Avinash Visagan Varadarajan,Marcel Romijn,Bart Oosthoek,Joanna van de Mortel-Fronczak,Jos Beijer

DOI: https://doi.org/10.48550/arXiv.1603.08635

2016-03-29

Systems and Control

Abstract:Modern automobiles can be considered as a collection of many subsystems working with each other to realize safe transportation of the occupants. Innovative technologies that make transportation easier are increasingly incorporated into the automobile in the form of functionalities. These new functionalities in turn increase the complexity of the system framework present and traceability is lost or becomes very tricky in the process. This hugely impacts the development phase of an automobile, in which, the safety and reliability of the automobile design should be ensured. Hence, there is a need to ensure operational safety of the vehicles while adding new functionalities to the vehicle. To address this issue, functional models of such systems are created and analysed. The main purpose of developing a functional model is to improve the traceability and reusability of a system which reduces development time and cost. Operational safety of the system is ensured by analysing the system with respect to random and systematic failures and including safety mechanism to prevent such failures. This paper discusses the development and validation of a functional model of a conventional cruise control system in a passenger vehicle based on the ISO 26262 Road Vehicles - Functional Safety standard. A methodology for creating functional architectures and an architecture of a cruise control system developed using the methodology are presented.

Toshiaki Aoki,Aritoshi Hata,Kazusato Kanamori,Satoshi Tanaka,Yuta Kawamoto,Yasuhiro Tanase,Masumi Imai,Fumiya Shigemitsu,Masaki Gondo,Tomoji Kishi

2023-10-02

Abstract:While vehicles have primarily been controlled through mechanical means in years past, an increasing number of embedded control systems are being installed and used, keeping pace with advances in electronic control technology and performance. Automotive systems consist of multiple components developed by a range of vendors. To accelerate developments in embedded control systems, industrial standards such as AUTOSAR are being defined for automotive systems, including the design of operating system and middleware technologies. Crucial to ensuring the safety of automotive systems, the operating system is foundational software on which many automotive applications are executed. In this paper, we propose an integrated model-based method for verifying automotive operating systems; our method is called Model-Checking in the Loop Model-Based Testing (MCIL-MBT). In MCIL-MBT, we create a model that formalizes specifications of automotive operating systems and verifies the specifications via model-checking. Next, we conduct model-based testing with the verified model to ensure that a specific operating system implementation conforms to the model. These verification and testing stages are iterated over until no flaws are detected. Our method has already been introduced to an automotive system supplier and an operating system vendor. Through our approach, we successfully identified flaws that were not detected by conventional review and testing methods.

Software Engineering

Guoqi Xie,Yanwen Li,Yunbo Han,Yong Xie,Gang Zeng,Renfa Li

DOI: https://doi.org/10.1109/tii.2020.2978889

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:Guaranteeing safety is always a prerequisite in the process of realizing various automotive applications. However, the automotive functional safety design has been challenged by multiple factors, such as the complexity of the new generation automotive electrical and electronic (E/E) architecture, the continuous release and update of automotive functional safety standard International Standardization Organization (ISO) 26262, the release of new AUTOSAR adaptive platform standard, and the increase in different types of costs. In this article, we summarize the recent advances of automotive functional safety design methodologies through analysis, design, optimization, and runtime phases, respectively: 1) functional safety analysis; 2) functional safety guarantee; 3) safety-aware cost optimization; and 4) safety-critical multifunctional scheduling. Then, we provide the future trends in functional safety design methodologies that will be directly oriented to autonomous vehicles and adapt to the next generation functional safety standard ISO 21448.

