TY - GEN
T1 - Fail-Operational Automotive Software Design Using Agent-Based Graceful Degradation
AU - Weiss, Philipp
AU - Weichslgartner, Andreas
AU - Reimann, Felix
AU - Steinhorst, Sebastian
N1 - Publisher Copyright:
© 2020 EDAA.
PY - 2020/3
Y1 - 2020/3
N2 - Ensuring fail-operational behavior is critical to enable autonomous driving. With the absence of a driver as a fallback in a failure scenario it will not be sufficient to use state-of-the-art fail-safe approaches. Here, instead of costly hardware redundancy, graceful-degradation can be used by repurposing the allocated resources of non-critical applications for safety-critical applications. However, solving the mapping problem with a state-of-the-art design-time analysis leads to semi-static solutions, where the mapping is fixed and the task activation is chosen at run-time. Therefore, such solutions are unsuited for future automotive architectures that will be highly customizable and which will include frequent software updates. In this paper we introduce and analyze the effectiveness of an agent-based approach that finds application mappings at run-time, ensures the fail-operational behaviour of safety-critical applications by using graceful degradation, and reconfigures itself after ECU failures. Our results indicate that the number of tolerated ECU failures until a safety-critical application fails can be significantly improved without adding any redundant hardware resources.
AB - Ensuring fail-operational behavior is critical to enable autonomous driving. With the absence of a driver as a fallback in a failure scenario it will not be sufficient to use state-of-the-art fail-safe approaches. Here, instead of costly hardware redundancy, graceful-degradation can be used by repurposing the allocated resources of non-critical applications for safety-critical applications. However, solving the mapping problem with a state-of-the-art design-time analysis leads to semi-static solutions, where the mapping is fixed and the task activation is chosen at run-time. Therefore, such solutions are unsuited for future automotive architectures that will be highly customizable and which will include frequent software updates. In this paper we introduce and analyze the effectiveness of an agent-based approach that finds application mappings at run-time, ensures the fail-operational behaviour of safety-critical applications by using graceful degradation, and reconfigures itself after ECU failures. Our results indicate that the number of tolerated ECU failures until a safety-critical application fails can be significantly improved without adding any redundant hardware resources.
UR - https://www.scopus.com/pages/publications/85087429193
U2 - 10.23919/DATE48585.2020.9116322
DO - 10.23919/DATE48585.2020.9116322
M3 - Conference contribution
AN - SCOPUS:85087429193
T3 - Proceedings of the 2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020
SP - 1169
EP - 1174
BT - Proceedings of the 2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020
A2 - Di Natale, Giorgio
A2 - Bolchini, Cristiana
A2 - Vatajelu, Elena-Ioana
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020
Y2 - 9 March 2020 through 13 March 2020
ER -