84 results about "Life-critical system" patented technology

A method and system of establishing communications between at least two independent software modules in a safety critical system, such as a medical system, is provided. The design comprises providing an exclusive Bluetooth connection between at least two wireless devices. A master wireless device is configured with Bluetooth master device functionality and a slave wireless device is configured with Bluetooth slave device functionality. The wireless devices are employed in performing a medical procedure. The method further comprises acquiring a stored unique address from the slave wireless device over the Bluetooth connection, comparing the stored unique address to a master wireless device unique address available at the master wireless device, and exclusively pairing the master wireless device and the slave wireless device when the unique address acquired from the slave wireless device is found to identically match the master wireless device unique address.

A method and system of establishing communications between at least two independent software modules in a safety critical system, such as a medical system, is provided. The design comprises providing an exclusive Bluetooth connection between at least two wireless devices. A master wireless device is configured with Bluetooth master device functionality and a slave wireless device is configured with Bluetooth slave device functionality. The wireless devices are employed in performing procedures in a safety critical environment. The method further comprises acquiring a stored unique address from the slave wireless device over the Bluetooth connection, comparing the stored unique address to a master wireless device unique address available at the master wireless device, and exclusively pairing the master wireless device and the slave wireless device when the unique address acquired from the slave wireless device is found to identically match the master wireless device unique address.

The invention relates to a safety critical system-oriented automatic testing resource management method and a safety critical system-oriented automatic testing resource management platform, which are applied to a huge safety critical system with a high requirement on safe reliability. In the method, a testing project is established after a user passes authentication, three management types, namely testing case management, testing process management and document management are set, and a user selects a corresponding management type to perform resource testing management. The platform has a qualification test (Qt) library-based client / server (C / S) framework on the basis of a management platform; a server is taken as a database; a client comprises a core module, a testing case management module, a testing process management module, a document management module and a Bug management module; and the tree structure and the entity type node data of testing resources and operation on the data are defined by the modules of the client. Uniform management on the automatic testing resources of the safety critical system is realized, and the resource management covers a testing stage from the time, so that the black box testing of the safety critical system is effectively supported.

A method is disclosed of producing a system architecture comprising a plurality of electrical devices connected to each other, said system preferably comprising a fault tolerant system, the method including: a) identifying a set of undesirable events and ascribing to each of said undesirable events an indicator of their severity; b) associating where possible each said undesirable event with one or more actuators of said system architecture; c) developing a functional specification of an initial architecture proposed for implementation of said system architecture; d) refining on said functional specification the fault tolerance requirements; e) producing replicates in said functional specification together with attached indicators of independence of said replicates, f) defining a hardware structure for said system architecture; g) mapping of said functional specification onto said hardware structure; and h) verifying automatically that said indicators of independence are preserved during mapping.

A method and system of establishing communications between at least two independent software modules in a safety critical system, such as a medical system, is provided. The design comprises providing an exclusive Bluetooth connection between at least two wireless devices. A master wireless device is configured with Bluetooth master device functionality and a slave wireless device is configured with Bluetooth slave device functionality. The wireless devices are employed in performing procedures in a safety critical environment. The method further comprises acquiring a stored unique address from the slave wireless device over the Bluetooth connection, comparing the stored unique address to a master wireless device unique address available at the master wireless device, and exclusively pairing the master wireless device and the slave wireless device when the unique address acquired from the slave wireless device is found to identically match the master wireless device unique address.

An apparatus includes an input that receives a continuous function chart for each component of the investigated safety-critical system. A processor generates a corresponding component fault tree element. Inports and outports of the component fault tree element are generated and interconnected based on unique names of the inputs and outputs of the corresponding continuous function chart of the respective system component. Input failure modes and output failure modes are generated based on generic mapping between connector types of the continuous function chart and failure types of failure modes of the component fault tree element. The input failure modes of a component fault tree element are connected to output failure modes of the component fault tree element via internal failure propagation paths based on interconnected function blocks of the continuous function chart of the respective system component. An output outputs the generated component fault tree of the safety-critical system.

A mechanism for maintaining configuration or other vital data outside of source code is disclosed. In accordance with the illustrative embodiment of the present invention, a data manager software component serves as an interface between an external configuration data store and one or more applications, processes, and threads. In contrast with techniques of the prior art, the illustrative embodiment does not suffer from the risk of undetected corruption of vital data, and therefore is especially advantageous in safety-critical systems.

