Information process flow analysis (IPFA) for reengineering manufacturing systems

Automated manufacturing lines, aircraft, unclear power plants, and similar real-time intelligent or embedded systems contain three control elements: (1) embedded computers, (2) humans-in-the-loop, and (3) certain machines, i.e., mechanically, electrically, or electronically operated devices. Embedded system control elements are interconnected through accurate, precisely-timed, closed-loop information systems to provide high quality products and/or services from their parent systems, and in some cases to ensure human safety. Highly-reliable controlling computers and associated software embedded in time- and safety-critical systems that compensate for possible human and/or machine error are especially difficult to design and develop, or “forward engineer”. Reengineering embedded control elements in old systems is even more troublesome, especially when they require re-manufacturing, e.g., nuclear power plant refueling, aircraft avionics system upgrading, or manufacturing plant retooling.

This paper describes how industrial engineers can assist in reengineering worn out, error prone, or obsolescent real-time manufacturing systems (embedded systems) by helping computer systems and communication engineers ensure that critical information control loops, both feed forward and feed back, are complete and efficient. Two conceptual models, the Embedded Computer System (ECS) physical model and the Object Transformation Process Model (OTPM) are used to guide a modified process flow analysis (PFA) of existing large-scale, complex embedded systems that takes into account process-supporting information. This modified PFA is called an Information Process Flow Analysis (IPFA).     

嵌入式自适应安全关键中间件设计方法研究

由于嵌入式安全关键系统自身的特点和应用环境的特殊性,导致了设计嵌入式安全关键应用比一般的嵌入式实时应用要困难得多。在分析传统嵌入式实时中间件技术应用于嵌入式安全关键系统不足的基础上,提出了一种新的自适应安全关键中间件(ASCM)的设计方法,并对相应的体系结构和关键技术进行了讨论。另外,针对嵌入式安全关键系统运行环境的特殊性,重点讨论了一种端到端的自适应服务质量(QoS)管理机制。     

ASCM:基于SOA的嵌入式安全关键中间件

由于嵌入式安全关键系统自身的特点和应用环境的特殊性,导致了设计分布式嵌入式安全关键应用比一般的嵌入式实时应用要困难得多。提出了一种新的基于SOA构架的自适应安全关键中间件,极大地简化了嵌入式安全关键系统应用的开发,并对相应的体系结构和关键技术进行了讨论。另外,针对嵌入式安全关键系统运行环境的特殊性,重点讨论了SOA构架中基于动态配置服务的端到端的自适应QoS管理机制和实时容错机制的设计和实现。     

Comparison between conventional and digital nuclear power plant main control rooms: A task complexity perspective,part I: Overall results and analysis

Digitalization is a trend in safety-critical complex systems. It changes the way human interacts with systems. We have less empirical knowledge about its potential negative effects on human. In our study, we compared conventional and digital main control rooms (MCRs) in nuclear power plants (NPPs) from a task complexity perspective. Complexity factors in MCRs were quantified in terms of three aspects, frequency of occurrence, complexity induced by their being, and impact caused by them. A total of 69 licensed operators participated in the study. The study consists of two parts. In Part I, overall results and analysis were reported. Generally, operators in digital MCRs perceived higher frequency and higher impact of complexity factors than those in conventional MCRs, no matter in abnormal/emergency or normal situations. Operators in digital MCRs perceived higher complexity than those in conventional MCRs in abnormal/emergency situations. These findings suggest that operators in digital MCRs experience higher complexity and workload which may reduce their reliability. These findings imply that we should caution the side-effects of ubiquitous digitalization in complex industrial systems.Relevance to industryDigital technologies are widely deployed in the nuclear industry. They change the working environments in which operators interact with NPP systems. There is insufficient research on operator experience on the changes brought by technological developments in NPP control rooms. Our findings imply that we should take care of the potential negative effect of digitalization on operator working environments.     

