Re-use of tests and arguments for assesing dependable mixed-critically systems

The safety assessment of mixed-criticality systems (MCS) is a challenging activity due to system heterogeneity, design constraints and increasing complexity. The foundation for MCSs is the integrated architecture paradigm, where a compact hardware comprises multiple execution platforms and communication interfaces to implement concurrent functions with different safety requirements. Besides a computing platform providing adequate isolation and fault tolerance mechanism, the development of an MCS application shall also comply with the guidelines defined by the safety standards. A way to lower the overall MCS certification cost is to adopt a platform-based design (PBD) development approach. PBD is a model-based development (MBD) approach, where separate models of logic, hardware and deployment support the analysis of the resulting system properties and behaviour. The PBD development of MCSs benefits from a composition of modular safety properties (e.g. modular safety cases), which support the derivation of mixed-criticality product lines. The validation and verification (V&V) activities claim a substantial effort during the development of programmable electronics for safety-critical applications. As for the MCS dependability assessment, the purpose of the V&V is to provide evidences supporting the safety claims. The model-based development of MCSs adds more V&V tasks, because additional analysis (e.g., simulations) need to be carried out during the design phase. During the MCS integration phase, typically hardware-in-the-loop (HiL) plant simulators support the V&V campaigns, where test automation and fault-injection are the key to test repeatability and thorough exercise of the safety mechanisms. This dissertation proposes several V&V artefacts re-use strategies to perform an early verification at system level for a distributed MCS, artefacts that later would be reused up to the final stages in the development process: a test code re-use to verify the fault-tolerance mechanisms on a functional model of the system combined with a non-intrusive software fault-injection, a model to X-in-the-loop (XiL) and code-to-XiL re-use to provide models of the plant and distributed embedded nodes suited to the HiL simulator, and finally, an argumentation framework to support the automated composition and staged completion of modular safety-cases for dependability assessment, in the context of the platform-based development of mixed-criticality systems relying on the DREAMS harmonized platform.La dificultad para evaluar la seguridad de los sistemas de criticidad mixta (SCM) aumenta con la heterogeneidad del sistema, las restricciones de diseño y una complejidad creciente. Los SCM adoptan el paradigma de arquitectura integrada, donde un hardware embebido compacto comprende múltiples plataformas de ejecución e interfaces de comunicación para implementar funciones concurrentes y con diferentes requisitos de seguridad. Además de una plataforma de computación que provea un aislamiento y mecanismos de tolerancia a fallos adecuados, el desarrollo de una aplicación SCM además debe cumplir con las directrices definidas por las normas de seguridad. Una forma de reducir el coste global de la certificación de un SCM es adoptar un enfoque de desarrollo basado en plataforma (DBP). DBP es un enfoque de desarrollo basado en modelos (DBM), en el que modelos separados de lógica, hardware y despliegue soportan el análisis de las propiedades y el comportamiento emergente del sistema diseñado. El desarrollo DBP de SCMs se beneficia de una composición modular de propiedades de seguridad (por ejemplo, casos de seguridad modulares), que facilitan la definición de líneas de productos de criticidad mixta. Las actividades de verificación y validación (V&V) representan un esfuerzo sustancial durante el desarrollo