Laiteohjaimien Structured Text -kielisten ohjelmien luonti käyttäen simulointityökaluja

Model-based design is a relatively new technique of developing software for embedded systems. It aims to reduce the cost of the software development process by generating the code from a simulation model. The code is generated automatically using a tool that is developed for this purpose. This way the errors in the system can be found and eliminated early in the development process compared to traditional software development project for embedded systems. As mentioned, the tools are at the time of this study still relatively new, and especially when considering code that has to comply with functional safety standards, the code has to fulfill certain requirements and it has to be clear enough so that it can be traced back to each function of the model. This study aims to determine how well these methods can be used with software development for embedded systems in mind. More precisely, this thesis focuses on MathWorks’ Simulink as the modelling software, and CODESYS as the coding language of the programmable logic controller and ultimately the compatibility of these with each other. The workflow of a model-based design software generation process is determined and presented as the result of this study. That process includes building, testing and verifying the model, preparing it for code generation, configuring and using the code generation tool and finally verifying the generated code. An example model of a battery cell balancing system for the code generation process is built, and thus that area is also studied. In the end of this study, some different possible uses of this technique are briefly discussed as well as further possible areas of study regarding this topic.Mallipohjainen ohjelmistosuunnittelu on melko uusi tekniikka sulautettujen järjestelmien ohjelmistosuunnittelussa. Sillä tähdätään pienempiin kehityskustannuksiin luomalla järjestelmien koodi suoraan simulointiin tehdystä systeemin mallista. Koodi luodaan hyödyntäen automatisoituja työkaluja, jotka ovat kehitetty tähän tarkoitukseen. Näin toimien mahdolliset kehitysvaiheessa tulevat virheet voidaan huomata ja poistaa paljolti jo hyvin aikaisessa vaiheessa kehitystyötä verrattuna perinteiseen sulautettujen järjestelmien ohjelmistokehitykseen. Kuten mainittu, tähän tarvittavat työkalut ovat tämän työn kirjoittamisen aikaan vielä melko uusia, ja erityisesti turvallisuuskriittistä koodia ajatellen koodin on täytettävä tietyt vaatimukset ja sen on oltava riittävän selkeää, jotta tietyt osat koodista voidaan jäljittää vastaaviin osiin mallista. Tämän työn tarkoituksena on selvittää, onko nämä menetelmät käyttökelpoisia sulautettujen järjestelmien ohjelmistokehitystä varten. Erityisesti tämä työ keskittyy MathWorks:n simulointiohjelmistoon Simulink, sekä ohjelmoitavan logiikan yhteydessä käytettyyn ohjelmointikieleen CODESYS sekä näiden yhteensopivuutta tätä prosessia ajatellen. Mallipohjaisen ohjelmistosuunnitteluprosessin suositeltu työnkulku mainittuja työkaluja hyödyntäen määritellään ja esitetään työn tuloksena. Tähän prosessiin kuuluu mallin rakentaminen, sen testaaminen ja toiminnallisuuden todentaminen, sen valmistelu koodin luontia varten, koodin luontiohjelmiston määritys ja käyttö sekä lopulta luodun koodin testaaminen ja toiminnallisuuden todentaminen. Esimerkkinä rakennetaan malli, joka tasapainottaa akkukennojen jännitteitä, jonka vuoksi myös tätä aihetta tutkitaan hieman. Työn lopussa käsitellään lyhyesti mahdollisia erilaisia tätä tekniikkaa hyödyntäviä sovelluksia sekä pohditaan millä tavoin tätä aihetta voisi tutkia edelleen

SRAM-Based FPGA Systems for Safety-Critical Applications: A Survey on Design Standards and Proposed Methodologies

As the ASIC design cost becomes affordable only for very large-scale productions, the FPGA technology is currently becoming the leading technology for those applications that require a small-scale production. FPGAs can be considered as a technology crossing between hardware and software. Only a small-number of standards for the design of safety-critical systems give guidelines and recommendations that take the peculiarities of the FPGA technology into consideration. The main contribution of this paper is an overview of the existing design standards that regulate the design and verification of FPGA-based systems in safety-critical application fields. Moreover, the paper proposes a survey of significant published research proposals and existing industrial guidelines about the topic, and collects and reports about some lessons learned from industrial and research projects involving the use of FPGA devices

