Development of a framework for automated systematic testing of safety-critical embedded systems

“This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder." “Copyright IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.”In this paper we introduce the development of a framework for testing safety-critical embedded systems based on the concepts of model-based testing. In model-based testing the test cases are derived from a model of the system under test. In our approach the model is an automaton model that is automatically extracted from the C-source code of the system under test. Beside random test data generation the test case generation uses formal methods, in detail model checking techniques. To find appropriate test cases we use the requirements defined in the system specification. To cover further execution paths we developed an additional, to our best knowledge, novel method based on special structural coverage criteria. We present preliminary results on the model extraction using a concrete industrial case study from the automotive domain

Fully automatic worst-case execution time analysis for MATLAB/Simulink models

“This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder." “Copyright IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.”In today's technical world (e.g., in the automotive industry), more and more purely mechanical components get replaced by electro-mechanical ones. Thus the size and complexity of embedded systems steadily increases. To cope with this development, comfortable software engineering tools are being developed that allow a more functionality-oriented development of applications. The paper demonstrates how worst-case execution time (WCET) analysis is integrated into such a high-level application design and simulation tool MATLAB/Simulink-thus providing a higher-level interface to WCET analysis. The MATLAB/Simulink extensions compute and display worst-case timing data for all blocks of a MATLAB/Simulink simulation, which gives the developer of an application valuable feedback about the correct timing of the application being developed. The solution facilitates a fully-automated WCET analysis, i.e., in contrast to existing approaches the programmer does not have to provide path information

Timing analysis of optimised code

Timing analysis is a crucial test for dependable hard real-time systems (DHRTS). The calculation of the worst-case execution time (WCET) is mandatory. As modern compilers are capable to produce small and efficient code, software development for DHRTS today is mostly done in high-level languages instead of assembly code. Execution path information available at source code (flow facts) therefore have to be transformed correctly in accordance with code optimisations by the compiler to allow safe and precise WCET analysis. In this paper we present a framework based on abstract interpretation to perform this mandatory transformation of flow facts. Conventional WCET analysis approaches use this information to analyse the object code

Input-dependency analysis for hard real-time software

The execution time of soft-ware for hard real-time systems must be predictable. Further safe and not overly pessimistic bounds for the worst-case execution time (WCET) must be computable. We conceived a programming strategy called WCET-oriented programming and a code transformation strategy, the single-path conversion, that aid programmers in producing code that meets these requirements. These strategies avoid respectively eliminate input-data dependencies in the code. The paper describes the formal analysis, based on abstract interpretation, that identifies input-data dependencies in the code and thus forms the basis for the strategies provided for hard real-time code development

Extortion in the United Kingdom

Extortion racketeering has been long pointed out as the “defining activity of organised crime” (Konrad & Skaperdas, 1998). Although in recent years this crime has not been among the top listed organised crime threats in the strategic EU policy documents, it still remains ever present in European countries. The seriousness of the phenomenon has been recognised at the EU level and the crime has been listed in a number of EU legal acts in the field of police and judicial cooperation in criminal matters. In this section of the report, Dr Bonino discusses the legal status of extortion in the UK and the specifics of organised crime in that country

Calculating WCET Estimates from Timed Traces

© The Author(s) 2015. This article is published with open access at Springerlink.comReal-time systems engineers face a daunting duty: They must ensure that each task in their system can always meet its deadline. To analyse schedulability they must know the worst-case execution time (WCET) of each task. However, determining exact WCETs is practically infeasible in cost-constrained industrial settings involving real-life code and COTS hardware. Static analysis tools that could yield sufficiently tight WCET bounds are often unavailable. As a result, interest in portable analysis approaches like measurement-based timing analysis (MBTA) is growing. We present an approach based on integer linear programming (ILP) for calculating a WCET estimate from a given database of timed execution traces. Unlike previous work, our method specifically aims at reducing overestimation, by means of an automatic classification of code executions into scenarios with differing worst-case behaviour. To ease the integration into existing analysis tool chains, our method is based on the implicit path enumeration technique (IPET). It can thus reuse flow facts from other analysis tools and produces ILP problems that can be solved by off-the-shelf solvers.Peer reviewe

