| 1. |
- Askerdal, Örjan, 1973, et al.
(author)
-
A Control Theory Approach for Analyzing the Effects of Data Errors in Safety-Critical Control Systems
- 2002
-
In: Pacific Rim International Symposium on Dependable Computing, 2002. Proceedings. 2002. - 0769518524 ; , s. 105-114
-
Conference paper (peer-reviewed)abstract
- Computers are increasingly used for implementing controlalgorithms in safety-critical embedded applications, such asengine control, braking control and flight surfacecontrol. Addressing the consequent coupling of control performancewith computer related errors, this paper develops a composite computerdependability/control theory methodology for analyzing the effectsdata errors have on control system dependability. The effect is measured as theresulting control error (defined as the difference between the desired value ofa physical property andits actual value). We use maximum bounds on this measure as the criterion forcontrol system failure (i.e., if the control error exceeds a certain threshold,the system has failed).In this paper we a) present suitable models of computer faults for analysis of control level effects andrelated analysis methods, and b) apply traditional control theoryanalysis methods for understanding the effects of data errors onsystem dependability. An automobile slip-control brake-system is used as an example showing the viability of our approach.
|
|
| 2. |
- Hiller, Martin, 1971
(author)
-
A Software Profiling Methodology for Design and Assessment of Dependable Software
- 2002
-
Doctoral thesis (other academic/artistic)abstract
- The advent of computerized consumer products, such as for example automobiles, mobile systems, etc., has produced a large increase in the need for dependable (or robust) systems. As cost is a relevant issue for such systems, the cost of dependability has to be kept low. Furthermore, as the replication of software is virtually free compared to the replication of hardware, the trend is to implement more and more functions in software. This motivates the search for methodologies for cost efficient design and assessment of dependable software. An established approach for designing dependable software entails addition of error detection mechanisms (EDM's) and error recovery mechanisms (ERM's). The effectiveness of these mechanisms, however, is achieved only if their composition is matched with their placement in locations where they are actually effective. It is the development of a systematic methodology to profile software in order to compose and locate EDM's and ERM's, that this thesis endeavors to achieve. Presented in this thesis is a set of approaches for profiling software such that the most vulnerable and/or critical modules and signals can be identified in a quantifiable way. The profiling methodology relies on the analysis of error propagation and error effect in modular software. The results obtainable with these profiles indicate where in a given software system, errors tend to propagate and where they tend to cause the most damage as experienced by the environment. The main contribution of this thesis is a software profiling methodology that encompasses development of the fault injection tool suite PROPANE (Propagation Analysis Environment) and the analysis framework EPIC (Exposure, Permeability, Impact, Criticality---the four main metrics introduced in the framework). The vision is that this contribution can aid software developers in the design and assessment of dependable software in the early stages of development.
|
|
| 3. |
- Hiller, Martin, 1971, et al.
(author)
-
On the Placement of Software Mechanisms for Detection of Data Errors
- 2002
-
In: International Conference on Dependable Systems and Networks, 2002. DSN 2002. Proceedings. - 0769511015 ; , s. 135-144
-
Conference paper (peer-reviewed)abstract
- An important aspect in the development of dependable software is to decide where to locate mechanisms for efficient error detection and recovery. We present a comparison between two methods for selecting locations for error detection mechanisms, in this case executable assertions (EAs), in black-box, modular software. Our results show that by placing EAs based on error propagation analysis one may reduce the memory and execution time requirements as compared to experience- and heuristic-based placement while maintaining the obtained detection coverage. Further, we show the sensitivity of the EA-provided coverage estimation on the choice of the underlying error model. Subsequently, we extend the analysis framework such that error-model effects are also addressed and introduce measures for classifying signals according to their effect on system output when errors are present. The extended framework facilitates profiling of software systems from varied dependability perspectives and is also less susceptible to the effects of having different error models for estimating detection coverage.
|
|
| 4. |
- Hiller, Martin, 1971, et al.
