Handling mixed-criticality in SoC-based real-time embedded systems
EMSOFT '09 Proceedings of the seventh ACM international conference on Embedded software
A systematic review of software robustness
Information and Software Technology
Proceedings of the 2nd ACM international conference on High confidence networked systems
Architecture of a cyberphysical avatar
Proceedings of the ACM/IEEE 4th International Conference on Cyber-Physical Systems
| Hi-index | 0.00 |
Embedded systems in safety-critical environments demand safety guarantees while providing many useful services that are too complex to formally verify or fully test. Existing application-level fault-tolerance methods, even if formally verified, leave the system vulnerable to errors in the real-time operating system (RTOS), middleware, and microprocessor. We introduce the System-Level Simplex Architecture, which uses hardware/software co-design to provide fail-operational guarantees for both logical application-level faults, as well as faults in previously dependent layers including the RTOS and microprocessor. We also provide an end-to-end design process for the System-Level Simplex Architecture where the AADL architecture description is automatically constructed and checked and the VHDL hardware code is generated.To show the efficacy of System-Level Simplex design, we apply the approach to both a classic inverted pendulum and a cardiac pacemaker. We perform fault-injection tests on the inverted pendulum design which demonstrate robustness in spite of software controller and operating system faults. For the pacemaker, we contrast the provided safety guarantees with those of a previous-generation pacemaker.