A survey on human detection surveillance systems for Raspberry Pi

Building reliable surveillance systems is critical for security and safety. A core component of any surveillance system is the human detection model. With the recent advances in the hardware and embedded devices, it becomes possible to make a real-time human detection system with low cost. This paper surveys different systems and techniques that have been deployed on embedded devices such as Raspberry Pi. The characteristics of datasets, feature extraction techniques, and machine learning models are covered. A unified dataset is utilized to compare different systems with respect to accuracy and performance time. New enhancements are suggested, and future research directions are highlighted.     

Achieving cost-efficient fail-operational behavior based on inherent redundancy at the system level

To fulfill their safety requirements, modern embedded systems are increasingly often expected to deliver a guaranteed minimum level of functionality at all times. In practice, such fail-operational systems are often based on fault tolerance mechanisms that are inadequate for use in cost-driven environments such as the automotive domain. In this work, we consider safety-critical embedded systems with a certain degree of spare resources at the system level and propose a cost-efficient fault tolerance approach that protects a pair of execution units from severe hardware faults. The concept requires no replication of an execution unit. Instead, it employs a state-preserving proxy unit that communicates with low-level devices such as sensors or actuators and handles faults of one execution unit by dynamically migrating the safety-critical portion of its functionality to the redundant counterpart. Based on the application of this concept to an example scenario from the automotive domain, we analyze the resource overhead of the proxy unit and evaluate both the achieved fault handling time and the generated computational overhead experimentally.     

物联网嵌入式智能设备实时控制系统设计

随着智能设备功能业务的逐渐扩展,用户对智能设备控制系统的实时性要求越来越高,当前控制系统采用CAN技术实现智能设备与用户间的通信,无法满足用户对系统实时性的需求。提出一种新的物联网嵌入式智能设备实时控制系统,通过构建系统的总体框架,将嵌入式LPC2378 ARM处理器作为核心处理器,通过RS-485总线将智能设备连接在一起,和处理器构成一个总线传输网络,在嵌入式LPC2378 ARM处理器中,将带DMA的10/100M以太网模块和以太网PHY芯片DP83848I连接,以提高数据包的传输效率,增强系统的实时性。系统GPRS模块选择SIM300CZ模块,将远程报警模块和RS-485总线结合在一起,共同实现远程报警和控制功能。软件设计时,给出了软件的整体架构和总体流程图,介绍了部分存储代码。实验结果表明,所设计系统对智能设备有很高的控制性能。     

Effects of introducing collaborative technology on communications in a distributed safety-critical system

Communication and collaborative decision-making are critical activities in safety-critical systems such as marine transportation. As a result, new group technologies have been introduced to enhance communication and decision-making in these settings. Unfortunately, little research examining the impact of these new collaborative technologies has been undertaken, and most of it has been undertaken in laboratory environments, rather than in operational or safety-critical settings. Two primary differences of the operational setting in this study suggest that results may differ from studies undertaken in laboratory environments: (1) the system has a strong hierarchical organization and culture with clearly defined roles and (2) roles in the system are associated with different information access privileges. This paper explores the impact of introducing new technology on communication and collaboration between dispersed decision-making groups in marine transportation, and focuses on the differences in results observed in this operational setting.     

基于Multi-agent的实时系统运行故障监控研究

软件密集型装备中常常包含着许多担负监测和控制作用的嵌入式实时系统,它们常常属于安全关键或者任务关键系统(safety-critical/mission-critical system)。为了能够有效解决该类系统中的软件故障检测、诊断与修复任务,本文提出了基于Multi-agent的实时系统运行故障监控框架,旨在利用在多agent的协作构建运行故障监控系统来在系统运行当中验证系统是否满足时序逻辑描述的性质规约,并采用具体的算法进行故障定位和修复。     

Architecture description languages for high-integrity real-time systems

Safety-critical systems, such as those in the avionics, automotive, power, space, and medical industries, are predominantly driven by real-time embedded software and are often referred to as high-integrity real-time systems (HIRTS). In these systems, safety is of paramount importance. Safety is broadly defined as freedom from accidents and loss. When no safe alternative to normal service exists, a system must be dependable to be safe, that is, it must have reliable ways to deliver a certain quality of service. Our collaborations with industrial partners have focused on HIRTS modeling techniques. Initially, we explored the potential benefits that the most successful software architecture and modeling approaches could bring to the safety-critical domain. We subsequently designed the architecture information modeling language. AIM lets us exploit the available technologies from the same platform and thus provide stronger support for the safety case. A safety case, a key element in HIRTS certification, typically consists of a high-level argument and supporting evidence. The HLA sets the principles on which the design is based and reasons why the design should satisfy the safety requirements.     