Clinical decision making and outcome in the routine care of people with severe mental illness across Europe (CEDAR)

Aims. There is a lack of knowledge on clinical decision making and its relation to outcome in the routine treatment of people with severe mental illness. This study examined preferred and experienced clinical decision making from the perspectives of patients and staff, and how these affect treatment outcome. Methods. CEDAR (ISRCTN75841675) is a naturalistic prospective observational study with bimonthly assessments during a 12-month observation period. 588 adults with severe mental illness were consecutively recruited from caseloads of community mental health services at the six study sites (Germany, UK, Italy, Hungary, Denmark, and Switzerland). Clinical decision making was measured using two instruments (Clinical Decision Making Style Scale. CDMS;Clinical Decision Making Involvement and Satisfaction Scale, CDIS) from patient and staff perspectives. Outcomes assessed were unmet needs (Camberwell Assessment of Need Short Appraisal Schedule, CANSAS). Mixed-effects multinomial regression was used to examine differences in involvement in and satisfaction with actual decision making. The effect of clinical decision making on outcome was examined using hierarchical linear modelling controlling for covariates. Results. Shared decision making was preferred by patients (2=135.08; p<0.001) and staff (2=368.17; p<0.001). Decision making style of staff significantly affected unmet needs over time, with unmet needs decreasing more in patients whose clinicians preferred active to passive (-0.406 unmet needs per two months, p=0.007) or shared (-0.303 unmet needs per two months, p=0.015) decision making. Conclusions. A shift from shared to active involvement of patients is indicated, including the development and rigorous test of targeted interventions

Diagnosis, treatment and follow-up of 25 patients with melamine-induced kidney stones complicated by acute obstructive renal failure in Beijing Children’s Hospital

A total of 25 Chinese patients aged 6 to 36 months hospitalised at Beijing Children’s Hospital due to melamine-induced kidney stones complicated by acute obstructive renal failure in 2008 were included in a study in order to diagnose and treat these special cases more effectively. Feeding history, clinical presentation, ultrasound findings, treatments and effects were summarised. Twelve to seventeen months follow-up was reported also. Ultrasound examination showed that calculi were located at the kidney and ureters. Stones were composed of both uric acid and melamine in a molar ratio of 1.2:1 to 2.1:1. Treatments providing liquid plus alkalisation of urine proved to be effective in helping the patients pass the stones. Surgical intervention was needed in severe cases. Renal function returned to normal in all 25 patients after various durations of therapy. Sixty-eight percent of the patients expelled all of the calculi within 3 months, 90% in 6 months and 95% in 9 months, without sequelae till now. Melamine-contaminated milk formula can cause kidney stones in infants, which should be diagnosed by feeding history, clinical symptoms and ultrasound examination. Composition of the stones was not only of melamine but also uric acid. Providing liquid orally or intravenously plus alkalisation of urine proved to promote the removal of the stones. Follow-up of 12 to 17 months after discharge showed no sequelae

Worst-case analysis of heap allocations

Abstract. In object oriented languages, dynamic memory allocation is a fundamental concept. When using such a language in hard real-time systems, it becomes important to bound both the worst-case execution time and the worst-case memory consumption. In this paper, we present an analysis to determine the worst-case heap allocations of tasks. The analysis builds upon techniques that are well established for worst-case execution time analysis. The difference is that the cost function is not the execution time of instructions in clock cycles, but the allocation in bytes. In contrast to worst-case execution time analysis, worst-case heap allocation analysis is not processor dependent. However, the cost function depends on the object layout of the runtime system. The analysis is evaluated with several real-time benchmarks to establish the usefulness of the analysis, and to compare the memory consumption of different object layouts.