EN 
DE MicroConsult offers services related to the topics that are discussed at ESE Kongress: Training, seminars, and coaching. to.
Benefit from the experience of our embedded software engineering specialists and get in touch with us. We'd be happy to advise you.
MicroConsult training & coaching topics
ESE Congress 2015 Contributions, Part 2 – Topics:
- Open Source
- Requirements
- Safety and Security
- Software engineering management
- Testing and quality
- Contributions to ESE 2015, Part 1
- Homepage ESE Contributions
Open Source Lecture Series
Reactive Extensions – Everything is an event!
Introduction to programming with event streams
Marko Beelman, Philips Medical Systems Böblingen (ESE Congress 2015)
The increasing networking of devices and the use of cloud services present new challenges for software development. Sensor readings and push notifications from the cloud – more and more events need to be processed. Reactive Extensions allow events to be converted into streams and easily coordinated. Schedulers also significantly simplify asynchronous processing.
Embedded Software Engineering Reloaded: mbeddr
Practical report from the development of a smart meter
Dr. Stephan Eberle, itemis France SAS; Bernd Kolb, itemis; Dr. Markus Völter (ESE Congress 2015)
Over the past three years, itemis France has developed a smart meter whose embedded software demonstrably boasts the following characteristics: a maintainable, modular architecture, hardware-independent testability, low integration effort, and high reusability thanks to a platform-based development approach. The smart meter software was implemented entirely with mbeddr, an open-source IDE for developing embedded software based on an extensible version of C. Among other things, mbeddr supports C extensions for state machines, physical units, and components. mbeddr is also highly customizable, particularly through user-defined C language extensions. Furthermore, the mbeddr-based implementation generates very little overhead compared to traditionally implemented C code.
State machine origami
Efficient embedded software through interactive statecharts
Dr. Klaus Birken, Axel Terfloth, itemis AG (ESE Congress 2015)
State machines have proven their worth in many embedded software implementation projects. They allow for the graphical description of component behavior and the efficient generation of code in C or C++. The interaction of statecharts with their environment is described using concepts such as events and formal interfaces. The open-source project Franca allows the modeling of such interfaces, specifically their semantics (i.e., allowed sequences of events). In most projects, this information is only documented informally; with Franca, the allowed sequences are machine-readable and thus automatically verifiable. Tools for creating state machines can leverage this semantic information and provide interactive support to the developer, for example, by indicating expected or to-be-sent events, as well as unreachable states. This ensures compliance with all interface contracts and ultimately safeguards code quality.
Yocto: That can be done automatically!
Modular system for customized embedded distributions
Simon Egli, bbv Software Services (ESE Congress 2015)
The Yocto build system is a large and powerful tool. For beginners, it's often difficult to understand how the system works, making it challenging to start their own project. This article shows, step by step, how to build a simple distribution using custom recipes. Readers of this article will be equipped to tackle more advanced topics independently.
Android firmware over-the-air updates
The question of a modern update mechanism and Android's answer
Matthias Schaff, Dominik Helleberg, inovex GmbH (ESE Congress 2015)
In the embedded systems sector, hardly any requirements specification exists without the need to update the firmware of a Linux-based, embedded system in the field. The implementation of this is varied: from on-site visits by a technician to sending CF cards to providing self-flashing instructions for the customer – everything is possible. In the age of IoT, Industry 4.0, and the resulting widespread networking of components, these approaches seem positively antiquated. A modern update mechanism operates fully automatically, without compromising the security or stability of the process. In the following sections, we will briefly discuss the requirements for such a process, as well as various update architectures, before concluding with a detailed examination of the Android FOTA process.
More realistic application testing with Linux containers
Clearly defined test environment for reproducible results
Michael Burkard, bbv Software Services AG (ESE Congress 2015)
When you run your application tests on the development machine, it's difficult to assess the impact of certain factors on your test results. After a software update, libraries may be missing or replaced, rendering the test results unreproducible. Furthermore, how well do the resources of your development machine match those of the target system? With embedded systems, the differences are often so significant that running the tests on the target system is essential. Linux containers allow you to create a test environment that runs in isolation from the host system, conforms to the target system's constraints, and is still performant.
Linux and real-time
< 10 usec also on the Arm architecture?