MECHATRONICS DESIGN FROM ZERO TO ONE (STRUCTURED LOGIC DESIGN TO PROGRAM LOGIC OF LADDER DIAGRAM FOR PLC)

The purpose of this work is to study and analyze the methods use to design logic of ladder diagram for PLC-based controller in automated manufacturing systems. Previous method employed to design the logic of ladder diagram does not show clearly on how it is done step by step, widely based on the programmer's experience and their intuition. The methods proposed namely method A and method G hopefully can help the programmer especially the new programmer to design the ladder logic systematically and efficiently while at the same time reduce the time consume to program it. This systematic logic design can help the programmer to trace back their program for debug purpose. A step by step instruction is provided in this paper for both method A and method G. Few basic sequence are tested Finally, a case study on packaging process is provided to illustrate the design procedure of the proposed methods. In the same time, author will also explore the capability of the Automation Studio software

Re-use of tests and arguments for assesing dependable mixed-critically systems

The safety assessment of mixed-criticality systems (MCS) is a challenging activity due to system heterogeneity, design constraints and increasing complexity. The foundation for MCSs is the integrated architecture paradigm, where a compact hardware comprises multiple execution platforms and communication interfaces to implement concurrent functions with different safety requirements. Besides a computing platform providing adequate isolation and fault tolerance mechanism, the development of an MCS application shall also comply with the guidelines defined by the safety standards. A way to lower the overall MCS certification cost is to adopt a platform-based design (PBD) development approach. PBD is a model-based development (MBD) approach, where separate models of logic, hardware and deployment support the analysis of the resulting system properties and behaviour. The PBD development of MCSs benefits from a composition of modular safety properties (e.g. modular safety cases), which support the derivation of mixed-criticality product lines. The validation and verification (V&V) activities claim a substantial effort during the development of programmable electronics for safety-critical applications. As for the MCS dependability assessment, the purpose of the V&V is to provide evidences supporting the safety claims. The model-based development of MCSs adds more V&V tasks, because additional analysis (e.g., simulations) need to be carried out during the design phase. During the MCS integration phase, typically hardware-in-the-loop (HiL) plant simulators support the V&V campaigns, where test automation and fault-injection are the key to test repeatability and thorough exercise of the safety mechanisms. This dissertation proposes several V&V artefacts re-use strategies to perform an early verification at system level for a distributed MCS, artefacts that later would be reused up to the final stages in the development process: a test code re-use to verify the fault-tolerance mechanisms on a functional model of the system combined with a non-intrusive software fault-injection, a model to X-in-the-loop (XiL) and code-to-XiL re-use to provide models of the plant and distributed embedded nodes suited to the HiL simulator, and finally, an argumentation framework to support the automated composition and staged completion of modular safety-cases for dependability assessment, in the context of the platform-based development of mixed-criticality systems relying on the DREAMS harmonized platform.La dificultad para evaluar la seguridad de los sistemas de criticidad mixta (SCM) aumenta con la heterogeneidad del sistema, las restricciones de diseño y una complejidad creciente. Los SCM adoptan el paradigma de arquitectura integrada, donde un hardware embebido compacto comprende múltiples plataformas de ejecución e interfaces de comunicación para implementar funciones concurrentes y con diferentes requisitos de seguridad. Además de una plataforma de computación que provea un aislamiento y mecanismos de tolerancia a fallos adecuados, el desarrollo de una aplicación SCM además debe cumplir con las directrices definidas por las normas de seguridad. Una forma de reducir el coste global de la certificación de un SCM es adoptar un enfoque de desarrollo