de aplicaciones basadas en electrónica confiable. En la evaluación de la seguridad de un SCM el propósito de las actividades de V&V es obtener las evidencias que apoyen las aseveraciones de seguridad. El desarrollo basado en modelos de un SCM incrementa las tareas de V&V, porque permite realizar análisis adicionales (por ejemplo, simulaciones) durante la fase de diseño. En las campañas de pruebas de integración de un SCM habitualmente se emplean simuladores de planta hardware-in-the-loop (HiL), en donde la automatización de pruebas y la inyección de faltas son la clave para la repetitividad de las pruebas y para ejercitar completamente los mecanismos de tolerancia a fallos. Esta tesis propone diversas estrategias de reutilización de artefactos de V&V para la verificación temprana de un MCS distribuido, artefactos que se emplearán en ulteriores fases del desarrollo: la reutilización de código de prueba para verificar los mecanismos de tolerancia a fallos sobre un modelo funcional del sistema combinado con una inyección de fallos de software no intrusiva, la reutilización de modelo a X-in-the-loop (XiL) y código a XiL para obtener modelos de planta y nodos distribuidos aptos para el simulador HiL y, finalmente, un marco de argumentación para la composición automatizada y la compleción escalonada de casos de seguridad modulares, en el contexto del desarrollo basado en plataformas de sistemas de criticidad mixta empleando la plataforma armonizada DREAMS.Kritikotasun nahastuko sistemen segurtasun ebaluazioa jarduera neketsua da beraien heterogeneotasuna dela eta. Sistema hauen oinarria arkitektura integratuen paradigman datza, non hardware konpaktu batek exekuzio plataforma eta komunikazio interfaze ugari integratu ahal dituen segurtasun baldintza desberdineko funtzio konkurrenteak inplementatzeko. Konputazio plataformek isolamendu eta akatsen aurkako mekanismo egokiak emateaz gain, segurtasun arauek definituriko jarraibideak jarraitu behar dituzte kritikotasun mistodun aplikazioen garapenean. Sistema hauen zertifikazio prozesuaren kostua murrizteko aukera bat plataformetan oinarritutako garapenean (PBD) datza. Garapen planteamendu hau modeloetan oinarrituriko garapena da (MBD) non modeloaren logika, hardware eta garapen desberdinak sistemaren propietateen eta portaeraren aurka aztertzen diren. Kritikotasun mistodun sistemen PBD garapenak etekina ateratzen dio moduluetan oinarrituriko segurtasun propietateei, adibidez: segurtasun kasu modularrak (MSC). Modulu hauek kritikotasun mistodun produktu-lerroak ere hartzen dituzte kontutan. Berifikazio eta balioztatze (V&V) jarduerek esfortzu kontsideragarria eskatzen dute segurtasun-kiritikoetarako elektronika programagarrien garapenean. Kritikotasun mistodun sistemen konfiantzaren ebaluazioaren eta V&V jardueren helburua segurtasun eskariak jasotzen dituzten frogak proportzionatzea da. Kritikotasun mistodun sistemen modelo bidezko garapenek zeregin gehigarriak atxikitzen dizkio V&V jarduerari, fase honetan analisi gehigarriak (hots, simulazioak) zehazten direlako. Bestalde, kritikotasun mistodun sistemen integrazio fasean, hardware-in-the-loop (Hil) simulazio plantek V&V iniziatibak sostengatzen dituzte non testen automatizazioan eta akatsen txertaketan funtsezko jarduerak diren. Jarduera hauek frogen errepikapena eta segurtasun mekanismoak egiaztzea ahalbidetzen dute. Tesi honek V&V artefaktuen berrerabilpenerako estrategiak proposatzen ditu, kritikotasun mistodun sistemen egiaztatze azkarrerako sistema mailan eta garapen prozesuko azken faseetaraino erabili daitezkeenak. Esate baterako, test kodearen berrabilpena akats aurkako mekanismoak egiaztatzeko, modelotik X-in-the-loop (XiL)-ra eta kodetik XiL-rako konbertsioa HiL simulaziorako eta argumentazio egitura bat DREAMS Europear proiektuan definituriko arkitektura estiloan oinarrituriko segurtasun kasu modularrak automatikoki eta gradualki sortzeko

