.C. Randell B. Fundamental concepts of dependability Toulouse, France April 2001
- Randell B. Lee P. Treleaven P. C. Reliability issues in computing system design ACM Computing Surveys 10 2 123 165 1978
- Avizienis A. Fault-tolerance and fault-intolerance: Complementary approaches to reliable computing Proc. of the Int. conference on Reliable software 458 464 1975
- Lee P.A. Anderson T. Fault Tolerance Principles and Practice 3 Dependable Computing and Fault-Tolerant Systems Springer Verlag 1990
- Schneider F.B. Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Comput. Surv. 22 4 299 319 1990
- Cristian F. Understanding fault-tolerant distributed systems Communications of the ACM 34 2 56 78 1991
- Lamport L. Shostak R. Pease M. The byzantine generals problem ACM Transactions on Programming Languages and Systems (TOPLAS) 4 3 382 401 1982
- Kopetz H. Fault containment and error detection in the time-triggered architecture Proc. of the Sixth Int. Symposium on Autonomous Decentralized Systems April 2003
- Robert Bosch Gmbh Stuttgart, Germany CAN Specification, Version 2.0 1991
- Rushby J. A comparison of bus architectures for safety-critical embedded systems Computer Science Laboratory, SRI International September 2001
- Coulouris G. Dollimore J. Kindberg T. Distributed Systems: Concepts and Design Int. Computer Science Series Addison-Wesley Reading, MA, USA second 1994
- Karlsson J. Folkesson P. Arlat J. Crouzet Y. Leber G. Integration and comparison of three physical fault injection techniques Randell B. Laprie J. Kopetz H. Littlewood B. Predictably Dependable Computing Systems 309 327 Springer Verlag 1995
- FlexRay Consortium BMW AG, DaimlerChrysler AG, General Motors Corporation, Freescale GmbH, Philips GmbH, Robert Bosch GmbH, and Volkswagen AG FlexRay Requirements Specification Version 2.1 December 2005
- Ramakrishnan A. The Avionics Handbook, chapter Electronic Hardware Reliability CRC Press LCC 2001
- Pecht M. Electronic reliability engineering in the 21st century Proc. of 2001 Int. Symposium on Electronic Materials and Packaging 1 7 IEEE 2001
- Pecht M. Ramappan V. Are components still the major problem: a review of electronic system and device field failure returns IEEE Transactions on Components, Hybrids, and Manufacturing Technology 15 6 1160 1164 December 1992
- Constantinescu C. Impact of deep submicron technology on dependability of VLSI circuits Proc. of the Int. Conference on Dependable Systems and Networks 205 209 IEEE 2002
- Lev L. Chao P. Down to the wire Cadence Design Systems, Inc. San Jose, CA, USA 2002
- Baumann R. Soft errors in advanced computer systems IEEE Design & Test of Computers 22 3 258 266 May 2005
- Mukherjee S.S. Emer J. Reinhardt S.K. The soft error problem: an architectural perspective Proc. of the 11th Int. Symposium on High- Performance Computer Architecture 243 247 February 2005
- Nguyen H.T. Yagil Y. Seifert N. Reitsma M. Chip-level soft error estimation method IEEE Transactions on Device and Materials Reliability 5 3 365 381 September 2005
- Bossen D.C. CMOS soft errors and server design IEEE 2002 Reliability Physics Tutorial Notes, Reliability Fundamentals April 2002
- Normand E. Single-event effects in avionics IEEE Transactions on Nuclear Science 43 2 461 474 April 1996
- Normand E. Single event upset at ground level IEEE Transactions on Nuclear Science 43 6 2742 2750 December 1996
- Alfke P. Lesea A. A thousand years between single-event upset failures XILINX 2003
- Kaufman L. Bhide S. Johnson B. Modeling of common-mode failures in digital embedded systems Proc. of the Reliability and Maintainability Symposium 350 357 Los Angeles, CA, USA 2000 IEEE Press
- Yeh Y.C. Design considerations in Boeing 777 fly-bywire computers Proc. of the 3rd IEEE Int. High-Assurance Systems Engineering Symposium 64 72 November 1998
- Briere D. Traverse P. AIRBUS A320/A330/A340 electrical flight controls - a family of fault-tolerant systems Proc. of the Twenty-Third Int. Symposium on Fault-Tolerant Computing 616 623 June 1993
- Pauli B. Meyna A. Heitmann P. Reliability of electronic components and control units in motor vehicle applications VDI Berichte 1415, Electronic Systems for Vehicles 1009 1024 Verein Deutscher Ingenieure 1998
- Heiner G. Thurner T. Time-triggered architecture for safety-related distributed real-time systems in transportation systems Proc. of the Twenty-Eighth Annual Int. Symposium on Fault-Tolerant Computing 402 407 June 1998
- US Department of Transportation Federal Aviation Administration System design and analysis 1988
- Int. Standardization Organisation Road vehicles - Electrical disturbances from conduction and coupling 1995
- Johnson S.C. Butler R.W. Design for validation IEEE Aerospace and Electronic Systems Magazine 7 1 38 43 January 1992
- Liedtke J. On micro-kernel construction SOSP '95: Proc. of the fifteenth ACM symposium on Operating systems principles 237 250 New York, NY, USA 1995 ACM Press
- Avizienis A. Lyu M. Schutz W. In search of effective diversity: A six-language study of faulttolerant flight control software The Eighteenth Int. Symposiun on Fault Tolerant Computing 15 22 1988
- Littlewood B. Popov P. Strigini L. Modeling software design diversity: a review ACM Comput. Surv. 33 2 177 208 2001
- IEC: Int. Electrotechnical Commission IEC 61508-1: General Requirments 1998
- Smith D.J. Simpson K.G. Funcational Safety Elsevier second 2004
- IEC: Int. Electrotechnical Commission IEC 61508-7: Functional Safety of Electrical/ Electronic/Programmable Electronic Safety- Related Systems - Part 7: Overview of Techniques and Measures 1999
- Berry G. The foundations of Esterel Proof, Language and Interaction: Essays in Honour of Robin Milner 2000
- Dion B. Correct-by-construction methods for the development of safety-critical applications SAE 2004 World Congress & Exhibition Detroit, MI, USA March 2004 SAE