Marc Zeller

DOI: https://doi.org/10.48550/arXiv.2106.07200

2021-06-14

Software Engineering

Abstract:Traditionally, promoted by the internet companies, continuous delivery is more and more appealing to industries which develop systems with safety-critical functions. Since safety-critical systems must meet regulatory requirements and require specific safety assessment processes in addition to the normal development steps, enabling continuous delivery of software in safety-critical systems requires the automation of the safety assessment process in the delivery pipeline. In this paper, we outline a continuous delivery pipeline for realizing continuous safety assessment in software-intensive safety-critical systems based on model-based safety assessment methods.

Sebastian Vöst,Stefan Wagner

DOI: https://doi.org/10.48550/arXiv.1612.04139

2016-12-13

Software Engineering

Abstract:Development cycles are getting shorter and Continuous Integration and Delivery are being established in the automotive industry. We give an overview of the peculiarities in an automotive deployment pipeline, introduce technologies used and analyze Tesla's deliveries as a state-of-the-art showcase.

Eriks Klotins,Tony Gorschek

DOI: https://doi.org/10.48550/arXiv.2203.12409

2022-03-23

Software Engineering

Abstract:Software is becoming a critical component of most products and organizational functions. The ability to continuously improve software determines how well the organization can respond to market opportunities. Continuous software engineering promises numerous advantages over sprint-based or plan-driven development. However, implementing a continuous software engineering pipeline in an existing organization is challenging. In this invited position paper, we discuss the adoption challenges and argue for a more systematic methodology to drive the adoption of continuous engineering. Our discussion is based on ongoing work with several industrial partners as well as experience reported in both state-of-practice and state-of-the-art. We conclude that the adoption of continuous software engineering primarily requires analysis of the organization, its goals, and constraints. One size does not fit all purposes, meaning that many of the principles behind continuous engineering are relevant for most organizations, but the level of realization and the benefits may still vary. The main hindrances to continuous flow of software arise from sub-optimal organizational structures and the lack of alignment. Once those are removed, the organization can implement automation to further improve the software delivery.

Jan-Philipp Steghöfer,Eric Knauss,Jennifer Horkoff,Rebekka Wohlrab

DOI: https://doi.org/10.48550/arXiv.1911.12590

2019-11-28

Software Engineering

Abstract:Automotive companies increasingly adopt scaled agile methods to allow them to deal with their organisational and product complexity. Suitable methods are needed to ensure safety when developing automotive systems. On a small scale, R-Scrum and SafeScrum are two concrete suggestions for how to develop safety-critical systems using agile methods. However, for large-scale environments, existing frameworks like SAFe or LeSS do not support the development of safety-critical systems out of the box. We, therefore, aim to understand which challenges exist when developing safety-critical systems within large-scale agile industrial settings, in particular in the automotive domain. Based on an analysis of R-Scrum and SafeScrum, we conducted a focus group with three experts from industry to collect challenges in their daily work. We found challenges in the areas of living traceability, continuous compliance, and organisational flexibility. Among others, organisations struggle with defining a suitable traceability strategy, performing incremental safety analysis, and with integrating safety practices into their scaled way of working. Our results indicate a need to provide practical approaches to integrate safety work into large-scale agile development and point towards possible solutions, e.g., modular safety cases. Keywords: Scaled Agile, Safety-Critical Systems, Software Processes, R-Scrum, SafeScrum

