Electronic Systems Design Seminar


Design of Safety-Critical Applications, a Synthesis Approach

Claudio Pinello

EECS Dept., University of California at Berkeley

Tuesday, May 18th, 2004, 4pm-5pm
540A/B Cory Hall (D.O.P. Center Classroom)
Dissertation talk & joint ESD/CHESS seminar


A design flow is presented to address feedback control problems with fault-tolerant requirements (e.g. automotive safety-critical applications). The flow lets the designer specify independently:

  • the algorithmic solution
  • the distributed execution platform
  • the fault behavior.

The three aspects of the design are represented using respectively

  • a flavor of synchronous dataflow called fault-tolerant dataflow (FTDF)
  • a bipartite graph (channels and electronic control units) with performance annotations
  • a relation between failure patterns (subsets of the architecture graph that may fail in a same iteration) and the corresponding subset of the algorithm that must be guaranteed.

Based on these three specifications, an automatic synthesis tool introduces redundancy in the algorithms and schedules the FTDF actors on the distributed architecture, so that the fault behavior is met. In doing so, the scheduling tool aims at minimizing latency (the critical path from sensors to actuators). Finally some verification tools analyze the solution to extract timing and to verify replica determinism and fault behavior.

I will present the entire flow and illustrate some experiments using the tool on a drive-by-wire example from BMW and on a steer-by-wire example from General Motors.

©2002-2018 U.C. Regents