Towards Vehicle-Level Simulator Aided Failure Mode, Effect, and Diagnostic Analysis of Automotive Power Electronics Items

The increasing demand for Electronic Control Units able to perform safety-relevant tasks leads the automotive industry to find novel verification methodologies, capable to decrease the time-to-market and, at the same time, to improve the quality of the assessment. The ISO26262:2018 automotive functional safety standard requires to follow a strict development process, compliant with its “safety lifecycle”. It includes all the phases of the item life, from the concept to the decommissioning. The phase that places most difficulties about its objectivity and repeatability is the hardware/software integration verification since, usually, the software is in charge to mitigate the effects of some possible hardware failures. This paper proposes a novel technique, based on a simulation-based approach, to aid the designers during the Failure Mode, Effect, and Diagnostic Analysis (FMEDA). We consider a power electronics module, to be embedded into electric vehicles powertrains, as a challenging practical example. We performed some tests on it, considering a rear traction car with two independent electric motors, one per each wheel. This system, to allow the vehicle to curve, has to act like a differential gear. Hence, it has a strong safety impact on the driveability of the car. All the involved components have been simulated propagating their behaviours up to the entire vehicle. Due the strong coupling between item failures and vehicle dynamics, a structured way based on coupling fault injection with vehicle dynamic simulation is desirable

On the Reliability Assessment of Artificial Neural Networks Running on AI-Oriented MPSoCs

Nowadays, the usage of electronic devices running artificial neural networks (ANNs)-based applications is spreading in our everyday life. Due to their outstanding computational capabilities, ANNs have become appealing solutions for safety-critical systems as well. Frequently, they are considered intrinsically robust and fault tolerant for being brain-inspired and redundant computing models. However, when ANNs are deployed on resource-constrained hardware devices, single physical faults may compromise the activity of multiple neurons. Therefore, it is crucial to assess the reliability of the entire neural computing system, including both the software and the hardware components. This article systematically addresses reliability concerns for ANNs running on multiprocessor system-on-a-chips (MPSoCs). It presents a methodology to assign resilience scores to individual neurons and, based on that, schedule the workload of an ANN on the target MPSoC so that critical neurons are neatly distributed among the available processing elements. This reliability-oriented methodology exploits an integer linear programming solver to find the optimal solution. Experimental results are given for three different convolutional neural networks trained on MNIST, SVHN, and CIFAR-10. We carried out a comprehensive assessment on an open-source artificial intelligence-based RISC-V MPSoC. The results show the reliability improvements of the proposed methodology against the traditional scheduling

New Techniques for On-line Testing and Fault Mitigation in GPUs

L'abstract è presente nell'allegato / the abstract is in the attachmen

On How to Identify Cache Coherence: Case of the NXP QorIQ T4240

Architectures used in safety critical systems have to pass certain certification standards, which require sufficient proof that they will behave as expected. Multi-core processors make this challenging by featuring complex interactions between the tasks they run. A lot of these interactions are made without explicit instructions from the program designers. Furthermore, they can have strong negative impacts on performance (and potentially affect correctness). One important such source of interactions is cache coherence, which speeds up operations in most cases, but can also lead to unexpected variations in execution time if not fully understood. Architecture documentations often lack details on the implementation of cache coherence. We thus propose a strategy to ascertain that the platform does indeed implement the cache coherence protocol its user believes it to. We also apply this strategy to the NXP QorIQ T4240, resulting in the identification of a protocol (MESIF) other than the one this architecture’s documentation led us to believe it was using (MESI)

