12<sup>th</sup> IEEE International Conference on Emerging Technologies and Factory Automation September 25-28 2007, Patras, Greece



000



#### www.etfa2007.org



© 2007 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.





0

.....

©2007 IEEE IEEE Catalog Number: 07TH8932C ISBN: 1-4244-0826-1 Library of Congress: 2006937986

# **TECHNICAL PROGRAM**

| Session: T1.1                                                                                                                  | Room: I4             | Wednesday, Sep. 26,               | 11:30 - 13:00     |
|--------------------------------------------------------------------------------------------------------------------------------|----------------------|-----------------------------------|-------------------|
| Communication in Automation                                                                                                    | Systems: Pos         |                                   |                   |
| Chairing: Juergen Jasperneite,                                                                                                 | <b>Alexander Fay</b> |                                   |                   |
| Life-cycle Oriented Data Access for a<br>Andreas Gössling, Martin Wollschlae                                                   |                      | ımework                           | 1                 |
| <b>OWL Based Information Agent Serv</b><br>Antti Pakonen, Teppo Pirttioja, Ilkka                                               | •                    |                                   | 9                 |
| <i>Limits of Increasing the Performance</i><br>Juergen Jasperneite, Markus Schuma                                              |                      | ernet Protocols                   | 17                |
| <b>Prediction of End-to-End Deadline M</b><br>Patricia Della Méa Plentz, Carlos Mo                                             | •                    | •                                 | 25                |
| <b>Performance Evaluation and Predict</b><br><b>System in Harsh Industrial Environ</b><br>Uwe Meier, Stefan Witte, Kai Helmig, | nents                |                                   |                   |
| <b>Formalised specification of a test too</b><br>Mathias Mühlhause, Christian Diedri                                           | • • •                |                                   | 38                |
| Session: T6.1                                                                                                                  | Room: I 10           | Wednesday, Sep. 26,               | 11:30 - 13:00     |
| Embedded Model Control and                                                                                                     |                      |                                   |                   |
| Chairing: E. Canuto, J. Ospina                                                                                                 |                      |                                   |                   |
| <b>Embedded Model Control: principles</b><br>Enrico Canuto, Luis David Prieto                                                  | and applications.    | Part I                            | 45                |
| <b>Embedded Model Control: principles</b><br>Enrico Canuto, Luis David Prieto                                                  | and applications.    | Part II                           | 53                |
| <b>Embedded Model Control: sub-micro</b><br>Enrico Canuto, Fabio Musso, Luca M                                                 |                      | ty of the Nanobalance thrust-stan | ad 61             |
| <i>Emerging technologies in the ESA S</i><br><i>Luca Massotti, Enrico Canuto</i>                                               | cience and Earth (   | <b>Observation Programme</b>      | 69                |
| <i>Multilayer control of an optical refer</i><br>Enrico Canuto, José Ospina, Angelo I<br>Marco Bisi, Paolo Cordiale            |                      |                                   | o, 77             |
| Session: T3.1                                                                                                                  | Room: I 11           | Wednesday, Sep. 26,               | 11:30 - 13:00     |
| Scheduling and Resource Ma                                                                                                     |                      |                                   |                   |
| Chairing: Bjorn Anderson, Lui                                                                                                  | gi Sassoli           |                                   |                   |
| Sensitization of Symbolic Runs in Ro<br>Enrico Vicario, Luigi Sassoli, Laura (                                                 |                      | Jsing the ORIS Tool               | 85                |
| Virtual Execution Environment for I<br>Claudiu Farcas, Wolfgang Pree                                                           | Real-Time TDL Co     | mponents                          | 93                |
| Deriving Exact Stochastic Response time Systems                                                                                |                      | Tasks in Hybrid Priority-driven S |                   |
| Giordano Kaczynski, Lucia Lo Bello,                                                                                            | Thomas Nolte         |                                   | 101               |
| Uniprocessor Scheduling Under Tim<br>Fábio Rodrigues de la Rocha, Rômulo                                                       |                      |                                   | 111               |
| <b>Resource Management for Dynamica</b><br>Muhammad Hasan, Sotirios Ziavras                                                    | ally-Challenged Re   | configurable Systems              | 119               |
| <b>Reliable Scheduling of a Distributed</b><br><b>Cause Failures</b><br>Thanikesavan Sivanthi                                  | Real-time Embeda     | led Application Considering Com   | <i>mon</i><br>127 |
| i nanikesuvan sivanini                                                                                                         |                      |                                   | 1 4 /             |

|                                                                                                          | Room: I 12<br>to Enable Integrated | <i>Wednesday, Sep. 26,</i> 11:30 -<br>d Manufacturing and Service Sys             |       |
|----------------------------------------------------------------------------------------------------------|------------------------------------|-----------------------------------------------------------------------------------|-------|
| (IMSS)<br>Chairing: Cab Kiab Mak                                                                         | Cristian Vacar                     |                                                                                   |       |
| Chairing: Goh Kiah Mok                                                                                   |                                    |                                                                                   |       |
| A Rapid Configurable Embedd<br>Kiah Mok Goh, Benny Tjahjono                                              |                                    |                                                                                   | 135   |
| <i>The Wireless Sensor Networks</i><br>L.Q. Zhuang, K.M. Goh, J.B. Zh                                    |                                    | Issues and Challenges                                                             | 141   |
| Service Systems                                                                                          |                                    | odeling Integrated Manufacturing and                                              | 1.40  |
| Han Yu, Zhiqi Shen, Chunyan N                                                                            | 0 -                                | 0                                                                                 | 149   |
| Model-based Monitoring and I<br>Sheng Huang, Kiah Mok Goh, Y                                             |                                    | ology for Ball-nose End Milling<br>n Hong, Kah Chuan Shaw                         | 155   |
| <b>Fault Detection Methods for F</b><br>Lucian Mihet, Octavian Prosted                                   |                                    |                                                                                   | 161   |
|                                                                                                          | ntology for Interoperabili         | ty in Integration of Design Information                                           |       |
| <b>Systems</b><br>Qizhen Yang, Chunyan Miao                                                              |                                    |                                                                                   | 169   |
| Session: T2.1                                                                                            | Room: I4                           | Wednesday, Sep. 26, 14:30 -                                                       | 16:00 |
| Wireless Industrial Com                                                                                  |                                    |                                                                                   | 20000 |
| Chairing: Christos Koula                                                                                 |                                    |                                                                                   |       |
| <b>Development and Performance</b><br><b>Communication based on IEE</b><br>Andreas Vedral, Thomas Kruse, | E 802.15.4                         | a Diversity Module for Industrial                                                 | 177   |
| <b>Reasoning about communicati</b><br>Claudio Zunino, Gianluca Cenc                                      | ion latencies in real WLA          |                                                                                   | 187   |
| through Remote Virtual Interfe                                                                           | ace                                | r <mark>eless Household-Electric Network</mark><br>mabe, Luiz Ricardo Lima, Bruno | 195   |
| Fast Hand Off for Mobile Wire<br>Orazio Mirabella, Lucia Lo Bel                                          |                                    | hele Brischetto                                                                   | 202   |
| <i>The Use of Clustered Wireless</i><br><i>Urban Bilstrup, Katrin Bilstrup</i>                           |                                    |                                                                                   | 211   |
| Industry                                                                                                 |                                    | Network Solutions for the Oil & Gas<br>in Vatland, Trond Michael Andersen, Dag    | 219   |
| Session: T8                                                                                              | <b>Room: I 10</b>                  | Wednesday, Sep. 26, 14:30 -                                                       | 16:00 |
| Computational Intelligen                                                                                 | ce in Automation                   |                                                                                   |       |
| Chairing: E. Man, J. Tar                                                                                 |                                    |                                                                                   |       |
| <i>Texture Recognition for Frog</i><br>Flavio Cannavo', Boray Tek, Izz                                   |                                    | ri                                                                                | 227   |
| Modeling Supply Chain's Reco<br>Bin Ma, Laura Xu, Roland Lim                                             | onfigurability using Fuzzy         | , Logic                                                                           | 234   |
| On the Application of Recurren<br>an Industrial Process                                                  | nt Neural Network Techn            | iques for Detecting Instability Trends in                                         |       |
| Eva Portillo, Itziar Cabanes, M                                                                          | larga Marcos, Asier Zubizo         | arreta                                                                            | 242   |

Intelligent Control in Automation Based on Wireless Traffic Analysis Kurt W. Derr, Milos Manic

On-line Identification of Hybrid Systems Using an Adaptive Growing and Pruning RBF Neural<br/>NetworkTohid Alizadeh, Karim Salahshoor, Mohammad Reza Jafari, Abdollah Alizadeh, Mehdi Gholami257Fault diagnosis and fuzzy logic decision for stochastic timed automata<br/>Ghada Beydoun, Zemouri Ryad265

| Session: T5.1                                                                                            | <b>Room: I 11</b>    | Wednesday, Sep. 20          | 6, 14:30 - 16:00   |
|----------------------------------------------------------------------------------------------------------|----------------------|-----------------------------|--------------------|
| Architectures, Methods o                                                                                 | and Technologies for | • Enterprise Integrati      | ion                |
| Chairing: Rei Itsuki, Jose L                                                                             | astra                |                             |                    |
| <b>Impact of the Delay of Subcontra</b><br>Approach<br>Mohammed Dahane, Christian Cl                     | · ·                  | grated Maintenance: Analy   | <i>tical</i> 273   |
| <b>Development of Communications</b><br><b>Production Equipment</b><br>Satoshi Iwatsu, Yuji Watanabe, K. |                      | Ifacturing Execution System | <i>and</i> 280     |
| <b>On Ontology Mapping in Factory</b><br>Corina Popescu, Jose L. Martinez                                |                      |                             | 288                |
| Integration of SOA-ready Networ<br>Layered Web Service Infrastruct<br>Stamatis Karnouskos, Oliver Baeo   | ure                  |                             | 293                |
| <b>An Information Management Sy</b><br>Kazuhiro Kawashima, Norihisa K                                    |                      | n Supply Chain by Secure R. | <b>FID Tag</b> 301 |
| An Approach for Integrating Rea<br>Service-oriented Architecture Pa<br>Daniel Cachapa, Armando Colom     | radigm               |                             | <i>ng the</i> 309  |

| Session: SS2.2                                                                                          | <b>Room: I 12</b>  | Wednesday, Sep. 26,     | 14:30 - 16:00    |
|---------------------------------------------------------------------------------------------------------|--------------------|-------------------------|------------------|
| Planning and Integration T                                                                              | echnologies for Ma | nufacturing and Service | Systems          |
| Chairing: Angle Goh, He We                                                                              | ei                 |                         |                  |
| Web 2.0 Concepts and Technologi<br>Chong Minsk Goh, Siew Poh Lee, V                                     |                    | egration                | 315              |
| Composing OWL-S Web Services<br>B.D. Tran, P.S. Tan, A. Goh                                             |                    |                         | 322              |
| An Investigative Approach on Imp<br>Enterprise Integration using Web<br>Wei He, Puay Siew Tan, Chong Mi | 2.0 Technologies   | _                       | ities for<br>330 |
| <b>Common Capacity Modelling for</b> <i>I</i><br>F.Y. Wang, T.J. Chua, T.X. Cai, L.S.                   |                    | e Studies               | 336              |

