Dissertations / Theses on the topic 'Safety related automotive software'

The successful use of fly-by-wire systems in aviation along with the positive experience of drive-by-wire systems with mechanical backup for braking and power steering have led to the development of complete drive-by-wire systems that reduce the cost of a vehicle, are lighter and provide better passive safety to the passenger. These systems have the form of a distributed, real-time embedded system. Similar architectures can be found in other safetycritical and mission-critical applications in avionics, as mentioned before, medical equipment, and the industrial sector. The advances in embedded system technology has enabled designers to implement low-cost and small form factor electronics. However shrinking CMOS technologies are facing considerable reliability problems since they become more sensitive to transient faults. This thesis investigates the application of traditional methods for the development of safety critical computer systems and their application on single-chip devices. The contributions of this work are briefly summarised as follows: • The development of a novel fault-tolerant architecture for protecting the processor core. • Methods for performing fault-injection experiments on embedded processor architectures. • Fault-models for multiple faults on digital systems with the use of statistical distributions. • An extensive study of a processor's behaviour under the presence of faults within its pipelined execution unit.

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Nuclear Engineering, 2004.
Page 242 blank.
Includes bibliographical references (p. 238-241).
The objective of this study is to improve quality and reliability of safety-critical software in the nuclear industry. It is accomplished by focusing on the following two areas: Formulation of a standard extensive integrated software testing strategy for safety-critical software, and Development of systematic test-based statistical software reliability quantification methodologies. The first step to improving the overall performance of software is to develop a comprehensive testing strategy, the gray box testing method. It has incorporated favorable aspects of white box and black box testing techniques. The safety-critical features of the software and feasibility of the methodology are the key drivers in determining the architecture for the testing strategy. Monte Carlo technique is applied to randomly sample inputs based on the probability density function derived from the specification of the given software. Software flowpaths accessed during testing are identified and recorded. Complete nodal coverage testing is achieved by automatic coverage checking. It is guaranteed that the most popular flowpaths of the software are tested.
The second part of the methodology is the quantification of software performance. Two Bayesian based white box reliability estimation methodologies, nodal coverage- based and flowpath coverage-based, are developed. The number of detected errors and the failure-free operations, the objective and subjective knowledge of the given software, and the testing and software structure information are systematically incorporated into both reliability estimation approaches. The concept of two error groups in terms of testability is initiated to better capture reliability features of the given software. The reliability of the tested flowpaths of the software and that of the untested flowpaths can be updated at any point during testing. Overall software reliability is calculated as a weighted average of the tested and untested parts of the software, with the probability of being visited upon next execution as the weight of each part. All of the designed testing and reliability estimation strategies are successfully implemented and automated via various software tools and demonstrated on a typical safety-critical software application.
by Yi Zhang.
Ph.D.

This thesis presents a systematic and structured way to migrate embedded software running on a digital signal processor to a different hardware platform. The solution includes using design patterns, a layered architecture and clearly defined interfaces to perform hardware abstraction. The proposed solution is aimed for a particular embedded system used in a product at AI.

This thesis investigates the use of Synchronous Concurrent Algorithms (SCAs) in the development of safety related software, where a stricter adherence to mathematical correctness is required. The original model of SCAs is extended to produce abstract and concrete dynamic SCAs (dSCAs) that allow dynamic, but predictable, SCAs to be produced whose wiring maybe different at different values of a program counter. A relaxed implementation of the Generalised Railroad Crossing Problem is used to demonstrate each of the SCA models. SCAs were originally defined by Tucker and Thompson and were restricted to unit-delays between modules. Hobley investigated the introduction of non-unit delay SCAs and how non-unit delay SCAs may be represented as unit delay SCAs. Poole, Tucker and Thompson introduced the concept of hierarchies of Spatially Expanded Systems, of which SCAs are a form. All of these tools are used and expanded upon in this thesis to provide a mechanism enabling an SCA representation of an algorithm to be transformed into an SCA representation of a computing device that implements that algorithm, and to be able to demonstrate correctness. As each SCA model can be represented algebraically, this thesis provides the transformations as meta-algebras, i.e. algebras that can transfrom one algebra to another algebra.

