THIS PAGE IS NO LONGER MAINTAINED

This page is no longer maintained.
However, it has some pointers to archival material that might be of interest to someone, and so is kept as-is to preserve access to the links.

Dependable Embedded Systems Research:

Current Projects:

• Autonomous Vehicle / Self-Driving Car Validation and Safety
• Robustness Inside Out Testing (RIOT) at NREC; follow-on to the ASTAA autonomy stress testing project
• Edge Case Research startup company
• Teaching a course on embedded system software engineering with many on-line videos (18-642: code quality, safety, security)

Previous Projects and Other Topics:

• Toyota Unintended Acceleration talk (on blogspot)
  Investigations into potential causes of Unintended Acceleration (UA) for Toyota vehicles have made news several times in the past few years. Some blame has been placed on floor mats and sticky throttle pedals. But a jury trial verdict found that defects in Toyota's Electronic Throttle Control System (ETCS) software and safety architecture caused a fatal mishap. This verdict was based in part on a wide variety of computer hardware and software issues. This talk will outline key events in the still-ongoing Toyota UA story and pull together the technical issues that have been discovered by NASA and other experts. The results paint a picture that should inform not only future designers of safety-critical software for automobiles but also all computer-based system designers.
  • If you can't access blogspot, there is a mirror of that information here.
• Stress Tests for Autonomy Architectures (STAA)           (web page)
  This combines our experience with Ballista software robustness testing and invariant-based embedded safety monitors to create a testing approach that will help ensure autonomous vehicles and other robots are safe even if they encounter unexpected or exceptional operating conditions. The follow-on is called Robustness Inside-Out Testing (RIOT), although not a lot of public available info on that right now.
• Invariant-Based Embedded System Safety Monitor          (Mini-poster)
  Can we create a simple, generic safety shutdown building block? Ideally, what we want is a standard component building block to ensure that a subsystem or entire system gets shut down if it exhibits unsafe behavior, without having to model the details of the design. Example result: these ideas have been successfully applied to a prototype autonomous vehicles and a prototype commercial vehicle technology demonstration platform.
  
• Cyclic Redundancy Checks (CRCs) and Checksums
      A lot of the folklore on checksums isn't quite right. We spent a considerable number of CPU-years crunching on a search for optimal polynomials. And we found them. Currently we are working with the FAA applying that knowledge to aviation applications.

• Embedded Network Gateway Survivability          (Mini-poster)
  How can you mitigate malicious and non-malicious timing fault propagation across an embedded network gateway? Or, put another way, how can you keep your car's radio from destabilizing you car's suspension system? Example result: using a FIFO queue to mitigate timing clumps from an IT-style network to a control network can be worse than just throwing clumped messages away. Predictive filters look like a good way to go instead.
  
• Low Cost Embedded Network Message Authentication          (Mini-poster)
  How can you get cryptographically secure multicast authentication on a real time embedded network such as CAN or FlexRay? You only have a few bits to spend for this in each message, as well as limited memory and CPU power. Example result: combining truncated authenticators from multiple message packets provides a useful engineering tradeoff among bandwidth, attack resistance, and control latency.
  
• Embedded System Security
      The rules of the embedded security game are likely to differ from those of IT and desktop security. You can't just treat an embedded computer like your desktop machine.
• Embedded System Safety
      Embedded systems usually have the ability to release energy into the environment via actuators. Any potentially uncontrolled release of such energy is, by definition, a safety issue.
• Ballista -- Software Robustness Testing
       Some software isn't particularly robust to exceptional inputs. We developed an automated approach to finding robustness vulnerabilities in APIs, including the POSIX and Windows. We found some one-line programs that crashed mature commercial operating systems.
• Graceful Degradation
      Wouldn't it be nice if systems failed soft instead of failing hard, and did so without having to resort to brute force redundancy?
• System Architecture
      How to figure out the pieces and how they fit together in systems that are bigger than just a CPU or just a computer.
• Embedded Control Networks
      These differ in many ways from IT style networks, and we have worked on a variety of aspects.
• Distributed Embedded System Dependability
      Distributed embedded systems have unique dependability challenges, especially when theoretical ideas such as group membership and periodic real time schedules meet the real world.
• Stack Computers
      In a previous life I designed stack-based CPUs. While they have fallen out of the mainstream, there is still quite a bit of interest, so I maintain a page with my work in this area.
• Computer Architecture
      In addition to stack computers, I've done a little bit of work on supercomputer architecture and everyday CPU design.
• Embedded System Education
• Miscellany

Autonomous Vehicle (Self-Driving Car) Safety

Selected Presentations:

