Search CORE

50 research outputs found

Analysis of design parameters in SIL-4 safety-critical computer

Author: Ahangari H.
Atik F.
Ozkok Y.I.
Ozturk O.
Say F.
Yildirim A.
Publication venue: 'Institute of Electrical and Electronics Engineers (IEEE)'
Publication date: 01/01/2017
Field of study

Nowadays, Safety-critical computers are extensively used in may civil domains like transportation including railways, avionics and automotive. We noticed that in design of some previous works, some critical safety design parameters like failure diagnostic coverage (DC) or common cause failure (CCF) ratio have not been seriously taken into account. Moreover, in some cases safety has not been compared with standard safety levels (IEC-61508 SIL1-SIL4) or even have not met them. Most often, it is not very clear that which part of the system is the Achilles' heel and how design can be improved to reach standard safety levels. Motivated by such design ambiguities, we aim to study the effect of various design parameters on safety in some prevalent safety configurations: 1oo2 and 2oo3. 1oo1 is also used as a reference. By employing Markov modeling, sensitivity of safety to each of the following critical design parameters is analyzed: failure rate of processing element, failure diagnostics coverage, common cause failures and repair rates. This study gives a deeper sense regarding influence of variation in design parameters over safety. Consequently, to meet appropriate safety integrity level, instead of improving some system parts blindly, it will be possible to make an informed decision on more relevant parameters. © 2017 IEEE

Bilkent University Institutional Repository

New Fault Detection, Mitigation and Injection Strategies for Current and Forthcoming Challenges of HW Embedded Designs

Author: Espinosa García Jaime
Publication venue: 'Universitat Politecnica de Valencia'
Publication date: 03/11/2016
Field of study

