Towards Comparability in Evaluating the Fault-Tolerance of Safety-Critical Embedded Software
Safety-critical embedded systems often need to be cost-effective, but must nevertheless be safe. More and more, fault-tolerance mechanisms are being shifted from hardware into software. Not only is developing safety-critical software a challenging and intricate task, likewise intricate is to put its fault-tolerance into expressive and comparable measures. This especially holds for the fault-tolerance of software when it comes to hardware-faults that affect the execution of the machine instructions. Several fault-injection approaches for fault-tolerance evaluation of software have been presented in the past. However, these approaches do not underlie a uniform procedure, so that the obtained measures are specific to the system and therefore cannot be compared among one another. In this thesis a fault-injection method is developed that allows the evaluation of the fault-tolerance of embedded software in such a way, that the obtained measures become comparable. The method bases on a concept from the early 90s which characterizes fault-injection through a collection of sets. These sets are extended and adjusted in this thesis to the object of evaluation 'software in execution' and to the herein considered hardware faults. The software is thereby conceived as process. From its structural components, which are defined by means of a universal microprocessor model, a hardware-independent fault set is derived. This set forms a mutual basis among different experiments. In conjunction with the other sets presented, a fault-injection method allowing for comparable fault-tolerance measures is constructed. Therewith is presented a fault-tolerance evaluation method that enables comparability of the fault-tolerance of different software on different hardware -- as far as this is possible in the field of fault-injection.