The EAST-ADL: A Joint Effort of the European Automotive Industry to Structure Distributed Automotive Embedded Control Software

International audienceAround ninety percent of vehicle innovations are driven mainly by electronics. Hence, software- and systems-engineering becomes a crucial discipline which vehicle manufacturers and their suppliers have to conquer. Automotive software runs on so-called Electronic Control Units (ECU). Besides a micro- controller and memory an ECU consists of power electronics to drive sensors and actuators

Towards Automotive Embedded Systems with Self-X Properties

With self-adaptation and self-organization new paradigms for the management of distributed systems have been introduced. By enhancing the automotive software system with self-X capabilities, e.g. self-healing, self-configuration and self-optimization, the complexity is handled while increasing the flexibility, scalability and dependability of these systems. In this chapter we present an approach for enhancing automotive systems with self-X properties. At first, we discuss the benefits of providing automotive software systems with self-management capabilities and outline concrete use cases. Afterwards, we will discuss requirements and challenges for realizing adaptive automotive embedded systems

SAFE RTP: An open source reference tool platform for the safety modeling and analysis

International audienceSeamless modeling and implementation from requirements down to SW code-generation of safety critical systems in the automotive industry is still a challenge. Often, neither the modeling principles nor the tools are consistent. This paper will introduce Eclipse based platform implementations Artop, EATOP and SAFE RTP and will show how a seamless modeling of a safety related automotive system can be realized by using the composite of all three platforms

Context-aware adaptation in DySCAS

DySCAS is a dynamically self-configuring middleware for automotive control systems. The addition of autonomic, context-aware dynamic configuration to automotive control systems brings a potential for a wide range of benefits in terms of robustness, flexibility, upgrading etc. However, the automotive systems represent a particularly challenging domain for the deployment of autonomics concepts, having a combination of real-time performance constraints, severe resource limitations, safety-critical aspects and cost pressures. For these reasons current systems are statically configured. This paper describes the dynamic run-time configuration aspects of DySCAS and focuses on the extent to which context-aware adaptation has been achieved in DySCAS, and the ways in which the various design and implementation challenges are met

Marte CCSL to execute East-ADL Timing Requirements

Extended version available as a research report RR-6781International audienceIn the automotive domain, several loosely-coupled Architecture Description Languages (ADLs) compete to provide a set of abstract modeling and analysis services on top of the implementation code. In an effort to make all these languages, and more importantly their underlying models, interoperable, we use the UML Profile for MARTE as a pivot to define the semantics of these models. In this paper, we particularly focus on East-ADL2. We discuss the benefits of having an integrated, MARTE-centered, approach. We give a formal semantics of East-ADL2 timing requirements. Relying on this semantics, several kinds of analysis are possible. Requirements become executable and simulations are run. A constraint solver is used to detect logical inconsistencies. Our proposal is illustrated on an Anti-lock Braking System (ABS)

Marte CCSL and East-ADL2 Timing Requirements

Short version published to ISORC 2009, Tokyo, Japan, IEEE http://dx.doi.org/10.1109/ISORC.2009.18In the automotive domain, several loosely-coupled Architecture Description Languages (ADLs) compete to provide a set of abstract modeling and analysis services on top of the implementation code. In an effort to make all these languages, and more importantly their underlying models, interoperable, we use the UML Profile for MARTE as a pivot to define the semantics of these models. In this paper, we particularly focus on East-ADL2. We discuss the benefits of having an integrated, MARTE-centered, approach. We give a formal semantics of East-ADL2 timing requirements. Relying on this semantics, several kinds of analysis become possible. Requirements become executable and simulations are run. A constraint solver is used to detect logical inconsistencies. Our proposal is illustrated on an Anti-lock Braking System (ABS)

EOOLT 2007 – Proceedings of the 1st International Workshop on Equation-Based Object-Oriented Languages and Tools