Tesis por compendio[EN] Relevance of electronics towards safety of common devices has only been growing, as an ever growing stake of the functionality is assigned to them. But of course, this comes along the constant need for higher performances to fulfill such functionality requirements, while keeping power and budget low. In this scenario, industry is struggling to provide a technology which meets all the performance, power and price specifications, at the cost of an increased vulnerability to several types of known faults or the appearance of new ones. To provide a solution for the new and growing faults in the systems, designers have been using traditional techniques from safety-critical applications, which offer in general suboptimal results. In fact, modern embedded architectures offer the possibility of optimizing the dependability properties by enabling the interaction of hardware, firmware and software levels in the process. However, that point is not yet successfully achieved. Advances in every level towards that direction are much needed if flexible, robust, resilient and cost effective fault tolerance is desired. The work presented here focuses on the hardware level, with the background consideration of a potential integration into a holistic approach. The efforts in this thesis have focused several issues: (i) to introduce additional fault models as required for adequate representativity of physical effects blooming in modern manufacturing technologies, (ii) to provide tools and methods to efficiently inject both the proposed models and classical ones, (iii) to analyze the optimum method for assessing the robustness of the systems by using extensive fault injection and later correlation with higher level layers in an effort to cut development time and cost, (iv) to provide new detection methodologies to cope with challenges modeled by proposed fault models, (v) to propose mitigation strategies focused towards tackling such new threat scenarios and (vi) to devise an automated methodology for the deployment of many fault tolerance mechanisms in a systematic robust way. The outcomes of the thesis constitute a suite of tools and methods to help the designer of critical systems in his task to develop robust, validated, and on-time designs tailored to his application.[ES] La relevancia que la electrónica adquiere en la seguridad de los productos ha crecido inexorablemente, puesto que cada vez ésta copa una mayor influencia en la funcionalidad de los mismos. Pero, por supuesto, este hecho viene acompañado de una necesidad constante de mayores prestaciones para cumplir con los requerimientos funcionales, al tiempo que se mantienen los costes y el consumo en unos niveles reducidos. En este escenario, la industria está realizando esfuerzos para proveer una tecnología que cumpla con todas las especificaciones de potencia, consumo y precio, a costa de un incremento en la vulnerabilidad a múltiples tipos de fallos conocidos o la introducción de nuevos. Para ofrecer una solución a los fallos nuevos y crecientes en los sistemas, los diseñadores han recurrido a técnicas tradicionalmente asociadas a sistemas críticos para la seguridad, que ofrecen en general resultados sub-óptimos. De hecho, las arquitecturas empotradas modernas ofrecen la posibilidad de optimizar las propiedades de confiabilidad al habilitar la interacción de los niveles de hardware, firmware y software en el proceso. No obstante, ese punto no está resulto todavía. Se necesitan avances en todos los niveles en la mencionada dirección para poder alcanzar los objetivos de una tolerancia a fallos flexible, robusta, resiliente y a bajo coste. El trabajo presentado aquí se centra en el nivel de hardware, con la consideración de fondo de una potencial integración en una estrategia holística. Los esfuerzos de esta tesis se han centrado en los siguientes aspectos: (i) la introducción de modelos de fallo adicionales