Stable Embedded Software Systems
|
|
- Bernadette Tucker
- 6 years ago
- Views:
Transcription
1 Building Stable Embedded Software Systems Lui Sha Feb
2 The challenges of building large systems FAA's major modernization project, the Advanced Automation System (AAS), was originally estimated to cost $2.5 billion with a completion date of In 1994, FAA cancelled the AAS program, casting aside 11 years of development time and, according to GAO, wasting more than $1.5 billion of taxpayer money. According to a study by IBM, in a typical commercial development organization, debugging, testing, and verification activities can easily range from 50 to 75 percent of the total development cost. lrs@cs.uiuc.edu 2
3 Unexpected interactions Implicit and inconsistent assumptions and abstractions Incompatible Cross Domain Protocols Incompatible assumptions of HW & SW regarding the operation of legs led to the loss of the Mars Polar Lander Pathological Interaction between RT and sync. protocols Pathfinder caused repeated resets, nearly doomed the mission 3
4 Systems Instabilities Operationally, an unstable system is one that would allow a fault in a non-critical component to cascade into system failure. For example, on June , about 40 seconds after initiation of the flight sequence, at an altitude of about 3700 m, Araine 5 veered from its flight path, broke up and exploded. The most astonishing investigation result is that the root cause was within a reused Ariane 4 software component not required by Ariane 5[1]. [1] lrs@cs.uiuc.edu 4
5 Too Close for Comfort Recently, emergency AD was issued on August 29, FAA explains as follows: we received a recent report of a significant noseup pitch event on a Boeing Model series airplane while climbing through 36,000 feet altitude. The flight crew disconnected the autopilot and stabilized the airplane, during which time the airplane climbed above 41,000 feet, decelerated to a minimum speed of 158 knots, and activated the stick shaker. We have evaluated all pertinent information and identified an unsafe condition that is likely to exist or develop on other Boeing Model 777 airplanes of this same type design. These anomalies could result in high pilot workload, deviation from the intended flight path, and possible loss of control of the airplane. lrs@cs.uiuc.edu 5
6 How to build a reliable service? There two parties of thoughts Fault avoidance party: Put all the eggs in a bullet-proof basket Fault tolerance party: Use diversity, e.g., N-version programming Which party will you vote for? lrs@cs.uiuc.edu 6
7 Complexity, diversity and reliability To build a robust software system that can tolerate software faults, we must understand the relations between software Complexity: the root cause of software faults Diversity: a necessary condition for software fault tolerance. Reliability: a function of complexity and diversity We shall begin with postulates based self-evident facts lrs@cs.uiuc.edu 7
8 Software development postulates We assert that the following postulates self-evident P1: Complexity Breeds Bugs: Everything else being equal, the more complex the software project is, the harder it is to make it reliable. P2: All Bugs are Not Equal: You fix a bunch of obvious bugs quickly, but finding and fixing the last few bugs is much harder. P3: All Budgets are Finite: There is only a finite amount of effort (budget) that we can spend on any project. How can we model software complexity? lrs@cs.uiuc.edu 8
9 Logical complexity Computational complexity => the number of steps in computation. Logical complexity => the number of steps in verification. A program can have different logical and computational complexities. Bubble-sort: lower logical complexity but higher computational complexity. Heap sort: the other way around. Residue logical complexity. A program could have high logical complexity initially. However, if it has been verified and can be used as is, then the residue complexity is zero lrs@cs.uiuc.edu 9
10 The implications P1: Complexity Breeds Bugs: For a given mission duration t, the reliability of software decreases as complexity increases. P2: All Bugs are Not Equal: for a given degree of complexity, the reliability function has a monotonically decreasing rate of improvement with respect to development effort. P3: Budgets are finite: Diversity is not free. That is, if we go for n version diversity, we must divide the available effort n-ways. One simple model that satisfies P1, P2 and P3 Sum of efforts used in diversity = available effort Reliability function: e k (complexity / effort ) t lrs@cs.uiuc.edu 10
11 Diversity, complexity and reliability 3-version programming 1-version programming A reliable core with 10x complexity reduction. Analysis shows that what really counts is not the degree of diversity. Rather it is the existence of a simple and reliable core that can guarantee the stability of the system. This result is also robust against change of model assumptions. --- Using Simplicity to Control Complexity, IEEE Software 7/8, 2001, L. Sha lrs@cs.uiuc.edu 11