• 2019: SAE WCX, "Safety Argument Considerations for Public Road Testing of Autonomous Vehicles"
• 2019: SSS 2019, "Edge Cases and Autonomous Vehicle Safety"
• 2019: SafeAI 2019, How Many Operational Design Domains, Objects, and Events?
• 2018: TechAD, Autonomous Vehicle Testing & Safety
• 2018: OESA Conference, Potential Autonomous Vehicle Safety Improvement: Less Hype, More Data
• 2018: SAE WC, Toward a Framework for Highly Automated Vehicle Safety Validation
• 2018: PA AV Summit, Ensuring the Safety of On-Road Self-Driving Car Testing
• 2018: ICSE, Robustness Testing of Autonomy Software
• 2017: TechAD, Highly Autonomous Vehicle Validation: It's More Than Just Road Testing!
• 2017: AV17, Challenges and Solutions in Autonomous Vehicle Validation
• 2014: ASTAA project: Software robustness testing and run-time monitoring of autonomous vehicles
• 2014: Toyota Unintended Acceleration Case Study (YouTube)
• See also presentations & videos for my course 18-642 which touch upon code quality, safety, and security.

Publications:

• Koopman, P., Ferrell, U., Fratrik, F. & Wagner, M., "A Safety Standard Approach for Fully Autonomous Vehicles," WAISE 2019, Sept. 2019.
• Koopman, P., Osyk, B. & Weast, J., "Autonomous Vehicles Meet the Physical World: RSS, Variability, Uncertainty, and Proving Safety," SAFECOMP, Sept. 2019. (Extended version: https://arxiv.org/abs/1911.01207)
• Koopman, P., & Osyk, B., "Safety Argument Considerations for Public Road Testing of Autonomous Vehicles," SAE WXC, 2019-01-0123, Apr. 2019.
• Koopman, P., Kane, A. & Black, J., "Credible Autonomy Safety Argumentation," Safety-Critical Systems Symposium, Bristol UK, Feb. 2019.
• Koopman, P. & Fratrik, F., "How many operational design domains, objects, and events?" SafeAI 2019, AAAI, Jan 27, 2019.
• Koopman, P., "Practical Experience Report: Automotive Safety Practices vs. Accepted Principles," SAFECOMP, Sept. 2018.
• Pezzementi, Z., Tabor, T., Yim, S., Chang, J., Drozd, B., Guttendorf, D., Wagner, M., & Koopman, P., "Putting image manipulations in context: robustness testing for safe perception," IEEE International Symposium on Safety, Security, and Rescue Robotics (SSRR), Aug. 2018. (slides)
• Koopman, P., "The Heavy Tail Safety Ceiling," Automated and Connected Vehicle Systems Testing Symposium, June 2018.
• Hutchison et al., "Robustness Testing of Autonomy Software," ICSE-SEIP, 2018. (slides)
• Koopman, P. & Wagner, M., "Toward a Framework for Highly Automated Vehicle Safety Validation," SAE World Congress, 2018. SAE-2018-01-1071. (slides)
• Koopman, P., "Challenges in Autonomous Vehicle Validation," SCAV 17 (keynote), April 2017.
• Koopman, P. & Wagner, M., "Autonomous Vehicle Safety: An Interdisciplinary Challenge," IEEE Intelligent Transportation Systems Magazine, Vol. 9 #1, Spring 2017, pp. 90-96.
• Koopman, P. and Wagner, M., "Challenges in Autonomous Vehicle Testing and Validation," SAE Int. J. Trans. Safety 4(1):2016, doi:10.4271/2016-01-0128. (slides)
• Vernaza, Guttendorf, Wagner & Koopman, "Learning Product Set Models of Fault Triggers in High-Dimensional Software Interfaces," IROS 2015.
• Kane, Chowdhury, Datta & Koopman, "A Case Study on Runtime Monitoring of an Autonomous Research Vehicle (ARV) System," RV 2015.
• Wagner & Koopman, "A Philosophy for Developing Trust in Self-Driving Cars," In: G. Meyer & S. Beiker (eds.) Road Vehicle Automation 2, Lecture Notes in Mobility, Springer, 2015, pp. 163-170
• Kane, Fuhrman, Koopman, "Monitor Based Oracles for Cyber-Physical System Testing," DSN 2014.
• Koopman, Wagner, "Transportation CPS Safety Challenges," NSF Workshop on Transportation CyberPhysical Systems, January 23-24, 2014
• Kane, A. & Koopman, P., "Ride-through for Autonomous Vehicles," CARS 2013.
• Koopman, P., "Challenges in representing CPS safety," Workshop on developing dependable and secure automotive cyber-physical systems from components, Mar 17-18, 2011.
• Black, J. & Koopman, P., "System safety as an emergent property in composite systems," DSN 2009, pp. 369 - 378.
• Szilagyi, C. & Koopman, P., "Flexible Multicast Authentication for Time-Triggered Embedded Control Network Applications," DSN 2009, pp. 165-174.
• Wagner, M., Koopman, P., Bares, J., Ostrowski, C., "Building safer UGVs with run-time safety invariants," 2009 National Defense Industrial Association (NDIA) Systems Engineering Conference (conference record is presentations only).
• Black, J., & Koopman, P., "Indirect control path analysis and goal coverage strategies for elaborating system safety goals in composite systems," PRDC 2008.
• Shelton, C. & Koopman, P., "Using Architectural Properties to Model and Measure Graceful Degradation," In: de Lemos, R., Gacek, C., & Romanovsky, A., Architecting Dependable Systems, Springer-Verlag, 2003.
• Latronico, E., "Problems Facing Group Membership Specifications for X-by-Wire Protocols," DSN 2003 student paper, June 2003.
• Shelton, C., Koopman, P. & Nace, W., "A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems," WORDS03, January 2003.
• Koopman, P., "Critical Embedded Automotive Networks," IEEE Micro, July-August 2002.
• Bayouth, M. & Koopman, P., "Functional Evolution of an Automated Highway System for Incremental Deployment," Transportation Research Record, #1651, Paper #981060, pp. 80-88.
• Koopman, P. & Bayouth, M., "Orthogonal Capability Building Blocks for Flexible AHS Deployment," Journal of Intelligent Transportation SystemsVol. 4, pp. 1-19, 1998.

