220 likes | 385 Views
Reliable Design of Safety Critical Systems. Dr. Abhik Roychoudhury School of Computing E-mail : abhik@comp.nus.edu.sg. Safety Critical Systems. Safety Design invariants must always hold in all executions of the system. Critical Violating invariants in any execution can be disastrous .
E N D
Reliable Design of Safety Critical Systems Dr. Abhik Roychoudhury School of Computing E-mail : abhik@comp.nus.edu.sg
Safety Critical Systems • Safety • Design invariants must always hold in all executions of the system. • Critical • Violating invariants in any execution can be disastrous. • Examples • Air traffic controller • Automobile parts.
Straits Times News Report Airbag sensory system in Automobiles “--- this thing will probably have to work only once in 10 years, but it better work then, otherwise you might die.” News Report on design work at Ang Mo Kio Facility (Singapore) of Delphi Automotive Systems.
Methodological view point • Inject higher reliability in design life cycle. • Safety critical systems often have a computer component. • This trend is increasing with growth of embedded applications. • What kind of computer systems are they ?
Reactive Systems • Continuously interacts with its environment. • Interaction with env. is asynchronous. • Often, its response to environment needs to obey time constraints. • Often consists of a concurrent composition of processes.
Why study them now ? • Embedded systems • Using a computer component as part of a bigger system becoming pervasive. • Many of them safety-critical e.g. automobile parts • Current verification techniques do not suffice. • Lack of tool support for reliable modeling. • Perceived as intrusive to design process.
Validation Techniques • In circuit Emulator (ICE) • Logic Analyzer • Model based simulation • Formal verification techniques • Model Checking • Deduction • Combinations of the two
In circuit Emulator (ICE) • Used widely in industry for designs where a microproc. interacts with potpourri of peripherals. • ICE is a dedicated hardware for a particular processor which allows its internals to be read. • Response of processor (to environment) observed by physically replacing chip with ICE.
Logic Analyzer • Used for sampling many signals simultaneously in a complex design. • Can snoop on a bus to observe interactions of a microprocessor with its environment. • ICE and Logic Analyzer do not work when: • Processor, peripherals, bus all integrated in a chip. • System-on-Chip (SoC) – Current industry trend.
Model based simulation • Simulate and observe the behaviors of a system model, rather than the system itself. • Takes validation/debugging higher in the design life-cycle. • Since a model is validated, can take place prior to system integration • Hardware software co-simulation (POLIS)
Model Checking • Same as model based simulation except that you check all possible behaviors. • Needed for checking critical properties. • Can be used if model has finite states. • Many realistic systems are infinite-state e.g. all real-time systems. • For these systems, extensions of model checking exist (via deduction).
Some questions • How to accommodate the complex mix of languages in which a safety critical system is described ? • Automation and efficiency of simulation/validation • Should all the validation be static ? What about run-time checks ?
Project 1: UML diagrams • UML (Unified Modeling Language) emerging as industry standard for high level visual description of software. • UML provides 2 diagrams for modeling reactive systems • State Charts (Modeling components) • Msg. Seq. Charts (Interaction between components) • Any real-life reactive system (e.g. software for controlling airbus) modeled as a combination of StateCharts and MSC.
Project 1: UML diagrams • How to analyze such designs (written in 2 languages) ? • How to generate code from these high level descriptions ? • Convert diagrams to an intermediate textual representation. • Should be rich enough to handle real-time constraints. • Tools for conversion between UML and textual. • Techniques for simulating behaviors of textual description. • Jointly with Dr. Roland Yap (ryap@comp.nus.edu.sg)
Project 2: Run time Checks • Design of reactive Embedded Systems becoming component based. • Designers use vendor provided off-the-shelf component and plug them into a bus. • The bus as well as the components often integrated into a single chip, called System-on-chip designs.
Project 2: Run time Checks • Vendor provided components are unreliable. • But designer does not have the paper design of these components. • How to ensure reliable operation of these components in safety critical systems ? • System level testing will not work. Entire system in one chip.
Project 2: Run time Checks • Plant an observer process. • The observer will snoop on the bus. • Detects possible failures to transmit signals. • Raises alarm for critical failures. • Software implementation of the observer. • Empirical study to estimate its accuracy.
Component based Designs • Research aimed at facilitating component based development of embedded systems. • Focus on the communication protocols between interacting hardware components. • Synthesis of Interfaces in Embedded Systems. (rp097) • - Jointly with Prof. P.S. Thiagarajan (thiagu@comp.nus.edu.sg) • http://www.comp.nus.edu.sg/~loolf
My Side of the Story • Each of the projects in the area of model based validation tools and techniques. • Projects hinge on a well-studied case study serving as the driving application. • Manageable smaller chunks exist for bigger projects.
… and yours • At the end of the projects, you will • Gain familiarity with software engineering industry standards e.g. UML • Gain familiarity with Electronic Design Automation industry standards • During the project : • Not falling off the deep-end
Contact Information • E-mail : abhik@comp.nus.edu.sg • Office : S16 06-08 • Telephone : 874-8939 • See You