# Session: T1.2Room: I4Wednesday, Sep. 26, 16:30 - 18:00IT in the Design Process of Automation SystemsChairing: Alexander Fay, Juergen JasperneiteIntroducing the Modeling and Verification process in SysML<br/>Marcos Vinicius Linhares, Rômulo Silva de Oliveira, Jean-Marie Farines, François Vernadat344Automated PLC Software Generation Based on Standardized Digital Process Elements<br/>Martin Bergert, Jens Kiefer, Christian Diedrich, Thomas Bär352

360

368

*A rule format for industrial plant information reasoning Till Schmidberger, Alexander Fay* 

Software Quality Measures to determine the Diagnosability of PLC Applications Mohammed Bani Younis, Georg Frey

| <b>Control Systems</b><br>Sandro Andrade, Raimundo M                                           | <i>lacêdo</i>               |                                                                      | 376    |
|------------------------------------------------------------------------------------------------|-----------------------------|----------------------------------------------------------------------|--------|
| Interactively Configurable Fi<br>Sebastian Theiss, Joern Ploen                                 |                             | <mark>ents</mark><br>yy, Jens Naake, Klaus Kabitzsch                 | 384    |
| <b>4 Linear Programming Base</b><br>Ewa Figielska                                              | d Heuristic for Solving a T | vo-Stage Flowshop Scheduling Problem                                 | 392    |
| Session: T6.2                                                                                  | <b>Room: I 10</b>           | Wednesday, Sep. 26, 16:30                                            | - 18:( |
| <mark>Industry/Bank Automa</mark><br>Chairing: R. Vilanova, F                                  |                             |                                                                      |        |
|                                                                                                | Methods for Modelling and   | d Simulation of Industrial Systems                                   | 398    |
| <b>On the automatic generation</b><br>Luiz Paulo Barbosa, Kyller G                             |                             | f <b>rom ISA 5.2 diagrams</b><br>ma, Angelo Perkusich, Leandro Silva | 406    |
| <b>Bank Note Classification Usi</b><br>Sigeru Omatu, Michifumi Yosi                            |                             |                                                                      | 413    |
| F <b>eedforward Control for unc</b><br>Ramon Vilanova                                          | ertain systems. Internal Mo | odel Control approach                                                | 418    |
| Session: T4<br>Intelligent Sensors and<br>Chairing: Pedro M. Ruiz                              |                             | <i>Wednesday, Sep. 26,</i> 16:30<br>vinga                            | - 18:( |
| U <b>tilising Noise Effects on Inj</b><br>Nikos Petrellis, Nikos Konofae                       |                             | r Position Estimation on a Grid Plane                                | 426    |
| <mark>4 Tight Lower Bound for Art</mark><br>Andrea Bottino, Aldo Laurent                       |                             | lgorithms                                                            | 434    |
| Implementation and Evaluati<br>Ethernet<br>Angelos Anastasopoulos, Dim                         |                             | lizing TinyOS-based systems and noulis. Stavros Koubias              | 441    |
| 0 1                                                                                            | n Management Automation     | using Wireless Sensor Networks                                       | 448    |
| <b>METATRO: A Real Time RF</b><br>George Asimakopoulos, Spiro                                  |                             | o <mark>ring system for perishable comestibles</mark><br>illou       | 456    |
| <b>Performance Evaluation of I</b><br>Reconciliation Technique Ba<br>Karim Salahshoor, Mohamma | sed on the Unscented Kalm   | an Filter                                                            | 460    |
| 50 Ways to Build your Applic<br>Networks<br>Toannis Chatzigiannakis, Geor                      |                             | v <mark>are and Systems for Wireless Sensor</mark><br>etseas         | 466    |
| Session: SS1.1                                                                                 | Room: I 12                  |                                                                      |        |
| <b>Chairing: Kleanthis Thr</b>                                                                 | on Block Model in Coi       |                                                                      | - 10:( |
| Benchmarking of IEC 61499                                                                      | runtime environments        | Strasser, Jeroen Brunnenkreef                                        | 474    |
| Educational Approaches for a<br>Seppo A Sierla, James H Chri                                   |                             |                                                                      | 482    |
| noonnonating Industrial Exp                                                                    | ariance to IFC 61/00 Rase   | d Development Methodologies and                                      |        |

Incorporating Industrial Experience to IEC 61499 Based Development Methodologies and Toolsets Mika P. Strömman, Kleanthis C. Thramboulidis, Seppo A. Sierla, Nikolaos Papakonstantinou, Kari

490 O. Koskinen

| Implementing IEC 61499 Communication with the CIP Protocol<br>Frans Weehuizen, Aidan Brown, Christoph Sünder, Oliver Hummer | 498 |
|-----------------------------------------------------------------------------------------------------------------------------|-----|
| <b>Deployment of IEC 61499 Compliant Distributed Control Applications</b><br>Tanvir Hussain, Georg Frey                     | 502 |
| Integrating CNet and IEC 61499 function blocks Nils Hagge                                                                   | 506 |

| Session: SS3                                                           | Room: I4                     | Thursday, Sep. 27,   | 11:00 - 12:30 |
|------------------------------------------------------------------------|------------------------------|----------------------|---------------|
| Methods and Instrumer                                                  | ntation for Performanc       | e Measurement in Rec | ul-time       |
| Networks                                                               |                              |                      |               |
| Chairing: Alessandra Fla                                               | mmini, José A. Fonseca       |                      |               |
| <b>Precision of Ethernet Measur</b><br>Iwan Schafer, Max Felser        | ements based on Software To  | ols                  | 510           |
| <b>Delay Measurement System fo</b><br>Paulo Bartolomeu, Valter Silvo   |                              | ams                  | 516           |
| A new distributed instrument characterization                          |                              | •                    |               |
| Paolo Ferrari, Alessandra Fla                                          | mmini, Daniele Marioli, Andr | ea Taroni            | 524           |
| <b>Measuring the impact of verti</b><br>Bruno Denis, Silvain Ruel, Jea |                              |                      | 532           |
| <b>Measuring Real Time Perform</b><br>Micaela Caserza Magro, Paolo     |                              | l Control Systems    | 540           |

| Session: T6.3                                                                                           | <b>Room: I 10</b>                                                                   | <i>Thursday, Sep. 27,</i> 11:00 - 12:30          |
|---------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------------|
| Control Theory and A                                                                                    | pplications                                                                         |                                                  |
| Chairing: A. Tzes, L. N                                                                                 | lassotti                                                                            |                                                  |
| <b>Stability margins character</b><br>Orlando Arrieta, Ramón Vil                                        |                                                                                     | egulation tuning for PID controllers<br>548      |
| <i>I/O Decoupling And Distur</i><br><i>Measurement Output Feed</i><br><i>Fotis N. Koumboulis, Georg</i> | back                                                                                | Linear Time Delay Systems Via<br>555             |
|                                                                                                         | <b>Technique for the Suppressio</b><br><b>nes with Hoisting Mechanism</b><br>y Tzes | n of Payload Swing in Three-<br>565              |
| membrane humidity                                                                                       | o <mark>n Exchange Membrane Fuel</mark> (<br>vyekhf, Abdellah El Moudni, Ma         | Cell: The effect of temperature andaxime Wack569 |
| <i>Automation of diagnosis of</i><br><i>Fuzzy Expert System</i><br><i>Jovelino Falqueto, Matheus</i>    |                                                                                     | e Itaipu Hydroelectric Plant with a 577          |

| Session: T5.2                                                          | <b>Room: I 11</b> | Thursday, Sep. 27,  | 11:00 - 12:30 |
|------------------------------------------------------------------------|-------------------|---------------------|---------------|
| Emerging Issues and S                                                  | olutions          |                     |               |
| Chairing: Masanori Akiy                                                | oshi, Jose Lastra |                     |               |
| <b>Towards Biologically Inspired</b><br>Dania A. El Kebbe, Nils Kretz. |                   | nufacturing Systems | 585           |
| An Alert Management System<br>Jason C.S. Chung, Dickson K.             | •                 | nt                  | 591           |
| Electric power service selection<br>Shigeyuki Tani, Masaharu Aka       |                   | 9ntract             | 599           |
| <b>Enforcing Transition Deadlin</b><br>Haisheng Wang, Liviu Grigore    |                   | bi                  | 604           |

| Controlling Residential Co-Generation System Based on Hierarchical Decentralized Model<br>Takuya Matsumoto, Hisashi Tamaki, Hajime Murao | 612 |
|------------------------------------------------------------------------------------------------------------------------------------------|-----|
| Construction of Traceability Sysmem by using Simple and Handy type RFID reader<br>Rei Itsuki                                             | 619 |

