953 resultados para Safety-critical software
Resumo:
While the exact rate of incidence is unknown (due to the paucity of exposure data), it is acknowledged that safety compromising accidents and incidents occur in the led outdoor activity domain, and that they represent an important issue. Despite this, compared to other safety critical domains, very little is currently known about the key causal factors involved in such accidents and incidents. This report presents the findings derived from a review of the literature, the aim of which was to identify the Human Factors-related issues involved in accidents and incidents occurring in this area. In addition, to demonstrate the utility of systems-based, theoretically underpinned accident analysis methodologies for identifying the systemic and human contribution to accidents and incidents occurring in the led outdoor activity domain, three case-study accidents were analysed using two such approaches. In conclusion, the review identified a range of causal factors cited in the literature; however, it was noted that the majority of the research undertaken to date lacks theoretical underpinning and focuses mainly on instructor or activity leader causal factors, as opposed to the wider system failures involved. The accident analysis presented highlighted the utility of systems-based, theoretically underpinned accident analysis methodologies for analysing and learning from accidents and incidents in the led outdoor activity sector. In closing, the need for further research in the area is articulated, in particular focussing on the development of standardised and universally accepted accident and incident reporting systems and databases, the development of data driven, theoretically underpinned causal factor taxonomies, and the development and application of systems-based accident analysis methodologies.
Resumo:
Insulated Rail Joints (IRJs) are safety critical component of the automatic block signalling and broken rail detection systems. IRJs exhibit several failure modes due to complex interaction between the railhead ends and the wheel tread near the gap. These localised zones could not be monitored using automatic sensing devices and hence are resorted to visual inspection only, which is error prone and expensive. In Australia alone currently there are 50,000 IRJs across 80,000 km of rail track. The significance of the problem around the world could thus be realised as there exists one IRJ for each 1.6 km track length. IRJs exhibit extremely low and variable service life; further the track substructure underneath IRJs degrade faster. Thus presence of the IRJs incur significant costs to track maintenance. IRJ failures have also contributed to some train derailments and various traffic disruptions in rail lines. This paper reports a systematic research carried out over seven years on the mechanical behaviour of IRJs for practically relevant outcomes. The research has scientifically established that stiffening the track bed for reduction in impact force is an ill-conceived concept and the most effective method is to reduce the gap size. Further it is established that hardening the railhead ends through laser coating (or other) cannot adequately address the metal flow problem in the long run; modification of the railhead profile is the only appropriate technique to completely eliminate the problem. Part of these outcomes has been adopted by the rail infrastructure owners in Australia.
Resumo:
Objective: The aim of this study was to develop a model capable of predicting variability in the mental workload experienced by frontline operators under routine and nonroutine conditions. Background: Excess workload is a risk that needs to be managed in safety-critical industries. Predictive models are needed to manage this risk effectively yet are difficult to develop. Much of the difficulty stems from the fact that workload prediction is a multilevel problem. Method: A multilevel workload model was developed in Study 1 with data collected from an en route air traffic management center. Dynamic density metrics were used to predict variability in workload within and between work units while controlling for variability among raters. The model was cross-validated in Studies 2 and 3 with the use of a high-fidelity simulator. Results: Reported workload generally remained within the bounds of the 90% prediction interval in Studies 2 and 3. Workload crossed the upper bound of the prediction interval only under nonroutine conditions. Qualitative analyses suggest that nonroutine events caused workload to cross the upper bound of the prediction interval because the controllers could not manage their workload strategically. Conclusion: The model performed well under both routine and nonroutine conditions and over different patterns of workload variation. Application: Workload prediction models can be used to support both strategic and tactical workload management. Strategic uses include the analysis of historical and projected workflows and the assessment of staffing needs. Tactical uses include the dynamic reallocation of resources to meet changes in demand.
Resumo:
Cooperative Intelligent Transportation Systems (C-ITS) allow in-vehicle systems, and ultimately the driver, to enhance their awareness of their surroundings by enabling communication between vehicles and road infrastructure. C-ITS are widely considered as the next major step in driving assistance systems, aiming at increasing safety, comfort and mobility for drivers. However, any communicating systems are subjected to security threats. A key component for providing secure communications at a large scale is a Public Key Infrastructure (PKI). Due to the safety-critical nature of Vehicle-to-Vehicle (V2V) communications, a C-ITS PKI has functional, performance and scalability requirements that differ from traditional non-automotive environments. This paper identifies and defines the key functional and security requirements for C-ITS PKI systems and analyses proposed C-ITS PKI standards against these requirements. In particular, the proposed US and European C-ITS PKI systems are identified as being too complex and not scalable. The paper also highlights various privacy, security and scalability concerns that should be considered for a secure C-ITS PKI solution in the Australian transport landscape.
