Co-simulation has been proposed as a method for facilitating integrated simulation of multi-domain models of Cyber-physical Systems (CPS). To ensure that co-simulations are well-managed, concerns beyond technical mechanisms for co-simulation also need to be addressed during tool-chain development. In this paper, an evolution of two frameworks supporting co-simulation tool-chain development is first introduced. Drawing upon the empirical findings from an initial framework SPIT developed based on model-driven techniques, we develop a service-oriented framework, SPIRIT based on model-driven and tool-integration techniques. Moreover, we propose a 3D viewpoint based method to formalize concept models of co-simulation tool-chains. In order to evaluate the evolution, we use visualizations of related concept models to compare tool-chains developed based on these two frameworks. 

Model-based systems engineering (MBSE) is an emerging technique widely used in current industry. It is a leading way expected to become a next-generation standard practice in the systems engineering. Fundamental tenets of systems engineering can be supported by a model-based approach to minimize design risks and avoid design changes in late development stages. The models can be used to formalize, analyze, design, optimize, verify and validate target products which help developers to integrate engineering development, organization and product across domains. Though model-based development is well established in specific domains, such as software, mechanical system, electric systems, its role in integrated development from system aspect is still a big challenge for current Chinese industry. In this paper, a survey from volunteers who related with MBSE is taken by questionnaires. The purpose of this survey is to highlight the usage and status of MBSE in current Chinese industry and address roughly the understandings of MBSE concepts among system developers in China based on the answers about usages, advantages, barriers, concerns, trends of MBSE, particularly the perspective of tool-chain development.

This paper proposes a SPIRIT framework supporting model-based systems engineering (MBSE) tool-chain development of advanced cyber-physical systems (CPS) with emphasis on tool integration, process management, automated verification and validation. The core features of the developed MBSE tool-chain include domain-specific modeling to describe CPS development, service-oriented deployment of technical resources (data, model and tool operations) and process management through IT platforms. The framework has two purposes: to support tool-chain development with a systems engineering approach; to promote interoperability of the whole developed tool-chain through a service-oriented approach. The framework covers social, process, information and technical aspects aiming to integrate various related MBSE techniques with tool-chain development. Based on the framework, an MBSE tool-chain prototype is developed, and the flexibility and interoperability are evaluated through a case study.

Robots and autonomous systems have become a part of our everyday life, therefore guaranteeing their safety is crucial. Among the possible ways to do so, monitoring is widely used, but few methods exist to systematically generate safety rules to implement such monitors. Particularly, building safety monitors that do not constrain excessively the system’s ability to perform its tasks is necessary as those systems operate with few human interventions. We propose in this paper a method to take into account the system’s desired tasks in the specification of strategies for monitors and apply it to a case study. We show that we allow more strategies to be found and we facilitate the reasoning about the trade-off between safety and availability. 

In vehicular communication protocol stacks, received messages may not always be decoded successfully due to the complexity of the decoding functions, the uncertainty of the communication load and the limited computation resources. Even worse, an improper implementation of the protocol stack may cause an unfair data age distribution among all the communicating vehicles (the receiving bias problem). In such cases, some vehicles are almost locked out of the vehicular communication, causing potential safety risk in scenarios such as intersection passing. To our knowledge, this problem has not been systematically studied in the fields of vehicular communication and intelligent transport systems (ITS). This paper analyzes the root of the receiving bias problem and proposes architectural solutions to balance data age distribution. Simulation studies based on commercial devices demonstrate the effectiveness of these solutions. In addition, our system has been successfully applied during the Grand Cooperative Driving Challenge, where complicated scenarios involving platooning maneuvering and intersection coordination were conducted.