Jan Altenberg, Heinz Egger, Linutronix GmbH (ESE Congress 2015)
Due to its large number of supported CPU architectures, virtually endless driver options, and, not least, its excellent portability and scalability, Linux is one of the most powerful embedded operating systems of our time. Even systems with stringent real-time requirements can be easily implemented with Linux. Various approaches and methods exist for achieving this. But which approach is the right one? And what latency levels can be achieved? This article presents different technologies that enable hard real-time capability under Linux. Furthermore, it demonstrates the jitter and latency levels achievable with these technologies.
Embedded multicore with AMALTHEA
Current status of the open tool platform
Harald Mackamul, Robert Bosch GmbH (ESE Congress 2015)
AMALTHEA is an open-source platform for developing embedded multi-core and many-core software systems. The platform enables the creation of a toolchain, for example, for timing simulation and validation, based on a common system description. As an open and free platform already successfully used by Bosch and various partners in the automotive sector, it improves interoperability and facilitates easier data exchange between different organizations. AMALTHEA makes it easier for manufacturers of development tools, suppliers, and service providers to integrate their products into the development process and create specific solutions.
Lecture series: Requirements
Increasing the efficiency of requirements management through agile methods
Which of your values are most important to you?
Colin Hood, Colin Hood Systems Engineering (ESE Congress 2015)
Looking at the Agile Manifesto of 2001, the following core elements of agile methods become apparent: 1) Respectful interaction; people are the most important element in change. 2) Flexible response to changes, such as evolving customer needs and new working methods. These values are often not prioritized during change and process improvements. Companies we have helped to focus more on these important values, such as respect and flexibility, during change processes have been able to reduce their time and costs by 401 to 801 times. The increased motivation and improved well-being of employees are clearly noticeable.
The specifications document in a tangible form
Executable software functions even before series development
Andreas Lachenschmidt, Andreas Biberger, iNTENCE automotive electronics GmbH (ESE Congress 2015)
With its "Executable Specification," iNTENCE presents a method that enables those responsible for functionalities to control the scope and characteristics of customer-facing functions early in the project. This is achieved through the early experience of the function via modeling. The "Executable Specification" and the traditional prose specification are created together in iterative and incremental steps, thereby increasing the quality of the specification in areas such as functional design, completeness, implementability, and testability. This article explains the methodology of the "Executable Specification" in detail and illustrates the successful use of the created models in testing. The insights gained, necessary prerequisites, opportunities, and limitations of the methodology are summarized in conclusion.
Change-based requirements management
Possibilities and approaches for integration into the development process
Antonio Jesus de Loureiro, agosense GmbH (ESE Congress 2015)
Software and systems development is virtually inconceivable today without a methodological approach – not least for reasons of product safety and quality, and the associated traceability of activities and results. Application Lifecycle Management (ALM) tools and platforms help support various practices and methods by visually representing dependencies between development artifacts and activities. But is that enough?
If you build on sand, don't be surprised by the creaking!
Check requirements for quality and derive metrics
Dr. Hans-Werner Wiesbrock, ITPower Solutions (ESE Congress 2015)
- If we want to improve the process, we need to know where we stand!
- If we want to know if we are improving, we have to compare before and after!
- We need to measure ourselves!
Lecture series: Safety and Security
Functional safety: Certified microcontroller self-test software
What you should consider for IEC 61508 certification
Dr. Jörg Koch, Renesas Electronics Europe (ESE Congress 2015)
Self-test software is a fundamental building block in the development of functional safety applications. In complex components such as a microcontroller's CPU, demonstrably meeting the required diagnostic coverage is challenging. This necessitates detailed knowledge of the underlying hardware. Validation of the required test coverage can be achieved through targeted fault simulation. This paper describes the development of self-test software for the CPU of the Renesas RX631/63N microcontroller family. The development of the CPU self-test software presented here was carried out according to IEC 61508 and accompanied by a TÜV Rheinland certification process.
Modern SDE vs. Certification Retention and Obsolescence
Balancing act in embedded avionics software development
Dr. Ludger Janauschek, Airbus Defence and Space GmbH (ESE Congress 2015)
When developing software for embedded systems in aviation, a wide variety of standards must be considered. One of the best-known civil standards is DO-178C. The entire development process must comply with the specifications of these standards, which particularly includes tools and methods from the field of Software Development Engineering (SDE). Tools, hardware, and methods in the SDE field are constantly evolving. To achieve modern and efficient software development, it is essential to stay up-to-date. This often creates a conflict with maintaining certification, as certification typically relies on the use of proven and approved tools and methods, thus "freezing" the state of SDE. Project durations of more than 20 years further complicate this situation. This presentation will explore the reasons for this balancing act between staying current and remaining frozen, as well as methods—and in some cases, opportunities—for overcoming this challenge, while also highlighting the limitations.
