Empirical evaluations of safety-critical embedded systems [Elektronische Ressource] / vorgelegt von Dirk-Falk Salewski. [Hrsg.: Fachgruppe Informatik, RWTH Aachen University]

rheinisch-westfalischen_technischen_hochschule_-rwth-_aachen - Falksalewski

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

189 pages

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Informations

Publié par	rheinisch-westfalischen_technischen_hochschule_-rwth-_aachen
Publié le	01 janvier 2008
Nombre de lectures	28
Poids de l'ouvrage	2 Mo

Extrait

Aachen
Department of Computer Science
Technical Report
Empirical Evaluations of
Safety Critical Embedded Systems
Falk Salewski
ISSN 0935{3232 ¢ Aachener Informatik Berichte ¢ AIB 2008 18
RWTH Aachen ¢ Department of Computer Science ¢ Nov. 2008The publications of the Department of Computer Science of RWTH Aachen
University are in general accessible through the World Wide Web.
http://aib.informatik.rwth-aachen.de/Empirical Evaluations of
Safety-Critical Embedded Systems
Von der Fakultät für Mathematik, Informatik und
Naturwissenschaften der RWTH Aachen University
zur Erlangung des akademischen Grades eines
Doktors der Ingenieurwissenschaften genehmigte Dissertation
vorgelegt von
Diplom-Ingenieur
Dirk-Falk Salewski
aus
Siegen
Berichter: Professor Dr.-Ing. Stefan Kowalewski Klaus Müller-Glaser
Tag der mündlichen Prüfung: 08.10.2008
Diese Dissertation ist auf den Internetseiten der Hochschulbibliothek online verfügbar.Dirk-Falk Salewski
Lehrstuhl Informatik 11
salewski@embedded.rwth-aachen.de
Aachener Informatik Bericht AIB-2008-18
Herausgeber: Fachgruppe Informatik
RWTH Aachen University
Ahornstr. 55
52074 Aachen
GERMANY
ISSN 0935-3232Abstract
Embedded systems based on diﬀerent types of hardware platforms are nowa-
days increasingly used in safety-critical applications. These diﬀerent hardware
platforms lead to fundamental diﬀerences in design, particularly regarding the
correspondingsoftware. Inthiswork, potentialinﬂuencesofhardwareplatforms
on safety properties were gathered and open issues were identiﬁed. The most
relevant of these open issues were evaluated for popular embedded hardware
platforms (microcontroller, CPLD/FPGA). In detail, the impacts ofare
platform selection on software diversity, encapsulation, reviewability, reusability
and the development according to ISO26262 were chosen for investigation. Fur-
thermore, the approach of software diversity was compared with a fault removal
approach. The evaluation was realized in form of six experiments conducted for
this work. During these evaluations, the following similarities and diﬀerences
were observed for the considered hardware platforms. Despite the diversity be-
tween the hardware platforms, failures observed in the software versions, which
were developed for these diﬀerent platforms, contained high numbers of depen-
dent (coincident) failures. Although failure dependency between two versions
was reduced by the use of diverse hardware platforms, this eﬀect was low. Most
dependent failures were identiﬁed as implementation independent so that im-
provements of the software diversity by hardware diversity were limited. Thus,
a comparison of software fault tolerance with a fault removal approach based
on tests and reviews was conducted. As a result, diﬀerent types of failures
were mitigated by these alternative approaches. On the other hand, diﬀerences
between microcontrollers and FPGAs were observed. First, certain advantages
of FPGAs with respect to encapsulation and reuse of real-time functions could
be demonstrated. Moreover, diﬀerences regarding the reviewability of software
versions written for FPGAs and microcontrollers were observed. Finally, the
development according to ISO26262 revealed only minor diﬀerences between
the investigated hardware platforms but between the diﬀerent safety concepts
of device supervision and function supervision.
iiiAcknowledgments
First of all, I would like to thank Prof. Dr. Stefan Kowalewski for giving me
the opportunity to conduct this doctoral thesis at his chair at RWTH Aachen
University. I especially appreciate his constant assistance, his helpful advices
and valuable feedback, as well as the great degrees of freedom in determining
the focus of my work. Furthermore, I thank Prof. Dr. Klaus Müller-Glaser for
his interest in my work and for accepting the position of the second referee as
well as Prof. Dr. Wolfgang Thomas, Prof. Dr. Horst Lichter, and Prof. Dr.
Peter Rossmanith for their participation in the dissertation committee.
Many thanks go to all my colleagues at the Embedded Software Laboratory
at RWTH Aachen University for providing a fruitful working atmosphere. Spe-
cial thanks go to Dirk Wilking, who inducted me into the concepts of empirical
