Service Oriented Architecture: impacts and challenges of an architecture paradigm change

International audienceAutomotive embedded software has relied on signal-based architecture for a long time. This architecture has proven through the last decades its reliability and ability to address complex systems such as a car embedding several tens of processors.Automotive industry foresees a large introduction of Service Oriented Architecture in the car whereas the technology was initially used by information systems and web applications. A complete change of architecture is clearly a challenge considering the number of heterogeneous actors, the heavy legacy of business and the safety constraints.This paper aims at providing feedbacks on the introduction of SOA in automotive industry through the prism of Software architecture and development team

Model-based resource analysis and synthesis of service-oriented automotive software architectures

Context Automotive software architectures describe distributed functionality by an interaction of software components. One drawback of today\u27s architectures is their strong integration into the onboard communication network based on predefined dependencies at design time. The idea is to reduce this rigid integration and technological dependencies. To this end, service-oriented architecture offers a suitable methodology since network communication is dynamically established at run-time. Aim We target to provide a methodology for analysing hardware resources and synthesising automotive service-oriented architectures based on platform-independent service models. Subsequently, we focus on transforming these models into a platform-specific architecture realisation process following AUTOSAR Adaptive. Approach For the platform-independent part, we apply the concepts of design space exploration and simulation to analyse and synthesise deployment configurations, i. e., mapping services to hardware resources at an early development stage. We refine these configurations to AUTOSAR Adaptive software architecture models representing the necessary input for a subsequent implementation process for the platform-specific part. Result We present deployment configurations that are optimal for the usage of a given set of computing resources currently under consideration for our next generation of E/E architecture. We also provide simulation results that demonstrate the ability of these configurations to meet the run time requirements. Both results helped us to decide whether a particular configuration can be implemented. As a possible software toolchain for this purpose, we finally provide a prototype. Conclusion The use of models and their analysis are proper means to get there, but the quality and speed of development must also be considered

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Analysis as first-class citizens – an application to Architecture Description Languages

Architecture Description Languages (ADLs) support modeling and analysis of systems through models transformation and exploration. Various contributions made proposals to bring verification capabilities to designers through model-based frame- works and illustrated benefits to the overall system quality. Model-level analyses are usually performed as an exogenous, unidirectional and semantically weak transformation towards a third-party model. We claim such process can be incomplete and/or inefficient because gathered results lead to evolution of the primary model. This is particularly problematic for the design of Distributed Real-Time Embedded (DRE) systems that has to tackle many concerns like time, security or safety. In this paper, we argue why analysis should no longer be considered as a side step in the design process but, rather, should be embedded as a first-class citizen in the model itself. We review several standardized architecture description languages, which consider analysis as a goal. As an element of solution, we introduce current work on the definition of a language dedicated to the analysis of models within the scope of one particular ADL, namely the Architecture Analysis and Design Language (AADL)

Artop – an ecosystem approach for collaborative AUTOSAR tool development

International audienceA successful approach to develop and evolve complex technologies is to establish an ecosystem around such a technology. The AUTOSAR Tool Platform (Artop) builds on this idea of an ecosystem and adapts it to the automotive domain in the field of AUTOSAR tool development. This paper explains how this idea has been implemented with Artop. Artop is an implementation of common base functionality for creating tools used in designing and configuring AUTOSAR compliant E/E systems and electronic control units (ECUs). The platform is jointly developed in an active community of AUTOSAR members and partners. Similar to Eclipse, a well established open source ecosystem, Artop propagates an ecosystem that is based on four principles which are: (1) low entry barriers; (2) commercially friendly licensing; (3) clear technical focus; and (4) awareness for the competitive differentiators. Essentially the Artop ecosystem takes the well known AUTOSAR mission “Cooperate on standards, compete on implementation“ one step further to: “Collaborate on commodities –compete on differentiating implementations”

Introducing Multi-Core at Automotive Engine Systems

International audienceWith the introduction of the new Euro 6, and Euro 7 emission standards for passenger cars, the combustion process of Engine Management Systems (EMS) needs to be controlled with an increased precision.In addition, new vehicle architectures are introduced (increased integration of functions inside an Engine Management System), as well as new SW architectures concepts like AUTOSAR or the support of ISO26262

