Deployment Calculation and Analysis for a Fail-Operational Automotive Platform

TL;DR

This paper presents a formal model and deployment calculation method for a fault-tolerant automotive architecture, enabling fail-operational features despite hardware failures, thus enhancing safety in electric vehicles.

Contribution

It introduces a formal model and deployment approach for a new fault-tolerant architecture supporting fail-operational automotive features.

Findings

Validated deployment calculations for fault scenarios

Ensured fail-operational behavior under hardware failures

Analyzed feature availability with resource reduction

Abstract

In domains like automotive, safety-critical features are increasingly realized by software. Some features might even require fail-operational behavior, so that they must be provided even in the presence of random hardware failures. A new fault-tolerant SW/HW architecture for electric vehicles provides inherent safety capabilities that enable fail-operational features. In this paper we introduce a formal model of this architecture and an approach to calculate valid deployments of mixed-critical software-components to the execution nodes, while ensuring fail-operational behavior of certain components. Calculated redeployments cover the cases in which faulty execution nodes have to be isolated. This allows to formally analyze which set of features can be provided under decreasing available execution resources.