11 research outputs found
OSS architecture for mixed-criticality systems – a dual view from a software and system engineering perspective
Computer-based automation in industrial appliances led to a growing number of
logically dependent, but physically separated embedded control units per
appliance. Many of those components are safety-critical systems, and require
adherence to safety standards, which is inconsonant with the relentless demand
for features in those appliances. Features lead to a growing amount of control
units per appliance, and to a increasing complexity of the overall software
stack, being unfavourable for safety certifications. Modern CPUs provide means
to revise traditional separation of concerns design primitives: the consolidation
of systems, which yields new engineering challenges that concern the entire
software and system stack.
Multi-core CPUs favour economic consolidation of formerly separated
systems with one efficient single hardware unit. Nonetheless, the system
architecture must provide means to guarantee the freedom from interference
between domains of different criticality. System consolidation demands for
architectural and engineering strategies to fulfil requirements (e.g., real-time
or certifiability criteria) in safety-critical environments.
In parallel, there is an ongoing trend to substitute ordinary proprietary base
platform software components by mature OSS variants for economic and
engineering reasons. There are fundamental differences of processual properties
in development processes of OSS and proprietary software. OSS in
safety-critical systems requires development process assessment techniques to
build an evidence-based fundament for certification efforts that is based upon
empirical software engineering methods.
In this thesis, I will approach from both sides: the software and system
engineering perspective. In the first part of this thesis, I focus on the
assessment of OSS components: I develop software engineering techniques
that allow to quantify characteristics of distributed OSS development
processes. I show that ex-post analyses of software development processes can
be used to serve as a foundation for certification efforts, as it is required
for safety-critical systems.
In the second part of this thesis, I present a system architecture based on
OSS components that allows for consolidation of mixed-criticality systems
on a single platform. Therefore, I exploit virtualisation extensions of modern
CPUs to strictly isolate domains of different criticality. The proposed
architecture shall eradicate any remaining hypervisor activity in order to
preserve real-time capabilities of the hardware by design, while
guaranteeing strict isolation across domains.Computergestützte Automatisierung industrieller Systeme führt zu einer
wachsenden Anzahl an logisch abhängigen, aber physisch voneinander getrennten
Steuergeräten pro System. Viele der Einzelgeräte sind sicherheitskritische
Systeme, welche die Einhaltung von Sicherheitsstandards erfordern, was durch
die unermüdliche Nachfrage an Funktionalitäten erschwert wird. Diese führt zu
einer wachsenden Gesamtzahl an Steuergeräten, einhergehend mit wachsender
Komplexität des gesamten Softwarekorpus, wodurch Zertifizierungsvorhaben
erschwert werden. Moderne Prozessoren stellen Mittel zur Verfügung, welche es
ermöglichen, das traditionelle >Trennung von Belangen< Designprinzip zu
erneuern: die Systemkonsolidierung. Sie stellt neue ingenieurstechnische
Herausforderungen, die den gesamten Software und Systemstapel betreffen.
Mehrkernprozessoren begünstigen die ökonomische und effiziente Konsolidierung
vormals getrennter Systemen zu einer effizienten Hardwareeinheit. Geeignete
Systemarchitekturen müssen jedoch die Rückwirkungsfreiheit zwischen Domänen
unterschiedlicher Kritikalität sicherstellen. Die Konsolidierung erfordert
architektonische, als auch ingenieurstechnische Strategien um die Anforderungen
(etwa Echtzeit- oder Zertifizierbarkeitskriterien) in sicherheitskritischen
Umgebungen erfüllen zu können.
Zunehmend werden herkömmliche proprietär entwickelte Basisplattformkomponenten
aus ökonomischen und technischen Gründen vermehrt durch ausgereifte OSS
Alternativen ersetzt. Jedoch hindern fundamentale Unterschiede bei prozessualen
Eigenschaften des Entwicklungsprozesses bei OSS den Einsatz in
sicherheitskritischen Systemen. Dieser erfordert Techniken, welche es erlauben
die Entwicklungsprozesse zu bewerten um ein evidenzbasiertes Fundament für
Zertifizierungsvorhaben basierend auf empirischen Methoden des Software
Engineerings zur Verfügung zu stellen.
In dieser Arbeit nähere ich mich von beiden Seiten: der Softwaretechnik, und
der Systemarchitektur. Im ersten Teil befasse ich mich mit der Beurteilung von
OSS Komponenten: Ich entwickle Softwareanalysetechniken, welche es
ermöglichen, prozessuale Charakteristika von verteilten OSS
Entwicklungsvorhaben zu quantifizieren. Ich zeige, dass rückschauende Analysen
des Entwicklungsprozess als Grundlage für Softwarezertifizierungsvorhaben
genutzt werden können.
