reliable design of safety critical systems dr. abhik roychoudhury school of computing e-mail :...
TRANSCRIPT
Reliable Design of Safety Reliable Design of Safety Critical SystemsCritical Systems
Dr. Abhik Roychoudhury
School of Computing
E-mail : [email protected]
Safety Critical SystemsSafety Critical Systems
Safety Design invariants must always hold in all executions of
the system.
Critical Violating invariants in any execution can be disastrous.
Examples Air traffic controller Automobile parts.
Straits Times News ReportStraits Times News Report
Airbag sensory system in Automobiles
“--- this thing will probably have to work only once in 10 years, but it better work then, otherwise you might die.”
News Report on design work at Ang Mo Kio Facility (Singapore) of Delphi Automotive Systems.
Methodological view pointMethodological view point
Inject higher reliability in design life cycle. Safety critical systems often have a
computer component. This trend is increasing with growth of
embedded applications. What kind of computer systems are they ?
Reactive SystemsReactive Systems
Continuously interacts with its environment.
Interaction with env. is asynchronous. Often, its response to environment needs to
obey time constraints. Often consists of a concurrent composition
of processes.
Why study them now ?Why study them now ?
Embedded systems Using a computer component as part of a bigger system
becoming pervasive.
Many of them safety-critical e.g. automobile parts Current verification techniques do not suffice.
Lack of tool support for reliable modeling. Perceived as intrusive to design process.
Validation TechniquesValidation Techniques
In circuit Emulator (ICE)Logic AnalyzerModel based simulationFormal verification techniques
Model Checking Deduction Combinations of the two
In circuit Emulator (ICE)In circuit Emulator (ICE)
Used widely in industry for designs where a microproc. interacts with potpourri of peripherals.
ICE is a dedicated hardware for a particular processor which allows its internals to be read.
Response of processor (to environment) observed by physically replacing chip with ICE.
Logic AnalyzerLogic Analyzer
Used for sampling many signals simultaneously in a complex design.
Can snoop on a bus to observe interactions of a microprocessor with its environment.
ICE and Logic Analyzer do not work when: Processor, peripherals, bus all integrated in a chip. System-on-Chip (SoC) – Current industry trend.
Model based simulationModel based simulation
Simulate and observe the behaviors of a system model, rather than the system itself.
Takes validation/debugging higher in the design life-cycle.
Since a model is validated, can take place prior to system integrationHardware software co-simulation (POLIS)
Model CheckingModel Checking
Same as model based simulation except that you check all possible behaviors.
Needed for checking critical properties. Can be used if model has finite states. Many realistic systems are infinite-state e.g. all
real-time systems. For these systems, extensions of model checking
exist (via deduction).
Some questions Some questions
How to accommodate the complex mix of
languages in which a safety critical system is described ?
Automation and efficiency of simulation/validation
Should all the validation be static ? What about run-time checks ?
Project 1: UML diagramsProject 1: UML diagrams
UML (Unified Modeling Language) emerging as industry standard for high level visual description of software.
UML provides 2 diagrams for modeling reactive systems – State Charts (Modeling components)– Msg. Seq. Charts (Interaction between components)
Any real-life reactive system (e.g. software for controlling airbus) modeled as a combination of StateCharts and MSC.
Project 1: UML diagramsProject 1: UML diagrams
How to analyze such designs (written in 2 languages) ? How to generate code from these high level descriptions ?
Convert diagrams to an intermediate textual representation. Should be rich enough to handle real-time constraints. Tools for conversion between UML and textual. Techniques for simulating behaviors of textual description.
Jointly with Dr. Roland Yap ([email protected])
Project 2: Run time ChecksProject 2: Run time Checks
Design of reactive Embedded Systems becoming component based.
Designers use vendor provided off-the-shelf component and plug them into a bus.
The bus as well as the components often integrated into a single chip, called System-on-chip designs.
Project 2: Run time ChecksProject 2: Run time Checks
Vendor provided components are unreliable. But designer does not have the paper design of
these components. How to ensure reliable operation of these
components in safety critical systems ? System level testing will not work. Entire system
in one chip.
Project 2: Run time ChecksProject 2: Run time Checks
Plant an observer process. The observer will snoop on the bus. Detects possible failures to transmit signals. Raises alarm for critical failures.
Software implementation of the observer. Empirical study to estimate its accuracy.
Component based DesignsComponent based Designs
Research aimed at facilitating component based development of embedded systems.
Focus on the communication protocols between interacting hardware components.
Synthesis of Interfaces in Embedded Systems. (rp097) - Jointly with Prof. P.S. Thiagarajan
http://www.comp.nus.edu.sg/~loolf
My Side of the StoryMy Side of the Story
Each of the projects in the area of model based validation tools and techniques.
Projects hinge on a well-studied case study serving as the driving application.
Manageable smaller chunks exist for bigger projects.
… … and yoursand yours
At the end of the projects, you will – Gain familiarity with software engineering
industry standards e.g. UML– Gain familiarity with Electronic Design
Automation industry standards
During the project :– Not falling off the deep-end
Contact InformationContact Information
E-mail : [email protected] : S16 06-08Telephone : 874-8939
See You