Embedded Systems and Software Embedded Systems and Software EngineeringEngineering

Gary HafenGary HafenUSC CSSE Executive WorkshopUSC CSSE Executive WorkshopMarch 10, 2010March 10, 2010

SituationSituation

• Software is providing an increasing Software is providing an increasing

percentage of functionality in our percentage of functionality in our

embedded systemsembedded systems– Space CraftSpace Craft– AircraftAircraft– ShipsShips– AutomobilesAutomobiles– Cell PhonesCell Phones– AppliancesAppliances

IssueIssue

• Software is an abstract, logic based product that Software is an abstract, logic based product that

invites latent errors to persistinvites latent errors to persist – The errors may be nearly invisible to inspection or detectionThe errors may be nearly invisible to inspection or detection

• Embedded System Software is the most glaring Embedded System Software is the most glaring example of this attributeexample of this attribute– Lack of visible observation of software interactionLack of visible observation of software interaction– Intrusive test probes change the operational conditionsIntrusive test probes change the operational conditions– Real-time, asynchronous dynamics make errors hard to Real-time, asynchronous dynamics make errors hard to

reproducereproduce

This Issue must be Acknowledged and Dealt with in the System and Software Architecture Design

PremisePremise

• Real time embedded software has special challengesReal time embedded software has special challenges

• Difficulties stem from the combination of technically Difficulties stem from the combination of technically challenging problemschallenging problems– Solutions are founded in physical sciencesSolutions are founded in physical sciences– Limited computing resources severely constrain Limited computing resources severely constrain

the solution spacethe solution space– Highly complex verification environments Highly complex verification environments

• These problems manifest themselves in a wide These problems manifest themselves in a wide variety of important implementation factors variety of important implementation factors

ISO 15288 System Engineering V ISO 15288 System Engineering V

ISO 12207 Software VISO 12207 Software VLife Cycle Processes Harmonized with 15288

Requirements Analysis

Architectural Design

Detailed Design

Construction

Integration

Qualification Test

Unit Test

Plan for

Plan for

Plan for

Change is NeededChange is Needed• The V-model presupposes that a system can be The V-model presupposes that a system can be

deterministically decomposed and integrateddeterministically decomposed and integrated• Complexity and network system interoperability make this Complexity and network system interoperability make this

impossibleimpossible• System Functionality is 80-90% Software EnabledSystem Functionality is 80-90% Software Enabled• System Engineering approaches need to emulate current System Engineering approaches need to emulate current

Software Engineering approachesSoftware Engineering approaches– Model based designModel based design– Agile practicesAgile practices– Logical as well as physical analysis and definition Logical as well as physical analysis and definition

methodsmethods– Data/Information focused (e.g. Object Oriented) as well Data/Information focused (e.g. Object Oriented) as well

as control flow focusedas control flow focused

Implementation IssuesImplementation Issues

• Unclear organizational responsibilitiesUnclear organizational responsibilities• Requirements inadequacyRequirements inadequacy• Execution resource constraintsExecution resource constraints• Concurrent hardware development Concurrent hardware development

– Leads to late discovery of hardware/software interface Leads to late discovery of hardware/software interface functionality and incompatibility functionality and incompatibility

– Results in unplanned software growthResults in unplanned software growth

• Software engineer domain knowledge inadequacySoftware engineer domain knowledge inadequacy• Verification of embedded systems Verification of embedded systems

– Requires complex test labs with hardware in the loop, Requires complex test labs with hardware in the loop,

environment simulators, etc.environment simulators, etc.

