SlideShare una empresa de Scribd logo

Systèmes embarqués critiques

Marc Daumas
Marc Daumas

Support de la présentation de Nicolas Navet

TecnologíaEmpresariales
1 de 24
1 Les systèmes embarqués critiques : évolution des pratiques de conception et problèmes émergents Nicolas NAVET INRIA / RealTime-at-Work Equipe Temps Réel et Interopérabilité (TRIO) http://www.loria.fr/~nnavet Journée Prospective du GDR ASR, Paris le 03/11/2011 N. NAVET
2 Plan 1. Illustration : systèmes embarqués dans l’automobile o Quelles menaces sur leur Sûreté de fonctionnement? o Zoom sur les contraintes de temps 2. Evolutions des technologies et pratiques dans la conception des systèmes critiques 3. Problèmes ouverts et émergents 4. Actions en lien dans le pôle « Systèmes Embarqués hautes performances » du GDR ASR N. NAVET
3 Les systèmes embarqués : une utilisation au quotidien N. NAVET 3
4 Dependability vs Security [from Laprie et al, 3] “absence of unauthorized access to, or handling of, system state” “ability to deliver a service that can justifiably be Dependability Security trusted ” Availability Reliability Safety Confidentiality Integrity Maintenability Readiness for Continuity of Absence of Absence of Absence of Ability to usage service catastrophic unauthorized improper undergo repairs consequences disclosure of system and evolutions for authorized information alterations users only “unauthorized” system alteration N. NAVET
5 Systèmes embarqués dans l’automobile : quelles menaces sur leur sûreté de fonctionnement ? N. NAVET
6 Electronics is the driving force of innovation in automotive Many new functions are safety critical: brake assist, cruise control, lane keeping, dynamic lights, etc Picture from [10] – 90% of new functions use software – Electronics: 40% of total costs – Huge complexity: 70 ECUs, 2500 signals, >6 comm. protocols, multi-layered run-time environment (AUTOSAR), multi-source software, multi-core CPUs, number of variants, etc Strong costs and time-to-market constraints ! N. NAVET
7 BMW 7 Series networking architecture [11] ZGW = central gateway 4 CAN buses 1 FlexRay Bus 1 MOST bus Several LIN Buses (not shown here) 1 Ethernet bus Wireless Picture from [11] N. NAVET
8 Main impediments to safety imho: complexity! Technologies: numerous, complex and not explicit. conceived for critical systems – e.g.: more than 150 specification documents (textual) for Autosar, no two implementations can behave identically! Size of the system! – Number of functional domains, buses, gateways, Autosar Basic Software ECUs, size of code, tasks, wiring, number of variants, etc Design process – Most developments are not done in-house : less control on externalized developments – Carry-over / Vehicle Family Management : need to share/re-use architecture and sub-systems between several brands/models with different requirements [2] – Optimized solutions for each component / function does not lead to a global optimal [2] Wiring harness Picture from [11] N. NAVET
9 Threats to dependability : the big picture When faults are introduced in the development phase ? – Requirements capture (20%) + Specification (50%) + SW development: (30%) (infineon [10]) – HW development : ε Risk factors beside complexity: – Technologies: not all conceived with dependability as a priority – Little hardware redundancy – Developments are mainly externalized: incomplete knowledge for the OEM technical parameters are regarded as less important than cost for supplier / components selection [2] – Strong cost / time-to-market pressure – Limited regulatory constraints even with upcoming ISO26262 – Verification / validation does not ensure 100% coverage, limited used of formal methods – Human factors – etc N. NAVET
10 Zoom sur les contraintes temporelles N. NAVET
11 Several hundreds of timing constraints – example of an end- end-to –end constraints Constraint : brake light on < 50ms Stimulus Response Figure from [12] N. NAVET
12 Verification of the timing constraints Personal view / experiences « correctness by construct » and Mostly optimal synthesis ahead bursts of errors of us! Probabilistic performance & safety assessment - system level Interarrival times Single transmission errors « Worst-case » deterministic analysis system level Probabilistic analysis (sub-system) « Worst-case » deterministic analysis (sub-system) COTS tools « Smart » monitoring tools Simulation tools (SBFI) 1995 1997 2009 N. NAVET
13 Why timing constraints may not be respected occasionally? Middleware Lack of precise specification : hard to identify 5ms Comm. the right timing requirements for each function task Lack of traceability : from the architects to the suppliers Flaws in the verification: – Knowledge of the system and its environment is incomplete: Waiting queue: • What is done by the suppliers? - FIFO • Implementation choices really matter and standards do not say everything 2 - Highest Priority • Environmental issues: EMI, α-particles, heat, etc First • Traffic is not always well characterized and/or well modeled 1 - OEM specific e.g. aperiodic traffic ?! see [5] – Testing /simulation alone is not enough CAN Controller – Analysis is not enough too: • Analytic models, especially complex ones, can be wrong 9 6 8 (remember “ CAN analysis refuted, revisited, etc” [6] ?!) • They are often much simplified abstraction of reality buffer Tx and might become optimistic: neglect FIFOs, hardware limitations CAN Bus N. NAVET
