Reliability demonstration for safety-critical systems

This paper suggests a new model for reliability demonstration of safety-critical systems, based on the TRW Software Reliability Theory. The paper describes the model, the test equipment required, and test strategies based on the various constraints occurring during software development. The paper also compares a new testing method, single risk sequential testing (SRST), with the common probability ratio sequential testing method (PRST), and concludes that: (i) SRST provides higher chances of success than PRST; (ii) SRST takes less time to complete than PRST; and (iii) SRST satisfies the consumer-risk criterion, whereas PRST provides a much smaller consumer-risk than the requirement     

Mission-critical and safety-critical development

The concern in mission-critical and safety-critical systems is that you develop them thoughtfully and carefully. They need traceable evidence for every detail. Like a good journalist, you and your team must establish the "who, what, when, where, why, and how" in everything you do. Development of mission- and safety-critical systems requires a temporal progression, regardless of the development model. Generally, there are five phases to development. These are: concept; planning and scheduling; design and development; controlled release; commercial release. Another issue in mission- and safety-critical system is people. People make processes work or not work. Good, disciplined people can struggle, even under wretched conditions, and produce good results. Add reasonable processes, and these same people can produce great results. Unfortunately, outstanding processes cannot rescue a project from unruly and undisciplined people.     

Are your systems safety-critical?

The author describes how reliability alone is not the key to producing good software for safety critical applications. He argues that, whatever their size, companies also need to apply safety engineering throughout the system life cycle     

Dependability metrics to assess safety-critical systems

Metrics are commonly used in engineering as measures of the performance of a system for a given attribute. For instance, in the assessment of fault tolerant systems, metrics such as the reliability, R(t) and the Mean Time To Failure (MTTF) are well-accepted as a means to quantify the fault tolerant attributes of a system with an associated failure rate, /spl lambda/. Unfortunately, there does not seem to be a consensus on comparable metrics to use in the assessment of safety-critical systems. The objective of this paper is to develop two metrics that can be used in the assessment of safety-critical systems, the steady-state safety, S/sub ss/, and the Mean Time To Unsafe Failure (MTTUF). S/sub ss/ represents the evaluation of the safety as a function of time, in the limiting case as time approaches infinity. The MTTUF represents the average or mean time that a system will operate safely before a failure that produces an unsafe system state. A 3-state Markov model is used to model a safety-critical system with the transition rates computed as a function of the system coverage C/sub sys/, and the hazard rate /spl lambda/(t). Also, /spl lambda/(t) is defined by the Weibull distribution, primarily because it allows one to easily represent the scenarios where the failure rate is increasing, decreasing, and constant. The results of the paper demonstrate that conservative estimates for lower bounds for both S/sub ss/ & the MTTUF result when C/sub sys/ is assumed to be a constant regardless of the behavior of /spl lambda/(t). The derived results are then used to evaluate three example systems.     

A taxonomy for software voting algorithms used in safety-critical systems

Voting algorithms are used to provide an error masking capability in a wide range of highly dependable commercial & research applications. These applications include N-Modular Redundant hardware systems and diversely designed software systems based on N-Version Programming. The most sophisticated & complex algorithms can even tolerate malicious (or Byzantine) subsystem errors. The algorithms can be implemented in hardware or software depending on the characteristics of the application, and the type of voter selected. Many voting algorithms have been defined in the literature, each with particular strengths and weaknesses. Having surveyed more than 70 references from the literature, a functional classification is used in this paper to provide taxonomy of those voting algorithms used in safety-critical applications. We classify voters into three categories: generic, hybrid, and purpose-built voters. Selected algorithms of each category are described, for illustrative purposes, and application areas proposed. Approaches to the comparison of algorithm behavior are also surveyed. These approaches compare the acceptability of voter behavior based on either statistical considerations (e.g., number of successes, number of benign or catastrophic results), or probabilistic computations (e.g., probability of choosing correct value in each voting cycle or average mean square error) during q voting cycles.     

Managing technology CAD for competitive advantage: an efficientapproach for integrated circuit fabrication technology development

This paper describes a methodology to exploit the full capabilities of technology computer-aided design (TCAD) for the development of integrated circuit fabrication processes. The development process of integrated circuits is represented by a simple model that describes the technology specifications at the beginning and the product specifications at the end of the product development cycle. Considering this model, different intermediate tasks are defined to obtain initial guess process recipe from the target product specifications. The complete technology development is shown to be achieved using TCAD in three different phases such as the generation of initial guess process recipe, the optimization of process technology, and the evaluation of process manufacturability. A simple quantitative analysis to estimate the major advantages of TCAD in reducing the cycle time and cost of technology development is presented. The technical limitations of TCAD and the measures to address these limitations are discussed. The organizational and social issues of the implementation of TCAD and the managerial responsibilities in adopting TCAD for the development of integrated-circuit fabrication process are also discussed     

Reliability modeling for safety-critical software

Software reliability predictions can increase trust in the reliability of safety critical software such as the NASA Space Shuttle Primary Avionics Software System (Shuttle flight software). This objective was achieved using a novel approach to integrate software-safety criteria, risk analysis, reliability prediction, and stopping rules for testing. This approach applies to other safety-critical software. The authors cover only the safety of the software in a safety-critical system. The hardware and human-operator components of such systems are not explicitly modeled nor are the hardware and operator-induced software failures. The concern is with reducing the risk of all failures attributed to software. Thus, safety refers to software-safety and not to system-safety. By improving the software reliability, where the reliability measurements and predictions are directly related to mission and crew safety, they contribute to system safety. Software reliability models provide one of several tools that software managers of the Shuttle flight software are using to assure that the software meets required safety goals. Other tools are inspections, software reviews, testing, change control boards, and perhaps most important-experience and judgement     

