Formal analysis of feature degradation in fault-tolerant automotive systems

Abstract Safety critical fault-tolerant embedded systems have to react properly on failures of internal system elements to avoid failure propagation and finally a harmful external failure at the system boundary. Beside failure detection, actions for failure handling are essential to cover safety requirements. Actions reach from enabling fail-silent, fail-safe or fail-operational behavior of system elements, or also hybrids of this in a mixed criticality system design. Graceful degradation can be applied when system resources become insufficient, reducing the set of provided functional features. In this paper, we address mixed criticality and mixed reliability automotive systems. We consider mixed reliability by functional features having different fail-operational requirements. Beside pure fail-operational features, we also consider degradations of functional features, called fail-degraded features. We describe a formal system model that contains, i.a., the functional features of a vehicle, possible feature degradations, software components that realize the features, as well as the deployment of software components to execution units. We provide a structural analysis of the level of degradation on system level and feature level, which is required in scenarios of failing execution units and/or software components. Combined with this analysis, we synthesize valid deployments of software components to execution units, incorporating an adequate level of redundancy to meet the fail-operational requirements, if feasible. We apply our approach to a constructed automotive example.

[1]  Clemens A. Szyperski,et al.  Component software - beyond object-oriented programming , 2002 .

[2]  Bernhard Schätz,et al.  A Formal Model for Constraint-Based Deployment Calculation and Analysis for Fault-Tolerant Systems , 2014, SEFM.

[3]  Uwe Baumgarten,et al.  Self-Configuration of Vehicle Systems – Algorithms and Simulation , 2007 .

[4]  Paul Emberson,et al.  Searching for flexible solutions to task allocation problems , 2009 .

[5]  Matthias Meyer,et al.  Viewpoints and Views in Hardware Platform Modeling for Safe Deployment , 2014, VAO '14.

[6]  Petru Eles,et al.  Design Optimization of Time- and Cost-Constrained Fault-Tolerant Embedded Systems With Checkpointing and Replication , 2009, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[7]  Christian Prehofer,et al.  Modeling and efficient solving of extra-functional properties for adaptation in networked embedded real-time systems , 2013, J. Syst. Archit..

[8]  Walter Binder,et al.  A Graph-based Approach for Deploying Component-based Applications into Channel-based Distributed Environments , 2011, J. Softw..

[9]  Charles P. Shelton,et al.  Using Architectural Properties to Model and Measure Graceful Degradation , 2002, WADS.

[10]  Charles P. Shelton,et al.  A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems , 2003, Proceedings of the Eighth International Workshop on Object-Oriented Real-Time Dependable Systems, 2003. (WORDS 2003)..

[11]  Lei Feng,et al.  Self configuration of dependent tasks for dynamically reconfigurable automotive embedded systems , 2008, 2008 47th IEEE Conference on Decision and Control.

[12]  Charles P. Shelton,et al.  Scalable graceful degradation for distributed embedded systems , 2003 .

[13]  Alan Burns,et al.  Allocating hard real-time tasks: An NP-Hard problem made easy , 1992, Real-Time Systems.

[14]  J.M. Schlesselman,et al.  OMG data-distribution service (DDS): architectural update , 2004, IEEE MILCOM 2004. Military Communications Conference, 2004..

[15]  Iain Bate,et al.  Extending a Task Allocation Algorithm for Graceful Degradation of Real-Time Distributed Embedded Systems , 2008, 2008 Real-Time Systems Symposium.

[16]  Stephan Sommer,et al.  Component-based modeling and integration of automotive application architectures , 2014, 2014 IEEE International Electric Vehicle Conference (IEVC).

[17]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[18]  Nikolaj Bjørner,et al.  νZ - An Optimizing SMT Solver , 2015, TACAS.

[19]  Nikolaj Bjørner,et al.  νZ - Maximal Satisfaction with Z3 , 2014, SCSS.

[20]  Gabriel A. Moreno,et al.  Packaging Predictable Assembly , 2002, Component Deployment.

[21]  Morgan Quigley,et al.  ROS: an open-source Robot Operating System , 2009, ICRA 2009.

[22]  Martin Lukasiewycz,et al.  Incorporating graceful degradation into embedded system design , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[23]  Rushby John,et al.  Partitioning in Avionics Architectures: Requirements, Mechanisms, and Assurance , 1999 .

