Modular Over-the-air Software Updates for Safety-critical Real-time Systems

IF 1 4区 工程技术 Q4 INSTRUMENTS & INSTRUMENTATION Insight Pub Date : 2023-02-09 DOI:10.1002/inst.12418
Domenik Helms, Patrick Uven, Kim Grüttner
{"title":"Modular Over-the-air Software Updates for Safety-critical Real-time Systems","authors":"Domenik Helms,&nbsp;Patrick Uven,&nbsp;Kim Grüttner","doi":"10.1002/inst.12418","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Automotive software is undergoing a rapid change toward artificial intelligence and towards more and more connectedness with other systems. For both, an incremental design paradigm is desired, where the car's software is frequently updated after production but still can guarantee the highest automotive safety standards. We present a design flow and tool framework enabling a DevOps paradigm for automotive software development. DevOps means that software is developed in a continuous loop of development, deployment, usage in the field, collection of runtime data and feedback to the developers for the next design iteration. The software developers get support in defining, developing, and verifying new software functions based on the data gathered in the field by the previous software generation. The software developers can define contracts describing the time and resource assumptions on the integration environment and guarantees for other dependent software components in the system. These contracts allow a composition of software components and proof obligations to be discharged at design time through virtual integration testing and runtime through continuous monitoring of assumptions and guarantees on the software component's interfaces. An update package, consisting of the software component and its contracts, is then automatically created, transferred over the air, and deployed in the car. Monitors derived from the contracts allow for supervising the system's behavior, detecting failures at runtime, and annotating the situation to be included in a data collection, fueling the next design iteration.</p>\n </div>","PeriodicalId":13956,"journal":{"name":"Insight","volume":"25 4","pages":"85-88"},"PeriodicalIF":1.0000,"publicationDate":"2023-02-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Insight","FirstCategoryId":"5","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/inst.12418","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"INSTRUMENTS & INSTRUMENTATION","Score":null,"Total":0}
引用次数: 0

Abstract

Automotive software is undergoing a rapid change toward artificial intelligence and towards more and more connectedness with other systems. For both, an incremental design paradigm is desired, where the car's software is frequently updated after production but still can guarantee the highest automotive safety standards. We present a design flow and tool framework enabling a DevOps paradigm for automotive software development. DevOps means that software is developed in a continuous loop of development, deployment, usage in the field, collection of runtime data and feedback to the developers for the next design iteration. The software developers get support in defining, developing, and verifying new software functions based on the data gathered in the field by the previous software generation. The software developers can define contracts describing the time and resource assumptions on the integration environment and guarantees for other dependent software components in the system. These contracts allow a composition of software components and proof obligations to be discharged at design time through virtual integration testing and runtime through continuous monitoring of assumptions and guarantees on the software component's interfaces. An update package, consisting of the software component and its contracts, is then automatically created, transferred over the air, and deployed in the car. Monitors derived from the contracts allow for supervising the system's behavior, detecting failures at runtime, and annotating the situation to be included in a data collection, fueling the next design iteration.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
安全关键实时系统的模块化无线软件更新
汽车软件正经历着向人工智能和越来越多地与其他系统连接的快速变化。对于两者来说,都需要一种渐进式的设计范式,即汽车的软件在生产后经常更新,但仍然可以保证最高的汽车安全标准。我们提出了一个设计流程和工具框架,使汽车软件开发的DevOps范式成为可能。DevOps意味着软件是在开发、部署、现场使用、收集运行时数据和向开发人员反馈下一次设计迭代的连续循环中开发的。软件开发人员在定义、开发和验证基于上一代软件在该领域收集的数据的新软件功能方面得到支持。软件开发人员可以定义契约,描述对集成环境的时间和资源假设,以及对系统中其他相关软件组件的保证。这些契约允许软件组件的组合和证明义务在设计时通过虚拟集成测试和运行时通过对软件组件接口上的假设和保证的持续监控来实现。然后,由软件组件及其契约组成的更新包被自动创建,通过空中传输,并部署在汽车中。来自合同的监视器允许监督系统的行为,在运行时检测故障,并注释要包含在数据集合中的情况,为下一个设计迭代提供动力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Insight
Insight 工程技术-材料科学:表征与测试
CiteScore
1.50
自引率
9.10%
发文量
0
审稿时长
2.8 months
期刊介绍: Official Journal of The British Institute of Non-Destructive Testing - includes original research and devlopment papers, technical and scientific reviews and case studies in the fields of NDT and CM.
期刊最新文献
ISSUE INFORMATION Innovation Ecosystem Dynamics, Value and Learning I: What Can Hamilton Tell Us? Realizing the Promise of Digital Engineering: Planning, Implementing, and Evolving the Ecosystem Requirements Statements Are Transfer Functions: An Insight from Model-Based Systems Engineering Feelings and Physics: Emotional, Psychological, and Other Soft Human Requirements, by Model-Based Systems Engineering
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1