Usage of databases in ARINC 653-compatible real-time systems

Fri, Martin, Börjesson, Jon

January 2010

The Integrated Modular Avionics architecture , IMA, provides means for runningmultiple safety-critical applications on the same hardware. ARINC 653 is aspecification for this kind of architecture. It is a specification for space and timepartition in safety-critical real-time operating systems to ensure each application’sintegrity. This Master thesis describes how databases can be implementedand used in an ARINC 653 system. The addressed issues are interpartitioncommunication, deadlocks and database storage. Two alternative embeddeddatabases are integrated in an IMA system to be accessed from multiple clientsfrom different partitions. Performance benchmarking was used to study the differencesin terms of throughput, number of simultaneous clients, and scheduling.Databases implemented and benchmarked are SQLite and Raima. The studiesindicated a clear speed advantage in favor of SQLite, when Raima was integratedusing the ODBC interface. Both databases perform quite well and seem to begood enough for usage in embedded systems. However, since neither SQLiteor Raima have any real-time support, their usage in safety-critical systems arelimited. The testing was performed in a simulated environment which makesthe results somewhat unreliable. To validate the benchmark results, furtherstudies must be performed, preferably in a real target environment.The Integrated Modular Avionics architecture , IMA, provides means for runningmultiple safety-critical applications on the same hardware. ARINC 653 is aspecification for this kind of architecture. It is a specification for space and timepartition in safety-critical real-time operating systems to ensure each application’sintegrity. This Master thesis describes how databases can be implementedand used in an ARINC 653 system. The addressed issues are interpartitioncommunication, deadlocks and database storage. Two alternative embeddeddatabases are integrated in an IMA system to be accessed from multiple clientsfrom different partitions. Performance benchmarking was used to study the differencesin terms of throughput, number of simultaneous clients, and scheduling.Databases implemented and benchmarked are SQLite and Raima. The studiesindicated a clear speed advantage in favor of SQLite, when Raima was integratedusing the ODBC interface. Both databases perform quite well and seem to begood enough for usage in embedded systems. However, since neither SQLiteor Raima have any real-time support, their usage in safety-critical systems arelimited. The testing was performed in a simulated environment which makesthe results somewhat unreliable. To validate the benchmark results, furtherstudies must be performed, preferably in a real target environment.

ARINC 653

INTEGRATED MODULAR AVIONICS

EMBEDDED DATABASES

SAFETY-CRITICAL

REAL-TIME OPERATING SYSTEM

VXWORKS

Computer Sciences

Datavetenskap (datalogi)

Building a safety case for a small sized product line of Fuel Level Display Systems

Gallucci, Antonio

January 2013

ISO 26262 is an international standard valid for the automotive domain. It regulates all the activities to perform for developing safety critical systems in such domain. To be compliant with ISO 26262, all the required activities have to be performed and all the required work products have to be provided. Furthermore, in addition to develop a system in a safe way, following the safety standard guidelines, the achieved safety has also to be demonstrated. This is done through a safety case, a structured argument showing that a system is acceptably safe. ISO 26262 focuses on single systems and does not contain guidelines for product lines. Product line engineering is a valid approach to systematize reuse, aimed at reducing the effort needed to develop similar systems. But, it loses its strength when dealing with safety critical systems, since it is not aligned with safety standards. Hence, when developing a safety critical product line in the automotive domain, the work products required by ISO 26262 have to be provided every time from scratch, including the safety case, for each single system of the product line. This thesis work focuses on providing an approach for building and modeling a safety case for safety critical product lines in the automotive domain. Furthermore, the considered product line engineering approach is aligned with ISO 26262, through the inclusion of safety activities in the product line development process. Giving in this way, the concrete possibility to overtake to the current limitations, reducing the effort needed to develop and certificate each single system of a safety critical product line. To illustrate the validity of the proposed approach a safety critical product line developed by Scania is used as case study.