Increased reliability on Intel GPUs via software diverse redundancy

In the past decade, Artificial Intelligence has revolutionized various industries, including automotive, avionics, and health sectors. The installation of Advanced Driver Assistance Systems (ADAS) is now a reality, with the goal of achieving fully self-driving cars (SDCs) in the near future. ADAS and Autonomous Driving (AD) systems require processing vast amounts of data at high frequency using complex algorithms (Deep Learning (DL)) to meet tight time constraints (Real Time (RT)). Traditional computing has become a bottleneck, with CPUs unable to handle the data efficiently. High-performance GPUs have partially fulfilled these timing constraints, leading to continuous innovation in device performance and efficiency. For example, Nvidia introduced the Jetson AGX Xavier SoC in 2017, designed for machine learning applications in the automotive sector. However, AD and ADAS challenges also involve safety constraints, such as functional safety. Redundancy is necessary for identifying and correcting erroneous outcomes. To ensure high safety levels, diverse redundancy is used to avoid common cause faults (CCF). High-performance hardware for AD must be verified and validated (V&V) to ensure safety goals, but these processes can be costly. The automotive industry seeks to avoid non-recurring costs by using commercial off-the-shelf products (COTS). However, COTS devices have drawbacks, including limited redundancy and guarded implementation details. Researchers are developing software-only diverse redundancy solutions on top of COTS devices to overcome these limitations. Two main challenges are ensuring redundant computation for error detection and guaranteeing diverse redundancy to detect errors even when they affect all replicas. Current solutions are limited and mostly focused on NVIDIA GPUs. This thesis presents a software-only solution for diverse redundancy on Intel GPUs, providing strong diversity guarantees for the first time. Built on OpenCL, a hardware-agnostic programming language, the technique relies on intrinsics-special functions optimized by integrators. The intrinsics enable identifying hardware threads on the GPU and smart tailoring of workload geometry and allocation to specific computing elements. As a result, redundant threads use physically diverse execution units, meeting diverse redundancy requirements with affordable performance overheads. Several scenarios are developed to measure the impact of modifications to a standard OpenCL kernel execution. First, allocating only half of the available GPU resources; then, overriding the scheduler to use half of the resources; next, duplicating the work to mimic two kernel execution; and finally, executing both kernels in independent parts of the GPU

Reliability-aware circuit design to mitigate impact of device defects and variability in emerging memristor-based applications

