Avenir Kobetski

On the conceptual design of a dynamic component model for reconfigurable AUTOSAR systems

The automotive industry has recently developed the embedded software standard AUTOSAR, which is now being introduced widely in production vehicles. The standard structures the application into reusable components that can be deployed in a specific vehicle using a configuration scheme. However, this configuration takes place at design time, with no provision for dynamically installing components to reconfigure the system. In this paper, we present the conceptual design of a dynamic component model that extends an AUTOSAR based control unit with the possibility to add plug-in components that execute on a virtual machine. This concept is intended to give benefits in terms of much shorter deployment time for new functions, even into vehicles that have already been produced. Further, it creates opportunities for vehicles to take part in federated embedded systems together with other products. It also opens up a market for third-party developers, and fosters open innovation in an ecosystem around the automotive software business.

MOPED: A Mobile Open Platform for Experimental Design of Cyber-Physical Systems

Due to the increasing importance of cyber-physical and embedded systems in industry, there is a strong demand for engineers with an updated knowledge on contemporary technology and methods in the area. This is a challenge for educators, in particular when it comes to creating hands-on experiences of real systems, due to their complexity and the fact that they are usually proprietary. Therefore, a laboratory environment that is representative of the industrial solutions is needed, with a focus on software and systems engineering issues. This paper describes such an environment, called the Mobile Open Platform for Experimental Design (MOPED). It consists of a model car chassis, equipped with a network of three control units based on standard hardware, and running the automotive software standard AUTOSAR, which consists of operating system, middleware, and application software structures. It is equipped with various sensors and actuators, and is open to extensions both in hardware and software. It also contains elements of future systems, since it allows connectivity to cloud services, development of federated embedded systems, and continuous deployment of new functionality. In this way, the platform provides a very relevant learning environment for cyber-physical systems, today and in the future.

Automotive system testing by independent guarded assertions

Testing is a key activity in industry to verify and validate products before they reach end customers. In hardware-in-the-loop system-level verification of automotive systems, testing is often performed using sequential execution of test scripts, each containing a mix of stimuli and assertions. In this paper, we propose and study an alternative approach for automated system-level testing automotive systems. In our approach, assertion-only test scripts and one (or several) stimuli-only script(s), execute concurrently on the test driver. By separating the stimuli from the assertions, with each assertion independently determining when the system under test shall be verified, we seek to achieve three things: 1) tests that better represent real-world handling of the product, 2) reduced test execution time, and 3) increased defect detection. In addition to describing our proposed approach in detail, we provide experimental results from an industrial case study evaluating the approach in an automotive system test environment.

Porting an AUTOSAR-compliant operating system to a high performance embedded platform

Automotive embedded systems are going through a major change, both in terms of how they are used and in terms of software and hardware architecture. Much more powerful and rapidly evolvable hardware is expected, paralleled by an accelerating development rate of the control software. To meet these challenges, a software standard, AUTOSAR, is gaining ground in the automotive field. In this work, experiences from porting AUTOSAR to a high performance embedded system, Raspberry Pi, are collected. The goal is both to present experience on the process of AUTOSAR porting and to create an AUTOSAR implementation on a cheap and widely accessible hardware platform, making AUTOSAR available for researchers and students.

Design and Implementation of a Dynamic Component Model for Federated AUTOSAR Systems

The automotive industry has recently agreed upon the embedded software standard AUTOSAR, which structures an application into reusable components that can be deployed using a configuration scheme. However, this configuration takes place at design time, with no provision for dynamically installing components to reconfigure the system. In this paper, we present the design and implementation of a dynamic component model that extends AUTOSAR with the possibility to add plug-in components at runtime. This opens up for shorter deployment time for new functions; opportunities for vehicles to participate in federated embedded systems; and involvement of third-party software developers.

Architectural Concepts for Federated Embedded Systems

Federated embedded systems (FES) is an approach for systems-of-systems engineering in the domain of cyber-physical systems. It is based on the idea to allow dynamic addition of plug-in software in the embedded system of a product, and through communication between the plug-ins in different products, it becomes possible to build services on the level of a federation of products. In this paper, architectural concerns for FES are elicited, and are used as rationale for a number of decisions in the architecture of products that are enabled for FES, as well as in the application architecture of a federation. A concrete implementation of a FES from the automotive domain is also described, as a validation of the architectural concepts presented.

Offline Analysis of Independent Guarded Assertions in Automotive Integration Testing

The size and complexity of software in automotive systems have increased steadily over the last decades. Modern vehicles typically contain numerous electrical control units (ECUs), and more and more features require real-time interaction between several dedicated ECUs (e.g., gearbox, brake and engine control units) in order to perform their tasks. Since system safety and reliability must not be adversely affected by this increase in complexity, proper quality assurance is a must. Such quality assurance is often performed by testing the system in different levels of integration throughout the development process. However, the growth of complexity of the system under test aslo affects the testing, making it laborious, difficult and costly. This paper presents a novel method for efficient offline analysis of traces, which has been especially tailored for integration testing of automotive systems. The method exploits the recently defined concept of independent guarded assertion in order to formally describe the events that are relevant for the analysis as well as the expected behavior in those events. The offline analysis is implemented using a standard commercial model checker and has shown good performance in the conducted experiments.

SAGA Toolbox: Interactive Testing of Guarded Assertions

This paper presents the SAGA toolbox. It centers around development of tests, and analysis of test results, on Guarded Assertions (GA) format. Such a test defines when to test, and what to expect in such a state. The SAGA toolbox lets the user describe the test, and at the same time get immediate feedback on the test result based on a trace from the System Under Test (SUT). The feedback is visual using plots of the trace. This enables the test engineer to play around with the data and use an agile development method, since the data is already there. Moreover, the SAGA toolbox also enables the test engineer to change test stimuli plots to study the effect they have on a test. It can later generate computer programs that can feed these test stimuli to the SUT. This enables an interactive feedback loop, where immediate feedback on changes to the test, or to the test stimuli, indicate whether the test is correct and it passed or failed.

A case study of interactive development of passive tests

Testing in the active sense is the most common way to perform verification and validation of systems, but testing in the passive sense has one compelling property: independence. Independence from test stimuli and other passive tests opens up for parallel testing and off-line analysis. However, the tests can be difficult to develop since the complete testable state must be expressed using some formalism. We argue that a carefully chosen language together with an interactive work flow, providing immediate feedback, can enable testers to approach passive testing. We have conducted a case study in the automotive domain, interviewing experienced testers. The testers have been introduced to, and had hands-on practice with a tool. The tool is based on Easy Approach to Requirements Syntax (EARS) and provides an interactive work flow for developing and evaluating test results. The case study shows that i) the testers believe passive testing is useful for many of their tests, ii) they see benefits in parallelism and off-line analysis, iii) the interactive work flow is necessary for writing the testable state expression, but iv) when the testable state becomes too complex, then the proposed language is a limitation. However, the language contributes to concise tests, resembling executable requirements.

Towards safe and secure systems of systems: challenges and opportunities

While systems of systems (SoS) are starting to reach the market, it is not entirely evident how to analyze safety, and on a high level also security, of such systems. In fact, specific characteristics of SoS, such as independence, changing constitution, evolutionary development, and emergent behavior, provide certain challenges to the safety analysis. In this paper, such challenges are summarized and a systems theoretic safety analysis method, abbreviated as STAMP, is evaluated on an automotive SoS application example. In conclusion, STAMP seems well positioned to serve as a base for a future method for safety and, to a certain degree, security analysis of SoS, although some work remains to be done. The advantages and limitations of the STAMP approach when dealing with SoS are discussed.