J. Fabian,Stephan Reinhofer,Markus Ernst,Adam Schnellbach

DOI: https://doi.org/10.17758/ur.u0915115

2015-09-07

Abstract:Ongoing advances in mechatronic components and power electronics help to improve control systems within automotive applications. New developed or designed components enable more efficient system architectures and control. The management of several parameters of future drive architectures, such as high torque and power output, high system efficiency, low mass, low energy consumption, very low exhaust gas emissions, and low costs is essential for future propulsion concepts. Based on these development trends, mechatronic systems within automotive engineering are gaining more and more importance. At the same time, quality and safety requirements become challenging for automotive manufacturers as well as their suppliers regarding the reduction of the initial risk and increase of component reliability in a high degree. Therefore, safety-relevant aspects in the development of modern mechatronic systems have to be considered thoroughly. The high number of technical properties and complex connections of mechatronics systems in the development of modern vehicles are very challenging for state-of-the-art analysis methods. For this reason, new and innovational safety concepts are required to optimize existing safety concepts using conventional components and methods in combination. This paper includes a detailed comparison of different analysing methods to identify systematic and random failures, as well as safety standards such as IEC 61508 (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems) and ISO 26262 (Road vehicles - Functional safety). To fulfil safety standards nowadays for complex mechatronic systems, several different analysis methods have to be applied. Only the connection of a safe fault recognition with a safe fault reaction enables a system to avoid harmful consequences. Regarding product development, there is an ongoing change from routine tests (durability tests) to testing selected parts of a safety function (fault injection tests). How action is taken is changing, with a trend towards a further development of IT tools, supporting functional safe systems holistically, including hazard analysis and risk assessment, integrated system analysis of systematic and random failures, and hardware metrics. The publication closes with an overview of a functional safety concept and presents an outlook to future trends of safety systems analysis

Engineering

Asim Abdulkhaleq,Stefan Wagner

DOI: https://doi.org/10.48550/arXiv.1612.03103

2016-12-10

Abstract:Software safety is a crucial aspect during the development of modern safety-critical systems. Software is becoming responsible for most of the critical functions of systems. Therefore, the software components in the systems need to be tested extensively against their safety requirements to ensure a high level of system safety. However, performing testing exhaustively to test all software behaviours is impossible. Numerous testing approaches exist. However, they do not directly concern the information derived during the safety analysis. STPA (Systems-Theoretic Process Analysis) is a unique safety analysis approach based on system and control theory, and was developed to identify unsafe scenarios of a complex system including software. In this paper, we present a systematic and semi-automatic testing approach based on STPA to generate test cases from the STPA safety analysis results to help software and safety engineers to recognize and reduce the associated software risks. We also provide an open-source safety-based testing tool called STPA TCGenerator to support the proposed approach. We illustrate the proposed approach with a prototype of a software of the Adaptive Cruise Control System (ACC) with a stop-and-go function with a Lego-Mindstorms EV3 robot.

Software Engineering,Systems and Control

Ricardo M. Czekster

2024-09-05

Abstract:DevOps (development and operations), has significantly changed the way to overcome deficiencies for delivering high-quality software to production environments. Past years witnessed an increased interest in embedding DevOps with cybersecurity in an approach dubbed secure DevOps. However, as the practices and guidance mature, teams must consider them within a broader risk context. We argue here how secure DevOps could profit from engaging with risk related activities within organisations. We focus on combining Risk Assessment (RA), particularly Threat Modelling (TM) and apply security considerations early in the software life-cycle. Our contribution provides a roadmap for enacting secure DevOps alongside risk objectives, devising informed ways to improve TM and establishing effective security underpinnings in organisations focusing on software products and services. We aim to outline proven methods over the literature on the subject discussing case studies, technologies, and tools. It presents a case study for a real-world inspired organisation employing the proposed approach with a discussion. Enforcing these novel mechanisms centred on security requires investment, training, and stakeholder engagement. It requires understanding the actual benefits of automation in light of Continuous Integration/Continuous Delivery settings that improve the overall quality of software solutions reaching the market.

Software Engineering,Cryptography and Security

Guoqi Xie,Gang Zeng,Renfa Li

DOI: https://doi.org/10.1109/tpds.2020.2984719

IF: 5.3

2020-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:In distributed automotive embedded systems, safety issues run through the entire life cycle, and safety mechanisms for error handling are desirable for risk control. This article focuses on safety enhancement (i.e., safety mechanisms for error handling) for a safety-critical automotive application within its deadline. A stable stopping approach used for safety enhancement for an automotive application is proposed based on the static recovery mechanism provided in ISO 26262. The Stable Stopping-based Safety Enhancement (SSSE) approach is proposed by combining known backward recovery, proposed forward recovery, and proposed forward-and-backward recovery through primary-backup repetition. The stable stopping (i.e., SSSE) approach is a convergence algorithm, which means that when the reliability value reaches a steady state and the algorithm can stop. Experimental results reveal that the exposure level defined in ISO 26262 drops from E3 to E1 after using SSSE, and such improvement enables a safety guarantee of higher level.