In the last decades, semiconductor industry has fostered a fast downscale in technology, propelling the large scale integration of CMOS-based systems. The benefits in miniaturization are numerous, highlighting faster switching frequency, lower voltage supply and higher device density. However, this aggressive scaling trend it has not been without challenges, such as leakage currents, yield reduction or the increase in the overall system power dissipation. New materials, changes in the device structures and new architectures are key to keep the miniaturization trend. It is foreseen that 2D integration will eventually come to an insurmountable physical and economic limit, in which new strategic directions are required, such as the development of new device structures, 3D architectures or heterogeneous systems that takes advantage of the best of different technologies, both the ones already consolidated as well as emergent ones that provide performance and efficiency improvements in applications. In this context, memristor arises as one of several candidates in the race to find suitable emergent devices. Memristor, a blend of the words memory and resistor, is a passive device postulated by Leon Chua in 1971. In contrast with the other fundamental passive elements, memristors have the distinctive feature of modifying their resistance according to the charge that passes through these devices, and remaining unaltered when charge no longer flows. Although when it appeared no physical device implementation was acknowledged, HP Labs claimed in 2008 the manufacture of the first real memristor. This milestone triggered an unexpectedly high research activity about memristors, both in searching new materials and structures as well as in potential applications. Nowadays, memristors are not only appreciated in memory systems by their nonvolatile storage properties, but in many other fields, such as digital computing, signal processing circuits, or non-conventional applications like neuromorphic computing or chaotic circuits. In spite of their promising features, memristors show a primarily downside: they show significant device variation and limited lifetime due degradation compared with other alternatives. This Thesis explores the challenges that memristor variation and malfunction imposes in potential applications. The main goal is to propose circuits and strategies that either avoid reliability problems or take advantage of them. Throughout a collection of scenarios in which reliability issues are present, their impact is studied by means of simulations. This thesis is contextualized and their objectives are exposed in Chapter 1. In Chapter 2 the memristor is introduced, at both conceptual and experimental levels, and different compact levels are presented to be later used in simulations. Chapter 3 deepens in the phenomena that causes the lack of reliability in memristors, and models that include these defects in simulations are provided. The rest of the Thesis covers different applications. Therefore, Chapter 4 exhibits nonvolatile memory systems, and specifically an online test method for faulty cells. Digital computing is presented in Chapter 5, where a solution for the yield reduction in logic operations due to memristors variability is proposed. Lastly, Chapter 6 reviews applications in the analog domain, and it focuses in the exploitation of results observed in faulty memristor-based interconnect mediums for chaotic systems synchronization purposes. Finally, the Thesis concludes in Chapter 7 along with perspectives about future work.Este trabajo desarrolla un novedoso dispositivo condensador basado en el uso de la nanotecnología. El dispositivo parte del concepto existente de metal-aislador-metal (MIM), pero en lugar de una capa aislante continua, se utilizan nanopartículas dieléctricas. Las nanopartículas son principalmente de óxido de silicio (sílice) y poliestireno (PS) y los valores de diámetro son 255nm y 295nm respectivamente. Las nanopartículas contribuyen a una alta relación superficie/volumen y están fácilmente disponibles a bajo costo. La tecnología de depósito desarrollada en este trabajo se basa en la técnica de electrospray, que es una tecnología de fabricación ascendente (bottom-up) que permite el procesamiento por lotes y logra un buen compromiso entre una gran superficie y un bajo tiempo de depósito. Con el objetivo de aumentar la superficie de depósito, la configuración de electrospray ha sido ajustada para permitir áreas de depósito de 1cm2 a 25cm2. El dispositivo fabricado, los llamados condensadores de metal aislante de nanopartículas (NP-MIM) ofrecen valores de capacidad más altos que un condensador convencional similar con una capa aislante continua. En el caso de los NP-MIM de sílice, se alcanza un factor de hasta 1000 de mejora de la capacidad, mientras que los NP-MIM de poliestireno exhibe una ganancia de capacidad en el rango de 11. Además, los NP-MIM de sílice muestran comportamientos capacitivos en específicos rangos de frecuencias que depende de la humedad y el grosor de la capa de nanopartículas, mientras que los NP-MIM de poliestireno siempre mantienen su comportamiento capacitivo. Los dispositivos fabricados se han caracterizado mediante medidas de microscopía electrónica de barrido (SEM) complementadas con perforaciones de haz de iones focalizados (FIB) para caracterizar la topografía de los NP-MIMs. Los dispositivos también se han caracterizado por medidas de espectroscopia de impedancia, a diferentes temperaturas y humedades. El origen de la capacitancia aumentada está asociado en parte a la humedad en las interfaces de las nanopartículas. Se ha desarrollado un modelo de un circuito basado en elementos distribuidos para ajustar y predecir el comportamiento eléctrico de los NP-MIMs. En resumen, esta tesis muestra el diseño, fabricación, caracterización y modelización de un nuevo y prometedor condensador nanopartículas metal-aislante-metal que puede abrir el camino al desarrollo de una nueva tecnología de supercondensadores MIM

Reliability-aware circuit design to mitigate impact of device defects and variability in emerging memristor-based applications

