Skip to main content

2006 | Buch

Automotive Software – Connected Services in Mobile Networks

First Automotive Software Workshop, ASWSD 2004, San Diego, CA, USA, January 10-12, 2004, Revised Selected Papers

herausgegeben von: Manfred Broy, Ingolf H. Krüger, Michael Meisinger

Verlag: Springer Berlin Heidelberg

Buchreihe : Lecture Notes in Computer Science

insite
SUCHEN

Über dieses Buch

Software development for the automotive domain is currently subject to a silent revolution. On the one hand, software has become the enabling technology for almost all safety-critical and comfort functions o?ered to the customer. A total of 90 % of all innovations in automotive systems are directly or indirectly - abled by software. Today’s luxury cars contain up to 80 electronic control units (ECUs) and 5 di?erent, inter-connectednetworkplatforms, overwhich some700 software-enabled functions are distributed. On the other hand, the complexity induced by this largenumber of functions, their interactions, and their supporting infrastructure has started to becomethe limiting factor for automotive software development. Adequate management of this complexity is particularly important; the following list highlights three of the corresponding challenges: First, the dependencies between safety-critical and comfort functions are rapidly increasing;a simple example is the interplay of airbag controland power seat control in the case of an accident. Careful analysis and design of these dependencies are necessary to yield correct software solutions. Second, advances in wired and wireless networking infrastructures enable - terconnection between cars and backend service providers (e.g., to call for help in cases of emergency), between cars and devices brought into the car by drivers and passengers (such as cell phones, PDAs, and laptops), and even among cars. This dramatically shifts the focus from the development of individual software solutionsresidingondedicatedECUstotheirdistributionandinteractionwithin and beyond car boundaries.

