Graceful degradation is an approach to developing dependable safety-critical embedded applications, where redundant active or standby resources are used to cope with faults through a system reconfiguration at run-time. Compared to traditional hardware and software redundancy, it is a promising technique that may achieve dependability with a significant reduction in cost, size, weight, and power requirements. Reconfiguration at run-time necessitates using proper checkpointing protocols to support state reservation to ensure correct task restarts after a system reconfiguration. One of the most common checkpointing protocols are communication induced checkpointing (CIC) protocols, which are well developed and understood for large parallel and information systems, but not much has been done for resource limited embedded systems. This work implements and evaluates some of the most common CIC protocols in a periodic resource constrained distributed embedded system for graceful degradation purposes. A test-bed has been developed and used for the evaluation of the various protocols. The implemented protocols are thoroughly studied and performances are contrasted. Specifically the periodicity property and how it benefits checkpointing in embedded systems is investigated. This work introduces a unique effort of CIC protocol implementation and evaluation in the field of distributed embedded systems. Other than providing a test-bed for graceful degradation support, this work shows that some checkpointing protocols that are not efficient in large information systems and supercomputers perform well in embedded systems. We show that a simple index-based CIC protocol, such as the BCS protocol, is more appropriate in embedded system applications compared to other protocols that piggyback a significant amount of information to reduce the number of forced checkpoints. Finally, this work proposes a whole graceful degradation approach to achieve fault tolerance in resource constrained real-time embedded systems. As a case study, the BCS protocol was used to checkpoint the avionics of an unmanned aerial vehicle. Faults were injected during run-time causing one of the system's stability control tasks to fail. The system was able to recover in a very short time by restarting the affected task on a different processor with a correct state with a time delay that did not cause any instability.
展开▼