Artificial system interaction with the real environment is in general based on the deployment of properly coordinated sensors and actuators, establishing between them a “dynamic control-loop”. The time to close this control-loop characterizes the functionality and applicability to critical systems in response time. In the case of digital control, the performance of the processor is directly related to response time. In this line computational demands in many Critical Embedded System (CES) industries such as avionics, space, automotive and railway have experienced an unprecedented growth as a consequence of the need to cope with more sophisticated software functionalities. The use of high-performance hardware features in CES, such as multicore architectures, to respond to those performance requirements, challenges the computation of tight WCET estimates. The source of this complexity comes from the interferences (contention) when accessing hardware resources shared across the different tasks running simultaneously. Several proposals advocate for hardware support to either eliminate or control inter-task conflicts on access to shared hardware resources (e.g. Time Division Multiple Access(TDMA) in buses, partitioning for caches), to simplify timing analysis via removing or controlling effect of contention. However, to the best of our knowledge, no current Commercially-of-the-Shelf(COTS) multicore processor provides complete isolation or full control of inter-task interference. As a consequence, the execution time of a software program may be inordinately affected by the load that its co-runners place on the hardware shared resources. This Thesis provides software methodologies to characterize and control the contention on COTS multicore processors so that they can be factored in measurement-based timing analysis. To that end, we make the following contributions. First, we perform an study of the vast state of the art on the topic and we propose a taxonomy to classify existing approaches with emphasis on their goals and assumptions. This helps better understanding the symbiosis and overlapping elements of the state-of-the-art works. Second, we propose a measurement-based methodology to derive the longest delay requests from a task can take accessing FIFO and round-robin arbitrated resources, fundamental to derive tasks’ worst-case contention effects. Third, with the goal of deriving time composable WCET estimates, we introduce signatures and templates to abstract contention caused and incurred by tasks in a multicore. Fourth, we present a methodology to derive WCET estimates during early design stages, before tasks (software units) are integrated. And fifth, we report our experience with timing analysis on two COTS ARM-based multicores.
La interacción de los sistemas artificiales con el entorno real esta generalmente basado en el uso de sensores y actuadores adecuadamente coordinados, generando entre ellos un "bucle de control dinámico". El tiempo de este bucle caracteriza cuan funcional y aplicable son para los sistemas críticos en tiempo de respuesta. En el caso de los sistemas de control digital, el rendimiento de los procesadores está directamente relacionado con el tiempo de respuesta. La demanda de computación en muchas industrias de Sistemas Críticos Empotrados (SCE), como la industria aeronáutica, aeroespacial, auto motiva y ferroviaria, han experimentado un crecimiento sin precedentes como consecuencia de tener que lidiar con funcionalidades software cada vez más sofisticadas. El uso de características hardware de alto rendimiento en SCE, como las arquitecturas multinucleo, para responder a esos requisitos de rendimiento, dificulta la computación de estimación WCET de forma ajustada. La fuente de esta complejidad viene de la interferencia (contención) cuando los recursos hardware compartidos son accedidos por diferentes tareas que se ejecutan a la vez. Existen varias propuestas para utilizar soporte hardware que elimine o controles conflictos inter-tarea cuando accedan a los recursos hardware compartidos (ej. Time Division Multiple Access(TDMA) en buses, particionado en caches), para simplificar el análisis de tiempo eliminando o controlando los efectos de la contención. Pero, en nuestro mejor saber, ningún procesador multinucleo Commercially-of-the-Shelf (COTS) aporta aislamiento completo o control total de las interferencias inter-tarea. Como consecuencia, el tiempo de ejecución de un software puede ser afectado por carga ejercida sobre los recursos hardware compartidos por las tareas competidoras. Esta tesis ofrece metodologías software para caracterizar y controlar la contención en procesadores multinucleos COTS para que puedan ser factorizados en análisis de tiempo basado en medidas. Para este fin, hemos hecho las siguientes contribuciones. Primero, realizamos un vasto estudio del estado del arte sobre el tema y proponemos una taxonomía que clasifica las propuestas existentes haciendo énfasis en sus logros y suposiciones. Esto ayudara a entender mejor la simbiosis y superposición de los elementos en los trabajos más actuales. Segundo, proponemos una metodología basada en medidas para derivar el mayor retraso que una petición de una tarea puede sufrir cuando aceden recursos arbitrados por FIFO o Round-Robin, algo fundamental para derivar el efecto de la contención en el peor caso Tercero, con el objetivo de derivar estimaciones de WCET que sean "composable" en el tiempo, introducimos las "signatures" y "templates" para abstraer la contención causada y sufrida por las tareas en un procesador multinucleo. Cuarto, presentamos una metodología para derivar estimaciones de WCET durante la Fase Temprana de Diseño, antes que las tareas (unidades de software) sean integradas. Y quinto, reportamos nuestra experiencia con el análisis de tiempo en dos multinucleo COTS basados en ARM.

