共查询到20条相似文献,搜索用时 31 毫秒
1.
2.
Safety and reliability have become important software quality characteristics in the development of safety-critical software
systems. However, there are so far no quantitative methods for assessing a safety-critical software system in terms of the
safety/reliability characteristics. The metrics of software safety is defined as the probability that conditions that can
lead to hazards do not occur. In this paper, we propose two stochastic models for software safety/reliability assessment:
the data-domain dependent safety assessment model and the availability-related safety assessment model. These models focus
on describing the time- or execution-dependent behavior of the software faults which can lead to unsafe states when they cause
software failures. The application of one of these models to optimal software release problems is also discussed. Finally,
numerical examples are illustrated for quantitative software safety assessment and optimal software release policies.
This revised version was published online in June 2006 with corrections to the Cover Date. 相似文献
3.
A large part of safety-critical embedded systems has to satisfy hard real-time constraints. These need sound methods and tools to derive run-time guarantees that are not only reliable but also precise. The achievable precision highly depends on characteristics of the target architecture, the implementation methods and system layers of the software. Trends in hardware and software design run contrary to predictability. This article describes threats to timing predictability of systems, and proposes design principles that support timing predictability. The ultimate goal is to design performant systems with sharp upper and lower bounds on execution times. 相似文献
4.
Several safety-related standards exist for developing and certifying safety-critical systems. System safety assessments are
common practice and system certification according to a standard requires submitting relevant system safety information to
appropriate authorities. The RTCA DO-178B standard is a software quality assurance, safety-related standard for the development
of software aspects of aerospace systems. This research introduces an approach to improve communication and collaboration
among safety engineers, software engineers, and certification authorities in the context of RTCA DO-178B. This is achieved
by utilizing a Unified Modeling Language (UML) profile that allows software engineers to model safety-related concepts and
properties in UML, the de facto software modeling standard. A conceptual meta-model is defined based on RTCA DO-178B, and
then a corresponding UML profile, which we call SafeUML, is designed to enable its precise modeling. We show how SafeUML improves
communication by, for example, allowing monitoring implementation of safety requirements during the development process, and
supporting system certification per RTCA DO-178B. This is enabled through automatic generation of safety and certification-related
information from UML models. We validate this approach through a case study on developing an aircraft’s navigation controller
subsystem. 相似文献
5.
Simulink’s Stateflow is a graphical notation widely adopted in industry. Since it is frequently used to model safety-critical systems, correctness of implementations of Stateflow charts is a major concern. In previous work, we have shown how we can generate formal models for refinement of Stateflow charts automatically. Here, we define a refinement strategy that supports the automated verification of implementations with respect to these models. We consider the verification of implementations that follow architectural patterns used in the Stateflow code generator. We present a detailed procedure for application of refinement laws. If the implementation is correct, the procedure succeeds. If a law application fails, the implementation is either incorrect or does not use the expected architectural pattern. The very low proof burden associated with the refinement verification makes a high level of automation possible. 相似文献
6.
Embedding defective software in medical devices increases safety risks. Given that all software is inherently defective, how can medical device manufacturers identify and manage risk? An effective, tailored risk management process can make the task less daunting. Developing complex, software-based medical devices is a challenging business. Device manufacturers must understand the inherent differences between hardware and software components and establish robust software development processes that are based on recognized engineering principles appropriate for safety-critical systems. At the heart of such processes, they must incorporate risk management - from early development through product retirement. Manufacturers have a responsibility to train development and risk management teams in the use of recognized software engineering practice that promote software safety. Only then can they minimize the risk of including inherently defective software in their products. 相似文献
7.
