کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
460408 | 696331 | 2015 | 14 صفحه PDF | دانلود رایگان |
Triple-modular-redundant applications are widely used for fault-tolerant safety–critical computation. They have strict timing requirements for correct operation. We present an architecture which provides composability and mixed-criticality to support integration and to ease certification of such safety–critical applications. In this architecture, an additional layer is required for the sharing/partitioning of resources. This potentially jeopardizes the synchronization necessary for the triple-modular-redundant applications.We investigate the effects of different (unsynchronized) scheduling methods for the resource-sharing layer in this architecture and conclude that an out-of-the-box solution, which guarantees the technical separation between applications with fast reaction time requirements is only feasible when executing at most one instance of a triple-modular-redundant application per CPU-core for single and multi-core CPUs. Only when accepting changes in the applications or the applications’ synchronization mechanisms, are more flexible solutions with good performance and resource utilization available.
Journal: Journal of Systems Architecture - Volume 61, Issue 9, October 2015, Pages 472–485