11 |
Controlling execution time variability using COTS for Safety-critical systems / Contrôler la variabilité du temps d’exécution en utilisant COTS pour les systèmes Safety-criticalBin, Jingyi 10 July 2014 (has links)
Au cours de la dernière décennie, le domaine safety-critical s’appuie sur les Commercial Off-The-Shelf (COTS) architectures de mono-coeur malgré leur variabilité du temps d'exécution inhérent. Aujourd'hui, l'industrie safety-critical envisage la possibilité d'utilisation des COTS de multi-coeur en tenant compte de la demande croissante de performance. Cependant, le passage de mono-coeur à multi-coeur aggrave le problème de variabilité du temps d'exécution dû à la contention de ressources partagées. Les techniques standard pour gérer cette variabilité comme sur-approvisionnement de ressources ne peuvent pas être appliquées à multi-coeur en considérant que les safety-marges compenseront la plupart voire tout le gain de performance donné par les multi-coeurs. Une solution possible serait de capturer le comportement des mécanismes de contention potentielle sur les ressources partagées relativement à chaque application co-fonctionnant sur le système. Malheureusement, les caractéristiques sur les mécanismes de contention ne sont pas généralement clairement documentées. Dans la thèse, nous introduisons les techniques de mesure basées sur un ensemble de stressing benchmarks et les hardware monitors à caractériser 1) l'architecture en identifiant les ressources partagées et en étudiant leur mécanisme de contention. 2) les applications en étudiant comment elles se comportent relativement aux ressources partagées. Sur la base de ces informations, nous proposons une technique à estimer le WCET d'une application dans un co-running contexte prédéterminé en simulant le pire cas des contentions sur les ressources partagées produites par co-runners de l'application. / While relying during the last decade on single-core Commercial Off-The-Shelf (COTS) architectures despite their inherent runtime variability, the safety critical industry is now considering a shift to multi-core COTS in order to match the increasing performance requirement. However, the shift to multi-core COTS worsens the runtime variability issue due to the contention on shared hardware resources. Standard techniques to handle this variability such as resource over-provisioning cannot be applied to multi-cores as additional safety margins will offset most if not all the multi-core performance gains. A possible solution would be to capture the behavior of potential contention mechanisms on shared hardware resources relatively to each application co-running on the system. However, the features on contention mechanisms are usually very poorly documented. In this thesis, we introduce measurement techniques based on a set of dedicated stressing benchmarks and architecture hardware monitors to characterize (1) the architecture, by identifying the shared hardware resources and revealing their associated contention mechanisms. (2) the applications, by learning how they behave relatively to shared resources. Based on such information, we propose a technique to estimate the WCET of an application in a pre-determined co-running context by simulating the worst case contention on shared resources produced by the application's co-runners.
|
12 |
Paving the Way for Self-driving Cars - Software Testing for Safety-critical Systems Based on Machine Learning : A Systematic Mapping Study and a Surveygao, shenjian, Tan, Yanwen January 2017 (has links)
Context: With the development of artificial intelligence, autonomous vehicles are becoming more and more feasible and the safety of Automated Driving (AD) system should be assured. This creates a need to analyze the feasibility of verification and validation approaches when testing safety-critical system that contains machine learning (ML) elements. There are many studies published in the context of verification and validation (V&V) research area related to safety-critical components. However, there are still blind spots of research to identify which test methods can be used to test components with deep learning elements for AD system. Therefore, research should focus on researching the relation of test methods and safety-critical components, also need to find more feasible V&V testing methods for AD system with deep learning structure. Objectives: The main objectives of this thesis is to understand the challenges and solution proposals related to V&V of safety-critical systems that rely on machine learning and provide recommendations for future V&V of AD based on deep learning, both for research and practice. Methods: We performed a Systematic Literature Review (SLR) through a snowballing method, based on the guidelines from Wohlin [1], to identify research on V&V methods development for machine learning. A web-based survey was used to complement the result of literature review and evaluate the V&V challenge and methods for machine learning system. We identified 64 peer-reviewed papers and analysed the methods and challenges of V&V for testing machine learning components. We conducted an industrial survey that was answered by 63 subjects. We analyzed the survey results with the help of descriptive statistics and Chi-squared tests. Result: Through the SLR we identified two peaks for research on V&V of machine learning. Early research focused on the aerospace field and in recent years the research has been more active in other fields like automotive and robotics. 21 challenges during V&V safety-critical systems have been described and 32 solution proposals are addressing the challenges have been identified. To find the relationship between challenges and methods, a classification has been done that seven different type of challenges and five different type of solution proposals have been identified. The classification and mapping of challenges and solution methods are included in the survey questionnaire. From the survey, it was observed that some solution proposals which have attracted much research are not considered as particularly promising by practitioners. On the other hand, some new solution methods like simulated test cases are extremely promising to support V&V for safety-critical systems. Six suggestions are provided to both researchers and practitioners. Conclusion: To conclude the thesis, our study presented a classification of challenges and solution methods for V&V of safety-critical ML-based systems. We also provide a mapping for helping practitioners understand the different kinds of challenges the respective solution methods address. Based on our findings, we provide suggestions to both researchers and practitioners. Thus, through the analysis, we have given the most concern on types of challenges and solution proposals for AD systems that use deep learning, which provides certain help to design processes for V&V of safety-critical ML-based systems in the future.
