TY - GEN
T1 - Worst-Case Failover Timing Analysis of Distributed Fail-Operational Automotive Applications
AU - Weiss, Philipp
AU - Elsabbahy, Sherif
AU - Wcichslgartner, Andreas
AU - Steinhorst, Sebastian
N1 - Publisher Copyright:
© 2021 EDAA.
PY - 2021/2/1
Y1 - 2021/2/1
N2 - Enabling fail-operational behavior of safety-critical software is essential to achieve autonomous driving. At the same time, automotive vendors have to regularly deliver over-the-air software updates. Here, the challenge is to enable a flexible and dynamic system behavior while offering, at the same time, a predictable and deterministic behavior of time-critical software. Thus, it is necessary to verify that timing constraints can be met even during failover scenarios. For this purpose, we present a formal analysis to derive the worst-case application failover time. Without such an automated worst-case failover timing analysis, it would not be possible to enable a dynamic behavior of safety-critical software within safe bounds. We support our formal analysis by conducting experiments on a hardware platform using a distributed fail-operational neural network. Our randomly generated worst-case results are as close as 6.0% below our analytically derived exact bound. Overall, our presented worst-case failover timing analysis allows to conduct an automated analysis at run-time to verify that the system operates within the bounds of the over timing constraint such that a dynamic and safe behavior of autonomous systems can be ensured.
AB - Enabling fail-operational behavior of safety-critical software is essential to achieve autonomous driving. At the same time, automotive vendors have to regularly deliver over-the-air software updates. Here, the challenge is to enable a flexible and dynamic system behavior while offering, at the same time, a predictable and deterministic behavior of time-critical software. Thus, it is necessary to verify that timing constraints can be met even during failover scenarios. For this purpose, we present a formal analysis to derive the worst-case application failover time. Without such an automated worst-case failover timing analysis, it would not be possible to enable a dynamic behavior of safety-critical software within safe bounds. We support our formal analysis by conducting experiments on a hardware platform using a distributed fail-operational neural network. Our randomly generated worst-case results are as close as 6.0% below our analytically derived exact bound. Overall, our presented worst-case failover timing analysis allows to conduct an automated analysis at run-time to verify that the system operates within the bounds of the over timing constraint such that a dynamic and safe behavior of autonomous systems can be ensured.
UR - http://www.scopus.com/inward/record.url?scp=85111037072&partnerID=8YFLogxK
U2 - 10.23919/DATE51398.2021.9473950
DO - 10.23919/DATE51398.2021.9473950
M3 - Conference contribution
AN - SCOPUS:85111037072
T3 - Proceedings -Design, Automation and Test in Europe, DATE
SP - 1294
EP - 1299
BT - Proceedings of the 2021 Design, Automation and Test in Europe, DATE 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 Design, Automation and Test in Europe Conference and Exhibition, DATE 2021
Y2 - 1 February 2021 through 5 February 2021
ER -