high integrity systems c o d e
play

High Integrity Systems C.O.D.E. Developing Certified Components for - PowerPoint PPT Presentation

Nov 04, 2022 •127 likes •397 views

High Integrity Systems C.O.D.E. Developing Certified Components for High Integrity Embedded Systems http://www.hidecs.co.uk/ Email: Paul_E.Bennett@topmail.co.uk 22 February 2013 Paul E. Bennett IEng MIET 1 HIDECS Consultancy In a paper by

  1. High Integrity Systems C.O.D.E. Developing Certified Components for High Integrity Embedded Systems http://www.hidecs.co.uk/ Email: Paul_E.Bennett@topmail.co.uk 22 February 2013 Paul E. Bennett IEng MIET 1 HIDECS Consultancy

  2. In a paper by Phil Koopman, titled “The Grand Challenge of Embedded System Dependability” he sets out that “Four significant challenges in embedded system dependability are: • embedded-specific security approaches, • unifying security with safety, • dealing with composable emergent properties, • and enabling domain experts to use advanced dependability techniques.” 22 February 2013 Paul E. Bennett IEng MIET 2 HIDECS Consultancy

  3. Where mistakes are made (Out of control, 2nd edition 2003, Health & Safety Executive HSE – UK) 22 February 2013 Paul E. Bennett IEng MIET 3 HIDECS Consultancy

  4. Capability & Correctness 22 February 2013 Paul E. Bennett IEng MIET 4 HIDECS Consultancy

  5. Software Needs Hardware ● Software does not operate without the support of the hardware on which it runs. ● Hardware can suffer random failures ● Environmental Factors ● Stress Induced Failures ● Wear-Out Failures ● Software only suffers systematic failures 22 February 2013 Paul E. Bennett IEng MIET 5 HIDECS Consultancy

  6. Software Needs Hardware Failure = f(h)+f(s) f(h) f(s) 22 February 2013 Paul E. Bennett IEng MIET 6 HIDECS Consultancy

  7. Software Needs Hardware For a Single Channel of Control Failure = f(h)+f(s) 10E0 to <10E-99 10E0 to 10E-3 f(h) f(s) 22 February 2013 Paul E. Bennett IEng MIET 7 HIDECS Consultancy

  8. Design Integrity is vital ● Know the working environmnt ● Design to operate within limitations of that enviornment ● Be clear about the Tasks to be performed ● Task Description ● Task Analysis ● Hazop Study & Risk Assessment ● Revisit the early concept ● It will not usually be right on the first pass so go back and look at what you can improve as early as possible. 22 February 2013 Paul E. Bennett IEng MIET 8 HIDECS Consultancy

  9. Have a Robust Process ● To develop a High Integrity System you need to be at CMM-3 or better from the start ● Your process needs to manage a multitude of versions and changes ● You need to keep the information and knowledge safe and secure ● You need to know that you and your clients are working to the same specification 22 February 2013 Paul E. Bennett IEng MIET 9 HIDECS Consultancy

  10. Specification Discovery Specification and Design Implementation Job Design Task Training Analysis Human/ Requirements Computer Operational Specification Interface Trials Design Function Manufacture Analysis Functional Design 22 February 2013 Paul E. Bennett IEng MIET 10 HIDECS Consultancy

  11. The Document Trail 22 February 2013 Paul E. Bennett IEng MIET 11 HIDECS Consultancy

  12. An Engineering Process Model Accept Process Requirements Issue Function Review 22 February 2013 Paul E. Bennett IEng MIET 12 HIDECS Consultancy

  13. An Engineering Process Model Accept Process f1 Requirements Issue Function Review f1 f3 f1 Work Change Work Review Instruction Instruction f2 Change Change Proposal Proposal f1 Problem Simple f4 f4 Report Review Explanation 22 February 2013 Paul E. Bennett IEng MIET 13 HIDECS Consultancy