Nico Schick

2023-06-03

Abstract:This scientific publication focuses on the efficient application of boundary value analysis in the testing of corner cases for kinematic-based safety-critical driving scenarios within the domain of autonomous driving. Corner cases, which represent infrequent and crucial situations, present notable obstacles to the reliability and safety of autonomous driving systems. This paper emphasizes the significance of employing boundary value analysis, a systematic technique for identifying critical boundaries and values, to achieve comprehensive testing coverage. By identifying and testing extreme and boundary conditions, such as minimum distances, this publication aims to improve the performance and robustness of autonomous driving systems in safety-critical scenarios. The insights and methodologies presented in this paper can serve as a guide for researchers, developers, and regulators in effectively addressing the challenges posed by corner cases and ensuring the reliability and safety of autonomous driving systems under real-world driving conditions.

Robotics

Sandeep Sivanandan

DOI: https://doi.org/10.48550/arXiv.1506.08725

2015-06-29

Software Engineering

Abstract:Agile practices are receiving considerable attention from industry as an alternative to traditional software development approaches. However, there are a number of challenges in combining Agile [2] with Test-driven development (TDD) [10] practices, cloud deployments, continuous integration (CI), non-stop performance, load, security and accessibly testing. From these challenges; Continuous Integration is a relatively an approach widely discussed and practiced in software testing. This paper describes an approach for improved Agile Methodology using Code Quality, Code Bisector and Dynamic Regression in Continuous Integration. The set of tools used for this analysis, design and development are Jenkins, Robot Framework [4], Perforce and Git.

Brian Fitzgerald,Klaas-Jan Stol

DOI: https://doi.org/10.1016/j.jss.2015.06.063

IF: 3.5

2017-01-01

Journal of Systems and Software

Abstract:Throughout its short history, software development has been characterized by harmful disconnects between important activities such as planning, development and implementation. The problem is further exacerbated by the episodic and infrequent performance of activities such as planning, testing, integration and releases. Several emerging phenomena reflect attempts to address these problems. For example, Continuous Integration is a practice which has emerged to eliminate discontinuities between development and deployment. In a similar vein, the recent emphasis on DevOps recognizes that the integration between software development and its operational deployment needs to be a continuous one. We argue a similar continuity is required between business strategy and development, BizDev being the term we coin for this. These disconnects are even more problematic given the need for reliability and resilience in the complex and data-intensive systems being developed today. We identify a number of continuous activities which together we label as ‘Continuous *’ (i.e. Continuous Star) which we present as part of an overall roadmap for Continuous Software engineering. We argue for a continuous (but not necessarily rapid) software engineering delivery pipeline. We conclude the paper with a research agenda.

computer science, theory & methods, software engineering

Steve Neely,Steve Stolt

DOI: https://doi.org/10.1109/agile.2013.17

2013-08-01

Abstract:Rally Software transitioned from shipping code every eight-weeks, with time-boxed Scrum sprints, to a model of continuous delivery with Kanban. The team encountered complex challenges with their build systems, automated test suites, customer enablement, and internal communication. But there was light at the end of the tunnel - greater control and flexibility over feature releases, incremental delivery of value, lower risks, fewer defects, easier on-boarding of new developers, less off-hours work, and a considerable uptick in confidence. This experience report describes the journey to continuous delivery with the aim that others can learn from our mistakes and get their teams deploying more frequently. We will describe and contrast this transition from the business (product management) and engineering perspectives.

Philip Masek,Magnus Thulin,Hugo Andrade,Christian Berger,Ola Benderius

DOI: https://doi.org/10.48550/arXiv.1608.06759

2016-08-24

Abstract:Companies developing and maintaining software-only products like web shops aim for establishing persistent links to their software running in the field. Monitoring data from real usage scenarios allows for a number of improvements in the software life-cycle, such as quick identification and solution of issues, and elicitation of requirements from previously unexpected usage. While the processes of continuous integration, continuous deployment, and continuous experimentation using sandboxing technologies are becoming well established in said software-only products, adopting similar practices for the automotive domain is more complex mainly due to real-time and safety constraints. In this paper, we systematically evaluate sandboxed software deployment in the context of a self-driving heavy vehicle that participated in the 2016 Grand Cooperative Driving Challenge (GCDC) in The Netherlands. We measured the system's scheduling precision after deploying applications in four different execution environments. Our results indicate that there is no significant difference in performance and overhead when sandboxed environments are used compared to natively deployed software. Thus, recent trends in software architecting, packaging, and maintenance using microservices encapsulated in sandboxes will help to realize similar software and system engineering for cyber-physical systems.