| Session: SS5                                                                                                              | <b>Room: I</b> 12      | <u>Thursday, Sep. 27, 11</u> | :00 - 12:30 |
|---------------------------------------------------------------------------------------------------------------------------|------------------------|------------------------------|-------------|
| Embedded Systems Security                                                                                                 | Y                      |                              |             |
| Chairing: D.N. Serpanos, W.H                                                                                              | I. Wolf                |                              |             |
| Implementation of HSSec: a High-S<br>Athanasios Kakarountas, Haralambo                                                    |                        | •                            | 625         |
| Using Value Locality to Reduce Met<br>George Keramidas, Pavlos Petoumet<br>Serpanos                                       |                        |                              | ios 632     |
| <b>An Integrated Security Model for C</b><br>Nimal Nissanke                                                               | omponent–Based System  | 8                            | 638         |
| <b>Security - Lifetime Tradeoffs for Wi</b><br>Zdravko Karakehayov                                                        | reless Sensor Networks |                              | 646         |
| Security and DRM in Indoor/Outdo<br>Centric Frameworks<br>Tasos Fragopoulos, Antonios Athanc<br>Gialelis, Stavros Koubias | U U                    |                              | 651         |
| Session: T7<br>Distributed Intelligent Cont                                                                               | Room: I 13             | Thursday, Sep. 27, 11        | :00 - 12:30 |
| Cisil ibuleu Intelligent Cont                                                                                             | TOT TOT TEXIBLE MU     |                              |             |

| Chairing: George Chryssolouris, Nidhal Rezg                                                                                                                            |     |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----|
| Hierarchical Distributed Controllers - Design and Verification<br>Dirk Missal, Martin Hirsch, Hans-Michael Hanisch                                                     | 657 |
| <b>Dynamic Workflow Priorization Based on Block Finite Position Machines</b><br>Jesus Trujillo, Zbigniew Pasek, Enrique Baeyens                                        | 665 |
| Analytical Method for Generating Feasible Control Sequences in Controller Development<br>Jesus Trujillo, Zbigniew Pasek, Enrique Baeyens                               | 673 |
| Structural Reasoning in Proving System Correctness<br>Andrei Lobov, Jose Luis Martinez Lastra                                                                          | 681 |
| Application Of The Supervisory Control Theory To Automated Systems Of Multi-Product<br>Manufacturing<br>Daniel Balieiro, Eduardo Portela, Agnelo Vieira, Marco Busetti | 689 |
| Management and manipulation of products using RFID-IMS in chain of production and<br>distribution<br>Antonio Abarca, Julio Encinas, Andres Garcia                      | 697 |

| Session: WIP 1                                                       | Room: I4                                   | Thursday, Sep. 27, 1 | 6:00 - 17:00 |  |  |
|----------------------------------------------------------------------|--------------------------------------------|----------------------|--------------|--|--|
| Industrial Networks an                                               | Industrial Networks and Factory Automation |                      |              |  |  |
| Chairing: Thilo Sauter                                               |                                            |                      |              |  |  |
| <b>Topology Discovery in PROF</b><br>Iwan Schafer, Max Felser        | INET                                       |                      | 704          |  |  |
| <b>Retrieval of Diagnostic Inform</b><br>Tim Keane, Hassan Kaghazchi | •                                          | etworks              | 708          |  |  |
| <b>Uniform Engineering of Distr</b><br>Martin Hoffmann, Mathias Mu   |                                            | **                   | 712          |  |  |
| <b>Context-aware infrastructure</b><br>Loubna Ali, Mayyad Jaber, So  |                                            |                      | 716          |  |  |

| <b>Development of Web-Based Software for a Multi-Fieldbus Diagnosis Tool</b><br>Scott Warner, Hassan Kaghazchi                                                                      | 720 |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----|
| Assessment of the Ontological Approach in Factory Automation from the Perspectives of<br>Connectionism<br>Aleksandra Dvorynachikova, Jose Lastra                                    | 724 |
| <b>OPC server implementation with MMS over Ethernet</b><br>Hubert Kirrmann, Sébastien Chatelanat, Michael Obrist                                                                    | 728 |
| Modeling Logical and Temporal Conditions to Formally Validate Factory Automation Web<br>Services<br>Corina Popescu, Jose L. Martinez Lastra                                         | 732 |
| Message-Oriented Middleware for Automated Piezomotor Manufacturing<br>Patrick Otto, Bernd Lindner, Martin Wollschlaeger                                                             | 736 |
| <b>A Simulation Study of Ethernet Powerlink Networks</b><br>Stefano Vitturi, Lucia Seno                                                                                             | 740 |
| Using a Packet Manipulaton Tool for Security Analysis of Industrial Network Protocols<br>Tiago H. Kobayashi, Aguinaldo B. Batista Jr., Agostinho M. Brito Jr., Paulo S. Motta Pires | 744 |

| Session: WIP 2<br>Embedded Systems and                                                                   | Room: I 10                | Thursday, Sep. 27,            | 16:00 - 17:00           |
|----------------------------------------------------------------------------------------------------------|---------------------------|-------------------------------|-------------------------|
| Chairing: Thilo Sauter                                                                                   |                           |                               |                         |
| <b>A Power Manager for Deeply</b><br>Geovani R. Wiedenhoft, Arlion                                       | •                         | röhlich                       | 748                     |
| <b>Coprime factorization based s</b><br>Salva Alcántara, Carles Pedre                                    |                           |                               | 752                     |
| <b>A Constraint Logic Programm</b><br><b>Distributed Embedded System</b><br>Kåre Harbo Poulsen, Paul Pop | S                         | thesis of Fault-Tolerant Sche | edules for<br>756       |
| <b>Embedded linux scheduler m</b> o<br>Zdenek Slanina, Vilem Srovna                                      |                           |                               | 760                     |
| <b>Enhanced Engineering of Do</b><br><b>Descriptions within the eCED</b><br>Christoph Sünder, Oliver Hum | AC Approach               | n by use of Hardware Capabi   | <i>lity</i><br>764      |
| <b>Security in Agent-based Autor</b><br>Basit Ahmed Khan, Jörgen Ma                                      |                           |                               | 768                     |
| Automating Security Tests Fo<br>Joao Paulo S. Medeiros, Alliso                                           |                           |                               | <i>es</i> 772           |
| <b>New Developments in EPOS</b><br>Rafael Luiz Cancian, Marcelo                                          |                           |                               | 776                     |
| <b>Genetic Algorithms Multiobje</b><br>Dan Stan, Vistrian Maties, Rad                                    |                           | OF Micro Parallel Robot       | 780                     |
| <b>A Hidden Markov Models Too</b><br>Fotios Sotiropoulos, Panayioti                                      |                           |                               | <b>sformer</b><br>784   |
| <b>A Graphical Editor for the In</b><br>Ricardo Nunes, Luis Gomes, Jo                                    |                           | Petri Net Class               | 788                     |
| Feasibility Conditions with Ke<br>Priority Ceiling Protocol on a<br>Franck Bimbard, Laurent Geo          | n Event Driven OSEK Syste |                               | <b>ling with</b><br>792 |

| Session: SS9                                                           | <b>Room: I 11</b>           | Thursday, Sep. 27,           | 16:00 - 17:30 |
|------------------------------------------------------------------------|-----------------------------|------------------------------|---------------|
| Business Intelligence an                                               | d its Applications in       | Industrial Ecosystems        |               |
| Chairing: Elizabeth Chan                                               | g, Tharam Dillon            |                              |               |
| <b>An FCA-based mapping gener</b><br>Paolo Ceravolo, Zhan Cui, Alex    |                             |                              | 796           |
| Addressing The Challenges Of<br>Miheala Ulieru, Mohsin Sohail          | Enetwork Cyberengineerin    | ng                           | 804           |
| <b>Trust based Decision Making</b><br>Amandeep Sidhu, Farookh Hus      |                             |                              | 810           |
| <b>Application of SPARQL in Sen</b><br>Hai Dong, Farookh Hussain, El   |                             |                              | 816           |
| <b>Quantifying the Level of Failu</b><br>Omar Hussain, Elizabeth Chang |                             |                              | 820           |
| <b>An Overview of the interpretati</b><br>Omar Hussain                 | ons of trust and reputation | !                            | 826           |
| <b>Ontology Engineering and (Di</b><br>Peter Spyns, Robert Meersman    | gital) Business Ecosystems. | : a case for a Pragmatic Web | 831           |

| Session: SS6.1                                                       | <b>Room: I 12</b>           | Thursday, Sep. 27,             | 16:00 - 17:30 |
|----------------------------------------------------------------------|-----------------------------|--------------------------------|---------------|
| Interoperability Issues                                              |                             |                                |               |
| Chairing: Vincent Chapt                                              | ırlat, Athanasios Kaloş     | geras                          |               |
|                                                                      | fication approach for chard | icterizing and checking organi | zational      |
| <b>interoperability</b><br>Vallespir Bruno, Chapurlat Vin            | acent                       |                                | 839           |
| <b>Enterprise Semantic Modellin</b><br>Nacer Boudjlida, Hervé Paneti |                             |                                | 847           |
| An Ontology-based Interopera<br>Daniel Diep, Christos Alexako        | •                           | ibuted Manufacturing Control   | 855           |
| Interoperable Language Fam<br>Thomas Wagner, Albert Treytl,          |                             | on in Industrial Applications  | 863           |
| <b>Multilevel Order Decompositi</b><br>Daniela Wuensch, Aleksey Bra  |                             | n                              | 872           |

| Session: WIP 3                                                                                    | <b>Room: I 13</b>        | Thursday, Sep. 27, 16             | :00 - 17:00 |
|---------------------------------------------------------------------------------------------------|--------------------------|-----------------------------------|-------------|
| Sensors and Actuators                                                                             |                          |                                   |             |
| Chairing: Thilo Sauter                                                                            |                          |                                   |             |
| Accuracy analysis of a 3D mea<br>industrial robot with a turntabl<br>Mohamed Rahayem, J.A.P Kjeld | le                       | a laser profile scanner mounted o | n an<br>880 |
| <b>Group Management System of</b><br>Yuichi Kobayashi, Toshiyuki Ku                               |                          |                                   | 884         |
| Service Oriented Architecture J<br>Camilo Christo, Carlos Cardein                                 |                          | ion                               | 888         |
| Active Beacon System with the<br>Byoung-hoon Kim, Jong-suk Ch                                     |                          | re for Indoor Localization        | 892         |
| <b>Line based robot localization u</b><br>Danilo Navarro, Ginés Benet, N                          | •                        |                                   | 896         |
| Surveillance of Mobile Objects<br>Tony Larsson                                                    | using Coordinated Wirele | ss Sensor Nodes                   | 900         |