Inhaltsverzeichnis

Frontmatter
Analyzing the Worst-Case Execution Time by Abstract Interpretation of Executable Code
Abstract
Determining the worst-case execution times (WCETs) of tasks in safety-critical hard real-time systems is a difficult problem. A combination of automatic analysis techniques with a few user annotations yields precise WCET estimates.
Christian Ferdinand, Reinhold Heckmann, Reinhard Wilhelm
Quality Assurance and Certification of Software Modules in Safety Critical Automotive Electronic Control Units Using a CASE-Tool Integration Platform
Abstract
Up to 70 electronic control units (ECU’s) serve for safety and comfort functions in a car. Communicating over different bus systems most ECU’s perform close loop control functions and reactive functions and have to fulfill hard real time constraints. Some ECU’s controlling on board entertainment/office systems are software intensive, incorporating millions of lines of code. The challenge for the design of those distributed and networked control units is to define all requirements and constraints, understand and analyze those manifold interactions between the control units, the car and the environment (driver, road, weather) in normal as well as stress situations (crash). To improve the design of safety critical ECU’s we propose an enhanced development process (double-V-model). The use of different modeling descriptions for closed loop control, reactive systems and software intensive systems requires a CASE-tool integration platform. We have developed “GeneralStore” as a platform to support model driven design with hetero-geneous models in a design process which is concurrent and distributed between the automotive manufacturer and several suppliers.
Klaus D. Mueller-Glaser, Clemens Reichmann, Markus Kuehl, Stefan Benz
On the Fault Hypothesis for a Safety-Critical Real-Time System
Abstract
A safety-critical real-time computer system must provide its services with a dependability that is much better than the dependability of any one of its constituent components. This challenging goal can only be achieved by the provision of fault tolerance. The design of any fault-tolerant system proceeds in four distinct phases. In the first phase the fault hypothesis is shaped, i.e. assumptions are made about the types and numbers of faults that must be tolerated by the planned system. In the second phase an architecture is designed that tolerates the specified faults. In the third phase the architecture is implemented and the functions and fault-tolerance mechanisms are validated. Finally, in the fourth phase it has to be confirmed experimentally that the assumptions contained in the fault-hypothesis are met by reality. The first part of this contribution focuses on the establishment of a comprehensive fault hypothesis for safety-critical real-time computer systems. The size of the fault containment regions, the failure mode of the fault containment regions, the assumed frequency of the faults and the assumptions about error detection latency and error containment are discussed under the premise that in future a distributed system node is expected to be a system-on-a-chip (SOC). The second part of this contribution focuses on the implications that such a fault hypothesis will have on the future architecture of distributed safety-critical real-time computer systems in the automotive domain.
H. Kopetz
A Compositional Framework for Real-Time Guarantees
Abstract
Our primary goal is to develop a compositional real-time scheduling framework where global (system-level) timing properties are established by composing together independently (specified and) analyzed local (component-level) timing properties. In this paper, we define two problems and one design issue in developing such a framework and present our approaches to the problems and the design issue. The two problems are (1) the scheduling interface derivation problem that is to (exactly) abstract the collective real-time requirements of a component as a single real-time requirement, or a scheduling interface and (2) the scheduling interface composition problem that is to (exactly) compose the scheduling interfaces of components into the system-level scheduling interface. The design issue is how to define a scheduling interface model. Our approach is to use the standard periodic model as the scheduling interface model and to address the two problems with the periodic model. We introduce exact conditions under which our proposed periodic scheduling interface model can abstract the collective real-time requirements that a set of periodic tasks demands under EDF (earliest deadline first) and RM (rate monotonic) scheduling. We present simulation results to evaluate the overheads that the periodic scheduling interfaces incur in terms of utilization increase.
Insik Shin, Insup Lee
Validation of Component and Service Federations in Automotive Software Applications
Abstract
The automotive domain is one of the most promising areas for component and service technologies in the near future. Vehicles are increasingly becoming integrated systems where both intra-vehicle and inter-vehicles interactions require that a set of federated components (services) be properly orchestrated. The interactions and cooperations among the members of such federations suggest the use of well-known architectural styles to properly design new systems. Among the various styles, we explore the use of the publish-subscribe paradigm for intra-vehicle cooperations and the service-oriented paradigm for vehicle-to-vehicle and vehicle-to-environment interactions. We argue that available modeling notations provide adequate support to specification, but still lack proper support to the validation phase.
In this paper we discuss component models and their validation in the context of the automotive domain. In particular, we show how publish/subscribe and service-oriented applications can be analyzed through model-checking techniques by drawing simple examples from the automotive domain.
Luciano Baresi, Carlo Ghezzi
Towards a Component Architecture for Hard Real Time Control Applications
Abstract
This paper describes a new approach towards a component architecture for hard real time control applications as found, for example, in the automotive domain. Based on the paradigm of Logical Execution Time (LET) as introduced by Giotto [1], we adapt the high-level language construct module which allows us to organize and parallelize real time code in the large. Our module construct serves multiple purposes: (1) it introduces a namespace for program entities and supports information hiding, (2) it represents a partitioning of the set of actuators and control logic available in a system, (3) it acts as a static specification of components and dependencies, (4) it may serve as the unit of dynamic loading of system extensions and (5) it may serve as the unit of distribution of functionality over a network of electronic control units. We describe the individual usage cases of modules, introduce the syntax required to specify our needs and discuss various implementation aspects.
Wolfgang Pree, Josef Templ
Adding Value to Automotive Models
Abstract
We report on how implementing a Model Based Automotive SW Engineering Process in an industrial setting can ensure the correctness of automotive applications when a process based on formal models is used. We show how formal methods, in particular model checking, can be used to ensure consistency of the models and can prove that the models satisfy selected functional and safety requirements. The technique can also be used to automatically generate test vectors from the model. Hence we show how in many ways formal verification techniques can add value to the models used for different purposes in developing automotive applications.
Eckard Böde, Werner Damm, Jarl Høyem, Bernhard Josko, Jürgen Niehaus, Marc Segelken
Automotive Software: A Challenge and Opportunity for Model-Based Software Development
Abstract
Embedded software development for automotive applications is widely considered as a significant source of innovation and improvements in cars. However, software development processes do not address well the needs of large-scale distributed real-time systems, like the ones automobiles do (or soon will) contain. The paper introduces a vision for the model-based development of embedded software, which is based on the broad-spectrum modeling of the applications in the context of a larger system, formal (and computer-supported) analysis of models, and automatic synthesis of the application(s). The paper also describes some initial steps taken to build the infrastructure for supporting such a process in the form of modeling and model transformation tools. The paper concludes with a list of challenging research problems.
Gabor Karsai
Software for Automotive Systems: Model-Integrated Computing
Abstract
Embedded Automotive systems are becoming increasingly complex, and as such difficult to design and develop. Model-based approaches are gaining foothold in this area, and increasingly the system design and development is being conducted with model-based tools, most notably Matlab® Simulink® and Stateflow® from Mathworks Inc., among others. However, these tools are addressing only a limited aspect of the system design. Moreover, there is a lack of integration between these tools, which makes overall system design and development cumbersome and error-prone. Motivated by these shortcomings we have developed an approach, based on Model-Integrated Computing, a technology matured over a decade of research at ISIS, Vanderbilt University. The center-piece of this approach is a graphical modeling language, Embedded Control Systems Language for Distributed Processing (ECSL-DP). A suite of translators and tools have been developed that facilitate the integration of ECSL-DP with industry standard Simulink and Stateflow tools, and open the possibility for integration of other tools, by providing convenient and extensible interfaces. A code generator has been developed that synthesizes implementation code, configuration and firmware glue-code from models. The approach has been prototyped and evaluated with a medium scale example. The results demonstrate the promise of the approach, and points to interesting directions for further research.
Sandeep Neema, Gabor Karsai
Simulink Integration of Giotto/TDL
Abstract
The paper first presents the integration options of what we call the Timing Description Language (TDL) with MathWorks’ Matlab/Simulink tools. Based on the paradigm of logical execution time (LET) as introduced by Giotto [2], TDL enhances Giotto towards a component architecture for real-time control applications [9]. The challenge is to provide appropriate visual and interactive modeling capabilities so that the developer can come up with the TDL timing model in the context of Simulink which has established itself as defacto modeling standard for control applications. The paper illustrates by means of a simple case study how we envision an adequate integration of both the TDL and the Simulink modeling approaches.
Wolfgang Pree, Gerald Stieglbauer, Josef Templ
Backmatter
Metadaten
Titel
Automotive Software – Connected Services in Mobile Networks
herausgegeben von
Manfred Broy
Ingolf H. Krüger
Michael Meisinger
Copyright-Jahr
2006
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-540-37678-1
Print ISBN
978-3-540-37677-4
DOI
https://doi.org/10.1007/11823063