GQ Yang,MD Zhao,L Wang,ZH Wu

DOI: https://doi.org/10.1109/icess.2005.70

2005-01-01

Abstract:Model-based approaches are gradually applied in embedded system design with Unified Modeling Language (UML) and its profiles, but in terms of automotive electronics domain, few developers adopt UML to design system models because of inadequate tools that support the domain-specific modeling. This paper puts forward a model-based approach for automobile electronics software design and verification with a dependable platform compliant with OSEK/VDX standard. In addition, a case study is presented to demonstrate the application of the approach. The contribution of the approach is threefold. First, the approach applies the theory of model-based design with OSEK/VDX standard in automotive electronics domain. Second, the approach solves the transformation between UML models and OSEK/VDX models through an efficient method. Third, the approach simulates the system models and provides the designer with the results to optimize the design at design-level.

Mike Becker,Roland Meyer,Tobias Runge,Ina Schaefer,Sören van der Wall,Sebastian Wolff

DOI: https://doi.org/10.1007/978-3-031-21037-2_6

2022-12-16

Abstract:Intensive testing using model-based approaches is the standard way of demonstrating the correctness of automotive software. Unfortunately, state-of-the-art techniques leave a crucial and labor intensive task to the test engineer: identifying bugs in failing tests. Our contribution is a model-based classification algorithm for failing tests that assists the engineer when identifying bugs. It consists of three steps. (i) Fault localization replays the test on the model to identify the moment when the two diverge. (ii) Fault explanation then computes the reason for the divergence. The reason is a subset of actions from the test that is sufficient for divergence. (iii) Fault classification groups together tests that fail for similar reasons. Our approach relies on machinery from formal methods: (i) symbolic execution, (ii) Hoare logic and a new relationship between the intermediary assertions constructed for a test, and (iii) a new relationship among Hoare proofs. A crucial aspect in automotive software is timing requirements, for which we develop appropriate Hoare logic theory. We also briefly report on our prototype implementation for the CAN bus Unified Diagnostic Services in an industrial project.

Software Engineering,Programming Languages

J. Fabian,Stephan Reinhofer,Markus Ernst,Adam Schnellbach

DOI: https://doi.org/10.17758/ur.u0915115

2015-09-07

Abstract:Ongoing advances in mechatronic components and power electronics help to improve control systems within automotive applications. New developed or designed components enable more efficient system architectures and control. The management of several parameters of future drive architectures, such as high torque and power output, high system efficiency, low mass, low energy consumption, very low exhaust gas emissions, and low costs is essential for future propulsion concepts. Based on these development trends, mechatronic systems within automotive engineering are gaining more and more importance. At the same time, quality and safety requirements become challenging for automotive manufacturers as well as their suppliers regarding the reduction of the initial risk and increase of component reliability in a high degree. Therefore, safety-relevant aspects in the development of modern mechatronic systems have to be considered thoroughly. The high number of technical properties and complex connections of mechatronics systems in the development of modern vehicles are very challenging for state-of-the-art analysis methods. For this reason, new and innovational safety concepts are required to optimize existing safety concepts using conventional components and methods in combination. This paper includes a detailed comparison of different analysing methods to identify systematic and random failures, as well as safety standards such as IEC 61508 (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems) and ISO 26262 (Road vehicles - Functional safety). To fulfil safety standards nowadays for complex mechatronic systems, several different analysis methods have to be applied. Only the connection of a safe fault recognition with a safe fault reaction enables a system to avoid harmful consequences. Regarding product development, there is an ongoing change from routine tests (durability tests) to testing selected parts of a safety function (fault injection tests). How action is taken is changing, with a trend towards a further development of IT tools, supporting functional safe systems holistically, including hazard analysis and risk assessment, integrated system analysis of systematic and random failures, and hardware metrics. The publication closes with an overview of a functional safety concept and presents an outlook to future trends of safety systems analysis

Engineering

Guo Haitao,Yang Xianhui

DOI: https://doi.org/10.3969/j.issn.1001-4160.2007.04.019

2007-01-01

Abstract:For enhancing functional safety management on safety instrumented systems, a design of functional safety management software is presented based on the analysis of safety integrity level(SIL),safety requirement specification and safety integrity verification, which are included in safety life cycle. Hazard matrix and risk graph are two typical methods for SIL selection. Safety integrity verification uses Markov models and architecture constraints are also taken into account. The software is developed using C#. It can be used to assess not only safety but also availability for safety instrumented functions. Several types of report can be generated. The functional safety management software is a good tool and reference for correct functional safety management, helping users understanding the safety and availability of safety instrumented systems.

