With the advent of the integrated architecture paradigm promoted by AUTOSAR, the automotive domain needs a standard temporal isolation policy. In this paper, we review the different approaches proposed so far and we discuss their applicability to forthcoming systems.
{"title":"Temporal isolation for the cohabitation of applications in automotive embedded software","authors":"D. Bertrand, S. Faucou, Y. Trinquet","doi":"10.1145/1772643.1772651","DOIUrl":"https://doi.org/10.1145/1772643.1772651","url":null,"abstract":"With the advent of the integrated architecture paradigm promoted by AUTOSAR, the automotive domain needs a standard temporal isolation policy. In this paper, we review the different approaches proposed so far and we discuss their applicability to forthcoming systems.","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115167371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a new approach of validation for critical real-time applications: the tree based approach. This approach explicitly takes the conditional statements and the semantics contained in the tests into account. We substitute sequential schedules by scheduling trees. We thus add new scheduling possibilities to those provided by the sequential approach. We then give conditions which make the two approaches equivalent (i.e. give same results for schedulability).
{"title":"Tree scheduling versus sequential scheduling","authors":"C. Fotsing, Annie Choquet-Geniet, G. Vidal-Naquet","doi":"10.1145/1772643.1772664","DOIUrl":"https://doi.org/10.1145/1772643.1772664","url":null,"abstract":"We present a new approach of validation for critical real-time applications: the tree based approach. This approach explicitly takes the conditional statements and the semantics contained in the tests into account. We substitute sequential schedules by scheduling trees. We thus add new scheduling possibilities to those provided by the sequential approach. We then give conditions which make the two approaches equivalent (i.e. give same results for schedulability).","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"63 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120842339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Y. Papadopoulos, M. Walker, Mark-Oliver Reiser, Matthias Weber, De-Jiu Chen, Martin Törngren, D. Servat, Andreas Abele, F. Stappert, Henrik Lönn, L. Berntsson, Rolf Johansson, Fulvio Tagliabo, Sandra Torchiaro, Anders Sandberg
In this paper, we describe a concept for the automatic allocation of general Safety Integrity Levels (SILs) to subsystems and components of complex hierarchical networked architectures that deliver sets of safety critical functions. The concept is generic and can be adapted to facilitate the safety engineering approach defined in several standards that employ the concept of integrity or assurance levels including ISO 26262, the emerging automotive safety standard. SIL allocation is facilitated by HiP-HOPS, an automated safety analysis tool, and can be performed in the context of development using EAST-ADL2, an automotive architecture description language. The process rationalizes complex risk allocation and leads to optimal/economic allocation of SILs.
{"title":"Automatic allocation of safety integrity levels","authors":"Y. Papadopoulos, M. Walker, Mark-Oliver Reiser, Matthias Weber, De-Jiu Chen, Martin Törngren, D. Servat, Andreas Abele, F. Stappert, Henrik Lönn, L. Berntsson, Rolf Johansson, Fulvio Tagliabo, Sandra Torchiaro, Anders Sandberg","doi":"10.1145/1772643.1772646","DOIUrl":"https://doi.org/10.1145/1772643.1772646","url":null,"abstract":"In this paper, we describe a concept for the automatic allocation of general Safety Integrity Levels (SILs) to subsystems and components of complex hierarchical networked architectures that deliver sets of safety critical functions. The concept is generic and can be adapted to facilitate the safety engineering approach defined in several standards that employ the concept of integrity or assurance levels including ISO 26262, the emerging automotive safety standard. SIL allocation is facilitated by HiP-HOPS, an automated safety analysis tool, and can be performed in the context of development using EAST-ADL2, an automotive architecture description language. The process rationalizes complex risk allocation and leads to optimal/economic allocation of SILs.","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117324994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Mitzlaff, R. Kapitza, Wolfgang Schröder-Preikschat
Due to the high pressure for innovation, recent cars offer a constantly increasing number of sophisticated functions for advanced driver assistance and an improved active safety. As a result, software complexity in cars rises. Up to now, configurations of current automotive embedded systems are fixed and remain static over the vehicle lifetime. However, this is problematic as all offered functions have to be taken into account for the schedule of currently upcoming time-triggered bus systems and also the OS schedules on the electronic control units (ECUs). In principle, this is not necessary, as subsets of these functions have disjoint phases of use.� This paper presents dynamic reconfiguration in cars based on mode changes, allowing to switch between a set of statically defined bus and ECUs schedules during runtime. This decreases the resource usage and the complexity of a specific set of bus and ECU schedules, as only active functions have to be considered. We outline how such a mode change can safely be enabled using a membership service for a time-triggered bus system and outline our experience in the context of a practical use case scenario: dedicated modes for normal operation and for servicing a car.