Architectural principles for safety-critical real-time applications

This paper addresses the general area of computer architectures for safety-critical real time applications. The maximum acceptable probability of failure for these applications ranges from about 10^-4 to 10^-10 per hour depending on whether it is a military or civil application. Typical examples include commercial and military aircraft fly-by-wire, full authority engine control, satellite and launch vehicle control, ground transport vehicles, etc. Realtime response requirements for these applications are also very demanding, with correct control inputs required every 10 to 100 ms, depending on the application. These dual goals of ultrahigh reliability and real-time response necessitate computer systems that are quite different from other dependable systems in their architecture, design and development methodology, validation and verification, and operational philosophy. This paper highlights these differences by describing each of these aspects of safety-critical systems. Architectural principles and techniques to address these unique requirements are described     

Managing product development

Good technical management may seem intangible and hard to define. One reason for this is that really good management is so rare. Yet it can be taught and learned. This brief outline can only begin to sketch out the more important principles of good management. A study of management technology, beginning with the above references, will go a long way in increasing the effectiveness of anyone having anything to do with product development. When diligently studied and applied, sound management principles can be used to build prosperous companies and thriving civilizations     

Towards generation of efficient test cases from UML/OCL models for complex safety-critical systems

This paper describes a new approach for model-based test case generation (MBTCG) for large systems, which not only supports the expression of complex requirements (constraints) using OCL, but also lays ground for improving the efficiency (i.e. maximum coverage with minimal number of test cases) of the generated test case set. For that purpose, UML/OCL models are transformed to (object-oriented) action systems, where test cases are generated by means of mutation. The resulting "abstract" test cases represent input/output sequences with possible branches according to valid alternatives in system responses. They have finally to be transformed to "concrete" test cases which can be applied to the target application. The described work is part of the European project MOGENTES.     

Modeling and analyzing the effects of periodic inspection on theperformance of safety-critical systems

This paper presents a method for incorporating into Markov models of safety-critical systems, periodic inspections and repairs which occur deterministically in time. Both perfect and imperfect inspections and repairs can be modeled. Based on this new modeling technique, closed-form solutions are derived for a variety of important performance indexes including MTTF, MTTF_D, MTTF_S, average availability, and average probability of failing dangerously. The solutions are applied to an example system to illustrate how the method can be used to study the effects on performance of: (a) choices of the time-length between periodic inspections and repairs, and (b) improvements in inspection and repair techniques     

Mmic technology for communication systems

MMIC technology is recently progressing at a rapid rate and is now being applied in communications systems. However, there remain few practical applications. This is mainly due to the high cost of conventional mmics because of the small market size and specialized needs. This paper introduces three new technical approaches that overcome the problems: uniplanar mmic, line unified fet^lufet), and multilayer mmic. Concepts and several examples of these technologies are described. It is shown that these technologies are effective not only for cost reduction but also for increased performance. In addition, one example of system application is described.     

Managing distributed objects in peer-to-peer systems

Peer-to-peer systems that dynamically organize, interact and share resources are increasingly being deployed in large-scale environments. The location, intermittent connectivity, and organization of the peers have significant impact on meeting the quality of service requirements of distributed applications. This article presents the design, implementation, and empirical evaluation of a middleware architecture for managing distributed objects in peer-to-peer systems. The architecture consists of a self-organizing infrastructure that uses only local knowledge to dynamically form overlays of multiple peers and respond to changing processing and networking conditions; and a management layer that monitors the behavior of the applications transparently, schedules object invocations over multiple machines, and obtains accurate resource projections. The system works in a two-level feedback loop structure that uses measurements of elapsed time and resource loads to refine the initial estimates and revise the peer connections. Our empirical evaluation shows that the system manipulates the peer connections dynamically in response to changes in resource utilization to meet application end-to-end soft real-time requirements.     

FPGA technology for multi-axis control systems

The research presented in this article applies the newest Field-Programmable-Gate-Arrays to implement motor controller devices in accordance with the actual core-based design. The flexibility of the System-on-a-Programmable-Chips in motor multi-axis control systems enables the processing of the most intensive computation operations by hardware (PID IP cores) and the trajectory computation by software in the same device. In those systems, the trajectory generation software may run in powerful microprocessors embedded in the FPGA. In this paper, we present a high-performance PID IP core controller described in VHDL; the design flow that has been followed in its design and how the simulation and the PID constants tuning has been approached. The reusability of this module is demonstrated with the design of a 4 axis SoPC controller. Additionally, an experimental self-reconfigurable SoPC design using Run-Time-Reconfiguration is presented. In this case, the control IP core can be replaced dynamically by another module with another with different features.     

Managing CAD systems in mechanical design engineering

The results of an investigation into the management and use of CAD systems in ten manufacturing companies are reported. The goal of the research is to understand how engineers and managers perceive CAD systems, how work is restructured when CAD is used, and what barriers prevent the effective use of CAD systems. An introduction to CAD systems is presented, followed by a brief review of the latest literature relating to computer-aided design