The following technical report is available from
http://aib.informatik.rwth-aachen.de:
Empirical Evaluations of Safety-Critical Embedded Systems
Falk Salewski
AIB 2008-18
Embedded systems based on different types of hardware platforms are
nowadays increasingly used in safety-critical applications. These
different hardware platforms lead to fundamental differences in design,
particularly regarding the corresponding software.
In this work, potential influences of hardware platforms on safety
properties were gathered and open issues were identified. The most
relevant of these open issues were evaluated for popular embedded
hardware platforms (microcontroller, CPLD/FPGA). In detail, the impacts
of hardware platform selection on software diversity, encapsulation,
reviewability, reusability and the development according to ISO26262
were chosen for investigation. Furthermore, the approach of software
diversity was compared with a fault removal approach. The evaluation was
realized in form of six experiments conducted for this work. During
these evaluations, the following similarities and differences were
observed for the considered hardware platforms. Despite the diversity
between the hardware platforms, failures observed in the software
versions, which were developed for these different platforms, contained
high numbers of dependent (coincident) failures. Although failure
dependency between two versions was reduced by the use of diverse
hardware platforms, this effect was low. Most dependent failures were
identified as implementation independent so that improvements of the
software diversity by hardware diversity were limited. Thus, a
comparison of software fault tolerance with a fault removal approach
based on tests and reviews was conducted. As a result, different types
of failures were mitigated by these alternative approaches. On the other
hand, differences between microcontrollers and FPGAs were observed.
First, certain advantages of FPGAs with respect to encapsulation and
reuse of real-time functions could be demonstrated. Moreover,
differences regarding the reviewability of software versions written for
FPGAs and microcontrollers were observed. Finally, the development
according to ISO26262 revealed only minor differences between the
investigated hardware platforms but between the different safety
concepts of device supervision and function supervision.