basado en plataforma (DBP). DBP es un enfoque de desarrollo basado en modelos (DBM), en el que modelos separados de lógica, hardware y despliegue soportan el análisis de las propiedades y el comportamiento emergente del sistema diseñado. El desarrollo DBP de SCMs se beneficia de una composición modular de propiedades de seguridad (por ejemplo, casos de seguridad modulares), que facilitan la definición de líneas de productos de criticidad mixta. Las actividades de verificación y validación (V&V) representan un esfuerzo sustancial durante el desarrollo de aplicaciones basadas en electrónica confiable. En la evaluación de la seguridad de un SCM el propósito de las actividades de V&V es obtener las evidencias que apoyen las aseveraciones de seguridad. El desarrollo basado en modelos de un SCM incrementa las tareas de V&V, porque permite realizar análisis adicionales (por ejemplo, simulaciones) durante la fase de diseño. En las campañas de pruebas de integración de un SCM habitualmente se emplean simuladores de planta hardware-in-the-loop (HiL), en donde la automatización de pruebas y la inyección de faltas son la clave para la repetitividad de las pruebas y para ejercitar completamente los mecanismos de tolerancia a fallos. Esta tesis propone diversas estrategias de reutilización de artefactos de V&V para la verificación temprana de un MCS distribuido, artefactos que se emplearán en ulteriores fases del desarrollo: la reutilización de código de prueba para verificar los mecanismos de tolerancia a fallos sobre un modelo funcional del sistema combinado con una inyección de fallos de software no intrusiva, la reutilización de modelo a X-in-the-loop (XiL) y código a XiL para obtener modelos de planta y nodos distribuidos aptos para el simulador HiL y, finalmente, un marco de argumentación para la composición automatizada y la compleción escalonada de casos de seguridad modulares, en el contexto del desarrollo basado en plataformas de sistemas de criticidad mixta empleando la plataforma armonizada DREAMS.Kritikotasun nahastuko sistemen segurtasun ebaluazioa jarduera neketsua da beraien heterogeneotasuna dela eta. Sistema hauen oinarria arkitektura integratuen paradigman datza, non hardware konpaktu batek exekuzio plataforma eta komunikazio interfaze ugari integratu ahal dituen segurtasun baldintza desberdineko funtzio konkurrenteak inplementatzeko. Konputazio plataformek isolamendu eta akatsen aurkako mekanismo egokiak emateaz gain, segurtasun arauek definituriko jarraibideak jarraitu behar dituzte kritikotasun mistodun aplikazioen garapenean. Sistema hauen zertifikazio prozesuaren kostua murrizteko aukera bat plataformetan oinarritutako garapenean (PBD) datza. Garapen planteamendu hau modeloetan oinarrituriko garapena da (MBD) non modeloaren logika, hardware eta garapen desberdinak sistemaren propietateen eta portaeraren aurka aztertzen diren. Kritikotasun mistodun sistemen PBD garapenak etekina ateratzen dio moduluetan oinarrituriko segurtasun propietateei, adibidez: segurtasun kasu modularrak (MSC). Modulu hauek kritikotasun mistodun produktu-lerroak ere hartzen dituzte kontutan. Berifikazio eta balioztatze (V&V) jarduerek esfortzu kontsideragarria eskatzen dute segurtasun-kiritikoetarako elektronika programagarrien garapenean. Kritikotasun mistodun sistemen konfiantzaren ebaluazioaren eta V&V jardueren helburua segurtasun eskariak jasotzen dituzten frogak proportzionatzea da. Kritikotasun mistodun sistemen modelo bidezko garapenek zeregin gehigarriak atxikitzen dizkio V&V jarduerari, fase honetan analisi gehigarriak (hots, simulazioak) zehazten direlako. Bestalde, kritikotasun mistodun sistemen integrazio fasean, hardware-in-the-loop (Hil) simulazio plantek V&V iniziatibak sostengatzen dituzte non testen automatizazioan eta akatsen txertaketan funtsezko jarduerak diren. Jarduera hauek frogen errepikapena eta segurtasun mekanismoak egiaztzea ahalbidetzen dute. Tesi honek V&V artefaktuen berrerabilpenerako estrategiak proposatzen ditu, kritikotasun mistodun sistemen egiaztatze azkarrerako sistema mailan eta garapen prozesuko azken faseetaraino erabili daitezkeenak. Esate baterako, test kodearen berrabilpena akats aurkako mekanismoak egiaztatzeko, modelotik X-in-the-loop (XiL)-ra eta kodetik XiL-rako konbertsioa HiL simulaziorako eta argumentazio egitura bat DREAMS Europear proiektuan definituriko arkitektura estiloan oinarrituriko segurtasun kasu modularrak automatikoki eta gradualki sortzeko

