Search Results

A design method for ultra-dependable control-by-wire systems is presented here. With a top-down approach, exploiting the system's intrinsic redundancy combined with a scalable software redundancy, it is possible to meet dependability requirements cost-effectively. The method starts with the system's functions, which are broken down to the basic elements; task, sensor or actuator. A task graph shows the basic elements interrelationships. Sensor and actuator nodes form a non-redundant hardware architecture. The functional task-graph gives input when allocating software on the node architecture. Tasks are allocated to achieve low inter-node communication and transient fault tolerance using scalable software redundancy. Hardware is added to meet the dependability requirements. Finally, the method describes fault handling and bus scheduling. The proposed method has been used in two cases; a fly-by-wire aircraft and a drive-by-wire car.

This paper describes results from fault injection experiments using heavy ions in the time-triggered communication protocol for safety critical distributed systems (TTP/C, C1 implementation). The observed results show that arbitrary faults in one erroneous node could cause inconsistencies in the cluster and thus jeopardize correctly working nodes and the whole communication system. The described inconsistencies resulted from either asymmetric value faults or slightly out of specification timing faults. This system behavior can be partly explained by too strict constraints on the fault handling algorithms using the membership agreement protocol.