Gerhard Griessnig

Model-based Toolchain for the Efficient Development of Safety-Relevant Automotive Embedded Systems

Advanced functionalities unthinkable a few decades ago are now being introduced into automotive vehicles through embedded systems for reasons like emission control, vehicle connectivity, safety and ...

A Bridge from System to Software Development for Safety-Critical Automotive Embedded Systems

In this paper, we present a tool enhancement that allows an effective transition from the system level development phase to the software level development phase of a tool-supported safety engineering workflow aligned with the automotive functional safety standard ISO 26262. The tool enhancement has capabilities for model generation and code generation. Whereas the generation of Simulink models supports the development of application software, the configuration and generation of safety drivers supports the development of the basic software required for initialization, runtime fault detection and error handling. We describe the safety engineering workflow and its supporting tool chain including the tool enhancement. Moreover we demonstrate that the enhancement supports the transition from the system level development phase to the software level development phase using the case study of a hybrid electric vehicle development.

Towards cross-domains model-based safety process, methods and tools for critical embedded systems: the CESAR approach

The CESAR project1 aims at elaborating a Reference Technology Platform usable across several application domains (Aeronautics, Automotive, Industrial Automation, Railway and Space) for the cost effective development and validation of safety related embedded systems. Safety and, more generally, dependability are therefore major topics addressed by the project. This paper focuses on the work performed on safety requirements and approaches to be supported by a common Reference Technology Platform. We analyse and compare the industrial practice, applicable standards and state of the art so as to identify which and how safety views should be supported. We focus in particular on the major axes investigated by the project, formal model-based techniques for requirements engineering and component-based engineering. Preliminary realisations and case studies confirm the interest and provide refined requirements for the final version of the platform.

A CPLD-based safety concept for industrial applications

Industry demands cost-efficient approaches for the realization of uncomplex safety functions in industrial automation. Therefore new approaches need to be considered. For this purpose the implementation of safety functions in hardware using CPLDs is an option. This approach does, in contrast to microcontroller-based systems, not require the development of startup- and online tests for RAM and CPU. Therefore efforts for design, implementation and verification of these safety integrity measures can be saved as well as hardware resources for the execution of tests. Based on this idea, a CPLD-based safety concept has been elaborated that allows to realize safety functions by exclusively using CPLDs. The safety concept has been derived from normative safety requirements, functional safety requirements as well as other non-functional requirements. The safety concept comprises a CPLD-based redundant failsafe system architecture, safety integrity measures and a precise definition of the safe state and the unsafe state of possible target applications. An industrial power drive system is presented that has been enhanced with uncomplex safety functions to increase its safety integrity. These safety functions are able to avoid the application of power to an electric DC motor, if demanded. They were realized by a fail-safe system. This system adopts the CPLD-based safety concept.

Improving methods and processes for the development of safety-critical automotive embedded systems

Electronic Control Units (ECUs) are implemented nowadays in safety-critical applications such as battery management or power control systems for hybrid vehicles. In this context, a critical product failure can harm people, environment or property and has therefore to be avoided. The challenge during the design of such components is to improve and guarantee the product quality while keeping flexibility for different variants and minimizing the development costs. We present in this paper first results of the newly started MEPAS project. The focus is set on improvements regarding requirements engineering as well as regarding the development of safety-relevant automotive embedded systems in the context of ISO 26262.

Fault insertion testing of a novel CPLD-based fail-safe system

According to the standard IEC 61508 fault insertion testing is required for the verification of fail-safe systems. Usually these systems are realized with microcontrollers. Fail-safe systems based on a novel CPLD-based architecture require a different method to perform fault insertion testing than microcontroller-based systems. This paper describes a method to accomplish fault insertion testing of a system based on the novel CPLD-based architecture using the original system hardware. The goal is to verify the realized safety integrity measures of the system by inserting faults and observing the behavior of the system. The described method exploits the fact, that the system contains two channels, where both channels contain a CPLD. During a test one CPLD is configured using a modified programming file. This file is available after the compilation of a VHDL-description, which was modified using saboteurs or mutants. This allows injecting a fault into this CPLD. The other CPLD is configured as fault-free device. The entire system has to detect the injected fault using its safety integrity measures. Consequently it has to enter and/or maintain a safe state.