|
13 |
Safety Critical Software - Test Coverage vs Remaining FaultsSundell, Johan January 2022 (has links)
Safety-critical software systems have traditionally been found in the aerospace-, nuclear- andmedical domains. As technology advances and software complexity increases, such systemscan be found in more and more applications, e.g. self driving cars. These systems need to meetexceptionally strict standards in terms of dependability. Proving compliance is a challenge forthe industry. The regulatory bodies often require a certain amount of testing to be performed butdo not require evidence of a given failure rate (which for software is hard to deal with comparedto hardware). This Licentiate thesis discusses how to quantify test results and analyses whatconclusions can be drawn from a given test effort, in terms of remaining faults in the software.
|
14 |
Proving Implementability of Timing Properties with TolerancesHu, Xiayong 08 1900 (has links)
<p> Many safety-critical software applications are hard real-time systems.
They have stringent timing requirements that have to be met. We present descriptions
of timing behaviors that include precise definitions as well as analysis
of how functional timing requirements (FTRs) interact with performance timing
requirements (PTRs), and how these concepts can be used by software
designers. The definitions explicitly show how to specify timing requirements
with tolerances on time durations. </p> <p> This thesis shows the importance of specifying both FTRs and PTRs,
by revealing the fact that their interaction directly determines the final implementability
of real-time systems. By studying this interaction under three
environmental assumptions, we find that the implementability results of the
timing properties are different in each environment, but they are closely related.
The results allow us to predict the system's implementability without
developing or verifying the actual implementation. This also shows that we can
sometimes significantly reduce the sampling frequency on the target platform,
and still implement the timing requirement correctly. </p> <p> We present a component-based approach to formalizing common timing
requirements and provide a pre-verified implementation of one of these
requirements. The verification is performed using the theorem proving tool
PVS. This allows domain experts to specify the tolerance in each individual
timing requirement precisely. The pre-verified implementation of a timing requirement
is demonstrated by applying the method in two examples. These
examples show that both the design and verification effort are reduced significantly
using a pre-verified template. </p> <p> A primary focus of this thesis is on how to include tolerances on timing durations in the specification, implementation and verification of timing
behaviors in hard real-time applications. </p> / Thesis / Doctor of Philosophy (PhD)
|
15 |
A CONCEPT STUDY OVER A RADAR-BASED TERRAIN AWARENESS SYSTEM (RTAS)Alostaz, Rawand January 2024 (has links)
No description available.
