The complexity of automated driving poses challenges for providing safety assurance. Focusing on the architecting of an Autonomous Driving Intelligence (ADI), i.e. the computational intelligence, sensors and communication needed for high levels of automated driving, we investigate so called safety supervisors that complement the nominal functionality. We present a problem formulation and a functional architecture of a fault-tolerant ADI that encompasses a nominal and a safety supervisor channel. We then discuss the sources of hazardous events, the division of responsibilities among the channels, and when the supervisor should take over. We conclude with identified directions for further work.

In embarking towards Cyber-Physical Systems (CPS) withunprecedented capabilities it becomes essential to improve our understanding ofCPS complexity and how we can deal with it. We investigate facets of CPScomplexity and the limitations of Collaborating Information Processing Systems(CIPS) in dealing with those facets. By CIPS we refer to teams of humans andcomputer-aided engineering systems that are used to develop CPS. Furthermore,we specifically analyze characteristic differences among software and physicalparts within CPS. The analysis indicates that it will no longer be possible to relyonly on architectures and skilled people, or process and model/tool centeredapproaches. The tight integration of heterogeneous physical, cyber, CPS components,aspects and systems, results in a situation with interfaces and interrelationseverywhere, each requiring explicit consideration. The role of modelbasedand computer aided engineering will become even more essential, anddesign methodologies will need to deeply consider interwoven systems andsoftware aspects, including the hidden costs of software.

Co-simulation has been proposed as a method for facilitating integrated simulation of multi-domain models of Cyber-physical Systems (CPS). To ensure that co-simulations are well-managed, concerns beyond technical mechanisms for co-simulation also need to be addressed during tool-chain development. In this paper, an evolution of two frameworks supporting co-simulation tool-chain development is first introduced. Drawing upon the empirical findings from an initial framework SPIT developed based on model-driven techniques, we develop a service-oriented framework, SPIRIT based on model-driven and tool-integration techniques. Moreover, we propose a 3D viewpoint based method to formalize concept models of co-simulation tool-chains. In order to evaluate the evolution, we use visualizations of related concept models to compare tool-chains developed based on these two frameworks. 

Model-based systems engineering (MBSE) is an emerging technique widely used in current industry. It is a leading way expected to become a next-generation standard practice in the systems engineering. Fundamental tenets of systems engineering can be supported by a model-based approach to minimize design risks and avoid design changes in late development stages. The models can be used to formalize, analyze, design, optimize, verify and validate target products which help developers to integrate engineering development, organization and product across domains. Though model-based development is well established in specific domains, such as software, mechanical system, electric systems, its role in integrated development from system aspect is still a big challenge for current Chinese industry. In this paper, a survey from volunteers who related with MBSE is taken by questionnaires. The purpose of this survey is to highlight the usage and status of MBSE in current Chinese industry and address roughly the understandings of MBSE concepts among system developers in China based on the answers about usages, advantages, barriers, concerns, trends of MBSE, particularly the perspective of tool-chain development.

This paper proposes a SPIRIT framework supporting model-based systems engineering (MBSE) tool-chain development of advanced cyber-physical systems (CPS) with emphasis on tool integration, process management, automated verification and validation. The core features of the developed MBSE tool-chain include domain-specific modeling to describe CPS development, service-oriented deployment of technical resources (data, model and tool operations) and process management through IT platforms. The framework has two purposes: to support tool-chain development with a systems engineering approach; to promote interoperability of the whole developed tool-chain through a service-oriented approach. The framework covers social, process, information and technical aspects aiming to integrate various related MBSE techniques with tool-chain development. Based on the framework, an MBSE tool-chain prototype is developed, and the flexibility and interoperability are evaluated through a case study.

Robots and autonomous systems have become a part of our everyday life, therefore guaranteeing their safety is crucial. Among the possible ways to do so, monitoring is widely used, but few methods exist to systematically generate safety rules to implement such monitors. Particularly, building safety monitors that do not constrain excessively the system’s ability to perform its tasks is necessary as those systems operate with few human interventions. We propose in this paper a method to take into account the system’s desired tasks in the specification of strategies for monitors and apply it to a case study. We show that we allow more strategies to be found and we facilitate the reasoning about the trade-off between safety and availability. 

Cyber-physical systems (CPS) are integrations of computational and physical processes. They represent a new generation of systems that interact with humans and expand the capabilities of the physical world through computation, communication, and control. At the same time, actions and interventions associated with this complex systems can have highly unpredictable and unintended consequences. Furthermore, today’s practices of CPS design and implementation are not able to support the level of complexity required to detect these consequences. 