| <b>RAVEN: A Maritime Surveillance Project Using Small UAV</b><br>Siu O'Young, Paul Hubbard                                                                                                  | 904 |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----|
| Intelligent Multisensorsystem for In-line Process- and Quality Monitoring of Welding Seams<br>using Methods of Pattern Recognition<br>Michael Kuhl, Reimund Neugebauer, Paul-Michael Mickel | 908 |
| Sensor Enabled Rule Based Alarm System for the Agricultural Industry<br>Christos Gogos, Panayiotis Alefragis, Efthymios Housos                                                              | 912 |
| <b>Matching Images of Imprinted Tablets</b><br>Ziga Spiclin, Marko Bukovec, Franjo Pernus, Bostjan Likar                                                                                    | 916 |
| Wireless Vibrating Monitoring (WiVib) An industrial case study<br>Jonas Neander, Stefan Svensson, Tomas Lennvall, Mats Björkman, Mikael Nolin                                               | 920 |

| Session: T3.2                                                                                            | Room: I 10                            | <i>Thursday, Sep. 27,</i> 17:00 - 18:             | :00 |
|----------------------------------------------------------------------------------------------------------|---------------------------------------|---------------------------------------------------|-----|
| Real-Time and Control                                                                                    |                                       |                                                   |     |
| Chairing: José A. Fonseca                                                                                |                                       |                                                   |     |
| <b>Optimal Flow Routing in Multi-h</b><br>Linear Programming<br>Jiri Trdlicka, Zdenek Hanzalek, M        |                                       | <b>Real-Time Constraints through</b><br>92        | 24  |
| Simple PID Control Algorithm ad<br>Volodymyr Vasyutynskyy, Klaus K                                       | · · · · · · · · · · · · · · · · · · · | pling<br>93                                       | 32  |
| <b>Second order sliding mode real-ti</b><br>Luca Capisani, Tullio Facchinetti,                           |                                       | <i>robotic manipulator</i><br>94                  | 41  |
| <i>On the practical issues of implem</i><br><i>controllers</i><br><i>Jose Fonseca, Paulo Bartolomeu,</i> |                                       | protocol in small processing power<br>Varreiro 94 | 19  |

| Session: T9.1                                                                              | Room: I4                                                                     | <i>Friday, Sep. 28,</i> 10:00 - 11:30     |  |
|--------------------------------------------------------------------------------------------|------------------------------------------------------------------------------|-------------------------------------------|--|
| Intelligent Robots I                                                                       |                                                                              |                                           |  |
| Chairing: Josep M. Mira                                                                    | its, Yolanda Bolea                                                           |                                           |  |
| <b>A New Time-Independent Im</b><br>Gabriel J. García, Jorge Pom                           | a <mark>ge Path Tracker to Guide Ro</mark><br>ares, Fernando Torres          | obots Using Visual Servoing<br>957        |  |
| <b>Real-Time Architecture for N</b><br>Pedro Sousa, Rui Araújo, Url                        | <b>Aobile Assistant Robots</b><br>bano Nunes, Luís Alves, Ana Lo             | opes 965                                  |  |
| Hierarchical Distributed Arc<br>Jose Azevedo, Bernardo Cunl                                | <b>hitectures for Autonomous M</b><br>aa, Luis Almeida                       | <i>Sobile Robots: a Case Study</i><br>973 |  |
| <b>Camera Localization and Ma</b><br><b>Parametrization</b><br>Rodrigo Munguia, Antoni Gra |                                                                              | P Initialization and Inverse Depth<br>981 |  |
| <b>An Outdoor Guidepath Navig</b><br><b>Markers</b><br>Ana Lopes, Fernando Moita,          |                                                                              | d on Robust Detection of Magnetic<br>989  |  |
| Decision Making among Alte                                                                 | e <mark>rnative Routes for UAVs in D</mark><br>lo, Gonzalo Pajares, Jesus M. |                                           |  |

| Session: T5.3                                                                                       | <b>Room: I 11</b>               | Friday, Sep. 28, 10:00 - 11:30       |  |  |  |
|-----------------------------------------------------------------------------------------------------|---------------------------------|--------------------------------------|--|--|--|
| Automated Manufactu                                                                                 | Automated Manufacturing Systems |                                      |  |  |  |
| Chairing: Toshiya Kaih                                                                              | ara, Jose Lastra                |                                      |  |  |  |
| <b>Development of a holistic Gu</b><br><b>Machining Operations</b><br>Ulrich Berger, Ralf Kretzschr |                                 | ocess Chain for benchmarking<br>1005 |  |  |  |
| <b>Design and Realization of a</b><br>Francesco Calabrese, Giovan                                   |                                 | mbedded Controller<br>1010           |  |  |  |

| <b>A Study on Automated Scheduling Methodology for Machining Job Shop</b><br>Yoshihiro Yao, Toshiya Kaihara, Kentaro Sashio, Susumu Fujii                | 1018 |
|----------------------------------------------------------------------------------------------------------------------------------------------------------|------|
| A Heuristic Approach For Scheduling Multi-Chip Packages For Semiconductor Backend<br>Assembly<br>Tay Jin Chua, Tian Xiang Cai, Xiao Feng Yin             | 1024 |
| A Formal Approach for the Specification, Verification and Control of Flexible Manufacturing<br>Systems<br>Sajeh Zairi, Belhassen Zouari, Laurent Piétrac | 1031 |
| Design and Implementation of Petrinet Based Distributed Control Architecture for Robotic<br>Manufacturing Systems<br>G. Yasuda                           | 1039 |

| Session: SS8                                                                       | <b>Room: I 12</b>             | Friday, Sep. 28, 1          | 0:00 - 11:30     |
|------------------------------------------------------------------------------------|-------------------------------|-----------------------------|------------------|
| Design and Analysis of                                                             | Distributed Automatio         | n Systems                   |                  |
| Chairing: Georg Frey, A                                                            | lexander Fay                  |                             |                  |
| <b>Formal verification of redund</b><br>Steve Limal, Bruno Denis, Jea              |                               |                             | 1045             |
| <b>DesLaNAS – a language for</b><br>Jürgen Greifeneder, Georg Fr                   | -                             | ution Systems               | 1053             |
| <b>Simulation Approach for Eva</b><br>Liu Liu, Georg Frey                          | luating Response Times in No  | etworked Automation Systems | <b>5</b><br>1061 |
| <b>UML-based safety analysis oj</b><br>Sebastian Schreiber, Till Schn<br>Schnieder |                               |                             | d 1069           |
| <b>Incremental design of distrib</b><br>Arndt Lüder, Jörn Peschke                  | uted control systems using GA | IA-UML                      | 1076             |
| <b>Distributed control programm</b><br>Michael Heinze, Joern Peschk                |                               | vstem                       | 1084             |

| Session: T3.3                                                              | Room: I 13       | Friday, Sep. 28, 10:00 - 11:30 |
|----------------------------------------------------------------------------|------------------|--------------------------------|
| Distributed Real-time Sy                                                   | vstems           |                                |
| Chairing: Thomas Nolte, C                                                  | Drazio Mirabella |                                |
| <b>Simulation for end-to-end delay</b><br>Jean-Luc Scharbarg, Christian F  |                  | Ethernet 1092                  |
| <b>Exploiting a Prioritized MAC P</b><br>Björn Andersson, Nuno Pereira,    |                  | ute Interpolations 1100        |
| <i>Master Replication and Bus Err</i><br>Valter Silva, Joaquim Ferreira, . |                  | with Multiple Buses 1107       |
| <b>Embedded Web Services for Ind</b><br>Francisco Maciá-Pérez, Diego N     |                  |                                |

| Session: T10                                                                             | Room: 14   | Friday, Sep. 28, 12:00         | - 13:30 |
|------------------------------------------------------------------------------------------|------------|--------------------------------|---------|
| Emerging Issues                                                                          |            |                                |         |
| Chairing: Gianluca Cena, Da                                                              | cfey Dzung |                                |         |
| The Effect of Quartz Drift on Conv.<br>Eric Armengaud, Andreas Steininger                | 0          | Clock Synchronization          | 1123    |
| Supply Chain Performance Evaluate<br>Zhengping Li, Arun Kumar, Xiaoxia                   | •          | d Operational Levels           | 1131    |
| Common Approach to Functional S<br>Control Systems<br>Thomas Novak, Albert Treytl, Peter |            | ity in Building Automation and | 1141    |

| A Development Process for Mechatronic Products: Integrating Software Engineering and<br>Product Engineering<br>Ana Patrícia Magalhães, Aline Andrade, Leila Silva, Herman Lepikson     | 1149 |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------|
| <i>A Novel Class of Multi-Agent Algorithms for Highly Dynamic Transport Planning Inspired by</i><br><i>Honey Bee Behavior</i><br>Horst F. Wedde, Sebastian Lehnhoff, Bernhard van Bonn | 1157 |
| Introducing and Evaluating a Relaying Concept for the IEEE 802.16 Wireless Metropolitan<br>Networks<br>Christos Antonopoulos, Kostas Stamatis                                          | 1165 |

| Session: SS4                                                  | Room: I 10                                                                      | Friday, Sep. 28, 12:00 -                                                                | - 13:00 |
|---------------------------------------------------------------|---------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|---------|
| Innovative E-Learnin<br>Chairing: Luis Gomes                  | <b>-</b>                                                                        |                                                                                         |         |
| Synchronous Multipoint E<br>Unicast Networks: Design          | -<br>-Learning Realized on an Intel<br>and Performance Issues                   | l <mark>igent Software-Router Platform over</mark><br>cesco Licandro, Alessandra Russo, | 1172    |
|                                                               | o <mark>ratory for Distance Training</mark> in<br>, Herminio Martinez, Joan Dom |                                                                                         | 1180    |
| <b>Remote Laboratory for Co</b><br>Yolanda Bolea, Antoni Gra  |                                                                                 |                                                                                         | 1188    |
| Session: SS7                                                  | Room: I 10                                                                      | Friday, Sep. 28, 13:00 ·                                                                | - 13:30 |
| Grouping and Coopera                                          | ating of Services                                                               |                                                                                         |         |
| Chairing: Carsten Bus                                         | chmann, Reinhardt Karna                                                         | pke                                                                                     |         |
| <b>In-network Processing and</b><br>Maik Krüger, Reinhardt Ka | Collective Operations using th<br>rnapke, Jörg Nolte                            | e Cocos-Framework                                                                       | 1194    |