Historical Projects:

(Also see: Current Projects page)

Cyclic Redundancy Checks (CRCs) and Checksums

A lot of the folklore on checksums isn't quite right. We spent a considerable number of CPU-years crunching on a search for optimal polynomials. And we found them.

• Also see my blog entries on error detection.

• Presentation: Data Integrity Techniques: Aviation Best Practices for CRC & Checksum Error Detection, FAA Meeting, Sept 2014 (Slides only).
• Webinar Tutorial on Checksums and CRCs, October 2013
  • Blog entry with streaming video pointers and summary of talk
  • Youtube Video
  • Slides (Acrobat)
  • Draft final report (Acrobat) (Removed from web at request of FAA pending further review)
• Tutorial: Checksum and CRC Data Integrity Techniques for Aviation, FAA Meeting, (Slides only), May 2012

• Koopman, Driscoll & Hall, "Selection of cyclic redundancy code and checksum algorithms to ensure critical data integrity," final report, DOT/FAA/TC-14/49, March 2015.
• Maxino, T., & Koopman, P. "The Effectiveness of Checksums for Embedded Control Networks," IEEE Trans. on Dependable and Secure Computing, Jan-Mar 2009, pp. 59-72.
• Ray, J., & Koopman, P. "Efficient High Hamming Distance CRCs for Embedded Applications," DSN06, June 2006.
• Maxino, T., "Revisiting Fletcher and Adler Checksums," DSN06 student paper, June 2006.
• Maxino, T., The Effectiveness of Checksums for Embedded Networks, M.S. Thesis, CMU ECE, May 2006.
• Paulitsch, Morris, Hall, Driscoll, Koopman & Latronico, "Coverage and Use of Cyclic Redundancy Codes in Ultra-Dependable Systems," DSN05, June 2005
• Koopman, P. & Chakravarty, T., "Cyclic Redundancy Code (CRC) Polynomial Selection For Embedded Networks," DSN04, June 2004.
• Koopman, P., "32-bit cyclic redundancy codes for Internet applications," International Conference on Dependable Systems and Networks (DSN), Washington DC, July 2002
• Chakravarty, T., Performance of cyclic redundancy codes for embedded networks, M.S. Thesis, CMU ECE, Dec. 2001

• Maximal length LFSR feedback polynomial data files
• CRC Hamming Weight data files

Embedded System Security

The rules of the embedded security game are likely to differ from those of IT and desktop security.

• Also see my blog entries on embedded security.

• Szilagyi, C. & Koopman, P., "Low cost multicast authentication via validity voting in time-triggered embedded control networks," WESS, October 2010.
• Abdallah, A., Feron, E., Hellestrand, G., Koopman, P. & Wolf, M., "Hardware/Software Co-Design of Aerospace and Automotive Systems," Proc. IEEE, April 2010. (IEEE)
• Szilagyi, C. & Koopman, P., "A flexible approach to embedded network authentication," DSN 2009, pp. 165-174.
• Szilagyi, C. & Koopman, P., "A flexible approach to embedded network multicast authentication," WESS 2008.
• Koopman, P., Black, J., Maxino, T., "Position Paper: Deeply Embedded Survivability," ARO Planning Workshop on Embedded Systems and Network Security, Raleigh NC, February 22-23, 2007.
• Koopman, P., Morris, J. & Narasimhan, P., "Challenges in Deeply Networked System Survivability," Nato Advanced Research Workshop On Security and Embedded Systems, August 2005
• Koopman, P., "Embedded System Security," IEEE Computer, July 2004.

