Note that this page is under development and subject to change
This module assumes that you have knowledge of the C programming language or a similar language (C++, Java). It also assumes that you are familiar with the general principles of developing for an embedded system. It is designed to complement the modules on signal processing(UFMEKM-15-M), VHDL (UFME7G-15-M) and wireless sensor networks(UFMF3E-15-M)
The theoretical aspects of the module will discuss safety related and safety critical electronic systems through an overview of relevent standards. Consideration will also be given to the design and behaviour of Real-Time Operating Systems (RTOS) and the role played by safe subsets of programming languages eg 'MISRA C' ®.
On the practical side you will compare stand-alone implementations with those using a small RTOS; develop software to interface with sensors and outputs performing within time constraints and memory constraints; utilise safety critcal subsets of the language and utilise tools designed to support conformance to standards.
Both of these boards utilise a Field programmable gate array (FPGA) in which can be implemented a complete microcontroller system. This module will treat the boards as a complete embedded system. Other modules will address the re-configurability of the hardware. The software development will use the GNU-GCC toolchain along with either the Eclipse Integrated Development Environment (IDE) or a command prompt. The processor used is the NIOS II softcore processor. Links to much of the relevent documentation can be found here
Using the NIOS II IDE and the benefits of a soft-core processor are demonstrated in this video
Assessment Guidelines
The assessment will be by individual coursework and by presentation. The coursework will involve the analysis and design of an embedded system for the control of a safety critical system. The presentation will be a summary of your report. The presentation will be made to your peers.
Reference will be made to a number of online papers and documents. The following texts may also be of benefit:
Peckol, J. (2008). Embedded Systems, A Contemporary Design Tool, Hoboken: Wiley
Smith, D.J. & Simpson, K.G.L. (2004)Functional Safety: A straightforward Guide to applying IEC 61508 and related standards
Available electronically from the UWE library, search the library catalogue for "iec 61508" and follow the link to the electronic copy. You will need your UWE login details to access it.
Storey, Neil. (1996). Safety Critical Computer Systems, Prentice Hall
The IEC 61508 guidelines have been updated, ensure that you view the 2010 revisions. UWE students have online access via the university library. You will find them under Standards -> BSI on the library web-pages
There are 2 copies of the MISRA C standards in the library, shelf mark 005.133 C MOT.
There are a number of real-time operating systems in current use, of which some are certified for use in safety critical systems. We will be considering FreeRTOS®, an open source example. This is functionally similar to SafeRTOS®, a SIL3 RTOS from the same company and IEC 61508 certified.
Further information can be obtained from FreeRTOS. I am negotiating a discount for the electronic version of the manual, £10 instead of £17.
The worksheets reference the Altera Cyclone III Starter Board, not the Altera DE0 board. The general principles given in the worksheets are valid for both boards but the detail of peripheral devices, pin assignments etc is only valid for the Cyclone III Starter Board. The device data and pin configuration for the DE0 board can be found here, starting on page 22.
Many embedded systems are programmed in C, an excellent language for this kind of work but also inherently dangerous. Safe subsets have been developed such as 'MISRA C' ®. The MISRA standards for C are proprietary and have to be paid for. However there are anumber of summaries and discussions available on the internet. A few of these are listed below.
Configuration file for safety critical software using Splint. Splint is available on the Netlab Linux machines. Save the configuration file into your home folder, not your desktop.
The Controller-Area Network or CANbus as used in industrial control and motor vehicles is also starting to make an appearance in the aerospace industry. CANaerospace protocol .
Systems Life Cycles
An example development life cycle for combined hardware and software in aerospace environments.
DO-178B lists the stages as
Planning: documents covering software standards, verification, certification; Analysis and capture of requirements, development of design spcification.
Development: design, code, integration of code. Use of approved design method, eg waterfall model, V model, spiral model
All stages should also be covered by a configuration management system that tracks all changes, documentation etc. Will also include an archive of all the test and development tools
Quality assurance documentation must also be provided for each stage of development
DO-178B
The US standards document for software development in an avionic environment. The following are material from a company specialising in training for DO-178B development so should be read in this light. However they are still a useful source and discuss the pertinant issues.
A useful overview of DO-178B in the form of questions and answers.
A whitepaper from the same company discussing development costs for compliant software
Safety standards for programmable electronic systems
IEC 61508
"Functional safety of electrical/electronic/programmable electronic safety-related systems". IEC 61508 defines the standards for land based systems however the principles and requirements are very similar. It specifies a complete safety life cycle for the development of systems for motor vehicles, plant and machinery. The following links and papers provide a useful overview and comparison with DO-178B. Note that the IEC lists "fly-by-wire controls of flight surfaces" as an example of a system covered by IEC 61508.
