Flexible handling of diverse dependability requirements in MARS

The author analyzes variants of the MARS architecture for their handling of reliability, safety, and availability requirements. In order to provide these requirements, different strategies for tuning the MARS system have been applied: the installation of shadow components for reducing the probability of spare exhaustion failures, studies of the impact of the maintenance intervals on the system´s dependability, and increasing the error detection coverage by time redundant execution of application tasks and by checking signatures of received messages. The results have shown that the fail-silent coverage of components is the most sensitive parameter, and a coverage value close to one is a necessary prerequisite for this type of architecture. The use of general purpose hardware does not provide a sufficient fail-silent behavior, even if sophisticated error detection mechanisms at the operating system level and application software level are used