The platform software architecture for the safety related embedded systems developed by Scania has become increasingly more complex. High complexity raises both the risk of failures and the time consumed by software developers to understand and debug the source code. This leads to increased software maintenance costs, which according to [24] can be between 60% and 75% of the total cost of software development. The purpose of this Master’s thesis is to investigate how a part of Scania’s current software architectural design can be further developed in order to decrease the complexity and the maintenance costs, without compromising with the essential functionality and performance. Another goal is to provide a solution that complies with the software safety requirements from ISO 26262, which Scania is planning to be able to fulfill in the future. To be able to compare our proposal for the software architecture with Scania’s current solution, a measurement tool has been developed. This tool measures the software quality metrics coupling and cohesion, which together with other software metrics gives an estimation of the architecture’s complexity. The verification of the software architecture with regards to ISO 26262 has been done using contract theory. The thesis work has resulted in alternative solutions for the software architectural design of the pressure sensor driver and the real-time database in one of Scania’s electronic control units. These solutions comply better with ISO 26262 and have lower complexity than Scania’s current solution in terms of coupling, cohesion and size of software components. This has been achieved by restructuring the software architecture and avoiding reuse of common software functions. The main conclusion of the thesis is that there is great potential for Scania to reduce the complexity of the platform software architecture and comply with ISO 26262.
Plattformsarkitekturen för programvaran i de säkerhetsrelaterade inbyggda system som Scania utvecklar har blivit alltmer komplex. Hög komplexitet medför ökad risk för att fel uppstår i programvaran samt att den tid som programvaruutvecklare spenderar med att förstå och debugga (avlusa) källkoden ökar. Detta leder till ökade underhållskostnader, vilket enligt [24] kan utgöra mellan 60 % och 75 % av den totala kostnaden för programvaruutveckling. Syftet med detta examensarbete är att undersöka hur en del av Scanias nuvarande arkitekturdesign kan vidareutvecklas för att minska komplexiteten, utan att kompromissa med någon grundläggande funktionalitet och prestanda. Ett annat mål är att erbjuda en lösning som uppfyller de säkerhetskrav för programvaran som ISO 26262 ställer, vilket Scania förbereder sig för att kunna uppfylla i framtiden. Ett mätverktyg har utvecklats för att kunna jämföra vår programvaruarkitekturlösning med Scanias nuvarande lösning. Detta verktyg mäter kvalitetsmåtten coupling (koppling) och cohesion (samhörighet), vilka tillsammans med andra programvarumått ger en uppskattning av komplexiteten för arkitekturen. Verifieringen av programvaruarkitekturen med avseende på kraven från ISO 26262 har utförts med hjälp av kontraktteori. Examensarbetet har resulterat i alternativa arkitekturlösningar för trycksensorernas drivrutiner samt realtidsdatabasen i en av Scanias styrenheter, där lösningarna både uppfyller kraven från ISO 26262 bättre och har lägre komplexitetän Scanias nuvarande lösning. Detta har uppnåtts genom en omstrukturering av programvaruarkitekturen samt genom att undvika att återanvända gemensamma programvarufunktioner. Huvudslutsatsen som kan dras från examensarbetet är att det finns stor potential för Scania att kunna reducera programvaruarkitekturens komplexitet, samt uppfylla kraven från ISO 26262.

Thesis (Ph. D.)--West Virginia University, 2003.
Title from document title page. Document formatted into pages; 1 v. (various pagings) : ill. (some col.). Vita. Includes abstract. Includes bibliographical references.

