Parallel decomposition for safety-critical systems

In this paper we are dealing with the following problem definition: let be given a distributed assembly line composed of modules (digital units) and control units (ECU), linked via a bus interface. Now, consider the scenario where each ECU gets its input from the operating environment (e. g. analog-to-digital sensors) and feeds its output to different modules. The triggered states of these modules are control inputs for actuators. We show how to decompose the overall digital unit into sub-modules and the overall ECU into sub-ECUs. The components should operate in parallel. For consistency, such a decomposition approach needs to result in system level as well as in logic (digital) level in a one-to-one manner as possible. We keep this criterion by using a formalism, which has its representations both in system level and asynchronously digital circuit level, whereby the different types of representations are “uniquely glued” by algebraic automata based modeling. It is a decomposition based on axioms. It implies that on system level a digital unit - in general an arbitrary digital automaton - becomes subdivided into sub-functions, and on logic level, the structure of a module - generally an arbitrary asynchronously feed-backed digital circuitry - becomes decomposed into sub-structures. The decomposition has to warrant that the original control function of the ECU is represented by sub-ECUs. The method also takes care of functional hazards and risks using special techniques like filtering and freezing, which are inherently provided by the underlying axioms.