TY - GEN
T1 - The system-level simplex architecture for improved real-time embedded system safety
AU - Bak, Stanley
AU - Chivukula, Deepti K.
AU - Adekunle, Olugbemiga
AU - Sun, Mu
AU - Caccamo, Marco
AU - Sha, Lui
PY - 2009
Y1 - 2009
N2 - Embedded systems in safety-critical environments demand safety guarantees while providing many useful services that are too complex to formally verify or fully test. Existing application-level fault-tolerance methods, even if formally verified, leave the system vulnerable to errors in the realtime operating system (RTOS), middleware, and microprocessor. We introduce the System-Level Simplex Architecture, which uses hardware/software co-design to provide failoperational guarantees for both logical application-level faults, as well as faults in previously dependent layers including the RTOS and microprocessor. We also provide an end-to-end design process for the System-Level Simplex Architecture where the AADL architecture description is automatically constructed and checked and the VHDL hardware code is generated. To show the efficacy of System-Level Simplex design, we apply the approach to both a classic inverted pendulum and a cardiac pacemaker. We perform fault-injection tests on the inverted pendulum design which demonstrate robustness in spite of software controller and operating system faults. For the pacemaker, we contrast the provided safety guarantees with those of a previous-generation pacemaker.
AB - Embedded systems in safety-critical environments demand safety guarantees while providing many useful services that are too complex to formally verify or fully test. Existing application-level fault-tolerance methods, even if formally verified, leave the system vulnerable to errors in the realtime operating system (RTOS), middleware, and microprocessor. We introduce the System-Level Simplex Architecture, which uses hardware/software co-design to provide failoperational guarantees for both logical application-level faults, as well as faults in previously dependent layers including the RTOS and microprocessor. We also provide an end-to-end design process for the System-Level Simplex Architecture where the AADL architecture description is automatically constructed and checked and the VHDL hardware code is generated. To show the efficacy of System-Level Simplex design, we apply the approach to both a classic inverted pendulum and a cardiac pacemaker. We perform fault-injection tests on the inverted pendulum design which demonstrate robustness in spite of software controller and operating system faults. For the pacemaker, we contrast the provided safety guarantees with those of a previous-generation pacemaker.
UR - http://www.scopus.com/inward/record.url?scp=67650239588&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67650239588&partnerID=8YFLogxK
U2 - 10.1109/RTAS.2009.20
DO - 10.1109/RTAS.2009.20
M3 - Conference contribution
AN - SCOPUS:67650239588
SN - 9780769536361
T3 - Proceedings of the IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS
SP - 99
EP - 107
BT - Proceedings - 15th IEEE Real-Time and Embedded Technology and Application Symposium, RTAS 2009
T2 - 15th IEEE Real-Time and Embedded Technology and Application Symposium, RTAS 2009
Y2 - 14 April 2009 through 16 April 2009
ER -