|
16 |
Modeling Naturalistic Driver Behavior in Traffic Using Machine LearningChong, Linsen 14 August 2011 (has links)
This research is focused on driver behavior in traffic, especially during car-following situations and safety critical events. Driving behavior is considered as a human decision process in this research which provides opportunities for an artificial driver agent simulator to learn according to naturalistic driving data. This thesis presents two mechine learning methodologies that can be applied to simulate driver naturalistic driving behavior including risk-taking behavior during an incident and lateral evasive behavior which have not yet been captured in existing literature. Two special machine learning approaches Backpropagation (BP) neural network and Neuro-Fuzzy Actor Critic Reinforcement Learning (NFACRL) are proposed to model driver behavior during car-following situation and safety critical events separately. In addition to that, as part of the research, state-of-the-art car-following models are also analyzed and compared to BP neural network approach. Also, driver heterogeneity analyzed by NFACRL method is discussed. Finally, it presents the findings and limitations drawn from each of the specific issues, along with recommendations for further research. / Master of Science
|
17 |
Esquema para a tradução de aplicações entre as linguagens circus e safety critical java / Translation scheme for applications between the languages circus and safety critical javaLeidemer, Nathan 29 March 2016 (has links)
At safety-critical, mission-critical and business-critical systems the high cost of failure
makes required the use of methods and techniques to ensure application reliability. In this
context, formal languages, as Circus or specific languages versions like Safety-Critical Java,
were created to facilitate the verification and validation of applications so consequently assisting
to increase the overall reliability. Despite of the reliability increase, the modeled systems in
formal languages can not be executed subsequently has to be implemented in a traditional programming
language. It is in this process of free translation where occur most mistakes that end
up not ensuring that the generated code conforms to the specification. Based on that premise,
this paper propose to expound a strategy of translation from models written in Circus language
to executable programs in SCJ language. Among the main objectives and contributions include
the creation of EBNFs of the two languages and the detailed description of the translation of all
elements between the two languages. / Em sistemas críticos de segurança, missão ou negócios o alto custo das falhas faz com
que sejam necessários o uso de métodos e técnicas para garantir a confiabilidade da aplicação.
É neste contexto que foram criadas linguagens formais como o Circus ou versões específicas de
linguagens como o Safety-Critical Java para facilitar a verificação e validação das aplicações
criadas e aumentar consequentemente a confiabilidade geral da aplicação. Apesar de aumentar
a confiabilidade, os sistemas modelados em linguagens formais não podem ser executados e
então precisam ser implementados em uma linguagem de programação tradicional. É nesse processo
de livre tradução do sistema especificado onde ocorrem a maioria dos erros que acabam
por não garantir que o código gerado esteja de acordo com a especificação. Baseando-se nessa
premissa o presente trabalho propõem-se a apresentar uma estratégia de tradução de modelos
escritos na linguagem Circus para programas executáveis na linguagem SCJ. Entre os principais
objetivos e contribuições do trabalho estão a criação das EBNFs das duas linguagens e a
descrição detalhada da tradução de todos os elementos entre as duas linguagens.
|
18 |
A cross-layer middleware architecture for time and safety critical applications in MANETsPease, Sarogini G. January 2013 (has links)
Mobile Ad hoc Networks (MANETs) can be deployed instantaneously and adaptively, making them highly suitable to military, medical and disaster-response scenarios. Using real-time applications for provision of instantaneous and dependable communications, media streaming, and device control in these scenarios is a growing research field. Realising timing requirements in packet delivery is essential to safety-critical real-time applications that are both delay- and loss-sensitive. Safety of these applications is compromised by packet loss, both on the network and by the applications themselves that will drop packets exceeding delay bounds. However, the provision of this required Quality of Service (QoS) must overcome issues relating to the lack of reliable existing infrastructure, conservation of safety-certified functionality. It must also overcome issues relating to the layer-2 dynamics with causal factors including hidden transmitters and fading channels. This thesis proposes that bounded maximum delay and safety-critical application support can be achieved by using cross-layer middleware. Such an approach benefits from the use of established protocols without requiring modifications to safety-certified ones. This research proposes ROAM: a novel, adaptive and scalable cross-layer Real-time Optimising Ad hoc Middleware framework for the provision and maintenance of performance guarantees in self-configuring MANETs. The ROAM framework is designed to be scalable to new optimisers and MANET protocols and requires no modifications of protocol functionality. Four original contributions are proposed: (1) ROAM, a middleware entity abstracts information from the protocol stack using application programming interfaces (APIs) and that implements optimisers to monitor and autonomously tune conditions at protocol layers in response to dynamic network conditions. The cross-layer approach is MANET protocol generic, using minimal imposition on the protocol stack, without protocol modification requirements. (2) A horizontal handoff optimiser that responds to time-varying link quality to ensure optimal and most robust channel usage. (3) A distributed contention reduction optimiser that reduces channel contention and related delay, in response to detection of the presence of a hidden transmitter. (4) A feasibility evaluation of the ROAM architecture to bound maximum delay and jitter in a comprehensive range of ns2-MIRACLE simulation scenarios that demonstrate independence from the key causes of network dynamics: application setting and MANET configuration; including mobility or topology. Experimental results show that ROAM can constrain end-to-end delay, jitter and packet loss, to support real-time applications with critical timing requirements.
