Publications in Scientific Journals:

S. Resch, A. Steininger, C. Scherrer:
"A Composable Real-Time Architecture for Replicated Railway Applications";
Journal of Systems Architecture, 61 (2015), 9; 472 - 485.

Triple-modular-redundant applications are widely used for fault-tolerant safety-critical computation. They have strict timing requirements for correct operation. We present an architecture which provides composability and mixed-criticality to support integration and to ease certification of such safety-critical applications. In this architecture, an additional layer is required for the sharing/partitioning of resources. This potentially jeopardizes the synchronization necessary for the triple-modular-redundant applications.

We investigate the effects of different (unsynchronized) scheduling methods for the resource-sharing layer in this architecture and conclude that an out-of-the-box solution, which guarantees the technical separation between applications with fast reaction time requirements is only feasible when executing at most one instance of a triple-modular-redundant application per CPU-core for single and multi-core CPUs. Only when accepting changes in the applications or the applications´ synchronization mechanisms, are more flexible solutions with good performance and resource utilization available.

