Issue 5, October 2012 THIS ISSUE Work Package 2 Overview Work Package 3 Overview Integrasys on EPoSS Annual Forum 2012 Work Package 4 Overview RECOMP on DATE (WICERT 2013) Joint Work Package Meeting in Bath Task 4.2b Meeting Infineon on ESweek 2012 SASSUR SafeComp 2012 P. COORDINARTOR Jarkko Mäkitalo Kone Oyj. Contact details: Kone Oyj Address: R&D Department Manager, KONE Oyj, P.O.Box 667 (Myllykatu 3) Email: jarkko.makital@kone.com Website: http://www.kone.com/ Work Package 2 Overview Design methods and tools Paul Pop, Technical University of Denmark WP2 on Design Methods and Tools has three of its five final deliverables at the end of November, 2012. The work has been focused on delivering high quality deliverables. The challenge is explaining how the different methods and tools contribute together to the RECOMP project objectives on reducing (re)certifcation costs. We are also placing a lot of effort in addressing the reviewers' recommendations during the second review meeting. We have collected the the WP1 requirements covered by a method/tool, and we have agreed on a more consistent way to capture the covered requirements in the deliverables. We're also processing them to determine the coverage, in order to identify the important requirements not covered, and discuss potential solutions. We have continued the modeling of methods/tools in the Tool Chain Analysis framework (TCA), and the deliverable D2.5 on Design Flows will report on the tools integration, with a focus to avoid costly tool qualifications. The TCA models are also useful to guide the user on choosing the right methods/tools for a certain task, since they capture the required inputs and the produced outputs, including use cases. We're also added user guides to the tools descriptions, to further help with this aspect. Another useful metric for the users is the Technology Readiness Level (TRL), which is a measure to assess the maturity of evolving technologies prior to using that technology. Hence, we've captured the TRL of each tool at the beginning and at the end of the project. WP2 has initiated a collaboration with the ARTEMIS JU CESAR project, on components models and tools. One of the objectives of WP2 was to devise a specification of a component model for certification. We have decided to use the CESAR component meta-model, and show how it can be extended with information used to support certification activities. This work will reported in an extra deliverable, namely D2.1b. RECOMP WEBSITE http://www.recompproject.eu/ 1 Each application is certified at its own SIL
Work Package 3 Overview Trusted Multi-core Platform Jonas Diemer, Technische Universität Braunschweig Work Package 3 has finalized Tasks T3.1 and T3.2, so work remains to be done in Tasks T3.3, T3.4, and T3.5. Task T3.3 has just delivered the final version of Deliverable D3.3 OS support for safe multi-core integration at the end of September. It was compiled after a constructive meeting in the September RECOMP face-toface event in Bath, UK. The Deliverable presents the work of partners on the different operating systems used within RECOMP (AUTOSAR, PHAROS, OPENRTOS, HARTEX, PIKEOS). For each operating system, the partners give an overview of the OS architecture and then detail their work towards the implementation of the various OS features that originate from the concepts developed in Tasks T3.1 and T3.2. Each OS also documents how they address the requirements from WP1 using traceable requirement IDs. In addition to the OS-specific details, D3.3 also includes a chapter on generic multicore mechanisms that do not necessarily target a specific platform. This chapter includes details on the IDAMC many-core OS perspective, online software updates, shared-memory protection, and performance and online monitoring. For each new technology introduced in Task T3.3, the deliverable reports a technology readiness level (TRL). Deliverable D3.3 also includes demos from several partners, which are delivered in the form of videos and/or presentation slides. The final version of D3.3 marks the end of Task T3.3. Tasks T3.4 and T3.5 are both moving towards their respective final deliverables due at the end of March. Work on the hardware support for operating systems, applications and monitoring in T3.4 is currently being performed at all partners, with most partners having most of the implementation done and moving towards testing and integration. Integration of hardware and software components will be carried over to T3.5 for most partners. Work on the final version of the deliverable reports has been kicked off at the RECOMP meeting in Bath in September, so partners will be updating their contributions soon to allow for a intra-task peer review. Both deliverables D3.4 and D3.5 will include the technology readiness level evaluation for every technology like D3.3. D3.5 will discuss platform trade-offs for each domain. Aside from a deliverable report, demos will be prepared in the form of videos and/or presentation slides. Where applicable, the demonstrators of WP5 will be used. Integrasys on EPoSS 2012 Pedro Ruiz, Integrasys The achievements of Integrasys in RECOMP was presented at the EPoSS Annual Forum Industrial Leadership and Solutions for Societal Challenges 2012, with an attendance of more than 150 participants, from large industry and research centers Europe. EPoSS, the European Technology Platform on Smart Systems Integration, is an industry-driven policy initiative, defining R&D and innovation needs as well as policy requirements related to Smart Systems Integration and integrated Micro- and Nanosystems. EPoSS is contributing to EUROPE 2020, the EU's growth strategy for the coming decade, to become a smart, sustainable and inclusive economy. Integrasys on EPoSS 2012, Paris 2