Embedded System Safety

Embedded systems usually have the ability to release energy into the environment via actuators. Any potentially uncontrolled release of such energy is, by definition, a safety issue.

• Also see my blog entries on: watchdog timer and safety.

• Kane, Koopman, "Monitor Based Oracles for Cyber-Physical System Testing," DSN 2014.
• Koopman, P., "Challenges in representing CPS safety," Workshop on developing dependable and secure automotive cyber-physical systems from components, Mar 17-18, 2011.
• Black, J., System Safety as an Emergent Property in Composite Systems, Ph.D. Thesis, Carnegie Mellon University ECE Dept., May 2009.
• Black, J. & Koopman, P., "System safety as an emergent property in composite systems," DSN 2009, pp. 369 - 378.
• Black, J., & Koopman, P., "Indirect control path analysis and goal coverage strategies for elaborating system safety goals in composite systems," PRDC 2008.
• Koopman, P., "Reliability, Safety, and Security in Everyday Embedded Systems," Latin American Dependability Conference (LADC-07), Morelia, Mexico, Sept. 26-28, 2007
• Black, J., A Fault Tolerance Analysis of Safety-Critical Embedded Systems, M.S. Thesis, Carnegie Mellon University ECE Dept., May 2004.
• Morris, J. & Koopman, P., "Critical Message Integrity Over A Shared Network," FeT03, July 2003.
• Morris, J. & Koopman, P., "Software Defect Masquerade Faults in Distributed Embedded Systems," DSN 2003 FastAbs, June 2003.
• Tran, E. & Koopman, P., Mission Failure Probability Calculations for Critical Function Mechanizations in the Automated Highway System, Technical Report CMU-RI-TR-97-44, Carnegie Mellon University, December 16, 1997. 34 pages.

Ballista -- software robustness testing and dependability benchmarking

Some software isn't particularly robust to exceptional inputs. We developed an automated approach to finding robustness vulnerabilities in APIs, including the POSIX and Windows. We found some one-line programs that crashed mature commercial operating systems.

Also see: Ballista Project Home Page, which is no longer maintained and thus may not be up to date.

• Koopman, P., DeVale, K. & DeVale, J., "Interface robustness testing: experiences and lessons learned from the Ballista Project," In: Kanoun, K. & Spainhower, L., Eds., Dependability Benchmarking for Computer Systems, IEEE Press, 2008, pp. 201-226.
• DeVale, J. & Koopman, P., "Robust software - no more excuses," International Conference on Dependable Systems and Networks (DSN), Washington DC, July 2002
• Koopman, P. & Madeira, H., "Workshop on Dependability Benchmarking," International Conference on Dependable Systems and Networks (DSN), July 2002.
• Koopman, P. & Madeira, H. (eds.), Proceedings on the Workshop on Dependability Benchmarking, section within International Conference on Dependable Systems and Networks (DSN) SupplementWashington DC, July 2002.
• Koopman, P., "What's wrong with fault injection as a dependability benchmark?," Workshop on Dependability Benchmarking (in conjunction with DSN 2002), Washington DC, July 2002.
• Raz, O., Koopman, P. & Shaw, M., "Benchmarking semantic availability of dynamic data feeds," Workshop on Dependability Benchmarking (in conjunction with DSN 2002), Washington DC, July 2002.
• Devale, J., High Performance Robust Computer Systems, Ph.D. Thesis, CMU ECE, Dec. 2001
• DeVale, J. & Koopman, P., "Performance Evaluation of Exception Handling in I/O Libraries," International Conference on Dependable Systems and Networks (DSN), July 2001, Göteborg Sweden.
• Pan, J., Koopman, P., Siewiorek, D., Huang, Y., Gruber, R. & Jiang, M., "Robustness testing and hardening of CORBA ORB Implementations," International Conference on Dependable Systems and Networks (DSN) July 2001, Göteborg Sweden, pp. 141-150.
• Madeira, H. & Koopman, P. "Dependability benchmarking: making choices in an n-dimensional problem space," Workshop on Evaluating and Architecting System dependabilitY (EASY), concurrent with Dependable Systems and Networks (DSN), July 2001, Göteborg Sweden.
• Pan, J., Robustness Testing and Hardening of CORBA ORB Implementations, M.S. Thesis, CMU ECE, Dec. 2000.
• Koopman, P. & DeVale, J., The Exception Handling Effectiveness of POSIX Operating Systems, IEEE Transactions on Software Engineering, Vol. 26, No. 9, September 2000.
• Shelton, C. & Koopman, P., "Robustness Testing of the Microsoft Win32 API, International Conference on Dependable Systems and Networks (DSN), New York City, June 26-28 2000.
• Koopman, P. & Madeira, H., "Dependability Benchmarking & Prediction: A Grand Challenge Technology Problem," 1st International Workshop on Real-Time Mission-Critical Systems: Grand Challenge Problems, Nov. 30, 1999; Phoenix, Arizona USA. 4 pages.
• Fernsler, K. & Koopman, P., "Robustness Testing of a Distributed Simulation Backplane," ISSRE 99, Boca Raton, FL, Nov. 2-4, 1999, pp. 189-198.
• Pan, J., Koopman, P. & Siewiorek, D., "A Dimensionality Model Approach to Testing and Improving Software Robustness," Autotestcon99, August 30-September 2, 1999, San Antonio, TX.
• Koopman, P. & DeVale, J., "Comparing the Robustness of POSIX Operating Systems," Fault Tolerant Computing Symposium, June 1999.
• DeVale, J., Koopman, P. & Guttendorf, D., "The Ballista Software Robustness Testing Service," Testing Computer Software Conference, June 1999.
• Fernsler, K., Robustness Testing of A Distributed Simulation Backplane, M.S. Thesis, CMU ECE, May 1999.
• Devale, J., Measuring Operating System Robustness, M.S. Thesis, CMU ECE, Dec. 1998
• Koopman, P., "Toward a Scalable Method for Quantifying Aspects of Fault Tolerance, Software Assurance, and Computer Security," Post proceedings of the Computer Security, Dependability, and Assurance: From Needs to Solutions (CSDA'98), 11-13 November 1998, Washington, D.C., pp. 103-131.
• Kropp, N., Koopman, P. & Siewiorek, D., "Automated Robustness Testing of Off-the-Shelf Software Components," Fault Tolerant Computing Symposium, pp. 230-239, June 23-25, 1998.
• Kropp, N., Automatic Robustness Testing of Off-the-Shelf Software Components, M.S. Thesis, CMU ECE, May 1998.
• Koopman, P., Sung, J., Dingman, C. & Siewiorek, D., "Comparing Operating Systems using Robustness Benchmarks," Symposium on Reliable Distributed Systems, Durham NC, October 22-24, 1997, pp. 72-79.