[24]  Filip De Turck,et al.  Automated Deployment of Distributed Software Components with Fault Tolerance Guarantees , 2008, 2008 Sixth International Conference on Software Engineering Research, Management and Applications.

[25]  Anne-Marie Kermarrec,et al.  The many faces of publish/subscribe , 2003, CSUR.

[26]  Sebastian Voss,et al.  Analyzing Graceful Degradation for Mixed Critical Fault-Tolerant Real-Time Systems , 2015, 2015 IEEE 18th International Symposium on Real-Time Distributed Computing.

[27]  Bernhard Schätz,et al.  Deployment and Scheduling Synthesis for Mixed-Critical Shared-Memory Applications , 2013, 2013 20th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS).

[28]  Titos Saridakis Design Patterns for Graceful Degradation , 2009, Trans. Pattern Lang. Program..

[29]  Sebastian Voss,et al.  A Formal Model and Analysis of Feature Degradation in Fault-Tolerant Systems , 2015, FTSCS.

[30]  Bernhard Schätz,et al.  Deployment Calculation and Analysis for a Fail-Operational Automotive Platform , 2014, ArXiv.

[31]  Michael Armbruster,et al.  Ethernet-Based and Function-Independent Vehicle Control-Platform: Motivation, Idea and Technical Concept Fulfilling Quantitative Safety-Requirements from ISO 26262 , 2012 .

[32]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[33]  Ludger Fiege,et al.  RACE RTE: A Runtime Environment for Robust Fault-Tolerant Vehicle Functions , 2015, EDCC 2015.

[34]  Kung-Kiu Lau,et al.  Software Component Models , 2007, IEEE Trans. Software Eng..

[35]  Kazuhiro Izui,et al.  Multilevel Redundancy Allocation Optimization Using Hierarchical Genetic Algorithm , 2008, IEEE Transactions on Reliability.

[36]  Pierre Verbaeten,et al.  A Description Language For Composable Components , 2003, FASE.

[37]  Uwe Brinkschulte,et al.  An Artificial Hormone System for Self-Organizing Real-Time Task Allocation in Organic Middleware , 2008, Organic Computing.

[38]  Michael Armbruster,et al.  RACE: A Centralized Platform Computer Based Architecture for Automotive Applications , 2013, 2013 IEEE International Electric Vehicle Conference (IEVC).

[39]  Brian Randell,et al.  Reliability Issues in Computing System Design , 1978, CSUR.

[40]  Dulcinéia Oliveira da Penha,et al.  Pattern-Based Approach for Designing Fail-Operational Safety-Critical Embedded Systems , 2015, 2015 IEEE 13th International Conference on Embedded and Ubiquitous Computing.

[41]  Richard N. Taylor,et al.  Software architecture: foundations, theory, and practice , 2009, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[42]  Alois Knoll,et al.  CHROMOSOME: a run-time environment for plug & play-capable embedded real-time systems , 2014, SIGBED.

[43]  N. E. Wu,et al.  Concepts and methods in fault-tolerant control , 2001, Proceedings of the 2001 American Control Conference. (Cat. No.01CH37148).

[44]  Stefan Kugele,et al.  Model-based optimization of automotive E/E-architectures , 2014, CSTVA 2014.

[45]  Alberto L. Sangiovanni-Vincentelli,et al.  Fault-Tolerant Distributed Deployment of Embedded Control Software , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[46]  Christian Haubelt,et al.  Concepts for Self-Adaptive and Self-Healing Networked Embedded Systems , 2008, Organic Computing.

[47]  Alberto Griggio,et al.  Computing Small Unsatisfiable Cores in Satisfiability Modulo Theories , 2014, J. Artif. Intell. Res..

[48]  Mass Soldal Lund,et al.  A Conceptual Model for Service Availability , 2006, Quality of Protection.

[49]  Marc Zeller,et al.  Automated failure propagation using inner port dependency traces , 2015, 2015 11th International ACM SIGSOFT Conference on Quality of Software Architectures (QoSA).

[50]  Peter Liggesmeyer,et al.  Safety-Focused Deployment Optimization in Open Integrated Architectures , 2012, SAFECOMP.

[51]  Jörg Holtmann,et al.  Designing Self-healing in Automotive Systems , 2010, ATC.