Work Package 4 Overview Certification Lifecycle Issues Uwe Kremer, TÜV SÜD During the 2nd project review in July 2012 WP4 the main activities and results of WP4 have been successfully presented with two technical presentations for T4.2a and T4.2b. The first issued drafts of the deliverables have been available at this time. Until now intensive work has been done on both tasks. In September 2012 during the RECOMP week in Bath both tasks has had a full day workshop. In the meantime T4.2a, which is the industry and automotive task, has already issued a final deliverable of D4.2a.1 which summarizes findings of RECOMP partners for amendments on existing standards. Intention of this deliverable was to give the standardization groups input for future editions of standards regarding multicore aspects, especially for IEC 61508. Because IEC 61508, as well as the automotive standard ISO 26262, has been officially published in the early phase of RECOMP it has to be noted that at this stage it is a bit early for amendments which can be considered in future editions of these standards. It is expected that ongoing work of this standards will start in some years. New editions of these standards are expected to be available around 2020. Even if D4.2a.1 is available in its final version WP4 still has planned to extend it at the end of the RECOMP project. This leaves the possibility open to get feedback inside. The second part of task T4.2a has been investigating in process amendments for developing safety relevant systems within multi-core technology. It is expected that the final deliverable D4.2a.2 will be available at the end of October 2012. Key aspects of this deliverable are the lifecycle phases, as described in IEC61508 and ISO 26262, which would be impacted by the development of systems using multi-core technology. The goal is to establish a set of guidelines focusing on multi-core aspects and certification cost reduction. Inside T4.2a additional investigations has been done on a tool for tool chain analysis. At the moment also investigations are done on the extraction and presentation of the actual requirements of the standards in a table based solution and a model based solution (Eclipse). T4.2b, the avionic task which runs in parallel to T4.2.a, is presented in a separate part of this newsletter. Main work of the last task of WP4, task T4.3, is to merge the results of both T4.2 tasks into possible common approaches regarding development and usage of multicore technology. This task has picked up speed with its main activities with a workshop also in the September 2012 RECOMP week in Bath. 3
Workshop on Industry-Driven Approaches for Cost-effective Certification of SafetyCritical, Mixed-Criticality Systems WICERT2013 Huáscar Espinoza (ESI-Tecnalia) and José Luis Gutierrez (University of Granada) In March 22, 2013, a tutorial regarding Approaches for Cost-effective Certification of Safety-Critical, MixedCriticality Systems will take place at DATE 2013 congress in Grenoble, France. This tutorial has been organized by several RECOMP partners: Huáscar Espinoza from TECNALIA, Jarkko Mäkitalo (KONE Oij), Javier Díaz Alonso (University of Granada), Rolf Ernst (TU Braunschweig), Michael Paulitsch (EADS IW), Simon Brewerton (Infineon Tech.) and José Luis Gutiérrez Rivas (University of Granada). This workshop aims to present and evaluate different industry-driven approaches for reducing certification costs in safety-critical, mixed-criticality systems. In particular, WICERT will provide a platform for industrial demonstrations, thematic presentations and in-depth discussions about new HW/SW architectures and mechanisms and safety guidelines to achieve a more cost-effective, precise, and scalable certification. WICERT aims at bringing together experts, researchers, and practitioners, from diverse communities, such as safety and security engineering, certification processes, model-based technologies, software and hardware design, safety- critical systems and applications communities (aerospace, automotive, industrial manufacturing, health, etc.) Contributions are sought in (but are not limited to) the following topics: Industrial challenges for cost-effective certification of safety critical systems Mixed-criticality approaches for safety-critical systems Multi-core solutions considering safety requirements Compliance with standards and regulations Cross-domain implementations of mixed-criticality, multi-core technologies Measurable approaches for cost-effective certification Guidance to comply with standards in terms of new embedded system technologies Design methods and tools to support multi-core and mixed-criticality technologies Reference architectures 4 (Continues on next page) Grenoble, France
