2014-­‐05-­‐21 The Synopsis half-­‐8me report available at the ES MER14 web-­‐
page provides addi8onal details about the Dependability research The Embedded Systems’ research area
PostDoc Patrick Graydon Dependable Systems Professor Hans Hansson Professor Kris8na Lundqvist Mer-­‐14 hearing, May 21, 2014
Professor Sasikumar Punnekkat School of Innovation, Design & Engineering (IDT)
Mälardalen University
Dependability@MDH Vision: to be a provider of scien8fically well-­‐grounded research that increase efficiency and reuse in development and cer3fica3on of safety-­‐relevant embedded systems 1 2014-­‐05-­‐21 Dependable systems: Staff [8 Profs.+ 7 addi8onal PhDs + 18 PhD students] •
–
•
Full professors: –
PhD-students
1. JARADAT, OMAR
2. JOHNSEN, ANDREAS
3. MALEKZADEH, MAHNAZ
Adjunct professors 4.
5.
6.
7.
8.
Associate professor 9. Nesredin Mahmoud (new; Volvo)
10. Elena Lisova (new; TTTech)
11. Francisco Pozo (new; TTTech)
1.
2.
3.
•
1.
1. HANSSON, HANS A 2. LUNDQVIST, KRISTINA 3. PUNNEKKAT, SASIKUMAR Visi8ng professor 1. BATE, IAIN FORSBERG, KRISTINA THANE, HENRIK SCHMIDT, HEINRICH W 1. DOBRIN, RADU PostDocs and research fellows 1. AYSAN, HUSEYIN AYHAN 2. GALLINA, BARBARA 3. GRAYDON, PATRICK 4. HÄNNINEN, KAJ 5. LU, YUE (Ericsson) 6. RODRIGUEZ-­‐NAVAS, GUILLERMO 7. WALLIN, PETER (Volvo) 2.
SLJIVO, IRFAN
KHANFAR, HUSNI
THEKKILAKATTIL, ABHILASH
ZHOU, JIALE
Predrag Filipovikj (new; Scania)
Industrial PhD-students
1.
2.
3.
Mathias Ekman (Bombardier)
Stephan Baumgart (Volvo CE)
Stefan Björnander (Maximatecc)
4.
5.
Henrik Jonsson (Etteplan)
Pablo Gutiérrez Peon (new;
TTTech)
6.
7.
Ayhan Mehmed (new; TTTech)
Marina Gutiérrez Lopez (new;
TTTech)
Dependable systems: Staff 2010 [Was not iden8fied as an area, although scajered ac8vi8es] [4 Profs.+ 1 addi8onal PhD + 5 PhD students] •
–
•
Full professors: –
PhD-students
1. JARADAT, OMAR
2. JOHNSEN, ANDREAS
3. MALEKZADEH, MAHNAZ
Adjunct professors 4.
5.
6.
7.
8.
Associate professor 9. Nesredin Mahmoud (new; Volvo)
10. Elena Lisova (new; TTTech)
11. Francisco Pozo (new; TTTech)
1.
2.
3.
•
1.
1. (HANSSON, HANS A) 2. LUNDQVIST, KRISTINA 3. PUNNEKKAT, SASIKUMAR Visi8ng professor 1. BATE, IAIN FORSBERG, KRISTINA THANE, HENRIK SCHMIDT, HEINRICH W 1. DOBRIN, RADU PostDocs and research fellows 1. AYSAN, HUSEYIN AYHAN 2. GALLINA, BARBARA 3. GRAYDON, PATRICK 4. HÄNNINEN, KAJ 5. (LU, YUE) 6. RODRIGUEZ-­‐NAVAS, GUILLERMO 7. (WALLIN, PETER) 2.
SLJIVO, IRFAN
KHANFAR, HUSNI
THEKKILAKATTIL, ABHILASH
ZHOU, JIALE
Predrag Filipovikj (new; Scania)
Industrial PhD-students
1.
2.
3.
Mathias Ekman (Bombardier)
Stephan Baumgart (Volvo CE)
Stefan Björnander (Maximatecc)
4.
5.
Henrik Jonsson (Etteplan)
Pablo Gutiérrez Peon (new;
TTTech)
6.
7.
