ABSTRACT
Selecting from amongst architectural and design patterns means acknowledging that many architectural balances have to be achieved. The design and implementation of any system, but particularly an embedded system designed for a safety-critical application, are subject to balances and tradeoffs. It is possible to imagine systems where safety is preserved by high reliability and others where safety demands high availability. For many systems that provide functional safety, occasional unreliability can be tolerated, while unavailability is dangerous. The balance that has to be achieved is that between usefulness and safety, and this is where a highly reliable system can become unacceptable. Even if the device’s move to its design safe state is accommodated within the larger system, the move presumably only happens occasionally and so may not be well-proven. It is easy to see how the lack of security can provide a safety hazard, but one problem with increasing security is that it almost always tends to reduce system performance.