Zheng Zhu,Liang Li

DOI: https://doi.org/10.1109/tiv.2024.3478792

IF: 8.2

2024-01-01

IEEE Transactions on Intelligent Vehicles

Abstract:With the development of automotive intelligence, drive-by-wire system has attracted extensive attention from academia and industry. However, the architectural design of electro-mechanical-brake (EMB) systems has not been emphasized enough, especially in the context of functional safety concept. In view of this, based on ISO 26262, this paper extends the system boundary of functional safety for the first time, and combines EMB system with other systems of the vehicle to build a 4-way redundant EMB system architecture. Furthermore, detailed qualitative and quantitative analysis results are given by using state transition location diagram and quantitative fault tree analysis (FTA) respectively, and the braking failure rate is Q 0 ≈ 2.0003×10 -10 < 10 -8 meets the failure rate requirements of ASIL-D, which prove the security and reliability of the proposed architecture. This paper provides guidance and reference for the design and analysis of EMB system for subsequent researchers, and guarantees the safe development of autonomous vehicles from the safety and reliability of the system.

Arpit Narechania,Ahsan Qamar,Alex Endert

DOI: https://doi.org/10.1109/tvcg.2020.3030382

IF: 5.2

2021-02-01

IEEE Transactions on Visualization and Computer Graphics

Abstract:Modern automobiles have evolved from just being mechanical machines to having full-fledged electronics systems that enhance vehicle dynamics and driver experience. However, these complex hardware and software systems, if not properly designed, can experience failures that can compromise the safety of the vehicle, its occupants, and the surrounding environment. For example, a system to activate the brakes to avoid a collision saves lives when it functions properly, but could lead to tragic outcomes if the brakes were applied in a way that&#x27;s inconsistent with the design. Broadly speaking, the analysis performed to minimize such risks falls into a systems engineering domain called Functional Safety. In this paper, we present SafetyLens, a visual data analysis tool to assist engineers and analysts in analyzing automotive Functional Safety datasets. SafetyLens combines techniques including network exploration and visual comparison to help analysts perform domain-specific tasks. This paper presents the design study with domain experts that resulted in the design guidelines, the tool, and user feedback.

computer science, software engineering

Carsten Wiecher,Constantin Mandel,Matthias Günther,Jannik Fischbach,Joel Greenyer,Matthias Greinert,Carsten Wolff,Roman Dumitrescu,Daniel Mendez,Albert Albers

2023-11-16

Abstract:The specification of requirements and tests are crucial activities in automotive development projects. However, due to the increasing complexity of automotive systems, practitioners fail to specify requirements and tests for distributed and evolving systems with complex interactions when following traditional development processes. To address this research gap, we propose a technique that starts with the early identification of validation concerns from a stakeholder perspective, which we use to systematically design tests that drive a scenario-based modeling and analysis of system requirements. To ensure complete and consistent requirements and test specifications in a form that is required in automotive development projects, we develop a Model-Based Systems Engineering (MBSE) methodology. This methodology supports system architects and test designers in the collaborative application of our technique and in maintaining a central system model, in order to automatically derive the required specifications. We evaluate our methodology by applying it at KOSTAL (Tier1 supplier) and within student projects as part of the masters program Embedded Systems Engineering. Our study corroborates that our methodology is applicable and improves existing requirements and test specification processes by supporting the integrated and stakeholder-focused modeling of product and validation systems, where the early definition of stakeholder and validation concerns fosters a problem-oriented, iterative and test-driven requirements modeling.

Software Engineering

Naveen Mohan,Martin Törngren,Sagar Behere

DOI: https://doi.org/10.48550/arXiv.1912.03178

2019-12-06

Systems and Control

Abstract:With the advent of ISO 26262 there is an increased emphasis on top-down design in the automotive industry. ISO 26262 lacks detailed requirements for its various constituent phases. The lack of guidance becomes evident for the reuse of legacy components and subsystems, leaving vehicle architects and safety engineers to rely on experience without methodological support for their decisions. This poses challenges in the industry which is undergoing many significant changes due to new features like connectivity, electrification and automation. Here we focus on automated driving where multiple subsystems, both new and legacy, need to coordinate to realize a safety-critical function. This paper introduces a method to support consistent design of an ISO 26262 work product, the Functional Safety Concept (FSC). The method addresses a need within the industry for architectural analysis, rationale management and reuse of legacy subsystems. The method makes use of an existing work product, the diagnostic specifications of a subsystem, to assist in performing a systematic assessment of the influence a human driver, in the design of the subsystem. The output of the method is a report with an abstraction level suitable for a vehicle architect, used as a basis for decisions related to the FSC such as generating a Preliminary Architecture (PA) and building up argumentation for verification of the FSC. The proposed method is tested in a safety-critical braking subsystem at one of the largest heavy vehicle manufacturers in Sweden, Scania C.V. AB. The results demonstrate the benefits of the method including (i) reuse of pre-existing work products, (ii) gathering requirements for automated driving functions while designing the PA and FSC, (iii) the parallelization of work across the organization on the basis of expertise, and (iv) the applicability of the method across all types of subsystems.

Guoqing Yang,Minde Zhao,Hong Li,Zhaohui Wu

DOI: https://doi.org/10.1109/ICARCV.2006.345052

2006-01-01

Abstract:Electronic Control Units (ECUs) are widely used to improve the comfort and reliability of vehicles. Due to the increasing degree of distribution and interaction of ECUs, many approaches are adopted to design the in-vehicle networks to ensure the stability and reliability of the holistic network, but none of them support the synchronous development of in-vehicle networks and software in ECUs. This paper put forward a model-based approach to design the in-vehicle networks and the software in ECUs with presenting a dependable platform compliant with OSEK/VDX specifications. The paper presents a tool-chain that covers the entire system development life-cycle including system modeling, model transformation, model analysis, network simulation, code generation, document generation and runtime instrumentation. In addition, a case study is presented to demonstrate the application of the approach. The contribution of the approach is threefold. First, the approach applies the theory of model-based design with OSEK/VDX standard in automotive electronics domain, and implements the transformation between SysML models and OSEK/VDX models through an efficient method. Second, the approach presents a method of software co-design among distributed ECUs. Third, the approach bring forward a simulation model for the system models with in-vehicle networks and provides the designeriAth the simulation results to, optimize the design at the early time of the development.

Carsten Wiecher,Constantin Mandel,Matthias Günther,Jannik Fischbach,Joel Greenyer,Matthias Greinert,Carsten Wolff,Roman Dumitrescu,Daniel Mendez,Albert Albers

DOI: https://doi.org/10.1002/sys.21748

IF: 2.034

2024-02-10

Systems Engineering

Abstract:The specification of requirements and tests are crucial activities in automotive development projects. However, due to the increasing complexity of automotive systems, practitioners fail to specify requirements and tests for distributed and evolving systems with complex interactions when following traditional development processes. To address this research gap, we propose a technique that starts with the early identification of validation concerns from a stakeholder perspective, which we use to systematically design tests that drive a scenario‐based modeling and analysis of system requirements. To ensure complete and consistent requirements and test specifications in a form that is required in automotive development projects, we develop a Model‐Based Systems Engineering (MBSE) methodology. This methodology supports system architects and test designers in the collaborative application of our technique and in maintaining a central system model, in order to automatically derive the required specifications. We evaluate our methodology by applying it at KOSTAL (Tier1 supplier) and within student projects as part of the masters program Embedded Systems Engineering. Our study corroborates that our methodology is applicable and improves existing requirements and test specification processes by supporting the integrated and stakeholder‐focused modeling of product and validation systems, where the early definition of stakeholder and validation concerns fosters a problem‐oriented, iterative and test‐driven requirements modeling.