{"title":"Enabling mode changes in a distributed automotive system","authors":"M. Mitzlaff, R. Kapitza, Wolfgang Schröder-Preikschat","doi":"10.1145/1772643.1772665","DOIUrl":"https://doi.org/10.1145/1772643.1772665","url":null,"abstract":"Due to the high pressure for innovation, recent cars offer a constantly increasing number of sophisticated functions for advanced driver assistance and an improved active safety. As a result, software complexity in cars rises. Up to now, configurations of current automotive embedded systems are fixed and remain static over the vehicle lifetime. However, this is problematic as all offered functions have to be taken into account for the schedule of currently upcoming time-triggered bus systems and also the OS schedules on the electronic control units (ECUs). In principle, this is not necessary, as subsets of these functions have disjoint phases of use.\u0000 This paper presents dynamic reconfiguration in cars based on mode changes, allowing to switch between a set of statically defined bus and ECUs schedules during runtime. This decreases the resource usage and the complexity of a specific set of bus and ECU schedules, as only active functions have to be considered. We outline how such a mode change can safely be enabled using a membership service for a time-triggered bus system and outline our experience in the context of a practical use case scenario: dedicated modes for normal operation and for servicing a car.","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128799917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
C. Jouvray, Grégoire Chartier, Nicolas François, I. Ripoll, M. Masmano, A. Crespo
Trusted computing is a main concern for ensuring that the platform is secure and dependable. This paper will study AUTOSAR regarding to this area and will propose some suggestions to enforce trust in control automotive platforms.
{"title":"Enforcing trust in control automotive platforms","authors":"C. Jouvray, Grégoire Chartier, Nicolas François, I. Ripoll, M. Masmano, A. Crespo","doi":"10.1145/1772643.1772656","DOIUrl":"https://doi.org/10.1145/1772643.1772656","url":null,"abstract":"Trusted computing is a main concern for ensuring that the platform is secure and dependable. This paper will study AUTOSAR regarding to this area and will propose some suggestions to enforce trust in control automotive platforms.","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121759954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Safety engineering analysis is a mandatory stage in the design of critical embedded automotive systems. The derivation of safety requirements and their verification require establishing traceability links between requirements and the different artifacts involved in the design flow. This paper presents the different steps of a method for expressing non functional requirements (safety, timing, hardware, performance) and ensuring their validation and their traceability over a design flow for automotive system design based on the conjoint use of EAST-ADL2 and MARTE languages and supported in an Eclipse platform. A specific meta-model for requirements modeling and traceability is used. The methodology is illustrated on an industrial knock-control system characterized by strict safety and temporal constraints
{"title":"Requirement traceability in safety critical systems","authors":"Marie-Agnès Peraldi-Frati, A. Albinet","doi":"10.1145/1772643.1772647","DOIUrl":"https://doi.org/10.1145/1772643.1772647","url":null,"abstract":"Safety engineering analysis is a mandatory stage in the design of critical embedded automotive systems. The derivation of safety requirements and their verification require establishing traceability links between requirements and the different artifacts involved in the design flow. This paper presents the different steps of a method for expressing non functional requirements (safety, timing, hardware, performance) and ensuring their validation and their traceability over a design flow for automotive system design based on the conjoint use of EAST-ADL2 and MARTE languages and supported in an Eclipse platform. A specific meta-model for requirements modeling and traceability is used. The methodology is illustrated on an industrial knock-control system characterized by strict safety and temporal constraints","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122084399","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michael Stilkerich, D. Lohmann, Wolfgang Schröder-Preikschat
There is hardware- and software-based memory protection that can improve the dependability of software systems. The two variants vary in the degree of protection and the amount and sites of overhead. The decision for a particular mechanism therefore highly depends on the application and deployment scenario.� We propose a system suited for deeply embedded systems that allows to choose among no protection, software-based protection, hardware-based protection or a combination of the two without the need to change the application. In this paper, we present the current state of this work and support our claim that the best-suited memory protection type depends on the application by a preliminary evaluation.
