Including hardware/software co-design in the ASSERT model driven engineering process.

Abstract. The ASSERT project de?ned new software engineering methods and tools for the development of critical embedded real-time systems in the space domain. The ASSERT model-driven engineering process was one of the achievements of the project and is based on the concept of property- preserving model transformations. The key element of this process is that non-functional properties of the software system must be preserved during model transformations. Properties preservation is carried out through model transformations compliant with the Ravenscar Pro?le and provides a formal basis to the process. In this way, the so-called Ravenscar Computational Model is central to the whole ASSERT process. This paper describes the work done in the HWSWCO study, whose main objective has been to address the integration of the Hardware/Software co-design phase in the ASSERT process. In order to do that, non-functional properties of the software system must also be preserved during hardware synthesis. Keywords : Ada 2005, Ravenscar pro?le, Hardware/Software co-design, real- time systems, high-integrity systems, OR

StringENT test suite: ENT battery revisited for efficient P value computation

Random numbers play a key role in a wide variety of applications, ranging from mathematical simulation to cryptography. Generating random or pseudo-random numbers is not an easy task, especially when hardware, time and energy constraints are considered. In order to assess whether generators behave in a random fashion, there are several statistical test batteries. ENT is one of the simplest and most popular, at least in part due to its efficacy and speed. Nonetheless, only one of the tests of this suite provides a p value, which is the most useful and standard way to determine whether the randomness hypothesis holds, for a certain significance level. As a consequence of this, rather arbitrary and at times misleading bounds are set in order to decide which intervals are acceptable for its results. This paper introduces an extension of the battery, named StringENT, which, while sticking to the fast speed that makes ENT popular and useful, still succeeds in providing p values with which sound decisions can be made about the randomness of a sequence. It also highlights a flagrant randomness flaw that the classical ENT battery is not capable of detecting but the new StringENT notices, and introduces two additional tests.Depto. de Estadística e Investigación OperativaFac. de Ciencias MatemáticasTRUEpu

Extending ASSERT for HW/SW Co-design

Embedded systems are commonly designed by specifying and developing hardware and software systems separately. On the contrary, the hardware/software (HW/SW) co-development exploits the trade-offs between hardware and software in a system through their concurrent design. HW/SW Codevelopment techniques take advantage of the flexibility of system design to create architectures that can meet stringent performance requirements with a shorter design cycle. This paper presents the work done within the scope of ESA HWSWCO (Hardware-Software Co-design) study. The main objective of this study has been to address the HW/SW co-design phase to integrate this engineering task as part of the ASSERT process (refer to [1]) and compatible with the existing ASSERT approach, process and tool, Advances in the automation of the design of HW and SW and the adoption of the Model Driven Architecture (MDA) [9] paradigm make possible the definition of a proper integration substrate and enables the continuous interaction of the HW and SW design paths

Weaknesses in ENT Battery Design

Randomness testing is a key tool to analyse the quality of true (physical) random and pseudo-random number generators. There is a wide variety of tests that are designed for this purpose, i.e., to analyse the goodness of the sequences used. These tests are grouped in different sets called suites or batteries. The batteries must be designed in such a way that the tests that form them are independent, that they have a wide coverage, and that they are computationally efficient. One such battery is the well-known ENT battery, which provides four measures and the value of a statistic (corresponding to the chi-square goodness-of-fit test). In this paper, we will show that this battery presents some vulnerabilities and, therefore, must be redefined to solve the detected problems

The AMASS approach for assurance and certification of critical systems

Safety-critical systems are subject to rigorous assurance and certification processes to guarantee that they do not pose unreasonable risks to people, property, or the environment. The associated activities are usually complex and time-consuming, thus they need adequate support for their execution. The activities are further becoming more challenging as the systems are evolving towards open, interconnected systems with new features, e.g. Internet connectivity, and new assurance needs, e.g. compliance with several assurance standards for different dependability attributes. This requires the development of novel approaches for cost-effective assurance and certification. With the overall goal of lowering assurance and certification costs in face of rapidly changing features and market needs, the AMASS project has created and consolidated the de-facto European-wide open solution for assurance and certification of critical systems. This has been achieved by establishing a novel holistic and reuse-oriented approach for architecture-driven assurance, multi-concern assurance, and for seamless interoperability between assurance and engineering activities along with third-party activities. This paper introduces the main elements of the AMASS approach and how to use them and benefit from them.The work leading to this paper has received funding from the AMASS project (H2020-ECSEL grant agreement no 692474; Spain’s MINECO ref. PCIN-2015-262)

StringENT test suite: ENT battery revisited for efficient P value computation

Random numbers play a key role in a wide variety of applications, ranging from mathematical simulation to cryptography. Generating random or pseudo-random numbers is not an easy task, especially when hardware, time and energy constraints are considered. In order to assess whether generators behave in a random fashion, there are several statistical test batteries. ENT is one of the simplest and most popular, at least in part due to its efficacy and speed. Nonetheless, only one of the tests of this suite provides a p value, which is the most useful and standard way to determine whether the randomness hypothesis holds, for a certain significance level. As a consequence of this, rather arbitrary and at times misleading bounds are set in order to decide which intervals are acceptable for its results. This paper introduces an extension of the battery, named StringENT, which, while sticking to the fast speed that makes ENT popular and useful, still succeeds in providing p values with which sound decisions can be made about the randomness of a sequence. It also highlights a flagrant randomness flaw that the classical ENT battery is not capable of detecting but the new StringENT notices, and introduces two additional tests