ISO 26262

Safety-critical product lines

Reusability

Variability management

Families of safety cases

GSN for product lines

Software Engineering

Programvaruteknik

Components, Safety Interfaces, and Compositional Analysis

Elmquist, Jonas

January 2007

Component-based software development has emerged as a promising approach for developing complex software systems by composing smaller independently developed components into larger component assemblies. This approach offers means to increase software reuse, achieve higher flexibility and shorter time-to-market by the use of off-the-shelf components (COTS). However, the use of COTS in safety-critical system is highly unexplored. This thesis addresses the problems appearing in component-based development of safety-critical systems. We aim at efficient reasoning about safety at system level while adding or replacing components. For safety-related reasoning it does not suffice to consider functioning components in their intended environments but also the behaviour of components in presence of single or multiple faults. Our contribution is a formal component model that includes the notion of a safety interface. It describes how the component behaves with respect to violation of a given system-level property in presence of faults in its environment. This approach also provides a link between formal analysis of components in safety-critical systems and the traditional engineering processes supported by model-based development. We also present an algorithm for deriving safety interfaces given a particular safety property and fault modes for the component. The safety interface is then used in a method proposed for compositional reasoning about component assemblies. Instead of reasoning about the effect of faults on the composed system, we suggest analysis of fault tolerance through pair wise analysis based on safety interfaces. The framework is demonstrated as a proof-of-concept in two case studies; a hydraulic system from the aerospace industry and an adaptive cruise controller from the automotive industry. The case studies have shown that a more efficient system-level safety analysis can be performed using the safety interfaces.

Component-based system development

safety-critical systems

safety interfaces

compositional analysis

modelbased development

Engineering and Technology

Teknik och teknologier

Software Development Process and Reliability Quantification for Safety Critical Embedded Systems Design

Lockhart, Jonathan A.

01 October 2019

No description available.

Computer Engineering

Embedded Systems Software

Reliability Quantification

Software Reliability

Safety Critical Systems

Software Error Modeling

Reliable Software Design

Improving Software Development Process Through Industry 4.0 Technologies : A focus on Railway Embedded Software

Eriksson, Julia, Busck, Victor

January 2023

Date: 4th June 2023 Level: Master thesis in Product- and Process Development, advanced level, 30 credits Institution: School of Innovation, Design and Engineering at Mälardalen University Authors: Victor Busck Julia Eriksson Title: Improving Software Development Process Through Industry 4.0 Methodologies - A focus on Railway Embedded Software Supervisor: Yuji Yamamoto - Mälardalens University, Raluca Marinescu - Alstom, Ian Bird-Radolovic - Alstom Keywords: Safety-critical software development; Software development;Industry 4.0; Artificial Intelligence Purpose: The purpose of this study is to investigate what challenges and bottlenecks may occur in the development process of safety-critical software and suggest how Industry 4.0 technologies could be applied to overcome the bottlenecks and improve the process. Research questions: 1. What bottlenecks can the railway domain encounter when developing safety-critical software? 2. How can Industry 4.0 technologies be applied to overcome thebottlenecks and improve the development process of safety-critical software? Methodology: The study is based on a qualitative research methodology following an abductive approach. This led to the theoretical framework being gradually developed in parallel with the empirical data collection. The theoretical collection was based on scientific reports and books. The empirical data collection was based on a questionnaire, of which five in-depth interviews werethen conducted based on responses. Out of the five, three were semi-structured and two unstructured. Conclusion: The study concluded that all phases except design and implementation and software evaluation contained various bottlenecks related to tools, training, processes, resources and communication. However, it can be concluded that the testing phases were the biggest bottleneck at Alstom. To overcome testing challenges and improve the development process, the analysis shows that Industry 4.0 technologies such as AI, NLP and ML could be used to automate testing activities.

Safety-critical software development

Industry 4.0

Artificial Intelligence

Requirement Validation - A multi-case study to identifyfailure factors in safety critical software development

Ceriacous, Kyrollos, Ishak, Jakoob

January 2023

In software development, customer trust hinges on a product performing as expectedand ensuring appropriate steps are taken to prevent incidents due to faulty systems. Oneway of achieving this lies within in requirement validation – the process of validatingthe requirements set on the software. However, the complexity of the requirementvalidation domain can be challenging for companies and organizations seeking toimprove their validation processes. This research investigates this area, pinpointingpotential failure factors that may hinder effective requirement validation. The study wasconducted using a multi-case research design, involving individual interviews with fourdistinct divisions at SAAB: hardware, software, systems, and test equipment.This study built upon Niazi’s & Shastry's previous research where findings of failurefactors in requirement engineering are brought forward. What this research has done istaking the failure factors and applying them to requirement validation, which is asubcategory to requirement engineering. The failure factors taken into consideration inthis research are therefore the following: • Vague requirements• Undefined requirements process• Lack of stakeholder involvement• Business needs are not considered• Lack of requirement management• The requirements do not reflect the real needs of the customer• The requirements are inconsistent and/or incomplete• It is expensive to make changes to requirements after they have been agreed• Requirements growth• Stakeholders’ communication problems During the research, focus was placed on noting how often the interviewees mentionedeach failure factor. This helped in understanding which issues were most often seen asproblems in the requirement validation process.Particularly, stakeholder issues and the tendency towards vague requirement definitionsemerged as prevalent problems. The findings of this research do not only concernsafety-critical software companies but can additionally prove beneficial to any industrydealing with stakeholders and product/service requirements. The research providesiiipotential pitfalls in requirement validation, aiding organizations in refining theirapproach for better software product reliability and customer trust.