In the last decades, semiconductor industry has fostered a fast downscale in technology, propelling the large scale integration of CMOS-based systems. The benefits in miniaturization are numerous, highlighting faster switching frequency, lower voltage supply and higher device density. However, this aggressive scaling trend it has not been without challenges, such as leakage currents, yield reduction or the increase in the overall system power dissipation. New materials, changes in the device structures and new architectures are key to keep the miniaturization trend. It is foreseen that 2D integration will eventually come to an insurmountable physical and economic limit, in which new strategic directions are required, such as the development of new device structures, 3D architectures or heterogeneous systems that takes advantage of the best of different technologies, both the ones already consolidated as well as emergent ones that provide performance and efficiency improvements in applications. In this context, memristor arises as one of several candidates in the race to find suitable emergent devices. Memristor, a blend of the words memory and resistor, is a passive device postulated by Leon Chua in 1971. In contrast with the other fundamental passive elements, memristors have the distinctive feature of modifying their resistance according to the charge that passes through these devices, and remaining unaltered when charge no longer flows. Although when it appeared no physical device implementation was acknowledged, HP Labs claimed in 2008 the manufacture of the first real memristor. This milestone triggered an unexpectedly high research activity about memristors, both in searching new materials and structures as well as in potential applications. Nowadays, memristors are not only appreciated in memory systems by their nonvolatile storage properties, but in many other fields, such as digital computing, signal processing circuits, or non-conventional applications like neuromorphic computing or chaotic circuits. In spite of their promising features, memristors show a primarily downside: they show significant device variation and limited lifetime due degradation compared with other alternatives. This Thesis explores the challenges that memristor variation and malfunction imposes in potential applications. The main goal is to propose circuits and strategies that either avoid reliability problems or take advantage of them. Throughout a collection of scenarios in which reliability issues are present, their impact is studied by means of simulations. This thesis is contextualized and their objectives are exposed in Chapter 1. In Chapter 2 the memristor is introduced, at both conceptual and experimental levels, and different compact levels are presented to be later used in simulations. Chapter 3 deepens in the phenomena that causes the lack of reliability in memristors, and models that include these defects in simulations are provided. The rest of the Thesis covers different applications. Therefore, Chapter 4 exhibits nonvolatile memory systems, and specifically an online test method for faulty cells. Digital computing is presented in Chapter 5, where a solution for the yield reduction in logic operations due to memristors variability is proposed. Lastly, Chapter 6 reviews applications in the analog domain, and it focuses in the exploitation of results observed in faulty memristor-based interconnect mediums for chaotic systems synchronization purposes. Finally, the Thesis concludes in Chapter 7 along with perspectives about future work.Este trabajo desarrolla un novedoso dispositivo condensador basado en el uso de la nanotecnología. El dispositivo parte del concepto existente de metal-aislador-metal (MIM), pero en lugar de una capa aislante continua, se utilizan nanopartículas dieléctricas. Las nanopartículas son principalmente de óxido de silicio (sílice) y poliestireno (PS) y los valores de diámetro son 255nm y 295nm respectivamente. Las nanopartículas contribuyen a una alta relación superficie/volumen y están fácilmente disponibles a bajo costo. La tecnología de depósito desarrollada en este trabajo se basa en la técnica de electrospray, que es una tecnología de fabricación ascendente (bottom-up) que permite el procesamiento por lotes y logra un buen compromiso entre una gran superficie y un bajo tiempo de depósito. Con el objetivo de aumentar la superficie de depósito, la configuración de electrospray ha sido ajustada para permitir áreas de depósito de 1cm2 a 25cm2. El dispositivo fabricado, los llamados condensadores de metal aislante de nanopartículas (NP-MIM) ofrecen valores de capacidad más altos que un condensador convencional similar con una capa aislante continua. En el caso de los NP-MIM de sílice, se alcanza un factor de hasta 1000 de mejora de la capacidad, mientras que los NP-MIM de poliestireno exhibe una ganancia de capacidad en el rango de 11. Además, los NP-MIM de sílice muestran comportamientos capacitivos en específicos rangos de frecuencias que depende de la humedad y el grosor de la capa de nanopartículas, mientras que los NP-MIM de poliestireno siempre mantienen su comportamiento capacitivo. Los dispositivos fabricados se han caracterizado mediante medidas de microscopía electrónica de barrido (SEM) complementadas con perforaciones de haz de iones focalizados (FIB) para caracterizar la topografía de los NP-MIMs. Los dispositivos también se han caracterizado por medidas de espectroscopia de impedancia, a diferentes temperaturas y humedades. El origen de la capacitancia aumentada está asociado en parte a la humedad en las interfaces de las nanopartículas. Se ha desarrollado un modelo de un circuito basado en elementos distribuidos para ajustar y predecir el comportamiento eléctrico de los NP-MIMs. En resumen, esta tesis muestra el diseño, fabricación, caracterización y modelización de un nuevo y prometedor condensador nanopartículas metal-aislante-metal que puede abrir el camino al desarrollo de una nueva tecnología de supercondensadores MIM.Postprint (published version

Reliability-aware circuit design to mitigate impact of device defects and variability in emerging memristor-based applications

In the last decades, semiconductor industry has fostered a fast downscale in technology, propelling the large scale integration of CMOS-based systems. The benefits in miniaturization are numerous, highlighting faster switching frequency, lower voltage supply and higher device density. However, this aggressive scaling trend it has not been without challenges, such as leakage currents, yield reduction or the increase in the overall system power dissipation. New materials, changes in the device structures and new architectures are key to keep the miniaturization trend. It is foreseen that 2D integration will eventually come to an insurmountable physical and economic limit, in which new strategic directions are required, such as the development of new device structures, 3D architectures or heterogeneous systems that takes advantage of the best of different technologies, both the ones already consolidated as well as emergent ones that provide performance and efficiency improvements in applications. In this context, memristor arises as one of several candidates in the race to find suitable emergent devices. Memristor, a blend of the words memory and resistor, is a passive device postulated by Leon Chua in 1971. In contrast with the other fundamental passive elements, memristors have the distinctive feature of modifying their resistance according to the charge that passes through these devices, and remaining unaltered when charge no longer flows. Although when it appeared no physical device implementation was acknowledged, HP Labs claimed in 2008 the manufacture of the first real memristor. This milestone triggered an unexpectedly high research activity about memristors, both in searching new materials and structures as well as in potential applications. Nowadays, memristors are not only appreciated in memory systems by their nonvolatile storage properties, but in many other fields, such as digital computing, signal processing circuits, or non-conventional applications like neuromorphic computing or chaotic circuits. In spite of their promising features, memristors show a primarily downside: they show significant device variation and limited lifetime due degradation compared with other alternatives. This Thesis explores the challenges that memristor variation and malfunction imposes in potential applications. The main goal is to propose circuits and strategies that either avoid reliability problems or take advantage of them. Throughout a collection of scenarios in which reliability issues are present, their impact is studied by means of simulations. This thesis is contextualized and their objectives are exposed in Chapter 1. In Chapter 2 the memristor is introduced, at both conceptual and experimental levels, and different compact levels are presented to be later used in simulations. Chapter 3 deepens in the phenomena that causes the lack of reliability in memristors, and models that include these defects in simulations are provided. The rest of the Thesis covers different applications. Therefore, Chapter 4 exhibits nonvolatile memory systems, and specifically an online test method for faulty cells. Digital computing is presented in Chapter 5, where a solution for the yield reduction in logic operations due to memristors variability is proposed. Lastly, Chapter 6 reviews applications in the analog domain, and it focuses in the exploitation of results observed in faulty memristor-based interconnect mediums for chaotic systems synchronization purposes. Finally, the Thesis concludes in Chapter 7 along with perspectives about future work.Este trabajo desarrolla un novedoso dispositivo condensador basado en el uso de la nanotecnología. El dispositivo parte del concepto existente de metal-aislador-metal (MIM), pero en lugar de una capa aislante continua, se utilizan nanopartículas dieléctricas. Las nanopartículas son principalmente de óxido de silicio (sílice) y poliestireno (PS) y los valores de diámetro son 255nm y 295nm respectivamente. Las nanopartículas contribuyen a una alta relación superficie/volumen y están fácilmente disponibles a bajo costo. La tecnología de depósito desarrollada en este trabajo se basa en la técnica de electrospray, que es una tecnología de fabricación ascendente (bottom-up) que permite el procesamiento por lotes y logra un buen compromiso entre una gran superficie y un bajo tiempo de depósito. Con el objetivo de aumentar la superficie de depósito, la configuración de electrospray ha sido ajustada para permitir áreas de depósito de 1cm2 a 25cm2. El dispositivo fabricado, los llamados condensadores de metal aislante de nanopartículas (NP-MIM) ofrecen valores de capacidad más altos que un condensador convencional similar con una capa aislante continua. En el caso de los NP-MIM de sílice, se alcanza un factor de hasta 1000 de mejora de la capacidad, mientras que los NP-MIM de poliestireno exhibe una ganancia de capacidad en el rango de 11. Además, los NP-MIM de sílice muestran comportamientos capacitivos en específicos rangos de frecuencias que depende de la humedad y el grosor de la capa de nanopartículas, mientras que los NP-MIM de poliestireno siempre mantienen su comportamiento capacitivo. Los dispositivos fabricados se han caracterizado mediante medidas de microscopía electrónica de barrido (SEM) complementadas con perforaciones de haz de iones focalizados (FIB) para caracterizar la topografía de los NP-MIMs. Los dispositivos también se han caracterizado por medidas de espectroscopia de impedancia, a diferentes temperaturas y humedades. El origen de la capacitancia aumentada está asociado en parte a la humedad en las interfaces de las nanopartículas. Se ha desarrollado un modelo de un circuito basado en elementos distribuidos para ajustar y predecir el comportamiento eléctrico de los NP-MIMs. En resumen, esta tesis muestra el diseño, fabricación, caracterización y modelización de un nuevo y prometedor condensador nanopartículas metal-aislante-metal que puede abrir el camino al desarrollo de una nueva tecnología de supercondensadores MIM

