Non-Intrusive System Level Fault-Tolerance
Author(s)
Lundqvist, Kristina; Srinivasan, Jayakanth; Gorelov, Sébastien
DownloadCP_050620_Lunquist,Srinivasan,Gorelov_AEICRST.pdf (121.0Kb)
Terms of use
Metadata
Show full item recordAbstract
High-integrity embedded systems operate in multiple modes, in order
to ensure system availability in the face of faults. Unanticipated state-dependent
faults that remain in software after system design and development behave like
hardware transient faults: they appear, do the damage and disappear. The
conventional approach used for handling task overruns caused by transient
faults is to use a single recovery task that implements minimal functionality.
This approach provides limited availability and should be used as a last resort in
order to keep the system online. Traditional fault detection approaches are often
intrusive in that they consume processor resources in order to monitor system
behavior. This paper presents a novel approach for fault-monitoring by
leveraging the Ravenscar profile, model-checking and a system-on-chip
implementation of both the kernel and an execution time monitor. System fault-tolerance
is provided through a hierarchical set of operational modes that are
based on timing behavior violations of individual tasks within the application.
The approach is illustrated through a simple case study of a generic navigation
system.
Date issued
2005-06-20Keywords
embedded systems, faults, Ravenscar
Collections
The following license files are associated with this item: