Controlling Concurrent Change - A Multiview Approach Toward Updatable Vehicle Automation Systems

The development of SAE Level 3+ vehicles [{SAE}, 2014] poses new challenges not only for the functional development, but also for design and development processes. Such systems consist of a growing number of interconnected functional, as well as hardware and software components, making safety design increasingly difficult. In order to cope with emergent behavior at the vehicle level, thorough systems engineering becomes a key requirement, which enables traceability between different design viewpoints. Ensuring traceability is a key factor towards an efficient validation and verification of such systems. Formal models can in turn assist in keeping track of how the different viewpoints relate to each other and how the interplay of components affects the overall system behavior. Based on experience from the project Controlling Concurrent Change, this paper presents an approach towards model-based integration and verification of a cause effect chain for a component-based vehicle automation system. It reasons on a cross-layer model of the resulting system, which covers necessary aspects of a design in individual architectural views, e.g. safety and timing. In the synthesis stage of integration, our approach is capable of inserting enforcement mechanisms into the design to ensure adherence to the model. We present a use case description for an environment perception system, starting with a functional architecture, which is the basis for componentization of the cause effect chain. By tying the vehicle architecture to the cross-layer integration model, we are able to map the reasoning done during verification to vehicle behavior

Targeted Greybox Fuzzing with Static Lookahead Analysis

Automatic test generation typically aims to generate inputs that explore new paths in the program under test in order to find bugs. Existing work has, therefore, focused on guiding the exploration toward program parts that are more likely to contain bugs by using an offline static analysis. In this paper, we introduce a novel technique for targeted greybox fuzzing using an online static analysis that guides the fuzzer toward a set of target locations, for instance, located in recently modified parts of the program. This is achieved by first semantically analyzing each program path that is explored by an input in the fuzzer's test suite. The results of this analysis are then used to control the fuzzer's specialized power schedule, which determines how often to fuzz inputs from the test suite. We implemented our technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an online analysis is particularly suitable for the domain of smart contracts since it does not require any code instrumentation---instrumentation to contracts changes their semantics. Our experiments show that targeted fuzzing significantly outperforms standard greybox fuzzing for reaching 83% of the challenging target locations (up to 14x of median speed-up)

An analysis of test data selection criteria using the RELAY model of fault detection

RELAY is a model of faults and failures that defines failure conditions, which describe test data for which execution will guarantee that a fault originates erroneous behavior that also transfers through computations and information flow until a failure is revealed. This model of fault detection provides a framework within which other testing criteria's capabilities can be evaluated. In this paper, we analyze three test data selection criteria that attempt to detect faults in six fault classes. This analysis shows that none of these criteria is capable of guaranteeing detection for these fault classes and points out two major weaknesses of these criteria. The first weakness is that the criteria do not consider the potential unsatisfiability of their rules; each criterion includes rules that are sufficient to cause potential failures for some fault classes, yet when such rules are unsatisfiable, many faults may remain undetected. Their second weakness is failure to integrate their proposed rules; although a criterion may cause a subexpression to take on an erroneous value, there is no effort made to guarantee that the intermediate values cause observable, erroneous behavior. This paper shows how the RELAY model overcomes these weaknesses

Special Session on Industry 4.0

No abstract available

Integral-equation methods in steady and unsteady subsonic, transonic and supersonic aerodynamics for interdisciplinary design

Progress in the development of computational methods for steady and unsteady aerodynamics has perennially paced advancements in aeroelastic analysis and design capabilities. Since these capabilities are of growing importance in the analysis and design of high-performance aircraft, considerable effort has been directed toward the development of appropriate aerodynamic methodology. The contributions to those efforts from the integral-equations research program at the NASA Langley Research Center is reviewed. Specifically, the current scope, progress, and plans for research and development for inviscid and viscous flows are discussed, and example applications are shown in order to highlight the generality, versatility, and attractive features of this methodology

Principles for aerospace manufacturing engineering in integrated new product introduction

This article investigates the value-adding practices of Manufacturing Engineering for integrated New Product Introduction. A model representing how current practices align to support lean integration in Manufacturing Engineering has been defined. The results are used to identify a novel set of guiding principles for integrated Manufacturing Engineering. These are as follows: (1) use a data-driven process, (2) build from core capabilities, (3) develop the standard, (4) deliver through responsive processes and (5) align cross-functional and customer requirements. The investigation used a mixed-method approach. This comprises case studies to identify current practice and a survey to understand implementation in a sample of component development projects within a major aerospace manufacturer. The research contribution is an illustration of aerospace Manufacturing Engineering practices for New Product Introduction. The conclusions will be used to indicate new priorities for New Product Introduction and the cross-functional interactions to support flawless and innovative New Product Introduction. The final principles have been validated through a series of consultations with experts in the sponsoring company to ensure that correct and relevant content has been defined

A high-order spectral deferred correction strategy for low Mach number flow with complex chemistry

We present a fourth-order finite-volume algorithm in space and time for low Mach number reacting flow with detailed kinetics and transport. Our temporal integration scheme is based on a multi-implicit spectral deferred correction (MISDC) strategy that iteratively couples advection, diffusion, and reactions evolving subject to a constraint. Our new approach overcomes a stability limitation of our previous second-order method encountered when trying to incorporate higher-order polynomial representations of the solution in time to increase accuracy. We have developed a new iterative scheme that naturally fits within our MISDC framework that allows us to simultaneously conserve mass and energy while satisfying on the equation of state. We analyse the conditions for which the iterative schemes are guaranteed to converge to the fixed point solution. We present numerical examples illustrating the performance of the new method on premixed hydrogen, methane, and dimethyl ether flames.Comment: 27 pages, 5 figure