Resumo:
The Australian Naturalistic Driving Study (ANDS), a ground-breaking study of Australian driver behaviour and performance, was officially launched on April 21st, 2015 at UNSW. The ANDS project will provide a realistic perspective on the causes of vehicle crashes and near miss crash events, along with the roles speeding, distraction and other factors have on such events. A total of 360 volunteer drivers across NSW and Victoria - 180 in NSW and 180 in Victoria - will be monitored by a Data Acquisition System (DAS) recording continuously for 4 months their driving behaviour using a suite of cameras and sensors. Participants’ driving behaviour (e.g. gaze), the behaviour of their vehicle (e.g. speed, lane position) and the behaviour of other road users with whom they interact in normal and safety-critical situations will be recorded. Planning of the ANDS commenced over two years ago in June 2013 when the Multi-Institutional Agreement for a grant supporting the equipment purchase and assembly phase was signed by parties involved in this large scale $4 million study (5 university accident research centres, 3 government regulators, 2 third party insurers and 2 industry partners). The program’s second development phase commenced a year later in June 2014 after a second grant was awarded. This paper presents an insider's view into that two year process leading up to the launch, and outlines issues that arose in the set-up phase of the study and how these were addressed. This information will be useful to other organisations considering setting up an NDS.
Resumo:
Many real-time database applications arise in electronic financial services, safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. For real-time database systems supporting applications with firm deadlines, we investigate here the performance implications, in terms of killed transactions, of guaranteeing multilevel secrecy. In particular, we focus on the concurrency control (CC) aspects of this issue. Our main contributions are the following: First, we identify which among the previously proposed real-time CC protocols are capable of providing covert-channel-free security. Second, using a detailed simulation model, we profile the real-time performance of a representative set of these secure CC protocols for a variety of security-classified workloads and system configurations. Our experiments show that a prioritized optimistic CC protocol, OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel "dual-CC" approach that allows the real-time database system to simultaneously use different CC mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, concurrency control protocols that provide even better performance than OPT-WAIT are designed. Finally, we propose and evaluate GUARD, an adaptive admission-control policy designed to provide fairness with respect to the distribution of killed transactions across security levels. Our experiments show that GUARD efficiently provides close to ideal fairness for real-time applications that can tolerate covert channel bandwidths of upto one bit per second.
Resumo:
Formal specification is vital to the development of distributed real-time systems as these systems are inherently complex and safety-critical. It is widely acknowledged that formal specification and automatic analysis of specifications can significantly increase system reliability. Although a number of specification techniques for real-time systems have been reported in the literature, most of these formalisms do not adequately address to the constraints that the aspects of 'distribution' and 'real-time' impose on specifications. Further, an automatic verification tool is necessary to reduce human errors in the reasoning process. In this regard, this paper is an attempt towards the development of a novel executable specification language for distributed real-time systems. First, we give a precise characterization of the syntax and semantics of DL. Subsequently, we discuss the problems of model checking, automatic verification of satisfiability of DL specifications, and testing conformance of event traces with DL specifications. Effective solutions to these problems are presented as extensions to the classical first-order tableau algorithm. The use of the proposed framework is illustrated by specifying a sample problem.
Resumo:
Fault-tolerance is due to the semiconductor technology development important, not only for safety-critical systems but also for general-purpose (non-safety critical) systems. However, instead of guaranteeing that deadlines always are met, it is for general-purpose systems important to minimize the average execution time (AET) while ensuring fault-tolerance. For a given job and a soft (transient) error probability, we define mathematical formulas for AET that includes bus communication overhead for both voting (active replication) and rollback-recovery with checkpointing (RRC). And, for a given multi-processor system-on-chip (MPSoC), we define integer linear programming (ILP) models that minimize AET including bus communication overhead when: (1) selecting the number of checkpoints when using RRC, (2) finding the number of processors and job-to-processor assignment when using voting, and (3) defining fault-tolerance scheme (voting or RRC) per job and defining its usage for each job. Experiments demonstrate significant savings in AET.
Resumo:
Software transactional memory (STM) is a promising programming paradigm for shared memory multithreaded programs. In order for STMs to be adopted widely for performance critical software, understanding and improving the cache performance of applications running on STM becomes increasingly crucial, as the performance gap between processor and memory continues to grow. In this paper, we present the most detailed experimental evaluation to date, of the cache behavior of STM applications and quantify the impact of the different STM factors on the cache misses experienced by the applications. We find that STMs are not cache friendly, with the data cache stall cycles contributing to more than 50% of the execution cycles in a majority of the benchmarks. We find that on an average, misses occurring inside the STM account for 62% of total data cache miss latency cycles experienced by the applications and the cache performance is impacted adversely due to certain inherent characteristics of the STM itself. The above observations motivate us to propose a set of specific compiler transformations targeted at making the STMs cache friendly. We find that STM's fine grained and application unaware locking is a major contributor to its poor cache behavior. Hence we propose selective Lock Data co-location (LDC) and Redundant Lock Access Removal (RLAR) to address the lock access misses. We find that even transactions that are completely disjoint access parallel, suffer from costly coherence misses caused by the centralized global time stamp updates and hence we propose the Selective Per-Partition Time Stamp (SPTS) transformation to address this. We show that our transformations are effective in improving the cache behavior of STM applications by reducing the data cache miss latency by 20.15% to 37.14% and improving execution time by 18.32% to 33.12% in five of the 8 STAMP applications.