{"title":"Memory protection at option","authors":"Michael Stilkerich, D. Lohmann, Wolfgang Schröder-Preikschat","doi":"10.1145/1772643.1772649","DOIUrl":"https://doi.org/10.1145/1772643.1772649","url":null,"abstract":"There is hardware- and software-based memory protection that can improve the dependability of software systems. The two variants vary in the degree of protection and the amount and sites of overhead. The decision for a particular mechanism therefore highly depends on the application and deployment scenario.\u0000 We propose a system suited for deeply embedded systems that allows to choose among no protection, software-based protection, hardware-based protection or a combination of the two without the need to change the application. In this paper, we present the current state of this work and support our claim that the best-suited memory protection type depends on the application by a preliminary evaluation.","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128969562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An important initiative in the automotive domain is the development of the ISO 26262 standard for functional safety of road vehicles. The standard introduces numerous techniques for analysis and verification throughout the lifecycle of automotive systems. There is therefore a need for the scientific community to contribute with new and existing knowledge on safety assessment. This position paper identifies challenges and opportunities for research in automotive safety assessment by connecting the research roadmap published in the AMBER project with the ISO 26262 standard.
{"title":"Opportunities from standardization in automotive safety assessment","authors":"R. Barbosa, J. Karlsson","doi":"10.1145/1772643.1772661","DOIUrl":"https://doi.org/10.1145/1772643.1772661","url":null,"abstract":"An important initiative in the automotive domain is the development of the ISO 26262 standard for functional safety of road vehicles. The standard introduces numerous techniques for analysis and verification throughout the lifecycle of automotive systems. There is therefore a need for the scientific community to contribute with new and existing knowledge on safety assessment. This position paper identifies challenges and opportunities for research in automotive safety assessment by connecting the research roadmap published in the AMBER project with the ISO 26262 standard.","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116681872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the wake of current computing trends like Ubiquitous Computing, Ambient Intelligence and Cyber Physical Systems, new application domains like Car2Car emerged. One key characteristic of these new application domains is their openness with respect to dynamic integration of devices and components. It is obvious that traditional safety assurance techniques, both state of the practice and state of the art, are not sufficient in this context. A possible solution approach would be to shift portions of the safety assurance process into run time. This can be reached by the integration of appropriate run time safety models and corresponding dynamic evaluation mechanisms. In this paper we sketch out our recent work on conditional safety certificates, which facilitate such dynamic safety evaluation. We conclude with a brief discussion and state promising research directions for the future.
{"title":"Conditional safety certificates in open systems","authors":"D. Schneider, M. Trapp","doi":"10.1145/1772643.1772660","DOIUrl":"https://doi.org/10.1145/1772643.1772660","url":null,"abstract":"In the wake of current computing trends like Ubiquitous Computing, Ambient Intelligence and Cyber Physical Systems, new application domains like Car2Car emerged. One key characteristic of these new application domains is their openness with respect to dynamic integration of devices and components. It is obvious that traditional safety assurance techniques, both state of the practice and state of the art, are not sufficient in this context. A possible solution approach would be to shift portions of the safety assurance process into run time. This can be reached by the integration of appropriate run time safety models and corresponding dynamic evaluation mechanisms. In this paper we sketch out our recent work on conditional safety certificates, which facilitate such dynamic safety evaluation. We conclude with a brief discussion and state promising research directions for the future.","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122204805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
T. Fujiwara, J. Estevez, Yoshinobu Satoh, S. Yamada
In the functional safety standards (IEC 61508 and ISO/DIS 26262), development methods and quantitative analytical methods are defined for establishment of safety-related systems. However, only development methods are recommended to establish the software of safety-related systems. That is, the safety integrity level for software is determined only by the number of the development methods applied to practical safety-related system development. This is not reasonable to evaluate the safety integrity level, because various risk factors should be taken up. In this paper, we propose how to calculate the safety integrity level for software. Especially, we propose the calculation method based on the software reliability growth model that has long been used in the large-scale system development.
{"title":"A calculation method for software safety integrity level","authors":"T. Fujiwara, J. Estevez, Yoshinobu Satoh, S. Yamada","doi":"10.1145/1772643.1772653","DOIUrl":"https://doi.org/10.1145/1772643.1772653","url":null,"abstract":"In the functional safety standards (IEC 61508 and ISO/DIS 26262), development methods and quantitative analytical methods are defined for establishment of safety-related systems. However, only development methods are recommended to establish the software of safety-related systems. That is, the safety integrity level for software is determined only by the number of the development methods applied to practical safety-related system development. This is not reasonable to evaluate the safety integrity level, because various risk factors should be taken up. In this paper, we propose how to calculate the safety integrity level for software. Especially, we propose the calculation method based on the software reliability growth model that has long been used in the large-scale system development.","PeriodicalId":221742,"journal":{"name":"EDCC-CARS","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115053754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: