Platform-based Plug and Play of Automotive Safety Features - Challenges and Directions

Optional software-based features are increasingly becoming an important cost driver in automotive systems. These include features pertaining to active safety, infotainment, etc. Currently, these optional features are integrated into the vehicles at the factory during assembly. This severely restricts the flexibility of the customer to select and use features on-demand and therefore, the customer will either have to be satisfied with an available set of feature options or pre-order a car with the required features from the manufacturer resulting in considerable delay. In order to increase flexibility and reduce the delay, it is necessary to provide the option to configure the vehicle on-demand at the dealership or remotely. In this paper, we present our vision and challenges involved in developing a platform infrastructure that allows on-demand deployment of automotive safety features and ensures their correct execution

Compensating Adaptive Mixed Criticality Scheduling

The majority of prior academic research into mixed criticality systems assumes that if high-criticality tasks continue to execute beyond the execution time limits at which they would normally finish, then further workload due to low-criticality tasks may be dropped in order to ensure that the high-criticality tasks can still meet their deadlines. Industry, however, takes a different view of the importance of low-criticality tasks, with many practical systems unable to tolerate the abandonment of such tasks. In this paper, we address the challenge of supporting genuinely graceful degradation in mixed criticality systems, thus avoiding the abandonment problem. We explore the Compensating Adaptive Mixed Criticality (C-AMC) scheduling scheme. C-AMC ensures that both high- and low-criticality tasks meet their deadlines in both normal and degraded modes. Under C-AMC, jobs of low-criticality tasks, released in degraded mode, execute imprecise versions that provide essential functionality and outputs of sufficient quality, while also reducing the overall workload. This compensates, at least in part, for the overload due to the abnormal behavior of high-criticality tasks. C-AMC is based on fixed-priority preemptive scheduling and hence provides a viable migration path along which industry can make an evolutionary transition from current practice

Analysis-Runtime Co-design for Adaptive Mixed Criticality Scheduling

In this paper, we use the term “Analysis-Runtime Co-design” to describe the technique of modifying the runtime protocol of a scheduling scheme to closely match the analysis derived for it. Carefully designed modifications to the runtime protocol make the schedulability analysis for the scheme less pessimistic, while the schedulability guarantee afforded to any given application remains intact. Such modifications to the runtime protocol can result in significant benefits with respect to other important metrics. An enhanced runtime protocol is designed for the Adaptive Mixed-Criticality (AMC) scheduling scheme. This protocol retains the same analysis, while ensuring that in the event of high-criticality behavior, the system degrades less often and remains degraded for a shorter time, resulting in far fewer low-criticality jobs that either miss their deadlines or are not executed

Trustworthiness in Mobile Cyber Physical Systems

Computing and communication capabilities are increasingly embedded in diverse objects and structures in the physical environment. They will link the ‘cyberworld’ of computing and communications with the physical world. These applications are called cyber physical systems (CPS). Obviously, the increased involvement of real-world entities leads to a greater demand for trustworthy systems. Hence, we use "system trustworthiness" here, which can guarantee continuous service in the presence of internal errors or external attacks. Mobile CPS (MCPS) is a prominent subcategory of CPS in which the physical component has no permanent location. Mobile Internet devices already provide ubiquitous platforms for building novel MCPS applications. The objective of this Special Issue is to contribute to research in modern/future trustworthy MCPS, including design, modeling, simulation, dependability, and so on. It is imperative to address the issues which are critical to their mobility, report significant advances in the underlying science, and discuss the challenges of development and implementation in various applications of MCPS

Modeling and Analysis of Automotive Cyber-physical Systems: Formal Approaches to Latency Analysis in Practice

Based on advances in scheduling analysis in the 1970s, a whole area of research has evolved: formal end-to-end latency analysis in real-time systems. Although multiple approaches from the scientific community have successfully been applied in industrial practice, a gap is emerging between the means provided by formally backed approaches and the need of the automotive industry where cyber-physical systems have taken over from classic embedded systems. They are accompanied by a shift to heterogeneous platforms build upon multicore architectures. Scien- tific techniques are often still based on too simple system models and estimations on important end-to-end latencies have only been tightened recently. To this end, we present an expressive system model and formally describe the problem of end-to-end latency analysis in modern automotive cyber-physical systems. Based on this we examine approaches to formally estimate tight end-to-end latencies in Chapter 4 and Chapter 5. The de- veloped approaches include a wide range of relevant systems. We show that our approach for the estimation of latencies of task chains dominates existing approaches in terms of tightness of the results. In the last chapter we make a brief digression to measurement analysis since measuring and simulation is an important part of verification in current industrial practice