14 Illustration: Worst-Case Response Times on a CAN bus Frame waiting queues are HPF, except ECU1 where queue is FIFO the OEM does not know or verification software cannot handle it … Analysis Setup: - Typical body network with 15 ECUs generated by NETCARbench (freely available) - WCRT computed with NETCAR-Analyzer (freely available) Many high-priority frames are delayed here because a single ECU (out of 15) has a FIFO queue … N. NAVET
15 Quelles évolutions dans la conception des systèmes critiques ? - Safety standards - Design process -Technologies, computing platforms N. NAVET
16 Safety standards and certification processes cannot be ignored IEC61226 IEC60880 … EN 50126/28/29 DO 178 / DO 254 ISO 26262 IEC 61508 ECSS / CNES Airbus: 1/3 of the design costs of an airplane due to certification ! N. NAVET [Multi-domain comparison of safety standards, ERTSS-2010]
17 Model Based Design for dependable system development Requirements Design Verification code generation Scade C to binary Compiler Simulation Certification Verification Kit DesignVerifyer State machine to C certified transformation tool End-to-end design flows with proven outcomes at eachNAVET N. step
18 Stakeholder requirements Ex: Objectiver, Reqtify, Doors Verification & Validation is needed at each step Req. Analysis Verification criteria System specification Fonct. specification Ex: SysML Architecture design Model./Program. Ex: Scade, frama-C Validation / Validation / Verification Physical Architecture Model/Source Ex: Gnat, TOM, Allocation Compile CompCert, Scade Simplified INCOSE approach System Architecture Binary Implement Link HW + base SW Exe Integrate System N. NAVET
19 domain- MBD: domain-specific models and tools must be dealt with requirements sysML? Some open issues: semantic interoperability, pivotal language? local versus global verification N. NAVET
20 cross- Technology : from domain specific to cross-industry solutions Today : - Avionics: IEEE1553, AFDX, TTP, ARINC 653, .. - Automotive: CAN, FlexRay, Autosar, Lin, .. - Power plants: Alstom Alspa, Siemens Teleperm, .. [Thomesse05] Tomorrow : Objective of the DDASCA consortium - Convergence of safety standards - Computing platforms: cross-industry solutionS with profile per application domain and scalable dependability : e.g., switched Ethernet, virtualization, etc - Architecture patterns with specific dependability capabilities S w itc h S w itch S w itc h S w itc h S w itch S w itch S w itc h S w itc h C alcu la te ur N °1 C alcu la te ur N °i N. NAVET
21 What is needed now: achieving affordable dependability 1. A large body of techniques, development processes, tools, know-how is increasingly available – they have to become more accessible 2. Simpler systems are more amenable to verification! 3. Formal methods are now sufficiently mature to handle real-world industrial problems. Public research : provide support to both companies and public authorities so that there is no compromise in safety N. NAVET
22 Intérêt pour les systèmes embarqués critiques ? Participez aux activités du pôle « Systèmes Embarqués hautes performances » du GDR ASR - Action AFFSEC « Approches Formelles des Systèmes Embarquées Communicants » (inter-GDR MACS et GPL) http://afsec.asr.cnrs.fr/ - Groupe WEED « Worst End-to-End Delay » - prochaine journée le 23/11/2011 - Action ACTRISS « ACtion Temps Réel : Infrastructure et Services Systèmes » - journée « low-power » le 17/02/2012, puis journée « outils » en Mars / Avril 2012. N. NAVET
23 Merci pour votre attention! questions / réponses contact: nicolas.navet@inria.fr N. NAVET
24 [1] N. Navet, F. Simonot-Lion, editors, The Automotive Embedded Systems References Handbook, Industrial Information Technology series, CRC Press / Taylor and Francis, ISBN 978-0849380266, December 2008. [2] P. Wallin, Axelsson, A Case Study of Issues Related to Automotive E/E System Architecture Development, IEEE International Conference and Workshop on the Engineering of Computer Based Systems, 2008. [3] A. Avizienis, J.C. Laprie, B. Randell, “Dependability and its threat: a taxonomy", IFIP Congress Topical Sessions 2004. [4] D. Khan, R. Bril, N. Navet, “Integrating Hardware Limitations in CAN Schedulability Analysis“, WiP at the 8th IEEE International Workshop on Factory Communication Systems (WFCS 2010), Nancy, France, May 2010. [5] D. Khan, N. Navet, B. Bavoux, J. Migge, “Aperiodic Traffic in Response Time Analyses with Adjustable Safety Level“, IEEE ETFA2009, Mallorca, Spain, September 22-26, 2009. [6] R. Davis, A. Burn, R. Bril, and J. Lukkien, “Controller Area Network (CAN) schedulability analysis: Refuted, revisited and revised”, Real-Time Systems, vol. 35, pp. 239–272, 2007. [7] M. D. Natale, “Evaluating message transmission times in Controller Area Networks without buffer preemption”, in 8th Brazilian Workshop on Real-Time Systems, 2006. [8] C. Braun, L. Havet, N. Navet, "NETCARBENCH: a benchmark for techniques and tools used in the design of automotive communication systems", Proc IFAC FeT 2007, Toulouse, France, November 7-9, 2007. [10] P. Leteinturier, “Next Generation Powertrain Microcontrollers”, International Automotive Electronics Congress, November 2007. [11] H. Kellerman, G. Nemeth, J. Kostelezky, K. Barbehön, F. El-Dwaik, L. Hochmuth, “BMW 7 Series architecture”, ATZextra, November 2008. [12] AUTOSAR, “Specification of Timing Extensions”, Release 4.0 Rev 2, 2010. N. NAVET

