Automated Generation and Integration of AUTOSAR ECU Configurations

Automotive Open System Architecture (AUTOSAR) is a system-level standard that is formed by the worldwide partnership of the automotive manufacturers and suppliers who are working together to develop a standardized Electrical and Electronic(E/E) framework and architecture for automobiles. The AUTOSAR methodology has two main activities: system configuration and the Electronic Control Unit (ECU) configuration. The system configuration is the mapping of the software components to the ECUs based on the system requirements. The ECU configuration process is an important part of the ECU software integration and generation. ECU specific information is extracted from the system configuration description and all the necessary information for the implementation such as tasks, scheduling, assignments of the runnables to tasks and configuration of the Basic Software (BSW) modules, are performed. This activity allows the ECU to modify the configuration parameters based on the vendor-specific requirements. Due to the high complexity and redundancy of this process, it has to be supported by different tool-related editors that can automatically generate source files like *.c and *.h for the configuration. In this thesis, we propose a method to automate the ECU configuration process for AUTOSAR. We use configuration templates written in xtend programming language along with a BSW generator tool developed at APAG Elektronik. This tool can extract the configuration parameters and automatically generate the required ECU module configuration. The Watchdog module will be used as an example to generate and integrate the ECU configuration. This enables the seamless generation of the software configurations from the system level requirements to the software implementation and therefore ensures consistency, correctness, cost efficiency and reduces the work done by the developer to generate the configuration

Model-based resource analysis and synthesis of service-oriented automotive software architectures

Context Automotive software architectures describe distributed functionality by an interaction of software components. One drawback of today\u27s architectures is their strong integration into the onboard communication network based on predefined dependencies at design time. The idea is to reduce this rigid integration and technological dependencies. To this end, service-oriented architecture offers a suitable methodology since network communication is dynamically established at run-time. Aim We target to provide a methodology for analysing hardware resources and synthesising automotive service-oriented architectures based on platform-independent service models. Subsequently, we focus on transforming these models into a platform-specific architecture realisation process following AUTOSAR Adaptive. Approach For the platform-independent part, we apply the concepts of design space exploration and simulation to analyse and synthesise deployment configurations, i. e., mapping services to hardware resources at an early development stage. We refine these configurations to AUTOSAR Adaptive software architecture models representing the necessary input for a subsequent implementation process for the platform-specific part. Result We present deployment configurations that are optimal for the usage of a given set of computing resources currently under consideration for our next generation of E/E architecture. We also provide simulation results that demonstrate the ability of these configurations to meet the run time requirements. Both results helped us to decide whether a particular configuration can be implemented. As a possible software toolchain for this purpose, we finally provide a prototype. Conclusion The use of models and their analysis are proper means to get there, but the quality and speed of development must also be considered

ROS2 versus AUTOSAR: automated PARKING system case-study

Vehicles are complex systems as they combine several engineering disciplines, such as mechanical, electric, electronic, software and telecommunication. In the last decades, most innovations in the automotive domain have been achieved as a combination of electronics and software. Consequently, the software development and deployment has resulted a highly sophisticated engineering process to manage and to integrate. With the introduction of artificial intelligence, automated driving has become a reality. However it has additionally increased the requirements on the system design. One widely accepted approach to manage complexity is to divide the system into subsystems through a well-defined architecture. The architecture of an autonomous system must be suitable to guarantee that the self-driving functionality remains safe in a broad range of operational domains. The challenge is how to design the architecture of the system to be reliable and resilient to changing context. The automotive industry has well established standards and development practices, but it is open to explore and integrate solutions from other domains like Internet of Things and Robotics. In the area of autonomous systems, the capabilities of the robotics middleware ROS2 have been used for prototyping purposes. It is an open question whether ROS2 is suitable for automotive safety relevant applications. This master thesis addresses this challenge through evaluating the possible application of ROS2 in the automotive domain. The development consists of implementing an architecture for an autonomous driving function case-study, an Automated Parking System, which adapts to its context by switching between different operational modes. The Automated Parking System has been implemented and validated in a simulation environment. The experiment results show which benefits bring ROS2 compared with the automotive standardised architecture AUTOSAR

Software architectural design for safety in Automated Parking System

The automotive industry has seen a revolution brought about by self-driving cars. However, one of the main challenges facing autonomous driving systems is ensuring safety in the absence of a supervising driver and verifying safe vehicle behaviour under various circumstances. Autonomous Driving Systems (ADS), due to their complexity, cannot be solved straightforwardly without proper structure. Thus, they need a well-defined architecture to guide their development with requirements that involve modularity, scalability, and maintainability among other properties. To help overcome some of the challenges, this master thesis defines and implements in a simulated environment an automated parking system that complies with industrial and safety standards. The work has been divided into four parts. Firstly, the safety rules for the development of an autonomous function have been analysed. Secondly, the use cases and system requirements have been defined following the needs of the automated parking system. Thirdly, the system has been implemented in the simulation environment with a structure based on a widely adopted automotive standard. The final result is the software architecture of an autonomous vehicle with automated parking functionality. This concept has been validated within the virtual environment together with the integration of the AUTOSAR runtime environment, which the communication between components and mode switching functionality in the CARLA simulation environment. The result of this project shows the benefit of integrating architecture and simulation, thus easing the development and testing of future autonomous systems

