Boundary Objects and their Use in Agile Systems Engineering

Agile methods are increasingly introduced in automotive companies in the attempt to become more efficient and flexible in the system development. The adoption of agile practices influences communication between stakeholders, but also makes companies rethink the management of artifacts and documentation like requirements, safety compliance documents, and architecture models. Practitioners aim to reduce irrelevant documentation, but face a lack of guidance to determine what artifacts are needed and how they should be managed. This paper presents artifacts, challenges, guidelines, and practices for the continuous management of systems engineering artifacts in automotive based on a theoretical and empirical understanding of the topic. In collaboration with 53 practitioners from six automotive companies, we conducted a design-science study involving interviews, a questionnaire, focus groups, and practical data analysis of a systems engineering tool. The guidelines suggest the distinction between artifacts that are shared among different actors in a company (boundary objects) and those that are used within a team (locally relevant artifacts). We propose an analysis approach to identify boundary objects and three practices to manage systems engineering artifacts in industry

Supporting the automated generation of modular product line safety cases

Abstract The effective reuse of design assets in safety-critical Software Product Lines (SPL) would require the reuse of safety analyses of those assets in the variant contexts of certification of products derived from the SPL. This in turn requires the traceability of SPL variation across design, including variation in safety analysis and safety cases. In this paper, we propose a method and tool to support the automatic generation of modular SPL safety case architectures from the information provided by SPL feature modeling and model-based safety analysis. The Goal Structuring Notation (GSN) safety case modeling notation and its modular extensions supported by the D-Case Editor were used to implement the method in an automated tool support. The tool was used to generate a modular safety case for an automotive Hybrid Braking System SPL

Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 1

This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. Part 2: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines

Managed Evolution of Automotive Software Product Line Architectures: A Systematic Literature Study

The rapidly growing number of software-based features in the automotive domain as well as the special requirements in this domain ask for dedicated engineering approaches, models, and processes. Nowadays, software development in the automotive sector is generally developed as product line development, in which major parts of the software are kept adaptable in order to enable reusability of the software in different vehicle variants. In addition, reuse also plays an important role in the development of new vehicle generations in order to reduce development costs. Today, a high number of methods and techniques exist to support the product line driven development of software in the automotive sector. However, these approaches generally consider only partial aspects of development. In this paper, we present an in-depth literature study based on a conceptual model of artifacts and activities for the managed evolution of automotive software product line architectures. We are interested in the coverage of the particular aspects of the conceptual model and, thus, the fields covered in current research and research gaps, respectively. Furthermore, we aim to identify the methods and techniques used to implement automotive software product lines in general, and their usage scope in particular. As a result, this in-depth review reveals that none of the studies represent a holistic approach for the managed evolution of automotive software product lines. In addition, approaches from agile software development are of growing interest in this field

Inventory drivers in a pharmaceutical supply chain

In recent years, inventory reduction has been a key objective of pharmaceutical companies, especially within cost optimization initiatives. Pharmaceutical supply chains are characterized by volatile and unpredictable demands –especially in emergent markets-, high service levels, and complex, perishable finished-good portfolios, which makes keeping reasonable amounts of stock a true challenge. However, a one-way strategy towards zero-inventory is in reality inapplicable, due to the strategic nature and importance of the products being commercialised. Therefore, pharmaceutical supply chains are in need of new inventory strategies in order to remain competitive. Finished-goods inventory management in the pharmaceutical industry is closely related to the manufacturing systems and supply chain configurations that companies adopt. The factors considered in inventory management policies, however, do not always cover the full supply chain spectrum in which companies operate. This paper works under the pre-assumption that, in fact, there is a complex relationship between the inventory configurations that companies adopt and the factors behind them. The intention of this paper is to understand the factors driving high finished-goods inventory levels in pharmaceutical supply chains and assist supply chain managers in determining which of them can be influenced in order to reduce inventories to an optimal degree. Reasons for reducing inventory levels are found in high inventory holding and scrap related costs; in addition to lost sales for not being able to serve the customers with the adequate shelf life requirements. The thesis conducts a single case study research in a multi-national pharmaceutical company, which is used to examine typical inventory configurations and the factors affecting these configurations. This paper presents a framework that can assist supply chain managers in determining the most important inventory drivers in pharmaceutical supply chains. The findings in this study suggest that while external and downstream supply chain factors are recognized as being critical to pursue inventory optimization initiatives, pharmaceutical companies are oriented towards optimizing production processes and meeting regulatory requirements while still complying with high service levels, being internal factors the ones prevailing when making inventory management decisions. Furthermore, this paper investigates, through predictive modelling techniques, how various intrinsic and extrinsic factors influence the inventory configurations of the case study company. The study shows that inventory configurations are relatively unstable over time, especially in configurations that present high safety stock levels; and that production features and product characteristics are important explanatory factors behind high inventory levels. Regulatory requirements also play an important role in explaining the high strategic inventory levels that pharmaceutical companies hold

Product recalls: The effects of industry, recall strategy and hazard, on shareholder wealth

The purpose of this paper is to provide insights into the effects of product recalls on shareholder wealth of manufacturing firms in different supply chains. Previous research examining this phenomenon is largely uni-sectorial and/or does not consider the interplay of hazard, recall strategy and sector. By utilizing the event study method, this study examines investors\u27 reactions to key product recall characteristics: industry, recall strategy and hazard level, on a cross-industry sample of 296 product recall announcements. The results show a significant negative reaction of share values to product recalls and significant differences between industry type and hazard levels. More regulated and stringent supply chains, such as the automotive and pharmaceutical, showed statistically significant losses in share price. The results show that industry sector and level of hazard associated with defective products are significant factors impacting the shareholder wealth of manufacturing firms. Contrary to some studies, the impact of recall strategy was not confirmed, although proactive recall strategies led, in some cases, to an increase in share price. Further research would benefit from more detailed investigation of recall strategies on the value of companies in specific sectors, particularly ones which are susceptible to frequent and costly product recalls