Software Engineering

Juan Pimentel

2024-06-12

Abstract:Currently, a major concern is the insufficient level of safety offered by commercial automated vehicles and/or services such self-driving vehicles, self-driving trucks, and robotaxis. Unfortunately, stakeholders do not agree on definitions and characterizations of what is meant by safety of automated vehicles including how to measure it and how to design for it. This paper sheds some light into the answers to important questions about the safety of automated vehicles. In addition, we identify rigor as a significant missing requirement in the current literature, we also provide a discussion of rigor in the design, development, and commercialization of automated vehicles. Furthermore, we discuss software tool requirements at the organizational level to support a rigorous approach for the analysis, design, and commercialization of automated vehicles. An ALM tool, EwQIMS, is introduced emphasizing its rigorous features of its functional safety module that implements much of the ISO 26262 standard.

Systems and Control

Ankit Agrawal,Jane Cleland-Huang

DOI: https://doi.org/10.48550/arXiv.2307.07437

2023-07-14

Software Engineering

Abstract:Safety-critical system's failure or malfunction can cause loss of human lives or damage to the physical environment; therefore, continuous safety assessment is crucial for such systems. In many domains this includes the use of Safety assurance cases (SACs) as a structured argument that the system is safe for use. SACs can be challenging to maintain during system evolution due to the disconnect between the safety analysis and system development process. Further, safety analysts often lack domain knowledge and tool support to evaluate the SAC. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models, and then uses these connections to visualize the change. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety. We present new traceability techniques for closer integration of the safety analysis and system development process, and illustrate the viability of our approach using examples from a cyber-physical system that deploys Unmanned Aerial Vehicles for emergency response.

Yang Wang,Jasmin Ramadani,Stefan Wagner

DOI: https://doi.org/10.48550/arXiv.1703.05375

2017-03-15

Software Engineering

Abstract:Agile techniques recently have received attention in developing safety-critical systems. However, a lack of empirical knowledge of performing safety assurance techniques in practice, especially safety analysis into agile development processes prevents further steps. In this article, we aim at investigating the feasibility and the effects of our S-Scrum development process, and stepwise improving and proposing an Optimized S-Scrum development process for safety-critical systems in a real environment. We conducted an exploratory case study in a one-year student project "Smart Home" at the University of Stuttgart, Germany. We participated in the project and collected quantitative and qualitative data from questionnaire, interviews, participant observation, physical artifacts, and documentation review. Furthermore, we evaluated the Optimized S-Scrum in industry by conducting interviews. The first-stage results showed that by integrating STPA (System-Theoretic Process Analysis) can ensure the safety during each sprint and enhance the safety of delivered products, while the agility of S-Scrum is slightly worse than the original Scrum. Six challenges have been explored: Management changes the team's priorities during an iteration; Disturbed safety-related communication; Non-functional requirements are determined too late; Insufficient upfront planning; Insufficient well-defined completion criteria; Excessive time to perform upfront planning. We investigated further the causalities and optimizations. The second-stage results revealed that the safety and agility have been improved after the optimizations. We have gained a positive assessment and suggestions from industry. The optimized S-Scrum is feasible for developing safety-critical systems concerning the capability to ensure safety and the acceptable agility in a student project. Further attempt is still needed in industrial projects.

Ramy Shahin,Sahar Kokaly,Marsha Chechik

DOI: https://doi.org/10.48550/arXiv.2105.00041

2021-04-30

Software Engineering

Abstract:Safety-critical software systems are in many cases designed and implemented as families of products, usually referred to as Software Product Lines (SPLs). Products within an SPL vary from each other in terms of which features they include. Applying existing analysis techniques to SPLs and their safety cases is usually challenging because of the potentially exponential number of products with respect to the number of supported features. In this paper, we present a methodology and infrastructure for certified \emph{lifting} of existing single-product safety analyses to product lines. To ensure certified safety of our infrastructure, we implement it in an interactive theorem prover, including formal definitions, lemmas, correctness criteria theorems, and proofs. We apply this infrastructure to formalize and lift a Change Impact Assessment (CIA) algorithm. We present a formal definition of the lifted algorithm, outline its correctness proof (with the full machine-checked proof available online), and discuss its implementation within a model management framework.

