representing design tradeoffs in safety critical systems
play

Representing Design Tradeoffs in Safety-Critical Systems Jennifer - PowerPoint PPT Presentation

Jul 03, 2023 •285 likes •409 views

Representing Design Tradeoffs in Safety-Critical Systems Jennifer Morris, Philip Kooman [jenmorris, koopman]@cmu.edu ECE Department, Carnegie Mellon University ICSE WADS 2005 May 17, 2005 Motivation Increased reliance on software in

  1. Representing Design Tradeoffs in Safety-Critical Systems Jennifer Morris, Philip Kooman [jenmorris, koopman]@cmu.edu ECE Department, Carnegie Mellon University ICSE WADS 2005 May 17, 2005

  2. Motivation • Increased reliance on software in safety-critical systems • Effective strategies in place for some application domains – Aviation: • Fail-operational with triple modular redundancy – Rail: • Fail-stop with two-of-two systems • Fail-operational with dual two-of-two systems • Can we apply these techniques to new application domains and achieve the same results? • Which techniques should we choose? – For example, should we build x-by-wire cars like fly-by-wire planes? 2

  3. Graphical Tools for Comparing Application Domains • Kiviat graphs [Kolence & Kiviat ‘73, Esponda and R. Rojas ’92] – “Spider Plot” – Used to compare software performance – Various system metrics plotted on multiple axes CPU & Channel Performance – Profile used for comparison with other systems CPU & Channel Performance CPU busy CPU busy CPU Only busy CPU not busy CPU Only busy CPU not busy CPU & Channel Busy Channel Busy CPU & Channel Busy Channel Busy Channel Busy & CPU not Channel Busy & CPU not 3 Busy Busy

  4. Rail Systems Switching & Signalling Vehicle 10 7 10 6 System Cost ($) (BART upgrade $45 million) (BART car $2 million) Production 10 3 10 5 10 10 10 11 ~Market Size ($) (Tens of $ billions) (Hundreds of $ billions) Mission Time 10 5 10 2 (hours) (Tens of years) (Several days) Dispatchability 10 3 10 3 (~ .1-.2% failed at dispatch) (~ .1-.2% failed at dispatch) 10 9 10 6 MTTF (hours) (~100,000 years) (~100 years) Fault-Tolerance Dual fail-stop 2-of-2 systems Fail-stop 2-of-2 system Strategy 4

  5. 5 Rail Systems

  6. Aviation Flight Control & Automotive Steering Aviation Flight Control Automotive Steering 10 8 10 4 System Cost ($) (Hundreds of $ millions) (Tens of $ thousands) Production 10 3 10 7 10 11 10 11 ~Market Size ($) (Hundreds of $ billions) (Hundreds of $ billions) Mission Time 10 1 10 1 (hours) (Several hours) (Several hours) Dispatchability 10 3 10 4 (~.1-.2% failed at dispatch) (~.01-.02% failed at dispatch) 10 9 10 9 MTTF (hours) (~100,000 years) (~100,000 years) Fault-Tolerance Triple modular redundancy Duplex modular redundancy Strategy (?) 6

  7. 7 Aviation Flight & Automotive Steering Control

  8. What do We Observe? • Rail signaling & switching vs. vehicle – S & S have higher unit cost, but vehicles have higher annual cost – S & S have much higher MTTF & mission time – Might use similar software dependability strategies, different hardware strategies • Aviation vs. automotive – Similar MTTF & mission time, annual cost – Automotive has higher dispatchability – Aviation has much higher unit cost – Aviation software dependability strategies might be more likely to work for automotive than hardware strategies 8

  9. Summary and Future Work • A particular dependability strategy that is successful in one application domain might not be appropriate for another – Many different requirements to consider – For example, cars have lower per-unit cost, but high volume might permit software, rather than hardware, techniques to be affordable • A graphical representation of the various design tradeoffs might help system architects choose a strategy – Visualization aids help architects deal with complex tradeoffs • Yet unanswered research questions: – Which system characteristics/requirements should be included? – Can we graph and compare specific, real-world applications? – How do we verify the usefulness of the graphs? 9

  10. References • BART System Facts . San Francisco Bay Area Rapid Transit District Website, http://www.bart.gov/about/history/systemFacts.asp, accessed February 28, 2005. • M. Esponda and R. Rojas. A graphical comparison of RISC processors . ACM SIGARCH Computer Architecture News, 20(4):2–8, September 1992. • K. W. Kolence and P. J. Kiviat. Software unit profiles & Kiviat figures . ACM SIGMETRICS Performance Evaluation Review , 2(3):2– 12, September 1973. • N. Leveson. Safeware: System Safety and Computers . Addison- Wesley Publishing Company, Reading, Massachusetts, 1995. • Air Travel Consumer Reports . U.S. Department of Transportation Website, http://airconsumer.ost.dot.gov/reports/index.htm, accessed February 28, 2005. 10

