Design patterns for safety-critical embedded systems [Elektronische Ressource] / vorgelegt von Ashraf Armoush

rheinisch-westfalischen_technischen_hochschule_-rwth-_aachen - Ashrafarmoush

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

197 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Sujets

Informatik

Informations

Publié par	rheinisch-westfalischen_technischen_hochschule_-rwth-_aachen
Publié le	01 janvier 2010
Nombre de lectures	25
Langue	English
Poids de l'ouvrage	3 Mo

Extrait

Design Patterns for Safety-Critical
Embedded Systems
Von der Fakultät für Mathematik, Informatik und
Naturwissenschaften der RWTH Aachen University
zur Erlangung des akademischen Grades eines
Doktors der Ingenieurwissenschaften genehmigte Dissertation
vorgelegt von
Ashraf Armoush
aus
Awarta-Palästina
Berichter: Professor Dr.-Ing. Stefan Kowalewski Dr. Bernhard Rumpe
Tag der mündlichen Prüfung: 15.06.2010
Diese Dissertation ist auf den Internetseiten der Hochschulbibliothek online verfügbar.Ashraf Armoush
Lehrstuhl Informatik 11
armoush@embedded.rwth-aachen.deAbstract
Overthelastfewyears, embeddedsystemshavebeenincreasinglyusedinsafety-
critical applications where failure can have serious consequences. The design
of these systems is a complex process, which is requiring the integration of
common design methods both in hardware and software to fulﬁll functional and
non-functional requirements for these safety-critical applications.
Design patterns, which give abstract solutions to commonly recurring design
problems, have been widely used in the software and hardware domain. In
this thesis, the concept of design patterns is adopted in the design of safety-
critical embedded system. A catalog of design patterns was constructed to
support the design of safety-critical embedded systems. This catalog includes
a set of hardware and software design patterns which cover common design
problems such as handling of random and systematic faults, safety monitoring,
and sequence control. Furthermore, the catalog provides a decision support
component that supports the decision process of choosing a suitable pattern for
a particular problem based on the available resources and the requirements of
the applicable patterns.
As non-functional requirements are an important aspect in the design of
safety-critical embedded systems, this work focuses on the integration of im-
plications on non-functional properties in the existing design pattern concept.
A pattern representation is proposed for safety-critical embedded application
design methods by including ﬁelds for the implications and side eﬀects of the
represented design pattern on the non-functional requirements of the systems.
The considered requirements include safety, reliability, modiﬁability, cost, and
execution time.
Safety and reliability represent the main non-functional requirements that
should be provided in the design of safety-critical applications. Thus, reliability
and safety assessment methods are proposed to show the relative safety and
reliability improvement which can be achieved when using the design patterns
under consideration. Moreover, a Monte Carlo based simulation method is used
to illustrate the proposed assessment method which allows comparing diﬀerent
design patterns with respect to their impact on safety and reliability.
iiiAcknowledgments
I would like to express my sincere gratitude to my advisor, Prof. Dr.-Ing. Stefan
Kowalewski for his considerable guidance, helpful advices, valuable information,
and constant support during the development of this thesis.
I would also like to thank Prof. Dr. Bernhard Rumpe for accepting to be a
co-referee of my doctorate thesis and his interest in my work. My thanks also
go to the committee members, Prof. Dr. Peter Rossmanith, Prof. Dr. Ulrike
Meyer, and Prof. Dr. Berthold Vöcking for their time and eﬀort.
I would like toacknowledgethe German AcademicExchangeService (DAAD)
for granting me the PhD scholarship.
I would also like to express my deepest thanks to Dr. Falk Salewski for his
suggestions, useful hints, and helpful advices during the ﬁrst phase of my work.
Many thanks go to all my colleagues at the Embedded Software Laboratory
at RWTH Aachen University, in particular John. F. Schommer, for providing
a fruitful working atmosphere. Furthermore, I thank my student Alexander
Grinin for helping me to implement the catalog program.
Last but not least, I am thankful and very appreciative to my wonderful
wife and my family for their love, encouragement and support during the entire
period of my study.
Ashraf Armoush
Aachen, June 2010
iiiivContents
1. Introduction 1