12 On stability In the foreseeable future, we can only build a small number of modest size defect free components at great expense. To plan otherwise is imprudent is overly optimistic at best. We need to learn to build structurally stable software systems with A small number defect free components A modest number of nearly defect free components A majority of COTS quality components with residual bugs. lrs@cs.uiuc.edu 12
13 When You Can t Keep it Simple Conceptually, to ensure the stability of a software system, we need to 1. Separate requirements into different criticality levels 2. Allocate requirements with different criticality levels to different components 3. Ensure that critical components can only USE but not DEPEND on the service of non-critical components 4. Ensure that critical components are simple enough so that we can build it reliable But it is hard to keep things simple in practice because of the features and performance that we want. A solution to the reliability vs performance dilemma is to use analytically redundant components that allow us to use simplicity to control complexity. lrs@cs.uiuc.edu 13
14 Some Questions What is the definition of stability in a software system? How to develop analytically redundant components and safely use unreliable services? How can analytic redundancy help solve the infamous state explosion problem? What is the domain of convergence in software stability control? How can we analyze the structural stability of a software system? We shall illustrate these idea by a simple example lrs@cs.uiuc.edu 14
15 An example Once upon a time, there was an exam on sorting programs. Grades are given as follows: A: Correct and fast: n log (n) in worst case B: Correct but slow F: Incorrect Joe can verify his bubble sort, but has only 50% chance to write Heap Sort correctly. What is his optimal strategy? lrs@cs.uiuc.edu 15
16 Stability of a software system Often, requirements can be decomposed into Critical (correctness) requirements Sorting: output numbers in correct order; TSP: visit every city exactly once Control: stable and controllable Performance optimization Sorting: faster TSP: shorter path Control: less time/error/energy Heap Sort Bubble Sort Bounded responses to errors: A stable software system is one that can maintain key properties in spite of errors in non-critical components lrs@cs.uiuc.edu 16
17 Stability control What if the untrusted sorting program alters an item in the input list? 1. Create a verified simple primitive called permute 2. Untrusted sorting software is not allowed to touch the input list except use the permute primitive. 3. Enforce the restriction using an object with (only) method permute Under stability control, the untrusted Heap-sort can only produce out of order application errors. Domain of convergence in software error control is the states that satisfy the precondition of recovery procedure. Stability control is the mechanism used to ensure the preconditions will hold. State explosion in stability controlled component is a non-problem A stable system allows for SAFE TESTING of NEW COMPONENTS lrs@cs.uiuc.edu 17
18 Stability control for control software LynxOS A/V Streams Simplex annotated, pre-recorded presentation (e.g. HTML) (in case of communication failures) A/V Streams Win98/NT Win98/NT Win98/NT : Telelab Screen Shot click project, click drii, click telelab download lrs@cs.uiuc.edu 18
19 Transform depend relation to USE relation Having a reliable controller, we identify the recovery region within which the controller can operate successfully. Recovery region is a subset of the states that are admissible with respect to operational constraints The largest recovery region can be found using LMI. This approach is applicable to any linearizable systems. They cover most of the practical control systems. X AX T A Q + Q A < 0 min l og det Q subject to 1 T C X < 1 operational constraints Stability envelope Recovery Region The system under new complex controller must stay within recovery region T Safety switching rule: X QX < 1 lrs@cs.uiuc.edu 19
20 Simplex Architecture for Control Trusted simple and reliable controller Stability Monitoring Plant T X QX < 1 Online upgradeable complex controller Data Flow Block Diagram lrs@cs.uiuc.edu 20
21 The Inescapable Conclusion The complexity of software has long past the state that we can produce 100% defect free software. Denying this is naïve at best. However, our society is increasingly rely upon software whose complexity is ever increasing. And it is unacceptable to let a minor error to cascade and bring down a major system. The inescapable conclusion is that we must develop the scientific foundation for engineering stable software systems: systems not completely error free but can reliably deliver essential services in spite of residual errors. All features are not equal. Some are safety critical, some mission critical, some useful and some have questionable values The key is have a reliable core and well formed dependency. A critical component may USE but not DEPEND on less critical services. lrs@cs.uiuc.edu 21