Novel Validation Techniques for Autonomous Vehicles

The automotive industry is facing challenges in producing electrical, connected, and autonomous vehicles. Even if these challenges are, from a technical point of view, independent from each other, the market and regulatory bodies require them to be developed and integrated simultaneously. The development of autonomous vehicles implies the development of highly dependable systems. This is a multidisciplinary activity involving knowledge from robotics, computer science, electrical and mechanical engineering, psychology, social studies, and ethics. Nowadays, many Advanced Driver Assistance Systems (ADAS), like Emergency Braking System, Lane Keep Assistant, and Park Assist, are available. Newer luxury cars can drive by themselves on highways or park automatically, but the end goal is to develop completely autonomous driving vehicles, able to go by themselves, without needing human interventions in any situation. The more vehicles become autonomous, the greater the difficulty in keeping them reliable. It enhances the challenges in terms of development processes since their misbehaviors can lead to catastrophic consequences and, differently from the past, there is no more a human driver to mitigate the effects of erroneous behaviors. Primary threats to dependability come from three sources: misuse from the drivers, design systematic errors, and random hardware failures. These safety threats are addressed under various aspects, considering the particular type of item to be designed. In particular, for the sake of this work, we analyze those related to Functional Safety (FuSa), viewed as the ability of a system to react on time and in the proper way to the external environment. From the technological point of view, these behaviors are implemented by electrical and electronic items. Various standards to achieve FuSa have been released over the years. The first, released in 1998, was the IEC 61508. Its last version is the one released in 2010. This standard defines mainly: • a Functional Safety Management System (FSMS); • methods to determine a Safety Integrated Level (SIL); • methods to determine the probability of failures. To adapt the IEC61508 to the automotive industry’s peculiarity, a newer standard, the ISO26262, was released in 2011 then updated in 2018. This standard provides guidelines about FSMS, called in this case Safety Lifecycle, describing how to develop software and hardware components suitable for functional safety. It also provides a different way to compute the SIL, called in this case Automotive SIL (ASIL), allowing us to consider the average driver’s abilities to control the vehicle in case of failures. Moreover, it describes a way to determine the probability of random hardware failures through Failure Mode, Effects, and Diagnostic Analysis (FMEDA). This dissertation contains contributions to three topics: • random hardware failures mitigation; • improvementoftheISO26262HazardAnalysisandRiskAssessment(HARA); • real-time verification of the embedded software. As the main contribution of this dissertation, I address the safety threats due to random hardware failures (RHFs). For this purpose, I propose a novel simulation-based approach to aid the Failure Mode, Effects, and Diagnostic Analysis (FMEDA) required by the ISO26262 standard. Thanks to a SPICE-level model of the item, and the adoption of fault injection techniques, it is possible to simulate its behaviors obtaining useful information to classify the various failure modes. The proposed approach evolved from a mere simulation of the item, allowing only an item-level failure mode classification up to a vehicle-level analysis. The propagation of the failure modes’ effects on the whole vehicle enables us to assess the impacts on the vehicle’s drivability, improving the quality of the classifications. It can be advantageous where it is difficult to predict how the item-level misbehaviors propagate to the vehicle level, as in the case of a virtual differential gear or the mobility system of a robot. It has been chosen since it can be considered similar to the novel light vehicles, such as electric scooters, that are becoming more and more popular. Moreover, my research group has complete access to its design since it is realized by our university’s DIANA students’ team. When a SPICE-level simulation is too long to be performed, or it is not possible to develop