Recomendados

Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityRealTime-at-Work (RTaW)
 
Enterprise security assessment types
Enterprise security assessment typesEnterprise security assessment types
Enterprise security assessment typesBob Resmerita
 
Norman Patch and Remediation
Norman Patch and RemediationNorman Patch and Remediation
Norman Patch and RemediationKavlieBorge
 
Ch13 annotated
Ch13 annotatedCh13 annotated
Ch13 annotatedMurali Krishna Kanajam
 
Mil soft company overview 2012 v2
Mil soft company overview 2012 v2Mil soft company overview 2012 v2
Mil soft company overview 2012 v2milsoftSDC
 
E Vm Virtualization
E Vm VirtualizationE Vm Virtualization
E Vm VirtualizationArturo Saavedra
 
Semantic Modeling & Monitoring for Real Time Decision Making: Results and Nex...
Semantic Modeling & Monitoring for Real Time Decision Making: Results and Nex...Semantic Modeling & Monitoring for Real Time Decision Making: Results and Nex...
Semantic Modeling & Monitoring for Real Time Decision Making: Results and Nex...Drogkaris Prokopios
 
Transit Bus Camera Surveillance
Transit Bus Camera SurveillanceTransit Bus Camera Surveillance
Transit Bus Camera Surveillancestevehemenway
 

Recomendados

Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityRealTime-at-Work (RTaW)
 
Enterprise security assessment types
Enterprise security assessment typesEnterprise security assessment types
Enterprise security assessment typesBob Resmerita
 
Norman Patch and Remediation
Norman Patch and RemediationNorman Patch and Remediation
Norman Patch and RemediationKavlieBorge
 
Ch13 annotated
Ch13 annotatedCh13 annotated
Ch13 annotatedMurali Krishna Kanajam
 
Mil soft company overview 2012 v2
Mil soft company overview 2012 v2Mil soft company overview 2012 v2
Mil soft company overview 2012 v2milsoftSDC
 
E Vm Virtualization
E Vm VirtualizationE Vm Virtualization
E Vm VirtualizationArturo Saavedra
 
Semantic Modeling & Monitoring for Real Time Decision Making: Results and Nex...
Semantic Modeling & Monitoring for Real Time Decision Making: Results and Nex...Semantic Modeling & Monitoring for Real Time Decision Making: Results and Nex...
Semantic Modeling & Monitoring for Real Time Decision Making: Results and Nex...Drogkaris Prokopios
 
Transit Bus Camera Surveillance
Transit Bus Camera SurveillanceTransit Bus Camera Surveillance
Transit Bus Camera Surveillancestevehemenway
 
Nevmug Emc January 2009
Nevmug Emc January 2009Nevmug Emc January 2009
Nevmug Emc January 2009csharney
 
Hardware implementation of 3 d dct compressed and digitally watermarked video
Hardware implementation of 3 d dct compressed and digitally watermarked videoHardware implementation of 3 d dct compressed and digitally watermarked video
Hardware implementation of 3 d dct compressed and digitally watermarked videoIAEME Publication
 
DSDConference07
DSDConference07DSDConference07
DSDConference07Adam Taylor CEng FIET
 
Computacenter success story
Computacenter success storyComputacenter success story
Computacenter success storyMartin Rutkowski
 
What makes the large enterprise network management, large
What makes the large enterprise network management, largeWhat makes the large enterprise network management, large
What makes the large enterprise network management, largeManageEngine, Zoho Corporation
 
Safety control systems: Some essential considerations
Safety control systems: Some essential considerationsSafety control systems: Some essential considerations
Safety control systems: Some essential considerationsOptima Control Solutions
 
Mil soft company_overview_2013
Mil soft company_overview_2013Mil soft company_overview_2013
Mil soft company_overview_2013milsoftSDC
 
Verrex Gms Portfolio 02 12 A4
Verrex Gms Portfolio 02 12 A4Verrex Gms Portfolio 02 12 A4
Verrex Gms Portfolio 02 12 A4jamesjshanks
 
More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...InSync Conference
 
Wireless Explorer Standard Presentation
Wireless Explorer Standard PresentationWireless Explorer Standard Presentation
Wireless Explorer Standard PresentationDan Jee
 
miniAVIT Brochure
miniAVIT BrochureminiAVIT Brochure
miniAVIT Brochurejohnuzz
 
Reliability-Centered Maintenance. An introduction to by JBM
Reliability-Centered Maintenance. An introduction to by JBMReliability-Centered Maintenance. An introduction to by JBM
Reliability-Centered Maintenance. An introduction to by JBMmartinjib
 
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTURE
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTUREDESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTURE
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTUREVLSICS Design
 
Efficient combinatorial models for reliability analysis of complex dynamic sy...
Efficient combinatorial models for reliability analysis of complex dynamic sy...Efficient combinatorial models for reliability analysis of complex dynamic sy...
Efficient combinatorial models for reliability analysis of complex dynamic sy...ASQ Reliability Division
 
