Abstract
Remote redundancy is a novel efficient TMR (triple modular redundancy) structure for real-time control systems. It allows for 2-out-of-3 voting by using only two redundant computing nodes (called local nodes) with access to sensor and actuator peripherals. The third node of the TMR structure is replaced just by a remote process on any node in the network, where some computing capacity is available. This approach significantly reduces the amount of hardware redundancy at the cost of both an increased communication overhead (which is not problematic in modern real-time networks) and an increased complexity. To nevertheless assess the correctness of the approach, this paper presents a functional model using a network of timed automata, allowing to prove the accurate behavior of a fault-tolerant example system under the influence of different fault scenarios. By state space exploration, that verification has successfully been achieved, confirming the results of prior fault tree analysis conducted by the authors and thus providing a well-founded basis for further experimental research on the subject.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Behrmann, G., David, A., Larsen, K.: A Tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004)
Baleani, M., Ferrari, A., Mangeruca, L., Sangiovanni-Vincentelli, L., Peri, M., Pezzini, S.: Fault-Tolerant Platforms for Automotive Safety-Critical Applications. In: Proc. of CASES, pp. 170–177. ACM, New York (2003)
Electronic Architecture and Systems Engineering for Integrated Safety Systems (EASIS): Discussions and findings on fault tolerance, http://www.easis-online.org/wEnglish/download/Deliverables/EASIS_Deliverable_D1.2-5_V1.0.pdf (2009-10-09)
Echtle, K.: Fault-Masking with Reduced Redundant Communication. Fault-Tolerant Computing Symposium FTCS-16, Digest of Papers. IEEE Press, Los Alamitos (1986)
Echtle, K., Kimmeskamp, T.: Fault-Tolerant and Fail-Safe Control Systems Using Remote Redundancy. In: Proc. of ARCS (2009)
Echtle, K., Jochim, M., Tappe, D.: Sicherheit und Fehlertoleranz – Zusammenspiel sicherheitsrelevanter Software und fehlertoleranter Datenbusse. Automotive Elektronik 3, 44–48 (2004)
Echtle, K., Kimmeskamp, T., Jacquet, S., Malassé, O., Pock, M., Walter, M.: Reliability Analysis of a Control System Built Using Remote Redundancy. In: Advances in Risk and Reliability Technology Symposium (AR2TS), Conf. Proc., Loughborough (2009)
Int. Electrotechnical Commission (IEC): Functional safety and IEC 61508, http://www.iec.ch/zone/fsafety/pdf_safe/hld.pdf (date of retrieval: 2009-10-09)
Rausch, M.: FlexRay. Hanser Publishing House, Munich (2007)
Uppaal − an integrated tool environment for modeling, validation and verification of real-time systems, http://www.it.uu.se/research/group/darts/uppaal/about.shtml#introduction (date of retrieval: 2009-12-08)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Echtle, K., Kimmeskamp, T. (2010). Verification of a Control System Built Using Remote Redundancy by Means of Timed Automata and State Space Exploration . In: Müller-Clostermann, B., Echtle, K., Rathgeb, E.P. (eds) Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance. MMB&DFT 2010. Lecture Notes in Computer Science, vol 5987. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12104-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-12104-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12103-6
Online ISBN: 978-3-642-12104-3
eBook Packages: Computer ScienceComputer Science (R0)