22 Reasons to be Optimistic United States of America is a highly stable and evolvable system. It has grown and made truly remarkable progress by the metric of civilization, even though many problems remain. But its basic components, human beings, are complex, error prone, and hard to test or verify. There are thousands of residual bugs in the telecomm network and it remains highly reliable. There are perhaps millions of bugs in the World Wide Web system of systems, but it is remarkably stable. Complex but stable systems are uncommon but can be and have been built. lrs@cs.uiuc.edu 22
23 Appendix 23
24 Sources of difficulties Unexpected interactions resulting from incompatible abstractions, incorrect or implicit assumptions in system interfaces, and incompatible real time, fault tolerance, and security protocols. Inadequate development infrastructure as reflected in the lack of domain specific-reference architectures, tools, and design patterns with known and parameterized real time, robustness, and security properties. System instabilities that result when faults and failures in one component cascade along complex and unexpected dependency graphs resulting in catastrophic failures in a large part or even an entire system. lrs@cs.uiuc.edu 24
25 Not Isolated Incidents These are not isolated incidents. Rather, accidents and developmental problems are the manifestation of building modern avionics systems with a complexity higher than what can be handled by existing technological infrastructure. The Standish group reported that a staggering 31.1% of projects will be canceled before they ever get completed. Further results indicate 52.7% of projects will cost 189% of their original estimates. The cost of these failures and overruns are just the tip of the proverbial iceberg. [2] [1] [2] lrs@cs.uiuc.edu 25
26 Stable Systems In most applications, all features are not equal: some are critical, some are important, some are useful, and some are superfluous. Giving the existing technologies, industry can only afford to make critical features highly reliable. Complex and unknown dependency relations are a key contributor to software system instability. That is, a seemingly minor fault in a non-critical service can cascade along dependency chains and bring down the whole system. A stable software system is one that guarantees critical system properties and allows safe exploitation of imperfect but useful components. lrs@cs.uiuc.edu 26
ECE 60872/CS 590: Fault-Tolerant Computer System Design Software Fault Tolerance
ECE : Fault-Tolerant Computer System Design Software Fault Tolerance Saurabh Bagchi School of Electrical & Computer Engineering Purdue University Some material based on ECE442 at the University of Illinois
More informationComplexity-Reducing Design Patterns for Cyber-Physical Systems. DARPA META Project. AADL Standards Meeting January 2011 Steven P.
Complexity-Reducing Design Patterns for Cyber-Physical Systems DARPA META Project AADL Standards Meeting 24-27 January 2011 Steven P. Miller Delivered to the Government in Accordance with Contract FA8650-10-C-7081
More informationSafety Architecture Patterns
Tutorial: Safety Architecture Patterns Philip Koopman, Ph.D. These tutorials are a simplified introduction, and are not sufficient on their own to achieve system safety. You are responsible for the safety
More information15. Regression testing
Outline 15. Regression testing Tom Verheyen, Jelle Slowack, Bart Smets, Glenn Van Loon Introduction - What, why, when, how - Regression faults - Test automation - Test suite maintenance - Reducing a test
More informationObject-Oriented and Classical Software Engineering
Slide 6.1 Object-Oriented and Classical Software Engineering Seventh Edition, WCB/McGraw-Hill, 2007 Stephen R. Schach srs@vuse.vanderbilt.edu CHAPTER 6 Slide 6.2 TESTING 1 Overview Slide 6.3 Quality issues
More informationObject-Oriented and Classical Software Engineering
Slide 6.1 Object-Oriented and Classical Software Engineering Seventh Edition, WCB/McGraw-Hill, 2007 Stephen R. Schach srs@vuse.vanderbilt.edu CHAPTER 6 Slide 6.2 TESTING Overview Slide 6.3 Quality issues
More informationA Multi-Modal Composability Framework for Cyber-Physical Systems
S5 Symposium June 12, 2012 A Multi-Modal Composability Framework for Cyber-Physical Systems Linh Thi Xuan Phan Insup Lee PRECISE Center University of Pennsylvania Avionics, Automotive Medical Devices Cyber-physical
More informationThe University of Iowa Fall CS:5810 Formal Methods in Software Engineering. Introduction
The University of Iowa Fall 2017 CS:5810 Formal Methods in Software Engineering Introduction Copyright 2017, Cesare Tinelli, Pierre-Loïc Garoche, Reiner Hänle, Steven Miller These notes are copyrighted
More informationBasic Definitions: Testing
Basic Definitions: Testing l What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults a.k.a. BUGS 1 Bugs Hopper s bug (moth stuck in a