Computer aided modeling and simulation of complex systems, using components from multiple application domains, such as electrical, mechanical, hydraulic, control, etc., have in recent years witness0065d a significant growth of interest. In the last decade, novel equation-based object-oriented (EOO) modeling languages, (e.g. Mode- lica, gPROMS, and VHDL-AMS) based on acausal modeling using equations have appeared. Using such languages, it has become possible to model complex systems covering multiple application domains at a high level of abstraction through reusable model components. The interest in EOO languages and tools is rapidly growing in the industry because of their increasing importance in modeling, simulation, and specification of complex systems. There exist several different EOO language communities today that grew out of different application areas (multi-body system dynamics, electronic circuit simula- tion, chemical process engineering). The members of these disparate communities rarely talk to each other in spite of the similarities of their modeling and simulation needs. The EOOLT workshop series aims at bringing these different communities together to discuss their common needs and goals as well as the algorithms and tools that best support them. Despite the short deadlines and the fact that this is a new not very established workshop series, there was a good response to the call-for-papers. Thirteen papers and one presentation were accepted to the workshop program. All papers were subject to reviews by the program committee, and are present in these electronic proceedings. The workshop program started with a welcome and introduction to the area of equa- tion-based object-oriented languages, followed by paper presentations and discussion sessions after presentations of each set of related papers. On behalf of the program committee, the Program Chairmen would like to thank all those who submitted papers to EOOLT'2007. Special thanks go to David Broman who created the web page and helped with organization of the workshop. Many thanks to the program committee for reviewing the papers. EOOLT'2007 was hosted by the Technical University of Berlin, in conjunction with the ECOOP'2007 conference

Model-connected safety cases

Regulatory authorities require justification that safety-critical systems exhibit acceptable levels of safety. Safety cases are traditionally documents which allow the exchange of information between stakeholders and communicate the rationale of how safety is achieved via a clear, convincing and comprehensive argument and its supporting evidence. In the automotive and aviation industries, safety cases have a critical role in the certification process and their maintenance is required throughout a system’s lifecycle. Safety-case-based certification is typically handled manually and the increase in scale and complexity of modern systems renders it impractical and error prone.Several contemporary safety standards have adopted a safety-related framework that revolves around a concept of generic safety requirements, known as Safety Integrity Levels (SILs). Following these guidelines, safety can be justified through satisfaction of SILs. Careful examination of these standards suggests that despite the noticeable differences, there are converging aspects. This thesis elicits the common elements found in safety standards and defines a pattern for the development of safety cases for cross-sector application. It also establishes a metamodel that connects parts of the safety case with the target system architecture and model-based safety analysis methods. This enables the semi- automatic construction and maintenance of safety arguments that help mitigate problems related to manual approaches. Specifically, the proposed metamodel incorporates system modelling, failure information, model-based safety analysis and optimisation techniques to allocate requirements in the form of SILs. The system architecture and the allocated requirements along with a user-defined safety argument pattern, which describes the target argument structure, enable the instantiation algorithm to automatically generate the corresponding safety argument. The idea behind model-connected safety cases stemmed from a critical literature review on safety standards and practices related to safety cases. The thesis presents the method, and implemented framework, in detail and showcases the different phases and outcomes via a simple example. It then applies the method on a case study based on the Boeing 787’s brake system and evaluates the resulting argument against certain criteria, such as scalability. Finally, contributions compared to traditional approaches are laid out

MoVES: A Model-Driven Methodology for Vehicular Embedded Systems

This paper introduces a novel model-driven methodology for the software development of real-time distributed vehicular embedded systems on single-and multi-core platforms. The proposed methodology discloses the opportunity of improving the cost-efficiency of the development process by providing automated support to identify viable design solutions with respect to selected non-functional requirements. To this end, it leverages the interplay of modeling languages for the vehicular domain whose integration is achieved by a suite of model transformations. An instantiation of the methodology is discussed for timing requirements, which are among the most critical ones for vehicular systems. To support the design of temporally correct systems, cooperation between EAST-ADL and the Rubus component model is opportunely built-up by means of model transformations, enabling timing-aware design and model-based timing analysis of the system. The applicability of the methodology is demonstrated as the proof of concepts on industrial use cases performed in cooperation with our industrial partners