The project is about the investigation on Document-Based databases, their evaluation criteria and use cases regarding requirements management, SW architecture and test management to set up an (ESLM) Embedded Systems Lifecycle Management tool. The current database used in the ESLM is a graph database called Neo4j, which meets the needs of the current system. The result of studying Document databases turned to the decision of not using a Document database for the system. Instead regarding the requirements, a combination of Graph database and Document database could be the practical solution in future.

Continues Integration has been a vital part of software development process in order to make the development process fast and reliable. There are number of actors which play an important role with support of third party tools that helps the development process to be effective and productive in nature. The CI- toolchain is capable of doing much more than the compilation of the software project which covers the daily life tasks of the developers like testing, documentation etc. The important part of automated toolchain is the conversion of source code artifacts into executables with the help of the build system. The selection of proper build system is a matter of subjective in nature and it depends upon the number of factors that should be analyzed before proceeding forward towards the selection mechanism. This thesis focuses on software rebuilding and proves practically with experiments that could help developers and managers to decide between two important software build systems SCons and CMake. It has been experimentally proved that what are the conditions and situations where SCons performs better and what are the moments where it is wise to select CMake as a build tool. At first, individual build tools are evaluated in terms of scalability, conveniency, consistency, correctness, performance (in terms of speed and targets) and later, the build systems are experimented by automating the workflow by increasing the source code artifacts to evaluate the performance when there is limited user interaction. The behavior of the build systems are also tried with other third party tools like Tessy for testing purposes, Jenkins as CI server, and Polarion as requirement engineering tool to show how much effort is required to integrate third party tools with the build system in order to increase the functionality. The evaluation of the build systems is important because that will highlights the areas where potential candidates are better and where there is lack of functional specifications. Generally speaking, SCons has an advantage of being Pythonic in nature and provides the developer ease of use to specify the build configurations using programmatic skills. CMake on other hand are on top of shelves where there is no need to understanding and caring about the underlying platform and where developers want to generate the native build tool solutions which are readily available for exporting them into IDEs. Though both of the build systems has different goals, for example SCons is ready to sacrifices the performance while providing user correctness of the build while CMake focuses on generating native build tools by understanding the underlying platform. All of these types of situations are discussed with experiments in this thesis and serves as the practical guides for high level managers to decide the build tools among others. After evaluation, this thesis firstly suggests the general techniques where the bottlenecks could be covered and then build tool specific optimizations and recommendations are discussed to speed-up the development process.

The article identifies the challenges during the system and specifically the software development process for safety critical electro-hydraulic control systems by using the example of the hydrostatic driveline with a four speed transmission of a feeder mixer. An optimized development approach for mobile machinery has to fulfill all the requirements according to the Machinery Directive 2006/42/EC, considering functional safety, documentation and testing requirements from the beginning and throughout the entire machine life cycle. The functionality of the drive line control could be verified in advance of the availability of a prototype by using a “software-in-the-loop” development approach, based on a MATLAB/SIMULINK model of the drive line in connection with the embedded software.