More informationCritical Systems. Objectives. Topics covered. Critical Systems. System dependability. Importance of dependability
Objectives Critical Systems To explain what is meant by a critical system where system failure can have severe human or economic consequence. To explain four dimensions of dependability - availability,
More information3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity
3 Ways Businesses Use Network Virtualization A Faster Path to Improved Security, Automated IT, and App Continuity INTRODUCTION 2 Today s IT Environments Are Demanding Technology has made exciting leaps
More informationTSW Reliability and Fault Tolerance
TSW Reliability and Fault Tolerance Alexandre David 1.2.05 Credits: some slides by Alan Burns & Andy Wellings. Aims Understand the factors which affect the reliability of a system. Introduce how software
More informationJust-In-Time Certification
Just-In-Time Certification John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Just-In-Time Certification: 1 Certification Provides assurance that deploying
More informationStatic Analysis of Embedded Systems
Static Analysis of Embedded Systems Xavier RIVAL rival@di.ens.fr Outline Case study Certification of embedded softwares Demo Static Analysisof Embedded Systems p.2/12 Ariane 5 Flight 501 Ariane 5: sattelite
More informationPart 2: Basic concepts and terminology
Part 2: Basic concepts and terminology Course: Dependable Computer Systems 2012, Stefan Poledna, All rights reserved part 2, page 1 Def.: Dependability (Verlässlichkeit) is defined as the trustworthiness
More informationPERFORMANCE OF GRID COMPUTING FOR DISTRIBUTED NEURAL NETWORK. Submitted By:Mohnish Malviya & Suny Shekher Pankaj [CSE,7 TH SEM]
PERFORMANCE OF GRID COMPUTING FOR DISTRIBUTED NEURAL NETWORK Submitted By:Mohnish Malviya & Suny Shekher Pankaj [CSE,7 TH SEM] All Saints` College Of Technology, Gandhi Nagar, Bhopal. Abstract: In this
More informationFAQ: Database System Development Life Cycle
Question 1: Why study database management system (DBMS) designs? Answer 1: Understanding and designing databases is truly an evolutionary learning process. There is not a right way or a wrong way to develop
More informationAnders Fröberg TDDD80 STORAGE AND TESTING
Anders Fröberg anders.froberg@liu.se TDDD80 STORAGE AND TESTING 1 Agenda: Test Unit testing vs Traditional Testing Debugging and Refactoring Deployment (Test Driven Development (TDD)) (Acceptance Test
More informationBC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology?
BC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology? Executive Director Business Continuity Services April 1, 2008 2008 Development Company, L.P. The information contained herein
More informationPrinciples of Program Analysis. Lecture 1 Harry Xu Spring 2013
Principles of Program Analysis Lecture 1 Harry Xu Spring 2013 An Imperfect World Software has bugs The northeast blackout of 2003, affected 10 million people in Ontario and 45 million in eight U.S. states
More informationTESTING. Overview Slide 6.2. Testing (contd) Slide 6.4. Testing Slide 6.3. Quality issues Non-execution-based testing
Slide 6.1 Overview Slide 6.2 Quality issues Non-execution-based testing TESTING Execution-based testing What should be tested? Testing versus correctness proofs Who should perform execution-based testing?
More informationUnderstanding Software Engineering
McBreen.book Page 3 Wednesday, August 1, 2001 10:08 PM Chapter 1 Understanding Software Engineering In order to understand software engineering, we first need to look at the projects that were reported
More information6.828: OS/Language Co-design. Adam Belay
6.828: OS/Language Co-design Adam Belay Singularity An experimental research OS at Microsoft in the early 2000s Many people and papers, high profile project Influenced by experiences at
More informationRace Catcher. Automatically Pinpoints Concurrency Defects in Multi-threaded JVM Applications with 0% False Positives.
Race Catcher US and International Patents Issued and Pending. Automatically Pinpoints Concurrency Defects in Multi-threaded JVM Applications with 0% False Positives. Whitepaper Introducing Race Catcher
More informationVerification and Test with Model-Based Design
Verification and Test with Model-Based Design Flight Software Workshop 2015 Jay Abraham 2015 The MathWorks, Inc. 1 The software development process Develop, iterate and specify requirements Create high
More informationCSE 417 Branch & Bound (pt 4) Branch & Bound
CSE 417 Branch & Bound (pt 4) Branch & Bound Reminders > HW8 due today > HW9 will be posted tomorrow start early program will be slow, so debugging will be slow... Review of previous lectures > Complexity
More information(See related materials in textbook.) CSE 435: Software Engineering (slides adapted from Ghezzi et al & Stirewalt
Verification (See related materials in textbook.) Outline What are the goals of verification? What are the main approaches to verification? What kind of assurance do we get through testing? How can testing
More informationSoftware Quality. What is Good Software?
