Statutes  
Annual Meeting  
Board  
Awards  
Conferences  
Education  
Join SNART  
Members only  
Related Info  
Real-Time Tools  

SNART seminar 2002

Scope of the seminar and the panel

The Snart/Encress seminar on August 19, 2002, had a focus on safety critical real-time systems. At the seminar the invited speaker, Prof Dave Parnas, talked about the importance of software documentation to describe a design. He then presented one approach that emphasizes readability at the same time as formality to enhance the software development. About 80 persons attended the seminar that ended with a panel discussing "safety of future embedded systems" with the idea to address key challenges and how they can be addressed.

The topic for the panel was formulated as follows by the panel moderator: In the coming era of ubiquitous and embedded computing, electronics, software, sensors and novel actuators will provide completely new functionalities promising to enhance our everyday lifes. Examples of such functionalities include active collision avoidance, convoying and drive by wire in automobiles, robotic assistants in houses, and robot assisted surgery. While such functionalities can be beneficial and even save lives given that they work properly, their realisation requires complex embedded systems that may jeopardize the safety (dependability in a broader sense) of the new products. The embedded systems provide many new failure modes both at component and at the system level. While it probably can be argued that such new products can be built to be safe enough it is questionable whether current technologies and methodologies allows this in a sufficiently cost-efficient manner. One open question for the panel is how such safety critical systems can be built to be safe enough in a cost-efficient manner?

The panelists were asked to initially present their view on the following questions:
What is the most important problem that needs to be addressed to enable the development of  dependable products such as the above mentioned ones?
Is there a key technique or method that drastically could improve the current state of practice?

The panel participants included

• Simin Nadjm Tehrani, Ass. Prof, Linkping Univ. of Technology
• Rolf Johansson, PhD- Senior Safety specialist, CRT (www.crt.se)
• Peter Eriksson, Senior Specialist, ABB Robotics
• Harold Bud Lawson, Prof.
• David Lorge Parnas, Prof.
• Martin Törngren, Prof, panel moderator.

Summary of problems/issues raised by the panelists and the audience

• Trade-offs between different requirements and system qualities is becoming very difficult. As an example the obvious conflict between time to market, cost and safety was mentioned.
• Multidisciplinarity is required for safety critical systems that typically require skills from different disciplines, meaning among other things that different models and techniques for analysis and design are required and moreover need to be properly combined. In addition people with different background needs to understand each other.
• The combinatorial explosion inherent in digital and state based systems reflecting the system complexity and making for example verification difficult.
• System complexity and systems integration, involving many stakeholders, companies and subsystems in producing an end product.
• The evolving nature and long life time of many products, meaning new/changed requirements and features which affect the whole system and pose major challenges to an architecture and system maintainence.
• The difficulty of finding major contributions to unsafety where one problem is that people (e.g. designers) do not like to find weaknessess of their own designs (on a broader scope this relates to companies uninterest to reveal incidents etc.).
• Components and their reuse is a key problem since safety is a systems property and thus always has to be analysed and ensured given the relevant system context making component reuse in safety critical systems a difficult problem.
• The relevant education in software engineering is missing, as is a common understanding of what the core body of knowledge that should be taught.
• There is a need for licensing of engineers working with safety critical systems.
• The importance of human factors was emphasized where users of safety critical systems are part of a safety critical system and where there many incidents and accidents have been due to poor human - machine interaction/understanding.
• Available techniques and methods for safety critical systems need to be modifed (or new ones invented) to handle software (Inga-Lill)

Summary of key solutions/approaches towards the above mentioned problems as raised by the panelists and the audience

• Compositional reasoning can be a key by providing the ability to reason about properties of combinations of components. The availability of such techniques will be a step towards enabling faster development and verification.
• Selection and deployment of the "right" system architecture for the problem. An example with the ATC system architecture that remained stable for many years was mentioned.
• Holistic view of the roles and responsibilities of the stakeholders involved as encapsulate in life cycle processes (e.g. ISO/IEC 15288)
• Support for the processes in the form of minimal but sufficient methods and tools.
• To be able to pinpoint the really critical parts of a system/design and then to be able to isolate that part as far as possible to facilitate and simplify system development and maintainance.
• One key is to learn from other branches with a well established safety culture. The establishment of a safety culture is perhaps the most important aspect.
• A key is to mimise complexity so that the system can be properly developed and maintained. Complexity reduction means to simplify the failure modes and this can be achieved by proper system decomposition. Also, from an analysis point of view, system complexity can be reduced by identifying behavioural modes.
• Documentation is key to proper understanding/analysis/design and maintainence, thus one of the most central issues.
• There is a need for licensing of engineers working with safety critical systems.