The increasing complexity and size of modern Cyber-Physical Systems (CPS) has led to a sharp decline in productivity among CPS designers. Requirements on safety aggravate this problem further, both by being difficult to ensure and due to their high importance to the public. Tools, or rather efforts to facilitate the automation of development processes, are a central ingredient in many of the proposed innovations to mitigate this problem. Even though the safety-related implications of introducing automation in development processes have not been extensively studied, it is known that automation has already had a large impact on operational systems. If tools are to play a part in mitigating the increase in safety-critical CPS complexity, then their actual impact on CPS development, and thereby the safety of the corresponding end products, must be sufficiently understood. An survey of relevant research fields, such as system safety, software engineering and tool integration, is provided to facilitate the discussion on safety-related implications of tool usage. Based on the identification of industrial safety standards as an important source of information and considering that the risks posed by separate tools have been given considerable attention in the transportation domain, several high-profile safety standards in this domain have been surveyed. According to the surveyed standards, automation should primarily be evaluated on its reliable execution of separate process steps independent of human operators. Automation that only supports the actions of operators during CPS development is viewed as relatively inconsequential. A conceptual model and a reference model have been created based on the surveyed research fields. The former defines the entities and relationships most relevant to safety-related risks associated with tool usage. The latter describes aspects of tool integration and how these relate to each other. By combining these models, a risk analysis could be performed and properties of tool chains which need to be ensured to mitigate risk identified. Ten such safety-related characteristics of tool chains are described. These safety-related characteristics provide a systematic way to narrow down what to look for with regard to tool usage and risk. The hypothesis that a large set of factors related to tool usage may introduce risk could thus be tested through an empirical study, which identified safety-related weaknesses in support environments tied both to high and low levels of automation. The conclusion is that a broader perspective, which includes more factors related to tool usage than those considered by the surveyed standards, will be needed. Three possible reasons to disregard such a broad perspective have been refuted, namely requirements on development processes enforced by the domain of CPS itself, certain characteristics of safety-critical CPS and the possibility to place trust in a proven, manual development process. After finding no strong reason to keep a narrow perspective on tool usage, arguments are put forward as to why the future evolution of support environments may actually increase the importance of such a broad perspective. Suggestions for how to update the mental models of the surveyed safety standards, and other standards like them, are put forward based on this identified need for a broader perspective.
Den ökande komplexiteten och storleken på Cyber-Fysiska System (CPS) har lett till att produktiviteten i utvecklingen av CPS har minskat kraftigt. Krav på att CPS ska vara säkra att använda förvärrar problemet ytterligare, då dessa ofta är svåra att säkerställa och samtidigt av stor vikt för samhället. Mjukvaruverktyg, eller egentligen alla insatser för att automatisera utvecklingen av CPS, är en central komponent i många innovationer menade att lösa detta problem. Även om forskningen endast delvis studerat säkerhetsrelaterade konsekvenser av att automatisera produktutveckling, så är det känt att automation har haft en kraftig (och subtil) inverkan på operationella system. Om verktyg ska lösa problemet med en ökande komplexitet hos säkerhetskritiska CPS, så måste verktygens påverkan på produktutveckling, och i förlängningen på det säkra användandet av slutprodukterna, vara känd. Den här boken ger en översikt av forskningsfronten gällande säkerhetsrelaterade konsekvenser av verktygsanvändning. Denna kommer från en litteraturstudie i områdena systemsäkerhet, mjukvaruutveckling och verktygsintegration. Industriella säkerhetsstandarder identifieras som en viktig informationskälla. Då riskerna med användandet av enskilda verktyg har undersökts i stor utsträckning hos producenter av produkter relaterade till transport, studeras flera välkända säkerhetsstandarder från denna domän. Enligt de utvalda standarderna bör automation primärt utvärderas utifrån dess förmåga att självständigt utföra enskilda processteg på ett robust sätt. Automation som stödjer operatörers egna handlingar ses som tämligen oviktig. En konceptuell modell och en referensmodell har utvecklats baserat på litteraturstudien. Den förstnämnda definierar vilka entiteter och relationer som är av vikt för säkerhetsrelaterade konsekvenser av verktygsanvändning. Den sistnämnda beskriver olika aspekter av verktygsintegration och hur dessa relaterar till varandra. Genom att kombinera modellerna och utföra en riskanalys har egenskaper hos verktygskedjor som måste säkerställas för att undvika risk identifierats. Tio sådana säkerhetsrelaterade egenskaper beskrivs. Dessa säkerhetsrelaterade egenskaper möjliggör ett systematiskt sätt att begränsa vad som måste beaktas under studier av risker relaterade till verktygsanvändning. Hypotesen att ett stort antal faktorer relaterade till verktygsanvändning innebär risk kunde därför testas i en empirisk studie. Denna studie identifierade säkerhetsrelaterade svagheter i utvecklingsmiljöer knutna både till höga och låga nivåer av automation. Slutsatsen är att ett brett perspektiv, som inkluderar fler faktorer än de som beaktas av de utvalda standarderna, kommer att behövas i framtiden. Tre möjliga orsaker till att ett bredare perspektiv ändå skulle vara irrelevant analyseras, nämligen egenskaper specifika för CPS-domänen, egenskaper hos säkerhetskritiska CPS och möjligheten att lita på en beprövad, manuell process. Slutsatsen blir att ett bredare perspektiv är motiverat, och att den framtida utvecklingen av utvecklingsmiljöer för CPS sannolikt kommer att öka denna betydelse. Baserat på detta breda perspektiv läggs förslag fram för hur de mentala modellerna som bärs fram av de utvalda säkerhetstandarderna (och andra standarder som dem) kan utvecklas.