A method and system of establishing communications between at least two independent software modules in a safety critical system, such as a medical system, is provided. The design comprises providing a media connection between software modules, wherein the software modules employ a communications protocol and participate in a bi-directional master-slave relationship between a master module and a slave module. The design further comprises sending arbitrary data between the master and slave modules, wherein the arbitrary data is used by the master module to control and obtain status from the slave module, and sending arbitrary data further enables the slave module to return data and status information to the master module. The design also employs a safety critical communications watchdog between the master and slave modules, wherein the safety critical communications watchdog monitors communications quality between the master and slave modules. The bandwidth efficient communications protocol comprises bytes transmitted using a packet consisting of a start indication, a message identifier, an optional service identifier, a class identifier, an optional length of data pertinent to the medical device, a checksum, and a checksum complement.

A method of producing a system architecture comprises identifying a set of undesirable events and ascribing to each of the undesirable events an indicator of their severity, associating the undesirable events with one or more actuators of the system architecture, developing a functional specification of an initial architecture proposed for implementation of the system architecture, refining fault tolerance requirements associated with the severity of each of the undesirable events and issuing refined fault tolerance requirements, producing replicates in the functional specification together with attached indicators of freeness of the replicates from other of the replicates, the indicators reflecting the refined fault tolerance requirements, defining a hardware structure for the system architecture, mapping the functional specification onto the hardware structure, and verifying automatically that the indicators of freeness are preserved during the mapping. The method can be stored on a computer readable storage medium or implemented by a design tool.

Real-time speech recognition systems extend an end-of-utterance timeout period in response to the presence of a disfluency at the end of speech, and by so doing avoid cutting off speakers mid-sentence. Approaches to detecting disfluencies include the application of disfluency n-gram language models, acoustic models, prosody models, and phrase spotting. Explicit pause phrases can also be detected to extend sentence parsing until relevant semantic information is gathered from the speaker or another voice. Disfluency models can be trained such as by searching by successive deletion of tokens, phonemes, or acoustic segments to convert sentences that cannot be parsed into ones that can. Disfluency-based timeout adaptation is applicable to safety-critical systems.

For a device for the electrical actuation of a safety-critical system, having at least two terminals, at least one switch, an operator control element, by means of which at least two operating states for the system are selectable, by means of which switching positions of the at least one switch are determined, it is proposed that at least one current direction element is provided, so that for at least one of the at least two operating states a unidirectional current flow occurs between the at least two terminals.

The embodiment of the invention provides a fault tree generation method for an extended UML class diagram model of a safety-critical system. The method comprises the steps of constructing the UML class diagram model of the safety-critical system, wherein all classes in the UML class diagram model comprise attributes and operations and have a certain relation, and the element semantics of the model is extended by a stereotype; storing the UML class diagram model into a file with a set format, analyzing the file with the set format corresponding to the UML class diagram model by a set information extraction algorithm to extract all the classes and the attributes and the operation information which correspond to all the classes in the UML class diagram model, and generating a fault tree of the UML class diagram model according to a set fault tree generation algorithm. According to the method disclosed by the embodiment of the invention, relevant safety analysis information is successfully embedded into the designed model of the safety-critical system, so that automatic conversion between the designed model of the system and a safety model of the system is realized, and the design fault of the safety-critical system can be effectively overcome.

A railway safety critical application system substitutes commercial off-the-shelf (COTS) hardware and / or software for railway-domain specific product components, yet is validated to conform to railway safety critical system failure-free standards. The safety critical system uses a pair of tasks executed on a controller of a COTS personal computer or within a virtual environment with asymmetric communications capability. Both tasks receive and verify safety critical systems input message data and security code integrity and separately generate output data responsive to the input message. The first task has sole capability to send complete safety critical system output messages, but only the second task has the capability of generating the output security code. A failure of any of systems hardware, software or processing capability results failure to transmit a safety critical system output message or an output message that cannot be verified by other safety critical systems.

A chip damage detection device is provided that includes at least one bi-stable circuit having a first conductive line passing through an observed area of a semiconductor integrated circuit chip for damage monitoring of the observed area. The at least one bi-stable circuit is arranged to flip from a first stable state into a second stable state when a potential difference between a first end and a second end of the first conductive line changes or when a leakage current overdrives a state keeping current at the first conductive line. Further, a semiconductor integrated circuit device that includes the chip damage detection device and a safety critical system that includes the semiconductor integrated circuit device or the chip damage detection circuit is provided.

A chip damage detection device is provided that includes at least one bi-stable circuit having a first conductive line passing through an observed area of a semiconductor integrated circuit chip for damage monitoring of the observed area. The at least one bi-stable circuit is arranged to flip from a first stable state into a second stable state when a potential difference between a first end and a second end of the first conductive line changes or when a leakage current overdrives a state keeping current at the first conductive line. Further, a semiconductor integrated circuit device that includes the chip damage detection device and a safety critical system that includes the semiconductor integrated circuit device or the chip damage detection circuit is provided.