by Pedro Merino and Erwin Schoitsch

Each day, our lives become more dependent on 'software-intensive systems' - digital information technology embedded in our environment. This includes not only automotive devices and controls, railways, aircraft and aerospace, but also the medical devices sector, 'mobile worlds' and 'e-worlds', the 'smart' home, clothes, factories and numerous other domains. Software is the main driver for innovations in all sectors, and most of the innovative features of new products would not be possible without software. New processors and methods of processing, sensors, actuators, communications and infrastructure are enablers for a truly pervasive computing environment; that is, omnipresent but almost invisible to the user, and as such the basis for an economic push. Software plays a critical role in this context, having an impact in areas such as complexity, security and privacy in a connected world, validation, verification and certification of software-intensive systems, and maintenance of these systems over long periods. The functional safety standards of the International Electrotechnical Commission (IEC) 61508 group (generic and domain-specific standards) and the ISO 26262 standard on 'road vehicles - functional safety' currently under development, include separate software-specific parts (IEC 61508 part 3, ISO 26262 part 6).

Dependable software-intensive embedded systems are key if Europe is to remain at the forefront of digital technology. As such, they have been classified as an important research area for the European Union's Seventh Framework Programme - the main financial tool through which the EU supports research and development activities. The European Information Society Technology/Future and Emerging Technologies (IST/FET) project 'Beyond the Horizon', coordinated by ERCIM, has pointed out that pervasive or ubiquitous computing, (cognitive) intelligence and software-intensive systems together represent the most important challenge for strategic long-term research, and will have a huge impact on society and the economy. The ITEA2 (Information Technology for European Advancement) Roadmap has reached the same conclusion: that embedded systems technology is crucial for European competitiveness.

ARTEMIS (Advanced Research and Technology for Embedded Intelligence and Systems) is a strong, industry-driven European Technology Platform (ETP) that aims to establish a coherent, integrated European research and development strategy for embedded systems ( As explained in their Strategic Research Area (SRA), Artemis is mainly system- and software-oriented in the area of embedded systems. The specific focus is on systems with high dependability requirements, since people tend or are forced to rely on the services delivered by such systems. Artemis has become one of the first joint undertakings, a new research organization developed for close cooperation between the EC (Unit Embedded Systems and Controls of the INFSO Directorate), national funding organizations and industry-driven technology platforms.

EPoSS, another European Technology Platform launched in July this year (see separate article by the author in this edition) focuses on the integration of smart systems, which is considered an important emerging area. The key aspects are building systems from components, a holistic, interdisciplinary approach to pervasive and ubiquitous computing, fast integration of a variety of technologies, sensors, actuators, energy autonomy and networking (

Several national research programmes in Europe cover essential aspects of this theme, for example FIT-IT in Austria (BMVIT, Federal Ministry for Transport, Innovation and Technology), with topics such as embedded systems, system-on-a-chip, semantic systems and security. The programmes focus on radical innovations in these areas. In Spain, the national research programme of the Ministry of Science and Innovation includes methods with which to develop critical software in the area of information technology, with subtopics like embedded and distributed systems. In addition, the Department for Information Society gives support to the national ETPs known as PROMETEO and NESI.

The dependability aspect of software-intensive systems is of the utmost importance, and great potential has been identified among ERCIM members with respect to this. Within ERCIM, two Working Groups are active in fields related to dependable, safety-critical software, namely the ERCIM Working Group on Dependable Embedded Software-Intensive Systems (DES-WG), and the ERCIM Working Group on Formal Methods on Industrial Critical Systems (FMICS).

This special theme fits in very well with the current European framework and strategic research discussions.

The first four articles were invited by the coordinators and deal with representative topics. Gerard Holzmann (who received the ACM award for software systems for his work on the tool SPIN) and Darren Cofer (co-chair of the last FMICS workshop), Michael Whalen and Steven Miller defend the advantages of formal methods in general and model checking in particular, in the critical area of space and avionics. Francesca Saglietti and Sven Söhnlein tackle the issue of software reliability, the assessment of which normally requires high testing effort. Efficient exploitation of operational evidence allows to overcome this situation for pre-developed software components in component based systems.