安全关键系统的实现需要通过需求、设计、集成、验证和测试等多个阶段。近年来,模型驱动开发方法逐渐成为安全关键系统设计与开发的重要手段。由于还没有一个建模语言能够支持整个安全关键系统开发生命周期,因此选择集成使用2种广泛使用的标准语言:系统建模语言(SysML)和嵌入式实时系统体系结构分析与设计语言(AADL)。SysML和AADL提供了同一系统的2个不同视图,SysML模型为系统工程师提供了一个系统视图,AADL为架构设计师建立一个较低层次的设计视图,它结合了实现所有功能的硬件、操作系统和代码。提出一种SysML模型到AADL模型的自动转换方法。首先,定义SysML子集SubSysML,主要包括模块定义图(BDD)、内部模块图(IBD)、活动图(ACT)子集和从IBD和BDD扩展的AADL Profile;其次,定义SubSysML到AADL的转换规则并设计转换算法;然后,对生成的AADL初始模型进行精化;最后,使用EMF框架技术实现SubSysML到AADL的模型转换工具并通过雷达案例验证所提方法的有效性。 相似文献
8.
模型驱动开发方法逐渐应用于航空航天等领域的安全关键软件设计与实现中。体系结构分析设计语言(Architecture Analysis and Design Language, AADL)是一种标准化的嵌入式软件体系结构描述语言,通过建模、验证以及代码自动生成为安全关键软件的设计与实现提供完整支持。然而,工业界实际代码是运行在具有不同特性的目标平台上的,例如不同的软硬件体系结构和编程接口,而现有AADL代码生成研究主要是通过手工将自动生成的代码集成到平台当中,存在工作繁琐且易出错的问题。为此,本文提出一种基于AADL的航天嵌入式软件Ada代码自动生成方法。首先,给出卫星姿轨控系统的AADL建模;其次,给出AADL到平台相关的Ada代码自动转化规则;最后,给出代码生成原型工具,并对卫星姿轨控系统AADL模型所生成的代码进行航天编码规范检查,并运行在相关仿真环境中,验证了本文所提方法的有效性。 相似文献
9.
More and more technical systems are supervised, controlled and regulated by programmable electronic systems. The dependability of the entire system depends heavily on the safety of the embedded software. But the technological trend to entrust software with tasks of growing complexity and safety relevance conflicts with the lacking acceptance of rigorous proofs of software safety. Based on an international standard for higher level programming languages for programmable logic controllers (PLC, IEC 1131-3), a mathematically based method for validating the behavioral correctness and the functional safety of graphical designs of safety-critical control applications is introduced. The design elements taken from a domain specific module library are proven correct and safe only once. The functional correctness and satisfaction of safety requirements of new application graphical programs can then be shown effectively by reference to the proven properties of the library components used. This approach is part of an comprehensive computing architecture for safety-critical control programs which is presented in a survey. 相似文献
10.
The DECOS architecture is an integrated architecture that builds upon the validated services of a time-triggered network, which serves as a shared resource for the communication activities of more than one application subsystem. In addition, encapsulated partitions are used to share the computational resources of Electronic Control Units (ECUs) among software modules of multiple application subsystems. This paper investigates the benefits of the DECOS architecture as an electronic infrastructure for future car generations. The shift to an integrated architecture will result in quantifiable cost reductions in the areas of system hardware cost and system development. In the paper we present a current federated Fiat car E/E architecture and discuss a possible mapping to an integrated solution based on the DECOS architecture. The proposed architecture provides a foundation for mixed criticality integration with both safety-critical and non safety-critical subsystems. In particular, this architecture supports applications up to the highest criticality classes (10?9 failures per hour), thereby taking into account the emerging dependability requirements of by-wire functionality in the automotive industry. 相似文献
11.
To fulfill their safety requirements, modern embedded systems are increasingly often expected to deliver a guaranteed minimum level of functionality at all times. In practice, such fail-operational systems are often based on fault tolerance mechanisms that are inadequate for use in cost-driven environments such as the automotive domain. In this work, we consider safety-critical embedded systems with a certain degree of spare resources at the system level and propose a cost-efficient fault tolerance approach that protects a pair of execution units from severe hardware faults. The concept requires no replication of an execution unit. Instead, it employs a state-preserving proxy unit that communicates with low-level devices such as sensors or actuators and handles faults of one execution unit by dynamically migrating the safety-critical portion of its functionality to the redundant counterpart. Based on the application of this concept to an example scenario from the automotive domain, we analyze the resource overhead of the proxy unit and evaluate both the achieved fault handling time and the generated computational overhead experimentally. 相似文献
12.