*Lean and Robust Phenomenon Boundary Approximation Carsten Buschmann, Daniela Krueger, Stefan Fischer* 

| Session: T5.4<br>Multi-agent Systems f<br>Chairing: Masanori Akiy                      |                             | <i>Friday, Sep. 28,</i> 12:00 - trol                                               | 13:30 |
|----------------------------------------------------------------------------------------|-----------------------------|------------------------------------------------------------------------------------|-------|
| utilizing a relevant Meta-Onto                                                         | ology                       | <b>g ontology to a multi-agent system</b><br>geras, John Gialelis, Stavros Koubias | 1210  |
| Agent-based Control of Rapid<br>Jani Jokinen, Jose L. Martinez                         |                             | Handling System                                                                    | 1217  |
| Agent Based Prototype for Int<br>Manufacturing Automation<br>Rui M. Lima, Rui M. Sousa | eroperation of Production I | Planning and Control and                                                           | 1225  |
| <b>Agent-Based Control Model f</b><br>Omar López, Jose Lastra                          | or Reconfigurable Manufac   | turing Systems                                                                     | 1233  |
| A holonic approach for manu<br>Blanc Pascal, Demongodin Isa                            |                             | design: an industrial application<br>et Jean-Claude                                | 1239  |

| Session: T2.2             | <b>Room: I 12</b> | Friday, Sep. 28, 12:00 - 13:30    |
|---------------------------|-------------------|-----------------------------------|
| Scheduling, Safety and    | Response Times of | Industrial Communication Networks |
| Chairing: Julian Proenza, | , Thomas Nolte    |                                   |

*Network Recovery Time Measurements of RSTP in an Ethernet Ring Topology Gunnar Prytz*  1202

| <b>Evaluation of timing characteristics of a prototype system based on PROFINET IO RT_Class 3</b><br>Paolo Ferrari, Alessandra Flammini, Daniele Marioli, Andrea Taroni, Francesco Venturini | 1254 |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------|
| Hyperperiod Bus Scheduling and Optimizations for TDL Components<br>Emilia Farcas, Wolfgang Pree                                                                                              | 1262 |
| <b>Testing Approach for Online Hardware Self Tests in Embedded Safety Related Systems</b><br>Thomas Tamandl, Peter Preininger, Thomas Novak, Peter Palensky                                  | 1270 |
| <b>BuST: Budget Sharing Token Protocol for Hard Real-Time Communication</b><br>Gianluca Franchino, Giorgio C. Buttazzo, Tullio Facchinetti                                                   | 1278 |

| Session: SS6.2                                                | Room: I 13                       | Friday, Sep. 28, 12:00              | ) - 13:30 |
|---------------------------------------------------------------|----------------------------------|-------------------------------------|-----------|
| Interoperability Applica                                      |                                  |                                     |           |
| Chairing: Athanasios Ka                                       | logeras, Ioannis Gialeli         | S                                   |           |
| Semantically-Enabled Inter-E<br>Christos Alexakos, Panagiotis |                                  |                                     | 1286      |
| <b>Interoperability Issues in Virt</b><br>Taivo Kangilaski    | ual Organization – How to F      | roceed?                             | 1293      |
| Towards an ontology-based sy statements                       | estem for intelligent prediction | n of firms with fraudulent financia | ıl        |
| Dimitris Kanellopoulos, Sotiri.                               | s Kotsiantis, Vasilis Tampaka    | S                                   | 1300      |
| <b>AHP Based Supply Chain Per</b><br>Laura Xiao Xia Xu        | formance Measurement Sys         | tem                                 | 1308      |

| Session: T9.2                                                                       | Room: I4                     | Friday, Sep. 28, 13:30 - 15:00              |
|-------------------------------------------------------------------------------------|------------------------------|---------------------------------------------|
| Intelligent Robots II                                                               |                              |                                             |
| Chairing: Antoni Grau, G                                                            | abriel J. Garcia             |                                             |
| <b>Accurate Range Image Registr</b><br>Yonghuai Liu, Honghai Liu, Lo                | 0                            | ling Outliers 1316                          |
| <b>A Two Stage Robot Control for</b><br>Maria P. Tzamtzi, Fotis N. Kou              |                              | <i>kas</i> 1324                             |
| <b>Dynamic equations of motion</b> J<br>Josep M. Mirats Tur, Sergi Her              |                              |                                             |
| <b>Onto computing the Uncertain</b><br>Josep M. Mirats Tur                          | ty for the Odometry Pose Est | <i>timate of a mobile robot</i> 1340        |
| Solving the Inverse Kinematics<br>Algebra-Based Methods<br>Michael Wenz, Heinz Wörn | F Problem Symbolically by M  | leans of Knowledge-Based and Linear<br>1346 |
| ·                                                                                   |                              |                                             |
| <i>Multivariable Iterative Feedba</i><br>Fotis N. Koumboulis, Maria P.              | · · ·                        | · · · ·                                     |
| <b>Fuzzy Cooperative Control of</b><br>Francesco M. Raimondi, Mauri                 |                              | r Vehicles 1364                             |

| Session: WIP 4          | <b>Room: I 10</b> | Friday, Sep. 28, 13:30 - 14:30 |
|-------------------------|-------------------|--------------------------------|
| Wireless and Dependable | Networks          |                                |
| Chairing: Thilo Sauter  |                   |                                |

| Implementation of Power Aware Features in AODV for Ad Hoc Sensor Networks. A Simulation    |      |
|--------------------------------------------------------------------------------------------|------|
| Study                                                                                      |      |
| Konstantina Pappa, Antonis Athanasopoulos, Evangelos Topalis, Stavros Koubias              | 1372 |
| Integrating Building Automation Systems and Wireless Sensor Networks                       |      |
| Erik Pramsten, Daniel Roberthson, Fredrik ÖSterlind, Joakim Eriksson, Niclas Finne, Thiemo | 1376 |
| Voigt                                                                                      |      |

| <i>Multicast Communication in Wireless Home and Building Automation: ZigBee and DCMP</i><br><i>Christian Reinisch, Wolfgang Kastner, Georg Neugschwandtner</i> | 1380 |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------|------|
| Using Time-Triggered Communications over IEEE 802.15.4<br>Nuno Ferreira, José A. Fonseca                                                                       | 1384 |
| <b>On a IEEE 802.15.4/ZigBee to IEEE 802.11 Gateway for the ART-WiSe Architecture</b><br>João Leal, André Cunha, Mário Alves, Anis Koubâa                      | 1388 |
| <b>Performance measurements of 802.11 WLANs with burst background traffic</b><br>Claudio Zunino                                                                | 1392 |
| <b>IEC 62439 PRP: Bumpless Recovery for Highly Available, Hard Real-Time Industrial Networks</b><br>Hubert Kirrmann, Mats Hansson, Peter Müri                  | 1396 |
| A Two-Competitive Approximate Schedulability Analysis of CAN<br>Björn Andersson, Nuno Pereira, Eduardo Tovar                                                   | 1400 |
| <i>Modelling MajorCAN with UPPAAL</i><br>Matias Bonet, Gabriel Donaire, Julian Proenza                                                                         | 1404 |
| A Decentralized Intrusion Detection System for Increasing Security of Wireless Sensor Networks<br>Ioannis Chatzigiannakis, Andreas Strikos                     | 1408 |
| Energy Efficient Authentication in Wireless Sensor Networks - An industrial case<br>Rickard Soderlund, Stefan Svensson, Tomas Lennvall                         | 1412 |
|                                                                                                                                                                |      |

| Session: WIP 5                                                                   | <b>Room: I 11</b>                                                             | Friday, Sep. 28,             | 13:30 - 14:30  |
|----------------------------------------------------------------------------------|-------------------------------------------------------------------------------|------------------------------|----------------|
| <b>Control</b><br>Chairing: Thilo Sauter                                         |                                                                               |                              |                |
|                                                                                  | <b>r a Humanlike Shape Memor</b><br>nthony Tzes, Efthymios Kolyvas            | • •                          | 1417           |
| <b>Optimization rules for mill c</b><br>algorithm<br>Luis Rubio, Manuel De la Se | utter and cutting parameters s                                                | selection incorporating a co | ntrol          |
| Ontology-driven Control Ap                                                       | <b>olication Design Methodology</b><br>Ferrarini, Arndt Lueder, John          |                              |                |
| <b>A Metaheuristic Approach f</b><br>Fotis N. Koumboulis, Maria I                | o <mark>r Controller Design of Multi</mark> v<br>P. Tzamtzi                   | variable Processes           | 1429           |
| 0.0                                                                              | <mark>r Active Hydraulic Suspension</mark><br>J. Koumboulis, Achilleas S. Nte |                              | 1433           |
| <b>Robust Lane Keeping for a</b> T<br>Michael G. Skarpetis, Fotis N              | <b>Fractor-Trailer</b><br>J. Koumboulis, Achilleas S. Nte                     | ellis, Thomas E. Tsimos      | 1437           |
| <b>Fuzzy Control of Sparing in</b><br>Guillermo Navarro, Milos M                 |                                                                               |                              | 1441           |
|                                                                                  | <b>ext-Sensitive Architecture for</b><br>Daniel Käslin, Alexander Klapp       | · ·                          | ontrol<br>1445 |
| <b>.</b>                                                                         | Variable Structure Control Lo<br>korta, Izaskun Garrido, Aitor C              |                              | 1449           |
|                                                                                  | <b>rol with real-time Java and E</b><br>Roger Henriksson, Anders Blon         |                              | 1453           |
| Session: T2.3                                                                    | Room: I 12                                                                    | Friday, Sep. 28.             | 13:30 - 14:30  |

Session: T2.3Room: T12Friday, Sep. 28, 13:30 - 14:30Clock Synchronization and Multimedia Real-time CommunicationsChairing: Thomas Nolte, Christos Koulamas