requeridos para la representación adecuada de efectos físicos surgentes en las tecnologías de manufactura actuales, (ii) la provisión de herramientas y métodos para la inyección eficiente de los modelos propuestos y de los clásicos, (iii) el análisis del método óptimo para estudiar la robustez de sistemas mediante el uso de inyección de fallos extensiva, y la posterior correlación con capas de más alto nivel en un esfuerzo por recortar el tiempo y coste de desarrollo, (iv) la provisión de nuevos métodos de detección para cubrir los retos planteados por los modelos de fallo propuestos, (v) la propuesta de estrategias de mitigación enfocadas hacia el tratamiento de dichos escenarios de amenaza y (vi) la introducción de una metodología automatizada de despliegue de diversos mecanismos de tolerancia a fallos de forma robusta y sistemática. Los resultados de la presente tesis constituyen un conjunto de herramientas y métodos para ayudar al diseñador de sistemas críticos en su tarea de desarrollo de diseños robustos, validados y en tiempo adaptados a su aplicación.[CA] La rellevància que l'electrònica adquireix en la seguretat dels productes ha crescut inexorablement, puix cada volta més aquesta abasta una major influència en la funcionalitat dels mateixos. Però, per descomptat, aquest fet ve acompanyat d'un constant necessitat de majors prestacions per acomplir els requeriments funcionals, mentre es mantenen els costos i consums en uns nivells reduïts. Donat aquest escenari, la indústria està fent esforços per proveir una tecnologia que complisca amb totes les especificacions de potència, consum i preu, tot a costa d'un increment en la vulnerabilitat a diversos tipus de fallades conegudes, i a la introducció de nous tipus. Per oferir una solució a les noves i creixents fallades als sistemes, els dissenyadors han recorregut a tècniques tradicionalment associades a sistemes crítics per a la seguretat, que en general oferixen resultats sub-òptims. De fet, les arquitectures empotrades modernes oferixen la possibilitat d'optimitzar les propietats de confiabilitat en habilitar la interacció dels nivells de hardware, firmware i software en el procés. Tot i això eixe punt no està resolt encara. Es necessiten avanços a tots els nivells en l'esmentada direcció per poder assolir els objectius d'una tolerància a fallades flexible, robusta, resilient i a baix cost. El treball ací presentat se centra en el nivell de hardware, amb la consideració de fons d'una potencial integració en una estratègia holística. Els esforços d'esta tesi s'han centrat en els següents aspectes: (i) la introducció de models de fallada addicionals requerits per a la representació adequada d'efectes físics que apareixen en les tecnologies de fabricació actuals, (ii) la provisió de ferramentes i mètodes per a la injecció eficient del models proposats i dels clàssics, (iii) l'anàlisi del mètode òptim per estudiar la robustesa de sistemes mitjançant l'ús d'injecció de fallades extensiva, i la posterior correlació amb capes de més alt nivell en un esforç per retallar el temps i cost de desenvolupament, (iv) la provisió de nous mètodes de detecció per cobrir els reptes plantejats pels models de fallades proposats, (v) la proposta d'estratègies de mitigació enfocades cap al tractament dels esmentats escenaris d'amenaça i (vi) la introducció d'una metodologia automatitzada de desplegament de diversos mecanismes de tolerància a fallades de forma robusta i sistemàtica. Els resultats de la present tesi constitueixen un conjunt de ferramentes i mètodes per ajudar el dissenyador de sistemes crítics en la seua tasca de desenvolupament de dissenys robustos, validats i a temps adaptats a la seua aplicació.Espinosa García, J. (2016). New Fault Detection, Mitigation and Injection Strategies for Current and Forthcoming Challenges of HW Embedded Designs [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/73146TESISCompendi

