Abstract
This chapter deals with the functional safety of distributed embedded control systems following the component-based approach. The authors define a new concept of components called “Control Component” (CC) to cover all of the used technologies in industry. To guarantee the functional safety of distributed control software components, the authors define an agent-based architecture where an intelligent software agent is deployed in a device of the execution environment in order to apply local reconfiguration scenarios, and a coordination agent is used for inter-devices coordination in order to allow coherent reconfigurations.
TopIntroduction
We model the whole distributed system by Net Condition/Event Systems (which is considered as an extension of Petri Nets) and we verify some properties concerning functional safety using the model checker SESA.
However, verifying some properties on the whole model may lead to combinatory explosion. To avoid this problem, the refinement approach, which permits to specify automatically feasible Control Components checking the correctness of each one of them, is proposed. Finally, to ensure the functional safety of the whole distributed control systems, we define a communication protocol so that when a specific agent applies a new reconfiguration, the other agents must be aware in order to put the whole system in a coherent state. We develop a complete tool “ProtocolReconf” to simulate the communication protocol. Two Benchmark Production Systems are used as a running example to explain our contribution.
The development of distributed embedded control systems is not a simple task to perform by considering their classical functional and temporal constraints, in addition to their time to market that should be shorter than ever. Among the proposed solutions is the use of software component-based approach. In fact, the software component-based approach has become very popular during the last recent years as it is possible to reuse the already developed software components for the generation of new systems. This advantage reduces the time to market and allows minimizations of the design complexity by supporting the system’s software modularity. The software components that we assume in this book chapter as recomposed units of algorithms and interfaces that should classically satisfy user constraints. Nowadays, several component-based technologies have been proposed such as JavaBeans (related to Sun society), Component Object Model (related to Microsoft society) and Corba Component Model (provided by the Object Management Group (OMG)) (Artist-Project, 2003). However, there are few technologies (such as Koala, PBO, PECOS . . .) which are currently used for the development of embedded systems. Anyway, each component-based technology has its benefits and its drawbacks. Nowadays, the Functional Safety of Distributed Embedded Control Systems is considered as a crucial point to study because any fault may lead to catastrophic hazard. To outline the importance of the Functional Safety in Distributed Embedded Control Systems, some examples of failures with dramatic consequences are briefly noted below (Baier & Katoen, 2008). The Ariane 5, launched in 1996, was damaged only 36 seconds after the launch due to conversion from 64-bit float to 32-bit integer. The fault in Pentium II of Intel due to floating-point division unit causing a loss of 475 million dollars to replace the faulty processors. The airport of Denver was delayed to open for 9 months due to faults in baggage handling software leading to a loss of 1.1 million dollars per day. To be clear, we define the following terms first:
Functional Safety (Krosigk, 2000): “In order to achieve functional safety of a machine or a plant the safety related protective or control system must function correctly and, when a failure occurs, must behave in a defined manner so that the plant or machine remains in safe state or is brought into a safe state.”
Embedded System (Colnaric, Verber & Halang, 2000): “special-purpose computer system designed to control or support the operation of a larger technical system (termed the embedding system) usually having mechanical components and in which the embedded system is encapsulated.”
Key Terms in this Chapter
Refinement Approach: It is a solution proposed to avoid state explosion at the verification of some properties with the model checker (instead of verifying these properties on the whole model, the refinement permits to verify them at each step on a part of the model).
Reconfiguration: It is any modification realized in the system (such as modification of the architecture, the interaction between the different control components or the data) to ensure the safety or to ameliorate the production.
Component: It is a software unit having an interface to interact with other components and a specific algorithm to be executed.
Functional Safety: It represents any function ensuring safety in any case (in normal conditions or abnormal conditions even in the presence of hazard).
The Embedded Control System: It ensures that the controlled physical plant is working as well as it is expected (i.e. the real behavior of the physical plant is as it is required in the specification).
Communication Protocol: It is a set of rules defining the way to coordinate together between all the agents. The communication protocol is needed in a distributed system to ensure interaction between the different agents.
The Control Component: It is a generic component defined to be independent of any component technology. A control component is a software solution which interacts with its external environment (i.e. sensor or actuator) to ensure the control of physical plant.