A PLL-Based Approach to Clock Synchronization for Trajectory Rebuilding in Event-Triggered Communication Systems Carlo Rossi, Manuel Spera

| A Simulation Framework for Fau<br>Networks                                                                                                                       | ult-Tolerant Clock Synchron | nization in Industrial Automation                                       |      |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|-------------------------------------------------------------------------|------|
| Fritz Praus, Wolfgang Granzer, G                                                                                                                                 | eorg Gaderer, Thilo Sauter  |                                                                         | 1465 |
| <b>Dynamic QoS Management for Multimedia Real-Time Transmission in Industrial Environments</b><br>Javier Silvestre, Luis Almeida, Ricardo Marau, Paulo Pedreiras |                             |                                                                         | 1473 |
| Integration of a flexible time trigg<br>framework<br>Biogrado Margu, Paulo Padroiras                                                                             |                             | C <b>OR resource contracting</b><br>our, Daniel Sangorrín, Julio Medina | 1481 |
| Kicuruo Maruu, 1 uuto 1 eureirus,                                                                                                                                | Luis Aimeiaa, michael Harb  | our, Daniei Sangorrin, Julio Mealna                                     | 1401 |
| Session: SS1.2                                                                                                                                                   | Room: I 13                  | Friday, Sep. 28, 13:30 - 15                                             | 5:00 |
| IEC61499 Implementation                                                                                                                                          | IS                          |                                                                         |      |

Chairing: Kleanthis Thramboulidis, Georg Frey

**RTAI-based Execution Environments for Function Block Based Control Applications** George Doukas, Alessandro Brusaferri, Marco Colla, Kleanthis Thramboulidis

1489

# Testing Approach for Online Hardware Self Tests in Embedded Safety Related Systems

Thomas Tamandl, Peter Preininger, Thomas Novak, Peter Palensky

Vienna University of Technology, Institute of Computer Technology Gusshausstrasse 27-29 1040 Vienna, Austria {tamandl, preininger, novakt, palensky}@ict.tuwien.ac.at

#### Abstract

In safety related systems online hardware self tests are integrated to reach a defined level of hardware integrity. These tests comprise testing of the static and volatile memory and the CPU internals. The higher the level of integrity should be, the more efficient tests must be used. Additionally, the effort to verify the correctness of the tests is rising. Hence, designing the test, and the validation and verification of the tests, is a critical part in the development process of safety related systems.

The verification of the correct behavior requires sophisticated methods for stimulating errors that must be detected by the tests. The document describes an environment based on boundary scan technology for testing the online hardware self tests automatically.

## 1. Introduction

Today's functional safety related systems (short safety related systems) are mostly accomplished with microcontrollers. They are created to reduce the inherent risk of a device or system, for example a node in a fieldbus system, to a tolerable level.

The international standard IEC 61508 [1] defines requirements for designing safety related systems. It specifies a life cycle model including all activities required to avoid systematic failures and to handle stochastic failures.

IEC 61508 defines functional safety as "part of the overall safety that depends on a system or equipment operating correctly in response to its inputs" [1]. A safety related system is a system that executes safety functions and cares for the required safety integrity of the safety functions. A safety function is responsible for reaching or keeping a safe state of a device. The safety integrity of a safety related system includes the hardware integrity and the systematic integrity.

Systematic integrity means applying measures to reduce the risk coming from systematic failure during

the design or operation phase of the system. Typical measures are on the one hand management tools and on the other hand functions to monitor the program flow or the supply voltage. To grant a designated level of hardware integrity a defined amount of stochastic hardware failures must be detected.

A method to detect stochastic hardware failures is to test the hardware components with online hardware self tests (short hardware tests) implemented in software. Normally hardware tests are periodically inspecting the volatile and non volatile memory as well as the central processing unit (CPU) including its registers, flags and arithmetic logic unit (ALU) for hardware failures.

There are different hardware test algorithms available capable of checking the volatile memory and registers of the CPU. Examples for RAM test methods are the walking pattern test [2], Abraham test [3] or galloping pattern test [2]. Classically static or invariant memory is tested for failures by means of parity bits, checksums or cyclic redundancy checks (CRC). Flags and the ALU are tested by inserting bit patterns and comparing the output with the specification [2]. The algorithms and methods to ensure hardware integrity differ in performance and diagnostic coverage (DC) (= ratio of detected failures to the total amount of failures).

The safety integrity of hardware is categorized by four safety integrity levels (SIL) [1]. Each SIL specifies an error probability per hour, i.e. the tolerable number of dangerous errors per hour. SIL 1 defines the highest value of error probability, whereas SIL 4 specifies the lowest level. The higher the SIL the more rigorous are the safety integrity requirements. A way to meet these requirements is to implement hardware tests with a high diagnostic coverage.

Unfortunately, complete avoidance of human mistakes during implementation of hardware tests is not realistic. For example, even a well-trained and experienced programmer makes an error in every 100 statements [4]. Thus the standard IEC 61508 specifies a great amount of requirements for the testing process too. These requirements shall ensure a high level of software

quality and therefore reduce the probability of malfunctions.

# 2. Software Testing

Generally, software can be tested code-based or requirements-based. Test cases derived from the source code are white box test cases, others derived from the software requirements are black box test cases. Black box test cases are specified using methods such as equivalence class partitioning or boundary value analysis [5]. On the contrary, white box test cases are defined depending on the code coverage, e.g. statement, branch or path coverage. The coverage is always the fraction of total number of statements, branches or paths having been executed by different test cases.

Test cases are used to perform different types of testing such as function testing (verification of functionality) or performance testing. These test types are carried out at various steps of the software testing process.

The first step of software testing is unit testing. The software unit, e.g. a function, is examined if it can perform its specified functionality properly. This type of testing is described here. The second step is integration testing where the units are integrated to form a subsystem. At this point attention is paid to the interfaces between the units. The final step is system testing where the software has to run on the target platform and interacts with external software.

# 3. Overview of Test Approach

As already mentioned in section 1 safety integrity is specified by 4 safety integrity levels (SIL). A higher SIL not only results in more rigorous safety integrity requirements, but also in a higher testing effort. The higher the SIL the more comprehensive test cases with white and black box test cases have to be performed on the software. Thus automatic tests tools are desirable to keep the test effort moderate.

The test approach for hardware tests presented in the following sections allows checking the functionality of the hardware tests automatically. It enables the tester to execute white box and black box test cases during the unit, integration and system testing.

The test approach was elaborated during the development process of a safety related system in the project SafetyLon. The European collective research project SafetyLon supported by the European Union within the sixth framework program has the goal to make the LON technology [6] safe. It is foreseen to meet safety requirements as CANopen-safety [7] or PROFISafe [8] does.

Within the project standard LON nodes are enhanced with additional safety related hardware and special embedded safe software. Parts of the safe software comprise the hardware tests for the central processing unit, the volatile- and non volatile memory. The correct behavior of these must be verified. As a result testing techniques to verify the hardware test were developed that are presented in the following.

# 4. Technical Overview

Hardware tests must be performed to guarantee the correct functionality of the system. The implementation of these tests is described in [9]. In the following the methodology how to verify the behavior of these tests is introduced.

For hardware test verification fault injection technologies are necessary to insert faults that must be detected by the hardware tests. Standard fault injection technologies use direct pin level injection, additional software modules, and external electromagnetic fields or similar to provoke a fault. [10] provides a good overview on some technologies already used.

The microcontrollers used to run the hardware tests are based on a standard ARM7TDMI core with internal RAM and FLASH memory. As all components are located within one package, there are no external data- or address-busses. Due to the lack of accessibility of the internal data busses direct pin level fault injection is impossible. As there was the requirement not to change the software running on the target hardware, software fault injection, regardless of runtime or compile time injection could not be chosen. Hence, approaches chosen from [11], [12] or [13] are not suitable.

The problem, how to manipulate data without any access to internal signals, can be addressed by means of debugging features offered by the ARM core. [14] discusses pin level fault injection in opposite to using fault injection boundary scan. This technology, enhanced with the internal scan chains offered by the ARM7 controller, allows the simulation of internal faults without changing the software running on the target hardware.

For debugging purposes the ARM7 core provides a Joint Test Action Group (JTAG) conform debugging interface. The international standard IEEE 1149.1 [15] Standard Test Access Port and Boundary-Scan Architecture describes this interface that was initially intended for testing printed circuits. In case of the ARM7 core it grants the access to the core internals via the test access port (TAP) controller. Hence mostly all processor internals are accessible from the outside. The JTAG interface allows controlling the ARM7 core from outside, Figure 1 shows a typical debugging environment.

A debug host computer using a high level debugging language is communicating with the debug target. Communication is handled a protocol converter which



Figure 1. Typical debug environment

converts the high level language into the JTAG compliant commands.

As already mentioned the debugger on the host computer is communicating with the TAP controller. This device is controlling three internal scan chains connected to the main processor logic and the EmbeddedICE-RT logic described later, see Figure 2 for details. Scan chain 0 and 1 interfaces the processor core and the data bus and scan chain 2 grants the access to the EmbeddedICE-RT registers. Using this scan chains all processor internals can be accessed, examined and modified.

The ARM7 core itself offers the following debug features. The program execution can be halted, the state of the system can be examined, as described before, and the program execution can be resumed.

The EmbeddedICE-RT logic provides additional features. It can be accessed and configured by means of scan chain 2.



Figure 2. ARM7TDMI scan chains [16]

The EmbeddedICE-RT logic monitors processor internal signals such as data- and address-bus. Beside others this logic provides two configurable break or watchpoints. The breakpoints can be configured to force a halt of the processor if the appropriate address is reached. Watchpoints can be configured to halt the processor when specified memory cells are addressed. Refer to [16] for details on the ARM7TDMI internals. The aforementioned features permit to halt the processor without having direct access to the signals of the core logic when accessing specified memory addresses. In halt mode modifications can be done and the program can be resumed. These features allow automatic testing of the hardware tests presented in [9].

For setting up an automatic test environment a high level language is useful for the communication with the TAP controller. Therefore a programming interface was developed by the company Segger Microcontroller Systems [17]. Its purpose is to provide third party applications the whole functionality of the J-Link interface.

