On Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems

This paper motivates the need for a formalism for the modelling and analysis of dynamic reconfiguration of dependable real-time systems. We present requirements that the formalism must meet, and use these to evaluate well established formalisms and two process algebras that we have been developing, namely, Webpi and CCSdp. A simple case study is developed to illustrate the modelling power of these two formalisms. The paper shows how Webpi and CCSdp represent a significant step forward in modelling adaptive and dependable real-time systems.Comment: Presented and published at DEPEND 201

Multi-core devices for safety-critical systems: a survey

Multi-core devices are envisioned to support the development of next-generation safety-critical systems, enabling the on-chip integration of functions of different criticality. This integration provides multiple system-level potential benefits such as cost, size, power, and weight reduction. However, safety certification becomes a challenge and several fundamental safety technical requirements must be addressed, such as temporal and spatial independence, reliability, and diagnostic coverage. This survey provides a categorization and overview at different device abstraction levels (nanoscale, component, and device) of selected key research contributions that support the compliance with these fundamental safety requirements.This work has been partially supported by the Spanish Ministry of Economy and Competitiveness under grant TIN2015-65316-P, Basque Government under grant KK-2019-00035 and the HiPEAC Network of Excellence. The Spanish Ministry of Economy and Competitiveness has also partially supported Jaume Abella under Ramon y Cajal postdoctoral fellowship (RYC-2013-14717).Peer ReviewedPostprint (author's final draft

GPU devices for safety-critical systems: a survey

Graphics Processing Unit (GPU) devices and their associated software programming languages and frameworks can deliver the computing performance required to facilitate the development of next-generation high-performance safety-critical systems such as autonomous driving systems. However, the integration of complex, parallel, and computationally demanding software functions with different safety-criticality levels on GPU devices with shared hardware resources contributes to several safety certification challenges. This survey categorizes and provides an overview of research contributions that address GPU devices’ random hardware failures, systematic failures, and independence of execution.This work has been partially supported by the European Research Council with Horizon 2020 (grant agreements No. 772773 and 871465), the Spanish Ministry of Science and Innovation under grant PID2019-107255GB, the HiPEAC Network of Excellence and the Basque Government under grant KK-2019-00035. The Spanish Ministry of Economy and Competitiveness has also partially supported Leonidas Kosmidis with a Juan de la Cierva Incorporación postdoctoral fellowship (FJCI-2020- 045931-I).Peer ReviewedPostprint (author's final draft

Towards model-driven engineering for mixed-criticality systems: multiPARTES approach

Mixed criticality systems emerges as a suitable solution for dealing with the complexity, performance and costs of future embedded and dependable systems. However, this paradigm adds additional complexity to their development. This paper proposes an approach for dealing with this scenario that relies on hardware virtualization and Model-Driven Engineering (MDE). Hardware virtualization ensures isolation between subsystems with different criticality levels. MDE is intended to bridge the gap between design issues and partitioning concerns. MDE tooling will enhance the functional models by annotating partitioning and extra-functional properties. System partitioning and subsystems allocation will be generated with a high degree of automation. System configuration will be validated for ensuring that the resources assigned to a partition are sufficient for executing the allocated software components and that time requirements are met

Adaptive architectures for future highly dependable, real time systems

Many present-day safety-critical or mission-critical military applications are deployed using intrinsically static architectures. Often these applications are real-time systems, where late responses may cause potentially catastrophic results. Static architectures allow system developers to certify with a high degree of confidence that their systems will provide correct functionality during operation, but a more adaptive approach could provide some clear benefits. In particular, the ability to dynamically reconfigure the system at run time would give increased flexibility and performance in response to unpredictable or unplanned operating scenarios. Many current dynamic architectural approaches provide little or no features to facilitate the highly dependable, real-time performance required by critical systems. The challenge is to provide the features and benefits of dynamic architectural approaches while still achieving the required level of performance and dependability. This paper describes the early results of an ongoing research programme, part funded by the Software Systems Engineering Initiative (SSEI), aimed at developing a more adaptive software architecture for future military systems. A range of architectures with adaptive features (including object-based, agent based and publish/subscribe) are reviewed against the desirable characteristics of highly dependable systems. A publish/subscribe architecture is proposed as a potential way forward and a discussion of its advantages and disadvantages for highly dependable, real-time systems is given

Modelling rational user behaviour as games between an angel and a demon

Formal models of rational user behavior are essential for user-centered reasoning about interactive systems. At an abstract level, planned behavior and reactive behavior are two important aspects of the rational behavior of users for which existing cognitive modeling approaches are too detailed. In this paper, we propose a novel treatment of these aspects within our formal framework of cognitively plausible behavior. We develop an abstract, formal model of rational behavior as a game between two opponents. Intuitively, an Angel abstractly represents the planning aspects, whereas a Demon represents the reactive aspects of user behavior. The formalization is carried out within the MOCHA framework and is illustrated by simple examples of interactive tasks

Skill-based reconfiguration of industrial mobile robots

Caused by a rising mass customisation and the high variety of equipment versions, the exibility of manufacturing systems in car productions has to be increased. In addition to a exible handling of production load changes or hardware breakdowns that are established research areas in literature, this thesis presents a skill-based recon guration mechanism for industrial mobile robots to enhance functional recon gurability. The proposed holonic multi-agent system is able to react to functional process changes while missing functionalities are created by self-organisation. Applied to a mobile commissioning system that is provided by AUDI AG, the suggested mechanism is validated in a real-world environment including the on-line veri cation of the recon gured robot functionality in a Validity Check. The present thesis includes an original contribution in three aspects: First, a recon - guration mechanism is presented that reacts in a self-organised way to functional process changes. The application layer of a hardware system converts a semantic description into functional requirements for a new robot skill. The result of this mechanism is the on-line integration of a new functionality into the running process. Second, the proposed system allows maintaining the productivity of the running process and exibly changing the robot hardware through provision of a hardware-abstraction layer. An encapsulated Recon guration Holon dynamically includes the actual con guration each time a recon guration is started. This allows reacting to changed environment settings. As the resulting agent that contains the new functionality, is identical in shape and behaviour to the existing skills, its integration into the running process is conducted without a considerable loss of productivity. Third, the suggested mechanism is composed of a novel agent design that allows implementing self-organisation during the encapsulated recon guration and dependability for standard process executions. The selective assignment of behaviour-based and cognitive agents is the basis for the exibility and e ectiveness of the proposed recon guration mechanism