Software Fault Tolerance is a Major Autonomy Concern

摘要

A software system that terminates due to a failure during a mission will abort that mission, clearly an unmanned vehicle system issue equally affecting control, propulsion, sensors, and autonomy. This will happen no matter how well the software system is designed and implemented following traditional software high integrity guidelines. Unless specifically designed otherwise, a software failure can propagate through the system until critical functionality is lost leading to mission termination. Immediate and complete automatic system recovery without degrading or aborting the mission is not possible in high integrity and time critical systems and does not constitute acceptable fault tolerance. Software can be designed to include fault tolerance using various techniques that will capture a fault at the point of occurrence and switch to alternative functionality in order to continue the mission with little or no degradation of mission objectives. Fault tolerance cannot be added after software implementation but has to be incorporated from the beginning of the design effort.