Segger Microcontroller Systeme GmbH offers a set of tools for developing applications running on ARM7 cores. A protocol converter named J-Link – see Figure 1 – is used to connect the host PC via USB to the JTAG port of the processor. Normally a debugger is communicating with the J-Link. For automatic fault injection a debugger is not suitable so an adequate application was developed. Therefore direct control – without using a debugger – over the J-Link interface is required.

The J-Link Software Development Kit, including the J-Link application program interface, is satisfying these requirements. The communication itself is performed like a standard communication resource. After opening and configuring the JTAG connection the ARM7 core can be controlled by running the appropriate commands. The automatic test tool described in the next chapter is based on the J-Link application program interface.

#### 5. Test Tool Design Basics

Based on the information provided in the previous chapter the J-Link application program interface can be used to set up an automated test tool. In the following the principles the automated test tool is based on are explained.

#### 5.1. Testing Principles

A test tool for safety related systems has to be able to perform a huge number of different test cases. The best solution is a tool which can perform the tests automatically. Such a tool needs information on how to perform a test and how a test is considered as successful or failed. Therefore it must be able to accept defined test cases which are stored in an input file. Details on the input file are presented in section 6.3. The necessary functions of a software test tool are on the whole similar debugging functions. The most important to representatives are:

- Reset ARM7 core
- Start and halt ARM7 core

- Set and reset breakpoint
- Single stepping
- Manipulation of memory contents
- Read and store memory contents
- Manipulation of registers
- Read registers contents
- Manipulation of register flags

In order to set up an automatic test environment additionally the following functions are necessary:

- Read and compare memory contents to specifiable values
- Read and compare register contents to specifiable values
- Read and compare flag values to specifiable contents
- Specification of test case fail/success depending on the result of the comparisons

Beside the functionality of an automated test tool, the ability to generate reports must be taken into account. In order to detect erroneous memory contents, functions for comparing memory cells or registers to specific values are available. The result of the comparison can be used to define the failing or passing of a test case.

#### 5.2. White Box Testing

The presented functions allow performing white box tests for hardware tests. Obviously performing white box test cases is only possible on assembler level. If C-code has to be tested, this can only be done with the underlying compiler generated assembler code.

Figure 3 shows the standard program flow of the test tool. The flow does not include the more complicated black box testing implementations. Line per line of the input file is interpreted by the JLink interface. According to the interpretation the appropriate JLink operation is executed and logged to a report file. If the operation sets the ARM7 core into a run mode, the program waits until the ARM7 core is halted due to reaching a breakpoint or watchpoint. As soon as the ARM7 core is halted a log line is written and the results of the operation are evaluated and logged (if applicable). If the operation is a test operation, the tool evaluates whether the test is considered to be successful. If the test is successful, the complete process is executed again until either a failed test occurred or a test is considered as failed. If a test is considered as failed the program is stopped.

White box tests require the user to alter register and memory contents in order to guide the program into the different program paths. For doing that, the user can run the program to a certain point specified by a breakpoint and modify the memory or register contents (and therefore change the path of program execution). A second breakpoint can be defined for testing if the path



Figure 3. Standard program flow of test tool

had been executed properly. E.g., the user can query if a memory cell or a register contains the expected results. A wrong value can cause the test to fail.

All these actions are logged to the report in order to keep track of the program proceedings. In case of a failure, the logged data can be used to check if the test itself had been set up wrongly or the program produced a failure.

It is the main task of the tester to define tests which cover all possible program paths in order to detect possible errors in the program flow.

#### 5.3. Black Box Testing

For testing the hardware tests of volatile or non volatile memory black box testing methods are required. In opposite to white box testing these kinds of tests are independent from the programming language used for designing the hardware test.

The test of the hardware tests are based on simulating stuck at faults and coupling faults. A stuck-at fault means that a memory cell delivers only a 1 or 0 when accessed. The value is independent of the content that the cell should have. A coupling fault on the other hand concerns two different memory cells. One memory cell, which is accessed, causes the other memory cell to be influenced. This behavior is called a coupling fault. It can depend on the access mode (read or write) of the influencing cell as well as on the contents of the memory cells.

For the simulation it is necessary to specify which bits of a memory cell are stuck-at 1 and which ones are stuck-at 0 (or coupled to 1 or 0).

The simulation of both faults uses the watchpoint functionality offered by the EmbeddedICE-RT unit of the ARM7 core. This feature halts the ARM7 core as soon as the specified memory address is accessed. The possibilities for the watchpoint configuration are numerous. Read/write access can be specified as well as the halt on one specific memory address or a masked memory address. In order to keep the tool user-friendly only one specific memory address can be specified for the watchpoints.

The difficulty of using watchpoints is that the ARM7 core is halted after an instruction occurred. This means that in case of a write access the ARM7 core is halted after the memory cell has been written – in case of a read access the registers already contain the appropriate values.

In order to be able to simulate a stuck-at or coupling failure the previously executed instruction has to be identified and evaluated. For doing this the program counter is read via the JLink and the instruction at the appropriate address is read.

In case of a write to memory instruction the simulation is straight forward. The appropriate memory cell is modified. After performing a read instruction the register which contains the memory data has to be identified. This can be more complicated in the case of a multiple read access.

In fact the difficulty is that the executed instruction which led to the halt has to be identified, translated and the effects of the instruction on the memory cells and CPU registers has to be made undone.

As an example Figure 4 shows the implementation of the stuck-at simulation. The implementation is only shown for a single run, after the execution of the run, the ARM7 core is restarted. As shown in the diagram the OP\_Code of the instruction which led to the watchpoint is evaluated using a case instruction. The appropriate concerned register is extracted out of the opcode.

The simulation of the coupling failures is very similar to the implementation presented in Figure 4. The only difference is that the watchpoint is set to the original

| Check if ARM core is halted due to reaching a breakpoint                      |                                                                                                      |                                                                               |                                                                     |
|-------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------|---------------------------------------------------------------------|
| Read                                                                          | code word CODE WOF                                                                                   | RD=[ReadProgramCour                                                           | nter-4]                                                             |
| REGIS                                                                         | Extract appropriate re<br>TER NUMBER = getRe                                                         |                                                                               | WORD)                                                               |
| Re                                                                            | ead base address (for mu<br>BASE ADDRESS=[R                                                          |                                                                               | ls)                                                                 |
| Read m                                                                        | emory content DATA =                                                                                 | WATCHPOINT ADI                                                                | DRESS]                                                              |
| DATA =                                                                        | Manipulate content acc<br>f(DATA,STUCK-AT-                                                           |                                                                               |                                                                     |
|                                                                               |                                                                                                      | OP_C                                                                          | CODE                                                                |
| STM                                                                           | LSM                                                                                                  | STR                                                                           | LDR                                                                 |
| Write manipulated<br>watchpoint content<br>[WATCHPOINT_<br>ADDRESS =<br>DATA] | Calculate number of<br>register containing<br>watchpoint memory<br>contents<br>[REG_NR_WP] =<br>DATA | Write manipulated<br>watchpoint content<br>[WATCHPOINT_<br>ADDRESS =<br>DATA] | Write manipulated<br>data into register<br>with REGISTER_<br>NUMBER |

# Figure 4. Nassi-Schneidermann diagram of simulation of a stuck at failure

memory cell (which changes the coupled cell if accessed). The main difficulty is the behavior of the multiple load and store commands. If both – the original and the coupled cell – are accessed within a multiple load or store command this issue has to be taken into account.

Based on the two failure models, the stuck-at and the coupling fault model, the correct behavior of the hardware tests for volatile and non volatile memory can be verified. Also the performance of the tests, regarding their capability of detecting different failures can be tested.

# 6. Performing Tests

As presented in section 5 there are a lot of possible configurations for the automated test tool. For performing tests on hardware tests only a few instructions are necessary to configure the test tool according to the specified test. In the following the test tool is presented on a more detailed level. Later, on behalf of a white box test case for a test of the arithmetic logic unit, it is shown exemplarily how to set up a concrete test. Following this model all test mentioned above can be implemented.

#### 6.1. Tool Configuration

At the beginning an input file, designed according to the comma-separated value (csv) file format, is defined. The csv-format is used for storing tabular data, where the columns are separated by a delimiter. It allows editing the file with a simple text editor or a spreadsheet calculator. Hence, simple test cases can be designed very quickly.

In order to gain the required breakpoints the map files generated by the linker have to be examined. These map files contain the information on the addresses which are used for setting the breakpoints. Every time the source code or the placement of the object file changes, it is likely that the addresses of the breakpoints are changed too. Depending on the changes done, a spreadsheet calculator may help to address the problem of changing addresses. E.g. the addresses of the breakpoints then can be defined as the sum of the module address and an offset. Hence, as long as the module internals do not change, only the module addresses must be updated. This does not help if the tested module itself is changed. Of course the specification of the test procedure and its breakpoints has to be done very carefully, as the number of tests usually is rather numerous (for example, there are specified more than 270 test cases to test the online RAM test).

To avoid failures during the creation process of the input file a very clearly arranged format is used. First a command is given specifying the appropriate action. The other values are depending on the specified command. The test tool simply interprets the command together with the specified data and performs the appropriate action of the Segger interface. Also comments can be specified in the input file in order to make it maintainable more easily. Lines within the input file are considered as comments which are logged directly to the report file. Additionally a line number referring to the input line number is written into the output file.

