The vision and idea of the DanceOS project comprises the semi-automated, fine-grained and tailored application of reusable "dependability aspects" across the whole software stack. Our approach is partitioned in a chain of intertwined project parts.
Analysis and Evaluation
The goal of our dependability analysis is to evaluate the effects of hardware faults on a complex, mixed-criticality software stack and to determine "neuralgic spots" – parts of the software essential for failure-free execution in the presence of unreliable hardware. For that purpose we apply static analysis techniques to determine the software's "uses hierarchy", its component interfaces, and their side-effects on the global state. This approach is complemented by dynamic analysis in order to both remedy the limitations of static analysis and to gain evidence the results are sound.
To automate dynamic analysis experiments, we are developing a fault injection experiment platform (based on the Bochs and OVP simulators) which is capable of simulating complex HW/SW systems. We provide an infrastructure for golden run comparison experiments, configurable fault models, and automated experiment workflows.
Having identified neuralgic spots in the software stack, we apply dependability measures from a repository of combinable software measures to the components in question. The measures span ...
- standard textbook techniques, such such as triple-modularly redundant execution, redundant data structures, or control-flow signatures,
- new techniques for multi-core systems, such as speculative execution or mutual integrity checking, and
- dedicated operating-system support, such as latency hiding for checking and recovery or transparent control-flow monitoring.
In order to implement dependability measures in a modular way, and to apply them at compile- or even at runtime, we resort to a decade worth of experience on software modulization techniques – particularly in the area of aspect-oriented programming (AOP). The AOP concept of strictly separating what (e.g., a generic TMR advice) from where (e.g., a pointcut referring to a set of critical but side-effect–free functions) it should be applied fosters our idea of a generic repository of combinable dependability measures. The AspectC++ language (an AOP extension to C++, developed by our working groups) is a perfect vehicle for investigating and removing the current limitations of applying this technique in the domain of dependable software.
We aim at proving the applicability of our approach in two different embedded application scenarios. An embedded soft-router based on the eCos operating system and the Click Modular Router represents a typical throughput-oriented, soft real-time system on a rather "big" hardware platform (a Dual-Core Intel Atom embedded PC). The miniature quadrocopter, based on our CiAO operating-system product-line and a custom, time-driven attitude-control application, operates on an ARM Cortex-M3 CPU under more extreme, firm real-time conditions.