Automotive Systems and Software Engineering

This book presents state-of-the-art technologies and future trends of automotive systems and software engineering. Fifteen chapters cover all important aspects of the field, such as automotive software architectures, software process and quality, safety and security, autonomous and cooperative driving vehicle technology, and intelligent transportation systems. Additionally, the development of and challenges provided by future vehicles such as solar and fully electric cars are discussed. This book provides challenges facing the automotive software engineering field and discusses future research directions.

Requirements engineering is both a phase of software development lifecycle and a subdomain of software engineering. In general, “requirements" is defined as the description of the functionality of software under design and its properties (functional and nonfunctional requirements). Requirements are often perceived as textual documentation. However, in automotive software engineering, requirements can have multiple forms—starting from the short textual descriptions of functionality to fully executable model-based specifications.

In this chapter, we overview the notion of a requirement in general, and describe the types of requirements used when designing automotive software systems. We use the V-model, prescribed by the ISO 26262 safety standard, which describes the way in which software is designed in the automotive domain. We consider the different types of requirements used in these phases.

Due to rapid changes in the development of modern automotive systems, the involved development methods, processes, and toolchains are constantly changed, modified, and improved to be able to handle the increasing complexity of the development procedure. In this chapter, the main current challenges in the development itself as well as in the modification of the implied processes are summarized, and both a textual and a graphical overview of the main currently involved tools are given. The provided information can be used for optimal planning of development processes for future automotive systems.

In recent times, the number of features within a modern-day premium automobile has significantly increased. The majority of them are realized by software, leading to more than 1,000,000 LOC ranging from keeping the vehicle on the track to displaying a movie for rear seat entertainment. The majority of software modules need to be executed on embedded systems, some of them fulfilling mission-critical task, where a failure might lead to a fatal accident. Software development within the automotive industry is different from other industries or open source, as there are more restrictions upon development guidelines and rather strict testing definitions to meet the quality and reliability requirements or even ensure traceability on defect liability. To meet these requirements, various tools and processes have been integrated into the development process, delivering document metadata which can be used for further insights, for example, Software Fault Prediction (SFP).

Many software systems are available in similar, yet different variants to accommodate specific customer requirements. Even though sophisticated techniques exist to manage this variability, industrial practice mainly is to copy and modify existing products to create variants in an ad hoc manner. This clone-and-own practice loses variability information as no explicit connection between the variants is kept. This causes significant cost in the long term with a large set of variants as each software system has to be maintained individually. Software product line (SPL) engineering remedies this problem by allowing to develop and maintain large sets of software systems as a software family.

In this chapter, we give an overview of variability realization mechanisms in the state of practice in the industry and the state of the art in SPL engineering. Furthermore, we describe a procedure for variability mining to retrieve previously unavailable variability information from a set of cloned variants and to generate an SPL from cloned variants. Finally, we demonstrate our tool suite DeltaEcore to manage the resulting SPL and to extend it with new functionality or different realization artifacts. We illustrate the entire procedure and our tool suite with an example from the automotive industry.

This chapter presents an automated framework for identifying and representing different types of variability in Simulink models. The framework is based on the observed variants found in similar subsystem patterns inferred using Simone, a model clone detection tool, and an empirically derived set of variability operators for Simulink models. We demonstrate the application of these operators to six example systems, including automotive systems, using two alternative variation analysis techniques, one text-based and one graph-based, and show how we can represent the variation in each of the similar subsystem patterns as a single subsystem template directly in the Simulink environment. The product of our framework is a single consolidated subsystem model capable of expressing the observed variability across all instances of each inferred pattern. The process of pattern inference and variability analysis is largely automated and can be easily applied to other collections of Simulink models. We provide tool support for the variability identification and representation using the graph-based approach.

Although architecture frameworks have not been standardized in the automotive industry, different types of architecture viewpoints and views have been introduced recently as part of automotive architecture frameworks. In this chapter, we first present a literature review which has been carried out to discover the existing architecture frameworks and architecture description languages for the automotive industry as well as their benefits and gaps. We propose an architecture framework for automotive systems (AFAS) based on the extracted viewpoints from existing automotive architecture description mechanisms.

As cars are turning more and more into “computers on wheels,” the development foci for future generations of cars are shifting away from improved driving characteristics toward features and functions that are implemented in software. Classical decentralized electrical and electronic (E/E) architectures based on a large number of electronic control units (ECUs) are becoming more and more difficult to adapt to the extreme complexity that results from this trend. Moreover, the innovation speed, which will be dictated by the computer industry’s dramatically short product lifecycles, requires new architectural and software engineering approaches if the car industry wants to rise to the resulting multidimensional challenges. While classical evolutionary architectures mapped the set of functions that constitute the driving behavior into a coherent set of communicating control units, RACE (Reliable Control and Automation Environment) is an attempt to redefine the architecture of future cars from an information processing point of view. It implements a straightforward perception-control/cognition-action paradigm; it is data centric, striking a balance between central and decentralized control. It implements mechanisms for fault tolerance and features plug-and-play techniques for smooth retrofitting of functions at any point in a car’s lifetime.