Crossref

RiuNet

Adaptives Monitoring für Mehrkernprozessoren in eingebetteten sicherheitskritischen Systemen

Author: Bapp Falco K.
Publication venue: KIT-Bibliothek, Karlsruhe
Publication date: 01/01/2018
Field of study

In vielen Anwendungsdomänen tragen softwarebasierte Systeme maßgeblich zu neuen Trends und Innovationen bei -- so auch in den Mobilitätsdomänen Automobilbau, Luftfahrt und Eisenbahnindustrie. Wesentliche Neuerungen können in Software auf neuester Hardware-Technologie entwickelt und in Umlauf gebracht werden. Speziell in den Mobilitätsdomänen sind besondere Anforderungen zu berücksichtigen sobald die Funktionen und Technologien in sicherheitskritischen Anwendungen integriert und eingesetzt werden. Neueste Hardware ist jedoch oftmals nicht für den Einsatz in solchen Anwendungen ausgelegt und kann daher die durch Standards und Normen vorgegebene Anforderungen nicht ohne weiteres erfüllen. Dies gilt auch für den aktuellen Trend in der Prozessortechnologie, den Mehrkernprozessoren. Die bereits in Multimedia und Unterhaltungsmedien weit verbreiteten Mehrkernprozessoren können nicht uneingeschränkt Einzug in sicherheitskritische Anwendungen halten. Spezielle Methoden zur Absicherung im Sinne der funktionalen Sicherheit werden benötigt, um Mehrkernprozessoren überwachen und somit mindestens ein gleiches Maß an Sicherheit, wie in bereits etablierten Technologien, garantieren zu können. In der vorliegenden Arbeit werden Methoden vorgestellt, die zur Steigerung der Zuverlässigkeit für Multicoreprozessoren eingesetzt werden können und es erleichtern, diese neuartige, komplexe Technologie in eingebetteten sicherheitskritischen Anwendungen einzusetzen. Anwendungsbereiche stellen beispielsweise Automobile, Flugzeuge, Anwendungen im Bereich der Industrieautomatisierung oder Züge dar. Obwohl (verteilte) Mehrprozessorsysteme bereits seit einigen Jahren eingesetzt werden, unterscheiden sich die Herausforderungen zur Absicherung durch die Integration in einen Chip erheblich von den bereits bekannten Herausforderungen bei der Entwicklung von Mehrprozessorsystemen. Der Übergang von verteilten Mehrprozessorsystemen zu hoch integrierten Mehrkernprozessoren bringt nicht nur eine neue Technologie, sondern auch eine immens gesteigerte Komplexität mit sich. In den folgenden Kapiteln dieser Arbeit werden zunächst aktuelle Arbeiten und die Herausforderungen sowie die einhergehende Komplexität beim Übergang von Mehrprozessor- zu Mehrkern-Systemen vorgestellt. Diese Herausforderungen werden im Kontext der Applikationen als Fehlerbilder sichtbar, die wiederum zu Systemausfällen mit schwerwiegenden Folgen führen können. Diese resultierenden Fehlerbilder und deren Ursprung werden dargestellt. Um mögliche Fehler und daraus resultierende Ausfälle frühzeitig erkennen zu können werden im weiteren Verlauf der Arbeit neuartige Methoden zur Überwachung und Fehlererkennung in Mehrkernprozessoren vorgestellt und gegen die eingeführten Fehlerbilder reflektiert. Die Monitoring Mechanismen sind dabei nicht auf einen einzelnen Teil des Mehrkernprozessors oder eine Ebene im Design beschränkt, vielmehr handelt es sich um eine Hardware/Software Co-Design Entscheidung, welche der Mechanismen in Hardware und/oder in Software abgebildet und auf welcher Ebene im System diese umgesetzt werden. Das hieraus entstehende Multi-Level Monitoring mit parametrierbaren und adaptiven Konzepten deckt alle Ebenen von der Applikation bis zur Hardwareplattform ab. Doch nicht nur die Überwachung von Mehrkernprozessoren spielt eine entscheidende Rolle, auch die sichere, deterministische und effiziente Nutzung von Ressourcen innerhalb des System-On-Chip stellt eine besondere Herausforderung dar. Dieser Nutzung wird ein weiteres Kapitel dieser Arbeit mit einem neuartigen Konzept gewidmet, das eine für die Software transparente Virtualisierung bereitstellt. Die eingeführte Hardware-Virtualisierung kann in weiten Bereichen ebenfalls parametriert werden und bietet die Möglichkeit zur Integration eines anwendungsspezifischen Schedulingverfahrens. Die vorgestellten Konzepte werden prototypisch implementiert, bewertet und es wird eine Validierung gegen die Fehlerbilder durchgeführt. Weiterhin wird basierend auf den aktuellen Trends in der Industrie und Forschung davon ausgegangen, dass zukünftige Anwendungen, speziell durch den steigenden Grad an Automatisierung, strengeren Anforderungen genügen müssen. Dies bedingt, dass eine einfache Fehlererkennung und die Überführung in einen sicheren Systemzustand den künftigen Anforderungen nicht mehr genügen und ein bestimmter, minimaler Funktionsumfang immer bereitgestellt werden muss. Ein Konzept für die dynamische Migration von Funktionen für künftige Fail-Operational Systeme zur Integration in einen Mehrkernprozessor rundet die in dieser Arbeit vorgestellten Konzepte ab. Speziell die Entwicklung von sicherheitskritischen Anwendungen folgt strikten, durchgängigen und wohldefinierten Prozessen, in welchen die Mechanismen nicht losgelöst voneinander betrachtet werden dürfen. Zur besseren Handhabung der Konzepte und zur Anbindung an bereits bestehende und etablierte Entwicklungsprozesse, werden die Methoden in ein Bibliothekskonzept integriert. Dies sichert die einfache Nutzbarkeit und die Übertragbarkeit auf andere Anwendungsfälle und Architekturen. Die so entwickelten Systeme werden durch die vorgestellten Konzepte, die weitgehend parametriert und konfiguriert werden können und sich auf den jeweiligen Anwendungsfall anpassen lassen, unterstützt und reduzieren die Komplexität bei der Entwicklung