Stability of adaptive feedback-based resource managers for systems with execution time variations

Today’s embedded systems are exposed to variations in load demand due to complex software applications, dynamic hardware platforms, and the impact of the run-time environment. When these variations are large, and efficiency is required, adaptive on-line resource managers may be deployed on the system to control its resource usage. An often neglected problem is whether these resource managers are stable, meaning that the resource usage is controlled under all possible scenarios. In this paper we develop mathematical models for real-time embedded systems and we derive conditions which, if satisfied, lead to stable systems. For the developed system models, we also determine bounds on the worst case response times of tasks. We also give an intuition of what stability means in a real-time context and we show how it can be applied for several resource managers. We also discuss how our results can be extended in various ways.     

面向AADL模型的存储资源约束可调度性分析

嵌入式实时系统在安全关键领域变得越来越重要,其广泛应用于航空航天.汽车电子等具有严格时间约束的实时系统中.随着嵌入式系统的复杂度越来越高,在系统开发的早期设计阶段就需要对其可调度性进行分析评估.系统中的存储资源会对可调度性产生一定影响,在抢占式实时嵌入式系统引入缓存后,任务的最坏执行时间可能发生变化.因此,分析缓存相关...     

基于Internet的嵌入式系统网络安全应用研究简

嵌入式技术无论在工业监控还是在家用电器等方面都发展很快。尤其在最近几年,借助家电的信息化、智能化,嵌入式系统在智能家居中的应用也越来越普遍。随着这些设备上网步伐的加快,嵌入式系统的网络安全问题也日益凸显,给网络安全提出了新的课题。本文就嵌入式系统的特点就嵌入型系统的安全问题做了探讨,提出了一种新的安全机制。     

不确定环境下hCPS系统的形式化建模与动态验证

随着科技的进步,新型复杂系统例如人机物融合系统（Human Cyber-Physical Systems,HCPS）已经与人类社会生活越来越密不可分.软件系统所处的信息空间与人们日常生活所处的物理空间日渐融合.物理空间内环境的复杂多变、时空数据的爆发增长以及难以预料的人类行为等不确定因素威胁着系统安全.由于系统安全需求的增长,系统的规模和复杂度随之增加所带来的一系列问题亟待解决.因此,在不确定性环境下,构造智能、安全的人机物融合系统已经成为软件行业不可回避的挑战.环境不确定性使得人机物融合系统软件无法准确感知其所处的运行环境.感知的不确定性将导致系统的误判,从而影响系统的安全性.环境不确定性使得系统设计人员无法为人机物融合系统软件的运行环境提供准确的形式化规约.而对于安全要求较高的系统,准确的形式化规约是保证系统安全的首要条件.为了应对规约的不确定性,本文提出时空数据驱动与模型驱动相结合的建模方式,即通过使用机器学习算法,基于环境中时空数据对环境进行建模.根据安全软件的典型特征,采用动态验证的方式保证系统的安全,从而构建统一安全的理论框架.为了展示方案的可行性,本文以自动驾驶车辆与人驾驶的摩托车的交互场景为例说明了在不确定性环境下的人机物融合系统的建模与验证的具体应用.     