evaluations and whose feedback was always very important to me. Moreover,
Bastian Schlich helped me a lot with respect to conceptual and organizational
aspects. I am also grateful for the support I gained from my student assis-
tants. Especially the assistance of Ramona Dülks and Bodo Felger during the
preparation of my experiments and their work on the development of the test
environments was very useful. Further thanks go to Martin Lang and Thomas
Gatterdam for their great work for the FAT project.
Further on, I want to thank all students who conducted their diploma the-
ses under my supervision. Their work was a valuable feedback and in this
respect my special thanks go to Eva Beckschulze, David Boymanns, Emilio Co-
dina, Clemens Crämer, Ramona Dülks, Alexander Göres, Jianmin Li, Alexan-
der Mehlkopp, Daniel Plugge, Thomas Siegbert, Sandra Theidel, Julian Wild,
and Xiaoqiang Zhang. Further thanks go to all the students who participated
in my experiments. Their development and implementation work was a very
important part for the evaluations conducted for this thesis.
I also thank the Research Association of Automotive Technology (Forschungs-
vereinigung Automobiltechnik, FAT) for funding the project Reliability for Au-
tomotive Embedded Systems. Working for this project gave me valuable inputs
for my research work and I especially thank all project members for the interest-
ing discussions and their helpful feedback on topics of safety-critical automotive
applications.
Moreover, many thanks go to Adam Taylor for his constant support con-
cerning the application of FPGAs in safety-critical applications. It was really
iiivaluable for me to proﬁt from his industry perspective during my work.
Finally, I want to thank my friends and family for supporting me during
this work. My special thanks go to my wonderful wife Verena Thaler for her
constant support and her precious feedback concerning all presentation and
writing issues.
Falk Salewski
Aachen, October 2008
ivContents
1. Introduction 1
1.1. Problem Deﬁnition and Objectives . . . . . . . . . . . . . . . . . 1
1.2. Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3. Thesis Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4. Bibliographic Notes . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Preliminaries 5
2.1. Embedded Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2. Safety-Critical Systems . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Identiﬁcation of Safety-Relevant Impacts 9
3.1. Potential Safety-Related Impacts . . . . . . . . . . . . . . . . . . 9
3.2. Impacts on Fault Handling in Embedded Systems . . . . . . . . . 10
3.2.1. Handling of Hardware Faults . . . . . . . . . . . . . . . . 11
3.2.2. of Software Faults . . . . . . . . . . . . . . . . . 18
3.3. Summary and Open Issues . . . . . . . . . . . . . . . . . . . . . . 23
3.4. Investigated Impacts . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.4.1. Software Diversity . . . . . . . . . . . . . . . . . . . . . . 24
3.4.2. Encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4.3. Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4.4. Test and Review vs. N-Version Programming . . . . . . . 26
3.4.5. Reusability . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.4.6. Development according to ISO26262 . . . . . . . . . . . . 27
4. Methodology of Evaluation 29
4.1. Empirical Evaluations . . . . . . . . . . . . . . . . . . . . . . . . 29
4.2. Deﬁnition of Experiments . . . . . . . . . . . . . . . . . . . . . . 30
4.3. Context Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.3.1. Experiment Tasks . . . . . . . . . . . . . . . . . . . . . . 32
4.3.2. Selection of Hardware Platforms . . . . . . . . . . . . . . 36
4.3.3. of Subjects . . . . . . . . . . . . . . . . . . . . . 38
4.4. Setup of Hypotheses . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.5. Variable Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
4.6. Experiment Designs . . . . . . . . . . . . . . . . . . . . . . . . . 47
vContents
4.6.1. Experiments 1 and 2 . . . . . . . . . . . . . . . . . . . . . 48
4.6.2. Experiment 3 . . . . . . . . . . . . . . . . . . . . . . . . . 49
4.6.3. Experiment 4 . . . . . . . . . . . . . . . . . . . . . . . . . 50
4.6.4. Experiment 5 . . . . . . . . . . . . . . . . . . . . . . . . . 52
4.6.5. Experiment 6 . . . . . . . . . . . . . . . . . . . . . . . . . 53
4.6.6. Testing Issues . . . . . . . . . . . . . . . . . . . . . . . . . 54
4.7. Instrumentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.7.1. Experiment Objects . . . . . . . . . . . . . . . . . . . . . 56
4.7.2. Measurements . . . . . . . . . . . . . . . . . . . . . . . . . 56
4.7.3. Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
4.7.4. Setup of Test Environments . . . . . . . . . . . . . . . . . 62
4.7.5. Test Cas