Software Quality CS A470 What is Good Software? Depends on your point of view Five perspectives Transcendental view. Quality can be recognized but hard to define User view. Fitness for purpose Often adopted
More informationTHE AUTOMATED TEST FRAMEWORK
2017 THE AUTOMATED TEST FRAMEWORK Test More. Test Consistently. Test Faster. Secure Results. Delivered. xceleratesolutions.com TABLE OF CONTENTS CONCEPT...3 BENEFITS...4 TRANSFORMING FROM TRADITIONAL TO
More informationTU Darmstadt. Department of Computer Scien
1 Dependable Embedded Systems and Services: A Personal Crystal Ball Outlook Neeraj Suri TU Darmstadt, Germany http://www.deeds.informatik.tu-darmstadt.de my definitions! Embedded Systems involve computing
More informationWireless Network Virtualization: Ensuring Carrier Grade Availability
AN INTEL COMPANY Wireless Network Virtualization: Ensuring Carrier Grade Availability WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY The wireless industry s battle to acquire new subscribers
More informationCombining Complementary Formal Verification Strategies to Improve Performance and Accuracy
Combining Complementary Formal Verification Strategies to Improve Performance and Accuracy David Owen June 15, 2007 2 Overview Four Key Ideas A Typical Formal Verification Strategy Complementary Verification
More informationSoftware Testing Overview. Simula Research Laboratory Oslo, Norway
Software Testing Overview Prof. Lionel Briand Simula Research Laboratory Oslo, Norway briand@simula.no 1 Tentative Outline Class 1 Software Testing Overview part I White-box Testing techniques Class 2
More informationCPSC 320 Sample Solution, Playing with Graphs!
CPSC 320 Sample Solution, Playing with Graphs! September 23, 2017 Today we practice reasoning about graphs by playing with two new terms. These terms/concepts are useful in themselves but not tremendously
More informationIntroduction to Distributed * Systems
Introduction to Distributed * Systems Outline about the course relationship to other courses the challenges of distributed systems distributed services *ility for distributed services about the course
More informationSafety Assurance in Software Systems From Airplanes to Atoms
Safety Assurance in Software Systems From Airplanes to Atoms MDEP Conference on New Reactor Design Activities Session Digital I&C: Current & Emerging Technical Challenges September 07 Dr. Darren Cofer
More informationIPMA State of Washington. Disaster Recovery in. State and Local. Governments
IPMA State of Washington Disaster Recovery in State and Local Governments Disaster by the Numbers Over 70% of agencies had some sort of data loss incident in 2012 Under 5% report that they were able to
More informationFP7-4: Introduction to Reliability and Fault Tolerance. FP7-4: Introduction to Reliability and Fault Tolerance. The NASA Mars Space Mission
FP7-4: Introduction to Reliability and Fault Tolerance Youmin Zhang Phone: 7912 7741 Office Location: FUV 0.22 Email: ymzhang@cs.aaue.dk http://www.cs.aaue.dk/~ymzhang/courses/reliability/index.html FP7-4:
More informationVMware vcloud Architecture Toolkit Cloud Bursting
VMware vcloud Architecture Toolkit VMware vcloud Architecture Toolkit Version 3.0 September 2012 Version 2.0.1 This product is protected by U.S. and international copyright and intellectual property laws.
More informationMetaheuristic Development Methodology. Fall 2009 Instructor: Dr. Masoud Yaghini
Metaheuristic Development Methodology Fall 2009 Instructor: Dr. Masoud Yaghini Phases and Steps Phases and Steps Phase 1: Understanding Problem Step 1: State the Problem Step 2: Review of Existing Solution
More informationA Practical Guide to Cost-Effective Disaster Recovery Planning
White Paper PlateSpin A Practical Guide to Cost-Effective Disaster Recovery Planning Organizations across the globe are finding disaster recovery increasingly important for a number of reasons. With the
More informationSoftware Quality. Chapter What is Quality?
Chapter 1 Software Quality 1.1 What is Quality? The purpose of software quality analysis, or software quality engineering, is to produce acceptable products at acceptable cost, where cost includes calendar
More informationIntroduction To Software Testing. Brian Nielsen. Center of Embedded Software Systems Aalborg University, Denmark CSS
Introduction To Software Testing Brian Nielsen bnielsen@cs.aau.dk Center of Embedded Software Systems Aalborg University, Denmark CSS 1010111011010101 1011010101110111 What is testing? Testing Testing:
More informationThe future of database technology is in the clouds
Database.com Getting Started Series White Paper The future of database technology is in the clouds WHITE PAPER 0 Contents OVERVIEW... 1 CLOUD COMPUTING ARRIVES... 1 THE FUTURE OF ON-PREMISES DATABASE SYSTEMS:
More informationDHCP Failover: An Improved Approach to DHCP Redundancy
Overview The DHCP Failover protocol specification and ISC s implementation of the protocol have problems that can cause issues in production environments, primarily in those environments where configurations
More informationCSE 417 Network Flows (pt 4) Min Cost Flows
CSE 417 Network Flows (pt 4) Min Cost Flows Reminders > HW6 is due Monday Review of last three lectures > Defined the maximum flow problem find the feasible flow of maximum value flow is feasible if it
More informationLecture 5 Safety Analysis FHA, HAZOP
Lecture 5 Safety Analysis FHA, HAZOP Introduction While designing a safety-critical system usually several safety analysis techniques are applied The idea is to achieve completeness of safety requirements,
More informationDRVerify: The Verification of Physical Verification
DRVerify: The Verification of Physical Verification Sage Design Automation, Inc. Santa Clara, California, USA Who checks the checker? DRC (design rule check) is the most fundamental physical verification
More informationSubsystem Hazard Analysis (SSHA)
Subsystem Hazard Analysis (SSHA) c "!$#%! Examine subsystems to determine how their Normal performance Operational degradation Functional failure Unintended function Inadvertent function (proper function
More informationA Ready Business rises above infrastructure limitations. Vodacom Power to you
A Ready Business rises above infrastructure limitations Vodacom Power to you Vodacom Business Nigeria Managed Hosted Services Get Ready to free up your business. To succeed in today s world of dramatic
More informationRED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.
RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not
More informationA Better Approach to Leveraging an OpenStack Private Cloud. David Linthicum
A Better Approach to Leveraging an OpenStack Private Cloud David Linthicum A Better Approach to Leveraging an OpenStack Private Cloud 1 Executive Summary The latest bi-annual survey data of OpenStack users
More informationTelecommunications Network Reliability
Telecommunications Network Reliability Office of Telecommunications NYS Department of Public Service Background Major Outages in 1999, 2000, and 2001 9/11 Telecommunications Severely Disrupted Infrastructure
More informationHow many leaves on the decision tree? There are n! leaves, because every permutation appears at least once.
Chapter 8. Sorting in Linear Time Types of Sort Algorithms The only operation that may be used to gain order information about a sequence is comparison of pairs of elements. Quick Sort -- comparison-based
More informationCDA 5140 Software Fault-tolerance. - however, reliability of the overall system is actually a product of the hardware, software, and human reliability
CDA 5140 Software Fault-tolerance - so far have looked at reliability as hardware reliability - however, reliability of the overall system is actually a product of the hardware, software, and human reliability
More informationCourse: Advanced Software Engineering. academic year: Lecture 14: Software Dependability
Course: Advanced Software Engineering academic year: 2011-2012 Lecture 14: Software Dependability Lecturer: Vittorio Cortellessa Computer Science Department University of L'Aquila - Italy vittorio.cortellessa@di.univaq.it
More informationVMAX3: Adaptable Enterprise Resiliency
ESG Solution Showcase VMAX3: Adaptable Enterprise Resiliency Date: August 2015 Author: Scott Sinclair, Analyst Abstract: As enterprises respond to the ever- present reality of rapid data growth, IT organizations
More informationTime Triggered and Event Triggered; Off-line Scheduling
Time Triggered and Event Triggered; Off-line Scheduling Real-Time Architectures -TUe Gerhard Fohler 2004 Mälardalen University, Sweden gerhard.fohler@mdh.se Real-time: TT and ET Gerhard Fohler 2004 1 Activation
More informationIntroduction to Robust Systems
Introduction to Robust Systems Subhasish Mitra Stanford University Email: subh@stanford.edu 1 Objective of this Talk Brainstorm What is a robust system? How can we build robust systems? Robust systems
More informationGurobi Guidelines for Numerical Issues February 2017
Gurobi Guidelines for Numerical Issues February 2017 Background Models with numerical issues can lead to undesirable results: slow performance, wrong answers or inconsistent behavior. When solving a model
More informationAlways-On Connectivity Realizing the Dream of Wi-Fi Everywhere, All the Time
Always-On Connectivity Realizing the Dream of Wi-Fi Everywhere, All the Time With the proliferation of tablets, cell phones, and all kinds of network-connected smart devices, having Wi-Fi infrastructure
More informationHOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network
More informationSQL Azure as a Self- Managing Database Service: Lessons Learned and Challenges Ahead
SQL Azure as a Self- Managing Database Service: Lessons Learned and Challenges Ahead 1 Introduction Key features: -Shared nothing architecture -Log based replication -Support for full ACID properties -Consistency
More informationBUILDING A NEXT-GENERATION FIREWALL
How to Add Network Intelligence, Security, and Speed While Getting to Market Faster INNOVATORS START HERE. EXECUTIVE SUMMARY Your clients are on the front line of cyberspace and they need your help. Faced
More informationKentucky Wireless Information Network Service (Ky-WINS)
2006 NASCIO Recognition Awards Nomination Category: Information Communications Technology (ICT) Innovations Kentucky Wireless Information Network Service (Ky-WINS) Kentucky State Police Kentucky has implemented
More informationAnalyzing Real-Time Systems
Analyzing Real-Time Systems Reference: Burns and Wellings, Real-Time Systems and Programming Languages 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich Real-Time Systems Definition Any system
More informationDeterministic Ethernet & Unified Networking
Deterministic Ethernet & Unified Networking Never bet against Ethernet Mirko Jakovljevic mirko.jakovljevic@tttech.com www.tttech.com Copyright TTTech Computertechnik AG. All rights reserved. About TTTech
More informationREPORT MICROSOFT PATTERNS AND PRACTICES
REPORT MICROSOFT PATTERNS AND PRACTICES Corporate Headquarters Nucleus Research Inc. 100 State Street Boston, MA 02109 Phone: +1 617.720.2000 Nucleus Research Inc. TOPICS Application Development & Integration
More informationVirtualization. Q&A with an industry leader. Virtualization is rapidly becoming a fact of life for agency executives,
Virtualization Q&A with an industry leader Virtualization is rapidly becoming a fact of life for agency executives, as the basis for data center consolidation and cloud computing and, increasingly, as
More informationTest and Evaluation of Autonomous Systems in a Model Based Engineering Context
Test and Evaluation of Autonomous Systems in a Model Based Engineering Context Raytheon Michael Nolan USAF AFRL Aaron Fifarek Jonathan Hoffman 3 March 2016 Copyright 2016. Unpublished Work. Raytheon Company.