Rancang Bangun Parasut Otomatis Untuk Kondisi Darurat UAV

Dalam tugas akhir ini dibuat sebuah alat untuk mendeteksi kondisi darurat pada Unmanned Aerial Vehicle (UAV). Kondisi darurat yang dideteksi yaitu ketika pesawat dalam posisi roll atau pitch lebih dari 70 derajat atau kecepatan vertikalnya lebih dari 10 m/s. Setelah kondisi darurat terdeteksi, alat ini akan membukakan parasut sehingga pesawat tidak langsung jatuh. Alat ini dibuat untuk mengurangi dampak kerusakan ketika terjadi kerusakan UAV atau kehilangan kontrol saat sedang terbang. Yang sudah ada saat ini, parasut akan langsung terbuka ketika terjadi kerusakan pada sistem pesawat pada ketinggian berapapun. Sehingga pada alat ini, ditambah perancangan pada sistemnya untuk bisa memperkirakan pada ketinggian berapa parasut harus terbuka. Untuk itu digunakan rumus kecepatan terminal dan gerak lurus berubah beraturan sedemikian sehingga sistem bisa menghitung pada ketinggian berapa parasut terbuka. Kemudian untuk mendeteksi kondisi darurat UAV menggunakan sensor barometer BMP280 dan sensor akselerometer giroskop MPU6050. Sensor BMP280 digunakan untuk mengetahui ketinggian dan kecepatan vertikal UAV. Sensor MPU6050 digunakan untuk mengetahui posisi roll dan pitch UAV. Sistem akan mendeteksi terlebih dahulu UAV dalam kondisi darurat atau tidak. Jika sudah terdeteksi, sistem akan melakukan penghitungan pada ketinggian berapa parasut akan terbuka. Pada pengujian, alat ini dapat megukur ketinggian dengan error 0,2915 meter. Error roll dan pitch masing – masing sebesar 4,2 derajat dan 4,545 derajat. Rata – rata selisih waktu antara parasut keluar dari pesawat dan parasut terbuka adalah 3,348 detik. =============================================================================================================================== In this final project, a device that can detection emergency condition UAV is created. Emergency conditions are detected when UAV is in roll position or pitch more than 70 degrees or its vertical speed is more than 10 m/s. After an emergency condition is detected, this device will open the parachute so that UAV does not immediately fall. The device is created to reduce the impact of damage when UAV lost control or crash on the air. In this time, used of parachute is still little to solve that problem. Which already exists today, parachute will opened when system of UAV are failure at any height. So that, this device is designed to estimate at how high the parachute opened. So, it is used terminal velocity equation and accelerated linear motion so that system can calculate at how high the parachute is open. Then, barometer sensor BMP280 and accelerometer gyroscope sensor MPU6050 is used to detect UAV emergency condition. BMP280 is used to find out the height and vertical velocity of UAV. MPU6050 is used to find out roll and pitch position of UAV. The system will detect UAV position, whether in an emergency condition or not. If it has been detected, the system will do the calculation at how high the parachute will opened. On the experiment, this device can measure the height, roll position and pitch position with each error 0,2915 meter, 4,2 degrees, and 4,545 degrees. The average difference time between the parachute out of the UAV and parachute opened is 3,348 s

Die (re-)konfigurierbare Fahrzeugarchitektur

Die Lebenszyklen von Fahrzeugen und die Innovationszyklen zugrundeliegender Technologien laufen auseinander, sehr zum Nachteil der Fahrzeughersteller. Besonders betroffen sind dabei Bereiche, die geringe Stückzahlen mit hoher Variabilität und langen Garantiezeiträumen kombinieren, zum Beispiel Busse. Dadurch ergibt sich eine Anzahl an Herausforderungen an die Hersteller, die im Rahmen dieser Dissertation herausgearbeitet werden. Anschließend erfolgt eine Betrachtung des Standes der Wissenschaft und Technik, insbesondere mit Hinblick auf die Fragestellung, wie denn dieser die Herausforderungen adressiert. Dabei werden neben technischer auch rechtliche Aspekte beleuchtet, die ihrerseits neue Herausforderungen hinzufügen. Gezeigt wird, dass klassische Fahrzeugarchitekturen mit ihren unflexiblen signalbasieren Elektrik-/Elektronik-Architekturen nicht mehr geeignet sind, diesen Herausforderungen zu begegnen. Flexiblere serviceorientierte Architekturen eignen sich weitaus besser, um neue Trends wie das automatisierte Fahren oder fortschrittlichere, kamerabasierte Fahrerassistenzsysteme zu integrieren. Dabei werden verschiedene Ansätze wie die bereits in der Automobilindustrie verbreitete AUTOSAR Adaptive Platform und das bisher hauptsächlich in der Forschung eingesetzte Robot Operating System 2 (ROS2) vorgestellt und miteinander verglichen. Als Konsequenz wird in dieser Dissertation eine (re-)konfigurierbare Fahrzeugarchitektur entwickelt, die Synergien aus einer Verknüpfung verschiedener Domänen wie Nutzfahrzeuge und PKW, aber auch Informationstechnik nutzt. Dies sind zum einen geringere Stückpreise durch Nutzung von Komponenten aus Domänen mit höheren Stückzahlen, zum anderen durch ein Ersetzen von beispielsweise Sensoren durch günstigere beziehungsweise überhaupt noch verfügbare Exemplare während des Lebenszyklus eines Fahrzeuges. Basierend auf einer serviceorientierten Architektur in ROS2 und vorher definierter Anforderungen an eine solche Fahrzeugarchitektur, wird ein Konzept entworfen und anschließend prototypisch umgesetzt, um Use-Cases darzustellen, die besonders von dieser neuartigen Architektur profitieren. Ein Beispiel hierfür ist das Austauschen von Steuergeräten, entweder aus den oben angesprochenen Gründen der Verfügbarkeit oder Kosten von Komponenten oder aber zur Erweiterung der Funktionalität. Zur Senkung von Betriebskosten und Verbesserung der Energiebilanz des Fahrzeuges und der Flotte können außerdem Funktionalitäten beziehungsweise Services in das Backend ausgelagert werden. Die Evaluation dieser prototypisch umgesetzten Architektur und der Use-Cases zeigt, dass der Ansatz grundsätzlich funktioniert und außerdem eine nutzbare Performanz erreicht. Neue Chancen ergeben sich durch eine mögliche Steigerung der Ressourcenauslastung und dynamischer Redundanz, die ausgefallene Komponenten zur Laufzeit des Fahrzeuges ausgleichen kann