1

Functional Safety andEmbedded Software

Marijn Temmerman KdG-Hogeschool

1Seminar Functional Safety, KHBO, 6/2/2013

Content Who are we ?

Functional safety in embedded software ?

more questions than answers

New Tetra project on Functional Safety

Seminar Functional Safety, KHBO, 6/2/2013 2

2

KHBO, 6/2/2013 3

Constrained Systems Lab

applied engineeringfor embedded and distributed systems

Expertise• Sensor processing• Distributed systems• Embedded software development

• Model-based design, Autosar, ASIL, embedded multicore, SW engineering,static code analysis

History

KHBO, 6/2/2013 4

since 1/1/2013

http://www.cosys-lab.be

3

Team: 19 members

• Senior researchers / Docents 5

• Post-docs 2

• PhD students 7

• Project members 5

KHBO, 6/2/2013 5

Application domains• Current

– Mechatronics - Automotive

– Health care

– Ambient intelligence

– Construction

• Changes dynamically

Seminar Functional Safety, KHBO, 6/2/2013 6

Safety and Software ?

4

Trends in Safety-related systems

• more e-devices are introduced in ordinary life

• we want people to feel safe anywhere

• increase in safety-related systems

• safety rules become stricter and more complex

• safety is very expensive

• shift to integrate safety functions in software

Seminar Functional Safety, KHBO, 6/2/2013 7

Functional Safety: a Life Cycle project

KHBO, 6/2/2013 8

5

Safety Standards for e-devices

• Generic standard: IEC EN 61508– “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-

related Systems”

• Many domain-specific standards– automotive: ISO 26262– medical: IEC 62304 – process industry: IEC 61511– railway: EN 50128 – military: UK Defence Standard 00-56 , MIL-STD-882E

– ….

• Standards provide many guidelines for a systematic product life cycle process WHAT

• What about: How To ?

Seminar Functional Safety, KHBO, 6/2/2013 9

Seminar Functional Safety, KHBO, 6/2/2013 10

Partial overview of a functional-safety standard

6

Functional Safety in Software

• requires a systematic and holistic approach

• follows the system safety development process

– SW safety planning

– SW-related hazard identification and risk assessment

– risk reduction of computing (sub)systems

– SW verification and validation

– anomaly reporting and SW change management

Seminar Functional Safety, KHBO, 6/2/2013 11

Unique attributes of SW

• HW mostly fails because of deficiencies and variabilities in

– production

– maintenance

– environmental conditions: electromagnetic, …

• SW is “invisible”

• SW does not break or wear out like HW

• SW faults are primarily systematic (not random)

Seminar Functional Safety, KHBO, 6/2/2013 12

7

Unique attributes of SW (2)• SW faults are caused by

– errors in specification of the system

– design faults

• SW is complex– SW behavior is difficult to describe mathematically

– essentially impossible to test all failure modes

– nearly impossible to remove all faults

• SW can be changed easily– ripple effect in behavior ?

– impact on safety ?

Seminar Functional Safety, KHBO, 6/2/2013 13

Software & Safety: how?

• Focus on SW failure prevention

– preventing faults to enter the SW system

– verification and validation of the SW system

– design of fault-tolerant SW

Focus in SW design process

– requirements definition

– design of SW architecture for safety

– implementation and coding | code generation

– verification and validation

Seminar Functional Safety, KHBO, 6/2/2013 14

8

Seminar Functional Safety, KHBO, 6/2/2013 15

extract from ISO 26262 Automotive

e-device = HW and SW Safety = safe HW and safe SW

New project: FS4ES

• FS4ES: Functional Safety for Embedded Software

• Project team: KHBO + KdG + FMTC

• If accepted

– 2 years, starting in October 2013

– budget for 71 mm

• Tetra project– funded by IWT

– Tetra = Technology Transfer to improve innovation in SME in Flanders

KHBO, 6/2/2013 16

9

Project User Group

• UG also determines the course of the project

• composed of 2 types of companies– R&D oriented

• Flanders’ Drive

• FMTC

• Dana

• …

– SME • …

Seminar Functional Safety, KHBO, 6/2/2013 17

Objectives

• CMS

with reviews of relevant documents

• CookbookPractical guidelines for Functional Safety in Embedded

Software

Based on practical case studies for SME from the UG

Seminars

Workshops at companies home

Seminar Functional Safety, KHBO, 6/2/2013 18

10

Focus• SW design patterns for FS

• Testing strategies for FS

• SW implementation of FS

• SW tools and SW process for FS

Seminar Functional Safety, KHBO, 6/2/2013 19

SW Patterns for FS

KHBO, 6/2/2013 20

a software voter

a software watchdog

11

implementation• coding guidelines:

– MISRA-C ?

• what about variables?

• safe OS ?

• use of specific HW platforms?– e.g. Freescale Qorivva MPC5643L 32-bit

KHBO, 6/2/2013 21

dual-core can be statically switched between lockstep mode to decoupled parallel mode

KHBO, 6/2/2013 22

12

KHBO, 6/2/2013 23

KHBO, 6/2/2013 24

13

Contact

• KHBO (KHBO, EP)dr. ing. Jeroen Boydens

jeroen.boydens@khbo.be

• KdG (KdG, CoSys-Lab)dr. ir. Marijn Temmerman

marijn.temmerman@kdg.be

KHBO, 6/2/2013 25