论文信息 - Towards Model-Based Failure-Management for Automotive Software

Towards Model-Based Failure-Management for Automotive Software

Failure management is a particular challenge problem in the automotive domain. Today's cars host a network of 30 to 80 electronic control units (ECUs), distributed over up to five interconnected in-car networks supporting hundreds to thousands of software- defined functions. This high degree of distribution of hard- and software components is a key contributor to the difficulty of failure management in vehicle. This paper addresses comprehensive failure management, starting from domain models for logical and deployment models of automotive software. These models capture interaction patterns as a critical part of both logical and deployment architectures, introducing failure detection and mitigation as "wrapper" services to "unmanaged services", i.e. services without failure management. We show how these models can be embedded into an interaction-centric development process, which captures failure management information across development phases. Finally, we exploit the failure management models to verify that a particular architecture meets its requirements under the stated failure hypothesis.

[1] Ralph Johnson,et al. design patterns elements of reusable object oriented software , 2019 .

[2] Nancy G. Leveson,et al. Safeware: System Safety and Computers , 1995 .

[3] Alexander Pretschner,et al. 2nd international workshop on software engineering for automotive systems , 2005, ICSE '05.

[4] Anish Arora,et al. Synthesis of fault-tolerant concurrent programs , 2004, TOPL.

[5] W E Vesely,et al. Fault Tree Handbook , 1987 .

[6] Gerard J. Holzmann,et al. The SPIN Model Checker , 2003 .

[7] Janis R. Putman,et al. Architecting with RM-ODP , 2000 .

[8] David Frankel,et al. Model Driven Architecture: Applying MDA to Enterprise Computing , 2003 .

[9] Gerard J. Holzmann,et al. The SPIN Model Checker - primer and reference manual , 2003 .

[10] Ingolf Krüger,et al. Model-based run-time monitoring of end-to-end deadlines , 2005, EMSOFT.

[11] Donald J. Reifer,et al. Software Failure Modes and Effects Analysis , 1979, IEEE Transactions on Reliability.

[12] Anish Arora,et al. Component Based Design of Multitolerant Systems , 1998, IEEE Trans. Software Eng..

[13] Ingolf Krüger,et al. Distributed system design with message sequence charts , 2000 .