Dependable Embedded Systems

Spring 1999 Course Syllabus

Course Instructor: Prof. Phil Koopman


The goals of this graduate course are to learn to do research in the area of dependable embedded systems, and to make a contribution to the area with a cooperative class publication.


The area of dependable embedded systems encompasses an increasingly larger and more important fraction of "intelligent" products made worldwide. For the purposes of this course, "dependable" systems include those that are safe, fault tolerant, robust, secure, timely, maintainable, and designed correctly. "Embedded" systems include computers that are incorporated in some other product such that they are no longer a desktop or general purpose computer. The types of dependable embedded systems that this course covers includes: aircraft, automobiles, elevators, nuclear power plants, telecommunication networks, and industrial automation equipment.

This course explores the rich set of issues that must be considered when dealing with dependable embedded systems. As shown in the figure below, it is not sufficient to simply design a piece of computer hardware (or even a hardware/software combination), optimize it for speed and/or component purchase cost, and ship it. Multiple objectives must be satisfied, involving multiple disciplines beyond computer engineering, and the result must operate properly and profitably throughout an entire life cycle.

{conceptual framework}

The dependable embedded systems area is especially challenging to perform research in because it involves such a broad range of material, most of it beyond the ordinary goal of performance optimization that computer engineers are used to. In fact, in this area it is sometimes difficult to even know the right questions, let alone good answers for them. Thus, the focus of the course will be on learning what the right questions are, comparing and contrasting the many varieties of answers available from a broad range of research communities, and attempting to put the pieces together into a coherent picture spanning the cross-product space of objectives, disciplines, and life cycle.

The culmination of the coursework will be an extensive paper jointly authored by the entire class with a detailed review of the various research areas that must be combined to achieve success in building dependable embedded systems. (Details of coordination, team sizes, and whether there is initially a single paper or multiple papers is flexible depending on class size and student backgrounds.) Depending on the length and quality of student contributions, the resultant paper will be submitted to an appropriate publication venue such as a journal, monograph series publisher, or technical report series. Co-authorship awarded to all students making substantive contributions.

Conceptual Framework

One of the results of the class will be a refinement of a conceptual framework for the area of dependable embedded systems. A preliminary diagram is proposed (.jpg .pdf), but subject to change during the course of the semester. In general, seven "conceptual clusters" of areas are identified:

Within these high-level clusters, there are fourty-four individual topic areas that seem relevant (including the above areas "in-the-small" as focussed topics):

Text & Reading

Students, in consultation with the instructor, will select a reading assignment for each topic they present. Each student in the class is expected to thoroughly understand one of the two (or three) readings for each class, and to be generally familiar with the other.

For students lacking a background in embedded systems or fault tolerance, a course text is available: Safety-Critical Computer Systems, Neil Storey, Addison-Wesley, Harlow England, 1996. A secondary text is also available: Real-Time Systems : Design Principles for Distributed Embedded Applications, Herman Kopetz, Kluwer, 1997. However, it is emphasized that students are responsible for knowing this material on their own; there will be no presentations of this undergraduate level material in class. On the other hand, reasonable questions to clarify understanding are appropriate and welcome. It is strongly recommended that all students read this book from cover to cover during or before the first week of class.