Im zweiten Teil dieser Arbeit widme ich mich der Systemarchitektur. Ich stelle
eine OSS-basierte Systemarchitektur vor, welche die Konsolidierung von
Systemen gemischter Kritikalität auf einer alleinstehenden Plattform
ermöglicht. Dazu nutze ich Virtualisierungserweiterungen moderner Prozessoren
aus, um die Hardware in strikt voneinander isolierten Rechendomänen unterschiedlicher
Kritikalität unterteilen zu können. Die vorgeschlagene Architektur soll jegliche
Betriebsstörungen des Hypervisors beseitigen, um die Echtzeitfähigkeiten der
Hardware bauartbedingt aufrecht zu erhalten, während strikte Isolierung
zwischen Domänen stets sicher gestellt ist
Percent error of ultrasound examination to estimate fetal weight at term in different categories of birth weight with focus on maternal diabetes and obesity
Background: Sonography based estimate of fetal weight is a considerable issue for delivery planning. The study evaluated the influence of diabetes, obesity, excess weight gain, fetal and neonatal anthropometrics on accuracy of estimated fetal weight with respect to the extent of the percent error of estimated fetal weight to birth weight for different categories.
Methods: Multicenter retrospective analysis from 11,049 term deliveries and fetal ultrasound biometry performed within 14 days to delivery. Estimated fetal weight was calculated by Hadlock IV. Percent error from birth weight was determined for categories in 250 g increments between 2500 g and 4500 g. Estimated fetal weight accuracy was categorized as accurate +/- 10% - +/- 20% and > 20%.
Results: Diabetes was diagnosed in 12.5%, obesity in 12.6% and weight gain exceeding IOM recommendation in 49.1% of the women. The percentage of accurate estimated fetal weight was not significantly different in the presence of maternal diabetes (70.0% vs. 71.8%, p = 0.17), obesity (69.6% vs. 71.9%, p = 0.08) or excess weight gain (71.2% vs. 72%, p = 0.352) but of preexisting diabetes (61.1% vs. 71.7%; p = 0.007) that was associated with the highest macrosomia rate (26.9%). Mean percent error of estimated fetal weight from birth weight was 2.39% +/- 9.13%. The extent of percent error varied with birth weight with the lowest numbers for 3000 g-3249 g and increasing with the extent of birth weight variation: 5% +/- 11% overestimation in the lowest and 12% +/- 8% underestimation in the highest ranges.
Conclusion: Diabetes, obesity and excess weight gain are not necessarily confounders of estimated fetal weight accuracy. Percent error of estimated fetal weight is closely related to birth weight with clinically relevant over- and underestimation at both extremes. This work provides detailed data regarding the extent of percent error for different birth weight categories and may therefore improve delivery planning
Primary testing of an instrumented tool holder for brush deburring of milled workpieces
Brush deburring requires consistent contact pressure between brush and workpiece. Automating adjustments to control contact pressure has proven difficult, as the sensors available in machine tools are usually not suitable to observe the small amplitude signals caused by this low force process. Additionally, both the power consumption and the vibration signal caused by the process strongly depend on the workpiece surface features. This paper describes a test setup using an instrumented tool holder and presents the corresponding measurement results, aiming to quantify the axial feed of the brush. It also discusses the interpretation of different signal components and provides an outlook on the utilization of the data for tool wear estimation
Specificity of signaling by STAT1 depends on SH2 and C-terminal domains that regulate Ser727 phosphorylation, differentially affecting specific target gene expression
Complete activation of signal transducer and activator of transcription 1 (STAT1) requires phosphorylation at both Y701 and a conserved PMS(727)P sequence. S727 phosphorylation of STAT1 in interferon-γ (IFN-γ)-treated mouse fibroblasts occurred without a need for p38 mitogen-activated protein kinase (MAPK), extracellular signal-regulated kinases 1 and 2 or c-Jun kinases, and required both an intact SH2 domain and phosphorylation of Y701. In contrast, UV irradiation-induced STAT1 phosphorylation on S727 required p38MAPK, but no SH2 domain– phosphotyrosine interactions. Mutation of S727 differentially affected IFN-γ target genes, at the level of both basal and induced expression. Particularly strong effects were noted for the GBP1 and TAP1 genes. The PMS(727)P motif of STAT3 was phosphorylated by stimuli and signaling pathways different from those for STAT1 S727. Transfer of the STAT3 C-terminus to STAT1 changed the stimulus and pathway specificity of STAT1 S727 phosphorylation to that of STAT3. Our data suggest that STAT C-termini contribute to the specificity of cellular responses by linking individual STATs to different serine kinase pathways and through an intrinsically different requirement for serine phosphorylation at different target gene promoters