Design of safety critical systems
1 Assignment
0 Petitions
Accused Products
Abstract
A method is disclosed of producing a system architecture comprising a plurality of electrical devices connected to each other, said system preferably comprising a fault tolerant system, the method including: a) identifying a set of undesirable events and ascribing to each of said undesirable events an indicator of their severity; b) associating where possible each said undesirable event with one or more actuators of said system architecture; c) developing a functional specification of an initial architecture proposed for implementation of said system architecture; d) refining on said functional specification the fault tolerance requirements; e) producing replicates in said functional specification together with attached indicators of independence of said replicates, f) defining a hardware structure for said system architecture; g) mapping of said functional specification onto said hardware structure; and h) verifying automatically that said indicators of independence are preserved during mapping.
37 Citations
26 Claims
-
1-9. -9. (canceled)
-
10. A method of producing a system architecture including a plurality of electrical components connected to each other, the components including electronic control units, sensors and actuators, the method comprising:
-
a) identifying a set of undesirable events and ascribing to each of the undesirable events an indicator of their severity;
b) associating where possible each of the undesirable events with one or more actuators of the system architecture;
c) developing a functional specification of an initial architecture proposed for implementation of the system architecture, the functional specification of the initial architecture including dataflow for and between electrical components thereof;
d) refining on the functional specification fault tolerance requirements associated with the severity of each of the undesirable events and issuing refined fault tolerance requirements of the functional specification;
e) producing replicates in the functional specification together with attached indicators of independence of the replicates, the indicators reflecting the refined fault tolerance requirements;
f) defining a hardware structure for the system architecture;
g) mapping the functional specification onto the hardware structure; and
h) verifying automatically that the indicators of independence are preserved during the mapping. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising a computer readable medium having thereon computer program code means, when the program is loaded, to make the computer execute a procedure to design and verify a system architecture, the procedure comprising:
-
a) identifying a set of undesirable events and ascribing to each of the undesirable events an indicator of their severity;
b) associating where possible each of the undesirable events with one or more actuators of the system architecture;
c) developing a functional specification of an initial architecture proposed for implementation of the system architecture, the functional specification of the initial architecture including dataflow for and between components thereof;
d) refining on the functional specification fault tolerance requirements associated with the severity of each of the undesirable events and issuing refined fault tolerance requirements of the functional specification;
e) producing replicates in the functional specification together with attached indicators of independence of the replicates, the indicators reflecting the refined fault tolerance requirements;
f) defining a hardware structure for the system architecture;
g) mapping the functional specification onto the hardware structure; and
h) verifying automatically that the indicators of independence are preserved during the mapping. - View Dependent Claims (21, 22)
-
-
23. A design tool configured for design and verification of a system architecture, the system architecture including a plurality of electrical components connected to each other, the components including electronic control units, sensors, and actuators, the design tool configured to:
-
a) identify a set of undesirable events and ascribe to each of the undesirable events an indicator of their severity;
b) associate where possible each of the undesirable events with one or more actuators of the system architecture;
c) develop a functional specification of an initial architecture proposed for implementation of the system architecture, the functional specification of the initial architecture including dataflow for and between components thereof;
d) refine on the functional specification fault tolerance requirements associated with the severity of each of the undesirable events and issue refined fault tolerance requirements of the functional specification;
e) produce replicates in the functional specification together with attached indicators of independence of the replicates, the indicators reflecting the refined fault tolerance requirements;
f) define a hardware structure for the system architecture;
g) map the functional specification onto the hardware structure; and
h) verify automatically that the indicators of independence are preserved during the mapping. - View Dependent Claims (24, 25, 26)
-
Specification