The next generation of networked embedded systems necessitates rapid prototyping and high performance while maintaining key qualities like trustworthiness and safety. However, deployment of safety-critical embedded systems suffers from complex software toolchains and engineering processes. Also, the current trend in autonomous systems relying on machine learning (ML) and artificial intelligence (AI) applications in combination with fail-operational requirements renders the verification and validation of these new systems a challenging endeavor.
To address this, a three-year European Union funded project called XANDAR aims to deliver a mature software toolchain (from requirements capture down to the actual code integration on target including verification and validation) fulfilling the need for rapid prototyping of interoperable and autonomous embedded systems.
Starting from a model-based system architecture, XANDAR will leverage novel automatic model synthesis and software parallelization techniques to achieve specific non-functional requirements setting the foundation for a novel real-time, safety-, and security- by-construction (X-by-Construction, or XbC) paradigm.
The multi-core challenge in safety critical environments
The era of parallel processing has pushed multi-core architectures into the mainstream, leading to a situation in which they are used in almost all application domains. The initial challenges with programming multi-core architectures, mostly related to synchronization and race conditions among parallel operating threads of execution, are still not fully solved.
Although the situation is alleviated by parallelizing compilers, parallel languages, special language constructs and the overall growing experience of software developers getting accustomed to the new paradigm of programming, in safety-critical domains, multi-core has yet to succeed. In environments such as automotive or aerospace, verification and proof of error-free operation are essential, conflicting with the added complexity and new sources of error in multi-core programming.
In this context, model-based design may prove to provide the answers and close the gap that spans between current multi-core architecture programming and the requirements of safety-critical domains.
Model-based design of control functions has received growing interest in the last couple of decades, especially in aerospace, automotive and process industries, which increasingly utilize embedded electronics and software. The main reason for this trend is the possibility to manage the development process from a higher-level point of view, thereby abstracting from the low-level design of systems while enabling the simulation of the system behavior and code generation of the modelled functions. This results in reduced development time and cost.
While model-based design is being increasingly adopted for early system specification, structural modelling and design space exploration, the final software implementation for critical embedded systems is often still developed manually.
End-to-end solutions that are aware of single safety aspects for an isolated embedded system have been developed in recent research projects like ARGO, which focuses on WCET (worst case execution time)-aware code generation. Model-based systems engineering approaches towards electric/electronic architectures have also been established in recent years. They divide the architecture into multiple abstraction layers and viewpoints to manage complexity throughout the development process, from analysis and design to series production. The main reasons for this can be seen as analogous to the model-based function design, but from an architecture and system point of view.
The model-based development of each domain are typically separate running processes, where architectural decisions and information needs to be modelled manually in the model-based function design tool or vice versa. Although exchange formats exist for individual aspects of a system such as communication matrices, import/export processes tend to be error-prone eliciting inconsistencies between the architecture and complementary behavioral model, especially when considering distributed and concurrent collaboration on the models.
Existing approaches and research amend architectural models with simple finite state machine behavioral descriptions and deal with generating executable architecture specifications for simulation-based verification. However, this needs to be developed further into a holistic approach capturing all design and verification steps within an integrated development environment using a single-source meta-model.
This includes, in particular, the architecture modelling of distributed networked embedded systems, its detailed integrated behavioral modelling, its synthesis into a cross-layer simulation model as well as the necessary verification steps and subsequent code generation.
XANDAR sets out to realize such a holistic approach in which the code generator provides the required X-by-construction (XbC) guarantees and preserve the relevant non-functional properties of the input model. XANDAR will introduce new innovations in this area by providing platform-agnostic code-generation support including the generation of monitoring runnables for critical services as well as non-deterministic accelerators for AI and ML applications.
Addressing these challenges requires new concepts, automated decision algorithms, formal checks, and program optimizations not only for performance and energy efficiency but also for non-functional guarantees. The whole process is subject to a trade-off between real-time performance, energy efficiency, non-functional guarantees and flexibility at runtime. High-quality code generators and transformations that co-optimize all these aspects require new and specialized solutions.
XANDAR consortium partners
The XANDAR project is a three-year program ending in December 2023 and funded by the EU to the tune of €5 million under the Horizon 2020 framework. The partners in the consortium from industry and academia, led by Professor Jürgen Becker of Karlsruhe Institute of Technology, are:
- Karlsruhe Institute of Technology (Germany)
- University of Peloponnese (Greece)
- German Aerospace Center
- AVN Innovative Technology Solutions Ltd (Cyprus)
- Vector Informatik GmbH (Germany)
- Queen’s University Belfast (Northern Ireland)
- BMW Group (Germany)
- fentISS (Spain)
One of the eight XANDAR consortium partners is Vector. The company is contributing toward achieving the project’s ambitious goals based on its expertise as an embedded software specialist and with its high-performance development environments PREEvision and the TA Tool Suite.
Here, PREEvision makes it possible to specify connected embedded systems collaboratively and model-based with well-defined semantics that integrate all system levels. The TA Tool Suite can be used to specify, simulate, and validate the time behavior of complex real-time systems. The two environments provide a foundation for setting up the X-by-Construction design framework.
- New EDA Design Tool Addresses Heterogenous Systems Integration
- RISC-V based CPU supports automotive functional safety
- Reaching across the functional safety vs agile development divide
- Using Linux with critical applications: Like mixing oil and water?
- Software testing is crucial for embedded system safety and security
- Compilers in the alien world of functional safety
- Ensuring software timing behavior in critical multicore-based embedded systems