Michael D. Harrison and José Creissac Campos discuss the human aspects to be considered when using formal methods for modelling, an aspect often underestimated in the process of developing safety-critical software.

The papers in the subsections 'Modelling and Development' and 'Validation, Verification and Standardization' represent the core technologies in formal methods for critical software. They range from specification (or modelling) to automatic testing of the final code. Some methods to write specifications, like the component-based approach, or to develop the whole project, like the model-driven cycle, could make further analysis easier. The specifications are then validated by automatic verification techniques, like model checking. Finally, the code is checked with test cases. A more standard way of employing this technique is desirable in the context of standards for the development of embedded systems.

The papers under the label 'Fault Tolerance and Security' are examples of the many specific research lines that exist in the broader area of critical software reliability. Relevant examples from application areas are given for control systems development in the area of railway interlocking and nuclear power plants.

This issue also includes two announmcements related to education and training. It is clear that the quality of the software for critical systems depends on the techniques used by the software engineers. Many big companies have developed or are in the process of developing ad-hoc methods and tools for both their products and training. Several European Networks and the Artemis Platform have set up separate groups and agendas dealing with education and training, considering this a crucial issue for the widespread application of appropriate techniques and mass deployment. The European Space for Higher Education should provide a response to this demand in the new curriculum for graduates, masters and PhD programmes.


Please contact:
Erwin Schoitsch
Austrian Research Centers, ARC (AARIT), Austria

Pedro Merino
University of Malaga/SpaRCIM, Spain

ERCIM Working Group on Dependable Embedded Software-Intensive Systems

The ERCIM Working Group on Dependable Embedded Software-Intensive Systems (DES-WG) tackles all the aspects of software-driven systems that must satisfy high dependability requirements, ie 'criticality', with respect to reliability, availability, safety and security, and of course involving aspects like maintainability, survivability and resilient computing and standardization. Important system attributes to be looked at include:

  • context-awareness (the functions of identifying, localizing and interacting with people and objects are not location-dependent)
  • intelligence (the digital environment adapts to (moving) objects and people, learns and interacts independently, thus providing useful new services)
  • natural interaction (human language, gestures, speech synthesis)
  • personalization (user-centred, dynamic adaptation to changing situation and user profiles/preferences)
  • dependability (time dynamics, timely responsiveness, security, safety, availability etc) and resilience (the property of a system to evolve and adapt in a changing environment, ie the persistence of dependability in the face of change).

Important subareas are hardware/software co-design, smart new sensors/actuators, continuous connectivity issues and limited resource management. Horizontal issues are dependability, system integration, software technology and critical infrastructure.

The method of work includes Working Group meetings, joint workshops with related groups and/or co-located with relevant conferences like SAFECOMP and Euromicro; the last of these occurred at SAFECOMP 2008 in Newcastle upon Tyne on September 25th, 2008.

ERCIM Working Group on Formal Methods for Industrial Critical Systems

The ERCIM WG Formal Methods for Industrial Critical Systems (FMICS-WG) is very active in the area of foundations and applications of formal methods to complex critical systems, including both hardware and software. The FMICS WG members undertake research in languages, semantics, algorithms and tools that can help with specification, validation, verification, code generation and automation. Twelve years ago, on the original Web page of the WG, it was stated that "formal methods have been advocated as a means of increasing the reliability of systems…Nevertheless, the use of formal methods in the industry is still quite limited". Fortunately our view nowadays is different, and many industries from sectors like communication, avionics, railways, electronics and computer software are demanding tools based on formal methods or are even developing their own environments. The first two invited papers in this section are clear examples of this promising industrial scenario. The quality of papers presented in the series of annual workshops (now consolidated with LNCS publication) and several special issues in international journals (like Formal Methods in System Design or Software Tools for Technology Transfer) give a clear picture of the potential of FMICS and of the evolution that has taken place in this area. The next workshop is likely to be the most important in this series, because it is part of the Formal Methods week to be held in Eindhoven in October 2009, where we expect to meet a number of main conferences on applicable formal methods.

Next issue: October 2024
Special theme:
Software Security
Call for the next issue
Get the latest issue to your desktop
RSS Feed