Method for design and verification of safety critical systems
First Claim
1. A method of producing a system architecture with a design tool computer, the system architecture including a plurality of electrical components connected to each other, the components including electronic control units, sensors and actuators, the method comprising:
- a) identifying a set of undesirable events and ascribing to each of the undesirable events an indicator of severity;
b) associating each of the undesirable events with any involved actuator of the actuators of the system architecture;
c) developing a functional specification of an initial architecture proposed for implementation of the system architecture, the functional specification of the initial architecture including dataflow for and between electrical components thereof;
d) refining on the functional specification fault tolerance requirements associated with the severity of each of the undesirable events and issuing refined fault tolerance requirements of the functional specification;
e) producing replicates in the functional specification together with attached indicators of freeness of the replicates from other of the replicates, the indicators reflecting the refined fault tolerance requirements;
f) defining a hardware structure for the system architecture;
g) mapping, via the design tool computer, the functional specification onto the hardware structure; and
h) verifying automatically that the indicators of freeness are preserved during the mapping.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of producing a system architecture comprises identifying a set of undesirable events and ascribing to each of the undesirable events an indicator of their severity, associating the undesirable events with one or more actuators of the system architecture, developing a functional specification of an initial architecture proposed for implementation of the system architecture, refining fault tolerance requirements associated with the severity of each of the undesirable events and issuing refined fault tolerance requirements, producing replicates in the functional specification together with attached indicators of freeness of the replicates from other of the replicates, the indicators reflecting the refined fault tolerance requirements, defining a hardware structure for the system architecture, mapping the functional specification onto the hardware structure, and verifying automatically that the indicators of freeness are preserved during the mapping. The method can be stored on a computer readable storage medium or implemented by a design tool.
32 Citations
20 Claims
-
1. A method of producing a system architecture with a design tool computer, the system architecture including a plurality of electrical components connected to each other, the components including electronic control units, sensors and actuators, the method comprising:
-
a) identifying a set of undesirable events and ascribing to each of the undesirable events an indicator of severity; b) associating each of the undesirable events with any involved actuator of the actuators of the system architecture; c) developing a functional specification of an initial architecture proposed for implementation of the system architecture, the functional specification of the initial architecture including dataflow for and between electrical components thereof; d) refining on the functional specification fault tolerance requirements associated with the severity of each of the undesirable events and issuing refined fault tolerance requirements of the functional specification; e) producing replicates in the functional specification together with attached indicators of freeness of the replicates from other of the replicates, the indicators reflecting the refined fault tolerance requirements; f) defining a hardware structure for the system architecture; g) mapping, via the design tool computer, the functional specification onto the hardware structure; and h) verifying automatically that the indicators of freeness are preserved during the mapping. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer readable storage medium having thereon computer executable instructions that, when executed by a computer, make the computer execute a method to design and verify a system architecture, the method comprising:
-
a) identifying a set of undesirable events and ascribing to each of the undesirable events an indicator of severity; b) associating each of the undesirable events with any involved actuator of the actuators of the system architecture; c) developing a functional specification of an initial architecture proposed for implementation of the system architecture, the functional specification of the initial architecture including dataflow for and between components thereof; d) refining on the functional specification fault tolerance requirements associated with the severity of each of the undesirable events and issuing refined fault tolerance requirements of the functional specification; e) producing replicates in the functional specification together with attached indicators of freeness of the replicates from other of the replicates, the indicators reflecting the refined fault tolerance requirements; f) defining a hardware structure for the system architecture; g) mapping the functional specification onto the hardware structure; and h) verifying automatically that the indicators of freeness are preserved during the mapping. - View Dependent Claims (13, 14, 15)
-
-
16. A design tool, comprising:
-
a computer configured for design and verification of a system architecture, the system architecture including a plurality of electrical components connected to each other, the components including electronic control units, sensors, and actuators, the design tool configured to; a) identify a set of undesirable events and ascribe to each of the undesirable events an indicator of severity; b) associate each of the undesirable events with any involved actuator of the actuators of the system architecture; c) develop a functional specification of an initial architecture proposed for implementation of the system architecture, the functional specification of the initial architecture including dataflow for and between components thereof; d) refine on the functional specification fault tolerance requirements associated with the severity of each of the undesirable events and issue refined fault tolerance requirements of the functional specification; e) produce replicates in the functional specification together with attached indicators of freeness of the replicates from other of the replicates, the indicators reflecting the refined fault tolerance requirements; f) define a hardware structure for the system architecture; g) map the functional specification onto the hardware structure; and h) verify automatically that the indicators of freeness are preserved during the mapping. - View Dependent Claims (17, 18, 19, 20)
-
Specification