基于通信的列车控制系统可信构造:形式化方法综述 总被引:1,自引:0,他引:1
基于通信的列车控制系统(communication based train control system,简称CBTC)已经成为世界范围内建造轨道交通信号系统的标准制式.CBTC采用更加灵活和精确的列车控制,并提供连续的安全列车间隔保证和超速防护,在很大程度上提高了轨道交通运输的效率和安全性.尽管CBTC能够精确地实施实时控制,但由于CBTC涉及计算、通信与控制这3个方面的实时协同,系统设计与实现异常复杂.由设计缺陷而导致严重的灾难、事故和损失屡见不鲜.作为一个典型的安全攸关系统,如何保证CBTC的可信构造已成为领域研发人员关注的焦点与面临的最大挑战.鉴于在软硬件领域的成功经验,形式化方法目前已被公认为是保障CBTC可信性的一种有效方案.围绕CBTC的可信构造,从其生命周期的3个重要阶段,即系统需求分析、设计建模与底层实现入手,针对CBTC在可信方面的典型特征,梳理分析了CBTC系统在可信构造方面面临的挑战、国内外研究现状和发展趋势,全面介绍了形式化方法在CBTC可信构造中扮演的角色. 相似文献
13.
This paper presents an overview and discusses the role of certification in safety-critical computer systems focusing on software,
and partially hardware, used in the civil aviation domain. It discusses certification activities according to RTCA DO-178B
“Software Considerations in Airborne Systems and Equipment Certification” and touches on tool qualification according to RTCA
DO-254 “Design Assurance Guidance for Airborne Electronic Hardware.” Specifically, certification issues as related to real-time
operating systems and programming languages are reviewed, as well as software development tools and complex electronic hardware
tool qualification processes are discussed. Results of an independent industry survey done by the authors are also presented. 相似文献
14.
An Artificial Pancreas (AP) system centered around an Android Smartphone is proposed in this paper. This unique architecture involves two separate but interacting modular Android applications (Apps) that are designed for unique functionalities. Even though an artificial pancreas system is a safety-critical system that demands a complex architecture and careful coding process, owing to their modular nature, these apps could be designed and developed through rapid prototyping processes. The first app (App-A), which runs in the front-end, serves as the user interface and acts as a connection hub for the hardware devices, was developed on the Android studio platform. Necessary communication protocols to enable communication with the hardware devices are incorporated into this app. The second app (App-B), which runs in the back-end, is developed using Simulink’s Android support package. It contains a safety-critical model predictive control algorithm with appropriate constraints to compute the required insulin rate, augmented with a Kalman Filter for estimating the states. There is an additional safety logic as well to prevent insulin over-dosage, thereby augmenting to the cause of a safety-critical control algorithm. The contribution of this work is a modular software framework and prototyping methodology that can be used for rapid development, testing and deployment of Android based AP-systems. 相似文献
15.
Abdelzaher T. Dawson S. Feng W.-C. Jahanian F. Johnson S. Mehra A. Mitton T. Shaikh A. Shin K. Wang Z. Zou H. Bjorkland M. Marron P. 《Real-Time Systems》1999,16(2-3):127-153
Real-time embedded systems have evolved during the past several decades from small custom-designed digital hardware to large distributed processing systems. As these systems become more complex, their interoperability, evolvability and cost-effectiveness requirements motivate the use of commercial-off-the-shelf components. This raises the challenge of constructing dependable and predictable real-time services for application developers on top of the inexpensive hardware and software components which has minimal support for timeliness and dependability guarantees. We are addressing this challenge in the ARMADA project.ARMADA is set of communication and middleware services that provide support for fault-tolerance and end-to-end guarantees for embedded real-time distributed applications. Since real-time performance of such applications depends heavily on the communication subsystem, the first thrust of the project is to develop a predictable communication service and architecture to ensure QoS-sensitive message delivery. Fault-tolerance is of paramount importance to embedded safety-critical systems. In its second thrust, ARMADA aims to offload the complexity of developing fault-tolerant applications from the application programmer by focusing on a collection of modular, composable middleware for fault-tolerant group communication and replication under timing constraints. Finally, we develop tools for testing and validating the behavior of our services. We give an overview of the ARMADA project, describing the architecture and presenting its implementation status. 相似文献
16.