KITopen

Development and certification of mixed-criticality embedded systems based on probabilistic timing analysis

Author: Agirre Troncoso Irune
Publication venue: Universitat Politècnica de Catalunya
Publication date: 01/01/2018
Field of study

An increasing variety of emerging systems relentlessly replaces or augments the functionality of mechanical subsystems with embedded electronics. For quantity, complexity, and use, the safety of such subsystems is an increasingly important matter. Accordingly, those systems are subject to safety certification to demonstrate system's safety by rigorous development processes and hardware/software constraints. The massive augment in embedded processors' complexity renders the arduous certification task significantly harder to achieve. The focus of this thesis is to address the certification challenges in multicore architectures: despite their potential to integrate several applications on a single platform, their inherent complexity imperils their timing predictability and certification. Recently, the Measurement-Based Probabilistic Timing Analysis (MBPTA) technique emerged as an alternative to deal with hardware/software complexity. The innovation that MBPTA brings about is, however, a major step from current certification procedures and standards. The particular contributions of this Thesis include: (i) the definition of certification arguments for mixed-criticality integration upon multicore processors. In particular we propose a set of safety mechanisms and procedures as required to comply with functional safety standards. For timing predictability, (ii) we present a quantitative approach to assess the likelihood of execution-time exceedance events with respect to the risk reduction requirements on safety standards. To this end, we build upon the MBPTA approach and we present the design of a safety-related source of randomization (SoR), that plays a key role in the platform-level randomization needed by MBPTA. And (iii) we evaluate current certification guidance with respect to emerging high performance design trends like caches. Overall, this Thesis pushes the certification limits in the use of multicore and MBPTA technology in Critical Real-Time Embedded Systems (CRTES) and paves the way towards their adoption in industry.Una creciente variedad de sistemas emergentes reemplazan o aumentan la funcionalidad de subsistemas mecánicos con componentes electrónicos embebidos. El aumento en la cantidad y complejidad de dichos subsistemas electrónicos así como su cometido, hacen de su seguridad una cuestión de creciente importancia. Tanto es así que la comercialización de estos sistemas críticos está sujeta a rigurosos procesos de certificación donde se garantiza la seguridad del sistema mediante estrictas restricciones en el proceso de desarrollo y diseño de su hardware y software. Esta tesis trata de abordar los nuevos retos y dificultades dadas por la introducción de procesadores multi-núcleo en dichos sistemas críticos: aunque su mayor rendimiento despierta el interés de la industria para integrar múltiples aplicaciones en una sola plataforma, suponen una mayor complejidad. Su arquitectura desafía su análisis temporal mediante los métodos tradicionales y, asimismo, su certificación es cada vez más compleja y costosa. Con el fin de lidiar con estas limitaciones, recientemente se ha desarrollado una novedosa técnica de análisis temporal probabilístico basado en medidas (MBPTA). La innovación de esta técnica, sin embargo, supone un gran cambio cultural respecto a los estándares y procedimientos tradicionales de certificación. En esta línea, las contribuciones de esta tesis están agrupadas en tres ejes principales: (i) definición de argumentos de seguridad para la certificación de aplicaciones de criticidad-mixta sobre plataformas multi-núcleo. Se definen, en particular, mecanismos de seguridad, técnicas de diagnóstico y reacción de faltas acorde con el estándar IEC 61508 sobre una arquitectura multi-núcleo de referencia. Respecto al análisis temporal, (ii) presentamos la cuantificación de la probabilidad de exceder un límite temporal y su relación con los requisitos de reducción de riesgos derivados de los estándares de seguridad funcional. Con este fin, nos basamos en la técnica MBPTA y presentamos el diseño de una fuente de números aleatorios segura; un componente clave para conseguir las propiedades aleatorias requeridas por MBPTA a nivel de plataforma. Por último, (iii) extrapolamos las guías actuales para la certificación de arquitecturas multi-núcleo a una solución comercial de 8 núcleos y las evaluamos con respecto a las tendencias emergentes de diseño de alto rendimiento (caches). Con estas contribuciones, esta tesis trata de abordar los retos que el uso de procesadores multi-núcleo y MBPTA implican en el proceso de certificación de sistemas críticos de tiempo real y facilita, de esta forma, su adopción por la industria.Postprint (published version

LAReferencia - Red Federada de Repositorios Institucionales de Publicaciones Científicas Latinoamericanas

UPCommons. Portal del coneixement obert de la UPC

Tesis Doctorals en Xarxa

Arquitecturas de hardware para um veículo eléctrico

Author: Rocha André Manuel Paiva e
Publication venue
Publication date: 01/01/2010
Field of study

Tese de mestrado integrado. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 201

Repositório Aberto da Universidade do Porto

Applying Hypervisor-Based Fault Tolerance Techniques to Safety-Critical Embedded Systems

Author: Lozano Terol Santiago
Publication venue
Publication date: 28/06/2023
Field of study