|
19 |
Risks Related to the Use of Software Tools when Developing Cyber-Physical Systems : A Critical Perspective on the Future of Developing Complex, Safety-Critical SystemsAsplund, Fredrik January 2014 (has links)
The increasing complexity and size of modern Cyber-Physical Systems (CPS) has led to a sharp decline in productivity among CPS designers. Requirements on safety aggravate this problem further, both by being difficult to ensure and due to their high importance to the public. Tools, or rather efforts to facilitate the automation of development processes, are a central ingredient in many of the proposed innovations to mitigate this problem. Even though the safety-related implications of introducing automation in development processes have not been extensively studied, it is known that automation has already had a large impact on operational systems. If tools are to play a part in mitigating the increase in safety-critical CPS complexity, then their actual impact on CPS development, and thereby the safety of the corresponding end products, must be sufficiently understood. An survey of relevant research fields, such as system safety, software engineering and tool integration, is provided to facilitate the discussion on safety-related implications of tool usage. Based on the identification of industrial safety standards as an important source of information and considering that the risks posed by separate tools have been given considerable attention in the transportation domain, several high-profile safety standards in this domain have been surveyed. According to the surveyed standards, automation should primarily be evaluated on its reliable execution of separate process steps independent of human operators. Automation that only supports the actions of operators during CPS development is viewed as relatively inconsequential. A conceptual model and a reference model have been created based on the surveyed research fields. The former defines the entities and relationships most relevant to safety-related risks associated with tool usage. The latter describes aspects of tool integration and how these relate to each other. By combining these models, a risk analysis could be performed and properties of tool chains which need to be ensured to mitigate risk identified. Ten such safety-related characteristics of tool chains are described. These safety-related characteristics provide a systematic way to narrow down what to look for with regard to tool usage and risk. The hypothesis that a large set of factors related to tool usage may introduce risk could thus be tested through an empirical study, which identified safety-related weaknesses in support environments tied both to high and low levels of automation. The conclusion is that a broader perspective, which includes more factors related to tool usage than those considered by the surveyed standards, will be needed. Three possible reasons to disregard such a broad perspective have been refuted, namely requirements on development processes enforced by the domain of CPS itself, certain characteristics of safety-critical CPS and the possibility to place trust in a proven, manual development process. After finding no strong reason to keep a narrow perspective on tool usage, arguments are put forward as to why the future evolution of support environments may actually increase the importance of such a broad perspective. Suggestions for how to update the mental models of the surveyed safety standards, and other standards like them, are put forward based on this identified need for a broader perspective. / Den ökande komplexiteten och storleken på Cyber-Fysiska System (CPS) har lett till att produktiviteten i utvecklingen av CPS har minskat kraftigt. Krav på att CPS ska vara säkra att använda förvärrar problemet ytterligare, då dessa ofta är svåra att säkerställa och samtidigt av stor vikt för samhället. Mjukvaruverktyg, eller egentligen alla insatser för att automatisera utvecklingen av CPS, är en central komponent i många innovationer menade att lösa detta problem. Även om forskningen endast delvis studerat säkerhetsrelaterade konsekvenser av att automatisera produktutveckling, så är det känt att automation har haft en kraftig (och subtil) inverkan på operationella system. Om verktyg ska lösa problemet med en ökande komplexitet hos säkerhetskritiska CPS, så måste verktygens påverkan på produktutveckling, och i förlängningen på det säkra användandet av slutprodukterna, vara känd. Den här boken ger en översikt av forskningsfronten gällande säkerhetsrelaterade konsekvenser av verktygsanvändning. Denna kommer från en litteraturstudie i områdena systemsäkerhet, mjukvaruutveckling och