Identification of germline cancer predisposition variants in pediatric sarcoma patients from somatic tumor testing

Genetic predisposition is an important risk factor for cancer in children and adolescents but detailed associations of individual genetic mutations to childhood cancer are still under intense investigation. Among pediatric cancers, sarcomas can arise in the setting of cancer predisposition syndromes. The association of sarcomas with these syndromes is often missed, due to the rarity and heterogeneity of sarcomas and the limited search of cancer genetic syndromes. This study included 43 pediatric and young adult patients with different sarcoma subtypes. Tumor profiling was undertaken using the Oncomine Childhood Cancer Research Assay (Thermo Fisher Scientific). Sequencing results were reviewed for potential germline alterations in clinically relevant genes associated with cancer predisposition syndromes. Jongmans´ criteria were taken into consideration for the patient selection. Fifteen patients were selected as having potential pathogenic germline variants due to tumor sequencing that identified variants in the following genes: CDKN2A, NF1, NF2, RB1, SMARCA4, SMARCB1 and TP53. The variants found in NF1 and CDKN2A in two different patients were detected in the germline, confirming the diagnosis of a cancer predisposition syndrome. We have shown that the results of somatic testing can be used to identify those at risk of an underlying cancer predisposition syndrome.This work was funded by Research Projects from Navarra Government (Ref. 54/2018), the Jesús de Gangoiti Barrera Foundation (FJGB18/004 and FJGB19/001), Asociación Pablo Ugarte APU (APU-osteosarcoma), La Cuadri del Hospi (BC/A/17/008), EITB Media AND BIOEF, SAU (BIO20/CI/015/BCB and BIO20/CI/011/BCB), Basque Government (2021111030) and Fundación La Caixa with Niños Contra el Cáncer. P.A.-P. is supported by a Basque Government fellowship (PRE_2021_2_0048)

Identification of germline cancer predisposition variants in pediatric sarcoma patients from somatic tumor testing

Genetic predisposition is an important risk factor for cancer in children and adolescents but detailed associations of individual genetic mutations to childhood cancer are still under intense investigation. Among pediatric cancers, sarcomas can arise in the setting of cancer predisposition syndromes. The association of sarcomas with these syndromes is often missed, due to the rarity and heterogeneity of sarcomas and the limited search of cancer genetic syndromes. This study included 43 pediatric and young adult patients with different sarcoma subtypes. Tumor profiling was undertaken using the Oncomine Childhood Cancer Research Assay (Thermo Fisher Scientific). Sequencing results were reviewed for potential germline alterations in clinically relevant genes associated with cancer predisposition syndromes. Jongmans¿ criteria were taken into consideration for the patient selection. Fifteen patients were selected as having potential pathogenic germline variants due to tumor sequencing that identified variants in the following genes: CDKN2A, NF1, NF2, RB1, SMARCA4, SMARCB1 and TP53. The variants found in NF1 and CDKN2A in two different patients were detected in the germline, confirming the diagnosis of a cancer predisposition syndrome. We have shown that the results of somatic testing can be used to identify those at risk of an underlying cancer predisposition syndrome

Automated generation of FDIR for the compass integrated toolset (AUTOGEF)

The ESA AUTOGEF (Dependability Design Approach for Critical Flight Software) study is a direct follow-on of the ESA TRP COMPASS (Correctness, Modelling and Performance of Aerospace Systems). The aim of COMPASS project was to develop a modelbased approach to system-software co-engineering, tailored to the specifics of critical on-board spacecraft systems. COMPASS included the development of a platform based on formal methods, which offers a wide range of techniques for system verification and validation. AUTOGEF aims to demonstrate that synthesis approaches can allow for effective automated FDIR development in accordance with the dependability requirements, through the implementation of an add-on to the COMPASS tool

The AMASS Approach for Assurance and Certification of Critical Systems

Safety-critical systems are subject to rigorous assurance and certification processes to guarantee that they do not pose unreasonable risks to people, property, or the environment. The associated activities are usually complex and time-consuming, thus they need adequate support for their execution. The activities are further becoming more challenging as the systems are evolving towards open, interconnected systems with new features, e.g. Internet connectivity, and new assurance needs, e.g. compliance with several assurance standards for different dependability attributes. This requires the development of novel approaches for cost-effective assurance and certification. With the overall goal of lowering assurance and certification costs in face of rapidly changing features and market needs, the AMASS project has created and consolidated the de-facto European-wide open solution for assurance and certification of critical systems. This has been achieved by establishing a novel holistic and reuse-oriented approach for architecture-driven assurance, multi-concern assurance, and for seamless interoperability between assurance and engineering activities along with third-party activities. This paper introduces the main elements of the AMASS approach and how to use them and benefit from them