Model Driven Development and Analysis for Embedded Automotive Software

Mudelipõhine arendamine ja analüüs on autotööstuses kasutatav uus meetod. Seda rakendatakse mootorsõidukite tootjate poolt, kuna hajusale komponentide arendusele sobib olemuslikult spetsifitseerimine musta-kasti printsiibil. Muud põhjused tulenevad survest toota kvaliteetset tarkvara, mis vastab kõigile regulatiivsetele standarditele, kuid mis sobib autotööstuse tootjate hinnamudeliga. Mudeli kasutamisel saab komponentide kehtivuse ja standardse vastavuse kontrollida enne, kui tegelik tarkvara on autosse paigaldatud.Mudeli kasutamine tekitab ka väljakutseid, et toota lõpuks tarkvara, mis kajastab täpselt mudeli toimimist. Mudelist automaatselt genereeritud tarkvara loetakse vastuseks, kuna see on stabiilne ja pärit juba kontrollitud mudelist. Kuna tarkvara muutub autotööstuses üha olulisemaks, muutuvad tarkvara loomise mudel ja genereerimise protsess üha keerulisemaks.Käesolev töö uurib mudelipõhist autotööstuse tarkvara arendamise ja analüüsimise protsessi - teisendades MATLAB/Simulink mudel AUTOSAR mudeliks. Lõputöö raames loodud programmid teostavad analüüsi erinevate teisendussammude tarbeks. Protsessi analüüsides selgus, et teisenduse meetoodika mõjutab oluliselt mudeli esitust ning ka lõpptulemuseks saadud AUTOSAR mudeli struktuuri. Näeme erinevaid võimalikke alternatiive sellele, kuidas mudelit saab vaadata ja muuta AUTOSAR-failiks. Selles lõputöös vaadeldud iteratiivne protsess pole lõplik ja seda saab veel täiustada.Model-driven development and analysis is the state of the art method in the automotive industry. One of the reasons for its heavy utilization is coming from the black box nature of the components developed by the automotive vehicle manufacturers. The other reasons are coming from the pressure to produce quality software that complies with all regulatory standards but can fit the pricing model of automotive vehicle manufacturers.Validity and standard compliance of the components can be verified using models before the actual piece of software is deployed into an automotive vehicle. The utilization of the model also creates challenges: how to produce final software that precisely reflects how the model works. An automatically generated software from a model is deemed as an answer since it is coming from the already verified model and also will inherently retain consistency with the model. As software gets more and more critical inside an automotive vehicle, a model to create the software is getting more and more complicated and along with the automated software generation process.This thesis examines the model-driven development and analysis process for automotive software by conducting model conversion from MATLAB/Simulink model into AUTOSAR. The application developed for this thesis provides analysis and insights for every step of the conversion process. From the insights gathered along the process, it shows that the different model and transformation method creates a different model representation that affects the final structure of the AUTOSAR result. In the end, there are several possible alternatives on the way a model can be seen and transformed into an AUTOSAR file. It is also concluded that the iterative process in this project is not final and can be further improved

Applying Model Based Techniques for Early Safety Evaluation of an Automotive Architecture in Compliance with the ISO 26262 Standard

International audienceIn 2011, the automotive industry introduced the application of a standardized process for functional safety-related development of automotive electronic products. The related international standard, ISO 26262 functional safety for road vehicles, has high demands on process documentation and analysis. Within an engineering context this challenges the tremendous increase of complexity for modern automotive systems and high productivity demands for industrial competiveness purpose. Model based development techniques based on an Architecture Description Language (ADL) has been identified as the best candidate to manage the system complexity and the related safety analysis with the benefit of formal description and capabilities for test automation. The proposed concept relies on the definition of a compositional error modeling approach tightly coupled with the system architecture model, capable to analyze the software and hardware architectures and implementations. This paper explains the results of the language extension based on the EAST-ADL and AUTOSAR domain model in terms of early safety evaluation of an automotive architecture, automating the qualitative and quantitative assessment of road vehicle products as claimed by the application of the ISO 26262

Deterministic Execution Sequence in Component Based Multi-Contributor Powertrain Control Systems

International audienceModern complex control applications, e.g. engine management systems, typically are built using a component based architecture, enabling the reuse of components and allowing to manage the complexity of the application in terms of functional content, size and interfaces. This approach of independently developed components is supported by the concepts available in AUTOSAR and therefore can be expected to gain increasing importance. However, due to the nature of the task of control applications there still is a strong coupling between individual parts of the components resulting in signal chains and consequently in sequencing requirements. The challenge to get such execution sequences implemented correctly is increased, as often the components are delivered by different and external parties. Our approach extends the idea of functional partitioning of the application into the time domain by defining a system of phases with a fixed sequence and a defined content. This allows to design components right from the beginning into this sequencing frame like they are designed today into the component partitioning frame and to define a system sequencing across different suppliers

