Search Results

Modern automotive embedded systems are characterized by timing constraints at different levels in the design hierarchy and flow. System-level functions like modern active-safety functions are characterized by end-to-end constraints that span several ECUs and buses. ECU-level functions, like fuel injection controls need to cope with stringent resource requirements, tight time constraints and event-driven computations with different execution modes. This paper introduces some of the models, the techniques and the tool integration methods developed in the context of the INTERESTED project to guarantee timing correctness at all levels in the flow. In addition, we outline the issues arising from the application of these techniques to a fuel injection case study.

Safety-critical embedded software has to satisfy stringent quality requirements. One such requirement, imposed by all contemporary safety standards, is that no critical run-time errors must occur. Runtime errors can be caused by undefined or unspecified behavior of the programming language; examples are buffer overflows or data races. They may cause erroneous or erratic behavior, induce system failures, and constitute security vulnerabilities. A sound static analyzer reports all such defects in the code, or proves their absence. Sound static program analysis is a verification technique recommended by ISO/FDIS 26262 for software unit verification and for the verification of software integration. In this article we propose an analysis methodology that has been implemented with the static analyzer Astrée. It supports quick turn-around times and gives highly precise whole-program results.