时间触发总线验证技术研究

TTP协议定义了一种高确定性,无冲突,高安全的通信总线,能够满足包括飞行控制等的安全关键实时控制系统的应用要求。时间触发总线验证技术根据TTP协议规范要求,针对研制的节点进行测试,包括基本通信测试、时钟同步、故障注入等不同的测试场景,充分验证被测节点的各项功能、性能。通过这些测试,表明被测节点各项指标都满足研制需求,可用于安全关键实时控制系统。     

Opportunities and obligations for physical computing systems

The recent confluence of embedded and real-time systems with wireless, sensor, and networking technologies is creating a nascent infrastructure for a technical, economic, and social revolution. Based on the seamless integration of computing with the physical world via sensors and actuators, this revolution will accrue many benefits. Potentially, its impact could be similar to that of the current Internet. We believe developers must focus on the physical, real-time, and embedded aspects of pervasive computing. We refer to this domain as physical computing systems. For pervasive computing to achieve its promise, developers must create not only high-level system software and application solutions, but also low-level embedded systems solutions. To better understand physical computing's advantages, we consider three application areas: assisted living, emergency response systems for natural or man-made disasters, and protecting critical infrastructures at the national level.     

基于着色时间Petri网的实时系统的形式验证

嵌入式实时系统多数应用在安全性要求较高的场合,因此需要保证系统的正确性.复杂性不断增加的实时系统迫切需要在系统开发早期引入形式化分析技术来验证系统的期望性质.时间Petri网是有严格数学基础的图形表达工具,适合对实时系统建模;时间自动机(Timed Automata,TA)有成熟的验证工具,被广泛用于实时系统的模型检验和验证.本文提出一种基于着色时间Petri网(Colored Time Petri Net,CTPN)的实时系统的验证方法,用CTPN对带有控制流和数据流的实时系统建模,通过转换规则将CTPN模型转换成语义等价的TA模型,利用模型检验工具UPPAAL验证系统的性质.最后,用实例证明此方法有效.     

移动视频监控系统的设计与实现

为了提高现有监控系统在实时性和可控性上的性能,满足日益迫切的安全需求,首先以GPRS为例,对移动网络中的视频编解码和远程命令传送等两个关键技术问题进行了探讨,并提出了有效的解决方案.进而在此基础上设计并实现了一个基于嵌入式平台的移动视频监控系统.通过将监控终端部署在智能手机、PDA和Pocket PC等移动设备,该系统允许用户对目标场景随时随地进行视频访问,同时利用Web Service技术实现了监控端对摄像头的远程控制,从而摆脱了传统监控系统对于监控回放地理位置的束缚,提高了整个监控系统的移动性、实时性、可控性和灵活性,为各类场馆、学校和家庭等场所的实时全方位监控提供了一个稳定、实用的解决方案.     

Schedulability and sensitivity analysis of multiple criticality tasks with fixed-priorities

Safety-critical real-time standards define several criticality levels for the tasks. In this paper we consider the real-time systems designed under the DO-178B safety assessment process (i.e., Software Considerations in Airborne Systems and Equipment Certification). Vestal introduced a new multiple criticality task model to efficiently take into account criticality levels in the schedulability analysis of such systems. Such a task model represents a potentially very significant advance in the modeling of safety-critical real-time softwares. Baruah and Vestal continue this investigation, with a new scheduling algorithm combining fixed and dynamic priority policies. Another major design issue is to allow a system developer to determine how sensitive is the schedulability analysis to changes in execution time of various software components.     

Empirical analysis of safety-critical anomalies during operations

Analysis of anomalies that occur during operations is an important means of improving the quality of current and future software. Although the benefits of anomaly analysis of operational software are widely recognized, there has been relatively little research on anomaly analysis of safety-critical systems. In particular, patterns of software anomaly data for operational, safety-critical systems are not well understood. We present the results of a pilot study using orthogonal defect classification (ODC) to analyze nearly two hundred such anomalies on seven spacecraft systems. These data show several unexpected classification patterns such as the causal role of difficulties accessing or delivering data, of hardware degradation, and of rare events. The anomalies often revealed latent software requirements that were essential for robust, correct operation of the system. The anomalies also caused changes to documentation and to operational procedures to prevent the same anomalous situations from recurring. Feedback from operational anomaly reports helped measure the accuracy of assumptions about operational profiles, identified unexpected dependencies among embedded software and their systems and environment, and indicated needed improvements to the software, the development process, and the operational procedures. The results indicate that, for long-lived, critical systems, analysis of the most severe anomalies can be a useful mechanism both for maintaining safer, deployed systems and for building safer, similar systems in the future.