Graceful degradation

Wouldn't it be nice if systems failed soft instead of failing hard, and did so without having to resort to brute force redundancy? This work was in part under the umbrella of the Amaranth project.

• Shelton, C. & Koopman, P., "Improving System Dependability with Alternative Functionality," DSN04, June 2004.
• Shelton, C., Scalable Graceful Degradation for Distributed Embedded Systems Ph.D. Thesis, August 2003
• Shelton, C. & Koopman, P., "Using Architectural Properties to Model and Measure Graceful Degradation," In: de Lemos, R., Gacek, C., & Romanovsky, A., Architecting Dependable Systems, Springer-Verlag, 2003.
• Koopman, P., "Elements of the self-healing system problem space," Workshop on Architecting Dependable Systems/WADS03, May 2003.
• Shelton, C., Koopman, P. & Nace, W., "A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems," WORDS03, January 2003.
• Raz, O., Koopman, P., & Shaw, M., "Enabling Automatic Adaptation in Systems with Under-Specified Elements," 1st Workshop on Self-Healing Systems (WOSS'02), affiliated with the 10th International Symposium on the Foundations of Software Engineering (FSE-10), Charleston, South Carolina, November 2002.
• Nace, W. Automatic Graceful Degradation for Distributed Embedded Systems, Ph.D. Thesis, May 2002.
• Shelton, C., & Koopman, P., "Using Architectural Properties to Model and Measure System-Wide Graceful Degradation," Workshop on Architecting Dependable Systems (affiliated with ICSE 2002), May 25 2002 .
• Beveridge, M. & Koopman, P., "Jini Meets Embedded Control Networking: a case study in portability failure," Seventh IEEE Workshop on Object-Oriented Real-Time Dependable Systems: WORDS 2002, San Diego, January 2002.
• Nace, W. & Koopman, P., "A Graceful Degradation Framework for Distributed Embedded Systems," Workshop on Reliability in Embedded Systems (in conjunction with Symposium on Reliable Distributed Systems/SRDS-2001), October 2001.
• Shelton, C. & Koopman, P., "Developing a Software Architecture for Graceful Degradation in an Elevator Control System," Workshop on Reliability in Embedded Systems (in conjunction with Symposium on Reliable Distributed Systems/SRDS-2001), October 2001.
• Hoover, C., Hansen, J., Koopman, P. & Tamboli, S., "The Amaranth Framework: policy-based quality of service management for high-assurance computing," International Journal of Reliability, Quality, and Safety Engineering, Vol. 8, No. 4, 2001, pp. 1-28.
• Beveridge, M., Jini on the Control Area Network (CAN): a case study in portability failure, M.S. Thesis, CMU ECE, March 2001.
• Nace, W. & Koopman, P., "A product family based approach to graceful degradation," DIPES 2000, 8-19 October 2000, Paderborn, Germany.
• Tamboli, S., Evaluation of Admission Policies for Probabilistic Quality of Service (QoS), M.S. Thesis, CMU ECE, Aug. 2000.
• Hoover, C., Hansen, J., Koopman, P. & Tamboli, S.,"The Amaranth Framework: Probabilistic, Utility-Based Quality of Service Management for High-Assurance Computing", IEEE Fourth International High-Assurance Systems Engineering Symposium (HASE’99), IEEE Computer Society Press, Los Alamitos, CA, Nov. 17-19, 1999, pp. 207-216.