This document details the work conducted through the development of this thesis, and it is structured as follows: • Chapter 1, Introduction, has briefly presented the motivation, objectives, and contributions of this thesis. • Chapter 2, Fundamentals, exposes a series of concepts that are necessary to correctly understand the information presented in the rest of the thesis, such as the concepts of virtualization, hypervisors, or software-based fault tolerance. In addition, this chapter includes an exhaustive review and comparison between the different hypervisors used in scientific studies dealing with safety-critical systems, and a brief review of some works that try to improve fault tolerance in the hypervisor itself, an area of research that is outside the scope of this work, but that complements the mechanism presented and could be established as a line of future work. • Chapter 3, Problem Statement and Related Work, explains the main reasons why the concept of Hypervisor-Based Fault Tolerance was born and reviews the main articles and research papers on the subject. This review includes both papers related to safety-critical embedded systems (such as the research carried out in this thesis) and papers related to cloud servers and cluster computing that, although not directly applicable to embedded systems, may raise useful concepts that make our solution more complete or allow us to establish future lines of work. • Chapter 4, Proposed Solution, begins with a brief comparison of the work presented in Chapter 3 to establish the requirements that our solution must meet in order to be as complete and innovative as possible. It then sets out the architecture of the proposed solution and explains in detail the two main elements of the solution: the Voter and the Health Monitoring partition. • Chapter 5, Prototype, explains in detail the prototyping of the proposed solution, including the choice of the hypervisor, the processing board, and the critical functionality to be redundant. With respect to the voter, it includes prototypes for both the software version (the voter is implemented in a virtual machine) and the hardware version (the voter is implemented as IP cores on the FPGA). • Chapter 6, Evaluation, includes the evaluation of the prototype developed in Chapter 5. As a preliminary step and given that there is no evidence in this regard, an exercise is carried out to measure the overhead involved in using the XtratuM hypervisor versus not using it. Subsequently, qualitative tests are carried out to check that Health Monitoring is working as expected and a fault injection campaign is carried out to check the error detection and correction rate of our solution. Finally, a comparison is made between the performance of the hardware and software versions of Voter. • Chapter 7, Conclusions and Future Work, is dedicated to collect the conclusions obtained and the contributions made during the research (in the form of articles in journals, conferences and contributions to projects and proposals in the industry). In addition, it establishes some lines of future work that could complete and extend the research carried out during this doctoral thesis.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: Katzalin Olcoz Herrero.- Secretario: Félix García Carballeira.- Vocal: Santiago Rodríguez de la Fuent

Universidad Carlos III de Madrid e-Archivo

Real-time trace decoding and monitoring for safety and security in embedded systems

Author: Hoppe Augusto Wankler
Publication venue
Publication date: 01/01/2021
Field of study

Integrated circuits and systems can be found almost everywhere in today’s world. As their use increases, they need to be made safer and more perfor mant to meet current demands in processing power. FPGA integrated SoCs can provide the ideal trade-off between performance, adaptability, and energy usage. One of today’s vital challenges lies in updating existing fault tolerance techniques for these new systems while utilizing all available processing capa bilities, such as multi-core and heterogeneous processing units. Control-flow monitoring is one of the primary mechanisms described for error detection at the software architectural level for the highest grade of hazard level clas sifications (e.g., ASIL D) described in industry safety standards ISO-26262. Control-flow errors are also known to compose the majority of detected errors for ICs and embedded systems in safety-critical and risk-susceptible environ ments [5]. Software-based monitoring methods remain the most popular [6–8]. However, recent studies show that the overheads they impose make actual reliability gains negligible [9, 10]. This work proposes and demonstrates a new control flow checking method implemented in FPGA for multi-core embedded systems called control-flow trace checker (CFTC). CFTC uses existing trace and debug subsystems of modern processors to rebuild their execution states. It can iden tify any errors in real-time by comparing executed states to a set of permitted state transitions determined statically. This novel implementation weighs hardware resource trade-offs to target mul tiple independent tasks in multi-core embedded applications, as well as single core systems. The proposed system is entirely implemented in hardware and isolated from all monitored software components, requiring 2.4% of the target FPGA platform resources to protect an execution unit in its entirety. There fore, it avoids undesired overheads and maintains deterministic error detection latencies, which guarantees reliability improvements without impairing the target software system. Finally, CFTC is evaluated under different software i Resumo fault-injection scenarios, achieving detection rates of 100% of all control-flow errors to wrong destinations and 98% of all injected faults to program binaries. All detection times are further analyzed and precisely described by a model based on the monitor’s resources and speed and the software application’s control-flow structure and binary characteristics.Circuitos integrados estão presentes em quase todos sistemas complexos do mundo moderno. Conforme sua frequência de uso aumenta, eles precisam se tornar mais seguros e performantes para conseguir atender as novas demandas em potência de processamento. Sistemas em Chip integrados com FPGAs conseguem prover o balanço perfeito entre desempenho, adaptabilidade, e uso de energia. Um dos maiores desafios agora é a necessidade de atualizar técnicas de tolerância à falhas para estes novos sistemas, aproveitando os novos avanços em capacidade de processamento. Monitoramento de fluxo de controle é um dos principais mecanismos para a detecção de erros em nível de software para sistemas classificados como de alto risco (e.g. ASIL D), descrito em padrões de segurança como o ISO-26262. Estes erros são conhecidos por compor a maioria dos erros detectados em sistemas integrados [5]. Embora métodos de monitoramento baseados em software continuem sendo os mais populares [6–8], estudos recentes mostram que seus custos adicionais, em termos de performance e área, diminuem consideravelmente seus ganhos reais em confiabilidade [9, 10]. Propomos aqui um novo método de monitora mento de fluxo de controle implementado em FPGA para sistemas embarcados multi-core. Este método usa subsistemas de trace e execução de código para reconstruir o estado atual do processador, identificando erros através de com parações entre diferentes estados de execução da CPU. Propomos uma implementação que considera trade-offs no uso de recuros de sistema para monitorar múltiplas tarefas independetes. Nossa abordagem suporta o monitoramento de sistemas simples e também de sistemas multi-core multitarefa. Por fim, nossa técnica é totalmente implementada em hardware, evitando o uso de unidades de processamento de software que possa adicionar custos indesejáveis à aplicação em perda de confiabilidade. Propomos, assim, um mecanismo de verificação de fluxo de controle, escalável e extensível, para proteção de sistemas embarcados críticos e multi-core