Table 1 shows the instructions which can be used within the csv input file.

| Instruction  | Description                    |
|--------------|--------------------------------|
| RESET        | Reset ARM7 core                |
| HALT         | Stop ARM7 core                 |
| RUN          | Start program execution        |
| STEP         | Singlestep ARM7 core           |
| STEPN        | Execute n instructions         |
| RUNS         | RUN Specific - Run             |
|              | ARM7core to a specific         |
|              | address using single           |
|              | stepping, no breakpoints       |
|              | are used in this case.         |
| BPS/BPD      | Breakpoint Set/Delete -        |
|              | Set/delete a breakpoint        |
| WPS/WPD      | Watchpoint Set/Delete -        |
|              | Set/delete a watchpoint        |
| SIMSTUCKAT   | SIMulate STUCKAT -             |
|              | Simulate stuck-at fault at a   |
|              | specified memory address.      |
|              | Both possible stuck-at faults  |
|              | can be simulated.              |
| SIMCROSSTALK | SIMulate CROSSTALK             |
|              | Simulate a coupling fault for  |
|              | two specified addresses        |
|              | (uni-directional). The         |
|              | crosstalk simulation is        |
|              | similar to the stuck-at        |
|              | simulation. The only           |
|              | difference is that the stuck-  |
|              | at is injected into the        |
|              | influenced memory cell.        |
| RM           | Read Memory cell - 1, 2 or 4   |
|              | byte can be read               |
| CM           | Compare Memory cell to         |
|              | given data. It can be          |
|              | specified that the test has to |
|              | be aborted, if the data do or  |
|              | do not match.                  |
| WM           | Write Memory content - 1, 2    |
|              | or 4 bytes can be written.     |
| READMEMIMG   | READ MEMory IMaGe              |
|              | Read the complete memory       |
| 22           | and write it to a file.        |
| RR           | Read Register                  |
| CR           | Compare Register content       |
|              | to a given value, if the data  |
|              | do or do not match, the test   |
|              | can be aborted.                |
| WR           | Write Register content – a     |
|              | value is written to the        |
|              | specified register             |

| Table 1. Instruction | on set of the | test interface |
|----------------------|---------------|----------------|
|----------------------|---------------|----------------|

| RAR           | Read All processor          |
|---------------|-----------------------------|
|               | Registers                   |
| RCF           | Read Condition Flags        |
| WCF           | Write Condition Flags       |
| OCF/ACF/XCF   | Or Condition Flags          |
|               | And Condition Flags         |
|               | Xor Condition Flags         |
|               | Use mask to modify the      |
|               | flags, using OR/AND/XOR     |
| Other phrases | Other phrases are           |
|               | interpreted as comments     |
|               | which are also written into |
|               | the test report.            |

As soon as the simulation is executed it receives its tasks from the input file, a message is logged to the report file and the core is set into run mode until either a watchpoint or a breakpoint is reached. In case of a watchpoint, they are used to simulate a coupling- or stuck-at-fault, the processor performs the necessary data manipulation and is set to run mode again.

After stopping the program execution at a breakpoint the test tool refers to the next line of the input file in order to get new instructions.

#### 6.2. Standard Workflow

The standard workflow for the execution of a test case is shown in Figure 5. First the program has to be downloaded linked and compiled. into the microcontrollers FLASH storage using the development tools of the project (e.g. an integrated development environment). The second important step is to specify the possible and necessary breakpoints for the test respectively. In order to recognize misbehaving parts of a program, one breakpoint is set where the memory contents can be manipulated. A second breakpoint is set to the return instruction of a function which returns an OK value or a failure value. This return value (which is usually stored in register R0) is compared to the expected value. The position of the breakpoints within the program flow can be found in the MAP file, which is generated by the linker.

After downloading the hardware test to the microcontroller, the test tool is started gaining its commands from the file. The first instructions within the csv-file must contain the specification of the breakpoints, followed by a reset and a run instruction. At some point within the program execution the configured break- or watchpoint is hit. Once the processor stops, the actions defined in the input file are performed. Afterwards a breakpoint is set to an instruction, e.g. to a return command, where the effects of the performed actions can be evaluated. Based on this evaluation the test of the hardware test can be considered as failed or passed.

Using this methodology allows to perform various tests. Within one input file several test cases can be placed consecutively. For starting a new test case the former must be performed successfully.



Figure 5. Work flow of a test case execution

#### 6.3. Sample Test Input File

The following lines show an example of an input file written in csv-format:

```
TEST30-1;;;;
HALT;;;;;
BPD;0;;;;
BPS;0;14476;;;
BPS;1;15252;;;
RESET;;;;;
RUN;;;;;
WR;2;0xFFFFFFE;;;
RUN;;;;
CR;0;0;NORES;PONM;Error -> test failed
```

First the test is named. The name of the test case is written to the output log file. At the beginning the ARM7 core is halted and the breakpoints 0 and 1 of previous test cases are deleted. Afterwards the breakpoints which are necessary for the test are set. Breakpoint 0 is set to a position within the code where a calculation result is compared to a special value. The second breakpoint - breakpoint 1 is set to the return of the function in order to be able to check the return value of the function. The ARM7 core is then reset and started. After the RUN statement the test tool waits until the ARM7 core is halted. This happens at breakpoint 0. At this position the register R3 which contains the calculation result, is manipulated in order to contain a wrong value. The ARM7 core is set into run state again and is halted at breakpoint 1. At this position in the source code, register R0 should contain a value (return value) different to 0. No reset has to be done after the comparison - the test is passed, if the value of R0 is not equal to 0 (PONM - pass on no match). If failed, the message "Error -> test failed" is written to the log file.

```
O Automatic Test log using JLINK
Start of logging at Mon Jun 26 21:28:51 2006
DLL Version: 3.20a
JLINK Compilation Date: Apr 27 2006 23:07:04
Firmware: J-Link compiled Apr 27 2006
12:55:19 ARM Rev.5
```

```
J-Link speed = 30
  ARM core ID: 0x3F0F0F0F
   *****
  TEST30-1
           *******
81 ARM Core halted
82 Breakpoint number 0 deleted
83 Breakpoint number 0 set at address 14476
84 ARM Core reset
85 ARM core started
  ARM core halted
   Current position: 0x0000388C
86 Value 0xFFFFFFFE (-2) written to ARM_REG_R2
87 ARM core started
   ARM core halted
   Current position: 0x00003B94
88 ARM REG \overline{R0} = FFFFFFF
                              0xFFFFFFF
       Register
                  content
                                            of
       ARM REG RO
                  does
                        not
                             match
                                         value
                                    to
       (null)
```

\*\*\*\*\*\*\*\*\*\* TEST PASSED \*\*\*\*\*\*\*\*\*

The sample above shows the output of the automated test presented at the beginning of the section. The header of the output file presents information on the hardware and software versions used and the test start time. Afterwards the test identifier is shown and the information on the test results is logged. In the end of the test case the test condition is verified and the test case is logged as passed.

### 7. Conclusion

Using boundary scan technology paired with the debugging features offered from the ARM7 core allows the simulation of faults without having direct access to the internal components. For the presented method no expensive hardware or complex software is required.

It was shown that a relatively limited tool is able to perform the necessary fault injection in order to verify the correct behavior of hardware tests. Due to the high degree of adaptation the test tool may not be suitable for performing tests within a comprehensive project. The advantage of the presented method is that no adapted software running on the device under test is required. Instead of adapted software extensive study of the linker generated map files is necessary to set the appropriate breakpoints and parameters. An additional drawback is the changed timing behavior. Every time a hardware fault is simulated the target processor is halted and the appropriate tasks to simulate a hardware fault take place.

By means of the J-Link application program it is possible to controll the ARM7 core internals via a high level programming language. Hence the test tool can easily be adapted to new requirements without knowing details about the underlying communication from the development host and the target hardware.

Results after performing tests show that white box tests as well as black box tests can be performed very efficiently. To enhance the usability of the test tool a more convenient method to extract and set the required break points might be useful.

#### References

- "IEC 61508 Functional safety of electric/electronic/programmable electronic safetyrelated systems", 1999.
- [2] H. Hölscher, J. Rader, *Microcomputers in Safety Technique*, TÜV Rheinland, 1986.
- [3] Ravindra Nair, Satish M. Thatte, Jacob A. Abraham, "Efficient Algorithms for Testing Semiconductor Random-Access Memories", *IEEE Transactions on Computers*, Volume 27, pp. 572-576, 1978.
- [4] L. Wang, K. Ch. Tan, "Software Testing for Safety-Critical Applications", *IEEE Instrumentation & Measurement Magazine*, pp.38-47, 2005.
- [5] W. Zuser, S. Biffl, T. Grechnig, M. Köhle, Software-Engineering mit UML und dem Unified Process, Pearson Studium, München, Germany, 2001.
- [6] "EN 14908 Open data communication in building automation, controls and building management – control network protocol", 2006.
- [7] "CANopen Framework for Safety-Related Communication", *CiA work Draft 304*, CAN in Automation e.V., 2000.
- [8] "PROFISafe, Profile for Failsafe Technology," *PROFIBUS-Nutzorganisation Karlsruhe*, v1.0, 1999.
- [9] P. Preininger, "Hardware Selftests For Safety Critical Fieldbus Nodes", *M.S.thesis*, Institute of Computer Technology, Vienna University of Technology, Austria, 2006.

- [10] M.C. Hsueh, T.K. Tsai, R.K. Iyer, "Fault Injection Techniques and Tools", *Computer*, Volume 30, pp. 75-82, 1997.
- [11] G.A. Kanawati, N. A. Kanawati. J.A. Abraham, "FERRARI: A Tool for The Validation of System Dependability Properties", *Twenty-Second International Symposium on fault-Tolerant Computing, FTCS-22. Digest of Papers*, pp.336-344, 1992.
- [12] J. Carreira, H. Madeira, J.G. Silva, "Xception: A Technique for the Experimental Evaluation of Dependability in Modern Computers", *IEEE Transactions on Software Engineering*, Volume 24, pp. 125-136, 1998.
- [13] Z. Segall, D. Vrsalovic, D. Siewiorek, D. Yaskin, J. Kownacki, J. Barton, R.Dancey, A. Robinson, T. Lin, "FIAT-Fault Injection Based Automated Testing Environment", *Eighteenth International Symposium on fault-Tolerant Computing*, *FTCS-18. Digest of Papers*, pp. 102-107, 1998.
- [14] S. Chau, "Fault Injection Boundary Scan Design for Verification of Fault Tolerant Systems", *Proceedings of International Test Conference*, pp. 677-682, 1994.
- [15] "IEEE Standard Test Access Port and Boundary-Scan Architecture", IEEE Std 1149.1-2001.
- [16] ARM7TDMI (Rev 4) Technical Reference Manual, ARM.
- [17] Segger, J-Link ARM API, "Users guide of the J-Link application program interface (API)", Version 3.20, Manual Rev. 1.