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

ROS2 versus AUTOSAR: automated PARKING system case-study

Vehicles are complex systems as they combine several engineering disciplines, such as mechanical, electric, electronic, software and telecommunication. In the last decades, most innovations in the automotive domain have been achieved as a combination of electronics and software. Consequently, the software development and deployment has resulted a highly sophisticated engineering process to manage and to integrate. With the introduction of artificial intelligence, automated driving has become a reality. However it has additionally increased the requirements on the system design. One widely accepted approach to manage complexity is to divide the system into subsystems through a well-defined architecture. The architecture of an autonomous system must be suitable to guarantee that the self-driving functionality remains safe in a broad range of operational domains. The challenge is how to design the architecture of the system to be reliable and resilient to changing context. The automotive industry has well established standards and development practices, but it is open to explore and integrate solutions from other domains like Internet of Things and Robotics. In the area of autonomous systems, the capabilities of the robotics middleware ROS2 have been used for prototyping purposes. It is an open question whether ROS2 is suitable for automotive safety relevant applications. This master thesis addresses this challenge through evaluating the possible application of ROS2 in the automotive domain. The development consists of implementing an architecture for an autonomous driving function case-study, an Automated Parking System, which adapts to its context by switching between different operational modes. The Automated Parking System has been implemented and validated in a simulation environment. The experiment results show which benefits bring ROS2 compared with the automotive standardised architecture AUTOSAR

Towards Automotive Embedded Systems with Self-X Properties

With self-adaptation and self-organization new paradigms for the management of distributed systems have been introduced. By enhancing the automotive software system with self-X capabilities, e.g. self-healing, self-configuration and self-optimization, the complexity is handled while increasing the flexibility, scalability and dependability of these systems. In this chapter we present an approach for enhancing automotive systems with self-X properties. At first, we discuss the benefits of providing automotive software systems with self-management capabilities and outline concrete use cases. Afterwards, we will discuss requirements and challenges for realizing adaptive automotive embedded systems

Specifying timing requirements in domain specific languages for modeling

Complex Real-Time Embedded Systems (RTESs) can be developed using model-based engineering. The problem is choosing a modeling language that has capabilities to model the most important characteristic of RTESs: timing. This paper shows an analysis of the most popular modeling languages and their capabilities to model timing constraints in RTESs. It includes UML, SysML, AADL, MARTE and EAST-ADL. A brief comparison between MARTE and EAST-ADL, based on the case study from the automotive industry, is also included

Analysis as first-class citizens – an application to Architecture Description Languages

Architecture Description Languages (ADLs) support modeling and analysis of systems through models transformation and exploration. Various contributions made proposals to bring verification capabilities to designers through model-based frame- works and illustrated benefits to the overall system quality. Model-level analyses are usually performed as an exogenous, unidirectional and semantically weak transformation towards a third-party model. We claim such process can be incomplete and/or inefficient because gathered results lead to evolution of the primary model. This is particularly problematic for the design of Distributed Real-Time Embedded (DRE) systems that has to tackle many concerns like time, security or safety. In this paper, we argue why analysis should no longer be considered as a side step in the design process but, rather, should be embedded as a first-class citizen in the model itself. We review several standardized architecture description languages, which consider analysis as a goal. As an element of solution, we introduce current work on the definition of a language dedicated to the analysis of models within the scope of one particular ADL, namely the Architecture Analysis and Design Language (AADL)

Is Europe in the Driver's Seat? The Competitiveness of the European Automotive Embedded Systems Industry

This report is one of a series resulting from a project entitled ¿Competitiveness by Leveraging Emerging Technologies Economically¿ (COMPLETE), carried out by JRC-IPTS. Each of the COMPLETE studies illustrates in its own right that European companies are active on many fronts of emerging and disruptive ICT technologies and are supplying the market with relevant products and services. Nevertheless, the studies also show that the creation and growth of high tech companies is still very complex and difficult in Europe, and too many economic opportunities seem to escape European initiatives and ownership. COMPLETE helps to illustrate some of the difficulties experienced in different segments of the ICT industry and by growing potential global players. This report reflects the findings of a study conducted by Egil Juliussen and Richard Robinson, two senior experts from iSuppli Corporation on the Competitiveness of the European Automotive Embedded Software industry. The report starts by introducing the market, its trends, the technologies, their characteristics and their potential economic impact, before moving to an analysis of the competitiveness of the corresponding European industry. It concludes by suggesting policy options. The research, initially based on internal expertise and literature reviews, was complemented with further desk research, expert interviews, expert workshops and company visits. The results were ultimately reviewed by experts and also in a dedicated workshop. The report concludes that currently ICT innovation in the automotive industry is a key competence in Europe, with very little ICT innovation from outside the EU finding its way into EU automotive companies. A major benefit of a strong automotive ICT industry is the resulting large and valuable employment base. But future maintenance of automotive ICT jobs within the EU will only be possible if the EU continues to have high levels of product innovation.JRC.DDG.J.4-Information Societ

Automatic Deployment Space Exploration Using Refinement Transformations

To manage the complex engineering information for real-time systems, the system under development may be modelled in a high-level architecture de- scription language. This high-level information provides a basis for deployment space exploration as it can be used to generate a low-level implementation. During this deployment mapping many platform-dependent choices have to be made whose consequences cannot be easily predicted. In this paper we present an approach to the automatic exploration of the deployment space based on platform-based design. All possible solutions of a deployment step are generated using a refinement trans- formation. Non-conforming deployment alternatives are pruned as early as possible using simulation or analytical methods. We validate the feasibility of our approach by deploying part of an automotive power window optimized for its real-time be- haviour using an AUTOSAR-like representation. First results are promising and show that the optimal solution can indeed be found efficiently with our approach