  11. Representing Design Tradeoffs in Safety-Critical Systems Jennifer Morris, Philip Kooman [jenmorris, koopman]@cmu.edu ECE Department, Carnegie Mellon University ICSE WADS 2005 May 17, 2005

  12. Automotive Steering & Throttle/Braking 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Representing Variability in Product Lines: A Survey of Modeling and Specification Techniques

Representing Variability in Product Lines: A Survey of Modeling and Specification Techniques

Representing Variability in Product Lines: A Survey of Modeling and Specification Techniques Fabian Benduhn FOSD Meeting 2014 May 6, 2014 Background SPL used for safety-critical and mission-critical systems High degree of reliability

969 views • 32 slides
Safety-critical systems design: the TASTE tool-chain Julien Delange

Safety-critical systems design: the TASTE tool-chain Julien Delange

Safety-critical systems design: the TASTE tool-chain Julien Delange <julien.delange@esa.int> Maxime Perrotin <maxime.perrotin@esa.int> 1 High-integrity software constraints Real-Time determinism Safety & security

692 views • 22 slides
Design and Analysis of Safety Critical Systems Peter Seiler and Bin Hu Department of Aerospace

Design and Analysis of Safety Critical Systems Peter Seiler and Bin Hu Department of Aerospace

Design and Analysis of Safety Critical Systems Peter Seiler and Bin Hu Department of Aerospace Engineering & Mechanics University of

796 views • 54 slides
Area and Time Tradeoffs in FPGAs Examining the concept of area/time tradeoffs in FPGA design,

Area and Time Tradeoffs in FPGAs Examining the concept of area/time tradeoffs in FPGA design,

Area and Time Tradeoffs in FPGAs Examining the concept of area/time tradeoffs in FPGA design, pattern matching, and Advanced Encryption Standard (AES) Richie Ung Trang (z5061606) Harry Gougousidis (z5159917) Henry Veng (z5113239) Presentation

569 views • 30 slides
Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems design Marc Pantel and many others IRIT - ACADIE ENSEEIHT - INPT - Universit de Toulouse Institute of Cybernetics Institute Tallinn

1.58k views • 110 slides
C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering

C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering

C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering GmbH guenter.obiltschnig@appinf.com A life-critical system or safety-critical system is a system whose failure or malfunction may result in: >

899 views • 87 slides
Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science

Assurance For Increasingly Autonomous (IA) Safety Critical Systems John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Assurance For Safety Critical IA Systems 1 Introduction Increasing

557 views • 18 slides
Clearsy Provides safety critical systems and softwares Fersil is the railway activity of

Clearsy Provides safety critical systems and softwares Fersil is the railway activity of

Clearsy Provides safety critical systems and softwares Fersil is the railway activity of Clearsy Clearsy Provides safety critical sytems SIL2 to SIL4 Provides safety critical softwares SIL2 to SIL4 Uses the B formal method to

490 views • 13 slides
Design of a mobile, safety-critical in-hospital glucose management system 1

Design of a mobile, safety-critical in-hospital glucose management system 1

Design of a mobile, safety-critical in-hospital glucose management system 1 08/2011 Bernhard HLL a, , Stephan SPAT a , Johannes PLANK b , Lukas SCHAUPP b , Katharina NEUBAUER b , Peter BECK a , Franco

253 views • 13 slides
Small is Beautiful: the design of Lua Roberto Ierusalimschy PUC-Rio Language design many

Small is Beautiful: the design of Lua Roberto Ierusalimschy PUC-Rio Language design many

Small is Beautiful: the design of Lua Roberto Ierusalimschy PUC-Rio Language design many tradeoffs similar to any other design process designers seldom talk about them what a language is not good for Typical tradeoffs

724 views • 49 slides
Proposed Australian design standard and installer certification for safety- critical anchors to

Proposed Australian design standard and installer certification for safety- critical anchors to

22/05/2015 Proposed Australian design standard and installer certification for safety- critical anchors to concrete - David J Heath - Ramil Crisolo www.aefac.org.au 1 D ISCLAIMER These seminar notes have been prepared for general information

629 views • 32 slides
Design Tradeoffs in Query Processing and Online Architectures T. Yang 293S 2017 Content

Design Tradeoffs in Query Processing and Online Architectures T. Yang 293S 2017 Content

Design Tradeoffs in Query Processing and Online Architectures T. Yang 293S 2017 Content Example of design tradeoffs in query processing optimization Experience with Ask.com online architecture Service programming with Neptune.

