With the increasing importance of Over The Air (OTA) updates in the automotive field, maintaining safety standards becomes more challenging as frequent incremental changes of embedded software are regularly integrated into a wide range of vehicle variants. This necessitates new processes and methodologies with a holistic view on the backend, where the updates are developed and released, and the frontend (vehicle), to which the updates are deployed. In this paper, we introduce an approach, including a process and a methodology, for continuous contract-based design, validation and deployment of modular updates for variant-rich automotive systems. The approach considers the vehicle as part of its connected environment enclosing a backend and concentrates on safety-critical applications. In addition, we present the UPDateable Automotive Test dEmonstratoR (UPDATER), which is a mock-up for modern Electric/Electronic architectures including a backend and a frontend part. It serves as a prototype for developing, deploying and monitoring automotive OTA updates. In a case study based on UPDATER, we apply the approach to three exemplary updates of a variable Advanced Driver Assistance System (ADAS). We show how the updates development and management may be achieved in an efficient and agile way.
Modern control systems in the maritime domain are increasingly controlled by software systems and become subject to updates and configuration changes during operation. Moreover, with the shift to autonomous vessels and cars, these software-based systems are taking on more and more safety-critical tasks, so the risks associated with system failures are increasing. Unlike before, it becomes necessary to verify the continuously adapting modules of a vehicle not only before deployment, but to establish continuous verification capabilities during all phases of the product lifecycle, from the design to the system in operation. Hence, in case of an update, deviations from the expected behavior can be automatically detected and relevant measures can be initiated. In this work, a contract-based verification framework is presented that includes automatable and formally analyzable behavioral descriptors in form of assumption-guarantee contracts for all phases of the software lifecycle to provide static and dynamic verification capabilities alongside a dynamically changing system composition. By utilizing contractually defined behavior descriptions, classic test procedures, such as simulations, are supplemented by a formally testable level that is applied to all phases of the update process. A conceptual-deductive methodology was chosen, building on the identified requirements to develop an overarching update framework that adds contractual descriptions to the traditional development case. Based on the presented framework, the verifiable modification of a safety-critical software system is demonstrated. The approach is evaluated using a maritime collision-avoidance system and the verification steps are evaluated along the update process. The framework offers a novel approach to complement existing test procedures by enabling formal impact analysis and incremental verification of updates.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.