Automatic Deployment Space Exploration Using Refinement Transformations

To manage the complex engineering information for real-time systems, the system under development may be modelled in a high-level architecture de- scription language. This high-level information provides a basis for deployment space exploration as it can be used to generate a low-level implementation. During this deployment mapping many platform-dependent choices have to be made whose consequences cannot be easily predicted. In this paper we present an approach to the automatic exploration of the deployment space based on platform-based design. All possible solutions of a deployment step are generated using a refinement trans- formation. Non-conforming deployment alternatives are pruned as early as possible using simulation or analytical methods. We validate the feasibility of our approach by deploying part of an automotive power window optimized for its real-time be- haviour using an AUTOSAR-like representation. First results are promising and show that the optimal solution can indeed be found efficiently with our approach

Model-based resource analysis and synthesis of service-oriented automotive software architectures

Context Automotive software architectures describe distributed functionality by an interaction of software components. One drawback of today\u27s architectures is their strong integration into the onboard communication network based on predefined dependencies at design time. The idea is to reduce this rigid integration and technological dependencies. To this end, service-oriented architecture offers a suitable methodology since network communication is dynamically established at run-time. Aim We target to provide a methodology for analysing hardware resources and synthesising automotive service-oriented architectures based on platform-independent service models. Subsequently, we focus on transforming these models into a platform-specific architecture realisation process following AUTOSAR Adaptive. Approach For the platform-independent part, we apply the concepts of design space exploration and simulation to analyse and synthesise deployment configurations, i. e., mapping services to hardware resources at an early development stage. We refine these configurations to AUTOSAR Adaptive software architecture models representing the necessary input for a subsequent implementation process for the platform-specific part. Result We present deployment configurations that are optimal for the usage of a given set of computing resources currently under consideration for our next generation of E/E architecture. We also provide simulation results that demonstrate the ability of these configurations to meet the run time requirements. Both results helped us to decide whether a particular configuration can be implemented. As a possible software toolchain for this purpose, we finally provide a prototype. Conclusion The use of models and their analysis are proper means to get there, but the quality and speed of development must also be considered

Model Driven Development and Analysis for Embedded Automotive Software

Mudelipõhine arendamine ja analüüs on autotööstuses kasutatav uus meetod. Seda rakendatakse mootorsõidukite tootjate poolt, kuna hajusale komponentide arendusele sobib olemuslikult spetsifitseerimine musta-kasti printsiibil. Muud põhjused tulenevad survest toota kvaliteetset tarkvara, mis vastab kõigile regulatiivsetele standarditele, kuid mis sobib autotööstuse tootjate hinnamudeliga. Mudeli kasutamisel saab komponentide kehtivuse ja standardse vastavuse kontrollida enne, kui tegelik tarkvara on autosse paigaldatud.Mudeli kasutamine tekitab ka väljakutseid, et toota lõpuks tarkvara, mis kajastab täpselt mudeli toimimist. Mudelist automaatselt genereeritud tarkvara loetakse vastuseks, kuna see on stabiilne ja pärit juba kontrollitud mudelist. Kuna tarkvara muutub autotööstuses üha olulisemaks, muutuvad tarkvara loomise mudel ja genereerimise protsess üha keerulisemaks.Käesolev töö uurib mudelipõhist autotööstuse tarkvara arendamise ja analüüsimise protsessi - teisendades MATLAB/Simulink mudel AUTOSAR mudeliks. Lõputöö raames loodud programmid teostavad analüüsi erinevate teisendussammude tarbeks. Protsessi analüüsides selgus, et teisenduse meetoodika mõjutab oluliselt mudeli esitust ning ka lõpptulemuseks saadud AUTOSAR mudeli struktuuri. Näeme erinevaid võimalikke alternatiive sellele, kuidas mudelit saab vaadata ja muuta AUTOSAR-failiks. Selles lõputöös vaadeldud iteratiivne protsess pole lõplik ja seda saab veel täiustada.Model-driven development and analysis is the state of the art method in the automotive industry. One of the reasons for its heavy utilization is coming from the black box nature of the components developed by the automotive vehicle manufacturers. The other reasons are coming from the pressure to produce quality software that complies with all regulatory standards but can fit the pricing model of automotive vehicle manufacturers.Validity and standard compliance of the components can be verified using models before the actual piece of software is deployed into an automotive vehicle. The utilization of the model also creates challenges: how to produce final software that precisely reflects how the model works. An automatically generated software from a model is deemed as an answer since it is coming from the already verified model and also will inherently retain consistency with the model. As software gets more and more critical inside an automotive vehicle, a model to create the software is getting more and more complicated and along with the automated software generation process.This thesis examines the model-driven development and analysis process for automotive software by conducting model conversion from MATLAB/Simulink model into AUTOSAR. The application developed for this thesis provides analysis and insights for every step of the conversion process. From the insights gathered along the process, it shows that the different model and transformation method creates a different model representation that affects the final structure of the AUTOSAR result. In the end, there are several possible alternatives on the way a model can be seen and transformed into an AUTOSAR file. It is also concluded that the iterative process in this project is not final and can be further improved