One methodology to approach this complex problem space is systems thinking (ST). Systems thinking emerges as both a worldview and a process in the sense that it informs one's understanding regarding a system and can be used as a problem-solving approach. Systems thinking is an abstraction-oriented analysis approach, specifically designed for heterogeneous complex systems.

At the same time, another methodology, design thinking (DT), has enjoyed significantly increased visibility and importance over the last decade. Design thinking is a creative problem-solving approach, which puts human to the center and focuses first on the needs and experiences of the user.

This paper aims to illustrate the possibility to use design thinking and systems thinking methodologies together to better deal with the complexity related problems during CPS design and implementation. The study proposes visual analytics as an integrative tool between these two methodologies, by (1) analyzing and understanding CPS development process through systems thinking, and (2) innovating and transforming the process through design thinking. To this end, an example use case is described and the application of the blended methodology explained step by step in relation to the use case. Visual analytics and data visualization are discussed in several steps and the possible benefits highlighted.

In vehicular communication protocol stacks, received messages may not always be decoded successfully due to the complexity of the decoding functions, the uncertainty of the communication load and the limited computation resources. Even worse, an improper implementation of the protocol stack may cause an unfair data age distribution among all the communicating vehicles (the receiving bias problem). In such cases, some vehicles are almost locked out of the vehicular communication, causing potential safety risk in scenarios such as intersection passing. To our knowledge, this problem has not been systematically studied in the fields of vehicular communication and intelligent transport systems (ITS). This paper analyzes the root of the receiving bias problem and proposes architectural solutions to balance data age distribution. Simulation studies based on commercial devices demonstrate the effectiveness of these solutions. In addition, our system has been successfully applied during the Grand Cooperative Driving Challenge, where complicated scenarios involving platooning maneuvering and intersection coordination were conducted.

With the advent of ISO 26262 there is an increased emphasis on top-down design in the automotive industry. While the standard delivers a best practice framework and a reference safety lifecycle, it lacks detailed requirements for its various constituent phases. The lack of guidance becomes especially evident for the reuse of legacy components and subsystems, the most common scenario in the cost-sensitive automotive domain, leaving vehicle architects and safety engineers to rely on experience without methodological support for their decisions. This poses particular challenges in the industry which is currently undergoing many significant changes due to new features like connectivity, servitization, electrification and automation. In this paper we focus on automated driving where multiple subsystems, both new and legacy, need to coordinate to realize a safety-critical function. This paper introduces a method to support consistent design of a work product required by ISO 26262, the Functional Safety Concept (FSC). The method arises from and addresses a need within the industry for architectural analysis, rationale management and reuse of legacy subsystems. The method makes use of an existing work product, the diagnostic specifications of a subsystem, to assist in performing a systematic assessment of the influence a human driver, in the design of the subsystem. The output of the method is a report with an abstraction level suitable for a vehicle architect, used as a basis for decisions related to the FSC such as generating a Preliminary Architecture (PA) and building up argumentation for verification of the FSC. The proposed method is tested in a safety-critical braking subsystem at one of the largest heavy vehicle manufacturers in Sweden, Scania C.V. AB. The results demonstrate the benefits of the method including (i) reuse of pre-existing work products, (ii) gathering requirements for automated driving functions while designing the PA and FSC, (iii) the parallelization of work across the organization on the basis of expertise, and (iv) the applicability of the method across all types of subsystems.

Co-simulation has grown from point-to-point between simulation tools for specific purposes to complex tool-chains which often require additional functionalities, e.g., process management, data management, and tool integration. With these additional functionalities, the related design activities could be controlled and implemented by uni- ed platforms to improve eciency and effectiveness. Due to increasing complexity and size of co-simulation tool-chains, a systematic approach is needed to formalize their evolution in order to analyze functionalities and evaluate their structures before development. In this paper, we extend a proposed domain specific language, - named Tool Integration Language (TIL) - to describe co-simulation tool-chain architectures on a high abstraction level aiming to promote the eciency and e effectiveness of co-simulation tool-chain development by the use of Model-based System Engineering (MBSE). We introduce how the extended TIL formalizes structures and present two industrial cases of co-simulation tool-chain from previous experiences and describe them using the TIL. Finally, we conclude this paper and introduce future work -a further extension of TIL supporting MBSE tool-chain development.