More informationKey words: TCP/IP, IGP, OSPF Routing protocols, MRC, MRC System.
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume2 Issue 8 August, 2013 Page No. 2628-2634 Multiple Routing Configurations For Fast Ip Network Recovery Sk.Meeravali
More informationRunway Situation Awareness Tools (RSAT)
Runway Situation Awareness Tools (RSAT) Captain Sam Goodwill Flight Technical and Safety The Boeing Company Export of this technology is controlled under the United States Export Administration Regulations
More informationStack Machines. Towards Scalable Stack Based Parallelism. 1 of 53. Tutorial Organizer: Dr Chris Crispin-Bailey
1 of 53 Stack Machines Towards Scalable Stack Based Parallelism Tutorial Organizer: Department of Computer Science University of York 2 of 53 Today s Speakers Dr Mark Shannon Dr Huibin Shi 3 of 53 Stack
More informationAerospace Software Engineering
16.35 Aerospace Software Engineering Reliability, Availability, and Maintainability Software Fault Tolerance Prof. Kristina Lundqvist Dept. of Aero/Astro, MIT Definitions Software reliability The probability
More informationOne Release. One Architecture. One OS. High-Performance Networking for the Enterprise with JUNOS Software
Solution Brochure High-Performance Networking for the Enterprise with JUNOS Software Using the Network to Achieve Higher Availability, Lower OPEX and Improved Productivity for Your Business Core Branch
More informationSUPERIOR MISSION SYSTEMS Faster, Resilient, Secure & More Affordable
SUPERIOR MISSION SYSTEMS Faster, Resilient, Secure & More Affordable Dave Manley, Chief Mission Systems Architect February 27, 2018 Emerging Requirements Are More Demanding Faster change velocities (sustainable)
More informationSoftware Testing. Software Testing. Theory, Practise and Reality IBM Corporation
Software Testing Software Testing Theory, Practise and Reality Who am I? David Vines (dvines@uk.ibm.com) Degree in Computer Science and Operational Research Joined IBM in 1984 Been involved in product
More informationIntroduction to Algorithms
Introduction to Algorithms 6.046J/18.401 Lecture 21 Prof. Piotr Indyk P vs NP (interconnectedness of all things) A whole course by itself We ll do just two lectures More in 6.045, 6.840J, etc. Introduction
More informationIntro to Proving Absence of Errors in C/C++ Code
Intro to Proving Absence of Errors in C/C++ Code Develop high quality embedded software Kristian Lindqvist Senior Pilot Engineer MathWorks 2016 The MathWorks, Inc. 1 The Cost of Failure Ariane 5: Overflow
More informationWhen Embedded Systems Attack. Unit 22. Therac-25. Therac-25. Embedded Failures. Embedded systems can fail for a variety of reasons
22.1 22.2 When Embedded Systems Attack Unit 22 Embedded Failures Embedded systems can fail for a variety of reasons Electrical problems Mechanical problems Errors in the programming Incorrectly specified
More informationViolations of the contract are exceptions, and are usually handled by special language constructs. Design by contract
Specification and validation [L&G Ch. 9] Design patterns are a useful way to describe program structure. They provide a guide as to how a program fits together. Another dimension is the responsibilities
More informationGreats Bugs in History
Semidoctus, 23 November 2016 Semidoctus, 23 November 2016 1 / 1/ Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug 6 500-mile emails 7 Conclusion
More informationAnnouncements. Testing. Announcements. Announcements
Announcements Testing HW0, HW1, and HW2 are graded Grades and feedback in Submitty Email us at csci2600@cs.lists.rpi.edu Use Submitty discussion board! HW0, HW1, and HW2, Quiz 1 and 2 Grades in Submitty
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #12 Forwarding Security 2015 Patrick Tague 1 SoW Presentation SoW Thursday in class I'll post a template Each team gets ~5-8 minutes Written SoW
More informationNEC Express5800 R320f Fault Tolerant Servers & NEC ExpressCluster Software
NEC Express5800 R320f Fault Tolerant Servers & NEC ExpressCluster Software Downtime Challenges and HA/DR Solutions Undergoing Paradigm Shift with IP Causes of Downtime: Cost of Downtime: HA & DR Solutions:
More informationSOFTWARE CONFIGURATION MANAGEMENT
SOFTWARE CONFIGURATION MANAGEMENT Cape Town SPIN - Albert Visagie - 19 March 2008 Goals Where were we? And get back there reliably. Where are we? How did we get here? Which bugs were fixed in this version?
