Scalable graceful degradation for distributed embedded systems

This thesis presents a scalable approach to building gracefully degrading distributed embedded systems. Graceful degradation mechanisms can potentially provide increased system dependability without requiring redundant system resources. We define graceful degradation in terms of system utility: a generic measure of the system's ability to satisfy its requirements. An ideal gracefully degrading system minimizes the cumulative loss of system utility as successive system failures occur. Existing best practice for designing graceful degradation consists of specifying all possible system failure modes, and designing a system response to every possible combination of system failures; an exponentially difficult problem. We present a system model that enables scalable specification of system-wide graceful degradation. Our model views a distributed embedded system as a set of components that are either software components, sensors, or actuators. A system with N components that can each fail independently has 2N possible distinct system failure modes, one for each possible combination of failed components. We avoid this exponential complexity by exploiting the structure in the system's architecture to partition components into subsystems. Our model reduces the complexity of the system utility analysis from O(2N) to O(N*2k) where k is the maximum number of components in any one subsystem.; We apply our system model to representative system architectures and identify some design techniques that can improve graceful degradation. We then apply these design techniques to two distributed embedded systems and demonstrate how they enable scalable graceful degradation and increased system dependability.