International Workshop on Critical Software Component Reusability and Certification across Domains

in conjunction with ICSR 2013 (

18 June 2013, Pisa, Italy

Position Paper Abstracts

Fostering Reuse within Safety-critical Component-based Systems through Fine-grained Contracts

Irfan Sljivo, Jan Carlson, Barbara Gallina, and Hans Hansson - Mälardalen Real-Time Research Centre, Mälardalen University, Västerås, Sweden

Our aim is to develop a notion of safety contracts and related reasoning that supports the reuse of software components in and across safety-critical systems, including support for certification related activities such as using the contract reasoning in safety argumentation. In this paper we introduce a formalism for speci- fying assumption/guarantee contracts for compo- nents developed out of context. We are utilis- ing weak and strong assumptions and guarantees to customise fine-grained contracts to support ad- dressing a broader component context and speci- fying additional and alternative properties. These out of context contracts can be conveniently instan- tiated to a specific context, thereby providing sup- port for component reuse.

Open Issues in Reuse of Certified Components in Cyber Physical Systems

Christian Berger, Michel R.V. Chaudron - Department of Computer Science and Engineering of Chalmers University of Technology - University of Goteborg, Sweden

In this paper we will discuss challenges and directions for component certification in cyber physical systems. Our experiences are based on a decade of research in this area in both more fundamental and more practically oriented projects. While the notion of Component-based Software Engineering has been coined half a century ago, practical use of components is still challenging. There has been much advancement in understanding component-technology [CSVM12]. Also the problem of predictable assembly (how to predict properties of systems based on properties of its components) has been successfully solved for a variety of extra-functional properties (see e.g. [Koz10] for performance). In this paper we want to distinguish embedded systems and cyber-physical systems. Embedded systems area a broad category of systems, which include computer systems that are not visible to the end user. Cyber-physical system (CPS) is a special category of embedded systems that features a significant degree of autonomous action in a physical environment . Examples of cyber-physical systems can be found in areas as diverse as aerospace, automotive, civil infrastructure, healthcare, and transportation. To illustrate, a DVD player is an embedded system. A DVD player needs to react to user-inputs but it does not have to decide by itself on how to act in a physical environment. In contrast, an automated parking system in a car is moving around physical objects and has to interact with events that happen in the real world. This interaction of the system with the real world implies the making of assumptions about what can happen and, often implicitly, what cannot happen. From a practical perspective, it is not possible to write down a complete list of the assumptions that are relevant to any specific environment. In the remainder of this position statement, we will use the automotive domain as an example for illustrating our case.

Configurable safety elements for a predefined scope

Andrea Leitner, Helmut Martin, and Bernhard Winkler - Virtual Vehicle Research Center, Austria

Today, functional safety and strategic reuse are two core challenges in automotive electrical/electronic system development. Especially the reuse of certification data has only been covered recently in literature and there are still open issues. Reuse of certification data is challenging because of its close relation to the specific safety item. Current approaches for reuse suggest the use of safety contracts, which enable the composition of safety-critical components and corresponding arguments. Besides all their advantages these safety contracts introduce a lot of additional complexity. In this position paper, we introduce a concept for safety component reuse which is especially tailored for an application in a product line context. Product lines are characterized by their defined scope. We aim to exploit this fact by considering only supported safety items in order to reduce the complexity for this specific context. Considering cross-domain reuse, this could be a special case of the proposed concept. Probably, standards from different domains could also be covered by configurable safety elements. This should also be investigated in future research.

Contract-based refinement of safety-critical components

Alessandro Cimatti, Stefano Tonetta - Fondazione Bruno Kessler, Trento, Italy

The design of safety-critical systems requires advanced modeling and verification techniques to design and properly integrate components in order to satisfy system properties. Contract-based design provides an ideal paradigm for a correct refinement and reuse of components, enriching each component with a contract, i.e., a clear description of the expected interaction of the component with its environment. The ultimate goal of contract-based design is to allow for compositional reasoning, stepwise refinement, and a principled reuse of components that are already pre-designed, or designed independently. I will present a contract-based framework that features a components semantics based on traces, a contracts specification based on temporal logic, and a reasoning engine based on model checking. I will overview the OCRA tool support to such framework and the current use in European projects.

A compositional certification approach for safety case reuse

Espinoza Oritiz Huascar, Klabbers M.D., Yaping Luo, Philippa Conmy

Safety assurance and certification are amongst the most expensive and time-consuming tasks in the development of safety-critical embedded systems. European innovation and productivity in this market is curtailed by the lack of affordable (re)certification approaches. Major challenges arise in the evolutions to a system entailing the reconstruction of the entire body of certification arguments and evidence.
The OPENCOSS project aims to devise a common certification framework that spans different vertical markets for railway, avionics/aviation and automotive industries, and to establish an open-source safety certification infrastructure. The ultimate goal of the project is to bring about substantial reductions in recurring safety certification costs, and at the same time guarantee product safety through the introduction of more systematic certification practices. Both will boost innovation and system upgrades considerably.
As one of the main parts of the project-wide goal, we will build a compositional certification framework based on safety cases. The envisaged framework will seek to enable specification and exchange of the certification assets (arguments and evidence) possibly related to components of safety-critical systems and effective utilization of these assets in certification of safety critical systems. Furthermore the use of template assurance arguments, and contracts which capture certification data properties, will help in the effective utilization of the certification assets (whether between systems or system versions, and within or across vertical markets) while limiting the amount of re-certification work that is required after a change to the system design.