Development and certification of mixed-criticality embedded systems based on probabilistic timing analysis

An increasing variety of emerging systems relentlessly replaces or augments the functionality of mechanical subsystems with embedded electronics. For quantity, complexity, and use, the safety of such subsystems is an increasingly important matter. Accordingly, those systems are subject to safety certification to demonstrate system's safety by rigorous development processes and hardware/software constraints. The massive augment in embedded processors' complexity renders the arduous certification task significantly harder to achieve. The focus of this thesis is to address the certification challenges in multicore architectures: despite their potential to integrate several applications on a single platform, their inherent complexity imperils their timing predictability and certification. Recently, the Measurement-Based Probabilistic Timing Analysis (MBPTA) technique emerged as an alternative to deal with hardware/software complexity. The innovation that MBPTA brings about is, however, a major step from current certification procedures and standards. The particular contributions of this Thesis include: (i) the definition of certification arguments for mixed-criticality integration upon multicore processors. In particular we propose a set of safety mechanisms and procedures as required to comply with functional safety standards. For timing predictability, (ii) we present a quantitative approach to assess the likelihood of execution-time exceedance events with respect to the risk reduction requirements on safety standards. To this end, we build upon the MBPTA approach and we present the design of a safety-related source of randomization (SoR), that plays a key role in the platform-level randomization needed by MBPTA. And (iii) we evaluate current certification guidance with respect to emerging high performance design trends like caches. Overall, this Thesis pushes the certification limits in the use of multicore and MBPTA technology in Critical Real-Time Embedded Systems (CRTES) and paves the way towards their adoption in industry.Una creciente variedad de sistemas emergentes reemplazan o aumentan la funcionalidad de subsistemas mecánicos con componentes electrónicos embebidos. El aumento en la cantidad y complejidad de dichos subsistemas electrónicos así como su cometido, hacen de su seguridad una cuestión de creciente importancia. Tanto es así que la comercialización de estos sistemas críticos está sujeta a rigurosos procesos de certificación donde se garantiza la seguridad del sistema mediante estrictas restricciones en el proceso de desarrollo y diseño de su hardware y software. Esta tesis trata de abordar los nuevos retos y dificultades dadas por la introducción de procesadores multi-núcleo en dichos sistemas críticos: aunque su mayor rendimiento despierta el interés de la industria para integrar múltiples aplicaciones en una sola plataforma, suponen una mayor complejidad. Su arquitectura desafía su análisis temporal mediante los métodos tradicionales y, asimismo, su certificación es cada vez más compleja y costosa. Con el fin de lidiar con estas limitaciones, recientemente se ha desarrollado una novedosa técnica de análisis temporal probabilístico basado en medidas (MBPTA). La innovación de esta técnica, sin embargo, supone un gran cambio cultural respecto a los estándares y procedimientos tradicionales de certificación. En esta línea, las contribuciones de esta tesis están agrupadas en tres ejes principales: (i) definición de argumentos de seguridad para la certificación de aplicaciones de criticidad-mixta sobre plataformas multi-núcleo. Se definen, en particular, mecanismos de seguridad, técnicas de diagnóstico y reacción de faltas acorde con el estándar IEC 61508 sobre una arquitectura multi-núcleo de referencia. Respecto al análisis temporal, (ii) presentamos la cuantificación de la probabilidad de exceder un límite temporal y su relación con los requisitos de reducción de riesgos derivados de los estándares de seguridad funcional. Con este fin, nos basamos en la técnica MBPTA y presentamos el diseño de una fuente de números aleatorios segura; un componente clave para conseguir las propiedades aleatorias requeridas por MBPTA a nivel de plataforma. Por último, (iii) extrapolamos las guías actuales para la certificación de arquitecturas multi-núcleo a una solución comercial de 8 núcleos y las evaluamos con respecto a las tendencias emergentes de diseño de alto rendimiento (caches). Con estas contribuciones, esta tesis trata de abordar los retos que el uso de procesadores multi-núcleo y MBPTA implican en el proceso de certificación de sistemas críticos de tiempo real y facilita, de esta forma, su adopción por la industria.Postprint (published version

GPU devices for safety-critical systems: a survey

Graphics Processing Unit (GPU) devices and their associated software programming languages and frameworks can deliver the computing performance required to facilitate the development of next-generation high-performance safety-critical systems such as autonomous driving systems. However, the integration of complex, parallel, and computationally demanding software functions with different safety-criticality levels on GPU devices with shared hardware resources contributes to several safety certification challenges. This survey categorizes and provides an overview of research contributions that address GPU devices’ random hardware failures, systematic failures, and independence of execution.This work has been partially supported by the European Research Council with Horizon 2020 (grant agreements No. 772773 and 871465), the Spanish Ministry of Science and Innovation under grant PID2019-107255GB, the HiPEAC Network of Excellence and the Basque Government under grant KK-2019-00035. The Spanish Ministry of Economy and Competitiveness has also partially supported Leonidas Kosmidis with a Juan de la Cierva Incorporación postdoctoral fellowship (FJCI-2020- 045931-I).Peer ReviewedPostprint (author's final draft