WICERT2013 (Continued from previous page) The topics covered in the workshop are extremely important from an economical and societal point of view; and yet, some of the topics still constitute emerging research areas, possibly without well-established or recognized results. WICERT is an excellent opportunity to bring together people from the diverse communities specializing in safetycritical systems. Jointly, these communities can help create a critical mass of research, development and innovation in safety-critical technology and affordable certification. An open exchange of ideas and experience will benefit the global community, leading to new insights and stimulating further development. Submissions Attendees are invited to submit a short position paper (max. 5 pages) or a full technical contribution (max. 15 pages) in PDF format using Easychair. Papers will be peer-reviewed through the normal refereeing procedure (minimum three reviewers per paper), and if accepted for presentation, they will be also published as workshop proceedings articles (printed by organizers and available electronically as well). The authors will be notified about acceptance before the DATE 2013 early registration deadline. All papers (full and short) will appear in the workshop proceedings. All the information related to this workshop is available at http://atc.ugr.es/wicert Joint Work Package Workshops Bath, United Kingdom Joint Work Package Workshops were held on September from Monday 10 to Thursday 13 at Bath, United Kingdom. Infineon hosted the event, which took place at Bath Ventures Innovation Centre. During four days, and involving more than 45 people, many meetings were held for several project tasks regarding work packages 2, 3, 4, 5, 6 and 7. Work Package 2 meeting From left to right: Gay Street, Royal Victoria Park and Bath Abbey, Bath. 5
Work Package 5 meeting Task 4.2b Face-to-Face Meeting David Fernández (University of Granada) and Ondrej Kotaba (Honeywell) From July 25th to July 26th, project task 4.2b, "Considerations to Achieve Functional Safety When Using Multiple Tasks on Multi-Core Processors", organized a face-to-face meeting in Munich. The main objective of this meeting was to realize a backward and forward analysis about possible effects, and existing solutions, in the complex study of shared resources on multi-core systems. The resulting analysis shows there are known or proposed solutions to mitigate all the identified unwanted temporal effects of resource sharing some of them being readily implementable, others requiring significant further research. T4.2b Face-to-face meeting in Munich The event was hosted by EADS and it involved 8 different partners from work package 4. 6 From left to right: Marienplatz, Micheligarten (Ostpark) and Kaufingerstraße, Munich
ESweek 2012 Tampere, Finland Glenn Farrall, Infineon This year at Embedded Systems Week (October 7 th-12th) in Tampere Finland, there was an industrial session on Automotive Embedded Systems. Hosted by Professor Rolf Ernst, there were representatives of the full automotive supply chain from semiconductors (Infineon Technologies), Tier 1s (Continental Systems, and Denso) and OEMs (BMW). My presentation was a survey of the current challenges in co-hosting safety critical applications on multicores. I also particularly needed to introduce some of the context of the automotive market the extreme economic pressures and also the impact of ISO26262 on development costs. It was also a chance to present some of the technical solutions contained in the AURIX family of devices, many of which were developed during the RECOMP project. Specifically, these mechanisms allow a virtualisation light without an MMU; based on an MPU only, but still providing the spatial separation required. In addition the system configuration allows SW to be developed such that the temporal interference between applications on different cores can be reduced to I/O accesses and exclude simple memory operations (code fetch, reads and writes). There was quite a bit of interest in all the talks, and in particular questions afterwards indicated that if I d had a hypervisor available (especially open source!) there would be quite a few academic institutions with pet projects ready to try out on such a platform. Tampere by Juha Ristolainen SafeComp 2012 Magdeburg, 25th of September, 2012 Alejandra Ruiz, ESI-Tecnalia From September 25th to September 28th SAFECOMP conference took place in Margdeburg (Germany). SAFECOMP is an annual event covering the state-of-the-art, experience and new trends in the areas of safety, security and reliability of critical computer applications. More than 150 participants attend to the conference which received more than 120 paper submission out of that 30 full papers where accepted and 2 more where left as stand by. During the first day 5 workshops took place with 11 organization chair and 64 program committee members in total. SASSUR was one of those workshops with 21 people in the audience, 10 papers accepted and 2 invited talks, Tim Kelly and John Knight who are very well known in this area. SafeComp conference (Continues on next page) 7
SafeComp 2012 (Continued from previous page) Regarding Recomp, we should remark the importance of the multicore technologies in this area that was discussed on different papers there, not only from opencoss partners but also from institutions outside the project like Siemens AG or Federico II University of Naples. This was the agenda of the workshop: RECOMP WEBSITE Visit us at http://www.recomp-project.eu/ 8