Fault tolerance in safety critical automotive applications: cost of agreement as a limiting factor

The high availability and safety requirements for automotive electronics are currently almost exclusively addressed by application specific engineering solutions to fault tolerance rather than by systematic approaches. Currently, systematic approaches are ruled out because of cost. The reason for this is that a systematic approach to fault tolerance requires: replication of components; and communication between replicated components to achieve agreement despite nondeterminism. While replicated components become more and more available with the connection of different control units by means of a multiplex bus, it is shown that the cost of agreement on sensor inputs will become the limiting factor for systematic approaches to fault tolerance. For that reason a new agreement algorithm is introduced which considers the problem of agreement and sensor inputs in an integrated fashion. This algorithm takes advantage of the a priori knowledge on the maximum deviation of replicated sensor inputs. Optimality of this algorithm is shown with respect to the minimum number of bits for agreement. This algorithm allows broader application of systematic fault tolerance to automotive applications. The result of this work will be used for a prototype implementation of a safety critical automotive application.<>