Pattern-based application of safety mechanisms in XANDAR
Designing embedded systems for safety-critical environments such as the aerospace or the automotive domain is an inherently challenging task. This is especially true if safety requirements are combined with properties such as the need for high computational performance, the integration of non-deterministic Machine Learning (ML) algorithms, or external communication interfaces that connect the system to an untrusted network. In these cases, an appropriate combination of safety mechanisms must be applied to prevent the occurrence of hazardous events. As the complexity of embedded systems grows, however, this application can become a time-consuming and error-prone endeavour.
An essential goal of the XANDAR project is to increase the degree of automation that is associated with this complex task. The devised approach is based on an extensible library of safety patterns, i.e., a collection of verified design-time procedures for safety that can be annotated to certain system entities. In the sense of the X-by-Construction (XbC) paradigm, the design-time procedures associated with annotated patterns are executed to auto-generate hardware and software artefacts that implement the desired safety mechanisms. This extensible library is also referred to as the “XbC pattern library” and forms an integral of the model-based frontend of the XANDAR development process:
XANDAR development process taken from [2]
At this year’s IEEE Computer Society Annual Symposium on VLSI (ISVLSI 2022), which took place from July 4 to July 6 in Pafos (Cyprus), the XANDAR consortium has seized the opportunity to discuss this novel approach with researchers and practitioners from the area of Very Large-Scale Integration (VLSI).
The presentation given by the Karlsruhe Institute of Technology (KIT) was focused on how the pattern library concept can be used to automate the application of safety mechanisms commonly applied to multiprocessor system-on-chip devices (MPSoCs). After an introduction into the concept itself, three specific safety mechanisms from the MPSoC context were analyzed for their compatibility with the approach:
- Hypervisor-based on-chip redundancy in the sense of [3]
- Cost-efficient fault tolerance using the System-Level Simplex Architecture [4]
- Hardware-enforced information flow control using the approach from [5]
A preprint of the extended abstract [2], which gives an overview of the conveyed ideas, is publicly available from the KITopen repository. We are happy to take the positive feedback we received at the conference into account and look forward to driving the development of the XbC pattern library further!
[1] | M. H. ter Beek, L. Cleophas, I. Schaefer, B. W. Watson. X-by-Construction. Leveraging Applications of Formal Methods, Verification and Validation: Modeling, T. Margaria and B. Steffen, Eds. Springer International Publishing, vol. 11244, pp. 359–364. October 2018. |
[2] | T. Dörr, F. Schade, L. Masing, et al. Safety by Construction: Pattern-Based Application of Safety Mechanisms in XANDAR, 2022 IEEE Computer Society Annual Symposium on VLSI, in press. |
[3] | E. Missimer, R. West. Distributed Real-Time Fault Tolerance on a Virtualized Multi-Core System, Operating Systems Platforms for Embedded Real-Time applications (OSPERT ’14), July 2014. |
[4] | S. Bak, D. K. Chivukula, O. Adekunle, et al. The System-Level Simplex Architecture for Improved Real-Time Embedded System Safety, 15th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS ’09), April 2009. |
[5] | T. Dörr, T. Sandmann, J. Becker. Model-based configuration of access protection units for multicore processors in embedded systems, Microprocessors and Microsystems, volume 87. November 2021. |