Towards Safe Robotics
Model-based development of high-integrity robots
Dipl.-Ing. Maximilian Apfelbeck and Dr.-Ing. Stephan Myschik, The MathWorks GmbH (ESE Congress 2015)
In the future, the proportion of robots interacting with humans will increase rapidly. They are equipped with a large number of sensors to perceive the dynamic environment. The sensor data is evaluated and incorporated into algorithms that ensure safe collaboration and robot response. The algorithms used must also be developed in accordance with safety standards such as IEC 61508-3 [1]. One way to meet these standards is model-based development. This approach is already being used very successfully in the automotive industry, among others. This presentation discusses a methodology for verifying and validating IEC 61508-3 compliant software components of collaborative robots using an example.
Safe Continuous Integration
Continuous Integration in safety-oriented development
Gudrun Neumann, SGS-TÜV Saar GmbH (ESE Congress 2015)
A manual software integration process cannot always keep pace with the speed of changes in software development. Therefore, more and more manufacturers are transitioning to a Continuous Integration (CI) process. This means that software build cycles for software integration are performed early and frequently, along with automated tests. This article uses an example CI process to illustrate which requirements of the functional safety standards must be observed. Particular attention will be paid to version management, traceability, and test automation. Even with this approach, evidence for safety-relevant activities must be provided, such as the selection of test methods and test specifications. A summary of the key aspects is provided at the end of the article.
Synergies of Safety and Security
Thomas Bötner, Prof. Dr. Hartmut Pohl, softScheck GmbH (ESE Congress 2015)
While robots inherently incorporate safety-relevant (IEC 61508 Functional Safety) protection mechanisms to prevent harm to life and limb, security (attack resistance: ISO 27034 and IEC 62443) is equally essential for (networked) robots, as security can impact safety: An attacker can exploit vulnerabilities in software or firmware to disable implemented protection mechanisms and cause connected robots to malfunction.
Certification of safety products according to Common Criteria
Special features for embedded systems
Jaroslav Svacina, Nadja Menz, Thilo Ernst, Fraunhofer FOKUS (ESE Congress 2015)
The digitalization of many areas of society is progressing at an enormous pace. Countless industries are increasingly relying on data digitalization, process automation, and the networking of individual components and systems. Alongside the corresponding advantages, however, this current development offers a wide range of new attack vectors which, if exploited correctly, can lead to enormous financial losses or personal injury. To increase confidence in security, software and hardware products can be certified according to ISO/IEC 15408 (Common Criteria). This article provides an overview of the certification of security products according to Common Criteria and specifically addresses some particular aspects in the context of embedded systems.
Security in the context of functional safety
How Safety and Security are related
Stefan Kriso, Robert Bosch GmbH (ESE Congress 2015)
With the increasing connectivity of vehicles with their environment, automotive security is currently gaining significant importance – from the "simple" connection via an in-vehicle smartphone with internet access to the potentially permanent data connection of the vehicle for automated driving in the future. Wherever external data access exists, hackers will sooner or later attempt to gain access to the vehicle, as a recent example vividly demonstrates [1]: Regardless of the security issues presented and their actual practical relevance, it was possible to trigger vehicle functions that are classified as safety-relevant, such as engine shutdown (breakdown), self-steering, or brake failure. In principle, there is therefore a risk that a security attack on a vehicle – whether unintentional or deliberate – could trigger safety-relevant malfunctions. This paper examines the relationship between automotive security and functional safety in more detail. Other security assets to be protected, such as data protection, are deliberately excluded from this discussion.
Security and Safety Challenge
Security requirements in the context of ISO 26262
Dr. Jens Christian Lisner, TÜV NORD Mobility (ESE Congress 2015)
Due to current developments in the automotive industry, such as various telematics applications, additional requirements are arising for safety-critical systems from vehicle security. This raises the question of whether the two disciplines complement each other or even hinder each other, and what consequences can be drawn from this.
Integrated Model-based Safety Engineering with I-SafE
Pablo Oliveira Antonino, David Santiago, Velasco Moncada, Thomas Kuhn, Daniel Schneider, Mario Trapp, Fraunhofer IESE (ESE Congress 2015)
Even in the age of computerization, safety engineering is still a matter of textual documents and even pen and paper. One major consequence of this are inconsistent and incomplete specifications of safety-critical systems, which are a core reason of catastrophic failures. To improve the completeness and consistency of safety-critical systems specifications, we present an integrated multi-analysis and multi-viewpoint safety engineering tool called I-SafE, which is a solution that supports general safety analysis as well as the specification and analysis of safety requirements traceability to architecture and failure models.
