Challenges in validating safety critical embedded systems

The wider use of this noun is in Systems engineering.

Dependability as applied to a computer system is defined by the IFIP 10.4 Working Group on Dependable Computing and Fault Tolerance as: "[.. A nuclear weapon is an explosive device that derives its destructive force from nuclear reactions, either fission or a combination of fission and fusion.

Both reactions release vast quantities of energy from relatively small amounts of matter.

: ARINC653 specifies static line scheduling Dispatch by virtual timer Virtual timer per legacy Ada task/partition All partitions per processor at same rate Timer alignment in priority order to reduce context switches Asynchronous set of processors Each processor on its own clock 15 Double Buffering From Customer Design Document The 200 Hz update rate was used because the MUX data needed to be processed at twice the rate of the fastest channel to avoid a race condition.

Because channel 3 operates at 100 Hz, the IO processor had to operate at 200 Hz.

A life-critical system is designed to lose less than one life per billion (10) hours of operation.

Dependability is a value showing the reliability of a person to others because of his/her integrity, truthfulness, and trustfulness, traits that can encourage someone to depend on him/her.

The first thermonuclear ("hydrogen") bomb test released the same amount of energy as approximately 10,000,000 tons of TNT.

An information system (IS) - or application landscape - is any combination of information technology and people's activities that support operations, management and decision making.7 Potential Model-based Engineering Pitfalls Issues Late use of MBE Solution Early & continuous use of MBE Inconsistency between independently developed analytical models Architecture-centric model repository System models Lack of confidence that model reflects implementation Generation from validated models System implementation 8 Architecture-Centric Engineering Approach Availability & Reliability MTBF FMEA Hazard analysis Virtual Integration & Validation of System Architecture SAE AADL Architecture Model Security Intrusion Integrity Confidentiality Data Quality Data precision/ accuracy Temporal correctness Confidence Auto-generated analytical models Real-time Performance Execution time/ Deadline Deadlock/starvation Latency Resource Consumption Bandwidth CPU time Power consumption 9 Software-Based Latency Contributors Execution time variation: algorithm, use of cache Processor speed Resource contention Preemption Legacy & shared variable communication Rate group optimization Protocol specific communication delay Partitioned architecture Migration of functionality Fault tolerance strategy 13 Well-defined Execution & Communication Semantics in AADL Analysis tools have to interpret clocks & timers to determine execution model MARTE Synchronous Languages Clocks& Timers AADL Execution & Communication Model Raven Scar Computational Model Abstracted into AADL execution & communication semantics AADL Thread execution Communication timing Mode transition 14 What is the Scheduling & Execution Behavior?Legacy Ada tasks as partitions Are scheduled by cyclic executive Periodic application tasks scheduled within Ada task as cyclic executive Harmonic subrates: finish in frame, manual load distribution Preemptive partition scheduling on commercial RTOS Oxymoron?The challenge in this scenario is certification of the complete product.The challenges of multi-core CPUs include interrupt handling, bus contention, and increased coding and debugging complexities; there are hardware devices on the CPU that cannot be shared among safety-certified and general-purpose applications.A life-critical system or safety-critical system is a system whose failure or malfunction may result in: death or serious injury to people, or loss or severe damage to equipment or environmental harm.

Comments are closed.