1 / 57

Henrik Schiøler

Konstruktion, modellering og validering af sikkerhedskritiske SW systemer. Henrik Schiøler. Why CISS ?. Increasing demands in electronic equipments for user friendliness, flexibility, small size and weight low power consumption connectivity everywhere at all times

willis
Télécharger la présentation

Henrik Schiøler

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Konstruktion, modellering og validering af sikkerhedskritiske SW systemer Henrik Schiøler

  2. Why CISS ? • Increasing demands in electronic equipments for • user friendliness, • flexibility, • small size and weight • low power consumption • connectivity everywhere at all times drive the needs for higher levels of software realization !

  3. Why CISS ? • This applies not least to portable systems withwireless communication facilitiesas well as medical equipments.

  4. Why CISS ? • Application areas • mobile and wireless communication products • automotive and avionic systems • consumer electronics (e.g. audio and video) • medico-technical equipment • Building automation • smart devices • toys and games • textiles

  5. Who is CISS ? ICT Companies Institute of Computer Science Institute of Electronic Systems Distributed Real Time Systems Control Theory; Real Time Systems; Networking. BRICS@Aalborg Modelling and Validation; Programming Languages; Software Engineering Embedded Systems Communication; HW/SW Power Management UCb

  6. Co-financed R&D projects and case-studies Industrial training and education Seminars, workshops and networks of knowledge transfer and exchange Ph.D. and industrial Ph.D. projects Visiting Guest researchers Student projects Typical Activities

  7. Applications, Solutions, Benefits Theory and Methodology Technology Innovation, Ideas, Pervation

  8. Topics

  9. Clusters Model Based Development of Embedded Software Intelligent Sensor Networks Embedded & RT Platform LAB Safety Critical Software Systems Embedded System Validation & Testing HW/SW Co-Design, Design Space Exploration

  10. Clusters Model Based Development of Embedded Software Intelligent Sensor Networks “THE” CISS Development Handbook Embedded & RT Platform LAB Safety Critical Software Systems Safety Critical Software Systems Safety Critical Software Systems Embedded System Validation & Testing HW/SW Co-Design, Design Space Exploration

  11. SW Development of Info-tech. Systems Functional demands Info-tech. system • Development cost/resources • Time to market

  12. Embedded systems Functional demands • Performance demands • Timeliness • Reliability Embedded Info-tech. system • Technological resource bounds • CPU speed • Memory • Power • Comm. bandwidth • Development cost/resources • Time to market

  13. Functional Safety

  14. Safety Integrity Levels (SIL)

  15. Safety Lifecycle

  16. Realization

  17. SW Safety Lifecycle

  18. SW Design and Development

  19. Safety Integrity

  20. SW Safety Integrity

  21. Requirement Specification

  22. SW Architectural Design

  23. Detailled Design

  24. Language and tools

  25. Module and IntegrationTesting

  26. Integration and Validation

  27. Performance modelling

  28. Performance Modelling

  29. Performance Modelling • Scheduling Theory • Timed Petri Nets • Timed Automata • Deterministic Network Analysis

  30. Scheduling Theory • Well established • Covers a variety of scheduling principles; RMA,DMA, EDF,… • Works for both preemptive and non preemptive scheduling • Takes critical instants into account; Priority Ceiling. • Does not cover other IPC patterns, e.g. prod./cons. (message passing) • Tools available: TimeWIZ, RapidRMA, TIMES, ..

  31. Timed Automata • Well established • General setup • Does not directly cover scheduling problems • Assertions verifiable • May be computationally intractable – especially for asynchronous communication (message passing) • Tools available: UPPAAL, Kronos, ..

  32. Timed Petri Nets • Well established • Mentioned in 61508 • Very general • Assertions hardly verifiable for other than D-nets, M-nets • Tools available: TPN-tools, TimeNET

  33. Deterministic Network Calculus • Well established for buffer and delay dimensioning in network communication • May be used for modelling message-passing in real time systems – transaction response times • Abstract, overapproximating, conservative (good for safety ?) • Computationally tractable • Min/Plus, Max/Plus filtering theory • Tools available: ??

  34. See www.uppaal.com !!!! UPPAAL Modelling and Verification ofReal Timesystems UPPAAL2k > 2000 users > 45 countries

  35. Timed Automata Alur & Dill 1990 Clocks:x, y Guard Boolean combination of integer bounds on clocks and clock-differences. n Reset Action perfomed on clocks Action used for synchronization x<=5 & y>3 State (location , x=v , y=u ) where v,u are in R a Transitions x := 0 a (n , x=2.4 , y=3.1415 ) (m , x=0 , y=3.1415 ) m e(1.1) (n , x=2.4 , y=3.1415 ) (n , x=3.5 , y=4.2415 )

  36. buttons Cruise Control When the car ignition is switched on and the on button is pressed, the current speed is recorded and the system is enabled: it maintains the speed of the car at the recorded setting. Pressing the brake, accelerator or off button disables the system. Pressing resume or on re-enables the system.

  37. Model Structure engineOn engineOff on off resume brake accelerator Cruise Control The CONTROL system is structured as two processes. The main actions and interactions are as shown. User clearSpeed recordSpeed enablecontrol disablecontrol Speed Control Engine dSpeed cSpeed acc

  38. User Engine

  39. The CARA System Computer Assisted Resuscitation System Purpose: automate delivery of intravenous fluids to injured persons in catastrophic situations Comprises: software to: monitor patient’s blood pressure control a high-output infusion pump

  40. System Structure

  41. UPPAAL model

  42. Traditional Software Development The Waterfall Model REVIEWS Problem Area Analyse Design REVIEWS Implementation Testing • Costly in time-to-market and money • Errors are detected late or never • Application of FM’s as early as possible Running System

  43. Modelbased Validation Analysis Validation Design Model • Specification FORMAL METHODS Verification & Refusal UML Implementation Testing

  44. Modelbased Validation Analysis Validation Design Model • Specification FORMAL METHODS Verification & Refusal UML Automatic Code generation Implementation Testing

  45. Modelbased Validation Analysis Validation Design Model • Specification FORMAL METHODS Verification & Refusal UML Automatic Code generation Automatic Test generation Implementation Testing

  46. Safety Research Activities • Model based validation (UPPAAL) (K. G. Larsen, A. Skou) • Model based testing (B. Nielsen) • Realiable control systems (J. Stoustrup) • Structural analysis for complex systems (R. I-Zamanabadi) • Impact of Scheduling Policies on Controller Performance (H. Schiøler, A. P. Ravn, J. Dalsgaard) • Reliability Resource Reservation Protocol (RRSVP) (H. Schiøler)

  47. Control Systems

  48. Reliable (Fault tolerant) Control

  49. Reliable (Fault tolerant) Control

  50. Reliable (Fault tolerant) Control

More Related