ICEflo Implementation Management Solution V1d1
ICEflo Implementation Management Solution V1d1ICEflo Implementation Management Solution V1d1
ICEflo Implementation Management Solution V1d1Agenor Technology Ltd
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS SecurityRaleigh ISSA
 
580 584
580 584580 584
580 584Editor IJARCET
 
Herramientas De AdministracióN
Herramientas De AdministracióNHerramientas De AdministracióN
Herramientas De AdministracióNEduardo Castro
 
Support user group meeting 2012
Support user group meeting 2012Support user group meeting 2012
Support user group meeting 2012Interlatin
 
Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityNicolas Navet
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...nithinreddykaithi
 
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV Monitoring
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV MonitoringIRJET- A Literature Survey on Scaling Approaches for VNF in NFV Monitoring
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV MonitoringIRJET Journal
 

Más contenido relacionado

La actualidad más candente

Nevmug Emc January 2009
Nevmug Emc January 2009Nevmug Emc January 2009
Nevmug Emc January 2009csharney
 
Hardware implementation of 3 d dct compressed and digitally watermarked video
Hardware implementation of 3 d dct compressed and digitally watermarked videoHardware implementation of 3 d dct compressed and digitally watermarked video
Hardware implementation of 3 d dct compressed and digitally watermarked videoIAEME Publication
 
Computacenter success story
Computacenter success storyComputacenter success story
Computacenter success storyMartin Rutkowski
 
What makes the large enterprise network management, large
What makes the large enterprise network management, largeWhat makes the large enterprise network management, large
What makes the large enterprise network management, largeManageEngine, Zoho Corporation
 
Safety control systems: Some essential considerations
Safety control systems: Some essential considerationsSafety control systems: Some essential considerations
Safety control systems: Some essential considerationsOptima Control Solutions
 
Mil soft company_overview_2013
Mil soft company_overview_2013Mil soft company_overview_2013
Mil soft company_overview_2013milsoftSDC
 
Verrex Gms Portfolio 02 12 A4
Verrex Gms Portfolio 02 12 A4Verrex Gms Portfolio 02 12 A4
Verrex Gms Portfolio 02 12 A4jamesjshanks
 
More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...InSync Conference
 
Wireless Explorer Standard Presentation
Wireless Explorer Standard PresentationWireless Explorer Standard Presentation
Wireless Explorer Standard PresentationDan Jee
 
miniAVIT Brochure
miniAVIT BrochureminiAVIT Brochure
miniAVIT Brochurejohnuzz
 
Reliability-Centered Maintenance. An introduction to by JBM
Reliability-Centered Maintenance. An introduction to by JBMReliability-Centered Maintenance. An introduction to by JBM
Reliability-Centered Maintenance. An introduction to by JBMmartinjib
 
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTURE
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTUREDESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTURE
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTUREVLSICS Design
 
Efficient combinatorial models for reliability analysis of complex dynamic sy...
Efficient combinatorial models for reliability analysis of complex dynamic sy...Efficient combinatorial models for reliability analysis of complex dynamic sy...
Efficient combinatorial models for reliability analysis of complex dynamic sy...ASQ Reliability Division
 
ICEflo Implementation Management Solution V1d1
ICEflo Implementation Management Solution V1d1ICEflo Implementation Management Solution V1d1
ICEflo Implementation Management Solution V1d1Agenor Technology Ltd
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS SecurityRaleigh ISSA
 
Herramientas De AdministracióN
Herramientas De AdministracióNHerramientas De AdministracióN
Herramientas De AdministracióNEduardo Castro
 
Support user group meeting 2012
Support user group meeting 2012Support user group meeting 2012
Support user group meeting 2012Interlatin
 

La actualidad más candente (19)

Nevmug Emc January 2009
Nevmug Emc January 2009Nevmug Emc January 2009
Nevmug Emc January 2009
 
Hardware implementation of 3 d dct compressed and digitally watermarked video
Hardware implementation of 3 d dct compressed and digitally watermarked videoHardware implementation of 3 d dct compressed and digitally watermarked video
Hardware implementation of 3 d dct compressed and digitally watermarked video
 
DSDConference07
DSDConference07DSDConference07
DSDConference07
 
Computacenter success story
Computacenter success storyComputacenter success story
Computacenter success story
 
What makes the large enterprise network management, large
What makes the large enterprise network management, largeWhat makes the large enterprise network management, large
What makes the large enterprise network management, large
 
Safety control systems: Some essential considerations
Safety control systems: Some essential considerationsSafety control systems: Some essential considerations
Safety control systems: Some essential considerations
 
Mil soft company_overview_2013
Mil soft company_overview_2013Mil soft company_overview_2013
Mil soft company_overview_2013
 
Verrex Gms Portfolio 02 12 A4
Verrex Gms Portfolio 02 12 A4Verrex Gms Portfolio 02 12 A4
Verrex Gms Portfolio 02 12 A4
 
More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...More effective and more flexible security to lower your total cost of ownersh...
More effective and more flexible security to lower your total cost of ownersh...
 