engineering, industrial,operations research & management science

Mohammad Abboush,Christoph Knieke,Andreas Rausch

DOI: https://doi.org/10.3390/s24123733

IF: 3.9

2024-06-09

Sensors

Abstract:To validate safety-related automotive software systems, experimental tests are conducted at different stages of the V-model, which are referred as "X-in-the-loop (XIL) methods". However, these methods have significant drawbacks in terms of cost, time, effort and effectiveness. In this study, based on hardware-in-the-loop (HIL) simulation and real-time fault injection (FI), a novel testing framework has been developed to validate system performance under critical abnormal situations during the development process. The developed framework provides an approach for the real-time analysis of system behavior under single and simultaneous sensor/actuator-related faults during virtual test drives without modeling effort for fault mode simulations. Unlike traditional methods, the faults are injected programmatically and the system architecture is ensured without modification to meet the real-time constraints. Moreover, a virtual environment is modeled with various environmental conditions, such as weather, traffic and roads. The validation results demonstrate the effectiveness of the proposed framework in a variety of driving scenarios. The evaluation results demonstrate that the system behavior via HIL simulation has a high accuracy compared to the non-real-time simulation method with an average relative error of 2.52. The comparative study with the state-of-the-art methods indicates that the proposed approach exhibits superior accuracy and capability. This, in turn, provides a safe, reliable and realistic environment for the real-time validation of complex automotive systems at a low cost, with minimal time and effort.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yu Jiang,Han Liu,Houbing Song,Hui Kong,Ming Gu,Jiaguang Sun,Lui Sha

DOI: https://doi.org/10.1109/tits.2017.2778077

2016-01-01

Abstract:In this paper, we present a formal model-driven design approach to establish a safety-assured implementation of multifunction vehicle bus controller (MVBC), which controls the data transmission among the devices of the vehicle. First, the generic models and safety requirements described in International Electrotechnical Commission Standard 61375 are formalized as time automata and timed computation tree logic formulas, respectively. With model checking tool Uppaal, we verify whether or not the constructed timed automata satisfy the formulas and several logic inconsistencies in the original standard are detected and corrected. Then, we apply the code generation tool Times to generate C code from the verified model, which is later synthesized into a real MVBC chip, with some handwriting glue code. Furthermore, the runtime verification tool RMOR is applied on the integrated code, to verify some safety requirements that cannot be formalized on the timed automata. For evaluation, we compare the proposed approach with existing MVBC design methods, such as BeagleBone, Galsblock, and Simulink. Experiments show that more ambiguousness or bugs in the standard are detected during Uppaal verification, and the generated code of Times outperforms the C code generated by others in terms of the synthesized binary code size. The errors in the standard have been confirmed and the resulting MVBC has been deployed in the real train communication network.

Paolo Arcaini,Silvia Bonfanti,Angelo Gargantini,Elvinia Riccobene,Patrizia Scandurra

DOI: https://doi.org/10.1007/s10009-024-00751-4

2024-05-19

International Journal on Software Tools for Technology Transfer

Abstract:Modern automotive systems with adaptive control features require rigorous analysis to guarantee correct operation. We report our experience in modeling the automotive case study from the ABZ2020 conference using the ASMETA toolset, based on the State Machine formal method. We adopted a seamless system engineering method: from an incremental formal specification of high-level requirements to increasingly refined ASMETA models, to the C++ code generation from the model. Along this process, different validation and verification activities were performed. We explored modeling styles and idioms to face the modeling complexity and ensure that the ASMETA models can best capture and reflect specific behavioral patterns. Through this realistic automotive case study, we evaluated the applicability and usability of our formal modeling approach.