a complete model of the item due to intellectual property protection rules, it is possible to aid this process through behavioral models of the item. A simulation of this kind has been performed on a mobile robotic system. Behavioral models of the electronic components were used, alongside mechanical simulations, to assess the software failure mitigation capabilities. Another contribution has been obtained by modifying the main one. The idea was to make it possible to aid also the Hazard Analysis and Risk Assessment (HARA). This assessment is performed during the concept phase, so before starting to design the item implementation. Its goal is to determine the hazards involved in the item functionality and their associated levels of risk. The end goal of this phase is a list of safety goals. For each one of these safety goals, an ASIL has to be determined. Since HARA relies only on designers expertise and knowledge, it lacks in objectivity and repeatability. Thanks to the simulation results, it is possible to predict the effects of the failures on the vehicle’s drivability, allowing us to improve the severity and controllability assessment, thus improving the objectivity. Moreover, since simulation conditions can be stored, it is possible, at any time, to recheck the results and to add new scenarios, improving the repeatability. The third group of contributions is about the real-time verification of embedded software. Through Hardware-In-the-Loop (HIL), a software integration verification has been performed to test a fundamental automotive component, mixed-criticality applications, and multi-agent robots. The first of these contributions is about real-time tests on Body Control Modules (BCM). These modules manage various electronic accessories in the vehicle’s body, like power windows and mirrors, air conditioning, immobilizer, central locking. The main characteristics of BCMs are the communications with other embedded computers via the car’s vehicle bus (Controller Area Network) and to have a high number (hundreds) of low-speed I/Os. As the second contribution, I propose a methodology to assess the error recovery system’s effects on mixed-criticality applications regarding deadline misses. The system runs two tasks: a critical airplane longitudinal control and a non-critical image compression algorithm. I start by presenting the approach on a benchmark application containing an instrumented bug into the lower criticality task; then, we improved it by injecting random errors inside the lower criticality task’s memory space through a debugger. In the latter case, thanks to the HIL, it is possible to pause the time domain simulation when the debugger operates and resume it once the injection is complete. In this way, it is possible to interact with the target without interfering with the simulation results, combining a full control of the target with an accurate time-domain assessment. The last contribution of this third group is about a methodology to verify, on multi-agent robots, the synchronization between two agents in charge to move the end effector of a delta robot: the correct position and speed of the end effector at any time is strongly affected by a loss of synchronization. The last two contributions may seem unrelated to the automotive industry, but interest in these applications is gaining. Mixed-criticality systems allow reducing the number of ECUs inside cars (for cost reduction), while the multi-agent approach is helpful to improve the cooperation of the connected cars with respect to other vehicles and the infrastructure. The fourth contribution, contained in the appendix, is about a machine learning application to improve the social acceptance of autonomous vehicles. The idea is to improve the comfort of the passengers by recognizing their emotions. I started with the idea to modify the vehicle’s driving style based on a real-time emotions recognition system but, due to the difficulties of performing such operations in an experimental setup, I move to analyze them offline. The emotions are determined on volunteers’ facial expressions recorded while viewing 3D representa- tions showing different calibrations. Thanks to the passengers’ emotional responses, it is possible to choose the better calibration from the comfort point of view

Novel Validation Techniques for Autonomous Vehicles

L'abstract è presente nell'allegato / the abstract is in the attachmen