Wireless Explorer Standard Presentation
Wireless Explorer Standard PresentationWireless Explorer Standard Presentation
Wireless Explorer Standard Presentation
 
miniAVIT Brochure
miniAVIT BrochureminiAVIT Brochure
miniAVIT Brochure
 
Reliability-Centered Maintenance. An introduction to by JBM
Reliability-Centered Maintenance. An introduction to by JBMReliability-Centered Maintenance. An introduction to by JBM
Reliability-Centered Maintenance. An introduction to by JBM
 
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTURE
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTUREDESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTURE
DESIGN APPROACH FOR FAULT TOLERANCE IN FPGA ARCHITECTURE
 
Efficient combinatorial models for reliability analysis of complex dynamic sy...
Efficient combinatorial models for reliability analysis of complex dynamic sy...Efficient combinatorial models for reliability analysis of complex dynamic sy...
Efficient combinatorial models for reliability analysis of complex dynamic sy...
 
ICEflo Implementation Management Solution V1d1
ICEflo Implementation Management Solution V1d1ICEflo Implementation Management Solution V1d1
ICEflo Implementation Management Solution V1d1
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security
 
580 584
580 584580 584
580 584
 
Herramientas De AdministracióN
Herramientas De AdministracióNHerramientas De AdministracióN
Herramientas De AdministracióN
 
Support user group meeting 2012
Support user group meeting 2012Support user group meeting 2012
Support user group meeting 2012
 

Similar a Systèmes embarqués critiques

Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityNicolas Navet
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...nithinreddykaithi
 
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV Monitoring
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV MonitoringIRJET- A Literature Survey on Scaling Approaches for VNF in NFV Monitoring
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV MonitoringIRJET Journal
 
Ensemble Launches Major Upgrade to NFV Platform
Ensemble Launches Major Upgrade to NFV PlatformEnsemble Launches Major Upgrade to NFV Platform
Ensemble Launches Major Upgrade to NFV PlatformADVA
 
Junos space seminar
Junos space seminarJunos space seminar
Junos space seminarKappa Data
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
Continuous Delivery (Internet-Briefing 2012-04-03)
Continuous Delivery (Internet-Briefing 2012-04-03)Continuous Delivery (Internet-Briefing 2012-04-03)
Continuous Delivery (Internet-Briefing 2012-04-03)Netcetera
 
Network Troubleshooting - Part 1
Network Troubleshooting - Part 1Network Troubleshooting - Part 1
Network Troubleshooting - Part 1SolarWinds
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingAnkita Mahajan
 
CA Nimsoft Monitor for Vblock
CA Nimsoft Monitor for VblockCA Nimsoft Monitor for Vblock
CA Nimsoft Monitor for VblockCA Nimsoft
 
Security issues and challenges in MANET,VANET and FANET: A Survey
Security issues and challenges in MANET,VANET and FANET: A SurveySecurity issues and challenges in MANET,VANET and FANET: A Survey
Security issues and challenges in MANET,VANET and FANET: A SurveyDr.Irshad Ahmed Sumra
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance Systemprakashjjaya
 
Meaningful and Necessary Operations on Behalf of NFV
Meaningful and Necessary Operations on Behalf of NFVMeaningful and Necessary Operations on Behalf of NFV
Meaningful and Necessary Operations on Behalf of NFVMichelle Holley
 
Service assurance for NFV
Service assurance for NFVService assurance for NFV
Service assurance for NFVJames Crawshaw
 
SECURITY ISSUES AND SOLUTIONS IN VEHICULAR ADHOC NETWORK : A REVIEW APPROACH
SECURITY ISSUES AND SOLUTIONS IN VEHICULAR ADHOC NETWORK : A REVIEW APPROACHSECURITY ISSUES AND SOLUTIONS IN VEHICULAR ADHOC NETWORK : A REVIEW APPROACH
SECURITY ISSUES AND SOLUTIONS IN VEHICULAR ADHOC NETWORK : A REVIEW APPROACHcscpconf
 
Security issues and solutions in vehicular adhoc network a review approach
Security issues and solutions in vehicular adhoc network a review approachSecurity issues and solutions in vehicular adhoc network a review approach
Security issues and solutions in vehicular adhoc network a review approachcsandit
 
Savvius_Introduction to workshop
Savvius_Introduction to workshopSavvius_Introduction to workshop
Savvius_Introduction to workshopSTelligence Company
 
Alcatel-Lucent Cloud: Network Functions Virtualization - The New Virtual Real...
Alcatel-Lucent Cloud: Network Functions Virtualization - The New Virtual Real...Alcatel-Lucent Cloud: Network Functions Virtualization - The New Virtual Real...
Alcatel-Lucent Cloud: Network Functions Virtualization - The New Virtual Real...Alcatel-Lucent Cloud
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotesStudying
 

Similar a Systèmes embarqués critiques (20)

Automotive communication systems: from dependability to security
Automotive communication systems: from dependability to securityAutomotive communication systems: from dependability to security
Automotive communication systems: from dependability to security
 
Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...Remote sensing and control of an irrigation system using a distributed wirele...
Remote sensing and control of an irrigation system using a distributed wirele...
 
