RV-ECU: Maximum Assurance In-Vehicle Safety Monitoring

Philip Daian, Shinichi Shiraishi, Akihito Iwai, Bhargava Manja, Grigore Rosu

Research output: Contribution to journalConference article

Abstract

The Runtime Verification ECU (RV-ECU) is a new development platform for checking and enforcing the safety of automotive bus communications and software systems. RV-ECU uses runtime verification, a formal analysis subfield geared at validating and verifying systems as they run, to ensure that all manufacturer and third-party safety specifications are complied with during the operation of the vehicle. By compiling formal safety properties into code using a certifying compiler, the RV-ECU executes only provably correct code that checks for safety violations as the system runs. RV-ECU can also recover from violations of these properties, either by itself in simple cases or together with safe message-sending libraries implementable on third-party control units on the bus. RV-ECU can be updated with new specifications after a vehicle is released, enhancing the safety of vehicles that have already been sold and deployed. Currently a prototype, RV-ECU is meant to eventually be deployed as global and local ECU safety monitors, ultimately responsible for the safety of the entire vehicle system. We describe its overall architecture and implementation, and demonstrate monitoring of safety specifications on the CAN bus. We use past automotive recalls as case studies to demonstrate the potential of updating the RV-ECU as a cost effective and practical alternative to software recalls, while requiring the development of rigorous, formal safety specifications easily sharable across manufacturers, OEMs, regulatory agencies and even car owners.

Original languageEnglish (US)
JournalSAE Technical Papers
DOIs
StatePublished - Jan 1 2016
EventSAE 2016 World Congress and Exhibition - Detroit, United States
Duration: Apr 12 2016Apr 14 2016

Fingerprint

Monitoring
Specifications
Railroad cars
Communication
Costs

ASJC Scopus subject areas

  • Automotive Engineering
  • Safety, Risk, Reliability and Quality
  • Pollution
  • Industrial and Manufacturing Engineering

Cite this

RV-ECU : Maximum Assurance In-Vehicle Safety Monitoring. / Daian, Philip; Shiraishi, Shinichi; Iwai, Akihito; Manja, Bhargava; Rosu, Grigore.

In: SAE Technical Papers, 01.01.2016.

Research output: Contribution to journalConference article

Daian, Philip ; Shiraishi, Shinichi ; Iwai, Akihito ; Manja, Bhargava ; Rosu, Grigore. / RV-ECU : Maximum Assurance In-Vehicle Safety Monitoring. In: SAE Technical Papers. 2016.
@article{6c4b48a758114ebf92d9161929e48cf8,
title = "RV-ECU: Maximum Assurance In-Vehicle Safety Monitoring",
abstract = "The Runtime Verification ECU (RV-ECU) is a new development platform for checking and enforcing the safety of automotive bus communications and software systems. RV-ECU uses runtime verification, a formal analysis subfield geared at validating and verifying systems as they run, to ensure that all manufacturer and third-party safety specifications are complied with during the operation of the vehicle. By compiling formal safety properties into code using a certifying compiler, the RV-ECU executes only provably correct code that checks for safety violations as the system runs. RV-ECU can also recover from violations of these properties, either by itself in simple cases or together with safe message-sending libraries implementable on third-party control units on the bus. RV-ECU can be updated with new specifications after a vehicle is released, enhancing the safety of vehicles that have already been sold and deployed. Currently a prototype, RV-ECU is meant to eventually be deployed as global and local ECU safety monitors, ultimately responsible for the safety of the entire vehicle system. We describe its overall architecture and implementation, and demonstrate monitoring of safety specifications on the CAN bus. We use past automotive recalls as case studies to demonstrate the potential of updating the RV-ECU as a cost effective and practical alternative to software recalls, while requiring the development of rigorous, formal safety specifications easily sharable across manufacturers, OEMs, regulatory agencies and even car owners.",
author = "Philip Daian and Shinichi Shiraishi and Akihito Iwai and Bhargava Manja and Grigore Rosu",
year = "2016",
month = "1",
day = "1",
doi = "10.4271/2016-01-0126",
language = "English (US)",
journal = "SAE Technical Papers",
issn = "0148-7191",
publisher = "SAE International",

}

TY - JOUR

T1 - RV-ECU

T2 - Maximum Assurance In-Vehicle Safety Monitoring

AU - Daian, Philip

AU - Shiraishi, Shinichi

AU - Iwai, Akihito

AU - Manja, Bhargava

AU - Rosu, Grigore

PY - 2016/1/1

Y1 - 2016/1/1

N2 - The Runtime Verification ECU (RV-ECU) is a new development platform for checking and enforcing the safety of automotive bus communications and software systems. RV-ECU uses runtime verification, a formal analysis subfield geared at validating and verifying systems as they run, to ensure that all manufacturer and third-party safety specifications are complied with during the operation of the vehicle. By compiling formal safety properties into code using a certifying compiler, the RV-ECU executes only provably correct code that checks for safety violations as the system runs. RV-ECU can also recover from violations of these properties, either by itself in simple cases or together with safe message-sending libraries implementable on third-party control units on the bus. RV-ECU can be updated with new specifications after a vehicle is released, enhancing the safety of vehicles that have already been sold and deployed. Currently a prototype, RV-ECU is meant to eventually be deployed as global and local ECU safety monitors, ultimately responsible for the safety of the entire vehicle system. We describe its overall architecture and implementation, and demonstrate monitoring of safety specifications on the CAN bus. We use past automotive recalls as case studies to demonstrate the potential of updating the RV-ECU as a cost effective and practical alternative to software recalls, while requiring the development of rigorous, formal safety specifications easily sharable across manufacturers, OEMs, regulatory agencies and even car owners.

AB - The Runtime Verification ECU (RV-ECU) is a new development platform for checking and enforcing the safety of automotive bus communications and software systems. RV-ECU uses runtime verification, a formal analysis subfield geared at validating and verifying systems as they run, to ensure that all manufacturer and third-party safety specifications are complied with during the operation of the vehicle. By compiling formal safety properties into code using a certifying compiler, the RV-ECU executes only provably correct code that checks for safety violations as the system runs. RV-ECU can also recover from violations of these properties, either by itself in simple cases or together with safe message-sending libraries implementable on third-party control units on the bus. RV-ECU can be updated with new specifications after a vehicle is released, enhancing the safety of vehicles that have already been sold and deployed. Currently a prototype, RV-ECU is meant to eventually be deployed as global and local ECU safety monitors, ultimately responsible for the safety of the entire vehicle system. We describe its overall architecture and implementation, and demonstrate monitoring of safety specifications on the CAN bus. We use past automotive recalls as case studies to demonstrate the potential of updating the RV-ECU as a cost effective and practical alternative to software recalls, while requiring the development of rigorous, formal safety specifications easily sharable across manufacturers, OEMs, regulatory agencies and even car owners.

UR - http://www.scopus.com/inward/record.url?scp=85072362132&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072362132&partnerID=8YFLogxK

U2 - 10.4271/2016-01-0126

DO - 10.4271/2016-01-0126

M3 - Conference article

AN - SCOPUS:85072362132

JO - SAE Technical Papers

JF - SAE Technical Papers

SN - 0148-7191

ER -