System Architecture

How to figure out the pieces and how they fit together in systems that are bigger than just a CPU or just a computer. Related is system architecting, which is how you figure out the right architecture.

• Morris, J. & Koopman, P., "Representing Design Tradeoffs in Safety-Critical Systems," ICSE 2005 Workshop on Architecting Dependable Systems, May 2005
• Martin, C. & Koopman, P., "Representing User Workarounds As A Component Of System Dependability," PRDC 2004: 10th IEEE Pacific Rim International Symposium on Dependable Computing, March 3-5, 2004.
• Koopman, P. & Hoffman, R., "Work-arounds, make-work, and kludges," IEEE Intelligent Systems, November/December 2003.
• Latronico, E. & Koopman, P., "Representing Embedded System Sequence Diagrams As A Formal Language," UML 2001, Toronto Ontario, 3-5 Oct. 2001, pp. 302-316.
• Latronico, B., Martin, C. & Koopman, P., "Analyzing Dependability of Embedded Systems from the User Perspective," Workshop on Reliability in Embedded Systems (in conjunction with Symposium on Reliable Distributed Systems/SRDS-2001), October 2001.
• Bayouth, M. & Koopman, P., "Functional Evolution of an Automated Highway System for Incremental Deployment," Transportation Research Record, #1651, Paper #981060, pp. 80-88.
• Koopman, P. & Bayouth, M., "Orthogonal Capability Building Blocks for Flexible AHS Deployment," Journal of Intelligent Transportation SystemsVol. 4, pp. 1-19, 1998.
• Koopman, P., "Using CAD Tools for Embedded System Design: Obstacles Encountered in an Automotive Case Study," Integrated Computer Aided Engineering, 5(1) 85-94, 1998. (Also, Tech Report EDRC 05 103 96)
• Koopman, P., "Embedded System Design Issues -- The Rest of the Story", Proceedings of the 1996 International Conference on Computer Design, Austin, October 7-9 1996.
• Koopman, P., "A taxonomy of decomposition strategies based on structures, behaviors, and goals", 1995 Conference on Design Theory and Methodology, Boston, September 1995.
• Koopman, P. "Design Constraints on Embedded Real Time Control Systems," System Design and Network Architecture Conference, pp. 71-77, May 8-10, 1990.

Embedded Control Networks

These differ in many ways from IT style networks, and we have worked on a variety of aspects.

• Koopman, P. & Szilagyi, C., "Integrity in Embedded Control Networks," IEEE Security & Privacy, 2013.
• Driscoll, K., Hall, B., Koopman, P., Ray, J., DeWalt, M., Data Network Evaluation Criteria Handbook, AR-09/24, FAA, 2009.
• Koopman, P., "Critical Embedded Automotive Networks," IEEE Micro, July-August 2002.
• Koopman, P. (ed.), Special Issue on Critical Embedded Automotive Networks, IEEE Micro, July-August 2002. (Issue is available from: IEEE Micro Archives; IEEE Xplore Archives
• Koopman, P. & Chakravarty, T., "Analysis of the Train Communication Network Protocol Error Detection Capabilities," http://www.tsd.org/papers/, February 25, 2001.
• Cholkar, A. & Koopman, P., "A Widely Deployable Web-based Distributed Network Simulation Framework using CORBA IDL-based APIs," Winter Simulation Conference 2000, December 5-8 1999, Phoenix, AZ, pp. 1587-1594.
• Hendrey, G., Standard Ethernet as an Embedded Communication Network, M.S. Thesis, CMU ECE, May 1999.
• Tran, E., Multi-Bit Error Vulnerabilities in the Controller Area Network Protocol, M.S. Thesis, CMU ECE, May 1999.
• Koopman, P., Tran, E. & Hendrey, G. "Toward Middleware Fault Injection for Automotive Networks," Fault Tolerant Computing Symposium, pp. 78-79, June 23-25, 1998.
• Tracking down Lost Messages and System Failures Embedded Systems Programming, 9(11), October 1996, pp. 38-52
• Koopman, P. & Upender, B., Time Division Multiple Access without a Bus Master, Technical Report 9500470, United Technologies Research Center, 1995.
• Upender, B. & Koopman, P., "Communication protocols for embedded systems", Embedded Systems Programming, 7(11) 46-58, November 1994.
• Upender, B. & Koopman, P., "Embedded Communication Protocol Options," Proceedings of Embedded Systems Conference 1993, Santa Clara, pp. 469-480, October 1993; repeated in Proceedings of Embedded Systems Conference East 1994, Boston, April 1994.

