Assessing and enhancing functional safety mechanisms for safety-critical software systems
نویسنده
چکیده
More and more devices of our everyday life are computerized with smart embedded systems and software-intensive electronics. Whenever these pervasive embedded systems interact with the physical world and have the potential to endanger human lives or to cause significant damage, they are considered safety-critical. To avoid any unreasonable risk originating from the failure of such systems, stringent development processes, safety engineering practices, and safety standards are followed and applied for their development and operation. Thereby, functional safety mechanisms provide technical solutions to detect faults or control failures in order to achieve or maintain a safe state. In consequence, the requirements on their dependable and trustworthy operation are correspondingly high. On this background, this thesis is concerned with the assessment and enhancement of functional safety mechanisms in software-intensive safety-critical embedded systems at the example of automotive systems based on the AUTOSAR standard. An established technique for dependability assessments is fault injection (FI). The effective adaptation and application of FI to modern embedded safety-critical software systems, such as AUTOSAR, is non-trivial due to their complexity and multiple levels of abstraction that are introduced by model-based development, layered architectures, and the integration of components from various suppliers, which impact the overall customizability, usability, and effectiveness of experiments. Facing these challenges, this thesis develops a complete FI process, which includes a guidance framework for the systematic and automated instrumentation with FI test code, a FI framework for the automated execution of experiments, a detailed discussion on the derivation of fault models, and the demonstration of their effective application in two case studies that uncovered an actual deficiency in a functional safety mechanism. Due to the high cost-saving potential, functionality of varied criticality is increasingly integrated into so-called mixed-criticality systems. To provide efficient protection of critical tasks, functional safety mechanisms benefit from accounting for different criticality levels. At the example of AUTOSAR’s timing protection, we illustrate the issues emerging from the lack of criticality awareness and the resulting indirect protection of critical tasks. As mitigation, we propose a novel monitoring scheme that directly protects critical tasks by providing them with execution time guarantees and implement our approach as an enhancement to the existing monitoring infrastructure.
منابع مشابه
Developing Safety-critical Software Requirements for Commercial Reusable Launch Vehicles
A number of inventors and entrepreneurs are currently attempting to develop and commercially operate reusable launch vehicles to carry voluntary participants into space. To reduce the risk to the public in the operation of these vehicles, a launch vehicle operator typically performs analyses to identify safety measures and develop safety requirements. The focus of these safety efforts has histo...
متن کاملAssessing Hospital Safety Index in the Iranian Hospitals Against Disasters
Introduction: Hospital preparedness for accidents and disasters is vital in maintaining and promoting community health. However, the country's hospitals are not well prepared for disasters. The hospital safety index (HIS) was 42% in Iranian hospitals in 2014. This study aims to investigate the HSI in Iranian hospitals in 2020 and to provide solutions to improve it. Methods: This cross-sectiona...
متن کاملPlanning the Unplanned Experiment: Assessing the Efficacy of Standards for Safety Critical Software
We need well-founded means of determining whether software is fit for use in safety-critical applications. While software in industries such as aviation has an excellent safety record, the fact that software flaws have contributed to deaths illustrates the need for justifiably high confidence in software. It is often argued that software is fit for safety-critical use because it conforms to a s...
متن کاملPatterns for Designing Safety - CriticalInteractive Systems
Users of safety-critical systems are expected to eeectively control or monitor complex systems, with errors potentially leading to catastrophic consequences. For such high-consequence systems, safety is of paramount importance and must be designed into the human-machine interface. There are many case studies available which show how inadequate design practice led to poor safety and usability, b...
متن کاملDesign patterns for safety-critical embedded systems
Over the last few years, embedded systems have been increasingly used in safetycritical applications where failure can have serious consequences. The design of these systems is a complex process, which is requiring the integration of common design methods both in hardware and software to fulfill functional and non-functional requirements for these safety-critical applications. Design patterns, ...
متن کامل