Development of the 2nd Edition of the ISO 26262

In 2011 the automotive standard ISO 26262:2011 for the development of safety critical systems has been officially released. This standard has been successfully applied by various companies in the automotive supply chain and is the framework of the development of safety related systems and of their components. There is a regulation of the International Standardization Organization (ISO) that valid and published standards shall be periodically reviewed. Now the time has come to update and extend the existing standard, to make it applicable for future systems and technologies. The main motivations for the 2nd edition of ISO 26262: are the experiences gathered with the 1st edition; the extension of the scope to other vehicle categories; the inclusion of a semi-conductor guideline and the inclusion of guidance on fail-operational systems. This paper presents the key changes and updates and the motivation behind them.

Safety Simulation in the Concept Phase: Advanced Co-simulation Toolchain for Conventional, Hybrid and Fully Electric Vehicles (

Modern vehicle powertrains include electronically controlled mechanical, electrical and hydraulic systems, such as double clutch transmissions (DCT), powerful regenerative braking systems and distributed e-Machines (EM), which leads to new safety challenges. Functional failure analysis of events such as the sudden failure of a DCT or EM, and the development and the validation of suitable controllers and networks, can now be evaluated using co-simulation techniques, from the early stages of product development. A co-simulation toolchain with a 3D vehicle and road model, coupled with a 1D powertrain model, is used to enable the definition of hardware and software functions, and also to support the rating of the Automotive Safety Integrity Level (ASIL) during hazard analysis and risk assessment in the context of ISO 26262. This innovative approach may be applied to a wide range of powertrain topologies, including conventional, hybrid electric and fully electric, for cars, motorcycles, light or heavy duty truck or bus applications.

Improving automotive embedded systems engineering at European level

ZusammenfassungErhöhte Komplexität in der Entwicklung von Embedded Systems stellt heute viele Industriezweige vor Herausforderungen. Dies trifft besonders die Automobilindustrie; hier werden immer mehr sicherheitskritische Funktionen mit Hilfe von Embedded Systems realisiert. Die Wechselwirkung zwischen neuen Standards und steigender Anzahl von Funktionalitäten bei strikter Kostenbegrenzung stellt eine komplexe Aufgabe dar, die es zu bewältigen gilt. Dieser Artikel behandelt zwei dieser Herausforderungen der automotiven Industrie und stellt – mit einem Fokus auf CESAR – die wichtigsten europäischen Forschungsprojekte im Bereich Embedded Systems vor. Weiters wird die Referenz Technologie Plattform als Konzept für Werkzeugintegration und Interoperability Standard präsentiert. Ziel ist es, hiermit die Kosten des Entwicklungsprozesses spürbar zu senken. Abschließend wird eine beispielhafte Realisierung einer solchen Referenz-Technologieplattform für die Automobilindustrie behandelt.SummaryComplexity in embedded systems engineering is increasing, imposing challenges to many industries. Especially the automotive industry has gone through significant changes with the application target of embedded systems moving towards safety-relevant applications. New safety standards as well as an increasing number of functionalities in a context of stringent cost constraints represent a complex challenge the industry is dealing with. In this paper, we provide an overview of two major challenges, the automotive industry is facing and of the main European research projects – with an emphasis to CESAR – focused on solving these challenges with respect to embedded systems engineering. We further discuss the reference technology platform as concept for tool integration and interoperability standard in order to significantly reduce costs. Finally, an exemplary realization of such reference technology platform for the automotive domain is presented.

Status of the Development of ISO/SAE 21434.

With the ongoing trend to incorporate new functionalities and functions based on the connectivity of vehicles, cybersecurity is becoming an important issue in the vehicle development lifecycle. While the first approaches to address this topic were based on research projects or adaptions of existing concepts of other domains, there is now a new ongoing activity to develop ISO/SAE 21434 a cybersecurity engineering standard for road vehicles. This standard addresses the complete lifecycle from development and production via operation and maintenance up to the decommissioning of the vehicles. We give an overview about the ongoing development, discuss potential contents and objectives and summarize time plan and open points.