  14. Why Forth? ● Stable Virtual Machine (about 40 years) ● Extensible ● Supportive of Structured Programming ● Supportive of Component Oriented Approach ● Does not rely on sub-setting to be “Safe” ● Fully Certifiable 22 February 2013 Paul E. Bennett IEng MIET 14 HIDECS Consultancy

  15. Why Forth? Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 15 HIDECS Consultancy

  16. Why Forth? Forth Kernel Parameter Stack Return Stack Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 16 HIDECS Consultancy

  17. Why Forth? Forth Kernel Peripheral Support Code Parameter Stack Return Stack Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 17 HIDECS Consultancy

  18. Why Forth? Application Specific Base Forth Kernel Peripheral Support Code Parameter Stack Return Stack Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 18 HIDECS Consultancy

  19. Why Forth? Application Application Specific Base Forth Kernel Peripheral Support Code Parameter Stack Return Stack Perihperal Interfaces Processor 22 February 2013 Paul E. Bennett IEng MIET 19 HIDECS Consultancy

  20. Component Oriented ● All systems are constructed from components ● Components have Datasheets describing their attributes, functionaility and limitations. ● Components are complete in themselves ● Components can be certified for compliance with their specification. ● Non-compliance becomes obvious upon proper inspection. 22 February 2013 Paul E. Bennett IEng MIET 20 HIDECS Consultancy

  21. Certifiying Software Components ● NPL have been running approximately 5,000 random C compilations per evening on a selection of C compilers. So far there have been no matches observed at the object code level. ● Forth already has at least two fully certified compiler implementations for High Integrity Applications. ● Choosing Forth made such certification effort much easier to complete. 22 February 2013 Paul E. Bennett IEng MIET 21 HIDECS Consultancy

  22. Producing High Integrity Code ● Think of writing the comments first (use the comments as a statement of what you expect to be achieved). ● Review the comments to establish the state the true intent for the code you have yet to write. ● Write the code to meet the statement of requirements expressed by the comments. ● Statically Inspect the code to ensure implementation matches intent ● Perform a functional test of all logical paths in the code. ● Perform a limitations test (trying to make the code fail). ● 100% Path and Function Coverage is possible. 22 February 2013 Paul E. Bennett IEng MIET 22 HIDECS Consultancy

  23. Code Inspection Sample \ DSQRT (c) PEB 28/10/05 : DSQRT ( ud -- u ) (G u is the nearest integer value of the square root of the ) ( unsigned number ud. Results are rounded down. ) -1 >R BEGIN R> 1+ >R R@ 2* 1+ S>D D- 2DUP D0>= NOT UNTIL 2DROP R> ; 22 February 2013 Paul E. Bennett IEng MIET 23 HIDECS Consultancy

  24. Code Inspection Sample \ DSQRT (c) PEB 28/10/05 : DSQRT ( ud -- u ) (G u is the nearest integer value of the square root of the ) ( unsigned number ud. Results are rounded down. ) -1 >R BEGIN R> 1+ >R R@ 2* 1+ S>D D- 2DUP D0>= NOT UNTIL 2DROP R> ; The above code fails certification as the word's glossary comment does not match the actual action of the code below it. The result returned is only valid if the input value is a positive signed number (31 bits instead of 32 - based on system with 16 bit width). 22 February 2013 Paul E. Bennett IEng MIET 24 HIDECS Consultancy

  25. Code Inspection Sample \ DSQRT (c) PEB 28/10/05 : DSQRT ( +dn -- +n ) (G +n is the nearest positive integer value of the square root of ) ( the positive double length integer +dn. Results are rounded ) ( down to the nearest positive integer. ) -1 >R BEGIN R> 1+ >R R@ 2* 1+ S>D D- 2DUP D0>= NOT UNTIL 2DROP R> ; After analysis, the code was deemed suitable for the application it was intended for but the glossary entry had to be re-worded to properly document its intention and limitations. 22 February 2013 Paul E. Bennett IEng MIET 25 HIDECS Consultancy

