This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Towards Fail-Operational Systems on Controller Level Using Heterogeneous Multicore SoC Architectures and Hardware Support
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 03, 2018 by SAE International in United States
This content contains downloadable datasetsAnnotation ability available
In recent automotive systems, more and more applications are classified as safety related and hence are assigned an automotive safety integrity level (ASIL) according to ISO26262. Especially in the context of advanced driver assistance systems (ADAS) and automated driving, safety, reliability and availability requirements are ever increasing. In upcoming systems, a classical fail-safe design will not be sufficient in order to fulfill these requirements, and hence fail-operational systems will be essential. This holds especially true when it comes to automated driving levels 4 and 5. On the other hand, well-known approaches from the avionics industry are ill-suited for the use in automotive systems due to space, weight and power (SWAP) restrictions. This motivates the research on new, lightweight approaches for embedded fail-operational systems. In this contribution, an approach that allows for dynamic migration of safety functions at runtime from an application system to a stand-by fallback system is presented and evaluated. The concept claims to be a fail-operational architecture on controller-level, not dealing with the integration in the whole (sub-) system context. It makes use of a heterogeneous multicore architecture with reconfigurable logic as well as lock-step cores for a proof of concept and a prototypical implementation. In response to detected faults within the application cores, a switch to a safety back-up system is triggered and the system state is handed over. It is shown that the approach is working with low overhead in software and is transparent for the software developer. Finally, the needed latencies for the switchover to the fallback system are examined and presented.
|Journal Article||An Adaptive Software Architecture for Future CMS|
|Technical Paper||System Architecture Driven Software Design Analysis Methodology and Toolset|
|Aerospace Standard||Generic Open Architecture (GOA) Framework|
CitationBapp, F., Dörr, T., Sandmann, T., Schade, F. et al., "Towards Fail-Operational Systems on Controller Level Using Heterogeneous Multicore SoC Architectures and Hardware Support," SAE Technical Paper 2018-01-1072, 2018, https://doi.org/10.4271/2018-01-1072.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
|[Unnamed Dataset 2]|
|[Unnamed Dataset 3]|
|[Unnamed Dataset 4]|
- International Standardization Organization , “ISO 26262 Road Vehicles - Functional Safety,” Part 1 - 10, 11, 2011.
- Infineon AG, “AURIX Family TC27xT”.
- NXP, “MPC5777M Microcontrollers, Ultra-Reliable MCUs Built on Power Architecture® Technology,” Fact Sheet, 2014.
- Infineon AG, “Highly Integrated and Performance Optimized, 32 Bit Microcontrollers for Automotive and Industrial Applications,” 02/2014.
- Sander, O.,Bapp, F.,Sandmann, T.,Duy, V., V. et al. , “Architectural Measures against Radiation Effects in Multicore SoC for Safety Critical Applications,” Circuits and Systems (MWSCAS), 2014.
- Mariani, R.,Fuhrmann, P. und Vittorelli, B. , “Fault-Robust Microcontrollers for Automotive Applications,” On-Line Testing Symposium IOLTS, 2006.
- Baleani, M.,Ferrari, A.,Mangeruca, L. und Sangiovanni-Vincentelli, A. , “Fault-tolerant Platforms for Automotive Safety-critical Applications,” International Conference on Compilers, Architecture and Synthesis for Embedded Systems CASES, 2003.
- Flühr, H. , “Avionik und Flugsicherung - Einführung in Kommuniukationstechnik, Navigation, Surveillance, Graz,” (Springer-Verlag, Berlin Heidelberg, 2012).
- Bak, S.,Chivukula, D. K.,Adekunle, O.,Sun, M.,Caccamo, M. und Sha, L. , “The System-Level Simplex Architecture for Improved Real-Time Embedded System Safety,” in 2009 15th IEEE Real-Time and Embedded Technology and Applications Symposium, San Francisco, 2009.
- Braun, J. andMottok, J. , “Fail-Safe and Fail-Operational Systems Safeguarded with Coded Processing,” EuroCon Zagreb, 2013.
- Mariani, R.,Kuschel, T. und Shigehara, H. , “A Flexible Architecture for Fail-Safe and Fail-Operational Systems,” HiPEAC Workshop on Design for Reliability, 2010.
- Temple, C. andVilela, A. , “Fehlertolerante Systeme im Fahrzeug - Von Fail Safe zu Fail Operational,” Eliktroniknet, 2014.
- Ghadhab, M.,Kuntz, M.,Kuvaiskii, D. und C. Fetzer , “A Controller Safety Concept Based on Software-Implemented Fault Tolerance for Fail-Operational Automotive Applications,“ in Formal Techniques for Safety-Critical Systems, FTSCS Paris, 2015.
- Kohn, A.,Käsmeyer, M.,Schneider, R.,Roger, A.,Stellwag, C. und Herkersdorf, A. , “Fail-Operational in Safety-Related Automotive Multicore Systems,” International Symposium on Industrial Embedded Systems, 2015.
- Sinha, P. , “Architectural Design and Reliability Analysis of a Fail-Operational Brake-by-Wire System from ISO 26262 Perspectives,” Reliability Engineering and System Safety, 2011.
- Kohn, A.,Schneider, R.,Vilela, A.,Dannebaum, U. und Herkersdorf, A. , “Markov Chain-based Reliability Analysis for Automotive Fail-Operational Systems,” SAE World Congress, Detroit, 2016, doi: 10.4271/2017-01-0052.
- Xilinx Inc. , “Zynq UltraScale+ MPSoC Technical Reference Manual UG1085 (v1.5),” 2017.
- Xilinx Inc. , “Zynq UltraScale+ MPSoC Data Sheet: Overview,” 2017.
- Xilinx Inc. , “Using the MicroBlaze Processor to Accelerate Cost-Sensitive Embedded System Development - White paper,” 2016.
- Trawczynski, D.,Zalewski, J. und J. Sosnowski , “Design of Reactive Security Mechanisms in Time-Triggered Embedded Systems,” SAE International Journal on Passenger Cars , 527-535, 2014, doi: 10.4271/2014-01-0341.
- Sosnowski, J. , “Transient Fault Tolerance in Digital Systems,” IEEE Micro 2:24-35, 1994.
- Bapp, F. K.,Sander, O.,Sandmann, T.,Duy, V. V.,Baehr, S. und Becker, J. , “Adapting Commercial Off-The-Shelf Multicore Processors for Safety-Related Automotive Systems Using Online Monitoring,” in SAE 2015 World Congress & Exhibition, Detroit, 2015, doi: 10.4271/2015-01-0280.