Using Multi-Viewpoint Contracts for Negotiation of Embedded Software Updates
This addresses the challenge of automated, multi-viewpoint verification for embedded software updates, which is incremental as it builds on existing viewpoint-specific methods.
The paper tackles the problem of safely updating safety-critical embedded systems after deployment by proposing a contract-based negotiation methodology to replace lab-based verification with in-field formal analysis, illustrated with an automotive example.
In this paper we address the issue of change after deployment in safety-critical embedded system applications. Our goal is to substitute lab-based verification with in-field formal analysis to determine whether an update may be safely applied. This is challenging because it requires an automated process able to handle multiple viewpoints such as functional correctness, timing, etc. For this purpose, we propose an original methodology for contract-based negotiation of software updates. The use of contracts allows us to cleanly split the verification effort between the lab and the field. In addition, we show how to rely on existing viewpoint-specific methods for update negotiation. We illustrate our approach on a concrete example inspired by the automotive domain.