Deployment Calculation and Analysis for a Fail-Operational Automotive Platform
This addresses safety and reliability challenges for automotive manufacturers and engineers, but appears incremental as it builds on existing fault-tolerant architectures.
The paper tackles the problem of ensuring fail-operational behavior for safety-critical software in automotive systems by introducing a formal model and deployment calculation method, enabling analysis of feature availability under resource constraints.
In domains like automotive, safety-critical features are increasingly realized by software. Some features might even require fail-operational behavior, so that they must be provided even in the presence of random hardware failures. A new fault-tolerant SW/HW architecture for electric vehicles provides inherent safety capabilities that enable fail-operational features. In this paper we introduce a formal model of this architecture and an approach to calculate valid deployments of mixed-critical software-components to the execution nodes, while ensuring fail-operational behavior of certain components. Calculated redeployments cover the cases in which faulty execution nodes have to be isolated. This allows to formally analyze which set of features can be provided under decreasing available execution resources.