Distributed Embedded System Dependability

Distributed embedded systems have unique dependability challenges, especially when theoretical ideas such as group membership and periodic real time schedules meet the real world.

• Koopman, P. & Ray, J., "Mitigating the Effects of Internet Timing Faults Across Embedded Network Gateways," MMB/DFT 2010, p. 1, March 2010.
• Ray, J. & Koopman, P., "Queue management mechanisms for embedded gateways," DSN 2009, pp. 175-184.
• Latronico, E. & Koopman, P., "Design Time Reliability Analysis of Distributed Fault Tolerance Algorithms," DSN05, June 2005, pp. 57-64.
• Latronico, E., Reliability Validation of Group Membership Services for X-by-Wire Protocols, Ph.D. Thesis, CMU ECE, May 2005
• Latronico, E., Miner, P. & Koopman, P., "Quantifying the Reliability of Proven SPIDER Group Membership Service Guarantees," DSN04, June 2004.
• Morris, J., Kroening, D. & Koopman, P., "Fault Tolerance Tradeoffs in Moving from Decentralized to Centralized Embedded Systems," DSN04, June 2004.
• Latronico, E. & Koopman, P., "A Period-Based Group Membership Strategy for Nodes of TDMA Networks," FeT03, July 2003.
• Latronico, E., "Problems Facing Group Membership Specifications for X-by-Wire Protocols," DSN 2003 student paper, June 2003.
• Martin, C., Functional fault simulation for distributed embedded systems, M.S. Thesis, CMU ECE, December 2001
• Cholkar, A., A Web-based Distributed Network Simulation Framework using CORBA IDL-based APIs, M.S. Thesis, CMU ECE, May 1999.
• D'Anniballe, J. & Koopman, P., "Towards execution models of distributed systems: a case study of elevator design", ICCD Workshop on Hardware/Software Codesign, Boston, October 1993.

• Topics in Dependable Embedded Systems (44 original papers and presentations -- student writings; not refereed)

Stack Computers

In a previous life I designed stack-based CPUs. While they have fallen out of the mainstream, there is still quite a bit of interest, so I maintain a page with my work in this area.

Also see my historical page on: stack computers (which is no longer maintained)

• Koopman, P., "A preliminary exploration of optimized stack code generation", Journal of Forth Applications and Research, 6(4), 1994.
• Koopman, P., "A Brief Introduction to Forth," ACM SIGplan Notices, vol. 28, no. 3, pp. 357-358, March 1993, (History of Programming Languages HOPL-II preprints issue.)
• Koopman, P., "Stack Machines," In: Thorson, M. (ed.), "Usenet Nuggets," SIGARCH Computer Architecture News, 21(1), pp. 36-37, March 1993.
• Keown, W., Koopman, P. & Collins, A., "Performance of the Harris RTX 2000 stack architecture versus the Sun 4 Sparc and the Sun 3 M68020 architectures", Computer Architecture News, 20(3) 45-52, June 1992.
  
