OSS architecture for mixed-criticality systems – a dual view from a software and system engineering perspective

Computer-based automation in industrial appliances led to a growing number of logically dependent, but physically separated embedded control units per appliance. Many of those components are safety-critical systems, and require adherence to safety standards, which is inconsonant with the relentless demand for features in those appliances. Features lead to a growing amount of control units per appliance, and to a increasing complexity of the overall software stack, being unfavourable for safety certifications. Modern CPUs provide means to revise traditional separation of concerns design primitives: the consolidation of systems, which yields new engineering challenges that concern the entire software and system stack. Multi-core CPUs favour economic consolidation of formerly separated systems with one efficient single hardware unit. Nonetheless, the system architecture must provide means to guarantee the freedom from interference between domains of different criticality. System consolidation demands for architectural and engineering strategies to fulfil requirements (e.g., real-time or certifiability criteria) in safety-critical environments. In parallel, there is an ongoing trend to substitute ordinary proprietary base platform software components by mature OSS variants for economic and engineering reasons. There are fundamental differences of processual properties in development processes of OSS and proprietary software. OSS in safety-critical systems requires development process assessment techniques to build an evidence-based fundament for certification efforts that is based upon empirical software engineering methods. In this thesis, I will approach from both sides: the software and system engineering perspective. In the first part of this thesis, I focus on the assessment of OSS components: I develop software engineering techniques that allow to quantify characteristics of distributed OSS development processes. I show that ex-post analyses of software development processes can be used to serve as a foundation for certification efforts, as it is required for safety-critical systems. In the second part of this thesis, I present a system architecture based on OSS components that allows for consolidation of mixed-criticality systems on a single platform. Therefore, I exploit virtualisation extensions of modern CPUs to strictly isolate domains of different criticality. The proposed architecture shall eradicate any remaining hypervisor activity in order to preserve real-time capabilities of the hardware by design, while guaranteeing strict isolation across domains.Computergestützte Automatisierung industrieller Systeme führt zu einer wachsenden Anzahl an logisch abhängigen, aber physisch voneinander getrennten Steuergeräten pro System. Viele der Einzelgeräte sind sicherheitskritische Systeme, welche die Einhaltung von Sicherheitsstandards erfordern, was durch die unermüdliche Nachfrage an Funktionalitäten erschwert wird. Diese führt zu einer wachsenden Gesamtzahl an Steuergeräten, einhergehend mit wachsender Komplexität des gesamten Softwarekorpus, wodurch Zertifizierungsvorhaben erschwert werden. Moderne Prozessoren stellen Mittel zur Verfügung, welche es ermöglichen, das traditionelle >Trennung von Belangen< Designprinzip zu erneuern: die Systemkonsolidierung. Sie stellt neue ingenieurstechnische Herausforderungen, die den gesamten Software und Systemstapel betreffen. Mehrkernprozessoren begünstigen die ökonomische und effiziente Konsolidierung vormals getrennter Systemen zu einer effizienten Hardwareeinheit. Geeignete Systemarchitekturen müssen jedoch die Rückwirkungsfreiheit zwischen Domänen unterschiedlicher Kritikalität sicherstellen. Die Konsolidierung erfordert architektonische, als auch ingenieurstechnische Strategien um die Anforderungen (etwa Echtzeit- oder Zertifizierbarkeitskriterien) in sicherheitskritischen Umgebungen erfüllen zu können. Zunehmend werden herkömmliche proprietär entwickelte Basisplattformkomponenten aus ökonomischen und technischen Gründen vermehrt durch ausgereifte OSS Alternativen ersetzt. Jedoch hindern fundamentale Unterschiede bei prozessualen Eigenschaften des Entwicklungsprozesses bei OSS den Einsatz in sicherheitskritischen Systemen. Dieser erfordert Techniken, welche es erlauben die Entwicklungsprozesse zu bewerten um ein evidenzbasiertes Fundament für Zertifizierungsvorhaben basierend auf empirischen Methoden des Software Engineerings zur Verfügung zu stellen. In dieser Arbeit nähere ich mich von beiden Seiten: der Softwaretechnik, und der Systemarchitektur. Im ersten Teil befasse ich mich mit der Beurteilung von OSS Komponenten: Ich entwickle Softwareanalysetechniken, welche es ermöglichen, prozessuale Charakteristika von verteilten OSS Entwicklungsvorhaben zu quantifizieren. Ich zeige, dass rückschauende Analysen des Entwicklungsprozess als Grundlage für Softwarezertifizierungsvorhaben genutzt werden können. Im zweiten Teil dieser Arbeit widme ich mich der Systemarchitektur. Ich stelle eine OSS-basierte Systemarchitektur vor, welche die Konsolidierung von Systemen gemischter Kritikalität auf einer alleinstehenden Plattform ermöglicht. Dazu nutze ich Virtualisierungserweiterungen moderner Prozessoren aus, um die Hardware in strikt voneinander isolierten Rechendomänen unterschiedlicher Kritikalität unterteilen zu können. Die vorgeschlagene Architektur soll jegliche Betriebsstörungen des Hypervisors beseitigen, um die Echtzeitfähigkeiten der Hardware bauartbedingt aufrecht zu erhalten, während strikte Isolierung zwischen Domänen stets sicher gestellt ist