Requirements

Requirement Validation

Requirement Engineering

Safety-critical

Software Development

Failure Factors

Multiple Case Study.

Software Engineering

Programvaruteknik

The Agile method Scrum in development of safety critical applications : A case study about challenges and opportunities for developers and verifiers / Den Agila metoden Scrum vid utveckling av säkerhetskritiska applikationer : En fallstudie om utmaningar och möjligheter för utvecklare och verifierare

Hiltunen, Kim

January 2018

When it comes to using agile methods in safety critical application development, there is a limited amount of empirical findings. To learn more about how people in this field perceives the use of working with these methods, it is of interest to take part of their experiences and opinions. The purpose of this thesis is to discover advantages, disadvantages and improvement factors of working with the agile method Scrum in combination with safety critical application development. The study was limited to the roles of developers and verifiers working in two anonymized companies in the defence and railway industry. A qualitative approach was used which included a multiple case study where each of the involved company were considered a case. Empirical data was collected through semi structured interviews with the employees from the two companies. The collected data was categorized, coded and analyzed using comparative analysis. The data was coded based on one of the seven areas documentation, organization, communication, education, development, verification and planning. The interviewed developers and verifiers pointed out various advantages, disadvantages and improvement factors within the areas mentioned above. The majority of the opinions among the interviewees varied. However, some common aspects were pointed out. The most frequently mentioned factor to improve for the developers was in the communication area, while the verifiers raised educational aspects as the most common factor to improve. The findings from this study can be used to point out sections that the investigated companies should consider when using the agile method Scrum in combination with safety critical application development. The thesis also provides empirical evidence of how people in the in-spected companies consider difficulties and opportunities in their work. / När det kommer till användadet av agila metoder vid säkerhetskritisk applikationsutveckling finns det begränsat med empiriska fynd. För att få veta mer om hur personer som arbetar inom detta område uppfattar användandet av dessa metoder, är det av intresse att ta del av deras erfarenheter och åsikter. Syftet med denna uppsats är att identifiera fördelar, nackdelar och förbättringsmöjligheter när det kommer till att arbeta agilt med Scrum vid säkerhetskritisk applikationsutveckling. Studien inkluderade rollerna utvecklare och verifierare som arbetade i två anonymiserade företag inom försvarsrespektive järnvägsindustrin. En kvalitativ metod användes vilket inkluderade en fallstudie, där de involverade företagen behandlades som varsitt fall. Empirisk data samlades in genom semistrukturerade intervjuer med anställda från de två företagen. All insamlad data kategoriserades, kodades och analyserade med hjälp av komparativ analys. Kodningen utfördes baserat på de sju olika områdena dokumentation, organisation, kommunikation, utbildning, utveckling, verifikation och planering. De intervjuade utvecklarna och verifierarena pekade ut diverse fördelar, nackdelar och förbättringsfaktorer inom områdena som nämndes ovan. Majoriteten av åsikterna varierade, däremot kunde några gemensamma åsikter påvisas. Den mest förekommande förbättringsfaktorn bland utvecklarna var inom kommunikationsområdet, medan verifierarna tog upp utbildningsrelaterade aspekter som den vanligaste förbättringsfaktorn. Resultaten från denna studie kan användas för att peka ut delar som de undersökta företagen bör beakta vid användning av den agila metoden Scrum i kombination med säkerhetskritisk applikationsutveckling. Uppsatsen tillhandahåller empiriska bevis på hur personer som arbetar på de granskade företagen ser på svårigheter och möjligheterinom sitt arbete.

Agile methods

Scrum

Safety critical application development

Agila metoder

Scrum

Säkerhetskritisk applikationsutveckling

Computer and Information Sciences

Data- och informationsvetenskap

Scheduling and Optimisation of Heterogeneous Time/Event-Triggered Distributed Embedded Systems