Ayhan Mehmed (new; TTTech)
Marina Gutiérrez Lopez (new;
TTTech)
2 2014-­‐05-­‐21 Dependable systems: key characteris8cs Strongest Swedish Dependability group Int’l environment: staff+visitors
+coopera8on Unique profile Safety+CBD
+RT 2008-­‐’13: 113 public. 3 best paper awards Industrial coopera8on & background JSA ed-­‐in-­‐chief VR panel chair 4 edit. Boards etc. 87% external funding + in kind EU projects: SafeCer, RetNet, Euroweb Since ‘08: 8 Phd 8 Lic 22 MSc MSc, PhD & industrial courses Research focus (not an isolated island) Our projects Dependability
VoV 3 2014-­‐05-­‐21 Current main research focus: Safety cerJficaJon + Component-­‐Based Development System and Safety
Requirements
Argumentation
Environment
System
Evidence
Verification
System and Safety Requirements
Environment
System
System and Safety Requirements
Environment
Argumentation
System
Evidence
Argumentation
Evolution
Evidence
New evidence
Verification
Verification
4 2014-­‐05-­‐21 System and Safety Requirements
Argumentation
Environment
System
Evolution
Evidence
New evidence
Verification
Publica8ons & cita8ons 30 No. of publicaJons 2008-­‐2013: 13 journal ar8cles 4500 27 25 4000 24 19 20 141 conference publica8ons 28 other publica8ons The senior researcher’s individual cita8on data H-­‐index 2500 13 13 2166 # of cita8ons 10 10 1500 551 557 373 257 620 191 0 1 250 200 150 i-­‐1000 to i-­‐10 for Dep [i-­‐X = X publica8ons with at least X cita8ons] 3 4 5 6 7 8 9 10 5 4 1000 3 53 95 50 29 11 12 13 14 500 0 H-­‐index for the Dependability environment: 43 67 36 50 0 2 5 206 112 100 6 1063 981 5 2000 9 6 May 19: Two SafeComp papers accepted 3500 3000 15 15 4000 0 1 5 12 i-­‐1000 i-­‐500 i-­‐250 i-­‐100 i-­‐50 i-­‐30 i-­‐20 i-­‐10 5 2014-­‐05-­‐21 Coopera8on & projects • Academic – Universi8es MIT (US) Sofia U. (BG) TU Vienna (AT) U. of New England (AUS) • UPM (SP) • U. of Virginia (US) • U. of York (UK) •
•
•
•
– Ins8tutes •
•
•
•
Projects • Industrial Synopsis – SSF Framework grant
• SSM (SE) Funding provided by:
•
•
•
•
•
•
•
•
•
•
•
•
•
SafeCer– EU/ARTEMIS project
RetNet –European Industrial Doctorate
Programme in cooperation with TTTech (A)
VeriSpec –Vinnova FFI project in
cooperation with Scania and AB Volvo
AIT (AT) Sadies – KKS project in cooperation
SICS (SE) with Bombardier Transportation
SP (SE) Virtual Vehicle (AT) SSpiia – Vinnova project on
– Agencies – Na8onal: Safety & Security in process industry
– Interna8onal • Resilitech (IT) • Thales (FR) • TTTech (AT) EuroWeb– EU Western
Balkan scholarship program
Prompt – KKS educational
initiative for industrial engineers
Iain Bate visiting prof – KKS grant
ABB Arc8cus Boliden Bombardier Transporta8on Effec8ve Change Ericsson Ejeplan Maximatecc Saab Safety Integrity Scania Volvo CE Volvo Trucks Industrial PhD-­‐students: Stephan Baumgart (Volvo CE), Henrik Jonsson (Ejeplan), Stefan Björnander (CrossControl), Mathias Ekman (Bombardier)
Future research in dependability at MDH • Safety in rela8on to emerging trends – Internet of Things – Coopera8ng autonomous vehicles – System of systems • Further research into – Contract-­‐based safety argumenta8on – Dependable wireless communica8on – Fault detec8on and fault avoidance • Mul8core • Wirelessly interconnected systems 6 2014-­‐05-­‐21 Challenges • Funding – Cri8cally depending on SSF-­‐funding for academic sustainability – Limited university (co-­‐)funding – A lot of senior research 8me spent on proposals and admin • Substan8al efforts spent to understand the industrial context and standards • Confiden8ality of industrial data • Few top-­‐level conferences/journals specialized on safety Error modelling and reliability assurance for real-­‐8me systems Fault-tolerance(FT) strategies
• Voting on time & Value (VTV)
• Cascading redundancy
• Energy-awareness and FT
Error modelling
• Error bursts
• Probabilistic models
• Dependability
Real-Time
Systems
Fault-tolerant scheduling
• FT Feasibility
• Mixed criticality scheduling
• Probabilistic guarantees
Software
Engineering
Reliability modelling
• Architecture-oriented for CBS
• Fuzzy reliability models
• Uncertainties in estimation
7 2014-­‐05-­‐21 Dependability through Architecture Engineering Architecture dependence graphs (ADGs) Detect design faults Automated hazard analysis Detect implementaJon faults + Error annex + Composable safety cerJficaJon Automated safety-­‐
impact analysis of architectural change Efficient regression verificaJon Enquiries into argument seman8cs (Graydon) • Theories of confidence – Iden8fied exis8ng theories and support for these – Proposed experimental evalua8on • Argument nota8ons – Iden8fied ambiguous seman8cs in GSN – Proposed precise seman8cs for ‘context’ element Goal (Claim) Context (Argument) Strategy (Sub-­‐)Goal (Premise/Claim) (Sub-­‐) Goal Solu8on (Evidence) Solu8on (Evidence) 8 2014-­‐05-­‐21 Design for safety Component model extensions for composable safety Component type
• Vision – Reuse of safety-­‐relevant informaJon when a component is reused in a new context. – Contracts that link claims to assumpJons under which the claims can be guaranteed to hold. – Reusable argumentaJon fragments capturing parts of the system safety argumenta8on. • Results Contract Argument
fragment
Sowware components – Component (meta) model, including contracts and argumenta8on fragments – Safety-­‐contract concept for reusable components (strong and weak contracts) – (Semi-­‐) automa8c generaJon of argument-­‐
fragments from safety contracts C"
C"
Questions or comments?
