| 1. |
- Aysan, Hüseyin
(författare)
-
New Strategies for Ensuring Time and Value Correctness in Dependable Real-Time Systems
- 2009
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Dependable real-time embedded systems are typically composed of a number of heterogeneous computing nodes, heterogeneous networks that connect them and tasks with multiple criticality levels allocated to the nodes. The heterogeneous nature of the hardware, results in a varying vulnerability to different types of hardware failures. For example, a computing node with effective shielding shows higher resistance to transient failures caused by environmental conditions such as radiation or temperature changes than an unshielded node. Similarly, resistance to permanent failures can vary depending on the manufacturing procedures used. Vulnerability to different types of errors of a task which may lead to a system failure, depends on several factors, such as the hardware on which the task runs and communicates, the software architecture and the implementation quality of the software, and varies from task to task. This variance, as well as the different criticality levels and real-time requirements of tasks, necessitate novel fault-tolerance approaches to be developed and used, in order to meet the stringent dependability requirements of resource-constrained real-time systems. In this thesis, the major contribution is four-fold. Firstly, we describe an error classification for real-time embedded systems and address error propagation aspects. The goal of this work is to perform the analysis on a given system, in order to find bottlenecks in satisfying dependability requirements and to provide guidelines on the usage of appropriate error detection and fault tolerance mechanisms. Secondly, we present a time-redundancy approach to provide a priori guarantees in fixed-priority scheduling (FPS) such that the system will be able to tolerate one value error per every critical task instance by re-execution of every critical task instance or execution of alternate tasks before deadlines, while keeping the associated costs minimized. Our third contribution is a new approach, Voting on Time and Value (VTV) which extends the N-modular redundancy approach by explicitly considering both value and timing errors, such that correct value is produced at a correct time, under specified assumptions. We illustrate our voting approach by instantiating it in the context of the well-known triple modular redundancy (TMR) approach. Further, we present a generalized voting algorithm targeting NMR that enables a high degree of customization from the user perspective. Finally, we propose a novel cascading redundancy approach within a generic fault tolerant scheduling framework. The proposed approach is capable of tolerating errors with a wider coverage (with respect to error frequency and error types) than our proposed time and space redundancy approaches in isolation, allows tasks with mixed criticality levels, is independent of the scheduling technique and, above all, ensures that every critical task instance can be feasibly replicated in both time and/or space. The fault-tolerance techniques presented in this thesis address various different error scenarios that can be observed in real-time embedded systems with respect to the types of errors and frequency of occurrence, and can be used to achieve the ultra-high levels of dependability which is required in many critical systems.
|
|
| 2. |
- Bartlett, Mark, et al.
(författare)
-
Challenges in relational learning for real-time systems applications
- 2008
-
Ingår i: Inductive Logic Programming. - Berlin, Heidelberg : Springer Berlin/Heidelberg. - 9783540859277 ; , s. 42-58
-
Bokkapitel (övrigt vetenskapligt/konstnärligt)abstract
- The problem of determining the Worse Case Execution Time (WCET) of a piece of code is a fundamental one in the Real Time Systems community. Existing methods either try to gain this information by analysis of the program code or by running extensive timing analyses. This paper presents a new approach to the problem based on using Machine Learning in the form of ILP to infer program properties based on sample executions of the code. Additionally, significant improvements in the range of functions learnable and the time taken for learning can be made by the application of more advanced ILP techniques.
|
|
| 3. |
|
|
| 4. |
- Bate, Iain, et al.
(författare)
-
Certification of FPGAs-Current Issues and Possible Solutions
- 2009
-
Ingår i: Safety-Critical Systems: Problems, Process and Practice - Proceedings of the 17th Safety-Critical Systems Symposium, SSS 2009. - London : Springer London. - 9781848823488 ; , s. 149-165
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- This paper looks at possible applications of Field Programmable Gate Arrays (FPGAs) within the safety critical domain. We examine the potential benefits these devices can offer, such as parallel computation and reconfiguration in the presence of failure and also the difficulties which these raise for certification. A possible safety argument supporting the use of basic reconfiguration facilities of a reprogrammable FPGA to remove Single Event Upsets (SEUs) is presented. We also demonstrate a technique which has the potential to be used to identify areas which are sensitive to SEUs in terms of safety effect, thus allowing optimisation of an FPGAs design and supporting our argument.