Percent error of ultrasound examination to estimate fetal weight at term in different categories of birth weight with focus on maternal diabetes and obesity

Background: Sonography based estimate of fetal weight is a considerable issue for delivery planning. The study evaluated the influence of diabetes, obesity, excess weight gain, fetal and neonatal anthropometrics on accuracy of estimated fetal weight with respect to the extent of the percent error of estimated fetal weight to birth weight for different categories. Methods: Multicenter retrospective analysis from 11,049 term deliveries and fetal ultrasound biometry performed within 14 days to delivery. Estimated fetal weight was calculated by Hadlock IV. Percent error from birth weight was determined for categories in 250 g increments between 2500 g and 4500 g. Estimated fetal weight accuracy was categorized as accurate +/- 10% - +/- 20% and > 20%. Results: Diabetes was diagnosed in 12.5%, obesity in 12.6% and weight gain exceeding IOM recommendation in 49.1% of the women. The percentage of accurate estimated fetal weight was not significantly different in the presence of maternal diabetes (70.0% vs. 71.8%, p = 0.17), obesity (69.6% vs. 71.9%, p = 0.08) or excess weight gain (71.2% vs. 72%, p = 0.352) but of preexisting diabetes (61.1% vs. 71.7%; p = 0.007) that was associated with the highest macrosomia rate (26.9%). Mean percent error of estimated fetal weight from birth weight was 2.39% +/- 9.13%. The extent of percent error varied with birth weight with the lowest numbers for 3000 g-3249 g and increasing with the extent of birth weight variation: 5% +/- 11% overestimation in the lowest and 12% +/- 8% underestimation in the highest ranges. Conclusion: Diabetes, obesity and excess weight gain are not necessarily confounders of estimated fetal weight accuracy. Percent error of estimated fetal weight is closely related to birth weight with clinically relevant over- and underestimation at both extremes. This work provides detailed data regarding the extent of percent error for different birth weight categories and may therefore improve delivery planning

Primary testing of an instrumented tool holder for brush deburring of milled workpieces

Brush deburring requires consistent contact pressure between brush and workpiece. Automating adjustments to control contact pressure has proven difficult, as the sensors available in machine tools are usually not suitable to observe the small amplitude signals caused by this low force process. Additionally, both the power consumption and the vibration signal caused by the process strongly depend on the workpiece surface features. This paper describes a test setup using an instrumented tool holder and presents the corresponding measurement results, aiming to quantify the axial feed of the brush. It also discusses the interpretation of different signal components and provides an outlook on the utilization of the data for tool wear estimation

Specificity of signaling by STAT1 depends on SH2 and C-terminal domains that regulate Ser727 phosphorylation, differentially affecting specific target gene expression

Complete activation of signal transducer and activator of transcription 1 (STAT1) requires phosphorylation at both Y701 and a conserved PMS(727)P sequence. S727 phosphorylation of STAT1 in interferon-γ (IFN-γ)-treated mouse fibroblasts occurred without a need for p38 mitogen-activated protein kinase (MAPK), extracellular signal-regulated kinases 1 and 2 or c-Jun kinases, and required both an intact SH2 domain and phosphorylation of Y701. In contrast, UV irradiation-induced STAT1 phosphorylation on S727 required p38MAPK, but no SH2 domain– phosphotyrosine interactions. Mutation of S727 differentially affected IFN-γ target genes, at the level of both basal and induced expression. Particularly strong effects were noted for the GBP1 and TAP1 genes. The PMS(727)P motif of STAT3 was phosphorylated by stimuli and signaling pathways different from those for STAT1 S727. Transfer of the STAT3 C-terminus to STAT1 changed the stimulus and pathway specificity of STAT1 S727 phosphorylation to that of STAT3. Our data suggest that STAT C-termini contribute to the specificity of cellular responses by linking individual STATs to different serine kinase pathways and through an intrinsically different requirement for serine phosphorylation at different target gene promoters