Search code examples
testingembedded

Logical monitoring of program sequence

Following ISO/IEC 61508 functional safety standard (or ISO 26262), logical monitoring of program sequence is a suggested diagnostic method, to verify an application following the intended path.

However, I can't (easily?) find any in-depth analysis of the method, and no source code reference at all, addressing this technique. The only document easy to retrieve on the subject is AUTOSAR documentation, although it doesn't look to me very practical, raising more questions than giving answers.

Many other references are again just articles that claim how good is functional safety standardization, without any additional reference to books or detailed analysis.

Does anybody have any reference to practical/analytical approaches to runtime program sequence monitoring?

Solution

  • A good article on what AUTOSAR describes as logical supervision (akin to the logical monitoring original theme) is the one published as Software Architecture Modeling of AUTOSAR-Based Multi-Core Mixed-Critical Electric Powertrain Controller.

    Even though it doesn't answer directly my original question, it details very succinctly in a straightforward description of how such a supervising feature works. In section 3.2 there is a simple and clear description of how the software watchdog manager functions, as an analyzer of the program flow graph created by the part of a process supervised (supervised entity), by using a sequence of checkpoints placed in the key points of execution.

    As that is an open-access document, nicely written, I think it is well worth mentioning.

    [EDIT]

    Lately, I have been directed to an application note from STM AN4435, that describes a few measures to take with their microcontrollers to fulfill a few safety standards.

    In paragraph 5.1.3 of the above, they approach the "Flow control procedure", which has been very much employed for program sequence monitoring.

    Warning: In Figure 3 of that document there are a couple of mistaken variable names! The four variable assignments in the sequence shall be read as

    Counter = Counter + 5
...
Counter = Counter + 7
...
Counter_ = Counter_ - 7
...
Counter_ = Counter_ - 5

    (Variable naming isn't the best ability of the writer...)