My home pageFor the academic year 2005 - 2006 I was on Professional Development Leave. The theme of my sabbatical proposal was "Software as a Component in Safety-Critical Systems". The details of what I did for the year changed from the original proposal submitted in October 2004. The year stayed true to the theme of the proposal and still had three elements each about one quarter long. RIT students might liken it to me doing three single block co-ops.
This page contains a brief description of each of my visits. I wrote a short article on my leave for the Spring 2006 Scholarship @ RIT newsletter published by the library. If you are interested you can also read the more detailed Professional Development Leave report that I submitted to the Provost.
From mid-August through until the middle of November I worked at the US Food and Drug Administration in Rockville, MD. Following the finest bureaucratic traditions I was a Staff Fellow in CDRH/OSEL/DESE. In English that is the Center for Devices and Radiologic Health, Office of Science and Engineering Labs, Division of Electrical and Software Engineering. This group is responsible for providing engineering support to the FDA for the regulation of software in medical devices. The group acts as consultants to the Office of Device Evaluation which does pre-market reviews of applications for new devices. The Office of Compliance will also call upon them for their expert services during post-market enforcement of the FDA's regulatory authority. In addition to these regulatory activities the group maintains a forward-looking view to the academic research to make sure that the medical device manufacturers are using the best practices for developing software that contributes to the safety and effectiveness of their devices.
After Thanksgiving I moved to the Software Engineering Laboratory at NASA Goddard Space Flight Center in Greenbelt, MD. The head of this group is Dr. Michael Hinchey. A primary research activity of the group is the application of formal methods. The group has developed a research tool that attempts to extract formal requirements specifications from text requirements documents. A second tool is called Requirements to Design to Code (R2D2C). This tool starts with requirements defined in terms of action scenarios. Using a theorem prover it infers a design in a particular design methodology that satisfies those scenarios. Once the tool has defined the formal design, it is a straightforward process to autocode an implementation. I worked on an extension to R2D2C that defined safety requirements in terms of safe operating scenarios. The system would then autocode a safety monitor that checked for safety violations at runtime.
The final period in the Spring of 2006 I worked for Pratt & Whitney in their Real-Time and Embedded Software (RTES) group. This group works on Pratt & Whitney's PW4000 and PW6000 series commercial jet engines. RTES is responsible for integrating all the control tasks into the cyclic executive scheduler that runs on the engine's Full-Authority Digital Electronic Controller (FADEC). The FADEC has almost complete control of the engine operation. I worked on several tasks including: the task force defining standard practices for performing Fault Tree Analysis, and Failure Modes and Effects Analysis; define software requirements for an editor of lists specifying engine performance data to record on the military F135 engine for the Joint Strike Fighter; discussions with designers to capture standard practice for creating a cyclic executive schedule.