Faheem Ullah,Adam Johannes Raft,Mojtaba Shahin,Mansooreh Zahedi,Muhammad Ali Babar

DOI: https://doi.org/10.48550/arXiv.1703.04277

2017-03-13

Abstract:Continuous Deployment (CD) has emerged as a new practice in the software industry to continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. Since most of the CDP components run in an environment that has several interfaces to the Internet, these components are vulnerable to various kinds of malicious attacks. This paper reports our work aimed at designing secure CDP by utilizing security tactics. We have demonstrated the effectiveness of five security tactics in designing a secure pipeline by conducting an experiment on two CDPs - one incorporates security tactics while the other does not. Both CDPs have been analyzed qualitatively and quantitatively. We used assurance cases with goal-structured notations for qualitative analysis. For quantitative analysis, we used penetration tools. Our findings indicate that the applied tactics improve the security of the major components (i.e., repository, continuous integration server, main server) of a CDP by controlling access to the components and establishing secure connections.

Software Engineering,Cryptography and Security

Dusica Marijan,Marius Liaaen,Sagar Sen

DOI: https://doi.org/10.1109/compsac.2018.00012

2018-07-01

Abstract:DevOps, as a growing development practice that aims to enable faster development and efficient deployment of applications without compromising on quality, is often hampered by long cycle times. One contributing factor to long cycle times in DevOps is long build time. Automated testing in continuous integration is one of the build stages that is highly prone to long run-time due to software complexity and evolution, and inefficient due to unoptimized testing approaches. To be cost-effective, testing in continuous integration needs to use only a fast-running set of comprehensive tests that are able to ensure the level of quality needed for deployment to production. Known approaches use time-aware test selection methods to improve time-efficiency of continuous integration testing by providing optimized combinations and order of tests with respect to decreased run-time. However, focusing on time-efficiency as the sole criterion in DevOps often jeopardizes the quality of software deliveries. This paper proposes a technique that integrates fault-based and risk-based test selection and prioritization optimized for low run-time, to improve time-effectiveness of continuous integration testing, and thus reduce long cycle times in DevOps, without compromising on quality. The technique has been evaluated in testing of a large-scale configurable software in continuous integration, and has shown considerable improvement over industry practice with respect to time-efficiency.

Mojtaba Shahin,Muhammad Ali Babar,Liming Zhu

DOI: https://doi.org/10.48550/arXiv.1703.07019

2017-03-21

Software Engineering

Abstract:Context: Continuous practices, i.e., continuous integration, delivery, and deployment, are the software development industry practices that enable organizations to frequently and reliably release new features and products. With the increasing interest in and literature on continuous practices, it is important to systematically review and synthesize the approaches, tools, challenges, and practices reported for adopting and implementing continuous practices. Objective: This research aimed at systematically reviewing the state of the art of continuous practices to classify approaches and tools, identify challenges and practices in this regard, and identify the gaps for future research. Method: We used systematic literature review (SLR) method for reviewing the peer-reviewed papers on continuous practices published between 2004 and 1st June 2016. We applied thematic analysis method for analysing the data extracted from reviewing 69 papers selected using predefined criteria. Results: We have identified thirty approaches and associated tools, which facilitate the implementation of continuous practices in the following ways: (1) "reducing build and test time in continuous integration (CI)"; (2) "increasing visibility and awareness on build and test results in CI"; (3) "supporting (semi-) automated continuous testing"; (4) "detecting violations, flaws and faults in CI"; (5) "addressing security and scalability issues in deployment pipeline", and (6) "improving dependability and reliability of deployment process". We have also determined a list of critical factors such as "testing (effort and time)", "team awareness and transparency", "good design principles", "customer", "highly skilled and motivated team", "application domain", and "appropriate infrastructure" that should be carefully considered when introducing continuous practices in a given organization.