Search Results

Complex systems, such as modern advanced driver assistance systems (ADAS), consist of many interacting components. The number of options promises considerable flexibility for configuring systems with many cost-performance-value tradeoffs; however the potential unique configurations are exponentially many prohibiting a build-test-fix approach. Instead, engineering analysis tools for rapid design-space navigation and analysis can be applied to find feasible options and evaluate their potential for correct system behavior and performance subject to functional requirements. The OpenMETA toolchain is a component-based, design space creation and analysis tool for rapidly defining and analyzing systems with large variability and cross-domain requirements. The tool supports the creation of compositional, multi-domain components, based on a user-defined ontology, which captures the behavior and structure of components and the allowable interfaces.

Autonomous vehicles (AVs) have already driven millions of miles on public roads, but even the simplest scenarios have not been certified for safety. Current methodologies for the verification of AV’s decision and control systems attempt to divorce the lower level, short-term trajectory planning and trajectory tracking functions from the behavioral rules-based framework that governs mid-term actions. Such analysis is typically predicated on the discretization of the state space and has several limitations. First, it requires that a conservative buffer be added around obstacles such that many feasible plans are classified as unsafe. Second, the discretized controllers modeled in this analysis require several refinement steps before being implementable on an actual AV, and typically do not allow the specification of comfort-related properties on the trajectories. Consumer-ready AVs use motion planning algorithms that generate smooth trajectories.

Optional software-based features (for example, to provide active safety, infotainment, etc.) are increasingly becoming a significant cost driver in automotive systems. In state-of-the-art production techniques, these optional features are built into the vehicle during assembly. This does not give the customer the flexibility to choose the specific set of features as per their requirement. They either have to buy a pre-bundled option that may or may not satisfy their preferences or are unable to find an exact combination of features from the inventory provided by a dealership. Alternatively, they have to pre-order a car from the manufacturer, which could result in a substantial delay. Therefore, it is important to improve the flexibility of delivering the optional features to customers. Towards this objective, the vehicle could be configured with the desired options at the dealership, when the customer requires them.

The Runtime Verification ECU (RV-ECU) is a new development platform for checking and enforcing the safety of automotive bus communications and software systems. RV-ECU uses runtime verification, a formal analysis subfield geared at validating and verifying systems as they run, to ensure that all manufacturer and third-party safety specifications are complied with during the operation of the vehicle. By compiling formal safety properties into code using a certifying compiler, the RV-ECU executes only provably correct code that checks for safety violations as the system runs. RV-ECU can also recover from violations of these properties, either by itself in simple cases or together with safe message-sending libraries implementable on third-party control units on the bus. RV-ECU can be updated with new specifications after a vehicle is released, enhancing the safety of vehicles that have already been sold and deployed.

For many crucial applications, establishing important properties of Simulink models by testing is either extremely resource intensive or impossible, and proof of the properties is highly desirable. Many Simulink models rely upon discrete-valued functions for which the function values are defined as a lookup table of correspondences between values in the domain and range, with linear interpolation used to evaluate intermediate values in the domain. Such discrete-valued functions arise in applications for which no known closed-form algebraic definition exists. In general, the proof of a property for a model that includes a discrete-valued function has to be by case analysis. For a single function and with mechanical support, case analysis is manageable. However, for models that include multiple discrete-valued functions, the number of cases can be the product of the cardinalities of the domains of the individual functions.