computer science, software engineering

Chao Huang,Liang Li

DOI: https://doi.org/10.1016/j.ress.2020.106822

2020-06-01

Abstract:<p>In the context of intelligent and automated vehicles, drive-by-wire (DBW) systems have aroused wide attention, both in academia and industries. Over the years, a lot of discussion has been made about the architectural design of brake-by-wire (BBW) systems. However, the architectural design of the steer-by-wire (SBW) system hasn't been emphasized enough, especially in the context of functional safety concept. In view of this, based on the newly released version of ISO 26262:2018 as well as the technical report from National Highway Traffic Safety Administration (NHTSA), a fail-operational architecture for the SBW system is proposed in this paper, following the detailed analysis results of the concept phase as suggested in ISO 26262:2018. Further utilizing state transition diagrams and quantitative fault-tree-analysis (FTA) analysis respectively, detailed qualitative as well well as quantitative analysis results are provided, proving the safety and reliability of the proposed architecture. The aim is to provide guidance as well as some references for the SBW system design and analysis, where the essential problem is safety and reliability of the system, so that safety and reliability of automated vehicles can be guaranteed.</p>

engineering, industrial,operations research & management science

Eun-Young Kang,Dongrui Mu,Li Huang,Qianqing Lan

DOI: https://doi.org/10.48550/arXiv.1803.06103

2018-03-16

Software Engineering

Abstract:The software development for Cyber-Physical Systems (CPS), e.g., autonomous vehicles, requires both functional and non-functional quality assurance to guarantee that the CPS operates safely and effectively. EAST-ADL is a domain specific architectural language dedicated to safety-critical automotive embedded system design. We have previously modified EAST-ADL to include energy constraints and transformed energy-aware real-time (ERT) behaviors modeled in EAST-ADL/STATEFLOW into UPPAAL models amenable to formal verification. Previous work is extended in this paper by including support for SIMULINK and an integration of Simulink/Stateflow within a same tool-chain. Simulink/Stateflow models are transformed, based on extended ERT constraints in EAST-ADL, into verifiable UPPAAL models with stochastic semantics and integrate the translation with formal statistical analysis techniques: Probabilistic extension of EAST-ADL constraints is defined as a semantics denotation. A set of mapping rules is proposed to facilitate the guarantee of translation. Formal analysis on both functional- and non-functional properties is performed using SIMULINK DESIGN VERIFIER/UPPAAL-SMC. The analysis techniques are validated and demonstrated on the autonomous traffic sign recognition vehicle case study.

Zong-hua GU,Chao WANG,Zheng SUN,Hong LI

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.07.020

2013-01-01

Abstract:AUTomotive Open System ARchitecture(AUTOSAR) is an open and standardized automotive software architecture which is widely adopted by the automotive industry.This paper presents a simulation tool for AUTOSAR design models verification before deployment on the target hardware platform.The tool aims to ensure maximum faithfulness of the software by simulating software on the target electronic control unit at the source-code level.The results show that the simulator can give the developer more confidence on the correctness of the overall software stack than traditional simulation techniques,and improves the efficiency of system development.

Sangeeth Kochanthara,Niels Rood,Arash Khabbaz Saberi,Loek Cleophas,Yanja Dajsuren,Mark van den Brand

DOI: https://doi.org/10.1016/j.jss.2021.110991

IF: 3.5

2021-09-01

Journal of Systems and Software

Abstract:<p>The scope of automotive functions has grown from a single vehicle as an entity to multiple vehicles working together as an entity, referred to as cooperative driving. The current automotive safety standard, ISO 26262, is designed for single vehicles. With the increasing number of cooperative driving capable vehicles on the road, it is now imperative to systematically assess the functional safety of architectures of these vehicles. Many methods are proposed to assess architectures with respect to different quality attributes in the software architecture domain, but to the best of our knowledge, functional safety assessment of automotive architectures is not explored in the literature. We present a method, that leverages existing research in software architecture and safety engineering domains, to check whether the functional safety requirements for a cooperative driving scenario are fulfilled in the technical architecture of a vehicle. We apply our method on a real-life academic prototype for a cooperative driving scenario, platooning, and discuss our insights.</p>

computer science, theory & methods, software engineering