Model-based risk analysis of safety-critical systems
Experiences with a UML profile in the railway engineering environment
Markus Schacher, KnowGravity Inc. (ESE Congress 2015)
The European standard for demonstrating the reliability, availability, maintainability, and safety of railway applications defines safety as "freedom from risks that are unacceptable to humans or the environment" and risk as "the combination of the expected frequency of a loss and the expected severity of that loss." This article shows how such risk considerations can be developed in the form of a UML model.
Lecture series Software Engineering Management
The paradox of "custom-specific standard software"„
Two worlds, two solutions, and what we can learn from each other
Martin Becker, Fraunhofer Institute for Experimental Software Engineering (IESE) (ESE Congress 2015)
Product customization is a central theme found in almost every type of product and in every industry. It is therefore also a core issue in software development. Every customer wants software that meets their specific requirements. Standard software, whether in the embedded or application domain, cannot achieve this. Nevertheless, the proportion of components used in multiple customer projects is very high in most cases. So how is it possible to reconcile reuse and standardization with the production of customized products?
Well structured is half the battle.
Principles and patterns for highly variable systems
Matthias Essig, WITTENSTEIN electronics GmbH, Benjamin Boost, AIT GmbH & Co.KG (ESE Congress 2015)
A look at industrial practice shows that most products and services are offered in multiple variants, and this variety is increasing. This presents a particular challenge for companies that manufacture embedded systems: how can this variety be managed efficiently and effectively? Besides ad-hoc approaches, such as cloning existing solutions, more strategic approaches, such as platforms, modular systems, or product lines, are often pursued. Appropriate product structuring is of paramount importance when dealing with highly variant systems and has far-reaching consequences. But what characterizes good product structures? Are there principles and patterns that have proven successful at the architecture, design, and implementation levels? How do others do it? This article addresses these questions.
Use of industrial property rights in business operations
Supporting corporate strategy with intellectual property rights
Ralph Fernolend, Maiwald Patentanwaltsgesellschaft mbH (ESE Congress 2015)
Industrial property rights enable the protection of intellectual property and other intangible assets. This includes, for example, the results of innovative work (technical inventions) or product designations (trademarks). Unlike, for example, secrecy to protect one's own innovations, industrial property rights allow recourse to the sovereign power of the state in enforcing one's legal position against third parties and thus represent a crucial pillar for business operations.
The Internet of Things – when hardware manufacturers become software providers
Alois Schwarz, Flexera Software (ESE Congress 2015)
The Internet of Things opens up numerous new opportunities for manufacturers of intelligent devices. However, to take advantage of these opportunities, they must evolve their products from isolated devices with a fixed range of functions to flexible devices with seamless connectivity. Manufacturers who follow the motto "Making Products Smarter" will reap several benefits.
Advantage through quality
Embedded software development is an engineering discipline.
Sebastian Rummler, Dr. Daniel Simon, Axivion GmbH (ESE Congress 2015)
This article answers the question of how German and European companies can remain competitive in the global market with their products in the long term. It is based on the following facts:
- Differentiation cannot be achieved through price, but must be achieved through innovation and quality.
- Software is indispensable in product development today.
- Product quality can be symbolically expressed in a simple formula: Product quality = Hardware quality times Software quality. In other words, software quality directly impacts the overall quality of the product.
The consequence of this is that, regardless of whether one views software merely as a "necessary evil" or as a driver of innovation, there is no way around approaching software development "correctly." This can only be achieved if we leverage the strengths of the proven and unsurpassed engineering discipline in Germany and Europe and apply them to the development of embedded software. As of today, its established principles are not yet being adequately applied in (embedded) software development. But what constitutes successful software engineering? This article outlines several ways in which software engineering as an engineering discipline can be implemented in practice and thus contribute to overall product success.
Challenge of piloted driving
A key success factor in software development, enabling you to master these challenges.
Florian Netter, Audi Electronics Venture GmbH (ESE Congress 2015)
Piloted driving – a technological and functional challenge. This presents current tasks for software development in the areas of embedded development, mobile computing, and cloud-based services, allowing for targeted solutions. Supported by a virtual development framework and adaptive processes, this offers the potential to optimally support software projects and thus overcome the challenges of piloted driving.