|
|
| 5. |
|
|
| 6. |
- Baumgart, Stephan
(författare)
-
Safety Analysis of Systems-of-Systems
- 2022
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Safety-critical systems may fail dangerously with severe consequences to the health of the involved humans, costly equipment, the environment, or other valuable assets of a stakeholder. For these classes of systems, the developers are obliged to analyze each potentially hazardous situation thoroughly. In addition, any identified hazardous situation needs to be considered for risk reduction measures, including adjustments of the system's design, additional safeguards if the hazards cannot entirely be removed by design, or warning information to users. An essential activity in the development process is the safety analysis, where hazards related to the system under development are identified, and the risks are evaluated and classified. This classification stipulates the rigor of complying with safety standard requirements and directing the development and verification activities. Several techniques for safety analysis have been identified in the literature and are applied in industrial development processes.The technical evolution enables moving from developing single systems with specific features towards attaching several independent systems to a system-of-systems.On top of the trend towards connectedness, there is also a trend towards more and more automation. In the vehicle domain, autonomous vehicles can collaborate to achieve specific goals, like transporting goods in warehouses, transporting containers in automated ports, or transporting material in off-road environments.Autonomy brings in new challenges when ensuring product safety and functional safety for single systems due to the lack of a human operator as a fallback solution.Further, when autonomous vehicles collaborate in a fleet, the safety analysis becomes more complex since their interaction and interoperability bring forth new hazards not identifiable with a safety analysis of a single system. Our research aims to bridge this gap and provide solutions for specifying a system-of-systems and finding and developing suitable safety analysis methods.To understand the challenges and current practices, we have studied industrial projects where systems-of-systems are developed. We have applied safety analysis methods to our industrial cases and found limitations of finding hazards related to a system-of-systems. As part of our research, we have developed extensions to the safety analysis methods to support the analysis of a system-of-systems. We have developed the Safe System-of-Systems (SafeSoS) method which is a structured and hierarchical process to discover and document a system-of-systems characteristics on three primary abstraction levels. Additionally, we utilize model-based formalism to describe the System-of-Systems’ characteristics on each level. Our research results support engineers in the industry when designing a safety-critical system-of-systems.
|
|
| 7. |
|
|
| 8. |
- Jaradat, Omar, 1981-
(författare)
-
Enhancing the Maintainability of Safety Cases Using Safety Contracts
- 2015
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Safety critical systems are those systems whose failure could result in loss of life, significant property damage, or damage to the environment. These systems require high quality and dependability levels in them, where system safety is a major property that should be adequately assured to avoid any severe outcomes. Many safety critical systems in different domains (e.g., avionics, railway, automotive, etc.) are subject to a certification. The certification process is based on an evaluation of whether the associated hazards to a system are mitigated to an acceptable level. Safety cases are often required to demonstrate how a regulatory body can reasonably conclude that a system is acceptably safe from the evidence available. The development of safety cases has become common practice in many safety critical system domains. However, safety cases are costly since they need significant amount of time and efforts to produce. This cost can be dramatically increased (even for already certified systems) due to system changes as they require maintaining the safety case before it can be submitted for certification. Anticipating potential changes is useful since it reveals traceable consequences that will eventually reduce the maintenance efforts. However, considering a complete list of anticipated changes is difficult. What can be easier though is to determine the flexibility of system components to changes.Sensitivity analysis has been proposed as a useful tool to measure the flexibility of the different system properties to changes. Furthermore, the concept of contracts have been proposed as a means for facilitating the change management process due to their ability to record the dependencies among system's components. In this thesis, we use sensitivity analysis to support changes prediction and prioritisation. We also use safety contracts to record the information of changes that will ultimately advise the engineers what to consider and check when changes actually happen.
|
|
| 9. |
- Jaradat, Omar, 1981-, et al.
(författare)
-
Using Safety Contracts to Guide the Maintenance of Systems and Safety Cases : An Example
- 2017
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- Changes to safety critical systems are inevitable and can impact the safety confidence about a system as their effects can refute articulated claims about safety or challenge the supporting evidence on which this confidence relies. In order to maintain the safety confidence due to changes, system developers need to re-analyse and re-verify the system to generate new valid items of evidence. Moreover, identifying the effects of a particular change is a crucial step in any change management process as it enables system developers to estimate the required maintenance effort and reduce the cost by avoiding wider analyses and verification than strictly necessary. This paper presents a sensitivity analysis-based technique which aims at measuring the ability of a system to contain a change (i.e., robustness) without the need to make a major re-design. The technique exploits the safety margins in the assigned failure probabilities to the events of a probabilistic fault-tree analysis to compensate some potential deficits in the overall failure probability budget due to changes. The technique also utilises safety contracts to provide prescriptive data for what is needed to be revisited and verified to maintain system safety when changes happen. We demonstrate the technique on a realistic safety critical system.
|
|
| 10. |
|
|