With the advent of ISO 26262 there is an increased emphasis on top-down design in the automotive industry. While the standard delivers a best practice framework and a reference safety lifecycle, it lacks detailed requirements for its various constituent phases. The lack of guidance becomes especially evident for the reuse of legacy components and subsystems, the most common scenario in the cost-sensitive automotive domain, leaving vehicle architects and safety engineers to rely on experience without methodological support for their decisions. This poses particular challenges in the industry which is currently undergoing many significant changes due to new features like connectivity, servitization, electrification and automation. In this paper we focus on automated driving where multiple subsystems, both new and legacy, need to coordinate to realize a safety-critical function. This paper introduces a method to support consistent design of a work product required by ISO 26262, the Functional Safety Concept (FSC). The method arises from and addresses a need within the industry for architectural analysis, rationale management and reuse of legacy subsystems. The method makes use of an existing work product, the diagnostic specifications of a subsystem, to assist in performing a systematic assessment of the influence a human driver, in the design of the subsystem. The output of the method is a report with an abstraction level suitable for a vehicle architect, used as a basis for decisions related to the FSC such as generating a Preliminary Architecture (PA) and building up argumentation for verification of the FSC. The proposed method is tested in a safety-critical braking subsystem at one of the largest heavy vehicle manufacturers in Sweden, Scania C.V. AB. The results demonstrate the benefits of the method including (i) reuse of pre-existing work products, (ii) gathering requirements for automated driving functions while designing the PA and FSC, (iii) the parallelization of work across the organization on the basis of expertise, and (iv) the applicability of the method across all types of subsystems.

Co-simulation has grown from point-to-point between simulation tools for specific purposes to complex tool-chains which often require additional functionalities, e.g., process management, data management, and tool integration. With these additional functionalities, the related design activities could be controlled and implemented by uni- ed platforms to improve eciency and effectiveness. Due to increasing complexity and size of co-simulation tool-chains, a systematic approach is needed to formalize their evolution in order to analyze functionalities and evaluate their structures before development. In this paper, we extend a proposed domain specific language, - named Tool Integration Language (TIL) - to describe co-simulation tool-chain architectures on a high abstraction level aiming to promote the eciency and e effectiveness of co-simulation tool-chain development by the use of Model-based System Engineering (MBSE). We introduce how the extended TIL formalizes structures and present two industrial cases of co-simulation tool-chain from previous experiences and describe them using the TIL. Finally, we conclude this paper and introduce future work -a further extension of TIL supporting MBSE tool-chain development.

The ISO 26262 is currently the dominant functional safety standard for electrical and electronic systems in the automotive industry. The Functional Safety Concept sub-phase in the standard requires the Preliminary Architectural Assumptions (PAA) for allocation of functional safety requirements. This paper justifies the need for, and defines a process ATRIUM, for consistent design of the PAA. ATRIUM is subsequently applied in an industrial case study for a function enabling highly automated driving at one of the largest heavy vehicle manufacturers in Europe, Scania CV AB. The findings from this study, which contributed to ATRIUM's institutionalization at Scania, are presented. The benefits of ATRIUM include (i) a fast and flexible way to refine the PAA, and a framework to (ii) incorporate information from legacy systems into safety design and (iii) rigorously track and document the assumptions and rationale behind architectural decisions under uncertain information. The contributions of this paper are (i) the analysis of the problem (ii) the process ATRIUM and (iii) findings and the discussion from the case study at Scania.

Organizations in the automotive domain, which aim to transition into developing fully autonomous vehicles face many challenges. These range from organizational issues to engineering concerns. This paper builds on structured interviews with professionals from industry and academia to provide a deeper understanding of existing problems. Standards, safety analysis, legacy assumptions related to having a human driver, and increased complexity and complexity handling were raised as important concerns. The analysis of these concern leads us to consider the current relationship between academia and industry as too disconnected. There is a risk that new techniques developed by academia end up irrelevant to industry. This underlying problem, and others relevant to autonomy, might be solved by collaborative research between different automotive companies. However, there are experts that challenge the underlying need for such collaboration. Therefore, externally to automotive companies, new expert arenas might be required in order to facilitate an exchange of ideas that lead to new collaboration efforts. Internally to automotive companies, the changes brought on by autonomy will lead to organizational changes and the creation of new roles. These organizational changes will have to be managed, or otherwise unnecessary conflict might occur between new and old roles.

Heavy commercial vehicles constitute the dominant form of inland freight transport. There is a strong interest in making such vehicles autonomous (self-driving), in order to improve safety and the economics of fleet operation. Autonomy concerns affect a number of key systems within the vehicle. One such key system is brakes, which need to remain continuously available throughout vehicle operation. This paper presents a fail-operational functional brake architecture for autonomous heavy commercial vehicles. The architecture is based on a reconfiguration of the existing brake systems in a typical vehicle, in order to attain dynamic, diversified redundancy along with desired brake performance. Specifically, the parking brake is modified to act as a secondary brake with capabilities for monitoring and intervention of the primary brake system. A basic fault tree analysis of the architecture indicates absence of single points of failure, and a reliability analysis shows that it is reasonable to expect about an order of magnitude improvement in overall system reliability. Copyright © 2016 SAE International.