The aim of the subject is the presentation of the basic methods that are needed for the systematic development of embedded systems. First the following topics are discussed: development life cycle models (e.g., V-model, iterative models), quality assurance, project planning, requirements traceability, version control and configuration control methods. Among system development methods, the subject presents the hardware-software co-design and component integration techniques, based on the previously studied technologies and building blocks, emphasizing also the model-based design approaches.The subject also covers the specific design methods for safety-critical embedded systems in which the malfunctions may lead to hazards, or in case of given environmental conditions even to accidents or damages. Such safety-critical systems are used for example in transportation, vehicles, medical equipment or process control systems. The students will be familiar with the architectural concepts (that are often referred in related standards), the techniques of safety and dependability analysis (that are needed to assess the design decisions), as well as the techniques of systematic verification. The exercises present concrete tools and techniques to support the typical tasks in requirement management, configuration control, source code analysis, unit testing, integration testing, system testing, hazard analysis and model based design.

1. The role of development processes, life cycle models, and quality assurance in system design. The basics of CMMI.2. Project planning. Management of requirements, versions, and configurations. Exercise: Requirements management and traceability, configuration and version control systems (e.g., DOORS, SVN, Trac).3. The steps of the development process according to the V-model. Requirement analysis.4. Design of logical and technical architectures. Hardware-software co-design. Model based design (e.g., Simulink, Stateflow). Specification, design, implementation and integration of hardware and software components. Peculiarities and constraints that characterise the design of embedded systems.5. Checking of requirements and designs: General expectations, the basic criteria for completeness, consistency and testability. Source code analysis (searching for fault patterns, checking of coding rules). Exercise: Source code checking by static analysis. Generation of documentation (e.g., DoxyGen).6. Overview of the basic concepts of testing (the ISTQB recommendations). Unit testing using specification based (functional, black-box) and structure based (white-box) testing methods. Test coverage metrics and test quality characteristics. The model based testing approach. Exercise: Unit testing. Measuring of the test coverage.7. Integration and system testing: Bottom-up and top-down incremental testing. The typical methods of system testing and validation testing. Monitoring and debugging.8. Integration testing using model-, software-, processor-, and hardware-in-the-loop (MIL, SIL, PIL, HIL) methods. Exercise: Construction of a HIL testing environment. Application of a typical HIL testing framework (e.g., NI VeriStand).9. The basic concepts of system and software safety: Accident, risk, safety, the safety integrity level (SIL). The definitions and attributes of reliability, availability and safety. Exercise: Specification of safety requirements. The development standards for safety critical systems (based on IEC 61508).10. The principles and typical solutions of architecture design in safety critical systems: The general conditions of safe behaviour in case of faults. Architecture design patterns in case of fail-stop and fail-operational behaviour.11. Fault tolerance in case of transient and permanent hardware faults (TMR, NMR, software based solutions for error detection and recovery). Fault tolerance in case of software design faults (N-version programming, recovery blocks). The time and resource needs of the different solutions. Exercise: The application of architecture design patterns. Architecture design using modelling tools. The architecture of a SCADA system (case study).12. Hazard analysis methods for the assessment of design decisions: The overview of the typical techniques for hazard analysis. Qualitative and quantitative techniques: Fault tree, event tree, cause-consequence analysis, FMEA, FMECA. Construction of a risk matrix on the basis of the hazard analysis. Overview of the generic risk reduction techniques.13. Dependability analysis methods for the assessment of the satisfaction of dependability related requirements: Application of combinatorial techniques in case of independent failures of components. The construction of reliability block diagrams: serial, parallel and voting architectures. Exercise: Construction of fault tree and event tree diagrams, analysis on the basis of reliability block diagrams. Reliability analysis of a SCADA system (case study).14. Design, verification and source code synthesis on the basis of formal models: Formal models for real-time embedded controllers. Formalization of requirements using temporal logics. Formal verification with model checking (examples). Source code generation on the basis of timed automata models. Monitor synthesis for the runtime verification of safety requirements.