564 views • 28 slides
Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, Cornell Assaf Kfoury, Boston

Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, Cornell Assaf Kfoury, Boston

Engin Kirda, Northeastern University Panel: Safety-Critical, High-Assurance Software Systems Ken Birman, Cornell Assaf Kfoury, Boston University Rami Melhem, University of Pittsburgh Overview of Panel This panel is on safety-critical,

210 views • 10 slides
JAVA FOR SAFETY CRITICAL EMBEDDED HARD-REAL-TIME SYSTEMS Bent Thomsen Aalborg University A

JAVA FOR SAFETY CRITICAL EMBEDDED HARD-REAL-TIME SYSTEMS Bent Thomsen Aalborg University A

JAVA FOR SAFETY CRITICAL EMBEDDED HARD-REAL-TIME SYSTEMS Bent Thomsen Aalborg University A typical safety critical embedded hard real time program Cruise control: Loop every X microseconds Read the sensors; Compute speed; if speed too

844 views • 55 slides
Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus

Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus

Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus Labs Gemplus Labs Pierre.Paradinas Paradinas@ @gemplus gemplus.com .com Pierre. Agenda Agenda Smart Card Technologies Smart Card

358 views • 31 slides
Partial vs. Total Order a.k.a Polychrony vs. Synchrony Models of Time for Safety Critical Systems

Partial vs. Total Order a.k.a Polychrony vs. Synchrony Models of Time for Safety Critical Systems

Motivation Introduction Concurrency and Multi-Threading Distribution over Asynchronous Network Concluding Remarks Partial vs. Total Order a.k.a Polychrony vs. Synchrony Models of Time for Safety Critical Systems Sandeep K. Shukla FERMAT Lab

548 views • 54 slides
Crawling HTML Query processing Content Analysis Indexing Crawling Document Layer Network

Crawling HTML Query processing Content Analysis Indexing Crawling Document Layer Network

10/12/2010 Class Overview Other Cool Stuff Crawling HTML Query processing Content Analysis Indexing Crawling Document Layer Network Layer Today Crawlers Server Architecture Graphic by Stephen Combs (HowStuffWorks.com) &

660 views • 11 slides
NCC Education and You Study and Communication Skills Your Name Internet Search Engines Date

NCC Education and You Study and Communication Skills Your Name Internet Search Engines Date

NCC Education and You Study and Communication Skills Your Name Internet Search Engines Date Search engines The history of search engines How they developed How they work The future of search engines NCC Education and You Your

478 views • 10 slides
Karen Cotter National Coordinator Active School Flag SITTING in front of every teacher, every

Karen Cotter National Coordinator Active School Flag SITTING in front of every teacher, every

Karen Cotter National Coordinator Active School Flag SITTING in front of every teacher, every day are the 80% of Irish children that DO NOT get enough daily physical activity www.activeschoolflag.ie We need to find ways to ENERGISE the

146 views • 12 slides
Goal-Directed Design: Design Design Framework and Refinement Refining Validation and Testing

Goal-Directed Design: Design Design Framework and Refinement Refining Validation and Testing

Introduction Goal-Directed Design: Design Design Framework and Refinement Refining Validation and Testing Storyboarding Jrg Cassens References SoSe 2019 Contextual Design of Interactive Systems SoSe 2019 Jrg Cassens

1.22k views • 84 slides
Introduction to Security Web Security Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Web Security Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning

Introduction to Security Web Security Ming Chow (mchow@cs.tufts.edu) Twitter: @0xmchow Learning Objectives By the end of this week, you will be able to: Perform and defend against the following attacks: Cross-Site Scripting (XSS)

815 views • 50 slides
Debugging Techniques for Drupal TexasCamp 2016

Debugging Techniques for Drupal TexasCamp 2016

Debugging Techniques for Drupal TexasCamp 2016 https://www.texascamp.org/sessions/debugging-techniques-drupal-and-other-web- applications Rob Ristroph Technical Architect, Acquia @robgr History My first Drupal Camp talk (in Dallas!)

630 views • 25 slides
ADE Formats Primer Katie Pierce Meyer Tim Walsh Aliza Leventhal Desiging the Future Landscape:

ADE Formats Primer Katie Pierce Meyer Tim Walsh Aliza Leventhal Desiging the Future Landscape:

ADE Formats Primer Katie Pierce Meyer Tim Walsh Aliza Leventhal Desiging the Future Landscape: Digital Architecture, Design & Engineering Assets Library of Congress, Architect of the Capitol, Natinoal Gallery of Art November 16 th , 2017

664 views • 30 slides
Grain y ields and u nit con v ersion IN TR OD U C TION TO W R ITIN G FU N C TION S IN R Richie

Grain y ields and u nit con v ersion IN TR OD U C TION TO W R ITIN G FU N C TION S IN R Richie

Grain y ields and u nit con v ersion IN TR OD U C TION TO W R ITIN G FU N C TION S IN R Richie Co on C u rric u l u m Architect at DataCamp USDA NASS INTRODUCTION TO WRITING FUNCTIONS IN R Corn and w heat Soon these w ill be food Hmm ,

609 views • 34 slides

More recommend