Innovations in Systems and Software Engineering, 2013
ABSTRACT As software and software intensive systems are becoming increasingly ubiquitous, the imp... more ABSTRACT As software and software intensive systems are becoming increasingly ubiquitous, the impact of failures can be tremendous. In some industries such as aerospace, medical devices, or automotive, such failures can cost lives or endanger mission success. Software faults can arise due to the interaction between the software, the hardware, and the operating environment. Unanticipated environmental changes lead to software anomalies that may have significant impact on the overall success of the mission. Latent coding errors can at any time during system operation trigger faults despite the fact that usually a significant effort has been expended in verification and validation (V&V) of the software system. Nevertheless, it is becoming increasingly more apparent that pre-deployment V&V is not enough to guarantee that a complex software system meets all safety, security, and reliability requirements. Software Health Management (SWHM) is a new field that is concerned with the development of tools and technologies to enable automated detection, diagnosis, prediction, and mitigation of adverse events due to software anomalies, while the system is in operation. The prognostic capability of the SWHM to detect and diagnose failures before they happen will yield safer and more dependable systems for the future. This paper addresses the motivation, needs, and requirements of software health management as a new discipline and motivates the need for SWHM in safety critical applications.
Artificial Neural Networks (ANNs) are employed in many areas of industry such as pattern recognit... more Artificial Neural Networks (ANNs) are employed in many areas of industry such as pattern recognition, robotics, controls, medicine, and defence. Their learning and generalization capabilities make them highly desirable solutions for complex problems. However, they are commonly perceived as black boxes since their behavior is typically scattered around its elements with little meaning to an observer. The primary concern in safety critical systems development and assurance is the identification and management of hazards. The application of neural networks in systems where their failure can result in loss of life or property must be backed up with techniques to minimize these undesirable effects. Furthermore, to meet the requirements of many statutory bodies such as FAA, such a system must be certified. There is a growing concern in validation of such learning paradigms as continual changes induce uncertainty that limits the applicability of conventional validation techniques to assure a reliable system performance. In this paper, we survey the application of neural networks in high assurance systems that have emerged in various fields, which include flight control, chemical engineering, power plants, automotive control, medical systems, and other systems that require autonomy. More importantly, we provide an overview of assurance issues and challenges with the neural network model based control scheme. Methods and approaches that have been proposed to validate the performance of the neural networks are outlined and discussed after a comparative examination.
Modern aircraft—both piloted fly-by-wire commercial air-craft as well as UAVs—more and more depen... more Modern aircraft—both piloted fly-by-wire commercial air-craft as well as UAVs—more and more depend on highly complex safety critical software systems with many sensors and computer-controlled actuators. Despite careful design and V&V of the software, severe incidents have happened due to malfunctioning software. In this paper, we discuss the use of Bayesian networks to mon-itor the health of the on-board software and sensor system, and to perform advanced on-board diagnostic reasoning. We focus on the development of reliable and robust health models for combined software and sensor systems, with application to guidance, navigation, and control (GN&C). Our Bayesian network-based approach is illustrated for a simplified GN&C system implemented using the open source real-time oper-ating system OSEK/Trampoline. We show, using scenarios with injected faults, that our approach is able to detect and diagnose faults in software and sensor systems.
ABSTRACT The work of subproject F on FP2 as a language for functional and parallel programming as... more ABSTRACT The work of subproject F on FP2 as a language for functional and parallel programming as well as on LCM as a parallel inference system has led to remarkable results; with FP2 a development tool for parallel systems is available which can be used for the specification and implementation of parallel systems composed of networks of processes. SETHEO, the sequential implementation of a theorem prover in the LCM part provides a full first order logic evaluation mechanism with an efficiency comparable to fast Prologs; in addition, it has been designed in a way that it also serves as the core of PARTHEO, which in its first stage mainly uses OR-parallelism to achieve further performance gain. In total, considering the technical results together with the acquired knowledge and experience, the cooperation between Nixdorf Computer AG, Paderborn, LIFIA-IMAG, Grenoble, and the Artificial Intelligence Group from the Technical University, Munich, produced a lot of beneficial interaction within and beyond the limits of the subproject.
.94> gennet is used with a script designed to hold one experiment and to generate all files wh... more .94> gennet is used with a script designed to hold one experiment and to generate all files which are required to run netmaster. A gennet script file contains the following qualifiers: ffl experiment file-extension defines the name of the experiment. This is used as the name of the generated file for netmaster and added to all generated files as a file-extension. E.g., experiment exp-t1 generates a file to be used with netmaster exp-t1 and the files event exp-t1, init exp-t1, link exp-t1, neuro exp-t1. ffl time run-time resolution determines the run-time of the simulation in ms and the temporal resolution for updates. E.g., time 100 0.5 has a simulation time of 100 ms with a temporal resolution of 0.5 ms. 2.1 Network definitions ffl The architecture of a given task in gennet is cons
The Dryden Flight Research Center V&V working group and NASA Ames Research Center Automated Softw... more The Dryden Flight Research Center V&V working group and NASA Ames Research Center Automated Software Engineering (ASE) group collaborated to prepare this report. The purpose is to describe V&V processes and methods for certification of neural networks for aerospace applications, particularly adaptive flight control systems like Intelligent Flight Control Systems (IFCS) that use neural networks. This report is divided into the following two sections: Overview of Adaptive Systems and V&V Processes/Methods.