verktygsintegration. Industriella säkerhetsstandarder identifieras som en viktig informationskälla. Då riskerna med användandet av enskilda verktyg har undersökts i stor utsträckning hos producenter av produkter relaterade till transport, studeras flera välkända säkerhetsstandarder från denna domän. Enligt de utvalda standarderna bör automation primärt utvärderas utifrån dess förmåga att självständigt utföra enskilda processteg på ett robust sätt. Automation som stödjer operatörers egna handlingar ses som tämligen oviktig. En konceptuell modell och en referensmodell har utvecklats baserat på litteraturstudien. Den förstnämnda definierar vilka entiteter och relationer som är av vikt för säkerhetsrelaterade konsekvenser av verktygsanvändning. Den sistnämnda beskriver olika aspekter av verktygsintegration och hur dessa relaterar till varandra. Genom att kombinera modellerna och utföra en riskanalys har egenskaper hos verktygskedjor som måste säkerställas för att undvika risk identifierats. Tio sådana säkerhetsrelaterade egenskaper beskrivs. Dessa säkerhetsrelaterade egenskaper möjliggör ett systematiskt sätt att begränsa vad som måste beaktas under studier av risker relaterade till verktygsanvändning. Hypotesen att ett stort antal faktorer relaterade till verktygsanvändning innebär risk kunde därför testas i en empirisk studie. Denna studie identifierade säkerhetsrelaterade svagheter i utvecklingsmiljöer knutna både till höga och låga nivåer av automation. Slutsatsen är att ett brett perspektiv, som inkluderar fler faktorer än de som beaktas av de utvalda standarderna, kommer att behövas i framtiden. Tre möjliga orsaker till att ett bredare perspektiv ändå skulle vara irrelevant analyseras, nämligen egenskaper specifika för CPS-domänen, egenskaper hos säkerhetskritiska CPS och möjligheten att lita på en beprövad, manuell process. Slutsatsen blir att ett bredare perspektiv är motiverat, och att den framtida utvecklingen av utvecklingsmiljöer för CPS sannolikt kommer att öka denna betydelse. Baserat på detta breda perspektiv läggs förslag fram för hur de mentala modellerna som bärs fram av de utvalda säkerhetstandarderna (och andra standarder som dem) kan utvecklas. / <p>QC 20141001</p>
|
20 |
Optimizing scoped and immortal memory management in real-time JavaHamza, Hamza January 2013 (has links)
The Real-Time Specification for Java (RTSJ) introduces a new memory management model which avoids interfering with the garbage collection process and achieves better deterministic behaviour. In addition to the heap memory, two types of memory areas are provided - immortal and scoped. The research presented in this Thesis aims to optimize the use of the scoped and immortal memory model in RTSJ applications. Firstly, it provides an empirical study of the impact of scoped memory on execution time and memory consumption with different data objects allocated in scoped memory areas. It highlights different characteristics for the scoped memory model related to one of the RTSJ implementations (SUN RTS 2.2). Secondly, a new RTSJ case study which integrates scoped and immortal memory techniques to apply different memory models is presented. A simulation tool for a real-time Java application is developed which is the first in the literature that shows scoped memory and immortal memory consumption of an RTSJ application over a period of time. The simulation tool helps developers to choose the most appropriate scoped memory model by monitoring memory consumption and application execution time. The simulation demonstrates that a developer is able to compare and choose the most appropriate scoped memory design model that achieves the least memory footprint. Results showed that the memory design model with a higher number of scopes achieved the least memory footprint. However, the number of scopes per se does not always indicate a satisfactory memory footprint; choosing the right objects/threads to be allocated into scopes is an important factor to be considered. Recommendations and guidelines for developing RTSJ applications which use a scoped memory model are also provided. Finally, monitoring scoped and immortal memory at runtime may help in catching possible memory leaks. The case study with the simulation tool developed showed a space overhead incurred by immortal memory. In this research, dynamic code slicing is also employed as a debugging technique to explore constant increases in immortal memory. Two programming design patterns are presented for decreasing immortal memory overheads generated by specific data structures. Experimental results showed a significant decrease in immortal memory consumption at runtime.
|
Page generated in 0.0718 seconds