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV Monitoring
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV MonitoringIRJET- A Literature Survey on Scaling Approaches for VNF in NFV Monitoring
IRJET- A Literature Survey on Scaling Approaches for VNF in NFV Monitoring
 
Ensemble Launches Major Upgrade to NFV Platform
Ensemble Launches Major Upgrade to NFV PlatformEnsemble Launches Major Upgrade to NFV Platform
Ensemble Launches Major Upgrade to NFV Platform
 
Junos space seminar
Junos space seminarJunos space seminar
Junos space seminar
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
 
Continuous Delivery (Internet-Briefing 2012-04-03)
Continuous Delivery (Internet-Briefing 2012-04-03)Continuous Delivery (Internet-Briefing 2012-04-03)
Continuous Delivery (Internet-Briefing 2012-04-03)
 
Network Troubleshooting - Part 1
Network Troubleshooting - Part 1Network Troubleshooting - Part 1
Network Troubleshooting - Part 1
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined Networking
 
CA Nimsoft Monitor for Vblock
CA Nimsoft Monitor for VblockCA Nimsoft Monitor for Vblock
CA Nimsoft Monitor for Vblock
 
Cloud malfunction up11
Cloud malfunction up11Cloud malfunction up11
Cloud malfunction up11
 
Security issues and challenges in MANET,VANET and FANET: A Survey
Security issues and challenges in MANET,VANET and FANET: A SurveySecurity issues and challenges in MANET,VANET and FANET: A Survey
Security issues and challenges in MANET,VANET and FANET: A Survey
 
Fault Tolerance System
Fault Tolerance SystemFault Tolerance System
Fault Tolerance System
 
Meaningful and Necessary Operations on Behalf of NFV
Meaningful and Necessary Operations on Behalf of NFVMeaningful and Necessary Operations on Behalf of NFV
Meaningful and Necessary Operations on Behalf of NFV
 
Service assurance for NFV
Service assurance for NFVService assurance for NFV
Service assurance for NFV
 
SECURITY ISSUES AND SOLUTIONS IN VEHICULAR ADHOC NETWORK : A REVIEW APPROACH
SECURITY ISSUES AND SOLUTIONS IN VEHICULAR ADHOC NETWORK : A REVIEW APPROACHSECURITY ISSUES AND SOLUTIONS IN VEHICULAR ADHOC NETWORK : A REVIEW APPROACH
SECURITY ISSUES AND SOLUTIONS IN VEHICULAR ADHOC NETWORK : A REVIEW APPROACH
 
Security issues and solutions in vehicular adhoc network a review approach
Security issues and solutions in vehicular adhoc network a review approachSecurity issues and solutions in vehicular adhoc network a review approach
Security issues and solutions in vehicular adhoc network a review approach
 
Savvius_Introduction to workshop
Savvius_Introduction to workshopSavvius_Introduction to workshop
Savvius_Introduction to workshop
 
Alcatel-Lucent Cloud: Network Functions Virtualization - The New Virtual Real...
Alcatel-Lucent Cloud: Network Functions Virtualization - The New Virtual Real...Alcatel-Lucent Cloud: Network Functions Virtualization - The New Virtual Real...
Alcatel-Lucent Cloud: Network Functions Virtualization - The New Virtual Real...
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotes
 

Más de Marc Daumas

Dispositifs CIR et JEI
Dispositifs CIR et JEIDispositifs CIR et JEI
Dispositifs CIR et JEIMarc Daumas
 
Ingénierie Dirigée par les Modèles
Ingénierie Dirigée par les ModèlesIngénierie Dirigée par les Modèles
Ingénierie Dirigée par les ModèlesMarc Daumas
 
Système, Virtualisation, Nuage
Système, Virtualisation, NuageSystème, Virtualisation, Nuage
Système, Virtualisation, NuageMarc Daumas
 
Aspects réglementaires du CIR
Aspects réglementaires du CIRAspects réglementaires du CIR
Aspects réglementaires du CIRMarc Daumas
 
Introduction de la journée de prospective industrielle d'ASR
Introduction de la journée de prospective industrielle d'ASRIntroduction de la journée de prospective industrielle d'ASR
Introduction de la journée de prospective industrielle d'ASRMarc Daumas
 

Más de Marc Daumas (6)

Dispositifs CIR et JEI
Dispositifs CIR et JEIDispositifs CIR et JEI
Dispositifs CIR et JEI
 
Ingénierie Dirigée par les Modèles
Ingénierie Dirigée par les ModèlesIngénierie Dirigée par les Modèles
Ingénierie Dirigée par les Modèles
 
Calculs sur GPU
Calculs sur GPUCalculs sur GPU
Calculs sur GPU
 
Système, Virtualisation, Nuage
Système, Virtualisation, NuageSystème, Virtualisation, Nuage
Système, Virtualisation, Nuage
 
Aspects réglementaires du CIR
Aspects réglementaires du CIRAspects réglementaires du CIR
Aspects réglementaires du CIR
 
Introduction de la journée de prospective industrielle d'ASR
Introduction de la journée de prospective industrielle d'ASRIntroduction de la journée de prospective industrielle d'ASR
Introduction de la journée de prospective industrielle d'ASR
 

Último

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Último (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Systèmes embarqués critiques

