Comparison of fail-operational software architectures from the viewpoint of an automotive application

Due to the trend towards advanced driver assistance functions and fully automated driving, many future automotive systems have to provide fail-operational behaviour, maintaining certain functions for a certain time even in case of certain faults. Such behaviour is well-known in other domains where the availability of certain functions is important due to safety or financial reasons. The ability to tolerate faults and failures in systems, hardware and software therefore becomes increasingly important. Since there are topologies already available to cope with these new requirements, it is the task of the automotive industry to select the ones that fit to its specific constraints. These constraints include a high cost pressure, the scarcity of packaging space, limited resources for software, and requirements of the ISO 26262:2011 (i.e. the functional safety standard in the automotive industry). In order to support the decision on selecting the right software architecture, the strengths and weaknesses of topologies used by other industrial sectors have to be known thoroughly. This paper investigates three typical fault tolerant software architectures by use of a structured analysis technique, and by applying a set of criteria specific for the automotive domain. The intention of this paper is twofold: The primary goal is to gain an understanding related to the properties of the compared architectures. The second goal is to prove that the chosen software architecture comparison method is suitable to compare schematic, high level topologies.