Search Results

Safety-critical embedded software has to satisfy stringent quality requirements. All contemporary safety standards require evidence that no data races and no critical run-time errors occur, such as invalid pointer accesses, buffer overflows, or arithmetic overflows. Such errors can cause software crashes, invalidate separation mechanisms in mixed-criticality software, and are a frequent cause of errors in concurrent and multi-core applications. The static analyzer Astrée has been extended to soundly and automatically analyze concurrent software. This novel extension employs a scalable abstraction which covers all possible thread interleavings, and reports all potential run-time errors, data races, deadlocks, and lock/unlock problems. When the analyzer does not report any alarm, the program is proven free from those classes of errors. Dedicated support for ARINC 653 and OSEK/AUTOSAR enables a fully automatic OS-aware analysis.

Driver assistance systems (e.g. the emergency brake assist Active Brake Assist2, or ABA2 for short, in the Mercedes-Benz Actros) are becoming increasingly common in heavy-duty commercial vehicles. Due to the close interconnection with drivetrain and suspension control systems, the integration and validation of the functions make the most exacting demands on processes and tools involved in mechatronics development. In addition to a multi-stage test process focusing on the functions of the driver assistance systems (software), the “electrical” aspects (hardware) also form part of holistic maturity level validation. The test process is supported by state-of-the-art, high-performance tools (e.g. automatable component test benches and overall vehicle HiL systems) which, in particular, allow quick and accurate configuration in line with different vehicle variants.

Preventing systematic software failures is of paramount importance for any highly automatic vehicle control system, in particular for safety-critical AUTOSAR software. Among the most critical software defects are runtime errors like buffer overflows or data races. They may cause erroneous or erratic behavior, induce system failures, and constitute security vulnerabilities. Sound static analysis can be used to report all such defects in the code, or to prove their absence. It can also determine dependencies between software components and show freedom of interference without missing any data and control flow through data or function pointers. In the past, AUTOSAR projects often had to be decomposed or simplified to achieve satisfactory analysis time or memory consumption. Creating the analysis model, i.e., determining the tasks and ISRs to analyze, their priorities, synchronization, etc., required significant manual effort.

In this paper a new numerical methodology to compute component temperatures of a rotating cardan shaft is described. In general temperatures of the cardan shaft are mainly dominated by radiation from the exhaust gas system and air temperatures in the transmission tunnel and underbody. While driving the cardan shaft is rotating. This yields a uniform temperature distribution of the circumference of the shaft. However most simulation approaches for heat protection are nowadays steady-state computations. In these simulations the rotation of the cardan shaft is not considered. In particular next to the exhaust gas system the distribution of the temperatures of the cardan shaft is not uniform but shows hot temperatures due to radiation at the side facing the exhaust gas system and lower temperatures at the other side. This paper describes a new computational approach that is averaging the radiative and convective heat fluxes circumferentially over bands of the cardan shaft.