Contracts and Behavioral Patterns for SoS: The EU IP DANSE approach

This paper presents some of the results of the first year of DANSE, one of the first EU IP projects dedicated to SoS. Concretely, we offer a tool chain that allows to specify SoS and SoS requirements at high level, and analyse them using powerful toolsets coming from the formal verification area. At the high level, we use UPDM, the system model provided by the british army as well as a new type of contract based on behavioral patterns. At low level, we rely on a powerful simulation toolset combined with recent advances from the area of statistical model checking. The approach has been applied to a case study developed at EADS Innovation Works.Comment: In Proceedings AiSoS 2013, arXiv:1311.319

NoC adaptatif pour SoC reconfigurable

Les systèmes embarqués sur puce modernes intègrent des milliards de transistors et des composants intégrés hétérogènes pour fournir toutes les fonctionnalités requises par les applications courantes. La solution support de la communication dans ce cadre s'appuie sur la notion de réseau sur puce (NoC pour network on chip). Les principaux objectifs de la conception d'un NoC sont d'obtenir des performances élevées, pour un coût d'implémentation (notamment en surface et en consommation électrique) le plus faible possible. Ainsi, le concepteur de NoC doit tenir compte de l'impact des paramètres du NoC sur le compromis entre les performances du réseau et la taille de silicium requis pour son implémentation. L'utilisation de la technologie submicronique profonde amène des phénomènes de variabilité et de vieillissement qui causes des événements singuliers uniques (SEU pour Single Event Upset). Un SEU provoque le changement d'état d'un bit qui provoque l'échec de la transmission d'une donnée dans un NoC. La mise en œuvre de routage supportant la tolérance aux fautes est donc nécessaire. Dans cette thèse, nous proposons dans un premier temps, une évaluation de l'impact des paramètres de conception des NoC sur ses performances. Le résultat permet de guider le concepteur dans ses choix et le réglage des paramètres du réseau permettant d'éviter la dégradation de ses performances. Deuxièmement, nous avons proposé de nouveaux algorithmes de routage adaptatifs tolérants aux pannes pour un réseaux maillé 2D appelé Gradient et pour un réseaux maillé 3D appelé Diagonal. Ces algorithmes s'adaptent et proposent des séquences de chemins alternatifs pour les paquets lorsque le chemin principal est fautif. Nous avons ainsi évalué le coût d'implémentation de Gradient sur un FPGA actuel. Tous ces travaux ont été validés et caractérisée par simulation et mis en œuvre en FPGA. Les résultats fournissent la comparaison des performances de nos algorithmes avec les algorithmes de l'état de l'art.Chips will be designed with billions of transistors and heterogeneous components integrated to provide full functionality of a current application for embedded system. These applications also require highly parallel and flexible communicating architecture through a regular interconnection network. The emerging solution that can fulfill this requirement is Network-on-Chips (NoCs). Designing an ideal NoC with high throughput, low latency, minimum using resources, minimum power consumption and small area size are very time consuming. Each application required different levels of QoS such as minimum level throughput delay and jitter. In this thesis, firstly, we proposed an evaluation of the impact of design parameters on performance of NoC. We evaluate the impact of NoC design parameters on the performances of an adaptive NoCs. The objective is to evaluate how big the impact of upgrading the value on performances. The result shows the accuracy of choosing and adjusting the network parameters can avoid performance degradation. It can be considered as the control mechanism in an adaptive NoC to avoid the degradation of QoS NoC. The use of deep sub-micron technology in embedded system and its variability process cause Single Event Upsets (SEU) and ''aging'' the circuit. SEU and aging of circuit is the major problem that cause the failure on transmitting the packet in a NoC. Implementing fault-tolerant routing techniques in NoC switching instead of adding virtual channel is the best solution to avoid the fault in NoC. Communication performance of a NoC is depends heavily on the routing algorithm. An adaptive routing algorithm such as fault-tolerant has been proposed for deadlock avoidance and load balancing. This thesis proposed a novel adaptive fault-tolerant routing algorithm for 2D mesh called Gradient and for 3D mesh called Diagonal. Both algorithms consider sequences of alternative paths for packets when the main path fails. The proposed algorithm tolerates faults in worst condition traffic in NoCs. The number of hops, the number of alternative paths, latency and throughput in faulty network are determined and compared with other 2D mesh routing algorithms. Finally, we implemented Gradient routing algorithm into FPGA. All these work were validated and characterized through simulation and implemented into FPGA. The results provide the comparison performance between proposed method with existing related method using some scenarios.RENNES1-Bibl. électronique (352382106) / SudocSudocFranceF

Hissin nappikonstruktion suunnittelu lisääville valmistusmenetelmille

Additive manufacturing, with its recent technological developments, has increasingly disrupted how products are designed and manufactured. Within additive manufacturing, there has been a shift from the production of visual models and rapid prototyping applications to direct digital manufacturing of end products. Additive manufacturing provides intriguing possibilities in the design of new and existing products. These radical, pioneering designs have already redefined whole industries. This thesis provides a practical case study for an additive manufacturing redesign together with a literature review of the current additive manufacturing technologies and applications. The target of the redesign was a low volume elevator button assembly. Concepts were prototyped and tested in contrast to the current industry specification. As a result of the thesis, a functional button assembly was produced and tested. The part count, material usage, and costs were reduced compared to the original. However, all industry requirements were not met. A need for a more systematic material and process selection was identified. Nevertheless, additive manufacturing was proven to be a serious alternative in the production of low volume plastic products and should be researched further.Lisäävien valmistusmenetelmien teknologinen kehitys vaikuttaa enenevissä määrin siihen, miten fyysisiä tuotteita valmistetaan. Visuaalisten- sekä pikamallien tulostuksesta ollaan siirtymässä lopputuotteiden suoraan valmistukseen. Geometristen rajoitusten vähyys luo kiinnostavia mahdollisuuksia uusien ja olemassa olevien tuotteiden suunnittelussa. Uudet radikaalit ja uraauurtavat tuotteet ovat jo määrittäneet uudelleen kokonaisia toimialoja. Tämän diplomityön käytännön osuudessa suunnittellaan hissin nappikonstruktio täysin uusiksi lisäävien valmistusmenetelmien näkökulmasta. Työ tarjoaa myös kirjallisen läpileikkauksen lisääviin valmistusteknologioihin sekä käyttökohteisiin. Käytännön työssä etsittiin lisäävien valmistusmenetelmien etuja hyödyntäviä konsepteja, prototypoitiin, sekä testattiin kehiteltyjä ratkaisuja suhteessa toimialan vaatimuksiin. Työn tuloksena valmistettiin ja testattiin toiminnallinen nappikonstruktio. Kokoonpanon osamäärää, materiaalinkäyttöä sekä hintaa saatiin vähennettyä suhteessa alkuperäiseen. Kaikkia vaatimuksia ei kuitenkaan saatu täytettyä. Prosessin aikana tunnistettiin tarve systemaattisemmalle materiaali- sekä valmistusprosessivalinnalle. Tästä huolimatta lisäävät valmistusmenetelmät todettiin vakavasti otettavaksi vaihtoehdoksi matalan volyymin muovituotteiden valmistuksessa

