HyFAR: A hypervisor-based fault tolerance approach for heterogeneous automotive real-time systems

Fault tolerance is a key aspect for fully autonomous vehicles, as there is no human driver available to take control of the vehicle as a backup. Such autonomous vehicles incorporate signal-oriented and service-oriented hardware and software architectures within one heterogeneous real-time system. Fa...

Full description

Saved in:
Bibliographic Details
Published in:Journal of systems architecture 2024-11, Vol.156, p.103263, Article 103263
Main Authors: Lex, Johannes, Ulrich, Margull, Mader, Ralph, Fey, Dietmar
Format: Article
Language:English
Subjects:
AUTOSAR
Fault tolerance
Hypervisor
Mixed-criticality
Real-time
Virtualization
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Fault tolerance is a key aspect for fully autonomous vehicles, as there is no human driver available to take control of the vehicle as a backup. Such autonomous vehicles incorporate signal-oriented and service-oriented hardware and software architectures within one heterogeneous real-time system. Fault tolerance is commonly achieved by adding redundant Electronic Control Units (ECUs) to the system. However, redundant ECUs increase the weight, cost and power consumption of the system. This paper presents a novel hypervisor-based fault tolerance approach for automotive real-time systems (HyFAR), which is based on the largely unexplored concept of migrating software in a highly heterogeneous real-time system using virtualization technology. It is shown, that the fault tolerance of an automotive vehicle can be enhanced in a cost-effective way without the need of additional hardware. The process of recovering critical service-oriented software using a signal-oriented hardware and vice versa is examined. This paper gives a detailed overview of the effects of emulation, virtualization, separation and the type of the hypervisor towards the recovery time and the freedom from interference of signal-oriented and service-oriented software. The results demonstrate that recovering critical service-oriented software using signal-oriented hardware is limited due to missing middle-ware and virtualization support and resource scarcity. However, recovering critical signal-oriented software using a service-oriented hardware is feasible, while a subset of the original service-oriented software can be continued on the same hardware. The resulting approach can be applied to a range of applications including thermal management or lane departure warning.
ISSN:1383-7621
DOI:10.1016/j.sysarc.2024.103263