Unclear Organizational Unclear Organizational ResponsibilitiesResponsibilities

• System Engineering allocates functionality to an System Engineering allocates functionality to an embedded computer system embedded computer system – With or without software or hardware domain expertiseWith or without software or hardware domain expertise

• Management awareness is problematic Management awareness is problematic – Software is not always on the radar until too lateSoftware is not always on the radar until too late

– Incomplete understanding of the priorities and risks with Incomplete understanding of the priorities and risks with respect to softwarerespect to software

• The software team is often fragmented on a program The software team is often fragmented on a program

– Inadequate communication between groupsInadequate communication between groups

– Role of the System Engineering Integration Role of the System Engineering Integration Team (SEIT) with respect to softwareTeam (SEIT) with respect to software

Requirements InadequacyRequirements Inadequacy

• Late maturity of the Operational ConceptLate maturity of the Operational Concept

– User/operator does not get a feel for how the system really User/operator does not get a feel for how the system really works until it’s doneworks until it’s done

– Seeing actual operational scenarios results in discovery of Seeing actual operational scenarios results in discovery of new software requirementsnew software requirements

• Complex control laws, complex hardware interfaces, Complex control laws, complex hardware interfaces, high accuracy requirementshigh accuracy requirements

• Parallel, asynchronous processing creates non-Parallel, asynchronous processing creates non-deterministic behaviordeterministic behavior

• Autonomy requires complex second order Autonomy requires complex second order requirements that will be derived laterequirements that will be derived late

Execution Resource ConstraintsExecution Resource Constraints

• Computing resources for embedded systems are Computing resources for embedded systems are constrained by physical sizeconstrained by physical size

• Environmental Qualification testing requirements for Environmental Qualification testing requirements for hardware prevent hardware upgradeshardware prevent hardware upgrades

• Systems Engineers must be extraordinarily conscious Systems Engineers must be extraordinarily conscious of the resources consumed by the implementations of the resources consumed by the implementations they choosethey choose

• Implementations are driven more by Implementations are driven more by performance than by clarity of the design performance than by clarity of the design or maintenance concernsor maintenance concerns

Concurrent Hardware DevelopmentConcurrent Hardware Development

• Late discovery of hardware/software interface Late discovery of hardware/software interface incompatibility incompatibility – results in unplanned software growth and workaroundsresults in unplanned software growth and workarounds

• Constraints associated with modifying qualified Constraints associated with modifying qualified hardware results in a “we’ll fix it in the software” hardware results in a “we’ll fix it in the software” decisiondecision

• These discoveries are made when the resources These discoveries are made when the resources to fix the problem are least available to fix the problem are least available

Domain Knowledge InadequacyDomain Knowledge Inadequacy

• Software integrates our embedded systemsSoftware integrates our embedded systems

• Software engineers play a key role in the integrationSoftware engineers play a key role in the integration

• Effective embedded software engineers must have Effective embedded software engineers must have domain knowledgedomain knowledge

• An embedded software engineer must understand the An embedded software engineer must understand the physics and mathematics of our complex systems. physics and mathematics of our complex systems.

This domain knowledge of software engineers is critical This domain knowledge of software engineers is critical to the success of our complex programsto the success of our complex programs

Complex Verification RequirementsComplex Verification Requirements

• Driven by the potential for catastrophic failure Driven by the potential for catastrophic failure • Must be performed on hardware that is as identical to Must be performed on hardware that is as identical to

the operational hardware as possiblethe operational hardware as possible– In the actual operational environment or one that is simulated and In the actual operational environment or one that is simulated and

certifiedcertified

• Non-deterministic behavior is difficult to exhaustively Non-deterministic behavior is difficult to exhaustively verifyverify

• Test Environment must have Test Environment must have dynamic tools to provide dynamic tools to provide comprehensive stimulation and comprehensive stimulation and observation of embedded systemsobservation of embedded systems

• Lab must be configuration managed Lab must be configuration managed to assure valid, repeatable resultsto assure valid, repeatable results

SummarySummary

• Embedded Systems Engineers must have Embedded Systems Engineers must have Software Engineering understanding and skillSoftware Engineering understanding and skill– 80% of the capability that they are designing 80% of the capability that they are designing

for are software enabledfor are software enabled• Embedded Software Engineers must have Embedded Software Engineers must have

Domain Systems Engineering understanding and Domain Systems Engineering understanding and skillskill– Success of the software product is dependent Success of the software product is dependent

on their knowledge of the physical on their knowledge of the physical environment that it interacts withenvironment that it interacts with

The Systems Engineer must be a Software EngineerThe Software Engineer must be a Systems Engineer