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Contracts for Systems Design: Methodology and Application cases

Recently, contract based design has been proposed as an ”orthogonal” approach that can beapplied to all methodologies proposed so far to cope with the complexity of system design. Contract baseddesign provides a rigorous scaffolding for verification, analysis and abstraction/refinement. Companionreport RR-8759 proposes a unified treatment of the topic that can help in putting contract-based design in perspective.This paper complements RR-8759 by further discussing methodological aspects of system design withcontracts in perspective and presenting two application cases.The first application case illustrates the use of contracts in requirement engineering, an area of system designwhere formal methods were scarcely considered, yet are stringently needed. We focus in particular to thecritical design step by which sub-contracts are generated for suppliers from a set of different viewpoints(specified as contracts) on the global system. We also discuss important issues regarding certification inrequirement engineering, such as consistency, compatibility, and completeness of requirements.The second example is developed in the context of the Autosar methodology now widely advocated inthe automotive sector. We propose a contract framework to support schedulability analysis, a key step inAutosar methodology. Our aim differs from the many proposals for compositional schedulability analysisin that we aim at defining sub-contracts for suppliers, not just performing the analysis by parts—we knowfrom companion paper RR-8759 that sub-contracting to suppliers differs from a compositional analysis entirelyperformed by the OEM. We observe that the methodology advocated by Autosar is in contradiction withcontract based design in that some recommended design steps cannot be refinements. We show how tocircumvent this difficulty by precisely bounding the risk at system integration phase. Another feature ofthis application case is the combination of manual reasoning for local properties and use of the formalcontract algebra to lift a collection of local checks to a system wide analysis

Abordagem de Anotações para o Suporte da Gestão Energética de Software em Modelos AMALTHEA

The automotive industry is continuously introducing innovative software features to provide more efficient, safe, and comfortable solutions. Despite the several benefits to the consumer, the evolution of automotive software is also reflected in several challenges, presenting a growing complexity that hinders its development and integration. The adoption of standards and appropriate development methods becomes essential to meet the requirements of the industry. Furthermore, the expansion of automotive software systems is also driving a considerable growth in the number of electronic components installed in a vehicle, which has a significant impact on the electric energy consumption. Thus, the focus on non-functional energy requirements has become increasingly important. This work presents a study focused on the evolution of automotive software considering the development standards, methodologies, as well as approaches for energy requirements management. We propose an automatic and self-contained approach for the support of energy properties management, adopting the model-based open-source framework AMALTHEA. From the analysis of execution or simulation traces, the energy consumption estimation is provided at a fine-grained level and annotated in AMALTHEA models. Thus, we enable the energy analysis and management of the system throughout the entire lifecycle. Additionally, this solution is in line with the AUTOSAR Adaptive standard, allowing the development of energy management strategies for automatic, dynamic, and adaptive systems.A indústria automotiva encontra-se constantemente a introduzir funcionalidades inovadoras através de software, para oferecer soluções mais eficientes, seguras e confortáveis. Apesar dos diversos benefícios para o consumidor, a evolução do software automóvel também se reflete em diversos desafios, apresentando uma crescente complexidade que dificulta o seu desenvolvimento e integração. Desta forma, a adoção de normas e metodologias adequadas para o seu desenvolvimento torna-se essencial para cumprir os requisitos do setor. Adicionalmente, esta expansão das funcionalidades suportadas por software é fonte de um aumento considerável do número de componentes eletrónicos instalados em automóveis. Consequentemente, existe um impacto significativo no consumo de energia elétrica dos sistemas automóveis, sendo cada vez mais relevante o foco nos requisitos não-funcionais deste domínio. Este trabalho apresenta um estudo focado na evolução do software automotivo tendo em conta os padrões e metodologias de desenvolvimento desta área, bem como abordagens para a gestão de requisitos de energia. Através da adoção da ferramenta AMALTHEA, uma plataforma open-source de desenvolvimento baseado em modelos, é proposta uma abordagem automática e independente para a análise de propriedades energéticas. A partir da análise de traços de execução ou de simulação, é produzida uma estimativa pormenorizada do consumo de energia, sendo esta anotada em modelos AMALTHEA. Desta forma, torna-se possível a análise e gestão energética ao longo de todo o ciclo de vida do sistema. Salienta-se que a solução se encontra alinhada com a norma AUTOSAR Adaptive, permitindo o desenvolvimento de estratégias para a gestão energética de sistemas automáticos, dinâmicos e adaptativos