(author)
-
PROPANE: An Environment for Examining the Propagation of Errors in Software
- 2002
-
In: ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis. - New York, NY, USA : ACM. - 1581135629 ; , s. 81-85
-
Conference paper (peer-reviewed)abstract
- In order to produce reliable software, it is important to have knowledge on how faults and errors may affect the software. In particular, designing efficient error detection mechanisms requires not only knowledge on which types of errors to detect but also the effect these errors may have on the software as well as how they propagate through the software. This paper presents the Propagation Analysis Environment (PROPANE) which is a tool for profiling and conducting fault injection experiments on software running on desktop computers. PROPANE supports the injection of both software faults (by mutation of source code) and data errors (by manipulating variable and memory contents). PROPANE supports various error types out-of-the-box and has support for user-defined error types. For logging, probes are provided for charting the values of variables and memory areas as well as for registering events during execution of the system under test. PROPANE has a flexible design making it useful for development of a wide range of software systems, e.g., embedded software, generic software components, or user-level desktop applications. We show examples of results obtained using PROPANE and how these can guide software developers to where software error detection and recovery could increase the reliability of the software system.
|
|
| 5. |
|
|
| 6. |
- Jhumka, Arshad, 1974, et al.
(author)
-
An Approach to Specify and Test Component-Based Dependable Software
- 2002
-
In: Proceedings - 7th IEEE International Symposium on High Assurance Systems Engineering, Tokyo, 23-25 Oct. 2002. - 0769517692 ; , s. 211-220
-
Conference paper (peer-reviewed)abstract
- Components (in-house or pre-fabricated) are increasingly being used to reduce the cost of software development. Given that these components may not have not been developed with dependability as a driver, the components need to be adapted to deal with errors coming from their environment. To achieve this, error containment wrappers are often added to increase the robustness of such components. Adopting a gray-box perspective of software, we first present a modular approach for specifying and verifying embedded software made from components, based on concepts from category theory. This modular approach allows the system designer to check for semantic compatibility. To generate the error containment wrappers needed for adaptation, we subsequently present an algorithm that systematically generates the required wrappers. Using the information obtained through wrapper design, we develop an approach to identify relevant test cases to test individual components. We further exploit the modularity of the specification to identify the relevant test cases to perform testing at different levels of SW abstraction.
|
|
| 7. |
- Jhumka, Arshad, 1974, et al.
(author)
-
Component-Based Synthesis of Dependable Embedded Software
- 2002
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Berlin, Heidelberg : Springer Berlin Heidelberg. - 1611-3349 .- 0302-9743. - 9783540441656 ; 2469, s. 111-128
-
Conference paper (peer-reviewed)abstract
- Standardized and reusable software (SW) objects (or SW components - in-house or pre-fabricated) are increasingly being used to reduce the cost of software (SW) development. Given that the basic components may not have been developed with dependability as primary driver, these components need to be adapted to deal with errors from their environment. To achieve this, error containment wrappers are added to increase the reliability of the components. In this paper, we first present a modular specification approach using fault intolerant components, based on the concepts of category theory. We further introduce the concept of wrapper consistency, based upon which, we present an algorithm that systematically generates globally consistent fault containment wrappers for each component, to make them fault tolerant. Subsequently, we enhance the initial modular specification to deal with the wrapped components, and show that safety properties of the system are preserved under composition only if the wrappers are globally consistent.
|
|
| 8. |
- Jhumka, Arshad, 1974, et al.
(author)
-
On Systematic Design of Globally Consistent Executable Assertions in Embedded Software
- 2002
-
In: SIGPLAN Notices (ACM Special Interest Group on Programming Languages). - : Association for Computing Machinery (ACM). - 0730-8566 .- 0362-1340 .- 1558-1160. ; 37:7, s. 75-84
-
Conference paper (peer-reviewed)abstract
- Over the design of software (SW) used in provisioning of dependable services, Executable Assertions (EAs) are seeing increasing usage in aiding detection of data errors. Given the requirements for provision of service despite faults, early detection of system states that can potentially lead to system failure is valuable. We address the issue of ascertaining whether localized EAs in individual modules add up complementarily to implement a global EA/property. We first show that detection of globally compliant EAs is NP-complete. Thus, we develop a two-pass approach for our objective. In the first pass, we introduce the consistency property of EAs and use it to ascertain global conformity across all EAs. The second pass, analogous to predicate transformers, generates globally consistent EAs when any inconsistency is flagged in the first pass. We show the applicability of our approach on a real embedded system. Initial results obtained show that our framework is able to detect inherent vulnerabilities (due to placement of mismatched EAs) that were previously undetected. Our intent is automation of this approach, which can be incorporated in a compiler.
|
|