Innovations in Systems and Software Engineering, 2013
ABSTRACT As software and software intensive systems are becoming increasingly ubiquitous, the imp... more ABSTRACT As software and software intensive systems are becoming increasingly ubiquitous, the impact of failures can be tremendous. In some industries such as aerospace, medical devices, or automotive, such failures can cost lives or endanger mission success. Software faults can arise due to the interaction between the software, the hardware, and the operating environment. Unanticipated environmental changes lead to software anomalies that may have significant impact on the overall success of the mission. Latent coding errors can at any time during system operation trigger faults despite the fact that usually a significant effort has been expended in verification and validation (V&V) of the software system. Nevertheless, it is becoming increasingly more apparent that pre-deployment V&V is not enough to guarantee that a complex software system meets all safety, security, and reliability requirements. Software Health Management (SWHM) is a new field that is concerned with the development of tools and technologies to enable automated detection, diagnosis, prediction, and mitigation of adverse events due to software anomalies, while the system is in operation. The prognostic capability of the SWHM to detect and diagnose failures before they happen will yield safer and more dependable systems for the future. This paper addresses the motivation, needs, and requirements of software health management as a new discipline and motivates the need for SWHM in safety critical applications.
Artificial Neural Networks (ANNs) are employed in many areas of industry such as pattern recognit... more Artificial Neural Networks (ANNs) are employed in many areas of industry such as pattern recognition, robotics, controls, medicine, and defence. Their learning and generalization capabilities make them highly desirable solutions for complex problems. However, they are commonly perceived as black boxes since their behavior is typically scattered around its elements with little meaning to an observer. The primary concern in safety critical systems development and assurance is the identification and management of hazards. The application of neural networks in systems where their failure can result in loss of life or property must be backed up with techniques to minimize these undesirable effects. Furthermore, to meet the requirements of many statutory bodies such as FAA, such a system must be certified. There is a growing concern in validation of such learning paradigms as continual changes induce uncertainty that limits the applicability of conventional validation techniques to assure a reliable system performance. In this paper, we survey the application of neural networks in high assurance systems that have emerged in various fields, which include flight control, chemical engineering, power plants, automotive control, medical systems, and other systems that require autonomy. More importantly, we provide an overview of assurance issues and challenges with the neural network model based control scheme. Methods and approaches that have been proposed to validate the performance of the neural networks are outlined and discussed after a comparative examination.
Modern aircraft—both piloted fly-by-wire commercial air-craft as well as UAVs—more and more depen... more Modern aircraft—both piloted fly-by-wire commercial air-craft as well as UAVs—more and more depend on highly complex safety critical software systems with many sensors and computer-controlled actuators. Despite careful design and V&V of the software, severe incidents have happened due to malfunctioning software. In this paper, we discuss the use of Bayesian networks to mon-itor the health of the on-board software and sensor system, and to perform advanced on-board diagnostic reasoning. We focus on the development of reliable and robust health models for combined software and sensor systems, with application to guidance, navigation, and control (GN&C). Our Bayesian network-based approach is illustrated for a simplified GN&C system implemented using the open source real-time oper-ating system OSEK/Trampoline. We show, using scenarios with injected faults, that our approach is able to detect and diagnose faults in software and sensor systems.
ABSTRACT The work of subproject F on FP2 as a language for functional and parallel programming as... more ABSTRACT The work of subproject F on FP2 as a language for functional and parallel programming as well as on LCM as a parallel inference system has led to remarkable results; with FP2 a development tool for parallel systems is available which can be used for the specification and implementation of parallel systems composed of networks of processes. SETHEO, the sequential implementation of a theorem prover in the LCM part provides a full first order logic evaluation mechanism with an efficiency comparable to fast Prologs; in addition, it has been designed in a way that it also serves as the core of PARTHEO, which in its first stage mainly uses OR-parallelism to achieve further performance gain. In total, considering the technical results together with the acquired knowledge and experience, the cooperation between Nixdorf Computer AG, Paderborn, LIFIA-IMAG, Grenoble, and the Artificial Intelligence Group from the Technical University, Munich, produced a lot of beneficial interaction within and beyond the limits of the subproject.
.94> gennet is used with a script designed to hold one experiment and to generate all files wh... more .94> gennet is used with a script designed to hold one experiment and to generate all files which are required to run netmaster. A gennet script file contains the following qualifiers: ffl experiment file-extension defines the name of the experiment. This is used as the name of the generated file for netmaster and added to all generated files as a file-extension. E.g., experiment exp-t1 generates a file to be used with netmaster exp-t1 and the files event exp-t1, init exp-t1, link exp-t1, neuro exp-t1. ffl time run-time resolution determines the run-time of the simulation in ms and the temporal resolution for updates. E.g., time 100 0.5 has a simulation time of 100 ms with a temporal resolution of 0.5 ms. 2.1 Network definitions ffl The architecture of a given task in gennet is cons
The Dryden Flight Research Center V&V working group and NASA Ames Research Center Automated Softw... more The Dryden Flight Research Center V&V working group and NASA Ames Research Center Automated Software Engineering (ASE) group collaborated to prepare this report. The purpose is to describe V&V processes and methods for certification of neural networks for aerospace applications, particularly adaptive flight control systems like Intelligent Flight Control Systems (IFCS) that use neural networks. This report is divided into the following two sections: Overview of Adaptive Systems and V&V Processes/Methods.
Uploads
Papers by Johann Schumann