Resumo:
The basic framework and - conceptual understanding of the metallurgy of Ti alloys is strong and this has enabled the use of titanium and its alloys in safety-critical structures such as those in aircraft and aircraft engines. Nevertheless, a focus on cost-effectiveness and the compression of product development time by effectively integrating design with manufacturing in these applications, as well as those emerging in bioengineering, has driven research in recent decades towards a greater predictive capability through the use of computational materials engineering tools. Therefore this paper focuses on the complexity and variety of fundamental phenomena in this material system with a focus on phase transformations and mechanical behaviour in order to delineate the challenges that lie ahead in achieving these goals. (C) 2012 Acta Materialia Inc. Published by Elsevier Ltd. All rights reserved.
Resumo:
In a cyber physical system like vehicles number of signals to be communicated in a network system has an increasing trend. More and more mechanical and hydraulic parts are replaced by electronic control units and infotainment and multimedia applications has increased in vehicles. Safety critical hard real time messages and aperiodic messages communicated between electronic control units have been increased in recent times. Flexray is a high bandwidth protocol consisting of static segment for supporting hard real time messages and a dynamic segment for transmitting soft and non real time messages. In this paper, a method to obtain the stability region for the random arrival of messages in each electronic control units which is scheduled in the dynamic segment of Flexray protocol is presented. Number of mini slots available in the dynamic segment of Flexray restricts the arrival rate of tasks to the micro controllers or the number of micro controllers connected to the Flexray bus. Stability region of mathematical model of the system is compared with the Flexray protocol simulation results.
Resumo:
The two most important digital-system design goals today are to reduce power consumption and to increase reliability. Reductions in power consumption improve battery life in the mobile space and reductions in energy lower operating costs in the datacenter. Increased robustness and reliability shorten down time, improve yield, and are invaluable in the context of safety-critical systems. While optimizing towards these two goals is important at all design levels, optimizations at the circuit level have the furthest reaching effects; they apply to all digital systems. This dissertation presents a study of robust minimum-energy digital circuit design and analysis. It introduces new device models, metrics, and methods of calculation—all necessary first steps towards building better systems—and demonstrates how to apply these techniques. It analyzes a fabricated chip (a full-custom QDI microcontroller designed at Caltech and taped-out in 40-nm silicon) by calculating the minimum energy operating point and quantifying the chip’s robustness in the face of both timing and functional failures.
Resumo:
This thesis is motivated by safety-critical applications involving autonomous air, ground, and space vehicles carrying out complex tasks in uncertain and adversarial environments. We use temporal logic as a language to formally specify complex tasks and system properties. Temporal logic specifications generalize the classical notions of stability and reachability that are studied in the control and hybrid systems communities. Given a system model and a formal task specification, the goal is to automatically synthesize a control policy for the system that ensures that the system satisfies the specification. This thesis presents novel control policy synthesis algorithms for optimal and robust control of dynamical systems with temporal logic specifications. Furthermore, it introduces algorithms that are efficient and extend to high-dimensional dynamical systems.
The first contribution of this thesis is the generalization of a classical linear temporal logic (LTL) control synthesis approach to optimal and robust control. We show how we can extend automata-based synthesis techniques for discrete abstractions of dynamical systems to create optimal and robust controllers that are guaranteed to satisfy an LTL specification. Such optimal and robust controllers can be computed at little extra computational cost compared to computing a feasible controller.
The second contribution of this thesis addresses the scalability of control synthesis with LTL specifications. A major limitation of the standard automaton-based approach for control with LTL specifications is that the automaton might be doubly-exponential in the size of the LTL specification. We introduce a fragment of LTL for which one can compute feasible control policies in time polynomial in the size of the system and specification. Additionally, we show how to compute optimal control policies for a variety of cost functions, and identify interesting cases when this can be done in polynomial time. These techniques are particularly relevant for online control, as one can guarantee that a feasible solution can be found quickly, and then iteratively improve on the quality as time permits.
The final contribution of this thesis is a set of algorithms for computing feasible trajectories for high-dimensional, nonlinear systems with LTL specifications. These algorithms avoid a potentially computationally-expensive process of computing a discrete abstraction, and instead compute directly on the system's continuous state space. The first method uses an automaton representing the specification to directly encode a series of constrained-reachability subproblems, which can be solved in a modular fashion by using standard techniques. The second method encodes an LTL formula as mixed-integer linear programming constraints on the dynamical system. We demonstrate these approaches with numerical experiments on temporal logic motion planning problems with high-dimensional (10+ states) continuous systems.
Resumo:
We survey several of the research efforts pursued by the iBench and snBench projects in the CS Department at Boston University over the last half dozen years. These activities use ideas and methodologies inspired by recent developments in other parts of computer science -- particularly in formal methods and in the foundations of programming languages -- but now specifically applied to the certification of safety-critical networking systems. This is research jointly led by Azer Bestavros and Assaf Kfoury with the participation of Adam Bradley, Andrei Lapets, and Michael Ocean.