Load Balancing in Multi ECU Configuration

Electronic Control Units (ECUs) are widely used to improve the comfort and reliability of vehicles. It has become the fundamental building block of any automotive subsystem and is interfaced with electro mechanics counterpart. To meet the system wide requirements, these ECUs are interconnected using the communication infrastructure. Although the communication infrastructure in terms of, predominantly, the CAN based vehicle network took its birth to enable ECUs to work in a coordinated manner in order to support system wide requirements, during the past decade, this infrastructure was also viewed as a potential means to incorporate extensibility in terms of addition of newer ECUs which are built for implementing additional requirements. With this paradigm, the number of ECUs started growing in a steep manner, uncontrolled and as a result, today, it is not hard to see a high segment automotive housing ECUs as large as 75-80. Hence, load balancing mechanisms are needed to ease ECU integration and for efficient utilization of CPU power in ECUs. In this paper, we explain the mathematical approach for load balancing across ECUs on the basis of CPU utilization

Automotive embedded systems software reprogramming

This thesis was submitted for the degree of Doctor of Philosophy and was awarded by Brunel UniversityThe exponential growth of computer power is no longer limited to stand alone computing systems but applies to all areas of commercial embedded computing systems. The ongoing rapid growth in intelligent embedded systems is visible in the commercial automotive area, where a modern car today implements up to 80 different electronic control units (ECUs) and their total memory size has been increased to several hundreds of megabyte. This growth in the commercial mass production world has led to new challenges, even within the automotive industry but also in other business areas where cost pressure is high. The need to drive cost down means that every cent spent on recurring engineering costs needs to be justified. A conflict between functional requirements (functionality, system reliability, production and manufacturing aspects etc.), testing and maintainability aspects is given. Software reprogramming, as a key issue within the automotive industry, solve that given conflict partly in the past. Software Reprogramming for in-field service and maintenance in the after sales markets provides a strong method to fix previously not identified software errors. But the increasing software sizes and therefore the increasing software reprogramming times will reduce the benefits. Especially if ECU’s software size growth faster than vehicle’s onboard infrastructure can be adjusted. The thesis result enables cost prediction of embedded systems’ software reprogramming by generating an effective and reliable model for reprogramming time for different existing and new technologies. This model and additional research results contribute to a timeline for short term, mid term and long term solutions which will solve the currently given problems as well as future challenges, especially for the automotive industry but also for all other business areas where cost pressure is high and software reprogramming is a key issue during products life cycle

Model Based Automotive System Design: A Power Window Controller Case Study

Modern day vehicles come equipped with a large number of sensors, actuators and ECU’s with sophisticated control algorithms, which requires engineering activities from various disciplines. An automotive system is developed in various stages with multiple stakeholders involved at each stage. Each stakeholder provides a distinct view point on system representation, which makes it challenging to bridge the gaps in developing a holistic understanding of the system functionality. The safety critical nature of automotive systems induces timing and dependability concerns that must be addressed at all stages. Furthermore, the relatively long development life-cycle of automotive systems makes it imperative to have a clear strategy for long term evolution. To deal with these challenges, model based techniques are applied in the industry for automotive systems development. System engineers use a suitable architecture description language (ADL) to represent the system architecture at several levels of abstraction. A number of system architecture description and software architecture standards have been developed in the automotive industry to streamline the development process. However, most of these standards are elaborate and need a fair amount of understanding before they can be applied. In this work, we explore the application of existing system architecture description and software architecture standards. Our main contribution is a Power Window Controller (PWC) system demonstrator that illustrates the methodology described by EAST-ADL and AUTOSAR. Through this case study, we intend to highlight the key aspects and gaps in the application of EAST-ADL & AUTOSAR. Starting from features and requirements, we have analyzed the impact of architectural decisions at each stage of automotive system development. We also performed Design verification, timing analysis & dependability analysis to ensure correctness of the system. Lastly, considerations regarding variability have been discussed to support evolution