Developing concurrent real-time programs is one of computer science's greatest challenges. Not only is such software expensive to manufacture, but its role in safety-critical systems demands that it be correct. Formal methods of program specification and refinement could strengthen the mathematical precision used to develop such software. Nevertheless, formalisms that embrace both real-time and concurrency requirements are only just emerging. The Quartz method treats time and functional behavior with equal importance in the development process. The authors argue that by modeling program development in a unified framework, we can increase our confidence in the correctness of real-time concurrent code 相似文献
17.
Martha Grabowski Stephen D. Sanborn 《International journal of human-computer studies》2003,58(6):637-670
Information technology continues to evolve rapidly. We see this particularly in the evolution of embedded intelligent systems—knowledge-based systems deployed in larger hosts with real-time response requirements, which provide real-time advice, guidance, information, recommendations and explanations to their users. These systems have recently been deployed in safety-critical large-scale systems, where humans and technology are jointly responsible for executing tasks, monitoring operations, and providing system safety. Thus, human interaction with intelligent technology in safety-critical systems has important implications. Those interactions can enhance or reduce system efficiency, enhance or compromise safety, and augment or negate the other benefits that technology provides. In this paper, we focus on interactions between human operators and embedded intelligent systems. We first consider the role of technology in safety-critical systems, and discuss studies of the impact of technology on human operators in such systems. We then describe embedded intelligent systems, and studies of their impacts on human operators. To illustrate these points, we consider the case of embedded intelligent technology introduction in one such setting, and the results of an empirical investigation of the impact of the technology on human performance in that system. We conclude with a discussion of the implications of the study and of the importance of understanding the impact of embedded intelligent technology on human operators in safety-critical systems. 相似文献
18.
软件的大量应用,使控制系统面,临严峻的安全考验,陷入了安全危机中,迫切需要新的安全保障技术。安全核就是应运而生的一种安全保障新概念,其可信性直接关系到安全核的有效性和系统的安危。面对安全核可信性问题,测试和限制安全核尺寸是当前采用的方法,它们极大地制约了安全核技术在复杂系统中的应用。本文分析了安全核可信性的本质;结合安全关键系统的基本构架,提出了从安全需求分析开始到安全核生成过程中,如何通过形式化的方法采提高安全核可信性的方法,为安全核技术在复杂系统中的应用提供了一种新思路;以交通灯控制为例全过程地实现和验证了所提出思想的正确性和可行性。 相似文献
19.
Lionel Damez Loic Sieler Alexis Landrault Jean Pierre D��rutin 《Journal of Real-Time Image Processing》2011,6(1):47-58
Highly regular multi-processor architectures are suitable for inherently highly parallelizable applications such as most of
the image processing domain. Systems embedded in a single programmable chip platform (SoPC) allow hardware designers to tailor
every aspect of the architecture in order to match the specific application needs. These platforms are now large enough to
embed an increasing number of cores, allowing implementation of a multi-processor architecture with an embedded communication
network. In this paper we present the parallelization and the embedding of a real time image stabilization algorithm on a
SoPC platform. Our overall hardware implementation method is based upon meeting algorithm processing power requirements and
communication needs with refinement of a generic parallel architecture model. Actual implementation is done by the choice
and parameterization of readily available reconfigurable hardware modules and customizable commercially available IPs (Intellectual
Property). We present both software and hardware implementation with performance results on a Xilinx SoPC target. 相似文献