Image Processing Reference
In-Depth Information
13.4.2 System Engineering
The verification of the performances of a communication system is twofold. On the one hand, some
properties of the communication system services can be proved independently of the application. For
instance, the correctness of the synchronization and the membership and clique avoidance services
of TTP/C have been studied using formal methods in Refs. [,,].
There are other constraints whose fulfillment cannot be determined without a precise model of
the system. This is typically the case for real-time constraints on tasks and signals, where the pat-
terns of activations and transmissions have to be identified. Much work has already been done in
this field during the last years: schedulability analysis on priority buses [], joint schedulability
analysis of tasks and messages [,], probabilistic assessment of the reliability of communications
under EMI [,,], etc. What is now needed is to extend these analyses to take into account the
peculiaritiesoftheplatformsinuse(e.g.,overheadsduetotheOSandthestackofcommunication
layers) and to integrate them in the development process of the system. The problem is compli-
cated by the development process being shared between several partners (the carmaker and various
third-party suppliers). Ways have to be found to facilitate the integration of components developed
independently and to ensure their interoperability.
In terms of the criticality of the involved functions, future automotive X-by-Wire systems can rea-
sonably be compared with Flight-by-Wire systems in the avionic field. According to Ref. [], the
probability of encountering a critical safety failure in vehicles must not exceed
−
per hour and
×
per system, but other studies consider
−
. It will be a real challenge to reach such dependability,
in particular, because of the cost constraints. It is certain that the know-how gathered over the years
in the avionic industry can be of great help but design methodologies adapted to the automotive
constraintshavetobedeveloped.
The first step is to develop technologies able to integrate different subsystems inside a domain
(see Section ..), but a real challenge is to shift the development process from subsystem integra-
tion to a complete integrated design process. he increasing amount of networked control functions
inside in-car embedded systems leads to developing specific design processes based, among others,
on formal analysis and verification techniques of both dependability properties of the networks and
dependability requirements of the embedded application.
References
. A. Albert. Comparison of event-triggered and time-triggered concepts with regards to distributed
control systems. In
Proceedings of Embedded World
,Nürnberg,Germany,February.
. ASAM. FIBEX—field bus exchange format, version .. Available at http://http://www.asam.net/,
January .
. A. Avizienis, J. Laprie, and B. Randell. Fundamental concepts of dependability. In
Proceedings of the
rd Information Survivability Workshop
, pp. -, Boston, MA, .
. M. Ayoubi, T. Demmeler, H. Leffler, and P. Köhn. X-by-Wire functionality, performance and infras-
tructure. In
Proceedings of Convergence
,Detroit,MI,.
. R. Barbosa and J. Karlsson. Formal specification and verification of a protocol for consistent diagnosis
in real-time embedded systems. In
La Grande Motte, at the Third IEEE International Symposium on
Industrial Embedded Systems (SIES')
, France, June .
. G. Bauer and M. Paulitsch. An investigation of membership and clique avoidance in TTP/C. In
Proceedings of the th IEEE Symposium on Reliable Distributed Systems
,Nuremberg,Germany,.
. P. Bühring. Safe-by-Wire Plus: Bus communication for the occupant safety system. In
Proceedings of
Convergence
,Detroit,MI,.
. L. Casparsson, A. Rajnak, K. Tindell, and P. Malmberg. Volcano—A revolution in on-board commu-
nications. Technical Report, Volvo, .
