Available Fail-Safe Systems

Abstract

Continuity of service and cost-effectiveness are adding new challenges to life critical systems over and above the underlying safety concerns. The introduction of redundant components is a necessary condition for increasing the overall system availability with respect to physical component failures. Here we consider redundancy by means of replicating fail-safe components in a distributed real-time system for railway applications. In such a system, some functions cannot tolerate even a brief service interruption. These functions have to be replicated using active redundancy, and their outputs must be consolidated with the goal that the failure of one component has no effect on the delivered service. We formally investigate conditions for preserving safety properties of fail-safe components when replicating them using active redundancy. We focus our analysis on duplex computers with two fail-safe units. Given some safety constraints, we show that inconsistency of replicated units can lea..