9 2014-­‐05-­‐21 Bonus slides Strengths Mission: The MDH Dependable systems team wants to be a key academic player that provides research results and competence to support Swedish companies meet the future challenges of effecJve, efficient and predictable development of safety-­‐relevant so`ware-­‐intensive products. • Excellent mix of complementary competences – safety cer8fica8on, safety argumenta8on, component-­‐
based development, fault-­‐tolerance, real-­‐8me systems, data communica8on, formal modeling and analysis, … • Interna8onal research environment – MDH staff + visitors and coopera8on • External funding – Na8onal (VR, SSF, Vinnova, KKS) & Interna8onal (EU) • Industrial rela8ons and coopera8on – ABB, AVL, Boliden, Bombardier, Scania, Thales, TTTech, Volvo + several SMEs 10 2014-­‐05-­‐21 Relevant groups • Na8onal – KTH (Mar8n Törngren) – Linköping (Simin Nadjm-­‐Tehrani), – Chalmers (Johan Karlsson) • Int’l –
–
–
–
–
–
–
–
York (Tim Kelly/John McDermid), Newcastle (John Fitzgerald/Alexander Romanovski), INRIA (Liliana Cucu-­‐Grosjean), Erlangen-­‐Nurenburg (Francesca Sagliey), LAAS-­‐CNRS (David Powell), Florence (Andrea Bondavalli), Virginia (John Knight), and MIT (Nancy Leveson). Process for composable safety Component Develop-­‐ ment/cerJficaJon System Develop-­‐ ment/cerJficaJon • Vision – Co-­‐cer8fica8on: Cost-­‐efficient reuse of components across products and domains • Results – Safety process lines & process modeling – VROOM – requirement traceability management èreuse of argument fragments – Agile prac8ces in safety-­‐
engineering 11 2014-­‐05-­‐21 ArgumentaJon & evidence • Vision System%
opera:ng%
context%
– Reasoning about system safety from reusable component-­‐ centric evidence – Traceability from hazard mi8ga8on claims to evidence – Iden8fy claims that novel forms of evidence must support Evidences for argumenta8on –
–
–
–
–
–
–
Hazard%anal.%
&%Risk%asses.%
Argument%contracts%
Component%
1%safety%arg.%
module%
New%safety%
evidence%(e.g.%
test%results)%
• Results System%
design%
Main%
safety%
arg.%
module%
.%.%.%
Component%
n%safety%arg.%
module%
Reused%safety%
evidence%(e.g.%test%
coverage%analysis)%
Basic structure for composable safety argumenta8on Strategies for reasoning about 8ming claims Assessment of metrics for confidence (absolute metric important for reuse) Parametric Worst-­‐case execu8on-­‐8me (WCET) analysis Virtualiza8on framework for fault containment Tes8ng-­‐based approach to determine when to stop tes8ng (ALARP) Extension of fault-­‐tolerant approach: Vo8ng on Time and Value Demonstra8on • We have been looking into several applicaJon examples: – Inverted pendulum, Fuel-­‐level display, Bajery-­‐control, Liwing arm, Train display, ABS braking • Vision – To consider real industrial challenges in our research – To evaluate industrial applicability of research – To integrate and demonstrate research results • Plans – We will con8nue to use industrial examples and cases to guide our research (fuel-­‐level, bajery-­‐control, liwing-­‐arm) – We plan to add a post-­‐SafeCer iteraJon from mid 2015 for the VCE li`ing arm to integrate further Synopsis results 12 2014-­‐05-­‐21 Considered applica8on examples Scania Fuel Level EsJmaJon System Used in architectural level modeling, contracts, and model-­‐based verifica8on Inverted pendulum (academic example) Used in detailed evalua8on of fault tolerant design Safety Element out of
Context candidate
Angle sensor"
Potentiometer"
Variant 1: Trucks with liquid fuel engine
Maximatecc train display system Proprietary study with argumenta8on focus Motor"
Position
sensor"
AnJ-­‐lock braking system (ABS) Used in formal modeling and verifica8on study Volvo Liwing Arm Focus: safety-­‐cer8fica8on for product-­‐lines • A mechanical, hydraulic, electrical, electronic, and sowware system used in construc8on equipment • Abstracted from current produc8on equipment • Meant to conform to ISO 26262 safety standard • Used (in different configura8ons) on a wide range of equipment (for liwing, digging, cuyng, …) 13