QC 20141001

The European standard EN 50128 "Railway applications - Communication, signalling and processing systems - Software for railway control and protection systems" is one of the European standards for European Railway systems. It is intended for software aspects, specifying procedures and technical requirements for the development of programmable Electronic systems, which are used in railway control and protection applications. Since 2017- 04-25 the original version EN 50128:2001 has been replaced by the updated new version EN 50128:2011. The update is quite extensive and will effect many parts of the existing Railway systems. The aim of this study is to investigate the effect of the EN 50128 update. The work for this study includes literature study, document research and interview with the relevant supplies and experts. Qualitative and quantitative methods have been used in the study to reach the possible best results. The effects due to the EN 50128 update have been extensively investigated. The following issues have been addressed: - How can the update of the standard EN 50128 be done smoothly by the companies? - How much money have they spent to update their process to follow the 2011 version? - What parts of the process have been the most extensive and expensive to change due to the standard update? The results of the work are useful for an organized and professional assessor to help and support the companies dealing with this complex software, in order for them to be prepared for the upcoming standard update as well as possible. If the affected companies have been proactive in their own development of their methods/techniques, the 2011 version of the standard will not be a major work to follow for their process. A standard is a guideline and a support in the way to a safer system.

This thesis concerns the safety in user interfaces. In particular it concerns the user interfaces in systems in which safety is critical. I have studied such systems in the maritime industry, where we for instance may find them on the bridges of ships. Computer systems get more and more important in the daily routines of humans, and it is important that this does not go unnoticed. Designers of computer systems need to take human factors into consideration when designing their systems. These considerations might be especially important in complex systems, as these are often safety critical. The bridges on ships are likely to include complex systems for the operator to handle, as they often involve multiple screens, or other factors that increase the complexity of a system. Such factors might include being able to pay attention to several incidents at once. When dealing with complex systems, it is important that the operator knows how to handle the system, and also how to react when an incident occurs. These are factors that need to be considered by the designer when making the system and theories on how to do this are described in the thesis. I have also described standards which consider this, like the ISO 11064 standard, or the Atomos regulation and the ISO 17894 which considers this for the maritime industry in particular. Parts of the industry have made an effort to develop tools to be used to improve the safety. I have studied some of these efforts and presented them in the thesis. Furthermore, I have developed a survey to study how the individual members and different parts of the industry feel and behave towards safety. The survey gave an insight into reality of how safety is being handled in the industry as a whole. In particular it pointed to the main problem of the maritime industry, that the industry is very heterogeneous, and also that the different parts of the industry are in competition with each other. Most of the respondents had not heard about the Atomos regulation or the ISO 17894 standards, efforts that could have been used as a tool to improve the level of safety. The questionnaire also showed that while most of the respondents are satisfied with the level of safety in their organization, they are not satisfied with the level of safety in the overall industry. The thesis consists of six parts. Part I deals with the introduction and general theory from research methods and psychology. Part II deals with usability and related standards. These include ISO 11064, theory on usability and a description of an accident due to poorly designed user interface. Part III describes relevant background from the maritime industry, which involves the ISO 17894 standard, the Atomos regulation and e-navigation, an example of a newly made effort. Part IV gives a description of the development of my questionnaire, and also provides the results and conclusions made from them. Part V provides the conclusions and suggestions for future work, while part VI contains appendices.

