Dynamic software reconfiguration for fault-tolerant real-time avionic systems

This paper reports on research conducted by Smiths Industries (SI) Aerospace within the Control Technology Programme (CTP), to ascertain the feasibility of hardware fault tolerance via dynamic software reconfiguration and to demonstrate its viability in the context of a typical real-time avionic application. Hardware fault-tolerant (FT) systems require the physical replication of hardware components, with the component being the smallest configurable unit. The research approach adopted here is to segregate fully the software (Functionality) from the hardware, and regard the configurable units as the software functions themselves. Failure of a component within a computing module would therefore require dynamically reconfiguring the affected software functions elsewhere within the module. Furthermore, it would be possible to reconfigure individual functions not only over different processors but also to currently active processors if spare processing capacity was available in those processors. The computing platform for conducting the research comprised a message-based multiprocessor module, on which was developed a distributed Operating System layer to support both the initial configuration of the application functions and their reconfiguration as a result of user-instigated failure of the module hardware. Software reconfiguration from both module-local memory and module-external backing store was successfully demonstrated for critical and non-critical functions respectively. Based on the research/development system, a self-contained FT module variant was constructed for integration within the System Digital Control Laboratory (SDCL) at BAe Airbus. This module additionally demonstrated the periodic and aperiodic communication capability of the ARINC 629 Combined Mode Protocol (CP) Databus in supporting both the module's functional operation and configuration/reconfiguration process. (C) 1997 Elsevier Science B.V.