Design Approach to Unified Service API Modeling for Semantic Interoperability of Cross-enterprise Vehicle Applications

This work was partially supported by Ministry of Education, Youth and Sports of the Czech Republic, university specific research, project SGS-2019-018 Processing of heterogeneous data and its specialized applications

Managed Evolution of Automotive Software Product Line Architectures: A Systematic Literature Study

The rapidly growing number of software-based features in the automotive domain as well as the special requirements in this domain ask for dedicated engineering approaches, models, and processes. Nowadays, software development in the automotive sector is generally developed as product line development, in which major parts of the software are kept adaptable in order to enable reusability of the software in different vehicle variants. In addition, reuse also plays an important role in the development of new vehicle generations in order to reduce development costs. Today, a high number of methods and techniques exist to support the product line driven development of software in the automotive sector. However, these approaches generally consider only partial aspects of development. In this paper, we present an in-depth literature study based on a conceptual model of artifacts and activities for the managed evolution of automotive software product line architectures. We are interested in the coverage of the particular aspects of the conceptual model and, thus, the fields covered in current research and research gaps, respectively. Furthermore, we aim to identify the methods and techniques used to implement automotive software product lines in general, and their usage scope in particular. As a result, this in-depth review reveals that none of the studies represent a holistic approach for the managed evolution of automotive software product lines. In addition, approaches from agile software development are of growing interest in this field

Contracts for System Design

Systems design has become a key challenge and differentiating factor over the last decades for system companies. Aircrafts, trains, cars, plants, distributed telecommunication military or health care systems, and more, involve systems design as a critical step. Complexity has caused system design times and costs to go severely over budget so as to threaten the health of entire industrial sectors. Heuristic methods and standard practices do not seem to scale with complexity so that novel design methods and tools based on a strong theoretical foundation are sorely needed. Model-based design as well as other methodologies such as layered and compositional design have been used recently but a unified intellectual framework with a complete design flow supported by formal tools is still lacking albeit some attempts at this framework such as Platform-based Design have been successfully deployed. Recently an "orthogonal" approach has been proposed that can be applied to all methodologies proposed thus far to provide a rigorous scaffolding for verification, analysis and abstraction/refinement: contractbased design. Several results have been obtained in this domain but a unified treatment of the topic that can help in putting contract-based design in perspective is still missing. This paper intends to provide such treatment where contracts are precisely defined and characterized so that they can be used in design methodologies such as the ones mentioned above with no ambiguity. In addition, the paper provides an important link between interfaces and contracts to show similarities and correspondences. Examples of the use of contracts in design are provided as well as in depth analysis of existing literature.Cet article fait le point sur le concept de contrat pour la conception de systèmes. Les contrats que nous proposons portent, non seulement sur des propriétés de typage de leurs interfaces, mais incluent une description abstraite de comportements. Nous proposons une méta-théorie, ou, si l'on veut, une théorie générique des contrats, qui permet le développement séparé de sous-systèmes. Nous montrons que cette méta-théorie se spécialise en l'une ou l'autre des théories connues

Model Based Automotive System Design: A Power Window Controller Case Study

Modern day vehicles come equipped with a large number of sensors, actuators and ECU’s with sophisticated control algorithms, which requires engineering activities from various disciplines. An automotive system is developed in various stages with multiple stakeholders involved at each stage. Each stakeholder provides a distinct view point on system representation, which makes it challenging to bridge the gaps in developing a holistic understanding of the system functionality. The safety critical nature of automotive systems induces timing and dependability concerns that must be addressed at all stages. Furthermore, the relatively long development life-cycle of automotive systems makes it imperative to have a clear strategy for long term evolution. To deal with these challenges, model based techniques are applied in the industry for automotive systems development. System engineers use a suitable architecture description language (ADL) to represent the system architecture at several levels of abstraction. A number of system architecture description and software architecture standards have been developed in the automotive industry to streamline the development process. However, most of these standards are elaborate and need a fair amount of understanding before they can be applied. In this work, we explore the application of existing system architecture description and software architecture standards. Our main contribution is a Power Window Controller (PWC) system demonstrator that illustrates the methodology described by EAST-ADL and AUTOSAR. Through this case study, we intend to highlight the key aspects and gaps in the application of EAST-ADL & AUTOSAR. Starting from features and requirements, we have analyzed the impact of architectural decisions at each stage of automotive system development. We also performed Design verification, timing analysis & dependability analysis to ensure correctness of the system. Lastly, considerations regarding variability have been discussed to support evolution