With the introduction of software into cars, many functions are now realized with reduced cost, weight and energy. The development of these software systems is done in a distributed manner independently by suppliers, following the traditional approach of the automotive industry, while the car maker takes care of the integration. However, the integration can lead to unexpected and unintended interactions among software systems, a phenomena regarded as feature interaction. This dissertation addresses the problem of the automatic detection of feature interactions for automotive active safety features. Active safety features control the vehicle's motion control systems independently from the driver's request, with the intention of increasing passengers' safety (e.g., by applying hard braking in the case of an identified imminent collision), but their unintended interactions could instead endanger the passengers (e.g., simultaneous throttle increase and sharp narrow steering, causing the vehicle to roll over). My method decomposes the problem into three parts: (I) creation of a definition of feature interactions based on the set of actuators and domain expert knowledge; (II) translation of automotive active safety features designed using a subset of Matlab's Stateflow into the input language of the model checker SMV; (III) analysis using model checking at design time to detect a representation of all feature interactions based on partitioning the counterexamples into equivalence classes. The key novel characteristic of my work is exploiting domain-specific information about the feature interaction problem and the structure of the model to produce a method that finds a representation of all different feature interactions for automotive active safety features at design time. My method is validated by a case study with the set of non-proprietary automotive feature design models I created. The method generates a set of counterexamples that represent the whole set of feature interactions in the case study.By showing only a set of representative feature interaction cases, the information is concise and useful for feature designers. Moreover, by generating these results from feature models designed in Matlab's Stateflow translated into SMV models, the feature designers can trace the counterexamples generated by SMV and understand the results in terms of the Stateflow model. I believe that my results and techniques will have relevance to the solution of the feature interaction problem in other cyber-physical systems, and have a direct impact in assessing the safety of automotive systems.

Continues Integration has been a vital part of software development process in order to make the development process fast and reliable. There are number of actors which play an important role with support of third party tools that helps the development process to be effective and productive in nature. The CI- toolchain is capable of doing much more than the compilation of the software project which covers the daily life tasks of the developers like testing, documentation etc. The important part of automated toolchain is the conversion of source code artifacts into executables with the help of the build system. The selection of proper build system is a matter of subjective in nature and it depends upon the number of factors that should be analyzed before proceeding forward towards the selection mechanism. This thesis focuses on software rebuilding and proves practically with experiments that could help developers and managers to decide between two important software build systems SCons and CMake. It has been experimentally proved that what are the conditions and situations where SCons performs better and what are the moments where it is wise to select CMake as a build tool. At first, individual build tools are evaluated in terms of scalability, conveniency, consistency, correctness, performance (in terms of speed and targets) and later, the build systems are experimented by automating the workflow by increasing the source code artifacts to evaluate the performance when there is limited user interaction. The behavior of the build systems are also tried with other third party tools like Tessy for testing purposes, Jenkins as CI server, and Polarion as requirement engineering tool to show how much effort is required to integrate third party tools with the build system in order to increase the functionality. The evaluation of the build systems is important because that will highlights the areas where potential candidates are better and where there is lack of functional specifications. Generally speaking, SCons has an advantage of being Pythonic in nature and provides the developer ease of use to specify the build configurations using programmatic skills. CMake on other hand are on top of shelves where there is no need to understanding and caring about the underlying platform and where developers want to generate the native build tool solutions which are readily available for exporting them into IDEs. Though both of the build systems has different goals, for example SCons is ready to sacrifices the performance while providing user correctness of the build while CMake focuses on generating native build tools by understanding the underlying platform. All of these types of situations are discussed with experiments in this thesis and serves as the practical guides for high level managers to decide the build tools among others. After evaluation, this thesis firstly suggests the general techniques where the bottlenecks could be covered and then build tool specific optimizations and recommendations are discussed to speed-up the development process.

Indiana University-Purdue University Indianapolis (IUPUI)
The Pedestrian Automatic Emergency Braking System (PAEB) can utilize on-board sensors to detect pedestrians and take safety related actions. However, PAEB system only benefits the individual vehicle and the pedestrians detected by its PAEB. Additionally, due to the range limitations of PAEB sensors and speed limitations of sensory data processing, PAEB system often cannot detect or do not have sufficient time to respond to a potential crash with pedestrians. For further improving pedestrian safety, we proposed the idea for integrating the complimentary capabilities of V2V and PAEB (V2V-PAEB), which allows the vehicles to share the information of pedestrians detected by PAEB system in the V2V network. So a V2V-PAEB enabled vehicle uses not only its on-board sensors of the PAEB system, but also the received V2V messages from other vehicles to detect potential collisions with pedestrians and make better safety related decisions. In this thesis, we discussed the architecture and the information processing stages of the V2V-PAEB system. In addition, a comprehensive Matlab/Simulink based simulation model of the V2V-PAEB system is also developed in PreScan simulation environment. The simulation result shows that this simulation model works properly and the V2V-PAEB system can improve pedestrian safety significantly.