A controlled experiment for the empirical evaluation of safety analysis techniques for safety-critical software

Context: Today's safety critical systems are increasingly reliant on software. Software becomes responsible for most of the critical functions of systems. Many different safety analysis techniques have been developed to identify hazards of systems. FTA and FMEA are most commonly used by safety analysts. Recently, STPA has been proposed with the goal to better cope with complex systems including software. Objective: This research aimed at comparing quantitatively these three safety analysis techniques with regard to their effectiveness, applicability, understandability, ease of use and efficiency in identifying software safety requirements at the system level. Method: We conducted a controlled experiment with 21 master and bachelor students applying these three techniques to three safety-critical systems: train door control, anti-lock braking and traffic collision and avoidance. Results: The results showed that there is no statistically significant difference between these techniques in terms of applicability, understandability and ease of use, but a significant difference in terms of effectiveness and efficiency is obtained. Conclusion: We conclude that STPA seems to be an effective method to identify software safety requirements at the system level. In particular, STPA addresses more different software safety requirements than the traditional techniques FTA and FMEA, but STPA needs more time to carry out by safety analysts with little or no prior experience.Comment: 10 pages, 1 figure in Proceedings of the 19th International Conference on Evaluation and Assessment in Software Engineering (EASE '15). ACM, 201

A software controlled voltage tuning system using multi-purpose ring oscillators

This paper presents a novel software driven voltage tuning method that utilises multi-purpose Ring Oscillators (ROs) to provide process variation and environment sensitive energy reductions. The proposed technique enables voltage tuning based on the observed frequency of the ROs, taken as a representation of the device speed and used to estimate a safe minimum operating voltage at a given core frequency. A conservative linear relationship between RO frequency and silicon speed is used to approximate the critical path of the processor. Using a multi-purpose RO not specifically implemented for critical path characterisation is a unique approach to voltage tuning. The parameters governing the relationship between RO and silicon speed are obtained through the testing of a sample of processors from different wafer regions. These parameters can then be used on all devices of that model. The tuning method and software control framework is demonstrated on a sample of XMOS XS1-U8A-64 embedded microprocessors, yielding a dynamic power saving of up to 25% with no performance reduction and no negative impact on the real-time constraints of the embedded software running on the processor

Design of an integrated airframe/propulsion control system architecture

The design of an integrated airframe/propulsion control system architecture is described. The design is based on a prevalidation methodology that uses both reliability and performance. A detailed account is given for the testing associated with a subset of the architecture and concludes with general observations of applying the methodology to the architecture

Fault Injection for Embedded Microprocessor-based Systems

Microprocessor-based embedded systems are increasingly used to control safety-critical systems (e.g., air and railway traffic control, nuclear plant control, aircraft and car control). In this case, fault tolerance mechanisms are introduced at the hardware and software level. Debugging and verifying the correct design and implementation of these mechanisms ask for effective environments, and Fault Injection represents a viable solution for their implementation. In this paper we present a Fault Injection environment, named FlexFI, suitable to assess the correctness of the design and implementation of the hardware and software mechanisms existing in embedded microprocessor-based systems, and to compute the fault coverage they provide. The paper describes and analyzes different solutions for implementing the most critical modules, which differ in terms of cost, speed, and intrusiveness in the original system behavio

Modeling software design diversity

Design diversity has been used for many years now as a means of achieving a degree of fault tolerance in software-based systems. Whilst there is clear evidence that the approach can be expected to deliver some increase in reliability compared with a single version, there is not agreement about the extent of this. More importantly, it remains difficult to evaluate exactly how reliable a particular diverse fault-tolerant system is. This difficulty arises because assumptions of independence of failures between different versions have been shown not to be tenable: assessment of the actual level of dependence present is therefore needed, and this is hard. In this tutorial we survey the modelling issues here, with an emphasis upon the impact these have upon the problem of assessing the reliability of fault tolerant systems. The intended audience is one of designers, assessors and project managers with only a basic knowledge of probabilities, as well as reliability experts without detailed knowledge of software, who seek an introduction to the probabilistic issues in decisions about design diversity

Remote Control and Monitoring of Smart Home Facilities via Smartphone with Wi-Fly

Due to the widespread ownership of smartphone devices, the application of mobile technologies to enhance the monitoring and control of smart home facilities has attracted much academic attention. This study indicates that tools already in the possession of the end user can be a significant part of the specific context-aware system in the smart home. The behaviour of the system in the context of existing systems will reflect the intention of the client. This model system offers a diverse architectural concept for Wireless Sensor Actuator Mobile Computing in a Smart Home (WiSAMCinSH) and consists of sensors and actuators in various communication channels, with different capacities, paradigms, costs and degree of communication reliability. This paper focuses on the utilization of end users’ smartphone applications to control home devices, and to enable monitoring of the context-aware environment in the smart home to fulfil the needs of the ageing population. It investigates the application of an iPhone to supervise smart home monitoring and control electrical devices, and through this approach, after initial setup of the mobile application, a user can control devices in the smart home from different locations and over various distances

Is There Light at the Ends of the Tunnel? Wireless Sensor Networks for Adaptive Lighting in Road Tunnels

Existing deployments of wireless sensor networks (WSNs) are often conceived as stand-alone monitoring tools. In this paper, we report instead on a deployment where the WSN is a key component of a closed-loop control system for adaptive lighting in operational road tunnels. WSN nodes along the tunnel walls report light readings to a control station, which closes the loop by setting the intensity of lamps to match a legislated curve. The ability to match dynamically the lighting levels to the actual environmental conditions improves the tunnel safety and reduces its power consumption. The use of WSNs in a closed-loop system, combined with the real-world, harsh setting of operational road tunnels, induces tighter requirements on the quality and timeliness of sensed data, as well as on the reliability and lifetime of the network. In this work, we test to what extent mainstream WSN technology meets these challenges, using a dedicated design that however relies on wellestablished techniques. The paper describes the hw/sw architecture we devised by focusing on the WSN component, and analyzes its performance through experiments in a real, operational tunnel

Conceptual design for the Space Station Freedom fluid physics/dynamics facility

A study team at NASA's Lewis Research Center has been working on a definition study and conceptual design for a fluid physics and dynamics science facility that will be located in the Space Station Freedom's baseline U.S. Laboratory module. This modular, user-friendly facility, called the Fluid Physics/Dynamics Facility, will be available for use by industry, academic, and government research communities in the late 1990's. The Facility will support research experiments dealing with the study of fluid physics and dynamics phenomena. Because of the lack of gravity-induced convection, research into the mechanisms of fluids in the absence of gravity will help to provide a better understanding of the fundamentals of fluid processes. This document has been prepared as a final version of the handout for reviewers at the Fluid Physics/Dynamics Facility Assessment Workshop held at Lewis on January 24 and 25, 1990. It covers the background, current status, and future activities of the Lewis Project Study Team effort. It is a revised and updated version of a document entitled 'Status Report on the Conceptual Design for the Space Station Fluid Physics/Dynamics Facility', dated January 1990