More informationCertification Requirements for High Assurance Systems
for High Assurance Systems Gordon M. Uchenick Senior Mentor/Principal Engineer Objective Interface Systems, Inc. and W. Mark Vanfleet Senior Cryptologic Mathematician/ Senior INFOSEC Analyst National Security
More informationIssues in Programming Language Design for Embedded RT Systems
CSE 237B Fall 2009 Issues in Programming Language Design for Embedded RT Systems Reliability and Fault Tolerance Exceptions and Exception Handling Rajesh Gupta University of California, San Diego ES Characteristics
More informationCODE / CONFIGURATION COVERAGE
CODE / CONFIGURATION COVERAGE In all affairs it's a healthy thing now and then to hang a question mark on the things you have long taken for granted. - Bertrand Russell, 1872-1970 NASA Technical Fellow
More informationHigher-order Testing. Stuart Anderson. Stuart Anderson Higher-order Testing c 2011
Higher-order Testing Stuart Anderson Defining Higher Order Tests 1 The V-Model V-Model Stages Meyers version of the V-model has a number of stages that relate to distinct testing phases all of which are
More informationIn the recent past, the World Wide Web has been witnessing an. explosive growth. All the leading web search engines, namely, Google,
1 1.1 Introduction In the recent past, the World Wide Web has been witnessing an explosive growth. All the leading web search engines, namely, Google, Yahoo, Askjeeves, etc. are vying with each other to
More informationFault Tolerance. Distributed Systems IT332
Fault Tolerance Distributed Systems IT332 2 Outline Introduction to fault tolerance Reliable Client Server Communication Distributed commit Failure recovery 3 Failures, Due to What? A system is said to
More informationWHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY
WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY White Paper 2 Why Building Security Systems Need Continuous Availability Always On Is the Only Option. If All Systems Go Down, How Can You React
More informationMathematical preliminaries and error analysis
Mathematical preliminaries and error analysis Tsung-Ming Huang Department of Mathematics National Taiwan Normal University, Taiwan August 28, 2011 Outline 1 Round-off errors and computer arithmetic IEEE
More informationXVIII. Software Testing. Laurea Triennale in Informatica Corso di Ingegneria del Software I A.A. 2006/2007 Andrea Polini
XVIII. Software Testing Laurea Triennale in Informatica Corso di Objective General discussion on Testing Testing Phases Approaches to testing Structural testing Functional testing Testing non functional
More informationBy V-cubed Solutions, Inc. Page1. All rights reserved by V-cubed Solutions, Inc.
By V-cubed Solutions, Inc. Page1 Purpose of Document This document will demonstrate the efficacy of CODESCROLL CODE INSPECTOR, CONTROLLER TESTER, and QUALITYSCROLL COVER, which has been developed by V-cubed
More informationLeveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance
Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance Prashant Mathapati Senior Application Engineer MATLAB EXPO 2013 The MathWorks, Inc. 1 The problem
More informationCIO Guide: Disaster recovery solutions that work. Making it happen with Azure in the public cloud
CIO Guide: Disaster recovery solutions that work Making it happen with Azure in the public cloud Consult Build Transform Support When you re considering a shift to Disaster Recovery as a service (DRaaS),
More informationHow Industrial PoE Switches Facilitate Reliable Outdoor IP Surveillance Networks. Jackey Hsueh Product Manager
How Industrial PoE Switches Facilitate Reliable Outdoor IP Surveillance Networks Jackey Hsueh Product Manager Abstract Outdoor IP surveillance networks can reap substantial benefits from PoE technologies.
More informationData safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.
WHITE PAPER Data safety for digital business. One solution for hybrid, physical, and virtual environments. It s common knowledge that the cloud plays a critical role in helping organizations accomplish
More information