Ricardo Bonna
Advanced Computing, Control & Embedded Systems Lab, University of Campinas – UNICAMP, Campinas, SP, Brazil
Denis S. Loubach
Department of Computer Systems, Computer Science Division, Aeronautics Institute of Technology – ITA, São José dos Campos, SP, Brazil
Ingo Sander
Division of Electronics/School of EECS, KTH Royal Institute of Technology, SE-164 40, Kista, Sweden
Ingemar Söderquist
Business Area Aeronautics, Saab AB, Linköping, Sweden
Download article
http://dx.doi.org/10.3384/ecp19162016Published in: FT2019. Proceedings of the 10th Aerospace Technology Congress, October 8-9, 2019, Stockholm, Sweden
Linköping Electronic Conference Proceedings 162:16, p. 145-151
Published: 2019-10-23
ISBN: 978-91-7519-006-8
ISSN: 1650-3686 (print), 1650-3740 (online)
Runtime reconfiguration is one promising way to mitigate for increased failure rate and thereby it fulfills safety requirements needed for future safety-critical avionics systems. In case of a hardware fault, the system is able, during runtime, to automatically detect such fault and redirect the functionality from the defective module to a new safe reconfigured module, thus minimizing the effects of hardware faults. This paper introduces a high level abstraction architecture for safety-critical systems with runtime reconfiguration using the triple modular redundancy and the synchronous model of computation. A modeling strategy to be used in the design phase supported by formal models of computation is also addressed in the paper. The triple modular redundancy technique is used for detecting faults where, in case of inconsistency in one of the three processors caused by a fault, a new processor is reconfigured based on a software or hardware reconfiguration, and it assumes the tasks of the faulty processor. The introduced strategy considers that no other fault occurs during the reconfiguration of a new processor.
safety-critical systems, triple modular redundancy, runtime reconfiguration, formal models of computation