Pop, Traian

January 2003

Day by day, we are witnessing a considerable increase in number and range of applications which entail the use of embedded computer systems. This increase is closely followed by the growth in complexity of applications controlled by embedded systems, often involving strict timing requirements, like in the case of safety-critical applications. Efficient design of such complex systems requires powerful and accurate tools that support the designer from the early phases of the design process. This thesis focuses on the study of real-time distributed embedded systems and, in particular, we concentrate on a certain aspect of their real-time behavior and implementation: the time-triggered (TT) and event-triggered (ET) nature of the applications and of the communication protocols. Over the years, TT and ET systems have been usually considered independently, assuming that an application was entirely ET or TT. However, nowadays, the growing complexity of current applications has generated the need for intermixing TT and ET functionality. Such a development has led us to the identification of several interesting problems that are approached in this thesis. First, we focus on the elaboration of a holistic schedulability analysis for heterogeneous TT/ET task sets which interact according to a communication protocol based on both static and dynamic messages. Second, we use the holistic schedulability analysis in order to guide decisions during the design process. We propose a design optimisation heuristic that partitions the task-set and the messages into the TT and ET domains, maps and schedules the partitioned functionality, and optimises the communication protocol parameters. Experiments have been carried out in order to measure the efficiency of the proposed techniques.

embedded computer systems

safety-critical applications

real-time behavior

time-triggered (TT)

event-triggered (ET)

Computer Sciences

Datavetenskap (datalogi)

Model-Driven Code Generation of Safety Mechanisms

Huning, Lars

14 October 2022

Safety-critical systems are systems in which failure may lead to serious harm for humans or the environment. Due to the nature of these systems, there exist regulatory standards that recommend a set of safety mechanisms that should be included in these systems, e.g., IEC 61508. However, these standards offer little to no implementation assistance for these mechanisms. This thesis provides such development assistance, by proposing an approach for the automatic generation of safety mechanisms via Model-Driven Development (MDD). Such an automation of previously manual activities has been known to increase developer productivity and to reduce the number of bugs in the implementation. In the context of safety-critical systems, the latter also means an improvement in safety. The approach introduces a novel way to define safety requirements as structured sentences. This structure allows for the automatic parsing of these requirements in order to subsequently generate software-implemented safety mechanisms, as well as to initially configure hardware-implemented safety mechanisms. The generation approach for software-implemented safety mechanisms uses Unified Modeling Language (UML) stereotypes to represent these mechanisms in the application model. Automated model-to-model transformations parse this model representation and realize the safety mechanisms within an intermediate model. From this intermediate model, code may be generated with simple 1:1 mappings. For the generation of hardware-implemented safety mechanisms, this thesis introduces a novel Graphical User Interface (GUI) tool for representing the configuration of hardware interfaces. A template-based code snippet repository is used for generating the code responsible for the configuration of the hardware-implemented safety mechanisms. The presented approach is validated by applying it to the development of a safety-critical fire detection application example. Furthermore, the runtime overhead of the respective transformation steps of the code generation process is measured. The results indicate a linear scalability and a runtime that is no impediment to the workflow of the developer. Furthermore, the memory and runtime overhead of the generated code is evaluated. The results show that the inclusion of a single safety mechanism for a single system element has a negligible overhead. However, the relative overhead indicates that the application of safety mechanisms should be limited to those system elements that are strictly safety-critical, as their arbitrary application to all system elements would have large effects on the runtime and memory usage of the application.

embedded software engineering

model-driven development

code generation

safety-critical systems

54.52 - Software engineering

D.2.0 - General

ddc:004

Model Based System Consistency Checking Using Event-B

Xu, Hao

04 1900

<p>Formal methods such as Event-B are a widely used approach for developing critical systems. This thesis demonstrates that creating models and proving the consistency of the models at the requirements level during software (system) development is an effective way to reduce the occurrence of faults and errors in a practical application. An insulin infusion pump (IIP) is a complicated and time critical system. This thesis uses Event-B to specify models for an IIP, based on a draft requirements document developed by the US Food and Drug Administration (FDA). Consequently it demonstrates Event-B can be used effectively to detect the missing properties, the missing quantities, the faults and the errors at the requirements level of a system development. The IIP is an active and reactive time control system. To achieve the goal of handling timing issues in the IIP system, we made extensions of an existing time pattern specified using Event-B to enrich the semantics of the Event-B language. We created several sets to model the activation times of different events and the union of these time sets defines a global time activation set. The tick of global time is specified as a progress tick event. All the actions in an event are triggered only when the global time in the time tick event matches the time specified in the event. Time is deleted from the corresponding time set, but not the corresponding global time set while the event is triggered. A time point is deleted from the global time set only when there are no pending actions for that time point. Through discharging proof obligations using Event-B, we achieved our goal of improving the requirements document.</p> / Master of Computer Science (MCS)

insulin infusion pump

Event-B

safety critical systems

safety constraints

formal specification

timing constraints

Software Engineering

Software Engineering