Mixed-Criticality Systems based on a CAN Router with Support for Fault Isolation and Selective Fault-Tolerance

In many application domains there is an increasing trend for mixed-criticality systems with functions of different assurance levels on shared computing platforms. Today’s CAN-based platforms do not support the requirements of mixed-criticality systems. A single CAN bus provides low cost, real-time support and flexibility for applications where the communication service is not safety-relevant. Faulttolerance extensions for CAN impose incompatibility to legacy applications, high cost and overhead for the entire CAN communication. This paper introduces a CAN infrastructure for fault isolation and selective fault-tolerance, which permits a balanced trade-off between cost and fault-tolerance for each subsystem of a mixed-criticality system. We introduce replicated CAN routers that perform fault isolation based on a priori knowledge of the permitted behavior of CAN nodes. Fault masking is supported selectively through the redundant transmission of messages from safety-critical subsystems. The CAN routers perform input agreement on pending messages for replica deterministic behavior, as well as output agreement on the delivery status of messages. Software layers hide the fault-tolerance mechanisms to establish compatibility to legacy software. The benefits of the proposed communication infrastructure are demonstrated in a simulation of an example system.