  26. Summary ● You need a development process to at least CMM level 3 capability. ● Component Oriented Approaches keep the problems bounded. ● Forth is a very good Component Oriented Development Environment ● Forth code can be as certifiable as hardware. 22 February 2013 Paul E. Bennett IEng MIET 26 HIDECS Consultancy

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

High Integrity Software for High Integrity Systems George Romanski Romanski@Verocel.com Outline

High Integrity Software for High Integrity Systems George Romanski Romanski@Verocel.com Outline

High Integrity Software for High Integrity Systems George Romanski Romanski@Verocel.com Outline System safety Safety standards Safety objectives Military avionics Ground based systems Future policy Directions 2 High

2.01k views • 33 slides
High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is

High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is

High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is SPARK? A sub-language of Ada 83 and 95 with particular properties that make it ideally suited to the most critical of applications: completely

848 views • 10 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain &amp; Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity

Mobile Systems Availability Mobile Systems Availability Integrity and Confidentiality Integrity and Confidentiality MoSAIC MoSAIC M.O.Killijian, D.Powell, M.Bantre, P.Couderc, Y.Roudier LAAS-CNRS - IRISA- Eurcom Context Context 3

159 views • 14 slides
CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies

CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies

CSCI 127 Introduction to Database Systems Integrity Constraints and Functional Dependencies CSCI 127: Introduction to Database Systems Integrity Constraints Purpose: Prevent semantic inconsistencies in data total savings + checking

1.01k views • 64 slides
CRC for High Integrity Australian Pork Established and supported under the Australian

CRC for High Integrity Australian Pork Established and supported under the Australian

CRC for High Integrity Australian Pork Established and supported under the Australian Governments Cooperative Research Centres Program Canola Meal NIR Calibration Implementation Project JCS Solutions Pty Ltd John Spragg Joint

464 views • 9 slides
Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity

Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity

Special Board Workshop Student Stress Piedmont High School December 9, 2019 Academic Integrity Academic Integrity Questions on CS Survey Working on an assignment with others when the instructor asked for individual work. Copying someone

347 views • 30 slides
SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P P HOUSTON, TEXAS S S S S Sales@safeplexsystems.com Systems, ystems, P Products, roducts, S Services, ervices, I Integrity ntegrity S I

98 views • 7 slides
SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P

SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. SafePlex Systems, Inc. P P HOUSTON, TEXAS S S S S Sales@safeplexsystems.com Systems, ystems, P Products, roducts, S Services, ervices, I Integrity ntegrity S I

80 views • 5 slides
Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Control-Flow Integrity Trent

1.55k views • 36 slides
Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level abstractions for data access, Organization manipulation, and administration Data integrity and security Performance and scalability Introduction

224 views • 9 slides
C4 LIS Integrity Services Streamlining LIS Systems and Processes with Dedicated Solutions

C4 LIS Integrity Services Streamlining LIS Systems and Processes with Dedicated Solutions

C4 LIS Integrity Services Streamlining LIS Systems and Processes with Dedicated Solutions Welcome to C4 C4 is dedicated to improving ease of use and ongoing management of LIS systems. We are equally dedicated to communicating in real-time, as

224 views • 6 slides
Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected

Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected

Use in Practice 1 Simulation goals High integrity representation of the dynamic, connected and non-linear physical processes that govern the different performance aspects that impact on the overall acceptability of buildings and their

422 views • 30 slides
Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated

Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Structural Integrity Evaluation of High-Temperature Wedge Flowmeter According to an Elevated Temperature Design Rule Jae-Hun Cho a , Hyeong-Yeon Lee a * , Jewhan

212 views • 4 slides
Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP Applicants Hong Kong Ethics Development Centre Independent Commission Against Corruption Competence Requirement Integrity Management

574 views • 23 slides
Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security Karim Eldefrawy Xavier Carpent Norrathep (Oak) Rattanavipanon Gene Tsudik University of California, Irvine SRI International Agenda

409 views • 38 slides
Human-Robot Dialogue and Collaboration in Search and Navigation Claire Bonial , Stephanie M.