  • 1. 1 Les systèmes embarqués critiques : évolution des pratiques de conception et problèmes émergents Nicolas NAVET INRIA / RealTime-at-Work Equipe Temps Réel et Interopérabilité (TRIO) http://www.loria.fr/~nnavet Journée Prospective du GDR ASR, Paris le 03/11/2011 N. NAVET
  • 2. 2 Plan 1. Illustration : systèmes embarqués dans l’automobile o Quelles menaces sur leur Sûreté de fonctionnement? o Zoom sur les contraintes de temps 2. Evolutions des technologies et pratiques dans la conception des systèmes critiques 3. Problèmes ouverts et émergents 4. Actions en lien dans le pôle « Systèmes Embarqués hautes performances » du GDR ASR N. NAVET
  • 3. 3 Les systèmes embarqués : une utilisation au quotidien N. NAVET 3
  • 4. 4 Dependability vs Security [from Laprie et al, 3] “absence of unauthorized access to, or handling of, system state” “ability to deliver a service that can justifiably be Dependability Security trusted ” Availability Reliability Safety Confidentiality Integrity Maintenability Readiness for Continuity of Absence of Absence of Absence of Ability to usage service catastrophic unauthorized improper undergo repairs consequences disclosure of system and evolutions for authorized information alterations users only “unauthorized” system alteration N. NAVET
  • 5. 5 Systèmes embarqués dans l’automobile : quelles menaces sur leur sûreté de fonctionnement ? N. NAVET
  • 6. 6 Electronics is the driving force of innovation in automotive Many new functions are safety critical: brake assist, cruise control, lane keeping, dynamic lights, etc Picture from [10] – 90% of new functions use software – Electronics: 40% of total costs – Huge complexity: 70 ECUs, 2500 signals, >6 comm. protocols, multi-layered run-time environment (AUTOSAR), multi-source software, multi-core CPUs, number of variants, etc Strong costs and time-to-market constraints ! N. NAVET
  • 7. 7 BMW 7 Series networking architecture [11] ZGW = central gateway 4 CAN buses 1 FlexRay Bus 1 MOST bus Several LIN Buses (not shown here) 1 Ethernet bus Wireless Picture from [11] N. NAVET
  • 8. 8 Main impediments to safety imho: complexity! Technologies: numerous, complex and not explicit. conceived for critical systems – e.g.: more than 150 specification documents (textual) for Autosar, no two implementations can behave identically! Size of the system! – Number of functional domains, buses, gateways, Autosar Basic Software ECUs, size of code, tasks, wiring, number of variants, etc Design process – Most developments are not done in-house : less control on externalized developments – Carry-over / Vehicle Family Management : need to share/re-use architecture and sub-systems between several brands/models with different requirements [2] – Optimized solutions for each component / function does not lead to a global optimal [2] Wiring harness Picture from [11] N. NAVET
  • 9. 9 Threats to dependability : the big picture When faults are introduced in the development phase ? – Requirements capture (20%) + Specification (50%) + SW development: (30%) (infineon [10]) – HW development : ε Risk factors beside complexity: – Technologies: not all conceived with dependability as a priority – Little hardware redundancy – Developments are mainly externalized: incomplete knowledge for the OEM technical parameters are regarded as less important than cost for supplier / components selection [2] – Strong cost / time-to-market pressure – Limited regulatory constraints even with upcoming ISO26262 – Verification / validation does not ensure 100% coverage, limited used of formal methods – Human factors – etc N. NAVET
  • 10. 10 Zoom sur les contraintes temporelles N. NAVET
  • 11. 11 Several hundreds of timing constraints – example of an end- end-to –end constraints Constraint : brake light on < 50ms Stimulus Response Figure from [12] N. NAVET
  • 12. 12 Verification of the timing constraints Personal view / experiences « correctness by construct » and Mostly optimal synthesis ahead bursts of errors of us! Probabilistic performance & safety assessment - system level Interarrival times Single transmission errors « Worst-case » deterministic analysis system level Probabilistic analysis (sub-system) « Worst-case » deterministic analysis (sub-system) COTS tools « Smart » monitoring tools Simulation tools (SBFI) 1995 1997 2009 N. NAVET
  • 13. 13 Why timing constraints may not be respected occasionally? Middleware Lack of precise specification : hard to identify 5ms Comm. the right timing requirements for each function task Lack of traceability : from the architects to the suppliers Flaws in the verification: – Knowledge of the system and its environment is incomplete: Waiting queue: • What is done by the suppliers? - FIFO • Implementation choices really matter and standards do not say everything 2 - Highest Priority • Environmental issues: EMI, α-particles, heat, etc First • Traffic is not always well characterized and/or well modeled 1 - OEM specific e.g. aperiodic traffic ?! see [5] – Testing /simulation alone is not enough CAN Controller – Analysis is not enough too: • Analytic models, especially complex ones, can be wrong 9 6 8 (remember “ CAN analysis refuted, revisited, etc” [6] ?!) • They are often much simplified abstraction of reality buffer Tx and might become optimistic: neglect FIFOs, hardware limitations CAN Bus N. NAVET
