Komponentenbasierte Softwareentwicklung für sicherheitskritische eingebettete Systeme

Embedded systems as anti-blocking systems or engine controllers advance more and more into safety critical applications. The systems are increasingly distributed and interconnected. The software in these systems is gaining in significance rapidly and becomes larger and more complex at the same time. Therefore, new methods and procedures are needed in order to manage this complexity. The goal of this thesis was the development of a conception for the component based software development for safety critical systems. At first, the properties of safety critical embedded systems have been analysed. Thereof, requirements have been derived. Additional requirements for the component based development have been defined as well. In the following studies regarding the state of the art, methods and tools have been analysed and valued that enable either a component based development or a formal verification of software. The raised requirements could be met only partly in each case. During the analyses, it has been found that a synchronous time-triggered execution model is very well suited to meet the requirements. Therefore, the synchronous approach for reactive systems and a time-triggered architecture have been further investigated. Besides, the model-checking technology has been selected for the verfication of safety properties. All these technologies form the basis for the conception developed. A component model for synchronous software components has then been defined on the basis of the synchronous model. This model consists of a reactive part and a data processing part. The behavior of the component is determined by the reactive part which controls the data processing part and behaves in a deterministic way. A concept for the component based development with synchronous software components has been developed. Software design is performed using a design model on a graphical level. The application developer hereby defines modules as functional units. These modules are refined iteratively to a point where they can be realized by existing components. The software components can therefore be selected, parameterized and connected through signals. Executable code can be generated from the component based design by automatic code generation. Using the synchronous model of time and the formal semantics of the used language ESTEREL, a formal verification of safety properties is possible. Using this technique, it can be proved that the software meets specific safety critical requirements and trust in the software can be raised. Verification is performed fully automatically by using model-checking.