Prototype Implementation of a Goal-Based Software Health Management Service

Abstract

The FAILSAFE project is developing concepts and prototype implementations for software health management in mission-critical real-time embedded systems. The project unites features of the industry standard ARINC 653 Avionics Application Software Standard Interface and JPL's Mission Data System (MDS) technology. The ARINC 653 standard establishes requirements for the services provided by partitioned real-time operating systems. The MDS technology provides a state analysis method, canonical architecture, and software framework that facilitates the design and implementation of software-intensive complex systems. We use the MDS technology to provide the health management function for an ARINC 653 application implementation. In particular, we focus on showing how this combination enables reasoning about and recovering from application software problems. Our prototype application software mimics the Space Shuttle orbiter's abort control sequencer software task, which provides safety-related functions to manage vehicle performance during launch aborts. We turned this task into a goal-based function that, when working in concert with the software health manager, aims to work around software and hardware problems in order to maximize abort performance results. In order to make it a compelling demonstration for current aerospace initiatives, we additionally imposed on our prototype a number of requirements derived from NASA's Constellation Program. Lastly, the ARINC 653 standard imposes a number of requirements on the system integrator for developing the requisite error handler process. Under ARINC 653, the health monitoring (HM) service is invoked by an application calling the application error service or by the operating system or hardware detecting a fault. It is these HM and error process details that we implement with the MDS technology, showing how a state-analytic approach is appropriate for identifying fault determination details, and showing how the framework supports acting upon state estimation and control features in order to achieve safety-related goals. We describe herein the requirements, design, and implementation of our software health manager and the software under control. We provide details of the analysis and design for the Phase II prototype, and describe future directions for the remainder of Phase II and the new topics we plan to address in Phase III.