PharOS, a multicore OS ready for safety-related automotive systems: results and future prospects

International audienceAutomotive electrical/electronic architectures need to perform more and more functions that are mapped onto many different electronic control units (ECU) because of their different safety levels or different application domains (body, powertrain, multimedia, etc.). Freedom of interference is required to comply with the upcoming ISO 26262 standard for mixing different ASIL levels on the same ECU and is also required to cope with the safe integration of software from different suppliers. PharOS provides dedicated software partitioning mechanisms as well as controlled and efficient resource sharing by construction, from the design to the implementation stages. The main features of PharOS, contributing to this property, are presented in this paper as well as the results on its application an industry-driven case study and associated future prospects

Proving Determinacy of the PharOS Real-Time Operating System

International audienceExecutions in the PharOS real-time system are deterministic in the sense that the sequence of local states for every process is independent of the order in which processes are scheduled. The essential ingredient for achieving this property is that a temporal window of execution is associated with every instruction. Messages become visible to receiving processes only after the time window of the sending message has elapsed. We present a high-level model of PharOS in TLA+ and formally state and prove determinacy using the TLA+ Proof System

Data Model Development for Fire Related Extreme Events - An Activity Theory and Semiotics Approach

Post analyses of major extreme events reveal that information sharing is critical for an effective emergency response. The lack of consistent data standards in the current emergency management practice however serves only to hinder efficient critical information flow among the incident responders. In this paper, we adopt a theory driven approach to develop a XML-based data model that prescribes a comprehensive set of data standards for fire related extreme events to better address the challenges of information interoperability. The data model development is guided by third generation Activity Theory and semiotics theories for requirement analyses. The model validation is achieved using a RFC-like process typical in standards development. This paper applies the standards to the real case of a fire incident scenario. Further, it complies with the national leading initiatives in emergency standards (National Information Exchange Model)

Freedom from interference among time‐triggered and angle‐triggered tasks: a powertrain case study

International audienceOver the last years, the amount of software integrated in products like cars, planes, or trains has considerably grown in order to get more intelligent, more open and more communicating embedded systems. Due to this trend, the ability to manage the software complexity while respecting the safety constraints is now key for competitiveness in industrial domains such as automotive, aeronautic or railway.To achieve this challenge, the real‐time kernel plays a major role. Unfortunately the current technologies proposed by the market are handicapped by programming models with poor or nonexistent temporal semantics. This weakness is a really blocking point to keep under control the cost and the time‐to‐ market of safety‐related and always more complex embedded systems.To address these issues, KRONO‐SAFE has extended its real‐time kernel, called KRON‐OS, in order to support aninnovative programming model enabling to mix periodic and aperiodic real‐time references while guaranteeing the freedom from interference among treatments and the determinism of system behavior on single‐core and multi‐core processors

From Model-Based to Real-Time Execution of Safety-Critical Applications: Coupling SCADE with OASIS

International audienceDeveloping embedded safety critical real-time systems and ensuring properties such as deterministic behaviour in a simple way for the application designers is a challenging task. A large number of commercial and academic real-time operating systems (RTOS) as well as model-based development environments based on synchronous languages are available. Automatic transformations from synchronous modelling languages to RTOS are important for streamlining development of real-time applications without compromising the guarantees of their safety. In this paper, we present an automatic transformation from the SCADE synchronous language into applications for the OASIS safety-oriented real-time execution platform, a multi-scale time-triggered approach. This transformation has been partially implemented and we illustrate it with an industrial case-study from the domain of medium voltage protection relays

The ROSACE Case Study: From Simulink Specification to Multi/Many-Core Execution

This paper presents a complete case study - named ROSACE for Research Open-Source Avionics and Control Engineering - that goes from a baseline flight controller, developed in MATLAB/SIMULINK, to a multi-periodic controller executing on a multi/many-core target. The interactions between control and computer engineers are highlighted during the development steps, in particular by investigating several multi-periodic configurations. We deduced ways to improve the discussion between engineers in order to ease the integration on the target. The whole case study is made available to the community under an open-source license

Lunar Polar Coring Lander

Plans to build a lunar base are presently being studied with a number of considerations. One of the most important considerations is qualifying the presence of water on the Moon. The existence of water on the Moon implies that future lunar settlements may be able to use this resource to produce things such as drinking water and rocket fuel. Due to the very high cost of transporting these materials to the Moon, in situ production could save billions of dollars in operating costs of the lunar base. Scientists have suggested that the polar regions of the Moon may contain some amounts of water ice in the regolith. Six possible mission scenarios are suggested which would allow lunar polar soil samples to be collected for analysis. The options presented are: remote sensing satellite, two unmanned robotic lunar coring missions (one is a sample return and one is a data return only), two combined manned and robotic polar coring missions, and one fully manned core retrieval mission. One of the combined manned and robotic missions has been singled out for detailed analysis. This mission proposes sending at least three unmanned robotic landers to the lunar pole to take core samples as deep as 15 meters. Upon successful completion of the coring operations, a manned mission would be sent to retrieve the samples and perform extensive experiments of the polar region. Man's first step in returning to the Moon is recommended to investigate the issue of lunar polar water. The potential benefits of lunar water more than warrant sending either astronauts, robots or both to the Moon before any permanent facility is constructed

A Component-Based Approach for Securing Indoor Home Care Applications

eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public's confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.This work was financed under project DPI2015-68602-R (MINECO/FEDER, UE), UPV/EHU under project PPG17/56 and GV/EJ under recognized research group IT914-16