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Model Driven Development and Analysis for Embedded Automotive Software

Mudelipõhine arendamine ja analüüs on autotööstuses kasutatav uus meetod. Seda rakendatakse mootorsõidukite tootjate poolt, kuna hajusale komponentide arendusele sobib olemuslikult spetsifitseerimine musta-kasti printsiibil. Muud põhjused tulenevad survest toota kvaliteetset tarkvara, mis vastab kõigile regulatiivsetele standarditele, kuid mis sobib autotööstuse tootjate hinnamudeliga. Mudeli kasutamisel saab komponentide kehtivuse ja standardse vastavuse kontrollida enne, kui tegelik tarkvara on autosse paigaldatud.Mudeli kasutamine tekitab ka väljakutseid, et toota lõpuks tarkvara, mis kajastab täpselt mudeli toimimist. Mudelist automaatselt genereeritud tarkvara loetakse vastuseks, kuna see on stabiilne ja pärit juba kontrollitud mudelist. Kuna tarkvara muutub autotööstuses üha olulisemaks, muutuvad tarkvara loomise mudel ja genereerimise protsess üha keerulisemaks.Käesolev töö uurib mudelipõhist autotööstuse tarkvara arendamise ja analüüsimise protsessi - teisendades MATLAB/Simulink mudel AUTOSAR mudeliks. Lõputöö raames loodud programmid teostavad analüüsi erinevate teisendussammude tarbeks. Protsessi analüüsides selgus, et teisenduse meetoodika mõjutab oluliselt mudeli esitust ning ka lõpptulemuseks saadud AUTOSAR mudeli struktuuri. Näeme erinevaid võimalikke alternatiive sellele, kuidas mudelit saab vaadata ja muuta AUTOSAR-failiks. Selles lõputöös vaadeldud iteratiivne protsess pole lõplik ja seda saab veel täiustada.Model-driven development and analysis is the state of the art method in the automotive industry. One of the reasons for its heavy utilization is coming from the black box nature of the components developed by the automotive vehicle manufacturers. The other reasons are coming from the pressure to produce quality software that complies with all regulatory standards but can fit the pricing model of automotive vehicle manufacturers.Validity and standard compliance of the components can be verified using models before the actual piece of software is deployed into an automotive vehicle. The utilization of the model also creates challenges: how to produce final software that precisely reflects how the model works. An automatically generated software from a model is deemed as an answer since it is coming from the already verified model and also will inherently retain consistency with the model. As software gets more and more critical inside an automotive vehicle, a model to create the software is getting more and more complicated and along with the automated software generation process.This thesis examines the model-driven development and analysis process for automotive software by conducting model conversion from MATLAB/Simulink model into AUTOSAR. The application developed for this thesis provides analysis and insights for every step of the conversion process. From the insights gathered along the process, it shows that the different model and transformation method creates a different model representation that affects the final structure of the AUTOSAR result. In the end, there are several possible alternatives on the way a model can be seen and transformed into an AUTOSAR file. It is also concluded that the iterative process in this project is not final and can be further improved

Securing the in-vehicle network

Recent research into automotive security has shown that once a single electronic vehicle component is compromised, it is possible to take control of the vehicle. These components, called Electronic Control Units, are embedded systems which manage a significant part of the functionality of a modern car. They communicate with each other via the in-vehicle network, known as the Controller Area Network, which is the most widely used automotive bus. In this thesis, we introduce a series of novel proposals to improve the security of both the Controller Area Network bus and the Electronic Control Units. The Controller Area Network suffers from a number of shortfalls, one of which is the lack of source authentication. We propose a protocol that mitigates this fundamental shortcoming in the Controller Area Network bus design, and protects against a number of high profile media attacks that have been published. We derive a set of desirable security and compatibility properties which an authentication protocol for the Controller Area Network bus should possess. We evaluate our protocol, along with other proposed protocols in the literature, with respect to the defined properties. Our systematic analysis of the protocols allows the automotive industry to make an informed choice regarding the adoption suitability of these solutions. However, it is not only the communication of Electronic Control Units that needs to be secure, but the firmware running on them as well. The growing number of Electronic Control Units in a vehicle, together with their increasing complexity, prompts the need for automated tools to test their security. Part of the challenge in designing such a tool is the diversity of Electronic Control Unit architectures. To this end, this thesis presents a methodology for extracting the Control Flow Graph from the Electronic Control Unit firmware. The Control Flow Graph is a platform independent representation of the firmware control flow, allowing us to abstract from the underlying architecture. We present a fuzzer for Electronic Control Unit firmware fuzz-testing via Controller Area Network. The extracted Control Flow Graph is tagged with static data used in instructions which influence the control flow of the firmware. It is then used to create a set of input seeds for the fuzzer, and in altering the inputs during the fuzzing process. This approach represents a step towards an efficient fuzzing methodology for Electronic Control Units. To our knowledge, this is the first proposal that uses static analysis to guide the fuzzing of Electronic Control Units