Failsafe, Phase II

With embedded software becoming ever more complex, assuming that it behaves perfectly is not realistic. The adaptation of fault protection concepts to embedded software is attractive, particularly in the context of the fault containment and health management capabilities provided by ARINC 653. In Phase II we shall develop tools to define simple, verifiable models that characterize the software with respect to its interface behavior, resource usage, and data reasonableness. We shall provide a software framework to instrument and monitor the software as it executes in both test and operational environments. When a deviation from the model is detected, a simple remediation action, including a hard or soft component reset is invoked. These tools will be integrated into ARINC 653 to support fault detection and recovery in an operational context, and the Eclipse software development environment for application in a test and verification context such as DSIL and engineering analysis context such as CEAL. Further we shall produce a methodology to assist in certification of instantiations of our software fault protection framework. More »