Demonstrating Controlled Change for Autonomous Space Vehicles

Recent research discusses concepts of infield changes to overcome the drawbacks of conventional lab-based system design processes. In this paper, we evaluate the concept of controlled change by applying it to a demonstration of a potential future space exploration scenario with mobile robots. The robots are capable of executing several image computations for exploration, object detection and pose estimation, which can be allocated to both FPGA-and processor resources of a System-on-Chip. The demonstrator addresses three scenarios which cover application-, environment-, and platform change. The system adapts itself to any of the named changes. This capability can increase the autonomy of future space missions. Exemplary, the demonstrator executes adaption of applications during operation to fulfill the mission goals, adaption of reliability under changing environment conditions, and adaption to sensor failure

System-level functional and extra-functional characterization of SoCs through assertion mining

Virtual prototyping is today an essential technology for modeling, verification, and re-design of full HW/SW platforms. This allows a fast prototyping of platforms with a higher and higher complexity, which precludes traditional verification approaches based on the static analysis of the source code. Consequently, several technologies based on the analysis of simulation traces have proposed to efficiently validate the entire system from both the functional and extra-functional point of view. From the functional point of view, different approaches based on invariant and assertion mining have been proposed in literature to validate the functionality of a system under verification (SUV). Dynamic mining of invariants is a class of approaches to extract logic formulas with the purpose of expressing stable conditions in the behavior of the SUV. The mined formulas represent likely invariants for the SUV, which certainly hold on the considered traces. A large set of representative execution traces must be analyzed to increase the probability that mined invariants are generally true. However, this is extremely time-consuming for current sequential approaches when long execution traces and large set of SUV's variables are considered. Dynamic mining of assertions is instead a class of approaches to extract temporal logic formulas with the purpose of expressing temporal relations among the variables of a SUV. However, in most cases, existing tools can only mine assertions compliant with a limited set of pre-defined templates. Furthermore, they tend to generate a huge amount of assertions, while they still lack an effective way to measure their coverage in terms of design behaviors. Moreover, the security vulnerability of a firmware running on a HW/SW platforms is becoming ever more critical in the functional verification of a SUV. Current approaches in literature focus only on raising an error as soon as an assertion monitoring the SUV fails. No approach was proposed to investigate the issue that this set of assertions could be incomplete and that different, unusual behaviors could remain not investigated. From the extra-functional point of view of a SUV, several approaches based on power state machines (PSMs) have been proposed for modeling and simulating the power consumption of an IP at system-level. However, while they focus on the use of PSMs as the underlying formalism for implementing dynamic power management techniques of a SoC, they generally do not deal with the basic problem of how to generate a PSM. In this context, the thesis aims at exploiting dynamic assertion mining to improve the current approaches for the characterization of functional and extra-functional properties of a SoC with the final goal of providing an efficient and effective system-level virtual prototyping environment. In detail, the presented methodologies focus on: efficient extraction of invariants from execution traces by exploiting GP-GPU architectures; extraction of human-readable temporal assertions by combining user-defined assertion templates, data mining and coverage analysis; generation of assertions pinpointing the unlike execution paths of a firmware to guide the analysis of the security vulnerabilities of a SoC; and last but not least, automatic generation of PSMs for the extra-functional characterization of the SoC

Cyber-security for embedded systems: methodologies, techniques and tools

L'abstract è presente nell'allegato / the abstract is in the attachmen

Towards certifiable reconfigurable real-time mission critical software systems

This thesis makes a contribution towards the certification of reconfigurable real-time mission critical software systems. In highly reconfigurable software systems it is possible for a situation to arise where the system expends most or all of its resources on reconfiguring, and thus cannot provide sufficient resources to conduct intended computing functions. This anomaly has been termed "configuration thrashing" by the author due to its loose analogy to memory thrashing. If configuration thrashing is not eliminated, or at least minimised, then it is possible for circumstance to occur where reconfigurable systems cannot be certified due to potential failure to meet deadlines caused by configuration thrashing. The elimination of reconfiguration thrashing is a step towards certifiable dynamic reconfigurable systems capable of enforcing deadlines. The elimination of reconfiguration thrashing is necessary, though not sufficient, for this goal. In order to restrict configuration thrashing it is necessary to understand the possibilities available within reconfigurable software. A VDM-SL model is presented to explore the options available for reconfigurable architectures, and has allowed many operators to be formally specified providing a much greater understanding of the tasks involved in reconfiguration. The thesis demonstrates how model checkers can be used to check software processes for configuration thrashing using predefined CSP models, thus allowing system programmers to engineer configuration thrashing out of systems. However, model checkers are susceptible to state space explosion, particularly if models are large and / or complex, which may make the use of the model checkers impractical or even impossible for some systems. The thesis therefore also explores potential run-time solutions to configuration thrashing. These solutions allow developers to include additional logic / processes within their systems in order to eliminate configuration thrashing (without the use of model checkers). Several options are explored in-depth, from providing mechanisms for developers to choose when reconfiguration can / cannot occur, to a rule based solution. The exploration of the rule based solution explores issues such as rule expression, rule predictability, as well as potential core rules. The two approaches taken within this thesis to eliminate, or at least restrict sufficiently, configuration thrashing form a basis which would allow for the certification of reconfigurable real-time mission critical software systems.EThOS - Electronic Theses Online ServiceBAE SystemsGBUnited Kingdo

Methoden und Beschreibungssprachen zur Modellierung und Verifikation vonSchaltungen und Systemen: MBMV 2015 - Tagungsband, Chemnitz, 03. - 04. März 2015

Der Workshop Methoden und Beschreibungssprachen zur Modellierung und Verifikation von Schaltungen und Systemen (MBMV 2015) findet nun schon zum 18. mal statt. Ausrichter sind in diesem Jahr die Professur Schaltkreis- und Systementwurf der Technischen Universität Chemnitz und das Steinbeis-Forschungszentrum Systementwurf und Test. Der Workshop hat es sich zum Ziel gesetzt, neueste Trends, Ergebnisse und aktuelle Probleme auf dem Gebiet der Methoden zur Modellierung und Verifikation sowie der Beschreibungssprachen digitaler, analoger und Mixed-Signal-Schaltungen zu diskutieren. Er soll somit ein Forum zum Ideenaustausch sein. Weiterhin bietet der Workshop eine Plattform für den Austausch zwischen Forschung und Industrie sowie zur Pflege bestehender und zur Knüpfung neuer Kontakte. Jungen Wissenschaftlern erlaubt er, ihre Ideen und Ansätze einem breiten Publikum aus Wissenschaft und Wirtschaft zu präsentieren und im Rahmen der Veranstaltung auch fundiert zu diskutieren. Sein langjähriges Bestehen hat ihn zu einer festen Größe in vielen Veranstaltungskalendern gemacht. Traditionell sind auch die Treffen der ITGFachgruppen an den Workshop angegliedert. In diesem Jahr nutzen zwei im Rahmen der InnoProfile-Transfer-Initiative durch das Bundesministerium für Bildung und Forschung geförderte Projekte den Workshop, um in zwei eigenen Tracks ihre Forschungsergebnisse einem breiten Publikum zu präsentieren. Vertreter der Projekte Generische Plattform für Systemzuverlässigkeit und Verifikation (GPZV) und GINKO - Generische Infrastruktur zur nahtlosen energetischen Kopplung von Elektrofahrzeugen stellen Teile ihrer gegenwärtigen Arbeiten vor. Dies bereichert denWorkshop durch zusätzliche Themenschwerpunkte und bietet eine wertvolle Ergänzung zu den Beiträgen der Autoren. [... aus dem Vorwort