Programmable Electronic Mining Systems: Best Practice Recommendations (In Nine Parts) - Part 9: 7.0 Independent Functional Safety Assessment Guidance

This report (Independent Functional Safety Assessment Guidance 7.0) is the last in a nine-part series of recommendations and guidance addressing the functional safety of processor-controlled mining equipment. It is part of a risk-based system safety process encompassing hardware, software, humans, and the operating environment for the equipment s life cycle. Figure1 shows a safety framework containing these recommendations. The reports in this series address the various life cycle stages of inception, design, approval and certification, commissioning, operation, maintenance, and decommissioning. These recommendations were developed as a joint project between the National Institute for Occupational Safety and Health and the Mine Safety and Health Administration. They are intended for use by mining companies, original equipment manufacturers, and after-market suppliers to these mining companies. Users of these reports are expected to consider the set in total during the design cycle. 1.0 Safety Introduction (Part 1). This is an introductory report for the general mining industry. It provides basic system/software safety concepts, discusses the need for mining to address the functional safety of programmable electronics (PE), and includes the benefits of implementing a system/software safety program. 2.1 System Safety (Part 2) and 2.2 Software Safety (Part 3). These reports draw heavily from International Electrotechnical Commission (IEC) standard IEC 61508 [IEC 1998a,b,c,d,e,f,g]and other standards. The scope is surface and underground safety-related mining systems employing embedded, networked, and nonnetworked programmable electronics. System safety seeks to design safety into all phases of the entire system. Software is a subsystem; thus, software safety is a part of the system s safety. 3.0 Safety File (Part 4). This report contains the documentation that demonstrates the level of safety built into the system and identifies limitations for the system s use and operation. In essence, it is a proof of safety that the system and its operation meet the appropriate level of safety for the intended application. It starts from the beginning of the design, is maintained during the full life cycle of the system, and provides administrative support for the safety program of the full system. 4.0 Safety Assessment (Part 5). The independent assessment of the safety file is addressed. It establishes consistent methods to determine the completeness and suitability of safety evidence and justifications. This assessment could be conducted by an independent third party. Safety Framework Guidance. It is intended to supplement the safety framework reports with guidance providing users with additional information. The purpose is to assist users in applying the concepts presented. In other words, the safety framework is what needs to be done and the guidance is how it can be done. The guidance information reinforces the concepts, describes various methodologies that can be used, and gives examples and references. It also gives information on the benefits and drawbacks of various methodologies. The guidance reports are not intended to promote a single methodology or to be an exhaustive treatment of the subject material. They provide information and references so that the user can more intelligently choose and implement the appropriate methodologies given the user s application and capabilities. The guidance reports comprise parts 6 through 9 of the series and are listed below: [< 5.1 System Safety Guidance (Part 6). This guidance supplements 2.1 System Safety. < 5.2 Software Safety Guidance (Part 7). This guidance supplements 2.2 Software Safety. < 6.0 Safety File Guidance (Part 8). This guidance supplements 3.0 Safety File. < 7.0 Independent Functional Safety Assessment Guidance (Part 9). This guidance supplements 4.0 Independent Functional Safety Assessment.] [

Independent functional safety assessment guidance

"This report (Independent Functional Safety Assessment Guidance 7.0) is the last in a nine-part series of recommendations and guidance addressing the functional safety of processor-controlled mining equipment. It is part of a risk-based system safety process encompassing hardware, software, humans, and the operating environment for the equipment's life cycle. Figure 1 shows a safety framework containing these recommendations. The reports in this series address the various life cycle stages of inception, design, approval and certification, commissioning, operation, maintenance, and decommissioning. These recommendations were developed as a joint project between the National Institute for Occupational Safety and Health and the Mine Safety and Health Administra-tion. They are intended for use by mining companies, original equipment manufacturers, and after-market suppliers to these mining companies. Users of these reports are expected to consider the set in total during the design cycle." - NIOSHTIC-2by John J. Sammarco and Janet S. Flynt."April 2006."Also available via the World Wide Web as an Acrobat .pdf file (812.24 KB, 37p. ).Includes bibliographical references (p. 19-20).CDC Landmar