Eliminating Single Points of Failure in Software-Based Redundancy

In the domain of safety-critical embedded and cyber-physical systems, software-based redundancy is generally understood as an effective and cheap approach to improve reliability. Especially redundant execution in terms of triple modular redundancy is a well-known solution. However, triple modular redundancy (TMR) leaves unprotected single points of failure (SPOFs), such as the voter, which have to be carefully considered in all safety considerations. We present Combined Redundancy (CoRed), a holistic approach that hardens safety-critical parts of a system against soft-errors, while effectively eliminating the vulnerability caused by SPOFs. CoRed leverages redundant execution in combination with encoded processing to tackle the unprotected voting and data distribution. Its implementation does not require specific knowledge about the application and can be easily integrated into existing projects. We evaluated CoRed in a realistic setting using a quad rotor helicopter and provide experimental evidence for soft-error resistance and comparable low resource demand. In our experimental comparison plain TMR left more than seven percent of failures undetected, whereas CoRed was able to eliminate all silent data corruptions while inducing an overhead of just seven percent.