Lecture series: Testing and Quality
Tool qualification for a test automation tool
A practical report
Kristian Trenkel, iSyst Intelligente Systeme GmbH (ESE Congress 2015)
ISO 26262 contains requirements for the qualification of software tools used in the development and testing of safety-critical systems. In practice, however, the interpretations of the various requirements differ considerably. This article describes practical experience with the tool qualification of the test automation tool iTestStudio at a Tier 1 supplier. Furthermore, a possible approach to tool qualification is presented. Ultimately, however, the question remains how the content of the standard should be interpreted.
Test FAST instead of Test FIRST in software unit testing
About the automatic generation of module test cases
Dr. Stephan Grünfelder, Bernhard Peischl (ESE Congress 2015)
For several years now, tools for the automatic generation of unit test cases have been available. These tools generate unit tests quickly, without any prior knowledge of the correct functionality of the software under test. The "tests" are created solely based on the existing source code. This testing tool aims to achieve high structural test coverage. A completely different approach is the test-first strategy: Unit tests are created exclusively based on the (design) specification, even before the code exists. Structural test coverage is not crucial for this approach; high functional test coverage is the primary objective. This article explores the advantages and disadvantages of these two strategies and how to effectively combine these seemingly incompatible approaches.
From use case to test case
User stories and use-case-based test case generation
Alexander Huwaldt, Laser & Co. Solutions (ESE Congress 2015)
The starting point and scope of the methodology presented here are user-centered functional system requirements and the resulting usage scenarios, known as user stories, for embedded systems. UML use case and activity diagrams were used for the notation. The system requirements thus captured serve as the basis for the automatic generation of test cases for system and acceptance testing.
Automated assessments and traceability for model testing
Greater efficiency, traceability, and validity for early functional testing
Dr. Hartmut Pohlheim, Model Engineering Solutions (ESE Congress 2015)
A method is presented that enables the testing and automated evaluation of requirements across all test sequences. This reduces testing effort and the potential for errors. Furthermore, a method is introduced that supports the required requirement tracing in practice. The combination of both methods in an efficient test tool leads to a significant increase in test coverage and the reliability of test results.
Introduction of a holistic test management system
Observations and experiences at Bosch Engineering GmbH
Fred Härtelt, Dr. Klaus Herz, Bosch Engineering (ESE Congress 2015)
Testing and test management in ECU development are becoming increasingly important due to the growing complexity and system variance. This is crucial for both cost-optimized product development without technical debt and for the early detection of software quality risks. Both objectives are addressed by implementing a holistic test management system that complies with common norms and standards (e.g., ISO/IEC/IEEE 29119, ISO 26262, ASPICE).
Software Troubleshooting Reloaded
The future of debugging technologies
André Schmitz, Green Hills Software (ESE Congress 2015)
Debugging with `printf()`, setting breakpoints, and step-by-step code execution are debugging methods of the past. Today's debugging tools can already do much more, such as automatic runtime error detection, heap analysis and memory leak detection, profiling, and, last but not least, the evaluation of hardware trace data. But what will the future hold? How will we be able to debug complex software on multi-core systems that access numerous peripheral components quickly and easily? How will collaborative error detection be conducted within a team? Which methods will help us save time in our work? This paper presents the current state of the art and provides an outlook on new methods and technologies that will make debugging easier in the future.
Advanced Code Coverage
Enlightening and frightening information about code coverage measurement
Frank Büchner, Hitex GmbH (ESE Congress 2015)
The following discussion does not focus on defining code coverage measures. Rather, it aims to offer (perhaps) surprising insights, dispel (perhaps) naive views, highlight different possible interpretations, and avoid potential misunderstandings.
TDD in embedded practice
Increased trust in the code through automated feedback
Daniel Penning (ESE Congress 2015)
Test-driven development can significantly improve software quality. For embedded systems, automated tests are often only possible with specialized test hardware. A software-based dual-target approach allows tests to be executed without additional hardware. This article argues that relying solely on traditional unit tests is insufficient. It demonstrates how to build a more comprehensive test environment.
Then we'll buy a Tool Qualification Package…
Tool qualification for safety standards
Erol Simsek, iSYSTEM AG (ESE Congress 2015)
Functional safety standards require or recommend a closer preliminary examination of the software tools used in the software development process with regard to their "use risk" and thus their negative impact on system safety. As a software tool manufacturer in this area, we are therefore increasingly confronted with questions such as "Is your tool certified?", "Do you have a TÜV seal of approval?", or "Can you support us in qualifying your tools?" What does this mean in concrete terms, and how have we, as software tool manufacturers and customers, addressed this issue so far?