Lume 5.8

Real-Time Trace Decoding and Monitoring for Safety and Security in Embedded Systems

Author: Wankler Hoppe Augusto
Publication venue: KIT-Bibliothek, Karlsruhe
Publication date: 01/01/2021
Field of study

KITopen

Lume 5.8

An innovative Data-Driven Reliability Life Cycle for complex systems

Author: Patrizi Gabriele
Publication venue
Publication date: 01/01/2022
Field of study

Florence Research

Investigation on the Benefits of Safety Margin Improvement in CANDU Nuclear Power Plant Using an FPGA-based Shutdown System

Author: She Jingke
Publication venue: Scholarship@Western
Publication date: 14/03/2012
Field of study

The relationship between response time and safety margin of CANadian Deuterium Uranium (CANDU) nuclear power plant (NPP) is investigated in this thesis. Implementation of safety shutdown system using Field Programmable Gate Array (FPGA) is explored. The fast data processing capability of FPGAs shortens the response time of CANDU shutdown systems (SDS) such that the impact of accident transient can be reduced. The safety margin, which is closely related to the reactor behavior in the event of an accident, is improved as a result of such a faster shutdown process. Theoretical analysis based on neutron dynamic theory is carried out to establish the fact that a faster shutdown process can mitigate accidental consequences. To provide more realistic test cases from a thermalhydraulic perspective, an industry grade simulation tool known as CATHENA is used to generate comparable accident-shutdown transients for different SDS response times. Results from both verification methods explicitly prove the feasibility of improving the safety margin via faster shutdown process. To demonstrate this concept, a prototype of the proposed faster SDS is constructed. The trip logic of CANDU shutdown system No.1 (SDS1) is converted into a digital hardware design and implemented within chosen FPGA platform. The functionality of the FPGA-based SDS1 is implemented, and the response times are tested and compared to those of the existing CANDU SDS1. The achieved 10.5 ms response time of the FPGA-based SDS1 is again applied to the CATHENA simulation process to quantitatively present the 26.98% improvement in the safety margin. To investigate potential improvement in safety margin by using FPGA technology, hardware-in-the-loop (HIL) simulation is performed by connecting the FPGA-based SDS1 to an NPP training simulator. The 6.26% improvement in safety margin has been verified, based on which a 10% potential power upgrade is discussed as another benefit of applying FPGA technology to CANDU NPPs

Scholarship@Western