Dependable Embedded Systems Roadmap and Challenges – From Requirements to Maintenance
advertisement
SAFECOMP SAFECOMP 2003 2003 Dependable Embedded Systems Roadmap and Challenges – From Requirements to Maintenance Panel Panel Session, Session, Sept. Sept. 24th, 24th, 2003 2003 Erwin Schoitsch ARC Seibersdorf Research, Vienna/Seibersdorf Dependable Dependable Embedded Embedded Systems Systems Panel Panel Erwin Schoitsch Francesca Saglietti Mark Sujan Oliver Rooks Robin Bloomfield ARC Seibersdorf research, Austria University of Erlangen-Nuremberg Human Reliability Associates, UK DaimlerChrysler, Stuttgart CSR & Adelard, London ….. and I will not talk about SILs ! References: FP5 Roadmap Project AMSD (IST – 2001 – 37553) www.am-sd.org EWICS TC7, Maintenance of Diverse/Redundant Systems Subgroup www.ewics.org (working on a Guideline on “Specific Requirements for Maintenance and Modification of Redundant and Diverse Safety Critical Systems”) ERCIM WG on “Dependable Software-intensive Systems” www.ercim.org Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. DES DES in in AMSD: AMSD: Positioning Positioning as as aa “Meta -Roadmap Exercise” “Meta-Roadmap Exercise” „Do not re-invent the wheel“ „Compile a consistent view“ AMSD Overall dependability PAMPAS ACIP AMSD mobile dependable critical privacy & embedded infrastruct. security systems protection BVN RAPID RESET biometrics Privacy/ smart Identity cards Mgmt DDSI Dependability policy support STORK ARTIST crypto Advanced RT Other Sources….. (especially for foresight and prioritization needed) DES-Roadmap: specific Co-operation with ARTIST Integration of Dependability, Embedded Systems and Critical RT-Control Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. Characteristics Characteristics of of Embedded Embedded Systems Systems Ø Software – intensive Systems: Software plays the major role in a “Real World System”, holistic view of the system, HW/SW architecture interdependencies Ø Embedded Systems: Combination of processors, sensors, actuators, “intelligence”, “hidden computers” and massive deployment, intensive interaction with uncertain environment: “A physical process with dynamics, fault, noise, dependability, power, size (in general: resource -) and memory restrictions…” (Foundational Infrastructure needed) Ø Embedded Software: new capabilities to HW transducers added by “embedded software” (“defines physical behaviour of a complex nonlinear device”), HW/SW co-design, dependability, low power, timeliness, … characteristics Systems are NOT always safety-critical by design – often the actual criticality and dependability levels rise based on our desire for enhanced reliance on them !! Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. Application Application Assessment: Assessment: Human Human centered -Driven centered,, Vision Vision-Driven Ø Automotive: Accident free Driving Ø Avionics: Safe Sky for Europe Ø Medical: Robot Surgeon Ø Communications: Seamless Connectivity Ø E-Life: Ubiquitous Computing, environment awareness Ø personalised (user centered, dynamically adapted to user Industrial Vision: preferences), Ø dependable (time dynamics, „Aerospace Safety at Automotive timely responsiveness, secure), Cost“ Ø context-awareness (person, object, location, time), Industrial Need: From Supply Chain to Design Chain Ø natural interaction Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. Sectoral Sectoral Trends Trends identified identified (Results (Results Grenoble Grenoble WS WS & & other other sources) sources) Trends in Automotive: Ø X-by-wire: integrated steering, brakes, airbags, …. Ø Integrated Engine control, power management Advanced Driver Assistance (partial replacement ?) by: Ø Vehicle-side embedded systems Ø Roadside embedded systems and interaction Ø Global connectivity: vehicle – to –vehicle (long term), satellite, traffic navigation and control. Ø eSafety on the road: Need for Standardization !!! Ø Autonomous Driving, “Platooning” of vehicles Trends in Industrial Automation: Ø Openess (standardization, different vendors) Ø Maintainability, Replacement, Re-Integration Ø Smart Sensors, Distributed (Networked) Systems Ø Use of Internet for Monitoring and Control Ø Specific needs of large scale critical infrastructures: e.g. energy suppliers/networks Ø Includes large facility management, “intelligent houses” Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. Sectoral Sectoral Trends Trends identified identified (Results (Results Grenoble Grenoble WS WS & & other other sources) sources) Trends in Avionics: Ø Ø Ø Ø Integrated Modular Avionics (IMA) Modular Aerospace Controls (MAC) Global Infrastructure for ATC Cockpit-, Display management, fuel management, engine control Trends in Railways Ø move to more openness, competing operators Ø Unrestricted cross-border traffic and interoperability Ø move from national and proprietory equipment (and procedures !) to standards (interfaces, components, sensors) and COTS communication Ø Move to ERTMS and Euro-Interlocking (instead of proprietory solutions) Ø Fixed interlocking and track bound equipment (signalling, train control) combined with on-board equipment and wireless communication (GSM-R, GPS)(ETCS Level 1, 2) Ø Global Connectivity, train control (Satellites, GPS) Ø Remote Monitoring and Maintenance, info for service suppliers Ø JIT information for passengers, freight, traffic management (multimodal) Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. Trends Trends in in Medical Medical – – Component Component Healthcare Healthcare System System Around us ... Products and equipment at the service of individuals … inside us ? Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. Microcapsule Sectoral Sectoral Trends Trends identified identified (EWICS (EWICS TC7 TC7 WG WG Medical Medical Devices, Devices, Rail) Rail) Trends in Medical Systems Ø Move from direct face-to-face medical support to remote supervision and monitoring automated devices for control of longterm medication and treatment Ø new means of interaction and surgery of medical devices (MEMS, nano-devices) Ø smarter healthcare systems: automated “error-free” provision and protection of medicine, data/critical assets and support (critical clinical processes) in hospitals (EU-project DRIVE – Drug in Virtual Enterprise) Ø “Component” Healthcare systems: Integration of components each fitting a specialised role in the healthcare chain Enabling Technology for all of these trends: DES !! Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. DES Challenges Ø Composability (system architecture, interfaces, timing, cost, scalability, adaptability, COTS, Soup, Reuse) Ø Standardisation (of concepts) (cost, maintainability, interoperability) Ø Temporal Predictability (Tool bench, TTP) vs. Uncertainty Ø Dependability (system attributes such as reliability, availability, safety, security, maintainability - vs. complexity, functionality) Ø Fault Tolerance: System Architectures meets the 10-9 Challenge: System Dependability >> than Component Dependability (10-4 to 10-5) Ø Dynamic Environments (ubiquity/nomadicity - mobility, low power) Ø Human Factors (HCI) Ø Diagnosis and Maintenance Linking to global infrastructures, “Embedded” in several Layers: strong interaction with Overall Dependability Issues, Link to “Ambient Intelligence” Key challenges to be managed by systems approach we need people with a system‘s perspective ! Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. Silicon Silicon Trend: Trend: Future Future Failure Failure Modes Modes of of SoC SoC • The expected further shrinkage of the feature size will cause new failure modes1 such as, for example: – Transient multi-bit failures caused by a single fault event – Intermittent failures of the interconnect that can affect different functions on the die simultaneously • It is expected that in the future the rate for permanent failures will remain unchanged, but that the rate for intermittent and transient failures will increase. • The assumption that a fail-silent node can be implemented on a single die that hosts two independent FCUs is not sustainable in future high-dependability applications. Foundational infrastructure required: TT-paradigm – Fundamental Progress achieved during the last years !! Building Blocks for HRT Middleware, System Simulation and Emulation (Co-Design/Co-Simulation), Performance Modeling 1 Source: C. Constantinescu, Impact of Deep Submicron Technology on Dependability of VLSI circuits, Proceedings of the IEEE DSN 2002, Washington D.C., p. 205-209 Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. DES DES Roadmap Roadmap Education Education and and Training Training Issues Issues Gaps identified [Workshops, IEEE/ACM-SEEK, ARTIST]: Ø Lack of qualified engineers able to develop ES (Traditional Engineers learn on-the-job, application domain specific) Ø Broad (systems) perspective needed Ø Knowledge on Dependability issues should be disseminated Ø Designers of ES do often not systematically consider interdependencies between critical and non-critical (sub-) systems (air conditioning corrupts vehicle network, toilet control on general train bus corrupting critical functions) Ø Need for Standardization and Knowledge of Standards Ø Confidential Design and commercial confidentially of incident reports are barriers to a broad knowledge exchange Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. DES DES Roadmap Roadmap Education Education and and Training Training Issues Issues Required Skills for (Dependable) Embedded Systems Designer/ Engineer from three technical disciplines: computer science, electronics, control theory Appreciation for multi-disciplinary nature of design – Both hardware & software skills – Understanding of engineering beyond digital logic – Ability to take a project from specification through production Communication & teamwork skills – Work with other disciplines, manufacturing, marketing – Work with customers to understand the real problem being solved – Make a good presentation; even better -- write “trade rag” articles And, by the way, technical skills too… Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept. DES DES Roadmap Roadmap – – EU EU Project Project AMSD AMSD Roadmaps available at http://www.am-sd.org Adelard ARCS CNUCE JRC LAAS Newcastle University SAFECOMP 2003, Edinburgh 23.-26. Sept.