  • 14. 14 Illustration: Worst-Case Response Times on a CAN bus Frame waiting queues are HPF, except ECU1 where queue is FIFO the OEM does not know or verification software cannot handle it … Analysis Setup: - Typical body network with 15 ECUs generated by NETCARbench (freely available) - WCRT computed with NETCAR-Analyzer (freely available) Many high-priority frames are delayed here because a single ECU (out of 15) has a FIFO queue … N. NAVET
  • 15. 15 Quelles évolutions dans la conception des systèmes critiques ? - Safety standards - Design process -Technologies, computing platforms N. NAVET
  • 16. 16 Safety standards and certification processes cannot be ignored IEC61226 IEC60880 … EN 50126/28/29 DO 178 / DO 254 ISO 26262 IEC 61508 ECSS / CNES Airbus: 1/3 of the design costs of an airplane due to certification ! N. NAVET [Multi-domain comparison of safety standards, ERTSS-2010]
  • 17. 17 Model Based Design for dependable system development Requirements Design Verification code generation Scade C to binary Compiler Simulation Certification Verification Kit DesignVerifyer State machine to C certified transformation tool End-to-end design flows with proven outcomes at eachNAVET N. step
  • 18. 18 Stakeholder requirements Ex: Objectiver, Reqtify, Doors Verification & Validation is needed at each step Req. Analysis Verification criteria System specification Fonct. specification Ex: SysML Architecture design Model./Program. Ex: Scade, frama-C Validation / Validation / Verification Physical Architecture Model/Source Ex: Gnat, TOM, Allocation Compile CompCert, Scade Simplified INCOSE approach System Architecture Binary Implement Link HW + base SW Exe Integrate System N. NAVET
  • 19. 19 domain- MBD: domain-specific models and tools must be dealt with requirements sysML? Some open issues: semantic interoperability, pivotal language? local versus global verification N. NAVET
  • 20. 20 cross- Technology : from domain specific to cross-industry solutions Today : - Avionics: IEEE1553, AFDX, TTP, ARINC 653, .. - Automotive: CAN, FlexRay, Autosar, Lin, .. - Power plants: Alstom Alspa, Siemens Teleperm, .. [Thomesse05] Tomorrow : Objective of the DDASCA consortium - Convergence of safety standards - Computing platforms: cross-industry solutionS with profile per application domain and scalable dependability : e.g., switched Ethernet, virtualization, etc - Architecture patterns with specific dependability capabilities S w itc h S w itch S w itc h S w itc h S w itch S w itch S w itc h S w itc h C alcu la te ur N °1 C alcu la te ur N °i N. NAVET
  • 21. 21 What is needed now: achieving affordable dependability 1. A large body of techniques, development processes, tools, know-how is increasingly available – they have to become more accessible 2. Simpler systems are more amenable to verification! 3. Formal methods are now sufficiently mature to handle real-world industrial problems. Public research : provide support to both companies and public authorities so that there is no compromise in safety N. NAVET
  • 22. 22 Intérêt pour les systèmes embarqués critiques ? Participez aux activités du pôle « Systèmes Embarqués hautes performances » du GDR ASR - Action AFFSEC « Approches Formelles des Systèmes Embarquées Communicants » (inter-GDR MACS et GPL) http://afsec.asr.cnrs.fr/ - Groupe WEED « Worst End-to-End Delay » - prochaine journée le 23/11/2011 - Action ACTRISS « ACtion Temps Réel : Infrastructure et Services Systèmes » - journée « low-power » le 17/02/2012, puis journée « outils » en Mars / Avril 2012. N. NAVET
  • 23. 23 Merci pour votre attention! questions / réponses contact: nicolas.navet@inria.fr N. NAVET
  • 24. 24 [1] N. Navet, F. Simonot-Lion, editors, The Automotive Embedded Systems References Handbook, Industrial Information Technology series, CRC Press / Taylor and Francis, ISBN 978-0849380266, December 2008. [2] P. Wallin, Axelsson, A Case Study of Issues Related to Automotive E/E System Architecture Development, IEEE International Conference and Workshop on the Engineering of Computer Based Systems, 2008. [3] A. Avizienis, J.C. Laprie, B. Randell, “Dependability and its threat: a taxonomy", IFIP Congress Topical Sessions 2004. [4] D. Khan, R. Bril, N. Navet, “Integrating Hardware Limitations in CAN Schedulability Analysis“, WiP at the 8th IEEE International Workshop on Factory Communication Systems (WFCS 2010), Nancy, France, May 2010. [5] D. Khan, N. Navet, B. Bavoux, J. Migge, “Aperiodic Traffic in Response Time Analyses with Adjustable Safety Level“, IEEE ETFA2009, Mallorca, Spain, September 22-26, 2009. [6] R. Davis, A. Burn, R. Bril, and J. Lukkien, “Controller Area Network (CAN) schedulability analysis: Refuted, revisited and revised”, Real-Time Systems, vol. 35, pp. 239–272, 2007. [7] M. D. Natale, “Evaluating message transmission times in Controller Area Networks without buffer preemption”, in 8th Brazilian Workshop on Real-Time Systems, 2006. [8] C. Braun, L. Havet, N. Navet, "NETCARBENCH: a benchmark for techniques and tools used in the design of automotive communication systems", Proc IFAC FeT 2007, Toulouse, France, November 7-9, 2007. [10] P. Leteinturier, “Next Generation Powertrain Microcontrollers”, International Automotive Electronics Congress, November 2007. [11] H. Kellerman, G. Nemeth, J. Kostelezky, K. Barbehön, F. El-Dwaik, L. Hochmuth, “BMW 7 Series architecture”, ATZextra, November 2008. [12] AUTOSAR, “Specification of Timing Extensions”, Release 4.0 Rev 2, 2010. N. NAVET