Human-Robot Dialogue and Collaboration in Search and Navigation Claire Bonial , Stephanie M.

Human-Robot Dialogue and Collaboration in Search and Navigation Claire Bonial , Stephanie M. Lukin, Ashley Foots, Cassidy Henry, Matthew Marge, Kimberly A. Pollard, Ron Artstein, David Traum &amp; Clare R. Voss. LREC 2018 7 May 2018 C. Bonial |

516 views • 20 slides
1 Basic structure Banking example revisited SQL is based on set and relational operations

1 Basic structure Banking example revisited SQL is based on set and relational operations

DATABASE DESIGN I - 1DL300 Introduction to SQL Fall 2011 Elmasri/Navathe ch 4,5 Padron-McCarthy/Risch ch 7,8,9 An introductory course on database systems Silvia Stefanova http://www.it.uu.se/edu/course/homepage/dbastekn/ht11 Uppsala Database

248 views • 14 slides
OUTLINE BACKGROUND AND MOTIVATION PROPOSED APPROACH PRELIMINARY STUDY CONCLUSIONS FUTURE WORK

OUTLINE BACKGROUND AND MOTIVATION PROPOSED APPROACH PRELIMINARY STUDY CONCLUSIONS FUTURE WORK

OUTLINE BACKGROUND AND MOTIVATION PROPOSED APPROACH PRELIMINARY STUDY CONCLUSIONS FUTURE WORK 2 BACKGROUND Requirem irements ents traci cing ng ability to describe and follow life of requirement in both forward and backward

903 views • 53 slides
USSTF Status and Plans for the TP Release Frank Chlebana and David Lange Aug 9, 2013 Frank

USSTF Status and Plans for the TP Release Frank Chlebana and David Lange Aug 9, 2013 Frank

USSTF Status and Plans for the TP Release Frank Chlebana and David Lange Aug 9, 2013 Frank Chlebana UPO Meeting, Aug 9 2013 1 TP Configurations Goal is to have the TP release available by Jan 2014 which can be used for Phase II physics

593 views • 14 slides
1 Software Safety Specifying safety requirements Safety vs. Reliability Component

1 Software Safety Specifying safety requirements Safety vs. Reliability Component

User requirements CSE 403 Business Requirements Lecture 14 User User Use Cases Requirements Study Safety and Security Requirements Functional Requirements Requirements Documentation Non-functional Requirements Non-functionality

275 views • 3 slides
Chronology of Saher Bishara Experience Portfolio LinkedIn Profile

Chronology of Saher Bishara Experience Portfolio LinkedIn Profile

What's next and What to expect after Graduation. Human Factors and Usability Engineering Industries and Opportunities. Chronology of Saher Bishara Experience Portfolio LinkedIn Profile http://www.linkedin.com/pub/saher- bishara/2/742/883/

459 views • 25 slides
Status of MICE and Spectrometer Solenoids MICE Oversight Committee Meeting RAL, 24 April 2014

Status of MICE and Spectrometer Solenoids MICE Oversight Committee Meeting RAL, 24 April 2014

Status of MICE and Spectrometer Solenoids MICE Oversight Committee Meeting RAL, 24 April 2014 Paul Soler on behalf of the MICE Collaboration Contents 1. Agenda of Meeting 2. Organisation 3. MICE general status by MICE-UK Work Package 4.

450 views • 26 slides
Resilient Response in Complex Systems John Allspaw SVP, Tech Ops Friday, March 9, 12

Resilient Response in Complex Systems John Allspaw SVP, Tech Ops Friday, March 9, 12

Resilient Response in Complex Systems John Allspaw SVP, Tech Ops Friday, March 9, 12 OPERABILITY Friday, March 9, 12 PRODUCTION Friday, March 9, 12 http://whoownsmyavailability.com Friday, March 9, 12 Friday, March 9, 12 How important

956 views • 92 slides

More recommend