1.1. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2. Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3. Thesis Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.4. Bibliographic Notes . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Preliminaries 5
2.1. Embedded Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2. Characteristics of Embedded Systems . . . . . . . . . . . . . . . . 6
2.3. Safety-Critical Systems . . . . . . . . . . . . . . . . . . . . . . . . 8
2.4. Concept of Design Patterns . . . . . . . . . . . . . . . . . . . . . 10
2.5. A Brief History of Design Patterns . . . . . . . . . . . . . . . . . 10
3. Pattern Representations 13
3.1. Traditional Pattern Representation . . . . . . . . . . . . . . . . . 13
3.2. Other Representations . . . . . . . . . . . . . . . . . . . . . . . . 14
3.3. Motivations for a New Representation . . . . . . . . . . . . . . . 14
3.4. Design Pattern Template . . . . . . . . . . . . . . . . . . . . . . . 16
3.5. Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.5.1. Patterns for Safety-Critical Systems . . . . . . . . . . . . 19
3.5.2. Non-Functional Requirements in Design Patterns . . . . . 19
4. Safety and Reliability Assessment 21
4.1. Reliability Assessment . . . . . . . . . . . . . . . . . . . . . . . . 21
4.1.1. Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.1.2. Basic System . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.1.3. Relative Reliability Improvement . . . . . . . . . . . . . . 22
4.2. Safety Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.2.1. IEC 61508 . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.2.2. MIL-STD-882D . . . . . . . . . . . . . . . . . . . . . . . . 24
4.2.3. ISO 26262 . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.2.4. DO-178B and DO-254 . . . . . . . . . . . . . . . . . . . . 24
4.2.5. Choice of standard for our work . . . . . . . . . . . . . . . 24
4.3. Safety and Risk Metrics . . . . . . . . . . . . . . . . . . . . . . . 25
vContents
4.4. Safety Integrity Levels . . . . . . . . . . . . . . . . . . . . . . . . 25
4.5. Safety Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.5.1. Applicability to Safety Integrity Levels . . . . . . . . . . . 27
4.5.2. Relative Safety Improvement . . . . . . . . . . . . . . . . 29
5. A Case Study: Software Diversity 31
5.1. Concept of Diversity Programming . . . . . . . . . . . . . . . . . 31
5.2. Acceptance Test . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.3. The Quality of the Acceptance Test . . . . . . . . . . . . . . . . . 33
5.4. Recovery Block with Backup Voting . . . . . . . . . . . . . . . . 34
5.5. Simulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.5.1. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.5.2. Simulation Procedure . . . . . . . . . . . . . . . . . . . . 37
5.5.3. Notations and Assumptions . . . . . . . . . . . . . . . . . 38
5.6. Reliability Assessment . . . . . . . . . . . . . . . . . . . . . . . . 38
5.6.1. The eﬀect of the “Probability of Failure” in a version . . . 39
5.6.2. The eﬀect of the false negative cases in the acceptance test 41
5.6.3. The eﬀect of the false positive cases in the acceptance test 42
5.7. Safety Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.7.1. The eﬀect of the “Probability of Failure” in a version . . . 42
5.7.2. The eﬀect of the false negative cases in the acceptance test 43
5.7.3. The eﬀect of the false positive cases in the acceptance test 44
5.8. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6. Catalog of Design Patterns 47
6.1. Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
6.2. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
6.3. Data Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
6.4. Application Guidelines . . . . . . . . . . . . . . . . . . . . . . . . 52
6.5. Decision Support . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
6.5.1. Design Solutions . . . . . . . . . . . . . . . . . . . . . . . 53
6.5.2. Problems . . . . . . . . . . . . . . . . . . . . . . . 54
6.5.3. Decision Trees . . . . . . . . . . . . . . . . . . . . . . . . 54
6.6. Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
6.7. General Pattern . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
6.8. Catalog Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
7. Hardware Patterns 61
7.1. Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
7.2. Redundancy Notes . . . . . . . . . . . . . . . . . . . . . . . . . . 61
7.3. Homogeneous Duplex Pattern (HmD) . . . . . . . . . . . . . . . 62
viContents
7.4. Heterogeneous Duplex Pattern (HtD) . . . . . . . . . . . . . . . . 69
7.5. Triple Modular Redundancy Pattern (TMR) . . . . . . . . . . . . 76
7.6. M-Out-Of-N Pattern (M-oo-N) . . . . . . . . . . . . . . . . . . . 81
7.7. Monit