The connection of different modules from different manufacturers into a single bus for the exchange of data and control is a challenge for the agricultural machinery industry using ISO 11783 standards (called ISOBUS in the market). It shows strong potential to become the de facto standard for the exchange of data between modules on the agricultural tractor. This research presents the development of an ISOBUS monitoring system and virtual terminal (VT) for agricultural vehicles. The graphical user interface (GUI) of VT is developed on the embedded system by using the Qt with cross-platform for an ARM Cortex-A9 microprocessor named by Freescale i.MX6 Quad. The GUI application programs were developed based on the Isocore-suite commercial library by the OSB AG Engineering company and certified by the Agricultural Industry Electronics Foundation. The implemented electronic control units (ECUs) and ISOBUS monitoring system were developed by the ISOAgLib open-source library, in addition to tools such as the vt-designer, the vt2iso, the CAN server, the CAN messenger, and the CAN logalizer. The implementation of ISOAgLib is fully compatible with the ISO 11783 standard. The hardware implementation is the development board for the STM32 ARM Cortex-M3 microcontroller. The implemented ECUs were experimentally tested on the ISO 11783-compliant intelligent monitoring system AFS Pro 700 for the New Holland Agriculture tractor. Also, we simulated VT-Server and implemented the sprayer, the manure spreader, the global positioning system modules with the Kvaser PCIe CAN device, and PCAN-USB device in order to analyze all CAN messages and network protocols such as the transport protocol (TP), extended transport protocol (ETP), address claiming, and request parameter group number (PGN) messages. Finally, we present an ISOBUS object pool (IOP) binary file from the implemented ECU and an interpretation of IOP files shown on the CONLAB-VT.

The automotive industry has seen a rapid change in the technologies used inside the vehicles. Since the introduction of the first electronic control unit, the impact of electronics and computer science on the quality of the vehicles is increasing every year. Arguably, safety is one of the most important quality attributes of a vehicle that needs special attention during all the stages of the lifecycle of a vehicle. The overall safety of a vehicle can be seen from multiple aspects, such as passive safety, active safety, and functional safety. Functional safety addresses the hazards that are caused by malfunctioning of electrical and/or electronic (E/E) systems. There are many factors that impact functional safety such as the organization and management, the development process, the design of the systems, the system type and technologies used in it, the quality control methods, etc. The ISO 26262 standard provides the state of the art of functional safety in automotive industry. In this chapter some of the most important aspects of functional safety from ISO 26262 perspective are discussed; namely, safety management, development process, architecture design, and safety assurance are presented here.

In this chapter we compactly introduce the overall system architecture and standards of countrywide cooperative intelligent transportation systems. This is an introduction to the next three chapters that take three different application perspectives on C-ITS, namely, intra-vehicle, inter-vehicle and countrywide. The focus lies on architecture and on security and privacy: protecting assets, safety, and functionality.

Vehicles are experiencing a rapid evolution: mechanical systems are rapidly extended, or even replaced, with electrical systems, leading to highly computerized vehicles. Wireless connectivity, such as telematics and vehicle to everything (V2X), is being introduced to help connect vehicles with the world around them. The information exchanged via these interfaces is used to improve, among others, safety, convenience, comfort, and efficiency.

However, adding connectivity is at the same time opening the Connected Car to a multitude of security problems. Modern vehicles are highly complex cyber-physical systems with a high degree of automation and loads of (valuable) data. As such, they are an attractive target for hackers. But until recently, it was not possible for hackers to attack vehicles remotely, at large scale. The wireless connections are changing the game—as they form new entry points for hackers into the vehicle networks and systems. Most vehicles that are currently on the road were not designed with security in mind. And consequently, there were a few big-impact vehicle hacks last year that made headlines in the mainstream media.

To properly prepare vehicles for their connected future, concepts such as security by design, privacy by design, defense in depth, and life-cycle management must be applied. In this chapter, we will present a structural approach to applying these principles to in-vehicle networks.

In this chapter, a high-level description of security is presented for car-to-car communication. Future cars will become safer and more robust using different sensors and technologies. Radar, Lidar, cameras, and connected cars will create a bubble around the car that a smart CPU box can manage, with or without the presence of the driver.

Security is an integral part of a robust communication system. Safety is not only enforced through packet error rates or transmit performance. In the first section of this chapter, the significance of security is discussed. Why do we need it, and what impact does it have? Subsequently, the requirements are described in more detail. Privacy, for example, is key for becoming a success in this connected world.

Optimal utilization of the channel throughput is considered beneficial in any communication system. At the same time, messages must be authentic. In this chapter, the security scheme, based on elliptic curves, is discussed, as well as public key infrastructure. The last sections are referring to standardization work done so far and what the near future has to bring.

Intelligent transportation systems architectures are changing. While traditional architectures have been hardwired, long-living, and regional in scope, modern-day architectures are different. In particular, cooperative intelligent transportation architectures need to be very flexible, change with speed unknown to the industry before, and have interregional or even global scope. To provide optimized benefit to travelers and other transportation stakeholders, new architectures need to be built with future use in mind. This chapter throws light as to why modern-day architectures differ from traditional ones. This knowledge is then used to identify basic goals of every future intelligent transportation systems architecture and give an outlook on how key elements of such an architecture could look like. Finally, it shows what steps are needed to introduce such an architecture.

The personal car has been one of the most defining inventions of the past century. Ranging from satisfying the human need for mobility to the design of cities, cars are ubiquitous and dominant in our daily lives. It is therefore very much of interest to analyze the trends of the automotive industry to predict how personal mobility might change in the future. However, we look not only at trends that occur within the automotive industry but also at other global technology trends that are related to the domain of automotive technology, such as generation and distribution of renewable energy and the rise of the “Internet of Things” (IoT). The focus of this chapter will be on the relationships between these various trends and how they might interact.

We will elaborate that the main changes in the future automotive ecosystem are enabled by strong digitization resulting in three dominant trends that are mutually benefitting each other, possibly resulting in disruptive change in mobility: firstly, the electrification of the vehicle drivetrain, strongly influenced by the take-up of sustainable energy production by solar and wind farms; secondly, the uptake of sharing economy stimulating the change from car ownership to car usage by all kinds of mobility services; thirdly, the general known trend (and not discussed in this chapter) of the automation of vehicle driving itself.

This disruptive change of the whole road mobility system toward a mobility service-oriented system will be fueled by further penetration of digitization at all aspects of mobility systems and components.