The Benefits of Extended Reality for Technical Communication : Utilizing XR for Maintenance Documentation Creation and Delivery

The main goal of this dissertation is to explore the benefits of extended reality for technical communication. Both of these fields offer opportunities and also pose challenges to each other, and this dissertation provides insight into this relationship. The research was initiated by the author’s personal interest in both fields and also human-technology interaction and user needs in general. Even though this is an academic dissertation, it is first and foremost a practitioner’s view of these evolving technologies and their potential uses in industry and, specifically, in industrial maintenance and technical communication. Under the umbrella of extended reality and technical communication, this dissertation focuses on two main themes. The first part studies virtual reality as a technology to facilitate collaboration and digital content creation for technical documentation in industrial companies, and the second part explores the possibilities of augmented reality and smart glasses as a delivery channel for maintenance instructions. The developed concepts were tested by domain experts in user tests. The overall results of testing were positive, and domain experts expressed enthusiasm toward the concepts and technologies in general. The technical documentation process is an inherently collaborative process involving stakeholders from different teams and organizations, and virtual reality was evaluated to have a positive effect on that process, especially in the case of globally scattered teams. The developed tools were also rated positively for digital content creation. Therefore, virtual reality offers many benefits for technical documentation creation, an area where it has not been utilized until now. On the augmented reality side, domain experts were generally enthusiastic about the use of smart glasses even though the technologies are not yet mature enough for field use in industrial maintenance. Furthermore, the results show that content created in the technical communications industry standard, DITA XML, works well when delivered to smart glasses, and the same content can be single sourced to other delivery channels. The use of DITA XML, therefore, eliminates the need to tailor content for each delivery channel separately, and offers an effective way to create and update content for AR applications in industrial companies. This, in turn, can advance the use of AR technologies and related devices in field operations in industrial companies. In conclusion, the findings of this dissertation show that the fields of technical communication and extended reality have a significant amount of synergy. In this dissertation I establish use cases and guidelines for these areas

Survey of context provisioning middleware

In the scope of ubiquitous computing, one of the key issues is the awareness of context, which includes diverse aspects of the user's situation including his activities, physical surroundings, location, emotions and social relations, device and network characteristics and their interaction with each other. This contextual knowledge is typically acquired from physical, virtual or logical sensors. To overcome problems of heterogeneity and hide complexity, a significant number of middleware approaches have been proposed for systematic and coherent access to manifold context parameters. These frameworks deal particularly with context representation, context management and reasoning, i.e. deriving abstract knowledge from raw sensor data. This article surveys not only related work in these three categories but also the required evaluation principles. © 2009-2012 IEEE

Practical, appropriate, empirically-validated guidelines for designing educational games

There has recently been a great deal of interest in the potential of computer games to function as innovative educational tools. However, there is very little evidence of games fulfilling that potential. Indeed, the process of merging the disparate goals of education and games design appears problematic, and there are currently no practical guidelines for how to do so in a coherent manner. In this paper, we describe the successful, empirically validated teaching methods developed by behavioural psychologists and point out how they are uniquely suited to take advantage of the benefits that games offer to education. We conclude by proposing some practical steps for designing educational games, based on the techniques of Applied Behaviour Analysis. It is intended that this paper can both focus educational games designers on the features of games that are genuinely useful for education, and also introduce a successful form of teaching that this audience may not yet be familiar with