• Keown, W., Koopman, P. & Collins, A., "Real-Time Performance of the Harris RTX 2000 Stack Architecture versus the Sun 4 SPARC and the Sun 3 M68020 Architectures with a Proposed Real-Time Performance Benchmark," Performance Evaluation Review, May 1992, vol. 19, no. 4, pp. 40-48.
• Koopman, P., Lee, P. & Siewiorek, D., "Cache Behavior of Combinator Graph Reduction", Transactions on Programming Languages and Systems, 14(2) 265-297, April 1992.
• Koopman, P., Lee, P. & Siewiorek, D., "Architectural Considerations for Combinator Graph Reduction," Lee, P. (ed.) Topics In Advanced Language Implementation, MIT Press, 1991, pp. 369-95.
• Koopman, P. "Some Ideas for Stack Computer Design," 1991 Rochester Forth Conference, pg. 58, June 1991.
• Koopman, P. (ed), SIGForth '90 and SIGForth '91 Conference Proceedings, ACM Press, 1991.
• Koopman, P., An Architecture for Combinator Graph Reduction, Academic Press, 1990.
• Koopman, P., "Testing Toolkit," Forth Dimensions, vol. 12, no. 3 , pp. 31-32; 41, September 1990.
• Koopman, P., "Heavyweight Tasking," Embedded Systems Programming, vol. 3, no. 4, pp. 42-52, April 1990.
• Koopman, P. "TIGRE: Combinator Graph Reduction on the RTX 2000," 1990 Rochester Forth Conference, pp. 82-86, June 1990.
• Koopman, P. "Architectural Opportunities for Future Stack Engines," 1990 Rochester Forth Conference, pp. 79-81, June 1990.
• Koopman, P. & VanNorman, R. "Adding a Third Stack to a Forth Engine," 1990 Rochester Forth Conference, pp. 150-151, June 1990.
• Koopman, P. "Modern Stack Computer Architecture," System Design and Network Architecture Conference, pp. 153-164, May 8-10, 1990.
• Koopman, P., Lee, P. & Siewiorek, D., "Cache Performance of Combinator Graph Reduction", 1990 Int. Conf. on Computer Languages, March 12-15, 1990.
• Koopman, P., "Design Tradeoffs in Stack Computers," Forth Dimensions, vol. 11, no. 6, pp. 5-9, March 1990.
• Koopman, P., Stack Computers, Ellis Horwood, 1989.
• Koopman, P. & Lee, P., "A Fresh Look at Combinator Graph Reduction", Proc. of the 1989 SIGPLAN Conf. on Programming Language Design and Implementation, June 21-23, 1989.
• Koopman, P. & VanNorman, R., "RTX 4000," 1989 Rochester Forth Conference, pp. 84-86, June 6-10, 1989.
• Lee, P. & Koopman, P., Compiling for Direct Execution of Combinator Graphs, Ergo report, Carnegie Mellon University, Pittsburgh, 1989.
• Koopman, P. "32 Bit RTX Chip Prototype," Journal of Forth Application and Research (Rochester Forth Conference Proceedings), vol. 5, no. 2, pp. 331-335, 1988.
• Koopman, P., "Writable Instruction Set Stack Oriented Computers: The WISC Concept," Journal of Forth Application and Research (Rochester Forth Conference Proceedings), vol. 5, no. 1, pp. 49-71, 1987.
• Koopman, P., "The WISC Concept," BYTE, vol. 12, no. 4, pp. 187-194, April 1987.
• Haydon, G., & Koopman, P., "MVP Microcoded CPU/16: History," Journal of Forth Application and Research (Rochester Forth Conference Proceedings), vol. 4, no. 2 , pp. 273-276, 1986.
• Koopman, P., & Haydon, G., "MVP Microcoded CPU/16: Architecture," Journal of Forth Application and Research (Rochester Forth Conference Proceedings), vol. 4, no. 2, pp. 277-280 1986.

Computer Architecture

In addition to stack computers, I've done a little bit of work on supercomputer architecture and everyday CPU design.

• Gupta, R., Koopman, P. & Wolfe, A., "Tutorial on CAD for Digital Embedded Systems", Design Automation Conference, June 1995.
• Koopman, P., "Perils of the PC Cache", Embedded Systems Programming, 6(5) 26-34, May 1993.
• Siewiorek, D. & Koopman, P., The Architecture of Supercomputers: Titan, a case study, Academic Press, 1991.
  
• Koopman, P. & Siewiorek, D., "The Impact of Rent's Rule on Massive Parallelism", Frontiers of Massively Parallel Computation, 1988.
• Koopman, P., "Microcoded vs. Hard-Wired Control," BYTE, vol. 12, no. 1, pp. 235-242, January 1987.

• Gordon Bell's Eleven Rules for supercomputer design.

Embedded System Education

• Koopman, P., "Lessons Learned in Teaching a Complex Distributed Embedded System Project Course," CPS-Ed 2013, April 8, 2013.
• Koopman, P., "Risk Areas In Embedded Software Industry Projects", Workshop on Embedded System Education, Oct 28, 2010.
• Koopman, P., Better Embedded System Software, Drumnadrochit Press, 2010, ISBN-13: 978-0-9844490-0-2. (Also see accompanying Blog)
• Koopman, P., H. Choset, R. Gandhi, B. Krogh, D. Marculescu, P. Narasimhan, J. Paul, R. Rajkumar, D. Siewiorek, A. Smailagic, P. Steenkiste, D. Thomas, C. Wang, "Undergraduate Embedded System Education at Carnegie Mellon," ACM Journal Transactions on Embedded Computing Systems, Vol 4, No. 3, September 2005.

Miscellany

Things that don't fit into the other bins.

• Koopman, P. & Kaner, C., "The problem of embedded software in UCITA and drafts of revised Article 2," UCC Bulletin, 3 parts: February 2001; March 2001; April 2001.
• Koopman, P., "On Being the Bearer of Bad News" (engineering ethics), The Institute, IEEE, vol. 20, no. 6, pg. 15, June 1996. Reprinted in Engineering Dimensions, Professional Engineers of Ontario, January 2000 pp. 25-26.
• Essay: How to Write an Abstract

• See also: Chronological publications
• See also: Thesis compendium

• Essay: How to Write an Abstract

• See also: Automated Highway Systems document archive

Philip Koopman   Phone: +1.412.268.5225  US Eastern Time  More Contact Info