State restoration in a COTS-based N-modular architecture

Abstract

Mechanisms for restoring the state of a channel in an N-modular redundant architecture are necessary to prevent redundancy attrition due to transient faults and to allow failed channels to be brought back on line after repair. This paper considers software-implemented mechanisms for state restoration (SR) in a generic fault-tolerant architecture in which both the underlying hardware and operating system are commercial off-the-shelf (COTS) components. State restoration involves copying the values of state variables from the active channel(s) across to the joining channel. Concurrent updating of state variables by application tasks is considered. Two state restoration schemes are considered: Running SR and Recursive SR. In the former, each state variable is copied exactly once while concurrent updates are written through to the joining channel. In the latter state variables are copied once and then recopied recursively until no concurrent updates are detected Author(s) Bondavalli, A. Istituto CNUCE, CNR, Pisa, Italy Di Giandomenico, F. ; Grandoni, F. ; Powell, D. ; Rabejac, C.